From 91ae85d6e060eeae5e088fe3c8e3254dec4252be Mon Sep 17 00:00:00 2001 From: firdausmntp Date: Thu, 16 Apr 2026 12:14:52 +0700 Subject: [PATCH] v1.0 - Initial release: ProxyPin Certificate Installer --- .github/workflows/build.yml | 170 +++++++++ .gitignore | 52 ++- CHANGELOG.md | 22 ++ README.md | 208 ++++++++++- action.sh | 137 +++++++ customize.sh | 215 ++++++++++- module.prop | 17 +- post-fs-data.sh | 196 +++++++--- service.sh | 116 ++++++ uninstall.sh | 56 +++ update.json | 6 + webroot/index.html | 727 ++++++++++++++++++++++++++++++++++++ 12 files changed, 1826 insertions(+), 96 deletions(-) create mode 100644 .github/workflows/build.yml create mode 100644 CHANGELOG.md create mode 100644 action.sh create mode 100644 service.sh create mode 100644 uninstall.sh create mode 100644 update.json create mode 100644 webroot/index.html diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..1d8bb73 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,170 @@ +name: Build and Release Module + +on: + push: + branches: [ main, master ] + tags: + - 'v*' + pull_request: + branches: [ main, master ] + workflow_dispatch: + +env: + MODULE_ID: proxypin-cert-installer + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Get version info + id: version + run: | + VERSION=$(grep 'version=' module.prop | cut -d'=' -f2) + VERSION_CODE=$(grep 'versionCode=' module.prop | cut -d'=' -f2) + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "version_code=$VERSION_CODE" >> $GITHUB_OUTPUT + + - name: Validate module structure + run: | + echo "๐Ÿ” Validating module structure..." + + # Check required files + required_files=("module.prop" "customize.sh" "post-fs-data.sh" "service.sh" "action.sh" "uninstall.sh" "META-INF/com/google/android/update-binary" "META-INF/com/google/android/updater-script") + for file in "${required_files[@]}"; do + if [ ! -f "$file" ]; then + echo "โŒ Missing required file: $file" + exit 1 + fi + echo "โœ… Found: $file" + done + + # Check certificate directory exists + if [ ! -d "system/etc/security/cacerts" ]; then + echo "โŒ Missing certificate directory" + exit 1 + fi + echo "โœ… Certificate directory exists" + + # Check certificate exists + if [ ! -f "system/etc/security/cacerts/243f0bfb.0" ]; then + echo "โš ๏ธ Warning: ProxyPin certificate not found" + fi + + echo "โœ… Module structure validated!" + + - name: Make scripts executable + run: | + chmod +x post-fs-data.sh + chmod +x service.sh + chmod +x customize.sh + chmod +x action.sh + chmod +x uninstall.sh + chmod +x META-INF/com/google/android/update-binary + + - name: Build module ZIP + run: | + MODULE_NAME="ProxyPin-Cert-Installer-${{ steps.version.outputs.version }}" + + echo "๐Ÿ“ฆ Building $MODULE_NAME.zip..." + + # Create zip with only required files + zip -r9 "${MODULE_NAME}.zip" \ + module.prop \ + customize.sh \ + post-fs-data.sh \ + service.sh \ + action.sh \ + uninstall.sh \ + update.json \ + META-INF/ \ + system/ \ + webroot/ + + echo "โœ… Module built: ${MODULE_NAME}.zip" + echo "module_zip=${MODULE_NAME}.zip" >> $GITHUB_ENV + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: proxypin-cert-installer-${{ steps.version.outputs.version }} + path: ${{ env.module_zip }} + retention-days: 30 + + release: + needs: build + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/v') + + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Get version info + id: version + run: | + VERSION=$(grep 'version=' module.prop | cut -d'=' -f2) + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Make scripts executable + run: | + chmod +x post-fs-data.sh + chmod +x service.sh + chmod +x customize.sh + chmod +x action.sh + chmod +x uninstall.sh + chmod +x META-INF/com/google/android/update-binary + + - name: Build release ZIP + run: | + MODULE_NAME="ProxyPin-Cert-Installer-${{ steps.version.outputs.version }}" + + zip -r9 "${MODULE_NAME}.zip" \ + module.prop \ + customize.sh \ + post-fs-data.sh \ + service.sh \ + action.sh \ + uninstall.sh \ + update.json \ + META-INF/ \ + system/ \ + webroot/ + + echo "module_zip=${MODULE_NAME}.zip" >> $GITHUB_ENV + + - name: Generate changelog + id: changelog + run: | + echo "## ProxyPin Certificate Installer ${{ steps.version.outputs.version }}" > RELEASE_NOTES.md + echo "" >> RELEASE_NOTES.md + echo "**Author:** [firdausmntp](https://github.com/firdausmntp)" >> RELEASE_NOTES.md + echo "" >> RELEASE_NOTES.md + echo "### Features" >> RELEASE_NOTES.md + echo "- โœ… Universal root support (Magisk/KernelSU/SukiSU/APatch)" >> RELEASE_NOTES.md + echo "- โœ… Android 5.0 - 16 (API 21-36) support" >> RELEASE_NOTES.md + echo "- โœ… **APEX CA bypass for Android 