Update

Author: ngorskikh

README.md

@@ -1,25 +1,35 @@
 # Copy Certificates
 
-Based on [Move Certificates](https://github.com/Magisk-Modules-Repo/movecert). Copies certificates
-from the user certificate store to the system store, while also forcing Chrome on the Zygisk
-denylist. This way Chrome still sees the custom certificates in the user store, while other apps see
-them in the system store. Useful since Chrome started requiring CT logs for all certs in the system
-store.
+Based on [Move Certificates](https://github.com/Magisk-Modules-Repo/movecert).
+
+Chrome recently started requiring CT logs for CA certs found in the system store.
+This module copies AdGuard's CA certificate from the user store to the system store.
+It also contains a Zygisk module that "hides" any modifications done by Magisk from
+Chrome's processes. This way Chrome only finds AdGuard's certificate in the user store
+and doesn't complain about the missing CT log, while other apps continue to use the
+same certificate from the system store.
+
+# Usage
+1. Enable HTTPS filtering and save/install AdGuard's certificate to the user store.
+2. Enable Magisk->Settings->Zygisk.
+3. Download the zip file from releases.
+4. Go to Magisk->Modules->Install from storage and select the downloaded zip file.
+5. Reboot.
 
 # Building
 
 Update git modules:
-```
+```shell
 git submodule init && git submodule update
 ```
 
-You'll need Android SDK with NDK v23.1.7779620. Run:
+You'll need an Android SDK with NDK version 23.1.7779620. Run:
 
 ```shell
 ANDROID_SDK=<path-to-android-sdk> ./dist.sh
 ```
 
 If you prefer to manage your Zygisk denylist yourself, simply remove the Zygisk part of the module:
 ```shell
-zip CopyCert-v1.0.zip -d "zygisk/*"
+zip adguardcert-v1.0.zip -d "zygisk/*"
 ```

dist.sh

@@ -30,9 +30,10 @@ curl "${UPDATE_BINARY_URL}" > ./module/META-INF/com/google/android/update-binary
 echo "#MAGISK" > ./module/META-INF/com/google/android/updater-script
 
 VERSION=$(sed -ne "s/version=\(.*\)/\1/gp" ./module/module.prop)
+NAME=$(sed -ne "s/id=\(.*\)/\1/gp" ./module/module.prop)
 
-rm -f CopyCert-${VERSION}.zip
+rm -f ${NAME}-${VERSION}.zip
 (
   cd ./module
-  zip ../CopyCert-${VERSION}.zip -r * -x ".*" "*/.*"
+  zip ../${NAME}-${VERSION}.zip -r * -x ".*" "*/.*"
 )

module/module.prop

@@ -1,6 +1,6 @@
-id=copycert
-name=Copy Certificates
+id=adguardcert
+name=AdGuard Certificate
 version=v1.0
 versionCode=1
 author=AdGuard
-description=Copies certificates from the user certificate store to the system store and forces Chrome on the Zygisk denylist.
+description=Copies AdGuard's CA certificate from the user certificate store to the system store and forces Zygisk unmount procedures for Chrome.

module/post-fs-data.sh

@@ -1,7 +1,11 @@
 #!/system/bin/sh
 MODDIR=${0%/*}
 
-cp -f /data/misc/user/*/cacerts-added/* $MODDIR/system/etc/security/cacerts
+# Android hashes the subject to get the filename, field order is significant
+# AdGuard certificate is /C=EN/O=AdGuard/CN=AdGuard Personal CA
+# The filename is then <hash>.<n> where <n> is an integer
+AG_CERT_HASH=0f4ed297
+cp -f /data/misc/user/*/cacerts-added/${AG_CERT_HASH}.* $MODDIR/system/etc/security/cacerts
 chown -R 0:0 $MODDIR/system/etc/security/cacerts
 
 [ "$(getenforce)" = "Enforcing" ] || exit 0