Thread: Tutorial - update expired certificates on Max 2 and/or add SuperSU
View Single Post
Old 04-15-2026, 08:15 PM   #1
plusz
Addict
plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!plusz is faster than a rolling 'o,' stronger than silent 'e,' and leaps capital 'T' in a single bound!
 
Posts: 388
Karma: 50038
Join Date: Feb 2017
Device: 13.3" Boox Max2, 7" Kobo H2O
Tutorial - update expired certificates on Max 2 and/or add SuperSU
Root certificates embedded with the system expired in 2024. They are stored on readonly system partition, so it's not possible to update them via ADB.

I've successfully updated them using CPU manufacturer tools. In addition I embedded SuperSU in the system image (optional).

Download binaries

I'm using Arch Linux. The `/mnt` directory is empty and unused normally no my system, so I used it temporarily as the place to mount and modify the system image. If you use another dir, modify the script and all commands accordingly.

1. Download the binaries:

Rockchip flash utility:
Code:
git clone https://github.com/rockchip-linux/rkbin.git
SuperSU

Code:
 curl https://supersuroot.org/downloads/SuperSU-v2.82-201705271822.zip -o SuperSU-v2.82-201705271822.zip
Extract the archive.

Prepare script

Create file `embed-supersu.sh`
Code:
echo "Backing up files"
cp -a /mnt/bin/app_process /mnt/bin/app_process_original
cp -a /mnt/bin/app_process32 /mnt/bin/app_process32_original
cp -a /mnt/bin/app_process /mnt/bin/app_process_init

echo "Pushing & chmoding SuperSu.apk"
mkdir /mnt/priv-app/SuperSU
cp common/Superuser.apk /mnt/priv-app/SuperSU/SuperSU.apk
chown -R root:root /mnt/priv-app/SuperSU
chmod 0755 /mnt/priv-app/SuperSU
chmod 0644 /mnt/priv-app/SuperSU/SuperSU.apk

echo "Pushing & chmoding install-recovery"
mv /mnt/bin/install-recovery.sh /mnt/etc/install-recovery-2.sh
cp common/install-recovery.sh /mnt/bin/install-recovery.sh
chmod 0755 /mnt/bin/install-recovery.sh

echo "Pushing & chmoding su"
cp armv7/su /mnt/xbin/su
cp armv7/su /mnt/xbin/daemonsu
cp armv7/su /mnt/xbin/sugote
cp armv7/su /mnt/xbin/sugote-mksh
mkdir /mnt/bin/.ext
cp armv7/su /mnt/bin/.ext/.su
chown root:root /mnt/xbin/su
chown root:root /mnt/xbin/daemonsu
chown root:root /mnt/xbin/sugote
chown root:root /mnt/xbin/sugote-mksh
chown -R root:root /mnt/bin/.ext
chmod 0755 /mnt/xbin/su
chmod 0755 /mnt/xbin/daemonsu
chmod 0755 /mnt/xbin/sugote
chmod 0755 /mnt/xbin/sugote-mksh
chmod 0755 /mnt/bin/.ext
chmod 0755 /mnt/bin/.ext/.su

echo "Pushing & chmoding supolicy & libsupol.so"
cp armv7/supolicy    /mnt/xbin/supolicy
cp armv7/libsupol.so /mnt/lib/libsupol.so
chown root:root /mnt/xbin/supolicy
chown root:root /mnt/lib/libsupol.so
chmod 0755 /mnt/xbin/supolicy
chmod 0644 /mnt/lib/libsupol.so

echo "Symlinking app_process to supersu"
rm /mnt/bin/app_process
rm /mnt/bin/app_process32
cp armv7/su /mnt/bin/app_process
cp armv7/su /mnt/bin/app_process32
chown root:root /mnt/bin/app_process
chown root:root /mnt/bin/app_process32
chmod 0755 /mnt/bin/app_process
chmod 0755 /mnt/bin/app_process32

echo "Finising"
touch /mnt/etc/.installed_su_daemon
chmod 0644 /mnt/etc/.installed_su_daemon

