Apk with system privileges
Hello everyone!
Many people ask me how to sign an APK with the system certificate. With system privileges you can install APKs in background as I showed in the previous post. It isn’t simple and it is not a common case, but if it is really your need, here follows a little tip for you.
First of all, you do not need to do any of that if: the Android that is running on your device used default certificates that comes in the Android source code. It happens if the engineer don’t create its own certificate to sign the system – which is the case of the Android emulator or, if you are using some ROM that uses the default one (yes, some ROMs have a huge vulnerability!).
To achieve that first you have to obtain the certificates that were used to sign the Android OS installed on the device – a pair of certificates (.pk8 + x509.pem) – to generate a java certificate.
The certificates pair (platform.pk8 + platform.x509.pem) can be found under {Android Source}/build/target/product/security.
With those certificate on hand, you should create a java keystore file (.keystore) merging these two certificates (.pk8 + x509.pem) into one.
To be able to do that, you can use the keytool-importkeypair with the command:
./keytool-importkeypair -k google_certificate.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias platform
You can download keytool-importkeypair here or direct download zip file here
usage: keytool-importkeypair [-k keystore] [-p storepass] -pk8 pk8 -cert cert -alias key_alias
After running this command it will generate a file in your current folder named “google_certificate.keystore”. Note: the alias is “platform” and the password is “android”.
To get that super power it just about to sign your apk with the generated “google_certificate.keystore” certificate.
Just remember, “with great power comes great responsibility”. Enjoy! 😉
paulononaka
paulononaka 
Fantastic !
Problem…
I used the keytool-importkeypair script to generate a .keystore from the pk8 and pem files, however, when I specify my .keystore file in Eclipse (Window -> Preferences -> Android -> Build -> custom debug keystore) the APPLY and OK buttons become unselectable.
What could be wrong ?
You only need to add your certificate to the Eclipse if you want to do it compile your application with system privilege in debug time. Eclipse will accept your new certificate if you add the alias “androiddebugkey” in your certificate running the command passing the new label:
./keytool-importkeypair -k google_certificate.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias androiddebugkey
But if you just want to generate the apk with system privileges, you can simply export your application choosing your certificate using the alias “platform”.
How to use “./keytool-importkeypair -k google_certificate.keystore -p android -pk8 platform.pk8 -cert platform.x509.pem -alias androiddebugkey” in windows 7 OS .
Please guide me …
Thank you very much for this nice tutorial!
I did not find certificates (.pk8 + x509.pem) in the SDK?
Please can your help me ?
Thx in advance.
No. These certificates are in the source code of the Android OS and not in the SDK. You need to get the certificates (.pk8 + x509.pem) that were used to compile the OS that will run your application.
I have a galaxy note running gingerbread 2.3.5,
The certificate would be in the source code of this samsung stock android version ?
Do you know where can I get it ?
Hi.
First of all, thank you for all the tutorials you’re making, all of them are awesome!
I have doubts with the location of the certificates and the potential use of the google_certificate.keystore generated.
Since the keys are extracted from source code, all devices that use the compiled Firmware from the source code will accept the key
google_certificate created?
Thank you very much, and sorry for my low level of English
Is there a way to add my own platform pk8 file to my htc stock rom so that it will trust my apk signed with my own platform pk8 and give me system permission, given that I have root access to the stock rom?
I’m trying to sign an entire rom and know certain apks belong in different categories. Like system, media, platform, etc. Can anyone point me in the right direction to a list of which files belong in which category so the rom can be signed properly.
Thanks for the post!
So, how do I know if the device vendor has custom certificate, instead of the default android?
I would also like to know this!
My first thought was that all vendors generate their own private keys and keep them suuuper secret.
Does your tutorial presume that you’re running a custom made ROM? Or stock OS?
Best regards!
@Manipulator: This “manufacturer” or “plarform” key is to be used with the emulator ROM
As production devices contains different keys (defined by the manufacturer)
Regards
where to get {Android Source} for version 2.3.6?
please help
How to do this, you have the tutorial ? please help me.
Terrific work! This is the type of information that should be shared across the net.
Disgrace on Google for no longer positioning this put up higher!
Come on over and visit my website . Thank you =)
Oh my goodness! Amazing article dude! Thank you so much, However I am experiencing problems with your RSS.
I don’t understand why I can’t subscribe to it. Is there
anybody getting the same RSS issues? Anyone that knows
the answer can you kindly respond? Thanks!!
They can either go into business with other lawyers or specialize in compensation cases
for clients. Calling the first personal injury lawyer TV, radio or newspaper ad you
come across will often lead to a poor matching of lawyer to client.
Article Source: almost thirty years, Etobicoke Personal Injury Lawyer has offered a free
initial consultation with no obligation.
