Android SE
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Back to Android
Links
Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key)
- Using the secure element on an Android device (1/3)
- Using the secure element on an Android device (2/3)
- Using the secure element on an Android device (3/3)
/etc/nfcee_access.xml
Installing
To generate the certificate line to be added to /etc/nfcee_access.xml:
keytool -exportcert -v -keystore my-release-key.keystore -alias alias_name -storepass password|xxd -p|tr -d '\n'
To replace /etc/nfcee_access.xml
adb pull /etc/nfcee_access.xml nfcee_access.xml.orig
adb push nfcee_access.xml /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cat /sdcard/nfcee_access.xml > /etc/nfcee_access.xml"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot
You need to reboot because the file is parsed at boot time.
in logcat:
I/NfceeAccess(): read X signature(s) for NFCEE access
Debugging
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]):
adb shell cat /etc/nfcee_access.xml | sed 's/android://' | \
xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \
openssl x509 -inform DER -text -noout
Compare it with app certificate:
7z e MySecureElementApp.apk META-INF/CERT.RSA -so 2>/dev/null | \
openssl pkcs7 -inform DER -print_certs -text -noout