search

NVISOsecurity / MagiskTrustUserCerts

A Magisk/KernelSU module that automatically adds user certificates to the system root CA store
1.63k stars 190 forks source link

Does not work on Pixel 3 with Android 10 #14

Closed fO-000 closed 4 years ago

fO-000 commented 4 years ago

After installing the module and the Burp Suite CA certificate and rebooting, there is still no corresponding certificate in the system credentials and no $MODPATH/system/etc/security/cacerts:

blueline:/ # find / -name *cacerts* 2>/dev/null                                    
/data/misc/user/0/cacerts-added
/sbin/.magisk/mirror/data/misc/user/0/cacerts-added
/system/etc/security/cacerts
/system/etc/security/cacerts_wfa
/system/etc/security/cacerts_google

OS fingerprint:

$ adb shell getprop ro.build.fingerprint
google/blueline/blueline:10/QQ1A.200205.002/6084386:user/release-keys

Magisk 20.4(20400) log:

blueline:/ # cat /sdcard/Download/magisk_log_20200511_104624.log
--------- beginning of main
--------- beginning of system
05-11 02:36:01.455   824   824 I Magisk  : Magisk 20.4(20400) daemon started
05-11 02:36:01.455   824   824 I Magisk  : * Device API level: 29
05-11 02:36:01.487   824   825 I Magisk  : ** post-fs-data mode running
05-11 02:36:01.488   824   825 I Magisk  : * Initializing Magisk environment
05-11 02:36:01.506   824   825 I Magisk  : * Mounting mirrors
05-11 02:36:01.507   824   825 I Magisk  : mount: /sbin/.magisk/mirror/vendor
05-11 02:36:01.507   824   825 I Magisk  : mount: /sbin/.magisk/mirror/product
05-11 02:36:01.507   824   825 I Magisk  : mount: /sbin/.magisk/mirror/data
05-11 02:36:01.507   824   825 I Magisk  : link: /sbin/.magisk/mirror/system
05-11 02:36:01.507   824   825 I Magisk  : * Setting up internal busybox
05-11 02:36:01.518   824   825 I Magisk  : * Running post-fs-data.d scripts
05-11 02:36:01.520   824   825 I Magisk  : * Running module post-fs-data scripts
05-11 02:36:01.520   824   825 I Magisk  : * Loading modules
05-11 10:36:01.936   824  1021 I Magisk  : ** late_start service mode running
05-11 10:36:01.936   824  1021 I Magisk  : * Running service.d scripts
05-11 10:36:01.936   824  1021 I Magisk  : * Running module service scripts
05-11 10:36:01.936   824  1021 I Magisk  : trustusercerts: exec [service.sh]
05-11 10:36:07.752   824  2530 I Magisk  : ** boot_complete triggered

User credential from Burp Suite:

$ openssl x509 -in burp_ca.pem -inform pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1399729414 (0x536e2d06)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = PortSwigger, ST = PortSwigger, L = PortSwigger, O = PortSwigger, OU = PortSwigger CA, CN = PortSwigger CA
        Validity
            Not Before: May 10 13:43:34 2014 GMT
            Not After : May 10 13:43:34 2040 GMT
        Subject: C = PortSwigger, ST = PortSwigger, L = PortSwigger, O = PortSwigger, OU = PortSwigger CA, CN = PortSwigger CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:5b:f3:57:bd:ad:ef:37:f9:6a:51:d2:03:8d:
                    82:71:4a:72:49:21:e1:6a:74:e3:67:9d:d2:86:59:
                    7f:da:7d:cd:71:6c:9f:cd:b0:2c:76:1b:22:6b:a2:
                    f7:2c:5e:11:d0:6a:72:4e:6b:3d:9d:b5:8d:22:80:
                    20:56:33:64:1e:52:97:24:b2:d7:21:e7:d2:60:99:
                    93:cb:e6:cf:10:ba:dc:e6:d9:f7:52:ac:f6:c0:34:
                    96:52:4b:34:22:b6:24:79:47:76:95:d4:79:2e:08:
                    7b:97:03:c2:4c:4a:02:4f:b2:d3:8f:cb:08:00:8e:
                    dd:46:e1:c6:db:c2:0e:30:14:18:a0:8e:ac:aa:e8:
                    e1:e7:b5:62:8c:8f:bc:87:9e:80:82:31:9d:22:21:
                    6c:3d:bf:22:a4:d1:78:29:29:26:fe:08:51:c3:35:
                    9b:89:51:0e:4c:8c:56:6a:75:bb:4c:02:e1:a8:21:
                    a0:a3:51:10:7f:f9:09:08:86:12:71:fa:a8:c4:3f:
                    6e:f4:c9:69:00:df:3f:e3:dc:73:2a:ff:01:25:e6:
                    51:16:4e:a7:14:0e:48:19:93:01:ea:fa:88:b1:2c:
                    dc:66:53:17:6d:44:ee:90:2f:5e:08:5f:c5:ca:fb:
                    41:00:aa:ee:8f:02:45:f5:11:86:12:5d:ea:a7:25:
                    e0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Subject Key Identifier: 
                69:E1:83:9B:42:C4:DA:3E:E6:58:9C:00:B9:E3:65:D6:D1:C5:1D:47
    Signature Algorithm: sha256WithRSAEncryption
         ab:8f:59:03:8c:b3:cd:54:eb:84:17:dd:8c:6e:00:27:c5:1a:
         29:ff:0f:e4:9c:d1:02:43:73:de:33:a0:e2:bc:d2:c1:be:09:
         59:6d:9b:97:e9:1e:ff:be:09:04:f8:5a:ac:53:f3:50:59:3d:
         fb:c2:d9:08:e8:1d:e5:16:51:4a:00:19:96:f7:8d:9d:d4:16:
         ed:76:66:78:05:42:34:8b:9e:5f:e3:a1:12:fb:89:a6:63:79:
         8e:0a:a2:0c:e5:e8:d2:13:8c:9b:f3:76:ba:19:71:ab:b5:69:
         b4:d9:a9:99:fb:94:bc:55:fd:1d:65:78:17:c0:b4:69:dd:6e:
         36:4b:85:7d:75:62:75:bd:28:23:cd:d5:65:d9:73:df:7e:f1:
         20:37:ba:c2:98:a4:c3:7a:e4:21:5c:34:66:bf:46:6c:63:00:
         77:e0:54:36:cc:fe:d9:4f:71:39:98:b6:d9:1b:0a:1c:1b:91:
         3e:49:1f:64:ec:c1:93:30:33:7a:e5:b4:aa:68:72:70:6f:51:
         25:b0:9f:2a:3b:c6:c6:6a:8e:bf:5a:88:1e:77:e7:be:44:f0:
         48:85:6e:82:52:3e:c2:d8:59:77:cc:ab:2e:be:64:0d:a3:9f:
         0e:46:76:af:bd:af:8f:22:29:e3:f5:83:73:3e:56:9c:16:77:
         1d:d0:35:aa
TheDauntless commented 4 years ago

Can you try out the v0.4.1 I just pushed?

fO-000 commented 4 years ago

👍The v0.4.1 solved the problem.