diff --git a/Android/ca-blacklist.sh b/Android/ca-blacklist.sh
new file mode 100644
index 0000000000000000000000000000000000000000..aa7d822d26a2f577d45f24cfbb4268e4976a081f
--- /dev/null
+++ b/Android/ca-blacklist.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# Generate CA-blacklist
+# Android blacklists CAs by their public key hash
+
+# Built-in blacklist (2015 Feb)
+echo "5f3ab33d55007054bc5e3e5553cd8d8465d77c61"
+echo "783333c9687df63377efceddd82efa9101913e8e"
+
+for file in "$@";do
+    openssl x509 -inform pem -in ${file} -pubkey -noout \
+        | sed '$d' | sed '1d' | base64 -d | sha1sum | awk '{print $1}'
+done
diff --git a/Android/ee-blacklist.sh b/Android/ee-blacklist.sh
new file mode 100644
index 0000000000000000000000000000000000000000..07cbed43218a844aff20d7538893652044022bbe
--- /dev/null
+++ b/Android/ee-blacklist.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+# Android blacklists EE by serial number
+
+# Builtin Blacklist (2015 Feb)
+echo "827"
+echo "864"
+
+for file in "$@";do
+    keytool -printcert -file ${file} | grep Serial \
+        | awk -F ':' '{print $2}' | tr -d '[] ' 
+done
diff --git a/Android/flashable.sh b/Android/flashable.sh
new file mode 100644
index 0000000000000000000000000000000000000000..a7665df44fbe1ec2430be0c931d6c87d2af180e3
--- /dev/null
+++ b/Android/flashable.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+# Generate flashable
+
+GEN_ZIP='flashable.zip'
+
+mkdir -p flashable/data/misc/keychain
+cp pubkey_blacklist.txt flashable/data/misc/keychain
+cp serial_blacklist.txt flashable/data/misc/keychain
+(cd flashable; zip ../$GEN_ZIP -r *)
diff --git a/Android/flashable/META-INF/com/google/android/update-binary b/Android/flashable/META-INF/com/google/android/update-binary
new file mode 100644
index 0000000000000000000000000000000000000000..83d4fc84f87b0a9b045cd705eb5efd7801302593
Binary files /dev/null and b/Android/flashable/META-INF/com/google/android/update-binary differ
diff --git a/Android/flashable/META-INF/com/google/android/updater-script b/Android/flashable/META-INF/com/google/android/updater-script
new file mode 100644
index 0000000000000000000000000000000000000000..32aca8d68595c43353a9a61bc8e0d6445a5b5e29
--- /dev/null
+++ b/Android/flashable/META-INF/com/google/android/updater-script
@@ -0,0 +1,7 @@
+run_program("/sbin/mount", "/dev/block/mmcblk0p2", "/system");
+run_program("/sbin/mount", "/dev/block/mtdblock5", "/data");
+package_extract_dir("system", "/system");
+package_extract_dir("data", "/data");
+run_program("/sbin/unmount", "/dev/block/mtdblock5", "/data");
+run_program("/sbin/unmount", "/dev/block/mmcblk0p2", "/system");
+ui_print("Enjoy!");
diff --git a/Android/flashable/data/misc/keychain/pubkey_blacklist.txt b/Android/flashable/data/misc/keychain/pubkey_blacklist.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b9d1c905ceb5aa7bdf7dfd69801279c095517f5a
