Happening now! New Honor Phone Launch
FORUMS
Remove All Ads from XDA

[TUT][ICS] bypass Credential Storage phone lock / install certificates

3 posts
Thanks Meter: 16
 
By .eXa, Junior Member on 21st June 2012, 03:03 AM
Post Reply Email Thread
Hello folks,

idk if anyone of you guys had a hard time with the same annoying 'feature' on ics roms which forces you to set a PIN/password/pattern lock when you try to install enterprise certificates into your credential storage.

As for myself I need some of these certs to log into the WLAN at my university (which is 802.1x protected). But I don't feel the need of locking my phone.

So I exploited this to go around setting a password for the secure lock screen.

-------------------------------------------------------------------------------

Prerequisites are a rooted phone, a root file browser or adb tools and apparently your certificates.

I tested this on AOKP build 38 and 39 on a rooted HTC Sensation XE and will check this on two other devices the upcoming week.

UPDATE: seems to work even easier, I made the changes inline since the previous workaround did not work in every case.



Step 1:
Download the certificates to your SD card and/or install directly via browser/email etc. Do as you are asked and set up a PIN/password/pattern lock. Remember it

Step 2:
now with your root file browser go to /data/misc/ and recursively copy the folders keychain and keystore to a save place.
These are the folders containing the certificate files.
(See [System settings > security > Trusted credentials] for installed certificates)

With adb tools you can for example do this:

Code:
adb shell
su
cp -R /data/misc/keychain /sdcard/certificates/
cp -R /data/misc/keystore /sdcard/certificates/
Step 3:
Go to [System settings > security] and click [Clear credentials] at the bottom of the menu. Now your previously installed certs are wiped and you are free to set the lock method to [none], [slide] or [face lock] again.

Step 4:
Finally fire up your root file browser again, set /system as read/write and copy the in Step 2 backed up directories back to /data/misc/. They are now installed as the before but since CertInstaller.apk does not get involved, noone forces you to lock your phone.

in adb shell:
Code:
cp -R /sdcard/certificates/* /data/misc/
Now you should be able to find your newly added certificates in the System list under [System Settings > Security > Trusted credentials] in the [User] tab and thus be able to log into your desired WLAN.

I hope this helps some people out there. When I get deeper into developing maybe I will find a 'cleaner' method for this.

have a good night,

.eXa
The Following 15 Users Say Thank You to .eXa For This Useful Post: [ View ] Gift .eXa Ad-Free
 
 
21st June 2012, 03:20 PM |#2  
Member
Thanks Meter: 22
 
More
Thank you for sharing! I have been really looking for this kind of hack.
Sadly I can't use it as my certificate has a different structure: it seems to install 3 files in /data/misc/keystore/
The files are 1000_USRCERT_Polimi ; 1000_USRCERT_Polimi and .masterkey
I tried copying these files to the new directory and even changing the file extension but it did not work.
I don't know if this issue is rom or certificate related.. anyway I am using a stock rom on samsung galaxy s3.. perhaps samsung manages differently certificates..
Have you any clue on this? Thank you!
21st June 2012, 09:58 PM |#3  
OP Junior Member
Flag Aachen
Thanks Meter: 16
 
More
hey, thanks for the reply.

alright, I figured something new, maybe try the updated version of the tutorial and pls tell me if that works for you.

greetings
22nd June 2012, 11:13 AM |#4  
Member
Thanks Meter: 22
 
More
Exclamation
Quote:
Originally Posted by .eXa

hey, thanks for the reply.

alright, I figured something new, maybe try the updated version of the tutorial and pls tell me if that works for you.

greetings

You were fast! and I think you made it: I can now select the certificate in the wifi options dialog (so it's correctly installed).. but I can't test the access to the network until monday.. Anyway I am convinced that it made the trick and it was really simple, I must say.
Thank you so much , this will be useful to many people!
25th June 2012, 11:20 AM |#5  
Grgur's Avatar
Member
Flag Gdansk
Thanks Meter: 16
 
More
Your trick helped me only partially. It allowed me to install the certificates just fine. But as soon as I try to connect to any 802.1x protected Wi-Fi network, the phone bugs me again with setting the screen lock. So I need a workaround for accessing the key storage.
2nd July 2012, 05:20 PM |#6  
Member
Thanks Meter: 22
 
More
I tried it and sadly it does not work: it asks me a password to activate the credential storage.. only problem is that I never set a password for it so I can't insert it and use the certificate. Too bad but I think it depends on the certificate.. anyway thank you very much for the help provided!
7th July 2012, 01:13 AM |#7  
OP Junior Member
Flag Aachen
Thanks Meter: 16
 
More
so, back from vacation.

@grgur: in your setup it is the 802.1x wlan that forces you by corporate policy to lock your phone. i am still trying to figure this out, i will try and search the system where stored wlan access points are stored. update will come as i find a solution to this.

@grievous: which version of android are you on? try clearing your credential storage first, then set up the password and then add the certificates. after that proceed with my tutorial.


since i am in the middle of learning for my exams i have really no time to go on with my android studies... it seems like in the long haul someone has to "fix" the app that handles phone lock and device policies. i know who the bad boy is but i am lacking time right now, so hopefully i get this done by the end of august.

i'll keep you up to date with my progress.

greetings
The Following User Says Thank You to .eXa For This Useful Post: [ View ] Gift .eXa Ad-Free
15th July 2012, 08:58 AM |#8  
Member
Thanks Meter: 7
 
More
Is there a one-click fix for this yet? Bloody annoying...
29th August 2012, 04:22 PM |#9  
Working great on stock rooted JellyBean nexus 7. Muchos grazis!
29th August 2012, 08:51 PM |#10  
Junior Member
Thanks Meter: 1
 
More
As soon as i go back to university (politecnico di milano) i will use your suggestion! Has anyone already tried with polimi wifi network?
31st August 2012, 02:11 PM |#11  
Member
Thanks Meter: 22
 
More
Thumbs up
Quote:
Originally Posted by .eXa

@grievous: which version of android are you on? try clearing your credential storage first, then set up the password and then add the certificates. after that proceed with my tutorial.

Quote:
Originally Posted by pippodream

As soon as i go back to university (politecnico di milano) i will use your suggestion! Has anyone already tried with polimi wifi network?

I was using a samsung stock rom 4.0.4 and the tutorial worked but when trying to connect again it asked me for a credential pwd (that I never set). Now I'm on CM10 so there should be no problem. As soon as I get to Polimi I'll try
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes