Webseiten-Werkzeuge


Android Software

App markets

Adress & Contacts

Communication

E-Mail

Cyanogen mod

This list is a work in progress to document steps needed to remove shitty stuff and fix the CM installation

Install fdroid

  1. Preferences → … Security … → Allow apps to become root

Customization

The next steps rely on the Android SDK 'ADB' command, http://developer.android.com/tools/help/adb.html

Prepare adb access

# start adb as root
adb root
# Mount system rw
adb shell mount -o remount,rw /system

Remove CM12 apps

#     Whisper textsecure
# Useless since it doesn't support federation and identify the user using his cell phone address.
# To make it even worse, they use the google push notification service.
 
# Following the discussion about the inclusion of this whisper stuff into f-droid, 
# the author (moxie) shows a strange mindset about privacy, security and free software in general. 
# In direct comparison, it's probably still a good alternative to things like whatsapp/facebook/gtalk.
 
adb shell rm /system/app/WhisperPush/WhisperPush.apk
 
#     Android Stock Email
# useless if you install k9-mail
adb shell rm /system/app/Email/Email.apk
adb shell rm /system/app/Exchange2/Exchange2.apk
 
#     cLock
# requests GPS position, even that i'm not using it as a widget.
adb shell rm /system/app/LockClock/LockClock.apk

Cacert

# Download Certificates
wget 'http://www.cacert.org/certs/root.crt' -O /tmp/cacert_root.crt
wget 'http://www.cacert.org/certs/class3.crt' -O /tmp/cacert_class3.crt
 
# Print fingerprints for verification
openssl x509 -text -in /tmp/cacert_root.crt -fingerprint  -noout -subject | tail -n 2
openssl x509 -text -in /tmp/cacert_class3.crt -fingerprint  -noout -subject | tail -n 2
 
# Create new filename
rootHash=$(openssl x509 -inform PEM -subject_hash_old -in /tmp/cacert_root.crt | head -1)
class3Hash=$(openssl x509 -inform PEM -subject_hash_old -in /tmp/cacert_class3.crt | head -1)
 
# Prepare and copy file to android
cat /tmp/cacert_root.crt > /tmp/${rootHash}.0
openssl x509 -inform PEM -text -in /tmp/cacert_root.crt -out /dev/null >> /tmp/${rootHash}.0
 
cat /tmp/cacert_class3.crt > /tmp/${class3Hash}.0
openssl x509 -inform PEM -text -in /tmp/cacert_class3.crt -out /dev/null >> /tmp/${class3Hash}.0
 
adb push /tmp/${rootHash}.0 /system/etc/security/cacerts/
adb push /tmp/${class3Hash}.0 /system/etc/security/cacerts/
adb shell ls -al -Z /system/etc/security/cacerts/${rootHash}.0 /system/etc/security/cacerts/${class3Hash}.0
 
# delete temporary files
rm /tmp/${rootHash}.0 /tmp/${class3Hash}.0 /tmp/cacert_root.crt /tmp/cacert_class3.crt
 
# done. To verify certificates are installed correctly, go to Settings -> Security -> Certificates. 
# It should list both CAcert Inc. and Root CA among the other certificates in the 'System' section. 
# Make sure that these CAcert certificates are not also in the 'User' (user defined) section. "

Remove CAs

#!/bin/bash
declare -a whitelist=( 
    '/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA'
    '/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services'
#   '/C=CN/O=WoSign CA Limited/CN=CA \xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6'
    '/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority'
    '/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root'
    '/C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank NA/CN=WellsSecure Public Root Certificate Authority'
#   '/C=TR/O=Elektronik Bilgi Guvenligi A.S./CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi'
    '/OU=GlobalSign ECC Root CA - R4/O=GlobalSign/CN=GlobalSign'
    '/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2'
    '/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign'
    '/emailAddress=pki@sk.ee/C=EE/O=AS Sertifitseerimiskeskus/CN=Juur-SK'
    '/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services'
    '/O=Digital Signature Trust Co./CN=DST Root CA X3'
#   '/C=CN/O=China Internet Network Information Center/CN=China Internet Network Information Center EV Certificates Root'
# Certplus is now Keynectis
    '/C=FR/O=Certplus/CN=Class 2 Primary CA'
    '/C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6'
    '/C=TW/O=Government Root Certification Authority'
# Bundesdruckerei
#   '/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009'
    '/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 3'
    '/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign'
#   '/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008'
    '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3'
    '/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R1'
    '/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority'
    '/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority'
    '/C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2'
    '/OU=GlobalSign ECC Root CA - R5/O=GlobalSign/CN=GlobalSign'
    '/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 CA/CN=TC TrustCenter Class 2 CA II'
    '/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA'
    '/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority'
    '/C=US/O=America Online Inc./CN=America Online Root Certification Authority 2'
    '/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority'
    '/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority'
#   '/O=Cybertrust, Inc/CN=Cybertrust Global Root'
    '/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority'
    '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA'
# Strange company
#   '/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA'
    '/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root'
    '/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root'
    '/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2'
#   '/CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES'
#   '/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2'
    '/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)'
#   '/C=GR/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2011'
#   '/C=TR/L=Gebze - Kocaeli/O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK/OU=Ulusal Elektronik ve Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE/OU=Kamu Sertifikasyon Merkezi/CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3'
    '/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 2'
    '/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2'
 #  '/C=ES/O=IZENPE S.A./CN=Izenpe.com'
    '/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root'
    '/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2'
    '/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC'
    '/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Universal CA/CN=TC TrustCenter Universal CA I'
    '/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2'
    '/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority'
    '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 1 G3'
#   '/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005'
    '/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2'
# French Government
#   '/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr'
    '/C=US/O=Equifax/OU=Equifax Secure Certificate Authority'
    '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority'
    '/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority'
    '/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4'
    '/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org'
# Small? Italian company
#   '/C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA'
#   '/C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny'
    '/O=TeliaSonera/CN=TeliaSonera Root CA v1'
    '/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3'
    '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA'
# Small? Polish company
#   '/C=PL/O=Unizeto Sp. z o.o./CN=Certum CA'
    '/C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root'
    '/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 1'
    '/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network'
    '/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1'
    '/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services'
    '/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority'
# US Company, Website was not reachable
#   '/C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority'
    '/C=FR/O=Certinomis/OU=0002 433998903/CN=Certinomis - Autorit\xC3\xA9 Racine'
    '/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA'
    '/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 3 CA/CN=TC TrustCenter Class 3 CA II'
    '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2'
# They use GeoTrust for their own website
#   '/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com'
    '/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3'
    '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA'
    '/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA'
# Probably not used anymore
#   '/O=RSA Security Inc/OU=RSA Security 2048 V3'
# Turkish company with unreadable name
#   '/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.'
    '/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2'
# Seems to be a startup giving away "free" certs
#   '/C=US/O=AffirmTrust/CN=AffirmTrust Networking'
    '/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2'
    '/C=RO/O=certSIGN/OU=certSIGN ROOT CA'
#   '/C=CN/O=CNNIC/CN=CNNIC ROOT'
    '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority'
    '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G2'
    '/C=EE/O=AS Sertifitseerimiskeskus/CN=EE Certification Centre Root CA/emailAddress=pki@sk.ee'
    '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3'
    '/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2'
    '/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA'
#   '/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign'
    '/C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1'
    '/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority'
    '/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root EV CA 2'
#   '/C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority'
    '/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1'
# Small? Spanish company
#   '/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008'
# Small? Spanish company
#   '/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root'
    '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4'
    '/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root'
    '/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1'
# Finish company with no english website
#   '/C=FI/O=Sonera/CN=Sonera Class2 CA'
    '/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2'
# Cannot identify a website from them
#   '/C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11'
# Hungarian Company, looks shady
#   '/C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado'
# Spanish company? No english website
#   '/C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC'
    '/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA'
    '/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA'
    '/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - EC1'
#   '/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority'
#   '/CN=Atos TrustedRoot 2011/O=Atos/C=DE'
    '/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2'
    '/C=US/O=America Online Inc./CN=America Online Root Certification Authority 1'
    '/C=US/O=SecureTrust Corporation/CN=Secure Global CA'
    '/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority'
    '/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com'
    '/C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH/OU=A-Trust-nQual-03/CN=A-Trust-nQual-03'
    '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3'
# Shady english company
#   '/C=GB/O=Trustis Limited/OU=Trustis FPS Root CA'
    '/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary Certification Authority - G3'
    '/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3'
    '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2'
# Turkish company with unreadable name
#   '/C=TR/L=Ankara/O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tugra Sertifikasyon Merkezi/CN=E-Tugra Certification Authority'
    '/C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC'
#   '/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA'
    '/C=US/O=SecureTrust Corporation/CN=SecureTrust CA'
    '/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2'
    '/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068'
    '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority'
    '/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2'
    '/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig'
#   '/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Aral\xC4\xB1k 2007'
# Bundesdruckerei
#   '/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 EV 2009'
    '/C=US/O=AffirmTrust/CN=AffirmTrust Premium'
    '/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-certs@thawte.com'
    '/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root'
    '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 G3'
    '/C=US/O=AffirmTrust/CN=AffirmTrust Commercial'
    '/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root'
    '/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1'
    '/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA'
    '/C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1'
#   '/C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu'
#   '/CN=ACEDICOM Root/OU=PKI/O=EDICOM/C=ES'
    '/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 CA 1'
    '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3'
    '/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority'
#   '/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root'
    '/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2'
#   '/CN=ComSign Secured CA/O=ComSign/C=IL'
#   '/C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA'
#   '/CN=EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./C=TR'
#   '/C=JP/O=Japanese Government/OU=ApplicationCA'
    '/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5'
#   '/C=ES/O=Generalitat Valenciana/OU=PKIGVA/CN=Root CA Generalitat Valenciana'
#   '/C=FR/O=Dhimyotis/CN=Certigna'
    '/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware'
)
 
