Difference between revisions of "Android SE"

From YobiWiki
Jump to navigation Jump to search
(Created page with "Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key) ==Links== * [https://randomoracle.wordpress.com/2...")
 
m
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
  +
Back to [[Android]]
Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key)
  
 
 
==Links==
  
==Links==
 
Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key)
 
* [https://randomoracle.wordpress.com/2013/01/09/using-the-secure-element-on-an-android-device-13/ Using the secure element on an Android device (1/3)]
  
* [https://randomoracle.wordpress.com/2013/01/09/using-the-secure-element-on-an-android-device-13/ Using the secure element on an Android device (1/3)]
 
* [https://randomoracle.wordpress.com/2013/01/19/using-the-secure-element-on-an-android-device-23/ Using the secure element on an Android device (2/3)]
  
* [https://randomoracle.wordpress.com/2013/01/19/using-the-secure-element-on-an-android-device-23/ Using the secure element on an Android device (2/3)]
Line 9: Line 9:
 
* https://code.google.com/p/seek-for-android/wiki/BuildingTheSystem
  
* https://code.google.com/p/seek-for-android/wiki/BuildingTheSystem
 
To generate the certificate line to be added to /etc/nfcee_access.xml:
  
To generate the certificate line to be added to /etc/nfcee_access.xml:
  +
<source lang=bash>
keytool -exportcert -v -keystore my-release-key.keystore -alias alias_name -storepass password|xxd -p|tr -d '\n'
 +
keytool -exportcert -v -keystore my-release-key.keystore -alias alias_name -storepass password|xxd -p|tr -d '\n'
  +
</source>
 
To replace /etc/nfcee_access.xml
  
To replace /etc/nfcee_access.xml
  +
<source lang=bash>
adb pull /etc/nfcee_access.xml nfcee_access.xml.orig
  
adb push nfcee_access.xml /sdcard/
 +
adb pull /etc/nfcee_access.xml nfcee_access.xml.orig
  +
adb push nfcee_access.xml /sdcard/
adb shell su -c "mount -o remount,rw /system"
  
adb shell su -c "cat /sdcard/nfcee_access.xml > /etc/nfcee_access.xml"
 +
adb shell su -c "mount -o remount,rw /system"
 
adb shell su -c "cat /sdcard/nfcee_access.xml > /etc/nfcee_access.xml"
sleep 1
 +
sleep 1
adb shell su -c "mount -o remount,ro /system"
  
 
adb shell su -c "mount -o remount,ro /system"
adb reboot
 +
adb reboot
  +
</source>
 
You need to reboot because the file is parsed at boot time.
  
You need to reboot because the file is parsed at boot time.
 
<br>in logcat:
  
<br>in logcat:
Line 23: Line 27:
 
===Debugging===
  
===Debugging===
 
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]):
  
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]):
  +
<source lang=bash>
adb shell cat /etc/nfcee_access.xml | sed 's/android://' | \
 +
adb shell cat /etc/nfcee_access.xml | sed 's/android://' | \
 
xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \
  
xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \
 
openssl x509 -inform DER -text -noout
  
openssl x509 -inform DER -text -noout
  +
</source>
 
Compare it with app certificate:
  
Compare it with app certificate:
  +
<source lang=bash>
7z e MySecureElementApp.apk META-INF/CERT.RSA -so 2>/dev/null | \
 +
7z e MySecureElementApp.apk META-INF/CERT.RSA -so 2>/dev/null | \
 
openssl pkcs7 -inform DER -print_certs -text -noout
  
openssl pkcs7 -inform DER -print_certs -text -noout
  +
</source>
 
==Misc==
  
==Misc==
 
* [http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.0.4_r2.1/com/android/nfc_extras/NfcExecutionEnvironment.java NfcExecutionEnvironment.java]
  
* [http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.0.4_r2.1/com/android/nfc_extras/NfcExecutionEnvironment.java NfcExecutionEnvironment.java]

Latest revision as of 13:07, 8 March 2013

Back to Android

Links

Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key)

/etc/nfcee_access.xml

Installing

To generate the certificate line to be added to /etc/nfcee_access.xml: 

keytool -exportcert -v -keystore my-release-key.keystore -alias alias_name -storepass password|xxd -p|tr -d '\n'

To replace /etc/nfcee_access.xml 

adb pull /etc/nfcee_access.xml nfcee_access.xml.orig
adb push nfcee_access.xml /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cat /sdcard/nfcee_access.xml > /etc/nfcee_access.xml"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot

You need to reboot because the file is parsed at boot time.
in logcat: 

I/NfceeAccess(): read X signature(s) for NFCEE access

Debugging

Dump certificates from nfcee_access.xml, here the second one (cf signer[2]): 

adb shell cat /etc/nfcee_access.xml | sed 's/android://' | \
    xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \
    openssl x509 -inform DER -text -noout

Compare it with app certificate: 

7z e MySecureElementApp.apk META-INF/CERT.RSA -so 2>/dev/null | \
    openssl pkcs7 -inform DER -print_certs -text -noout

Misc

Retrieved from "https://wiki.yobi.be/index.php?title=Android_SE&oldid=7905"