Home > Android > Apk with system privileges

Apk with system privileges

Hello everyone!

Many people ask me how to sign an APK with the system certificate. With system privileges you can install APKs in background as I showed in the previous post. It isn’t simple and it is not a common case, but if it is really your need, here follows a little tip for you.

First of all, you do not need to do any of that if: the Android that is running on your device used default certificates that comes in the Android source code. It happens if the engineer don’t create its own certificate to sign the system – which is the case of the Android emulator or, if you are using some ROM that uses the default one (yes, some ROMs have a huge vulnerability!).

To achieve that first you have to obtain the certificates that were used to sign the Android OS installed on the device – a pair of certificates (.pk8 + x509.pem) – to generate a java certificate.

The certificates pair (platform.pk8 + platform.x509.pem) can be found under {Android Source}/build/target/product/security.

With those certificate on hand, you should create a java keystore file (.keystore) merging these two certificates (.pk8 + x509.pem) into one.

To be able to do that, you can use the keytool-importkeypair with the command:

./keytool-importkeypair -k google_certificate.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias platform

You can download keytool-importkeypair here or direct download zip file here

usage: keytool-importkeypair [-k keystore] [-p storepass] -pk8 pk8 -cert cert -alias key_alias

After running this command it will generate a file in your current folder named “google_certificate.keystore”. Note: the alias is “platform” and the password is “android”.

To get that super power it just about to sign your apk with the generated “google_certificate.keystore” certificate.

Just remember, “with great power comes great responsibility”. Enjoy! ;)

About these ads
Categories: Android Tags: , , ,
  1. Mr. Bachelor
    20 de October de 2011 at 16:16 | #1

    Fantastic !

  2. Mr. Bachelor
    22 de October de 2011 at 02:54 | #2

    Problem…

    I used the keytool-importkeypair script to generate a .keystore from the pk8 and pem files, however, when I specify my .keystore file in Eclipse (Window -> Preferences -> Android -> Build -> custom debug keystore) the APPLY and OK buttons become unselectable.

    What could be wrong ?

    • 24 de October de 2011 at 16:59 | #3

      You only need to add your certificate to the Eclipse if you want to do it compile your application with system privilege in debug time. Eclipse will accept your new certificate if you add the alias “androiddebugkey” in your certificate running the command passing the new label:

      ./keytool-importkeypair -k google_certificate.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias androiddebugkey

      But if you just want to generate the apk with system privileges, you can simply export your application choosing your certificate using the alias “platform”.

      • Murugesan
        19 de June de 2012 at 03:34 | #4

        How to use “./keytool-importkeypair -k google_certificate.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias androiddebugkey” in windows 7 OS .

        Please guide me …

  3. acassis
    23 de October de 2011 at 10:12 | #5

    Thank you very much for this nice tutorial!

  4. test
    24 de November de 2011 at 20:10 | #6

    I did not find certificates (.pk8 + x509.pem) in the SDK?
    Please can your help me ?
    Thx in advance.

  5. 27 de November de 2011 at 19:53 | #7

    No. These certificates are in the source code of the Android OS and not in the SDK. You need to get the certificates (.pk8 + x509.pem) that were used to compile the OS that will run your application.

  6. caesar
    8 de January de 2012 at 09:45 | #8

    I have a galaxy note running gingerbread 2.3.5,
    The certificate would be in the source code of this samsung stock android version ?
    Do you know where can I get it ?

  7. otto_xd
    20 de January de 2012 at 06:57 | #9

    Hi.

    First of all, thank you for all the tutorials you’re making, all of them are awesome!

    I have doubts with the location of the certificates and the potential use of the google_certificate.keystore generated.

    Since the keys are extracted from source code, all devices that use the compiled Firmware from the source code will accept the key
    google_certificate created?

    Thank you very much, and sorry for my low level of English

  8. xeejem
    29 de January de 2012 at 19:45 | #10

    Is there a way to add my own platform pk8 file to my htc stock rom so that it will trust my apk signed with my own platform pk8 and give me system permission, given that I have root access to the stock rom?

  9. crt
    5 de February de 2012 at 11:07 | #11

    I’m trying to sign an entire rom and know certain apks belong in different categories. Like system, media, platform, etc. Can anyone point me in the right direction to a list of which files belong in which category so the rom can be signed properly.

  10. mighter
    21 de June de 2012 at 05:43 | #12

    Thanks for the post!
    So, how do I know if the device vendor has custom certificate, instead of the default android?

  11. Manipulator
    28 de June de 2012 at 11:31 | #13

    I would also like to know this!
    My first thought was that all vendors generate their own private keys and keep them suuuper secret.
    Does your tutorial presume that you’re running a custom made ROM? Or stock OS?
    Best regards!

  12. 28 de May de 2013 at 08:58 | #14

    @Manipulator: This “manufacturer” or “plarform” key is to be used with the emulator ROM
    As production devices contains different keys (defined by the manufacturer)

    Regards

  13. WooDoo
    16 de September de 2013 at 10:10 | #15

    where to get {Android Source} for version 2.3.6?
    please help

  14. forall
    27 de October de 2013 at 06:25 | #16

    How to do this, you have the tutorial ? please help me.

  1. 27 de August de 2012 at 20:31 | #1
  2. 27 de November de 2012 at 12:29 | #2
  3. 25 de December de 2012 at 23:43 | #3
  4. 26 de December de 2012 at 01:30 | #4
  5. 31 de December de 2012 at 12:27 | #5

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: