Home > Android > Apk with system privileges

Apk with system privileges

Hello everyone!

Many people ask me how to sign an APK with the system certificate. With system privileges you can install APKs in background as I showed in the previous post. It isn’t simple and it is not a common case, but if it is really your need, here follows a little tip for you.

First of all, you do not need to do any of that if: the Android that is running on your device used default certificates that comes in the Android source code. It happens if the engineer don’t create its own certificate to sign the system – which is the case of the Android emulator or, if you are using some ROM that uses the default one (yes, some ROMs have a huge vulnerability!).

To achieve that first you have to obtain the certificates that were used to sign the Android OS installed on the device – a pair of certificates (.pk8 + x509.pem) – to generate a java certificate.

The certificates pair (platform.pk8 + platform.x509.pem) can be found under {Android Source}/build/target/product/security.

With those certificate on hand, you should create a java keystore file (.keystore) merging these two certificates (.pk8 + x509.pem) into one.

To be able to do that, you can use the keytool-importkeypair with the command:

./keytool-importkeypair -k google_certificate.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias platform

You can download keytool-importkeypair here or direct download zip file here

usage: keytool-importkeypair [-k keystore] [-p storepass] -pk8 pk8 -cert cert -alias key_alias

After running this command it will generate a file in your current folder named “google_certificate.keystore”. Note: the alias is “platform” and the password is “android”.

To get that super power it just about to sign your apk with the generated “google_certificate.keystore” certificate.

Just remember, “with great power comes great responsibility”. Enjoy! ;)

About these ads
Categories: Android Tags: , , ,
  1. Mr. Bachelor
    20 de October de 2011 at 16:16

    Fantastic !

  2. Mr. Bachelor
    22 de October de 2011 at 02:54

    Problem…

    I used the keytool-importkeypair script to generate a .keystore from the pk8 and pem files, however, when I specify my .keystore file in Eclipse (Window -> Preferences -> Android -> Build -> custom debug keystore) the APPLY and OK buttons become unselectable.

    What could be wrong ?

    • 24 de October de 2011 at 16:59

      You only need to add your certificate to the Eclipse if you want to do it compile your application with system privilege in debug time. Eclipse will accept your new certificate if you add the alias “androiddebugkey” in your certificate running the command passing the new label:

      ./keytool-importkeypair -k google_certificate.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias androiddebugkey

      But if you just want to generate the apk with system privileges, you can simply export your application choosing your certificate using the alias “platform”.

      • Murugesan
        19 de June de 2012 at 03:34

        How to use “./keytool-importkeypair -k google_certificate.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias androiddebugkey” in windows 7 OS .

        Please guide me …

  3. acassis
    23 de October de 2011 at 10:12

    Thank you very much for this nice tutorial!

  4. test
    24 de November de 2011 at 20:10

    I did not find certificates (.pk8 + x509.pem) in the SDK?
    Please can your help me ?
    Thx in advance.

  5. 27 de November de 2011 at 19:53

    No. These certificates are in the source code of the Android OS and not in the SDK. You need to get the certificates (.pk8 + x509.pem) that were used to compile the OS that will run your application.

  6. caesar
    8 de January de 2012 at 09:45

    I have a galaxy note running gingerbread 2.3.5,
    The certificate would be in the source code of this samsung stock android version ?
    Do you know where can I get it ?

  7. otto_xd
    20 de January de 2012 at 06:57

    Hi.

    First of all, thank you for all the tutorials you’re making, all of them are awesome!

    I have doubts with the location of the certificates and the potential use of the google_certificate.keystore generated.

    Since the keys are extracted from source code, all devices that use the compiled Firmware from the source code will accept the key
    google_certificate created?

    Thank you very much, and sorry for my low level of English

  8. xeejem
    29 de January de 2012 at 19:45

    Is there a way to add my own platform pk8 file to my htc stock rom so that it will trust my apk signed with my own platform pk8 and give me system permission, given that I have root access to the stock rom?

  9. crt
    5 de February de 2012 at 11:07

    I’m trying to sign an entire rom and know certain apks belong in different categories. Like system, media, platform, etc. Can anyone point me in the right direction to a list of which files belong in which category so the rom can be signed properly.

  10. mighter
    21 de June de 2012 at 05:43

    Thanks for the post!
    So, how do I know if the device vendor has custom certificate, instead of the default android?

  11. Manipulator
    28 de June de 2012 at 11:31

    I would also like to know this!
    My first thought was that all vendors generate their own private keys and keep them suuuper secret.
    Does your tutorial presume that you’re running a custom made ROM? Or stock OS?
    Best regards!

  12. 28 de May de 2013 at 08:58

    @Manipulator: This “manufacturer” or “plarform” key is to be used with the emulator ROM
    As production devices contains different keys (defined by the manufacturer)

    Regards

  13. WooDoo
    16 de September de 2013 at 10:10

    where to get {Android Source} for version 2.3.6?
    please help

  14. forall
    27 de October de 2013 at 06:25

    How to do this, you have the tutorial ? please help me.