14+**" >> RELEASE_NOTES.md + echo "- โœ… WebUI for status monitoring" >> RELEASE_NOTES.md + echo "- โœ… ProxyPin certificate pre-included" >> RELEASE_NOTES.md + echo "- โœ… SELinux enforcing compatible" >> RELEASE_NOTES.md + echo "" >> RELEASE_NOTES.md + echo "### Installation" >> RELEASE_NOTES.md + echo "1. Download the ZIP file below" >> RELEASE_NOTES.md + echo "2. Install via Magisk/KernelSU/SukiSU/APatch Manager" >> RELEASE_NOTES.md + echo "3. Reboot device" >> RELEASE_NOTES.md + echo "" >> RELEASE_NOTES.md + echo "### Important for Android 14+" >> RELEASE_NOTES.md + echo "This module includes APEX bypass to inject certificates into \`com.android.conscrypt\` APEX." >> RELEASE_NOTES.md + echo "If ProxyPin shows 'Certificate Not Installed', check logs at \`/data/local/tmp/ProxyPinCert.log\`" >> RELEASE_NOTES.md + + - name: Create Release + uses: softprops/action-gh-release@v1 + with: + files: ${{ env.module_zip }} + body_path: RELEASE_NOTES.md diff --git a/.gitignore b/.gitignore index ef155b1..7d387dd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,17 +1,39 @@ -# Miscellaneous -*.class +# Build artifacts +*.zip +*.tar.gz +build/ +dist/ +_build_temp/ + +# Build scripts (personal use only) +build.py +build.sh +build.bat + +# Logs *.log -*.pyc -*.swp -.DS_Store -.atom/ -.buildlog/ -.history -.svn/ -migrate_working_dir/ -Podfile.lock -# IntelliJ related -*.iml -*.ipr -*.iws +ProxyPinCert.log +ProxyPinCA.log + +# IDE .idea/ +.vscode/ +*.swp +*.swo +*~ + +# OS +.DS_Store +Thumbs.db +desktop.ini +ehthumbs.db + +# Temp +*.tmp +*.temp +*.bak + +# Python +__pycache__/ +*.pyc +*.pyo diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..154cc48 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,22 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +## [v1.0] - 2026-04-16 + +### Added +- Initial release +- ProxyPin CA certificate (`243f0bfb.0`) pre-included in module +- Install certificate to System CA Store automatically +- Multi-root support: Magisk, KernelSU, SukiSU, APatch +- Android 5.0 - 15+ (API 21-36) compatibility +- APEX CA bypass for Android 14+ (conscrypt module injection) +- Namespace injection into zygote processes +- Dynamic re-injection via service script after boot +- Per-process mount for all app processes +- WebUI for status monitoring (APEX status, logs, reboot) +- Action button handler for root managers +- SELinux enforcing compatible +- Comprehensive logging to `/data/local/tmp/ProxyPinCert.log` +- Uninstall cleanup script (unmount APEX, remove temp files) +- GitHub Actions CI/CD for automated builds and releases diff --git a/README.md b/README.md index b40a191..2e4f143 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,204 @@ -# ProxyPin Certificate -่ฟ™ๆ˜ฏไธ€ไธช Magisk ๆจกๅ— ็”จไบŽๅฎ‰่ฃ…ProxyPin็ณป็ปŸ่ฏไนฆ, ๅฎ‰่ฃ…ๅฎŒๅŽ้œ€่ฆ้‡ๅฏๆ‰‹ๆœบ. +# ๐Ÿ“ฑ ProxyPin Certificate Installer -ๆŠ“ๅŒ…ไธ‹่ฝฝๅœฐๅ€ -https://github.com/wanghongenpin/network_proxy_flutter +

+ Version + Android + License +

-ๅฎ‰่ฃ…่ฏไนฆไธๆˆๅŠŸๅฏๅฐ่ฏ•ๅ…ถไป–ๆจกๅ— -ๅฆ‚: https://github.com/ys1231/MoveCertificate +

+ Magisk + KernelSU + SukiSU + APatch +

+ +

+ ๐Ÿ“ฑ Install ProxyPin CA Certificate to System CA Store
+ Tested on Android 15 with SukiSU v40201 +

+ +--- + +## ๐Ÿ“‹ Description + +This Magisk/KernelSU/APatch module installs the **ProxyPin CA Certificate** (`243f0bfb.0`) into the Android System CA Store, enabling HTTPS traffic interception with the [ProxyPin](https://github.com/wanghongenpin/network_proxy_flutter) app. + +> โœ… **Certificate is pre-included** in this module. Just install, reboot, and you're done! + +--- + +## โœจ Key Features + +| Feature | Description | +|---------|-------------| +| ๐Ÿ”ง **Multi-Root Support** | Works with Magisk, KernelSU, SukiSU, APatch | +| ๐Ÿ“ฑ **Wide Android Support** | Android 5.0 - 15 (API 21-35) | +| ๐Ÿ”“ **APEX Bypass** | Proper injection for Android 14+ conscrypt APEX | +| ๐Ÿ–ฅ๏ธ **WebUI Interface** | Monitor status and manage module visually | +| ๐Ÿ›ก๏ธ **SELinux Compatible** | Works with SELinux enforcing | +| ๐Ÿ’พ **Systemless** | Does not modify /system partition | +| ๐Ÿ“ฆ **Pre-included Cert** | Certificate `243f0bfb.0` included, no manual steps | + +--- + +## ๐Ÿ“ฑ Tested Compatibility + +### โœ… Verified Working + +| Device | Android | Root | Status | +|--------|---------|------|--------| +| Redmi Note 8 Pro | 15 (API 35) | SukiSU v40201 | โœ… **Tested** | + +### Root Solutions Support + +| Solution | Status | Notes | +|----------|--------|-------| +| **SukiSU** | โœ… Tested | Fully working with WebUI | +| **KernelSU** | โœ… Supported | With WebUI support | +| **Magisk** | โœ… Supported | v20.4+ required | +| **APatch** | โœ… Supported | v10300+ required | + +### Android Versions + +| Version | API | Status | +|---------|-----|--------| +| Android 5.0 - 13 | 21-33 | โœ… Standard Magic Mount | +| Android 14 | 34 | โœ… APEX Bypass | +| Android 15 | 35 | โœ… APEX Bypass (Tested) | + +--- + +## ๐Ÿš€ Quick Start + +### Step 1: Install Module + +1. Download `ProxyPin-Cert-Installer-v1.0.zip` +2. Install via **Magisk/KernelSU/SukiSU/APatch** Manager +3. **Reboot** device + +### Step 2: Verify + +1. Go to **Settings** โ†’ **Security** โ†’ **Trusted credentials** โ†’ **System** +2. Look for **ProxyPin CA** certificate +3. Open ProxyPin and start capturing + +> ๐Ÿ’ก The certificate (`243f0bfb.0`) is already pre-included in the module. No export or manual copy needed. + +--- + +## ๐Ÿ–ฅ๏ธ WebUI Features + +Access WebUI through your root manager's module settings: + +| Feature | Description | +|---------|-------------| +| ๐Ÿ“Š **Status Monitor** | View module and APEX injection status | +| ๐Ÿ’‰ **Re-inject** | Manually trigger certificate injection | +| ๐Ÿ“‹ **View Logs** | Check module operation logs | +| ๐Ÿ”„ **Reboot** | Quick reboot to apply changes | + +--- + +## ๐Ÿ”ง Android 14+ APEX Bypass + +Starting Android 14, CA certificates moved to APEX module (`com.android.conscrypt`). + +This module implements: +- **Namespace Injection** - Mounts into zygote namespaces +- **Dynamic Re-injection** - Service script reinjects after boot +- **Per-process Mount** - All app processes see the certificate + +### Verify Injection +```bash +# Check if certificate is in APEX +ls /apex/com.android.conscrypt/cacerts/*.0 | head -5 + +# View module logs +cat /data/local/tmp/ProxyPinCert.log +``` + +--- + +## โš ๏ธ Troubleshooting + +### "Certificate Not Installed" in ProxyPin + +```bash +# 1. Check logs +cat /data/local/tmp/ProxyPinCert.log + +# 2. Manual re-inject +su -c "sh /data/adb/modules/proxypin-cert-installer/post-fs-data.sh" + +# 3. Force stop and reopen ProxyPin +``` + +### "Unknown Publisher" Error + +- **SukiSU/KernelSU**: Settings โ†’ Enable "Allow untrusted modules" +- **APatch**: Settings โ†’ Security โ†’ Enable "Allow unknown sources" + +### WebUI Not Loading + +1. Ensure `webroot/index.html` exists in module +2. Check if root manager supports WebUI +3. Try reinstalling module + +--- + +## ๐Ÿ“ Module Structure + +``` +proxypin-cert-installer/ +โ”œโ”€โ”€ META-INF/com/google/android/ +โ”‚ โ”œโ”€โ”€ update-binary +โ”‚ โ””โ”€โ”€ updater-script +โ”œโ”€โ”€ system/etc/security/cacerts/ +โ”‚ โ””โ”€โ”€ 243f0bfb.0 # ProxyPin CA cert (pre-included) +โ”œโ”€โ”€ webroot/ +โ”‚ โ””โ”€โ”€ index.html # WebUI +โ”œโ”€โ”€ module.prop +โ”œโ”€โ”€ customize.sh # Installation script +โ”œโ”€โ”€ post-fs-data.sh # APEX injection +โ”œโ”€โ”€ service.sh # Post-boot injection +โ”œโ”€โ”€ action.sh # Action button handler +โ””โ”€โ”€ uninstall.sh # Cleanup script +``` + +--- + +## ๐Ÿ“ Changelog + +### v1.0 (Current) +- โœ… Initial release +- โœ… Certificate pre-included (`243f0bfb.0`) +- โœ… Multi-root support (Magisk/KernelSU/SukiSU/APatch) +- โœ… Android 5.0-15+ support +- โœ… APEX CA bypass for Android 14+ +- โœ… WebUI for status monitoring +- โœ… SELinux enforcing compatible +- โœ… GitHub Actions CI/CD + +## ๐Ÿ“„ License + +GPL-3.0 License - See [LICENSE](LICENSE) for details. + +--- + +## ๐Ÿ™ Credits + +- **[firdausmntp](https://github.com/firdausmntp)** - Author & Maintainer +- [wanghongenpin](https://github.com/wanghongenpin/network_proxy_flutter) - ProxyPin App +- [topjohnwu](https://github.com/topjohnwu) - Magisk Framework +- [tiann](https://github.com/tiann) - KernelSU Framework +- [pomelohan](https://github.com/pomelohan/SukiSU-Ultra) - SukiSU Framework +- [bmax121](https://github.com/bmax121) - APatch Framework + +--- + +## ๐Ÿ”— Links + +[![GitHub](https://img.shields.io/badge/GitHub-Repository-181717?style=for-the-badge&logo=github)](https://github.com/firdausmntp/ProxyPin-cert-installer) +[![Issues](https://img.shields.io/badge/Report-Issues-red?style=for-the-badge&logo=github)](https://github.com/firdausmntp/ProxyPin-cert-installer/issues) +[![ProxyPin](https://img.shields.io/badge/ProxyPin-Website-blue?style=for-the-badge)](https://github.com/wanghongenpin/network_proxy_flutter) diff --git a/action.sh b/action.sh new file mode 100644 index 0000000..00ef161 --- /dev/null +++ b/action.sh @@ -0,0 +1,137 @@ +# This script runs when user presses Action button in root manager +MODDIR=${0%/*} +LOG_FILE="/data/local/tmp/ProxyPinCert.log" +CERT_DIR="$MODDIR/system/etc/security/cacerts" + +echo "โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—" +echo "โ•‘ ProxyPin Certificate Installer v1.0 โ•‘" +echo "โ•‘ by firdausmntp โ•‘" +echo "โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" +echo "" + +# Get API level +API=$(getprop ro.build.version.sdk) +ANDROID_VERSION=$(getprop ro.build.version.release) +echo "- Android: $ANDROID_VERSION (API $API)" + +# Check certificate using find (more reliable) +CERT_COUNT=$(find "$CERT_DIR" -maxdepth 1 -type f -name "*.0" 2>/dev/null | wc -l) +CERT_COUNT=$(echo "$CERT_COUNT" | tr -d ' ') + +echo "- Certificates in module: $CERT_COUNT" + +if [ "$CERT_COUNT" -eq 0 ] || [ -z "$CERT_COUNT" ]; then + echo "" + echo "โš ๏ธ CERTIFICATE NOT FOUND!" + echo "" + echo "Certificate 243f0bfb.0 is missing." + echo "Try reinstalling the module." + echo "" + exit 1 +fi + +# Show certificate info +echo "" +echo "Certificates:" +find "$CERT_DIR" -maxdepth 1 -type f -name "*.0" 2>/dev/null | while read cert; do + name=$(basename "$cert") + size=$(ls -la "$cert" | awk '{print $5}') + # Try to get certificate subject + subject=$(openssl x509 -in "$cert" -noout -subject 2>/dev/null | sed 's/subject=//g' | head -1) + echo " - $name ($size bytes)" + if [ -n "$subject" ]; then + echo " Subject: $(echo "$subject" | cut -c1-60)..." + fi +done + +# Check system cacerts +echo "" +echo "System CA Store Status:" +SYSTEM_CERT=$(find "$CERT_DIR" -maxdepth 1 -type f -name "*.0" 2>/dev/null | head -1 | xargs basename 2>/dev/null) + +if [ -n "$SYSTEM_CERT" ]; then + if [ -f "/system/etc/security/cacerts/$SYSTEM_CERT" ]; then + echo " โœ“ $SYSTEM_CERT present in /system/etc/security/cacerts" + else + echo " โœ— $SYSTEM_CERT NOT in /system/etc/security/cacerts (Magic Mount may not be active yet)" + fi +fi + +# Check APEX status on Android 14+ +if [ "$API" -ge 34 ]; then + echo "" + echo "Android 14+ APEX Status:" + APEX_DIR="/apex/com.android.conscrypt/cacerts" + + if [ -d "$APEX_DIR" ]; then + find "$CERT_DIR" -maxdepth 1 -type f -name "*.0" 2>/dev/null | while read cert; do + name=$(basename "$cert") + if [ -f "$APEX_DIR/$name" ]; then + echo " โœ“ $name present in APEX" + else + echo " โœ— $name NOT in APEX (needs re-injection or reboot)" + fi + done + + echo "" + APEX_COUNT=$(find "$APEX_DIR" -maxdepth 1 -name "*.0" -type f 2>/dev/null | wc -l) + echo " Total certs in APEX: $APEX_COUNT" + else + echo " APEX CA directory not found" + fi +else + echo "" + echo "Note: Standard Magic Mount is used for Android < 14" +fi + +# Check Trusted Credentials hint +echo "" +echo "๐Ÿ“ฑ How to verify:" +echo " Settings โ†’ Security โ†’ Encryption & credentials" +echo " โ†’ Trusted credentials โ†’ System" +echo " Look for: ProxyPin CA" + +# Option to re-inject +echo "" +echo "โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”" +echo "Options:" +echo " 1. Re-inject certificates (for Android 14+ APEX)" +echo " 2. View logs" +echo " 3. Force reboot" +echo " 4. Exit" +echo "" +read -p "Select option [1-4]: " choice + +case "$choice" in + 1) + echo "" + echo "Running certificate re-injection..." + sh "$MODDIR/service.sh" + echo "" + echo "Done! Please check:" + echo " - Settings โ†’ Security โ†’ Trusted credentials โ†’ System" + echo " - ProxyPin app should detect the certificate" + ;; + 2) + echo "" + echo "=== Recent Logs ===" + tail -50 "$LOG_FILE" 2>/dev/null || echo "No logs found" + ;; + 3) + echo "" + echo "Rebooting device..." + reboot + ;; + 4) + echo "Goodbye!" + ;; + *) + echo "Invalid option" + ;; +esac + +if [ "$KSU" = "true" ] || [ "$APATCH" = "true" ]; then + echo "" + echo "Dialog will close in 10 seconds..." + sleep 10 +fi diff --git a/customize.sh b/customize.sh index e591c53..ccde67a 100644 --- a/customize.sh +++ b/customize.sh @@ -1,17 +1,214 @@ -#!/system/bin/sh - +# Android 5.0 - 16 (API 21-36) compatible SKIPUNZIP=0 -ASH_STANDALONE=0 +################# +# Helper Functions +################# -ui_print "ๅผ€ๅง‹ๅฎ‰่ฃ…ๆจกๅ—" +print_banner() { + ui_print "โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—" + ui_print "โ•‘ ProxyPin Certificate Installer v1.0 โ•‘" + ui_print "โ•‘ by firdausmntp โ•‘" + ui_print "โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + ui_print "" +} -ui_print "ๆๅ–ๆจกๅ—่ฏไนฆ" +detect_root_solution() { + if [ "$KSU" = "true" ]; then + # Check for SukiSU specifically + if [ -f /data/adb/ksu/bin/ksud ]; then + if strings /data/adb/ksu/bin/ksud 2>/dev/null | grep -qi "sukisu"; then + ROOT_IMPL="SukiSU" + else + ROOT_IMPL="KernelSU" + fi + else + ROOT_IMPL="KernelSU" + fi + ROOT_VER="$KSU_VER" + ROOT_VER_CODE="$KSU_VER_CODE" + elif [ "$APATCH" = "true" ]; then + ROOT_IMPL="APatch" + ROOT_VER="$APATCH_VER" + ROOT_VER_CODE="$APATCH_VER_CODE" + else + ROOT_IMPL="Magisk" + ROOT_VER="$MAGISK_VER" + ROOT_VER_CODE="$MAGISK_VER_CODE" + fi +} -unzip -o "$ZIPFILE" 'system/*' -d $MODPATH >&2 +################# +# Compatibility Check +################# -ui_print "ๅฎ‰่ฃ…ๆˆๅŠŸ,้‡ๅฏๆ‰‹ๆœบๅŽๅŽป็ณป็ปŸ่ฏไนฆๆŸฅ็œ‹ProxyPinCAๆ˜ฏๅฆ็”Ÿๆ•ˆ." +check_compatibility() { + # Check API level + API=$(getprop ro.build.version.sdk) + [ -z "$API" ] && API=21 -ui_print " " + if [ "$API" -lt 21 ]; then + abort "! ERROR: Minimum Android 5.0 (API 21) required!" + fi -set_perm_recursive $MODPATH 0 0 0755 0644 \ No newline at end of file + if [ "$API" -gt 36 ]; then + ui_print "! WARNING: Untested Android version (API $API)" + ui_print " Proceeding anyway..." + fi + + # Root solution version checks + case "$ROOT_IMPL" in + "Magisk") + [ "$ROOT_VER_CODE" -lt 20400 ] && abort "! ERROR: Magisk v20.4+ required!" + ;; + "KernelSU"|"SukiSU") + if [ "$ROOT_VER_CODE" -lt 10000 ]; then + ui_print "! WARNING: Old $ROOT_IMPL version" + fi + ;; + "APatch") + if [ "$ROOT_VER_CODE" -lt 10300 ]; then + ui_print "! WARNING: Old APatch version" + fi + ;; + esac +} + +################# +################# + +setup_permissions() { + ui_print "- Setting permissions..." + + # System certificate directory + if [ -d "$MODPATH/system/etc/security/cacerts" ]; then + set_perm_recursive "$MODPATH/system/etc/security/cacerts" 0 0 0755 0644 + fi + + # Scripts + for script in post-fs-data.sh service.sh uninstall.sh action.sh; do + [ -f "$MODPATH/$script" ] && set_perm "$MODPATH/$script" 0 0 0755 + done + + # WebUI + if [ -d "$MODPATH/webroot" ]; then + set_perm_recursive "$MODPATH/webroot" 0 0 0755 0644 + fi +} + +cleanup_certificates() { + ui_print "- Cleaning up non-certificate files..." + + local CERT_DIR="$MODPATH/system/etc/security/cacerts" + + # Remove README.md if exists + if [ -f "$CERT_DIR/README.md" ]; then + rm -f "$CERT_DIR/README.md" + ui_print " Removed README.md" + fi + + # Remove .gitkeep if exists + if [ -f "$CERT_DIR/.gitkeep" ]; then + rm -f "$CERT_DIR/.gitkeep" + ui_print " Removed .gitkeep" + fi + + # Remove any other non-.0 files that might cause issues + for file in "$CERT_DIR"/*; do + if [ -f "$file" ]; then + case "$(basename "$file")" in + *.0) + # Valid certificate, keep it + ;; + *) + # Non-certificate file, remove it + rm -f "$file" + ui_print " Removed $(basename "$file")" + ;; + esac + fi + done +} + +check_certificate() { + local cert_dir="$MODPATH/system/etc/security/cacerts" + local cert_count=$(find "$cert_dir" -maxdepth 1 -type f -name "*.0" 2>/dev/null | wc -l) + cert_count=$(echo "$cert_count" | tr -d ' ') # Remove whitespace + + if [ "$cert_count" -eq 0 ] || [ -z "$cert_count" ]; then + ui_print "" + ui_print "โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—" + ui_print "โ•‘ โš ๏ธ CERTIFICATE NOT FOUND! โ•‘" + ui_print "โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + ui_print "" + ui_print "! Certificate 243f0bfb.0 was not extracted." + ui_print "! Try reinstalling the module." + ui_print "" + else + ui_print "โœ“ Found $cert_count certificate(s)" + # List certificates + find "$cert_dir" -maxdepth 1 -type f -name "*.0" 2>/dev/null | while read cert; do + ui_print " - $(basename "$cert")" + done + fi +} + +setup_android14_plus() { + API=$(getprop ro.build.version.sdk) + + if [ "$API" -ge 34 ]; then + ui_print "- Android 14+ detected (API $API)" + ui_print "- APEX CA bypass will be configured" + + # Ensure scripts are properly configured for APEX + chmod 0755 "$MODPATH/post-fs-data.sh" 2>/dev/null + chmod 0755 "$MODPATH/service.sh" 2>/dev/null + fi +} + +print_summary() { + ui_print "" + ui_print "โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—" + ui_print "โ•‘ โœ“ Installation Complete! โ•‘" + ui_print "โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" + ui_print "" + ui_print " Root Solution: $ROOT_IMPL ($ROOT_VER)" + ui_print " Android API: $API" + ui_print "" + ui_print " โšก Actions:" + ui_print " โ€ข Reboot your device" + ui_print " โ€ข Check: Settings โ†’ Security โ†’ Trusted credentials" + ui_print "" + + if [ "$API" -ge 34 ]; then + ui_print " ๐Ÿ“ฑ Android 14+ Notes:" + ui_print " โ€ข APEX bypass runs automatically" + ui_print " โ€ข Check ProxyPin after reboot" + ui_print "" + fi + + ui_print " ๐Ÿ“‹ Logs: /data/local/tmp/ProxyPinCert.log" + ui_print "" + +# Installation + ui_print " GitHub: https://github.com/firdausmntp/ProxyPin-cert-installer" + ui_print "" +} + +################# +# Main +################# + +print_banner +detect_root_solution + +ui_print "- Detected: $ROOT_IMPL" +ui_print "- Version: $ROOT_VER (code: $ROOT_VER_CODE)" +ui_print "" + +check_compatibility +setup_permissions +cleanup_certificates +check_certificate +setup_android14_plus +print_summary \ No newline at end of file diff --git a/module.prop b/module.prop index 46e4646..efd0366 100644 --- a/module.prop +++ b/module.prop @@ -1,6 +1,11 @@ -id=ProxyPinCA -name=ProxyPinCA -version=1.2.0 -versionCode=3 -author=ProxyPin -description=ProxyPin certificate. +id=proxypin-cert-installer +name=ProxyPin Certificate Installer +version=v1.0 +versionCode=1 +author=firdausmntp +description=Install ProxyPin CA certificate to System CA Store. Supports Magisk/KernelSU/SukiSU/APatch. Android 5.0-15 compatible with APEX bypass for Android 14+. +updateJson=https://raw.githubusercontent.com/firdausmntp/ProxyPin-cert-installer/main/update.json +support=https://github.com/firdausmntp/ProxyPin-cert-installer +donate=https://github.com/sponsors/firdausmntp +minApi=21 +maxApi=36 diff --git a/post-fs-data.sh b/post-fs-data.sh index daf52d0..45d0548 100644 --- a/post-fs-data.sh +++ b/post-fs-data.sh @@ -1,70 +1,146 @@ #!/system/bin/sh - - -exec > /data/local/tmp/ProxyPinCA.log -exec 2>&1 - -#set -x +# ProxyPin Certificate Installer - Post-fs-data Script +# Author: firdausmntp +# GitHub: https://github.com/firdausmntp/ProxyPin-cert-installer +# +# Android 14+ APEX Bypass - Aggressive Implementation MODDIR=${0%/*} +LOG_FILE="/data/local/tmp/ProxyPinCert.log" +CERT_DIR="${MODDIR}/system/etc/security/cacerts" +TEMP_DIR="/data/local/tmp/proxypin-apex-ca" -set_context() { - [ "$(getenforce)" = "Enforcing" ] || return 0 +# Initialize logging +mkdir -p /data/local/tmp 2>/dev/null +echo "" > "$LOG_FILE" - default_selinux_context=u:object_r:system_file:s0 - selinux_context=$(ls -Zd $1 | awk '{print $1}') - - if [ -n "$selinux_context" ] && [ "$selinux_context" != "?" ]; then - chcon -R $selinux_context $2 - else - chcon -R $default_selinux_context $2 - fi +log() { + echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" >> "$LOG_FILE" } -#LOG_PATH="/data/local/tmp/ProxyPinCA.log" -echo "[$(date +%F) $(date +%T)] - ProxyPinCA post-fs-data.sh start." -chown -R 0:0 ${MODDIR}/system/etc/security/cacerts -if [ -d /apex/com.android.conscrypt/cacerts ]; then - # ๆฃ€ๆต‹ๅˆฐ android 14 ไปฅไธŠ๏ผŒๅญ˜ๅœจ่ฏฅ่ฏไนฆ็›ฎๅฝ• - CERT_HASH=243f0bfb +log "โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—" +log "โ•‘ ProxyPin Certificate Installer v1.0 โ•‘" +log "โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" +log "" +log "Post-fs-data started" +log "Module: $MODDIR" - CERT_FILE=${MODDIR}/system/etc/security/cacerts/${CERT_HASH}.0 - echo "[$(date +%F) $(date +%T)] - CERT_FILE: ${CERT_FILE}" - if ! [ -e "${CERT_FILE}" ]; then - echo "[$(date +%F) $(date +%T)] - ProxyPinCA certificate not found." - exit 0 - fi +API=$(getprop ro.build.version.sdk) +ANDROID_VERSION=$(getprop ro.build.version.release) +log "Android: $ANDROID_VERSION (API $API)" - TEMP_DIR=/data/local/tmp/cacerts-copy - rm -rf "$TEMP_DIR" - mkdir -p -m 700 "$TEMP_DIR" - mount -t tmpfs tmpfs "$TEMP_DIR" - - # ๅคๅˆถ่ฏไนฆๅˆฐไธดๆ—ถ็›ฎๅฝ• - cp -f /apex/com.android.conscrypt/cacerts/* "$TEMP_DIR" - cp -f $CERT_FILE "$TEMP_DIR" - - chown -R 0:0 "$TEMP_DIR" - set_context /apex/com.android.conscrypt/cacerts "$TEMP_DIR" - - # ๆฃ€ๆŸฅๆ–ฐ่ฏไนฆๆ˜ฏๅฆๆˆๅŠŸๆทปๅŠ  - CERTS_NUM="$(ls -1 "$TEMP_DIR" | wc -l)" - if [ "$CERTS_NUM" -gt 10 ]; then - mount -o bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts - for pid in 1 $(pgrep zygote) $(pgrep zygote64); do - nsenter --mount=/proc/${pid}/ns/mnt -- \ - mount --bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts - done - echo "[$(date +%F) $(date +%T)] - Mount success!" - else - echo "[$(date +%F) $(date +%T)] - Mount failed!" - fi - - # ๅธ่ฝฝไธดๆ—ถ็›ฎๅฝ• - umount "$TEMP_DIR" - rmdir "$TEMP_DIR" +# Detect root +if [ "$KSU" = "true" ]; then + log "Root: KernelSU/SukiSU (v$KSU_VER_CODE)" +elif [ "$APATCH" = "true" ]; then + log "Root: APatch (v$APATCH_VER_CODE)" else - echo "[$(date +%F) $(date +%T)] - Android version lower than 14 detected" - set_context /system/etc/security/cacerts ${MODDIR}/system/etc/security/cacerts - echo "[$(date +%F) $(date +%T)] - Mount success!" -fi \ No newline at end of file + log "Root: Magisk/Other" +fi + +# Find our certificate +CERT_FILE=$(find "$CERT_DIR" -maxdepth 1 -type f -name "*.0" 2>/dev/null | head -1) +CERT_NAME=$(basename "$CERT_FILE" 2>/dev/null) + +if [ -z "$CERT_FILE" ] || [ ! -f "$CERT_FILE" ]; then + log "ERROR: No certificate file found in $CERT_DIR" + log "Certificate 243f0bfb.0 is missing. Try reinstalling the module." + exit 0 +fi + +log "Certificate: $CERT_NAME" + +# For Android < 14, Magic Mount handles it +if [ "$API" -lt 34 ]; then + log "Android < 14: Using Magic Mount" + log "Done!" + exit 0 +fi + +log "" +log "=== Android 14+ APEX Injection ===" + +APEX_CACERTS="/apex/com.android.conscrypt/cacerts" + +if [ ! -d "$APEX_CACERTS" ]; then + log "ERROR: APEX cacerts not found" + exit 1 +fi + +# Prepare temp directory with tmpfs +log "Preparing tmpfs..." +umount "$TEMP_DIR" 2>/dev/null +rm -rf "$TEMP_DIR" 2>/dev/null +mkdir -p "$TEMP_DIR" + +if ! mount -t tmpfs tmpfs "$TEMP_DIR"; then + log "ERROR: Failed to mount tmpfs" + exit 1 +fi + +# Copy existing certs +log "Copying system certificates..." +cp -a "$APEX_CACERTS"/* "$TEMP_DIR/" 2>/dev/null +ORIG_COUNT=$(ls -1 "$TEMP_DIR"/*.0 2>/dev/null | wc -l) +log "System certs: $ORIG_COUNT" + +# Add our certificate +log "Adding: $CERT_NAME" +cp -f "$CERT_FILE" "$TEMP_DIR/$CERT_NAME" + +# Set permissions +chown -R 0:0 "$TEMP_DIR" +chmod 755 "$TEMP_DIR" +chmod 644 "$TEMP_DIR"/* + +# Set SELinux context +APEX_CONTEXT=$(ls -Zd "$APEX_CACERTS" 2>/dev/null | awk '{print $1}') +if [ -n "$APEX_CONTEXT" ] && [ "$APEX_CONTEXT" != "?" ]; then + chcon -R "$APEX_CONTEXT" "$TEMP_DIR" 2>/dev/null + log "SELinux context: $APEX_CONTEXT" +fi + +TOTAL_COUNT=$(ls -1 "$TEMP_DIR"/*.0 2>/dev/null | wc -l) +log "Total certs: $TOTAL_COUNT" + +# Mount to APEX - try multiple approaches +log "" +log "Mounting to APEX..." + +# 1. Global mount +mount --bind "$TEMP_DIR" "$APEX_CACERTS" && log "โœ“ Global mount" + +# 2. Init namespace (PID 1) +nsenter --mount=/proc/1/ns/mnt -- mount --bind "$TEMP_DIR" "$APEX_CACERTS" 2>/dev/null && log "โœ“ Init (PID 1)" + +# 3. Zygote namespaces - critical for apps +for zygote in zygote zygote64; do + PID=$(pidof "$zygote" 2>/dev/null) + if [ -n "$PID" ]; then + nsenter --mount=/proc/$PID/ns/mnt -- mount --bind "$TEMP_DIR" "$APEX_CACERTS" 2>/dev/null && log "โœ“ $zygote (PID $PID)" + fi +done + +# 4. Try all running app processes (aggressive approach for ProxyPin) +log "Mounting for all app processes..." +for pid in $(ls /proc | grep -E '^[0-9]+$'); do + if [ -d "/proc/$pid/ns" ] && [ -r "/proc/$pid/cmdline" ]; then + cmdline=$(cat /proc/$pid/cmdline 2>/dev/null | tr '\0' ' ') + # Only target app processes + if echo "$cmdline" | grep -qE "^(com\.|android\.)" 2>/dev/null; then + nsenter --mount=/proc/$pid/ns/mnt -- mount --bind "$TEMP_DIR" "$APEX_CACERTS" 2>/dev/null + fi + fi +done + +# Verify +log "" +if [ -f "$APEX_CACERTS/$CERT_NAME" ]; then + log "โœ“ SUCCESS: $CERT_NAME is in APEX!" +else + log "โœ— Certificate not visible in APEX (namespace isolation)" +fi + +log "" +log "Post-fs-data completed" +log "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" \ No newline at end of file diff --git a/service.sh b/service.sh new file mode 100644 index 0000000..787bead --- /dev/null +++ b/service.sh @@ -0,0 +1,116 @@ +#!/system/bin/sh +# ProxyPin Certificate Installer - Service Script +# Runs after boot to ensure APEX injection persists for all apps + +MODDIR=${0%/*} +LOG_FILE="/data/local/tmp/ProxyPinCert.log" +CERT_DIR="${MODDIR}/system/etc/security/cacerts" +TEMP_DIR="/data/local/tmp/proxypin-apex-ca" +APEX_CACERTS="/apex/com.android.conscrypt/cacerts" + +log() { + echo "[$(date '+%Y-%m-%d %H:%M:%S')] [service] $1" >> "$LOG_FILE" +} + +log "" +log "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" +log "Service script started" + +API=$(getprop ro.build.version.sdk) +log "Android API: $API" + +# Wait for boot +count=0 +while [ "$(getprop sys.boot_completed)" != "1" ] && [ $count -lt 60 ]; do + sleep 1 + count=$((count + 1)) +done +log "Boot completed (${count}s)" + +# Skip for Android < 14 +if [ "$API" -lt 34 ]; then + log "Android < 14, skipping" + exit 0 +fi + +# Find our cert +CERT_FILE=$(find "$CERT_DIR" -maxdepth 1 -type f -name "*.0" 2>/dev/null | head -1) +CERT_NAME=$(basename "$CERT_FILE" 2>/dev/null) + +if [ -z "$CERT_NAME" ]; then + log "ERROR: No certificate found" + exit 1 +fi + +log "Certificate: $CERT_NAME" + +# Check if already mounted correctly +if [ -f "$APEX_CACERTS/$CERT_NAME" ]; then + log "โœ“ Certificate already in APEX" +else + log "Certificate not in APEX, re-injecting..." + + # Ensure tmpfs is mounted + if ! mountpoint -q "$TEMP_DIR" 2>/dev/null; then + mkdir -p "$TEMP_DIR" + mount -t tmpfs tmpfs "$TEMP_DIR" + cp -a "$APEX_CACERTS"/* "$TEMP_DIR/" 2>/dev/null + cp -f "$CERT_FILE" "$TEMP_DIR/" + chown -R 0:0 "$TEMP_DIR" + chmod 755 "$TEMP_DIR" + chmod 644 "$TEMP_DIR"/* + + APEX_CONTEXT=$(ls -Zd "$APEX_CACERTS" 2>/dev/null | awk '{print $1}') + [ -n "$APEX_CONTEXT" ] && chcon -R "$APEX_CONTEXT" "$TEMP_DIR" 2>/dev/null + fi + + # Mount globally + mount --bind "$TEMP_DIR" "$APEX_CACERTS" 