Difference between revisions of "Android SE"
Jump to navigation
Jump to search
(Created page with "Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key) ==Links== * [https://randomoracle.wordpress.com/2...") |
m |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | Back to [[Android]] |
||
⚫ | |||
− | |||
==Links== |
==Links== |
||
⚫ | |||
* [https://randomoracle.wordpress.com/2013/01/09/using-the-secure-element-on-an-android-device-13/ Using the secure element on an Android device (1/3)] |
* [https://randomoracle.wordpress.com/2013/01/09/using-the-secure-element-on-an-android-device-13/ Using the secure element on an Android device (1/3)] |
||
* [https://randomoracle.wordpress.com/2013/01/19/using-the-secure-element-on-an-android-device-23/ Using the secure element on an Android device (2/3)] |
* [https://randomoracle.wordpress.com/2013/01/19/using-the-secure-element-on-an-android-device-23/ Using the secure element on an Android device (2/3)] |
||
Line 9: | Line 9: | ||
* https://code.google.com/p/seek-for-android/wiki/BuildingTheSystem |
* https://code.google.com/p/seek-for-android/wiki/BuildingTheSystem |
||
To generate the certificate line to be added to /etc/nfcee_access.xml: |
To generate the certificate line to be added to /etc/nfcee_access.xml: |
||
+ | <source lang=bash> |
||
− | + | keytool -exportcert -v -keystore my-release-key.keystore -alias alias_name -storepass password|xxd -p|tr -d '\n' |
|
+ | </source> |
||
To replace /etc/nfcee_access.xml |
To replace /etc/nfcee_access.xml |
||
+ | <source lang=bash> |
||
⚫ | |||
− | + | adb pull /etc/nfcee_access.xml nfcee_access.xml.orig |
|
+ | adb push nfcee_access.xml /sdcard/ |
||
⚫ | |||
− | + | adb shell su -c "mount -o remount,rw /system" |
|
⚫ | |||
− | + | sleep 1 |
|
− | adb shell su -c "mount -o remount,ro /system" |
||
⚫ | |||
− | + | adb reboot |
|
+ | </source> |
||
You need to reboot because the file is parsed at boot time. |
You need to reboot because the file is parsed at boot time. |
||
<br>in logcat: |
<br>in logcat: |
||
Line 23: | Line 27: | ||
===Debugging=== |
===Debugging=== |
||
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]): |
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]): |
||
+ | <source lang=bash> |
||
− | + | adb shell cat /etc/nfcee_access.xml | sed 's/android://' | \ |
|
xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \ |
xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \ |
||
openssl x509 -inform DER -text -noout |
openssl x509 -inform DER -text -noout |
||
+ | </source> |
||
Compare it with app certificate: |
Compare it with app certificate: |
||
+ | <source lang=bash> |
||
− | + | 7z e MySecureElementApp.apk META-INF/CERT.RSA -so 2>/dev/null | \ |
|
openssl pkcs7 -inform DER -print_certs -text -noout |
openssl pkcs7 -inform DER -print_certs -text -noout |
||
+ | </source> |
||
==Misc== |
==Misc== |
||
* [http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.0.4_r2.1/com/android/nfc_extras/NfcExecutionEnvironment.java NfcExecutionEnvironment.java] |
* [http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.0.4_r2.1/com/android/nfc_extras/NfcExecutionEnvironment.java NfcExecutionEnvironment.java] |
Latest revision as of 12:07, 8 March 2013
Back to Android
Links
Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key)
- Using the secure element on an Android device (1/3)
- Using the secure element on an Android device (2/3)
- Using the secure element on an Android device (3/3)
/etc/nfcee_access.xml
Installing
To generate the certificate line to be added to /etc/nfcee_access.xml:
keytool -exportcert -v -keystore my-release-key.keystore -alias alias_name -storepass password|xxd -p|tr -d '\n'
To replace /etc/nfcee_access.xml
adb pull /etc/nfcee_access.xml nfcee_access.xml.orig
adb push nfcee_access.xml /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cat /sdcard/nfcee_access.xml > /etc/nfcee_access.xml"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot
You need to reboot because the file is parsed at boot time.
in logcat:
I/NfceeAccess(): read X signature(s) for NFCEE access
Debugging
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]):
adb shell cat /etc/nfcee_access.xml | sed 's/android://' | \
xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \
openssl x509 -inform DER -text -noout
Compare it with app certificate:
7z e MySecureElementApp.apk META-INF/CERT.RSA -so 2>/dev/null | \
openssl pkcs7 -inform DER -print_certs -text -noout