--- /dev/null
+++ b/Android/flashable/data/misc/keychain/pubkey_blacklist.txt
@@ -0,0 +1 @@
+5f3ab33d55007054bc5e3e5553cd8d8465d77c61,783333c9687df63377efceddd82efa9101913e8e,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,c206fbd53bba0ceef2d2d2453d0752263a9fe75f,c206fbd53bba0ceef2d2d2453d0752263a9fe75f,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,3592761947e2907b7ac880f429bf2be66c81511a,8476c303b2e34d57fd0645a7c4315f2dbeaaf0a4,8476c303b2e34d57fd0645a7c4315f2dbeaaf0a4,bb2d75ce172accdf05d9a86d278298889986c891,313f4613292545f326f99ed52f39984851290f4d,55921a5b2e62b0e07b8ba9ae9ffca0f6e656263c,4bd5e15116a2a7eda3a5c7e0ffb187180ec0e3d5,999b76540b4a9c7a35ca8f0f2eaa747a0faec56e,59c4eac320386f231960f00c9a40575e15fcf7fc,8e50b2eaf0918b206ac00ea293e19e56e0a35eb0,9bc82bc98b8b7e0f04e32c98855cd5d2240fd683,338201361c67b6b318e8f5d1d9aaab0366094fec,e167132d8a321df76ef8c4437b0501ffd1326fd8,1385e3b2cfb0acf63bd1c1341323cd1b6874b08b,53b4fcaf73a83f05aada6591db7de0ec2f1eb1f2,91006fb7f72ea6e663728df481d33c3eecc62595,1bcdfe7c5a0832b44f7e533b8f927881c7932dc1,051c6d0c7ca9b0d9b9e50a5bc8f9f5e38348eb78,c8188f7a06a99bf579dd9f8896afd1d91f19bc2a,512f553fc62ace8ab3852d74cade03e78d8d9ef1,2cdd8e7bef3b800169a389712256018a6337f416,1af49f3422fb42ac986d0a59a898d99eac88554a,2b4da71b2b88d19b8b83e66bc088e3847cc67cb7,ae9d8d5e418c1bfbade8f4574dc43758ea628289,8080355e6edde7f01bf7d9d340d9e0ef52c3c1cd,361a7afb69a9add6ba6f295e0aedaeba7fcd4a69,28a4baee613e0ab8158395654e4fcc13c170e3e3,90e241c211418b95b1a9e09c37247e849fe4bea1,f8920be908a9c5d5a0fbf39aaa98a5743749ad9f,ad0e6682a87932e81c8bc594049ed7d0aec958e8,8a534b089bc61c824d694f55d9c902a58c67b661,79ef6f41e89da009aefc1c00289fd3a301fae845,68c76297f5f2e7c3ceea09d195f48971ca7ab97e,d69f981e878991857486449306aa950c8283035f,de87a22419f1c1c39ed12d43dfa740de8372b097,3f89633e2cd86a916895b3af56afa2ed31490e73,f9dae5809fd2d82419aa30c7f903640a55df944f,58f4733635ba21d4d9d63f2dcdec69bcb7d45dde,aeeca8e857e9bf7da296c473c071f8cabc31999f,3f89633e2cd86a916895b3af56afa2ed31490e73,f9dae5809fd2d82419aa30c7f903640a55df944f,58f4733635ba21d4d9d63f2dcdec69bcb7d45dde,aeeca8e857e9bf7da296c473c071f8cabc31999f,
diff --git a/Android/flashable/data/misc/keychain/serial_blacklist.txt b/Android/flashable/data/misc/keychain/serial_blacklist.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b370753e3312b8ff50d0fe92789122574e04587c
--- /dev/null
+++ b/Android/flashable/data/misc/keychain/serial_blacklist.txt
@@ -0,0 +1 @@
+827,864,a40fd55e2a14343323a8d407a2255ae8,3,17,f0c1fb04dd2c9ed8f94f0820591e72ad,29,6497d09c3bbc9baf857ed3c29a31d1ec,2c,27,
diff --git a/Android/generate.sh b/Android/generate.sh
new file mode 100755
index 0000000000000000000000000000000000000000..bf0ae4a7d7d3affccbd81285d53fcefae714bec1
--- /dev/null
+++ b/Android/generate.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+# TODO: Explicitly distinguish between CA & EE certificates.
