/adguardcert

Magisk module that allows using AdGuard's HTTPS filtering for all apps

Primary LanguageC++

AdGuard Certificate

Based on Move Certificates.

This Magisk module supplements AdGuard for Android and allows installing AdGuard's CA certificate to the System store on rooted devices.

Why could you need it?

AdGuard for Android provides a feature called HTTPS filtering. It allows filtering of encrypted HTTPS traffic on your Android device. This feature requires adding the AdGuard's CA certificate to the list of trusted certificates.

By default, on a non-rooted device only a limited subset of apps (mostly, browsers) trust the CA certificates installed to the User store. The only option to allow filtering of all other apps' traffic is to install the certificate to the System store. Unfortunately, this is only possible on rooted devices.

Usage

  1. Enable HTTPS filtering in AdGuard for Android and save AdGuard's certificate to the User store.
  2. Go to Magisk -> Settings and enable Zygisk.
  3. Download the .zip file from the latest release.
  4. Go to Magisk -> Modules -> Install from storage and select the downloaded .zip file.
  5. Reboot.

If a new version comes out, repeat steps 3-5 to update the module.

The module does its work during the system boot. If your AdGuard certificate changes, you'll have to reboot the device for the new certificate to be copied to the system store.

Illustrated instruction

Open Magisk settings

Enable Zygisk

Go back to Magisk main screen

Open Magisk modules

Install from storage

Select AdGuard certificate module

Reboot the device

Please note that in order for Bromite browser to work properly, you need to set flag "Allow user certificates" in chrome://flags to "Enabled" state.

Bromite setup

Allow user certificates flag

Chrome and Chromium-based browsers

Chrome (and subsequently many other Chromium-based browsers) has recently started requiring CT logs for CA certs found in the System store. This module copies AdGuard's CA certificate from the User store to the System store. It also contains a Zygisk module that reverts any modifications done by Magisk for certain browsers. This way the browsers only find AdGuard's certificate in the User store and don't complain about the missing CT log, while other apps continue to use the same certificate from the System store.

Building

Update git modules:

git submodule init && git submodule update

You'll need an Android SDK with NDK installed (tested with NDK 22 and 23). Run:

ANDROID_HOME=<path-to-android-sdk> ./dist.sh

How to release a new version:

  1. Push a new tag with a name like v*.
  2. A new release will be automatically created.

Advanced

If you prefer to manage your Zygisk denylist yourself, simply remove the Zygisk part of the module:

zip adguardcert-v1.0.zip -d "zygisk/*"