Android SE
Revision as of 11:57, 8 March 2013 by <bdi>PhilippeTeuwen</bdi> (talk | contribs) (Created page with "Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key) ==Links== * [https://randomoracle.wordpress.com/2...")
Note that to do useful things with the internal SE you need a developer phone with unlocked SE (or you need to know the key)
Links
- Using the secure element on an Android device (1/3)
- Using the secure element on an Android device (2/3)
- Using the secure element on an Android device (3/3)
/etc/nfcee_access.xml
Installing
To generate the certificate line to be added to /etc/nfcee_access.xml:
keytool -exportcert -v -keystore my-release-key.keystore -alias alias_name -storepass password|xxd -p|tr -d '\n'
To replace /etc/nfcee_access.xml
adb pull /etc/nfcee_access.xml nfcee_access.xml.orig adb push nfcee_access.xml /sdcard/ adb shell su -c "mount -o remount,rw /system" adb shell su -c "cat /sdcard/nfcee_access.xml > /etc/nfcee_access.xml" sleep 1 adb shell su -c "mount -o remount,ro /system" adb reboot
You need to reboot because the file is parsed at boot time.
in logcat:
I/NfceeAccess(): read X signature(s) for NFCEE access
Debugging
Dump certificates from nfcee_access.xml, here the second one (cf signer[2]):
adb shell cat /etc/nfcee_access.xml | sed 's/android://' | \ xmlstarlet select -T -o -t -v //signer[2]/@signature | xxd -r -ps | \ openssl x509 -inform DER -text -noout
Compare it with app certificate:
7z e MySecureElementApp.apk META-INF/CERT.RSA -so 2>/dev/null | \ openssl pkcs7 -inform DER -print_certs -text -noout