2>/dev/null + nsenter --mount=/proc/1/ns/mnt -- mount --bind "$TEMP_DIR" "$APEX_CACERTS" 2>/dev/null +fi + +# CRITICAL: Mount in all zygote namespaces +# This ensures ALL apps can see the certificate +log "Injecting to zygote namespaces..." + +for zygote in zygote zygote64; do + PID=$(pidof "$zygote" 2>/dev/null) + if [ -n "$PID" ]; then + nsenter --mount=/proc/$PID/ns/mnt -- mount --bind "$TEMP_DIR" "$APEX_CACERTS" 2>/dev/null + log " $zygote (PID $PID)" + fi +done + +# Also inject to Settings app (for Trusted Credentials visibility) +SETTINGS_PID=$(pidof com.android.settings 2>/dev/null) +if [ -n "$SETTINGS_PID" ]; then + nsenter --mount=/proc/$SETTINGS_PID/ns/mnt -- mount --bind "$TEMP_DIR" "$APEX_CACERTS" 2>/dev/null + log " Settings app (PID $SETTINGS_PID)" +fi + +# Inject to ProxyPin if running +PROXYPIN_PID=$(pidof com.proxy.pin 2>/dev/null) +if [ -z "$PROXYPIN_PID" ]; then + # Try alternative package names + PROXYPIN_PID=$(pidof com.network.proxy 2>/dev/null) +fi +if [ -n "$PROXYPIN_PID" ]; then + nsenter --mount=/proc/$PROXYPIN_PID/ns/mnt -- mount --bind "$TEMP_DIR" "$APEX_CACERTS" 2>/dev/null + log " ProxyPin app (PID $PROXYPIN_PID)" +fi + +# Final verification +sleep 2 +if [ -f "$APEX_CACERTS/$CERT_NAME" ]; then + log "โœ“ SUCCESS: Certificate in APEX" +else + log "โœ— Certificate may not be visible to all apps" +fi + +# Count +APEX_COUNT=$(ls -1 "$APEX_CACERTS"/*.0 2>/dev/null | wc -l) +log "APEX certificates: $APEX_COUNT" + +log "" +log "Service completed" +log "โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•" diff --git a/uninstall.sh b/uninstall.sh new file mode 100644 index 0000000..64ce8f8 --- /dev/null +++ b/uninstall.sh @@ -0,0 +1,56 @@ +#!/system/bin/sh +# ProxyPin Certificate Installer - Uninstall Script +# Author: firdausmntp +# GitHub: https://github.com/firdausmntp/ProxyPin-cert-installer + +MODDIR=${0%/*} +LOG_FILE="/data/local/tmp/ProxyPinCert.log" + +log() { + echo "[$(date '+%Y-%m-%d %H:%M:%S')] [uninstall] $1" >> "$LOG_FILE" +} + +log "Uninstall script started" + +# Unmount APEX certificates if mounted +unmount_apex() { + local apex_dir="/apex/com.android.conscrypt/cacerts" + local temp_dir="/data/local/tmp/proxypin-apex-ca" + + # Unmount APEX directory + if mountpoint -q "$apex_dir" 2>/dev/null; then + umount "$apex_dir" 2>/dev/null + log "Unmounted APEX CA directory" + fi + + # Try to unmount in all namespaces + for pid in 1 $(pidof zygote 2>/dev/null) $(pidof zygote64 2>/dev/null); do + if [ -d "/proc/$pid/ns/mnt" ]; then + nsenter --mount=/proc/$pid/ns/mnt -- \ + umount "$apex_dir" 2>/dev/null + fi + done + + # Unmount and remove temp directory + if mountpoint -q "$temp_dir" 2>/dev/null; then + umount "$temp_dir" 2>/dev/null + log "Unmounted temp directory" + fi + rm -rf "$temp_dir" 2>/dev/null +} + +# Cleanup temporary files +cleanup_temp() { + rm -rf /data/local/tmp/apex-ca-copy 2>/dev/null + rm -rf /data/local/tmp/apex-ca-reinject 2>/dev/null + rm -rf /data/local/tmp/proxypin-apex-ca 2>/dev/null + rm -f "$MODDIR/.apex_bypass_needed" 2>/dev/null + log "Cleaned up temporary files" +} + +# Main +unmount_apex +cleanup_temp + +log "Uninstall completed" +log "NOTE: Reboot recommended to fully remove certificate from system" diff --git a/update.json b/update.json new file mode 100644 index 0000000..212a26a --- /dev/null +++ b/update.json @@ -0,0 +1,6 @@ +{ + "version": "v1.0", + "versionCode": 1, + "zipUrl": "https://github.com/firdausmntp/ProxyPin-cert-installer/releases/download/v1.0/ProxyPin-Cert-Installer-v1.0.zip", + "changelog": "v1.0 (2026-04-16)\n- Initial release\n- ProxyPin CA certificate pre-included (243f0bfb.0)\n- Multi-root support (Magisk/KernelSU/SukiSU/APatch)\n- Android 5.0-15+ support\n- APEX CA bypass for Android 14+\n- WebUI for status monitoring\n- SELinux enforcing compatible" +} diff --git a/webroot/index.html b/webroot/index.html new file mode 100644 index 0000000..8603ed7 --- /dev/null +++ b/webroot/index.html @@ -0,0 +1,727 @@ + + + + + + ProxyPin Certificate Manager + + + +
+ + + +
+
+ ProxyPin Cert Manager + v1.0 +
+ + +
+
Status
+
+
+ Module + checking +
+
+ Certificate + checking +
+
+ APEX Injection + checking +
+
+ Android + โ€” +
+
+
+ + +
+
Certificate
+
+
+
๐Ÿ“„
+
Select certificate file
+
.0 / .pem / .crt / .cer
+ +
+
+ โ€” + โ€” + +
+
+ +
+
+ + +
+
Actions
+
+
+
๐Ÿ’‰
+
+
Re-inject Certificate
+
Force APEX namespace injection
+
+ โ€บ +
+
+
๐Ÿ“‹
+
+
View Logs
+
Module operation logs
+
+ โ€บ +
+
+
๐Ÿ”„
+
+
Refresh Status
+
Recheck module and certificate
+
+ โ€บ +
+
+
โป
+
+
Reboot Device
+
Apply pending changes
+
+ โ€บ +
+
+
+
+ +
+ GitHub +  ยท  + ProxyPin +
+
+ + + +