# create folder for disabled certs
adb shell "test -d /system/etc/security/cacerts-disabled || mkdir /system/etc/security/cacerts-disabled"
 
# temporarily re-enable all disabled ca's
adb shell "find /system/etc/security/cacerts-disabled -type f -print -exec mv \\{\\} /system/etc/security/cacerts \\;"
 
# disable untrusted
for certfile in $(adb shell ls '/system/etc/security/cacerts/[0-9a-f]*' | tr -d '\r'); do
    filename=$(basename "$certfile")
    subject=$(adb shell cat $certfile | openssl x509 -noout -subject)
    subject=${subject##subject= }
 
    for allowed in "${whitelist[@]}"; do
        if [[ "$allowed" == "${subject}" ]]; then
            # " ✔ keep    $filename $subject"
            continue 2 # pass, continue with next CA
        fi
    done
 
    echo "✘  disable $filename $subject"
    adb shell mv "/system/etc/security/cacerts/$filename" "/system/etc/security/cacerts-disabled/"
done
 
echo "done, if succesful consider rebooting"

cleanup

# reboot to mount /system read-only again and start adb as user
adb reboot

A-GPS

Disable A-GPS if you don't want your telephone to communicate with some strange broadcom operated server in the U.S.

TODO: Check if disabling actually prevents this communication. TODO: This is specific to broadcom based devices

Captive Portal Checker

If you see this in your logcat then your phone connects to google servers to check the internet connection.

D/CaptivePortalTracker(  547): DelayedCaptiveCheckState{ when=-9ms what=2 arg1=3 target=com.android.internal.util.StateMachine$SmHandler }
D/ConnectivityService(  547): setProvNotificationVisible: E visible=false networkType=1 extraInfo=null url=null
D/CaptivePortalTracker(  547): Checking http://173.194.40.110/generate_204
D/CaptivePortalTracker(  547): Don't send network conditions - lacking user consent.

It can be disabled using Settings.Global.CAPTIVE_PORTAL_DETECTION_ENABLED, see https://github.com/android/platform_frameworks_base/blob/master/core/java/android/net/CaptivePortalTracker.java

$ adb root
$ adb shell "sqlite3 /data/data/com.android.providers.settings/databases/settings.db \"INSERT INTO global (name,value) VALUES ('captive_portal_detection_enabled', '0');\""
$ adb shell "sqlite3 /data/data/com.android.providers.settings/databases/settings.db \"SELECT * FROM global  where name = 'captive_portal_detection_enabled';\""
 
# To disable DNS based captive portal checking:
$ adb shell "sqlite3 /data/data/com.android.providers.settings/databases/settings.db \"INSERT INTO global (name,value) VALUES ('captive_portal_server', 'localhost');\""
$ adb shell "sqlite3 /data/data/com.android.providers.settings/databases/settings.db \"SELECT * FROM global  where name = 'captive_portal_server';\""
 
# connect to wlan and check for '*Capt*' output

Alternative (after adb root)