echo "Apply SELinux labels"
chcon u:object_r:system_file:s0 /mnt/priv-app/SuperSU
chcon u:object_r:system_file:s0 /mnt/priv-app/SuperSU/SuperSU.apk
chcon u:object_r:install_recovery_exec:s0 /mnt/bin/install-recovery.sh
chcon u:object_r:system_file:s0 /mnt/xbin/su
chcon u:object_r:system_file:s0 /mnt/xbin/daemonsu
chcon u:object_r:system_file:s0 /mnt/xbin/sugote
chcon u:object_r:system_file:s0 /mnt/xbin/sugote-mksh
chcon u:object_r:system_file:s0 /mnt/bin/.ext
chcon u:object_r:system_file:s0 /mnt/bin/.ext/.su
chcon u:object_r:system_file:s0 /mnt/xbin/supolicy
chcon u:object_r:system_file:s0 /mnt/lib/libsupol.so
chcon u:object_r:zygote_exec:s0 /mnt/bin/app_process
chcon u:object_r:zygote_exec:s0 /mnt/bin/app_process32
chcon u:object_r:system_file:s0 /mnt/etc/.installed_su_daemon
Give it run permission:
Code:
chmod 777 embed-supersu.sh
Create file `update-certificates.sh`
Code:
echo "update system root certificates"
cp -v /etc/ssl/certs/*.0 /mnt/etc/security/cacerts/
chcon u:object_r:system_file:s0 /mnt/etc/security/cacerts/*.0
Give it run permission:
Code:
chmod 777 update-certificates.sh
Note: Android stores certificates in PEM format with name {HASH}.0. If your distro doesn't have them in the same format search how to prepare them from other certificate bundles.

Install

Poweroff your max2 (unplug from PC if attached). Press and hold back key, at the same time plug in usb cable. The device should start in in rockusb mode. You'll see the light, also can confirm this by looking at kernel messages `sudo dmesg`
Code:
# dmesg message when connecting 'normal' andridProduct=320aoid usb debugging
[254313.514114] usb 3-1: Product: Max2
[254313.514116] usb 3-1: Manufacturer: Onyx
[254313.514118] usb 3-1: SerialNumber: 0123456789ABCDEF
[254319.176904] usb 3-1: reset high-speed USB device number 14 using xhci_hcd
[254319.424936] usb 3-1: reset high-speed USB device number 14 using xhci_hcd
[254343.467301] usb 3-1: USB disconnect, device number 14
[254386.971730] usb 3-1: new high-speed USB device number 15 using xhci_hcd
[254387.098020] usb 3-1: New USB device found, idVendor=2207, idProduct=0011, bcdDevice= 3.10
[254387.098026] usb 3-1: New USB device strings: Mfr=2, Product=3, SerialNumber=4

# dmesg message when connecting in rockusb mode
[254387.098028] usb 3-1: Product: Max2
[254387.098030] usb 3-1: Manufacturer: Onyx
[254387.098031] usb 3-1: SerialNumber: 0123456789ABCDEF
[254392.765959] usb 3-1: reset high-speed USB device number 15 using xhci_hcd
[254393.013973] usb 3-1: reset high-speed USB device number 15 using xhci_hcd
[254404.042722] usb 3-1: USB disconnect, device number 15
[254425.499786] usb 3-1: new high-speed USB device number 16 using xhci_hcd
[254425.625167] usb 3-1: New USB device found, idVendor=2207, idProduct=320a, bcdDevice= 1.00
[254425.625181] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
The idProduct=0011 is a normal adb usb
The idProduct=320a is rokchip bootloader, aka rockusb mode

List the flash partitions:
Code:
sudo rkbin/tools/upgrade_tool pl
Partition Info(parameter):
NO  LBA        Size       Name
01  0x00002000 0x00002000 uboot
02  0x00004000 0x00002000 misc
03  0x00006000 0x00008000 resource
04  0x0000e000 0x00008000 kernel
05  0x00016000 0x00010000 boot
06  0x00026000 0x00010000 recovery
07  0x00036000 0x0001a000 backup
08  0x00050000 0x000a0000 cache
09  0x000f0000 0x00002000 kpanic
10  0x000f2000 0x00300000 system
11  0x003f2000 0x00008000 metadata
12  0x00400000 0x00020000 radical_update
13  0x00420000 0x00008000 vendor
14  0x00428000 0xffffffff userdata
We're going to dump system partition, so copy the OFFSET SIZE values to the next command
Code:
sudo rkbin/tools/upgrade_tool rl 0x000f2000 0x00300000 system.img
cp system.img system.img.bak
The image is an ext4 partition, so just: mount it, modify, unmont
Code:
$ sudo mount -o loop,rw system.img /mnt

# to add SuperSU
cd SuperSU-v2.82-201705271822/
sudo ../embed-supersu.sh
cd ..

# to update root certificates
sudo update-certificates.sh

sudo umount /mnt
Finally, flash the modified image back, and reboot the device
Code:
# use the OFFSET from your PL output
sudo rkbin/tools/upgrade_tool wl 0x000f2000 system.img

# reboot
sudo rkbin/tools/upgrade_tool rd 0
Post Install

There will be SuperSU notification, answer:
- CONTINUE
- NORMAL
- REBOOT

After this procedure java certificate exceptions are gone, SuperSU installed because we can!
plusz is offline   Reply With Quote