Consider preparing a list of potential candidates and
then narrow the list down, asking relevant
questions. If the situation or altercation presents itself in an act of
misconduct at work. Article Source: almost thirty years, Etobicoke Personal Injury
Lawyer has offered a free initial consultation with no obligation.
Consider preparing a list of potential candidates and
then narrow the list down, asking relevant questions.
If the situation or altercation presents itself in an act of misconduct at work.
By law, the attorney you hire will state everything to you.
Mediation: This is one of the most significant and cheaper alternative to hiring individual
lawyers. Calling the first personal injury lawyer TV,
radio or newspaper ad you come across will often lead to a poor matching of lawyer to client.
By law, the attorney you hire will state everything to you.
At the same time these lawyers consider the status of injury
too in winning the case. If the situation or altercation presents itself in an act of misconduct at work.
Additionally, injury lawyers are of great importance in the event of personal injury.
At the same time these lawyers consider the status of injury
too in winning the case. It is important that you are not lied to,
and you are clear about what you are going
to pay for services. The personal injury lawyer normally takes cases that involve medical malpractice, car accident
injuries, injuries sustained on the job and injuries caused by
defective products.
Mediation: This is one of the most significant and cheaper alternative to hiring individual lawyers.
More or less often blame are the pilot errors and mechanical failures.
The personal injury lawyer normally takes cases that involve medical malpractice,
car accident injuries, injuries sustained on the job and injuries caused by defective products.
Some are more specific, and such attorneys excel in their niche field.
It is important that you are not lied to, and you are clear about what you are going to pay for services.
The person to contact the police should inform that
people are injured, and if possible, the number of persons injured so that there
will be enough emergency personnel to respond to
the accident.
Consider preparing a list of potential candidates and then narrow the list down, asking relevant
questions. But areas that even the most aggressive collectors usually can’t touch include
Social Security benefits, public assistance benefits such as food stamps or cash aid and unemployment benefits.
The person to contact the police should inform that people are injured, and if
possible, the number of persons injured so that there will be
enough emergency personnel to respond to the accident.
Consider preparing a list of potential candidates and then narrow the list
down, asking relevant questions. Hiring a great personal injury lawyer after suffering an injury is
always a great idea. Even if your personal injury claim appears
to be straightforward, your case may not be as
simple as it first seems.
These anti-fire equipments will run a siren or may also shed water from the ceiling in case if it detects fire.
These automatic and wireless security systems come with additional features like informing
to the nearby police station, in case an outsider is
detected. Home Security Systems – Many articles have been written on this subject and
the basics are probably known by most readers.
I savor, cause I found exactly what I used to be looking
for. You have ended my 4 day lengthy hunt!
Good Bless you man. Have a great day. Bye
Hi Paulo,
Can you please check whether this mechanism still works for Kitkat (4.4) or ICS (4.0.3)? I badly need this. I would appreciate whatever help you can do!
How can i retrieve my own android os certificates?? can u plz guide me….??
Good article but paulonona, it will be better if you guide many of us who are finding it difficult to get android system certificates 😦
Nice article. It made this steps for windows user (asked by @Murugesa long time ago :-)):
Requirements:
– lightweight openssl 0.9.8k for windows (https://openssl-for-windows.googlecode.com/files/openssl-0.9.8k_WIN32.zip)
– JDK 1.6 including Keytool
Commands:
– openssl.exe pkcs8 -inform DER -nocrypt -in -out
– openssl.exe pkcs12 -export -in -inkey -out -password pass: -name
– openssl.exe x509 -noout -fingerprint -in #This is just to print out finger print
– \keytool.exe -importkeystore -deststorepass -destkeystore -srckeystore -srcstoretype PKCS12 -srcstorepass
You can finally use your new generated to sign your apk
some characters were stripped off sorry:
Commands:
– openssl.exe pkcs8 -inform DER -nocrypt -in your_.pk8_file -out out.pk8
– openssl.exe pkcs12 -export -in your_.x509.pem_file -inkey out.pk8 -out out.bundle -password pass:your_keystore_password -name your_keystore_name
– openssl.exe x509 -noout -fingerprint -in your_.x509.pem_file #This is just to print out finger print
– JDK_Bin\keytool.exe -importkeystore -deststorepass your_keystore_password -destkeystore your_keystore_file_to_be_generated -srckeystore out.bundle -srcstoretype PKCS12 -srcstorepass your_keystore_password
ilias, I would like my app signed so that once installed it will belong in the system app group. Can you do this for a fee?
Sorry I didn’t get your comment on time. Are you done with this?
how can i make my own .pk8 and .x507.pem ? . please help me . thamks in advance
Hello,
I need a tutorial. Can someone help me, showing what I have to do?