Difference between revisions of "Android SE"
Jump to navigation
Jump to search
m |
m |
||
| Line 9: | Line 9: | ||
* https://code.google.com/p/seek-for-android/wiki/BuildingTheSystem |
* https://code.google.com/p/seek-for-android/wiki/BuildingTheSystem |
||
To generate the certificate line to be added to /etc/nfcee_access.xml: |
To generate the certificate line to be added to /etc/nfcee_access.xml: |
||
| + | <source lang=bash> |
||
| − | + | keytool -exportcert -v -keystore my-release-key.keystore -alias alias_name -storepass password|xxd -p|tr -d '\n' |
|
| + | </source> |
||
To replace /etc/nfcee_access.xml |
To replace /etc/nfcee_access.xml |
||
| + | <source lang=bash> |
||
| ⚫ | |||
| − | + | adb pull /etc/nfcee_access.xml nfcee_access.xml.orig |
|
| + | adb push nfcee_access.xml /sdcard/ |
||
| ⚫ | |||
| − | + | adb shell su -c "mount -o remount,rw /system" |
|
| ⚫ | |||
| − | + | sleep 1 |
|
| − | adb shell su -c "mount -o remount,ro /system" |
||
| ⚫ | |||
| − | + | adb reboot |
|
| + | </source> |
||
You need to reboot because the file is parsed at boot time. |
You need to reboot because the file is parsed at boot time. |
||
<br>in logcat: |
<br>in logcat: |
||
| Line 23: | Line 27: | ||
===Debugging=== |
===Debugging=== |
||
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]): |
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]): |
||
| + | <source lang=bash> |
||
| − | + | adb shell cat /etc/nfcee_access.xml | sed 's/android://' | \ |
|
xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \ |
xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \ |
||
openssl x509 -inform DER -text -noout |
openssl x509 -inform DER -text -noout |
||
| + | </source> |
||
Compare it with app certificate: |
Compare it with app certificate: |
||
| + | <source lang=bash> |
||
| − | + | 7z e MySecureElementApp.apk META-INF/CERT.RSA -so 2>/dev/null | \ |
|
openssl pkcs7 -inform DER -print_certs -text -noout |
openssl pkcs7 -inform DER -print_certs -text -noout |
||
| + | </source> |
||
==Misc== |
==Misc== |
||
* [http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.0.4_r2.1/com/android/nfc_extras/NfcExecutionEnvironment.java NfcExecutionEnvironment.java] |
* [http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/4.0.4_r2.1/com/android/nfc_extras/NfcExecutionEnvironment.java NfcExecutionEnvironment.java] |
||
Latest revision as of 12:07, 8 March 2013
Back to Android
Links
Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key)
- Using the secure element on an Android device (1/3)
- Using the secure element on an Android device (2/3)
- Using the secure element on an Android device (3/3)
/etc/nfcee_access.xml
Installing
To generate the certificate line to be added to /etc/nfcee_access.xml:
keytool -exportcert -v -keystore my-release-key.keystore -alias alias_name -storepass password|xxd -p|tr -d '\n'
To replace /etc/nfcee_access.xml
adb pull /etc/nfcee_access.xml nfcee_access.xml.orig
adb push nfcee_access.xml /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cat /sdcard/nfcee_access.xml > /etc/nfcee_access.xml"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot
You need to reboot because the file is parsed at boot time.
in logcat:
I/NfceeAccess(): read X signature(s) for NFCEE access
Debugging
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]):
adb shell cat /etc/nfcee_access.xml | sed 's/android://' | \
xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \
openssl x509 -inform DER -text -noout
Compare it with app certificate:
7z e MySecureElementApp.apk META-INF/CERT.RSA -so 2>/dev/null | \
openssl pkcs7 -inform DER -print_certs -text -noout