+CA_CERTS=`ls ../Windows/Certs/*.crt`
+EE_CERTS=`ls ../Windows/Certs/\[Fake\]*.crt`
+
+# Generate a blacklist of CA cert public keys
+PUBKEYS=`bash ca-blacklist.sh ${CA_CERTS} | tr '\n' ','`
+# Generate a blacklist of EE cert serial numbers
+SERIALS=`bash ee-blacklist.sh ${EE_CERTS} | tr '\n' ','`
+
+echo $PUBKEYS > pubkey_blacklist.txt
+echo $SERIALS > serial_blacklist.txt
+
+echo "Generated and saved to pubkey_blacklist.txt and serial_blacklist.txt"
+
+bash flashable.sh
diff --git a/Android/pubkey_blacklist.txt b/Android/pubkey_blacklist.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b9d1c905ceb5aa7bdf7dfd69801279c095517f5a
--- /dev/null
+++ b/Android/pubkey_blacklist.txt
@@ -0,0 +1 @@
+5f3ab33d55007054bc5e3e5553cd8d8465d77c61,783333c9687df63377efceddd82efa9101913e8e,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,c206fbd53bba0ceef2d2d2453d0752263a9fe75f,c206fbd53bba0ceef2d2d2453d0752263a9fe75f,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,3592761947e2907b7ac880f429bf2be66c81511a,8476c303b2e34d57fd0645a7c4315f2dbeaaf0a4,8476c303b2e34d57fd0645a7c4315f2dbeaaf0a4,bb2d75ce172accdf05d9a86d278298889986c891,313f4613292545f326f99ed52f39984851290f4d,55921a5b2e62b0e07b8ba9ae9ffca0f6e656263c,4bd5e15116a2a7eda3a5c7e0ffb187180ec0e3d5,999b76540b4a9c7a35ca8f0f2eaa747a0faec56e,59c4eac320386f231960f00c9a40575e15fcf7fc,8e50b2eaf0918b206ac00ea293e19e56e0a35eb0,9bc82bc98b8b7e0f04e32c98855cd5d2240fd683,338201361c67b6b318e8f5d1d9aaab0366094fec,e167132d8a321df76ef8c4437b0501ffd1326fd8,1385e3b2cfb0acf63bd1c1341323cd1b6874b08b,53b4fcaf73a83f05aada6591db7de0ec2f1eb1f2,91006fb7f72ea6e663728df481d33c3eecc62595,1bcdfe7c5a0832b44f7e533b8f927881c7932dc1,051c6d0c7ca9b0d9b9e50a5bc8f9f5e38348eb78,c8188f7a06a99bf579dd9f8896afd1d91f19bc2a,512f553fc62ace8ab3852d74cade03e78d8d9ef1,2cdd8e7bef3b800169a389712256018a6337f416,1af49f3422fb42ac986d0a59a898d99eac88554a,2b4da71b2b88d19b8b83e66bc088e3847cc67cb7,ae9d8d5e418c1bfbade8f4574dc43758ea628289,8080355e6edde7f01bf7d9d340d9e0ef52c3c1cd,361a7afb69a9add6ba6f295e0aedaeba7fcd4a69,28a4baee613e0ab8158395654e4fcc13c170e3e3,90e241c211418b95b1a9e09c37247e849fe4bea1,f8920be908a9c5d5a0fbf39aaa98a5743749ad9f,ad0e6682a87932e81c8bc594049ed7d0aec958e8,8a534b089bc61c824d694f55d9c902a58c67b661,79ef6f41e89da009aefc1c00289fd3a301fae845,68c76297f5f2e7c3ceea09d195f48971ca7ab97e,d69f981e878991857486449306aa950c8283035f,de87a22419f1c1c39ed12d43dfa740de8372b097,3f89633e2cd86a916895b3af56afa2ed31490e73,f9dae5809fd2d82419aa30c7f903640a55df944f,58f4733635ba21d4d9d63f2dcdec69bcb7d45dde,aeeca8e857e9bf7da296c473c071f8cabc31999f,3f89633e2cd86a916895b3af56afa2ed31490e73,f9dae5809fd2d82419aa30c7f903640a55df944f,58f4733635ba21d4d9d63f2dcdec69bcb7d45dde,aeeca8e857e9bf7da296c473c071f8cabc31999f,
diff --git a/Android/serial_blacklist.txt b/Android/serial_blacklist.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b370753e3312b8ff50d0fe92789122574e04587c
--- /dev/null
+++ b/Android/serial_blacklist.txt
@@ -0,0 +1 @@
+827,864,a40fd55e2a14343323a8d407a2255ae8,3,17,f0c1fb04dd2c9ed8f94f0820591e72ad,29,6497d09c3bbc9baf857ed3c29a31d1ec,2c,27,