  15. 7 de June de 2014 at 16:56

    Terrific work! This is the type of information that should be shared across the net.
    Disgrace on Google for no longer positioning this put up higher!
    Come on over and visit my website . Thank you =)

  16. 3 de July de 2014 at 03:05

    Oh my goodness! Amazing article dude! Thank you so much, However I am experiencing problems with your RSS.
    I don’t understand why I can’t subscribe to it. Is there
    anybody getting the same RSS issues? Anyone that knows
    the answer can you kindly respond? Thanks!!

  17. 6 de July de 2014 at 05:19

    They can either go into business with other lawyers or specialize in compensation cases
    for clients. Calling the first personal injury lawyer TV, radio or newspaper ad you
    come across will often lead to a poor matching of lawyer to client.
    Article Source: almost thirty years, Etobicoke Personal Injury Lawyer has offered a free
    initial consultation with no obligation.

  18. 7 de July de 2014 at 02:24

    Consider preparing a list of potential candidates and
    then narrow the list down, asking relevant
    questions. If the situation or altercation presents itself in an act of
    misconduct at work. Article Source: almost thirty years, Etobicoke Personal Injury
    Lawyer has offered a free initial consultation with no obligation.

  19. 7 de July de 2014 at 03:02

    Consider preparing a list of potential candidates and
    then narrow the list down, asking relevant questions.
    If the situation or altercation presents itself in an act of misconduct at work.
    By law, the attorney you hire will state everything to you.

  20. 7 de July de 2014 at 04:04

    Mediation: This is one of the most significant and cheaper alternative to hiring individual
    lawyers. Calling the first personal injury lawyer TV,
    radio or newspaper ad you come across will often lead to a poor matching of lawyer to client.
    By law, the attorney you hire will state everything to you.

  21. 7 de July de 2014 at 23:14

    At the same time these lawyers consider the status of injury
    too in winning the case. If the situation or altercation presents itself in an act of misconduct at work.

    Additionally, injury lawyers are of great importance in the event of personal injury.

  22. 8 de July de 2014 at 09:19

    At the same time these lawyers consider the status of injury
    too in winning the case. It is important that you are not lied to,
    and you are clear about what you are going
    to pay for services. The personal injury lawyer normally takes cases that involve medical malpractice, car accident
    injuries, injuries sustained on the job and injuries caused by
    defective products.

  23. 8 de July de 2014 at 09:46

    Mediation: This is one of the most significant and cheaper alternative to hiring individual lawyers.
    More or less often blame are the pilot errors and mechanical failures.

    The personal injury lawyer normally takes cases that involve medical malpractice,
    car accident injuries, injuries sustained on the job and injuries caused by defective products.

  24. 8 de July de 2014 at 17:16

    Some are more specific, and such attorneys excel in their niche field.
    It is important that you are not lied to, and you are clear about what you are going to pay for services.
    The person to contact the police should inform that
    people are injured, and if possible, the number of persons injured so that there
    will be enough emergency personnel to respond to
    the accident.

  25. 9 de July de 2014 at 21:51

    Consider preparing a list of potential candidates and then narrow the list down, asking relevant
    questions. But areas that even the most aggressive collectors usually can’t touch include
    Social Security benefits, public assistance benefits such as food stamps or cash aid and unemployment benefits.
    The person to contact the police should inform that people are injured, and if
    possible, the number of persons injured so that there will be
    enough emergency personnel to respond to the accident.

  26. 10 de July de 2014 at 21:14

    Consider preparing a list of potential candidates and then narrow the list
    down, asking relevant questions. Hiring a great personal injury lawyer after suffering an injury is
    always a great idea. Even if your personal injury claim appears
    to be straightforward, your case may not be as
    simple as it first seems.

  27. 20 de July de 2014 at 03:53

    These anti-fire equipments will run a siren or may also shed water from the ceiling in case if it detects fire.
    These automatic and wireless security systems come with additional features like informing
    to the nearby police station, in case an outsider is
    detected. Home Security Systems – Many articles have been written on this subject and
    the basics are probably known by most readers.

  28. 13 de August de 2014 at 15:56

    I savor, cause I found exactly what I used to be looking
    for. You have ended my 4 day lengthy hunt!
    Good Bless you man. Have a great day. Bye

  29. Hills
    23 de October de 2014 at 00:53

    Hi Paulo,

    Can you please check whether this mechanism still works for Kitkat (4.4) or ICS (4.0.3)? I badly need this. I would appreciate whatever help you can do!

  1. 27 de August de 2012 at 20:31
  2. 27 de November de 2012 at 12:29
  3. 25 de December de 2012 at 23:43
  4. 26 de December de 2012 at 01:30
  5. 31 de December de 2012 at 12:27

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: