Merge pull request #1 from chengr28/master

merge from upstream

Android/.gitignore

-flashable.zip
+./flashable.zip
 flashable/data/misc/keychain/*_blacklist.txt

Android/README.md

@@ -8,7 +8,37 @@ Android 4.1+ device.
 
 This utility blacklists CA and EE certificates.
 
-## Usage
+## Usage -- Use prebuilt configurations (Recommended)
+
+### With root access
+
+Assuming you have root access on your phone, `cd` into the folder whose
+name corresponds to the config you want (RESTORE, ALL, EXTENDED or BASE).
+
+        git clone [REPO_ADDRESS]
+        cd Android/prebuilt/[type]
+        ./rooted.sh
+
+If you are on windows and do not have BASH, use:
+
+        git clone [REPO_ADDRESS]
+        cd Android/prebuilt/[type]
+        adb push pubkey_blacklist.txt /sdcard/pubkey_blacklist.txt
+        adb push serial_blacklist.txt /sdcard/serial_blacklist.txt
+
+        adb shell su -c "cp /sdcard/pubkey_blacklist.txt /data/misc/keychain/pubkey_blacklist.txt"
+        adb shell su -c "cp /sdcard/serial_blacklist.txt /data/misc/keychain/serial_blacklist.txt"
+
+### Without root access
+
+        git clone [REPO_ADDRESS]
+        cd Android/prebuilt/[type]
+        adb push flashable.zip /sdcard/update.zip
+        # Reboot phone to recovery
+        adb reboot recovery
+        # Now flash the zip file using your custom recovery
+
+## Usage -- Building from source
 
 First, use `git` to clone the whole repo. `cd` to this dir. Use `generate.sh`
 to generate the configuration files you need.

Android/README_zhCN.md

+Android证书屏蔽
+=====================================================
+
+本工具为Android 4.1或以上之设备安装用于屏蔽某些数字证书的配置。
+
+## 简介
+
+本工具安装的配置文件将屏蔽某些CA和EE证书。
+
+## 推荐用法
+
+### 有 root 权限
+
+若您持有待配置之Android设备root访问，请在`cd`进入对应名称的文件夹中
+(RESTORE, ALL, EXTENDED or BASE， 推荐extended)，并调用root.sh文件安装入对应的配置文件。
+
+        git clone [REPO_ADDRESS]
+        cd Android/prebuilt/[type]
+        ./rooted.sh
+
+若您使用Windows平台且未有BASH，请在命令行中运行：
+
+        git clone [REPO_ADDRESS]
+        cd Android/prebuilt/[type]
+        adb push pubkey_blacklist.txt /sdcard/pubkey_blacklist.txt
+        adb push serial_blacklist.txt /sdcard/serial_blacklist.txt
+
+        adb shell su -c "cp /sdcard/pubkey_blacklist.txt /data/misc/keychain/pubkey_blacklist.txt"
+        adb shell su -c "cp /sdcard/serial_blacklist.txt /data/misc/keychain/serial_blacklist.txt"
+
+### 若无 root 权限
+
+        git clone [REPO_ADDRESS]
+        cd Android/prebuilt/[type]
+        adb push flashable.zip /sdcard/update.zip
+        # 下面命令将重启您的Android设备至recovery状态
+        adb reboot recovery
+        # 请使用recovery刷入zip包
+
+更具体的使用方法，详见README.md

Android/flashable/data/misc/keychain/pubkey_blacklist.txt

-5f3ab33d55007054bc5e3e5553cd8d8465d77c61,783333c9687df63377efceddd82efa9101913e8e,
+5f3ab33d55007054bc5e3e5553cd8d8465d77c61,783333c9687df63377efceddd82efa9101913e8e,bb2d75ce172accdf05d9a86d278298889986c891,55921a5b2e62b0e07b8ba9ae9ffca0f6e656263c,4bd5e15116a2a7eda3a5c7e0ffb187180ec0e3d5,1bcdfe7c5a0832b44f7e533b8f927881c7932dc1,8080355e6edde7f01bf7d9d340d9e0ef52c3c1cd,

Android/flashable/data/misc/keychain/serial_blacklist.txt

-827,864,
+827,864,a40fd55e2a14343323a8d407a2255ae8,3,17,f0c1fb04dd2c9ed8f94f0820591e72ad,29,6497d09c3bbc9baf857ed3c29a31d1ec,2c,27,

Android/generate.sh

@@ -5,21 +5,21 @@ set -e
 if [ ${1:-extended} = 'all' ];then
     echo "Generating ALL CRL set"
     # TODO: Explicitly distinguish between CA & EE certificates.
-    CA_CERTS=`ls ../Windows/Certs/*.crt`
-    EE_CERTS=`ls ../Windows/Certs/\[Fake\]*.crt`
+    CA_CERTS=`ls ../Windows/Certs/Online/*.crt`
+    EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt`
     echo "all"
 elif [ ${1:-extended} = 'extended' ];then
     echo "Generating EXTENDED CRL set"
-    CA_CERTS=`ls ../Windows/Certs/CNNIC_*.crt ../Windows/Certs/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/GiantRootCA.crt ../Windows/Certs/CFCA_*.crt  ../Windows/Certs/UCA_*.crt  ../Windows/Certs/[Suspicious]GoAgent_CA.crt`
-    EE_CERTS=`ls ../Windows/Certs/\[Fake\]*.crt`
+    CA_CERTS=`ls ../Windows/Certs/Online/CNNIC_*.crt ../Windows/Certs/Online/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/Online/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/Online/GiantRootCA.crt ../Windows/Certs/Online/CFCA_*.crt  ../Windows/Certs/Online/UCA_*.crt  ../Windows/Certs/Online/[Suspicious]GoAgent_CA.crt`
+    EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt`
 elif [ ${1:-extended} = 'restore' ];then
     echo "Generating RESTORE CRL set"
     CA_CERTS=''
     EE_CERTS=''
 else
     echo "Generating Basic CRL set"
-    CA_CERTS=`ls ../Windows/Certs/CNNIC_*.crt ../Windows/Certs/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/GiantRootCA.crt`
-    EE_CERTS=`ls ../Windows/Certs/\[Fake\]*.crt`
+    CA_CERTS=`ls ../Windows/Certs/Online/CNNIC_*.crt ../Windows/Certs/Online/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/Online/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/Online/GiantRootCA.crt`
+    EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt`
 fi
 
 echo "Generating Configurations"

Android/make.sh

+#!/bin/bash
+# This script is used to generate configurations by the author.
+# The generated content is already included in the repo and you should
+# not need to manually run this one.
+
+# remove files
+echo "Purging old files..."
+rm -rf prebuilt
+mkdir prebuilt
+
+echo "Building new configurations"
+for type in `echo all restore extended base`;do
+    mkdir prebuilt/$type
+    bash generate.sh $type
+    cp *_blacklist.txt prebuilt/$type/
+    cp flashable.zip prebuilt/$type/
+    cp rooted.sh prebuilt/$type
+done

Android/prebuilt/all/pubkey_blacklist.txt

+5f3ab33d55007054bc5e3e5553cd8d8465d77c61,783333c9687df63377efceddd82efa9101913e8e,a3ad040e50f50b88d063e35a5c240ba80b9245fe,e3510047fedeb0f181c427ff84c0acf882279ddd,9554dec2b762ff8033b8abe95e580d9c111bad88,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,c206fbd53bba0ceef2d2d2453d0752263a9fe75f,c206fbd53bba0ceef2d2d2453d0752263a9fe75f,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,e4c5745946f0d1047a4c38d64065b2a35d47890b,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,699f1b7ae9b8da18496c608bce4f4eaaf9f0b7aa,3592761947e2907b7ac880f429bf2be66c81511a,8476c303b2e34d57fd0645a7c4315f2dbeaaf0a4,8476c303b2e34d57fd0645a7c4315f2dbeaaf0a4,bb2d75ce172accdf05d9a86d278298889986c891,313f4613292545f326f99ed52f39984851290f4d,55921a5b2e62b0e07b8ba9ae9ffca0f6e656263c,4bd5e15116a2a7eda3a5c7e0ffb187180ec0e3d5,999b76540b4a9c7a35ca8f0f2eaa747a0faec56e,59c4eac320386f231960f00c9a40575e15fcf7fc,8e50b2eaf0918b206ac00ea293e19e56e0a35eb0,9bc82bc98b8b7e0f04e32c98855cd5d2240fd683,338201361c67b6b318e8f5d1d9aaab0366094fec,e167132d8a321df76ef8c4437b0501ffd1326fd8,1385e3b2cfb0acf63bd1c1341323cd1b6874b08b,53b4fcaf73a83f05aada6591db7de0ec2f1eb1f2,91006fb7f72ea6e663728df481d33c3eecc62595,1bcdfe7c5a0832b44f7e533b8f927881c7932dc1,051c6d0c7ca9b0d9b9e50a5bc8f9f5e38348eb78,c8188f7a06a99bf579dd9f8896afd1d91f19bc2a,512f553fc62ace8ab3852d74cade03e78d8d9ef1,01a17a5d694770dcd773ea9161a7cba09cf886c6,2cdd8e7bef3b800169a389712256018a6337f416,1af49f3422fb42ac986d0a59a898d99eac88554a,2b4da71b2b88d19b8b83e66bc088e3847cc67cb7,380a68cc29a7a9c9b1a4ef80a2974e1074041bb5,ae9d8d5e418c1bfbade8f4574dc43758ea628289,8080355e6edde7f01bf7d9d340d9e0ef52c3c1cd,361a7afb69a9add6ba6f295e0aedaeba7fcd4a69,28a4baee613e0ab8158395654e4fcc13c170e3e3,90e241c211418b95b1a9e09c37247e849fe4bea1,f8920be908a9c5d5a0fbf39aaa98a5743749ad9f,ad0e6682a87932e81c8bc594049ed7d0aec958e8,8a534b089bc61c824d694f55d9c902a58c67b661,79ef6f41e89da009aefc1c00289fd3a301fae845,68c76297f5f2e7c3ceea09d195f48971ca7ab97e,d69f981e878991857486449306aa950c8283035f,de87a22419f1c1c39ed12d43dfa740de8372b097,3f89633e2cd86a916895b3af56afa2ed31490e73,f9dae5809fd2d82419aa30c7f903640a55df944f,58f4733635ba21d4d9d63f2dcdec69bcb7d45dde,aeeca8e857e9bf7da296c473c071f8cabc31999f,3f89633e2cd86a916895b3af56afa2ed31490e73,f9dae5809fd2d82419aa30c7f903640a55df944f,58f4733635ba21d4d9d63f2dcdec69bcb7d45dde,aeeca8e857e9bf7da296c473c071f8cabc31999f,

Android/prebuilt/all/rooted.sh

+#!/bin/sh
+
+adb push pubkey_blacklist.txt /sdcard/pubkey_blacklist.txt
+adb push serial_blacklist.txt /sdcard/serial_blacklist.txt
+
+adb shell su -c "cp /sdcard/pubkey_blacklist.txt /data/misc/keychain/pubkey_blacklist.txt"
+adb shell su -c "cp /sdcard/serial_blacklist.txt /data/misc/keychain/serial_blacklist.txt"
+
+echo "Please reboot your phone"

Android/prebuilt/all/serial_blacklist.txt

+827,864,a40fd55e2a14343323a8d407a2255ae8,3,17,f0c1fb04dd2c9ed8f94f0820591e72ad,29,6497d09c3bbc9baf857ed3c29a31d1ec,2c,27,

Android/prebuilt/base/pubkey_blacklist.txt

+5f3ab33d55007054bc5e3e5553cd8d8465d77c61,783333c9687df63377efceddd82efa9101913e8e,bb2d75ce172accdf05d9a86d278298889986c891,55921a5b2e62b0e07b8ba9ae9ffca0f6e656263c,4bd5e15116a2a7eda3a5c7e0ffb187180ec0e3d5,1bcdfe7c5a0832b44f7e533b8f927881c7932dc1,8080355e6edde7f01bf7d9d340d9e0ef52c3c1cd,

Android/prebuilt/base/rooted.sh

+#!/bin/sh
+
+adb push pubkey_blacklist.txt /sdcard/pubkey_blacklist.txt
+adb push serial_blacklist.txt /sdcard/serial_blacklist.txt
+
+adb shell su -c "cp /sdcard/pubkey_blacklist.txt /data/misc/keychain/pubkey_blacklist.txt"
+adb shell su -c "cp /sdcard/serial_blacklist.txt /data/misc/keychain/serial_blacklist.txt"
+
+echo "Please reboot your phone"

Android/prebuilt/base/serial_blacklist.txt

+827,864,a40fd55e2a14343323a8d407a2255ae8,3,17,f0c1fb04dd2c9ed8f94f0820591e72ad,29,6497d09c3bbc9baf857ed3c29a31d1ec,2c,27,

Android/prebuilt/extended/pubkey_blacklist.txt

+5f3ab33d55007054bc5e3e5553cd8d8465d77c61,783333c9687df63377efceddd82efa9101913e8e,3592761947e2907b7ac880f429bf2be66c81511a,8476c303b2e34d57fd0645a7c4315f2dbeaaf0a4,8476c303b2e34d57fd0645a7c4315f2dbeaaf0a4,bb2d75ce172accdf05d9a86d278298889986c891,55921a5b2e62b0e07b8ba9ae9ffca0f6e656263c,4bd5e15116a2a7eda3a5c7e0ffb187180ec0e3d5,1bcdfe7c5a0832b44f7e533b8f927881c7932dc1,ae9d8d5e418c1bfbade8f4574dc43758ea628289,8080355e6edde7f01bf7d9d340d9e0ef52c3c1cd,79ef6f41e89da009aefc1c00289fd3a301fae845,68c76297f5f2e7c3ceea09d195f48971ca7ab97e,d69f981e878991857486449306aa950c8283035f,de87a22419f1c1c39ed12d43dfa740de8372b097,

Android/prebuilt/extended/rooted.sh

+#!/bin/sh
+
+adb push pubkey_blacklist.txt /sdcard/pubkey_blacklist.txt
+adb push serial_blacklist.txt /sdcard/serial_blacklist.txt
+
+adb shell su -c "cp /sdcard/pubkey_blacklist.txt /data/misc/keychain/pubkey_blacklist.txt"
+adb shell su -c "cp /sdcard/serial_blacklist.txt /data/misc/keychain/serial_blacklist.txt"
+
+echo "Please reboot your phone"

Android/prebuilt/extended/serial_blacklist.txt

+827,864,a40fd55e2a14343323a8d407a2255ae8,3,17,f0c1fb04dd2c9ed8f94f0820591e72ad,29,6497d09c3bbc9baf857ed3c29a31d1ec,2c,27,