feat: on device keybox generation

#41
2025-09-06 06:37:09 +00:00 · 2025-05-16 14:17:34 +08:00
parent 3a06a13f36
commit 88348ca26a
2 changed files with 66 additions and 5 deletions
--- a/module/common/get_extra.sh
+++ b/module/common/get_extra.sh
@@ -141,6 +141,62 @@ get_latest_security_patch() {
    [ -n "$security_patch" ] && echo "$security_patch" || exit 1
 }

+unknown_kb() {
+    # adapted from https://github.com/TMLP-Team/keyboxGenerator/blob/main/keyboxGenerator_v2.0.py
+    ECKEY="eckey.pem"
+    CERT="cert.pem"
+    RSAKEY="rsakey.pem"
+    KEYBOX="keybox.xml"
+
+    # gen ec_key
+    openssl ecparam -name prime256v1 -genkey -noout -out "$ECKEY" || exit 1
+
+    # gen cert
+    openssl req -new -x509 -key "$ECKEY" -out "$CERT" -days 3650 -subj "/CN=Generated" || exit 1
+
+    # gen rsa key
+    openssl genrsa -out "$RSAKEY" 2048 || exit 1
+
+    # convert rsa key to PKCS#1
+    openssl rsa -in "$RSAKEY" -out "$RSAKEY" -traditional || exit 1
+
+    # Generate keybox XML
+    cat << KEYBOX_EOF > "$KEYBOX"
+<?xml version="1.0"?>
+    <AndroidAttestation>
+        <NumberOfKeyboxes>1</NumberOfKeyboxes>
+        <Keybox DeviceID="sw">
+            <Key algorithm="ecdsa">
+                <PrivateKey format="pem">
+$(sed 's/^/                    /' "$ECKEY")
+                </PrivateKey>
+                <CertificateChain>
+                    <NumberOfCertificates>1</NumberOfCertificates>
+                        <Certificate format="pem">
+$(sed 's/^/                        /' "$CERT")
+                        </Certificate>
+                </CertificateChain>
+            </Key>
+            <Key algorithm="rsa">
+                <PrivateKey format="pem">
+$(sed 's/^/                    /' "$RSAKEY")
+                </PrivateKey>
+            </Key>
+        </Keybox>
+</AndroidAttestation>
+KEYBOX_EOF
+
+    # cleanup
+    rm -f $ECKEY $CERT $RSAKEY
+
+    if [ -f $KEYBOX ]; then
+        mv /data/adb/tricky_store/keybox.xml /data/adb/tricky_store/keybox.xml.bak
+        mv "$KEYBOX" /data/adb/tricky_store/keybox.xml
+    else
+        exit 1
+    fi
+}
+
 case "$1" in
 --xposed)
    get_xposed
@@ -186,4 +242,8 @@ case "$1" in
    get_latest_security_patch
    exit
    ;;
+--unknown-kb)
+    unknown_kb
+    exit
+    ;;
 esac
--- a/module/webui/scripts/menu_option.js
+++ b/module/webui/scripts/menu_option.js
@@ -1,4 +1,4 @@
-import { exec, toast } from './assets/kernelsu.js';
+import { exec, spawn, toast } from './assets/kernelsu.js';
 import { basePath, showPrompt, applyRippleEffect, refreshAppList } from './main.js';

 // Function to check or uncheck all app
@@ -245,10 +245,11 @@ async function fetchkb(link, fallbackLink, valid = false) {

 // unkown kb eventlistener
 document.getElementById("devicekb").addEventListener("click", async () => {
-    fetchkb(
-        "https://raw.githubusercontent.com/KOWX712/Tricky-Addon-Update-Target-List/bot/.device",
-        "https://raw.gitmirror.com/KOWX712/Tricky-Addon-Update-Target-List/bot/.device"
-    )
+    const output = spawn("sh", [`${basePath}/common/get_extra.sh`, "--unknown-kb"],
+                    { cwd: "/data/local/tmp", env: { PATH: `$PATH:${basePath}/common`, OPENSSL_CONF: "/dev/null" }});
+    output.on('exit', (code) => {
+        showPrompt(code === 0 ? "prompt.unknown_key_set" : "prompt.key_set_error", code === 0);
+    });
 });

 // valid kb eventlistener