From 88348ca26a39f4872852feb7be1a960e4b803c5b Mon Sep 17 00:00:00 2001
From: backslashxx <118538522+backslashxx@users.noreply.github.com>
Date: Fri, 16 May 2025 14:17:34 +0800
Subject: [PATCH] feat: on device keybox generation

#41
---
 module/common/get_extra.sh          | 60 +++++++++++++++++++++++++++++
 module/webui/scripts/menu_option.js | 11 +++---
 2 files changed, 66 insertions(+), 5 deletions(-)

diff --git a/module/common/get_extra.sh b/module/common/get_extra.sh
index 492041f..2080478 100644
--- a/module/common/get_extra.sh
+++ b/module/common/get_extra.sh
@@ -141,6 +141,62 @@ get_latest_security_patch() {
     [ -n "$security_patch" ] && echo "$security_patch" || exit 1
 }
 
+unknown_kb() {
+    # adapted from https://github.com/TMLP-Team/keyboxGenerator/blob/main/keyboxGenerator_v2.0.py
+    ECKEY="eckey.pem"
+    CERT="cert.pem"
+    RSAKEY="rsakey.pem"
+    KEYBOX="keybox.xml"
+
+    # gen ec_key
+    openssl ecparam -name prime256v1 -genkey -noout -out "$ECKEY" || exit 1
+
+    # gen cert
+    openssl req -new -x509 -key "$ECKEY" -out "$CERT" -days 3650 -subj "/CN=Generated" || exit 1
+
+    # gen rsa key
+    openssl genrsa -out "$RSAKEY" 2048 || exit 1
+
+    # convert rsa key to PKCS#1
+    openssl rsa -in "$RSAKEY" -out "$RSAKEY" -traditional || exit 1
+
+    # Generate keybox XML
+    cat << KEYBOX_EOF > "$KEYBOX"
+<?xml version="1.0"?>
+    <AndroidAttestation>
+        <NumberOfKeyboxes>1</NumberOfKeyboxes>
+        <Keybox DeviceID="sw">
+            <Key algorithm="ecdsa">
+                <PrivateKey format="pem">
+$(sed 's/^/                    /' "$ECKEY")
+                </PrivateKey>
+                <CertificateChain>
+                    <NumberOfCertificates>1</NumberOfCertificates>
+                        <Certificate format="pem">
+$(sed 's/^/                        /' "$CERT")
+                        </Certificate>
+                </CertificateChain>
+            </Key>
+            <Key algorithm="rsa">
+                <PrivateKey format="pem">
+$(sed 's/^/                    /' "$RSAKEY")
+                </PrivateKey>
+            </Key>
+        </Keybox>
+</AndroidAttestation>
+KEYBOX_EOF
+
+    # cleanup
+    rm -f $ECKEY $CERT $RSAKEY
+
+    if [ -f $KEYBOX ]; then
+        mv /data/adb/tricky_store/keybox.xml /data/adb/tricky_store/keybox.xml.bak
+        mv "$KEYBOX" /data/adb/tricky_store/keybox.xml
+    else
+        exit 1
+    fi
+}
+
 case "$1" in
 --xposed)
     get_xposed
@@ -186,4 +242,8 @@ case "$1" in
     get_latest_security_patch
     exit
     ;;
+--unknown-kb)
+    unknown_kb
+    exit
+    ;;
 esac
diff --git a/module/webui/scripts/menu_option.js b/module/webui/scripts/menu_option.js
index 8711026..91da2b6 100644
--- a/module/webui/scripts/menu_option.js
+++ b/module/webui/scripts/menu_option.js
@@ -1,4 +1,4 @@
-import { exec, toast } from './assets/kernelsu.js';
+import { exec, spawn, toast } from './assets/kernelsu.js';
 import { basePath, showPrompt, applyRippleEffect, refreshAppList } from './main.js';
 
 // Function to check or uncheck all app
@@ -245,10 +245,11 @@ async function fetchkb(link, fallbackLink, valid = false) {
 
 // unkown kb eventlistener
 document.getElementById("devicekb").addEventListener("click", async () => {
-    fetchkb(
-        "https://raw.githubusercontent.com/KOWX712/Tricky-Addon-Update-Target-List/bot/.device",
-        "https://raw.gitmirror.com/KOWX712/Tricky-Addon-Update-Target-List/bot/.device"
-    )
+    const output = spawn("sh", [`${basePath}/common/get_extra.sh`, "--unknown-kb"],
+                    { cwd: "/data/local/tmp", env: { PATH: `$PATH:${basePath}/common`, OPENSSL_CONF: "/dev/null" }});
+    output.on('exit', (code) => {
+        showPrompt(code === 0 ? "prompt.unknown_key_set" : "prompt.key_set_error", code === 0);
+    });
 });
 
 // valid kb eventlistener