$ adb shell 'settings put global captive_portal_detection_enabled 0'
$ adb shell 'settings put global captive_portal_server localhost'

followed by a reboot

LG Optimus 4X HD ("p880")

  1. upgrade to jelly bean
    • if you are not on jelly bean you might need to use a horrible windows tool to flash a so called 'kdz' file (search for V20B_00.kdz)
  2. press vol- + power (very long) until bootloader appears
  3. load a 'superuser.zip' which is out there on the internetz
  4. now there is 'su', install clockworkmod recovery (cat recovery-clockwork-6.0.4.5-p880.img > /dev/block/mmcblk0p1)
  5. enter bootloader like before, install cm-11 as usual (From here on the manual in the CyanogenMod Wiki is valid)

Issues

  • Screen rotation always falls back to landscape

Samsung Galaxy S2 (GT-I9100)

Cyanogenmod 10 installieren

1. Heimdall installieren

git clone https://github.com/Benjamin-Dobell/Heimdall
cd Heimdall
cd libpit/
./configure
make
cd ../heimdall
./configure
make
sudo make install

2. Clockwork recovery installieren

binary image des internen flash kopieren

Per ssh ins Telefon einloggen und auf den Laptop pipen: (Die Dropbear App aus dem Play Store macht ca. 100KB/s, mit ssh client auf dem Telefon und Server am Laptop schafft man 1,9MB/s.)

dd if=/dev/block/vold/259\:3 | ssh user@thinkpad dd of=/home/user/s2.img

Das ganze ist dann ca. 12GB groß.

T-Mobile G1 / HTC Dream

udev Zugriffsrechte

/etc/udev/rules.d/51-android.rules

SUBSYSTEM=="usb", ATTR{idVendor}=="0bb4", MODE:="0666"

Rooting

RageAgainstTheCage

Hier wird eine Schwachstelle beim Start des adb Servers ausgenutzt.

./adb push rageagainstthecage-arm5.bin /data/local/tmp
./adb shell
$/data/local/tmp/rageagainstthecage-arm5.bin
<connection reset>
./adb kill-server
./adb shell
# id
uid=0(root) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)

Eine kleine Umgebung installieren

Ziel ist es das Android System nicht zu beeinflussen.

Auf einem anderen arm system oder in einer qemu-arm emulation:

busybox runterladen, entpacken, konfigurieren (statisch), bauen, auf das Telefon kopieren, starten.

mount -o remount,rw /system
mkdir /cache/xbin
ln -s /cache/xbin /system/xbin
cp /data/local/tmp/busybox /cache/xbin/

SuperOneClick

Funktioniert mit dem G1 von t-mobile Deutschland mit dem original Android 1.6.

Man benötigt:

  1. .NET Framework mind. v2.0
  2. Treiber für den debug Mode via USB (beim G1 können die Treiber über das Android SDK heruntergeladen werden.)

Nach dem rooten muss das Telefon neu gestartet werden damit die Anderungen aktiv werden(G1).

http://forum.xda-developers.com/showthread.php?t=803682

Hardreset

  1. Power und Home Button gleichzeitig gedrückt halten bis /!\ angezeigt wird (ein Warnschild)
  2. Tastatur aufklappen und Alt+L drücken
  3. es erscheint ein Menü, in dem der Trackball navigieren kann
  4. man wählt „Factory Reset“
  5. nun wird das Telefon auf Standard Einstellungen zurück gesetzt. (Apps und Einstellungen werden gelöscht)

Verweise

Debian chroot Umgebung unter cyanogenmod

dd if=/dev/zero of=debian.img bs=1M count=2000
mkfs.ext4 debian.img
mount -o loop -t ext4 debian.img /mnt/debian
chroot --arch armhf --foreign wheezy /mnt/debian/
umount /mnt/debian

image auf das android gerät übertragen, und per ssh einloggen

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH
/debootstrap/debootstrap --second-stage

Remove rights from Android apps (obsolete for android 5+)

# 1. download apk (see above)
# 2. unpack:
java -jar ~/share/apktool.jar d evil.company.product.apk
# 3. //do modifications// (edit AndroidManifest.xml <permission>)
# 4. repack:
java -jar ~/share/apktool.jar b evil.company.product evil.company.product-nointernet.apk
# 5. sign with any key:
jarsigner -keystore ~/.android/debug.keystore -storepass android evil.company.product.apk androiddebugkey
artikel/android.txt · Zuletzt geändert: 2015/10/10 17:27 von yvesf