From 50e3ce31f67c01147b8b870ab6e4ee7eb611296f Mon Sep 17 00:00:00 2001
From: 5ec1cff <ewtqyqyewtqyqy@gmail.com>
Date: Fri, 7 Feb 2025 13:40:54 +0800
Subject: [PATCH] 1.2.1

---
 README.md       |  34 +++++++++++++---
 README.zh-CN.md | 105 ++++++++++++++++++++++++++++++++++++++++++++++++
 changelog.md    |   8 ++++
 update.json     |   6 +--
 4 files changed, 145 insertions(+), 8 deletions(-)
 create mode 100644 README.zh-CN.md

diff --git a/README.md b/README.md
index 596014a..957fa93 100644
--- a/README.md
+++ b/README.md
@@ -4,12 +4,12 @@ A trick of keystore. **Android 10 or above is required**.
 
 This module is used for modifying the certificate chain generated for android key attestation.
 
-## Stop opening source / 停止开源
+[中文 README](README.zh-CN.md)
+
+## Stop opening source
 
 Due to the rampant misuse and the contributions received after open-sourcing being less than expected, this module will be closed-source starting from version 1.1.0.
 
-考虑到二改泛滥，且开源后获得的贡献少于预期，因此本模块自 1.1.0 版本起闭源发布。
-
 ## Usage
 
 1. Flash this module and reboot.  
@@ -69,9 +69,33 @@ io.github.vvb2060.mahoshojo?
 com.google.android.gms!
 ```
 
-## TODO
+## Customize security patch level (1.2.1+)
 
-- [Support Android 11 and below.](https://github.com/5ec1cff/TrickyStore/issues/25#issuecomment-2250588463)
+Create the file `/data/adb/tricky_store/security_patch.txt`.
+
+Simple:
+
+```
+# Hack os/vendor/boot security patch level
+20241101
+```
+
+Advanced:
+
+```
+# os security patch level is 202411
+system=202411
+# do not hack boot patch level
+boot=no
+# vendor patch level is 20241101 (another format)
+vendor=2024-11-01
+# default value
+# all=20241101
+# keep consistent with system prop
+# system=prop
+```
+
+Note: this feature will only hack the result of KeyAttestation, it will not do resetprop, you need do it yourself.
 
 ## Acknowledgement
 
diff --git a/README.zh-CN.md b/README.zh-CN.md
new file mode 100644
index 0000000..73c2574
--- /dev/null
+++ b/README.zh-CN.md
@@ -0,0 +1,105 @@
+# Tricky Store
+
+**支持 Android 10 及以上版本**.
+
+该模块用于修改 Android Keystore 生成的 Android KeyAttestation 证书链。
+
+[中文 README](README.zh-CN.md)
+
+## 停止开源
+
+考虑到二改泛滥，且开源后获得的贡献少于预期，因此本模块自 1.1.0 版本起闭源发布。
+
+## 用法
+
+1. 刷入模块并重启。
+2. For more than DEVICE integrity, put an unrevoked hardware keybox.xml at `/data/adb/tricky_store/keybox.xml` （可选）。
+3. 在 `/data/adb/tricky_store/target.txt` 自定义修改生效的应用包名（可选） 。
+4. 大功告成！  
+
+**所有配置会立即生效**
+
+## keybox.xml
+
+format:
+
+```xml
+<?xml version="1.0"?>
+<AndroidAttestation>
+    <NumberOfKeyboxes>1</NumberOfKeyboxes>
+    <Keybox DeviceID="...">
+        <Key algorithm="ecdsa|rsa">
+            <PrivateKey format="pem">
+-----BEGIN EC PRIVATE KEY-----
+...
+-----END EC PRIVATE KEY-----
+            </PrivateKey>
+            <CertificateChain>
+                <NumberOfCertificates>...</NumberOfCertificates>
+                    <Certificate format="pem">
+-----BEGIN CERTIFICATE-----
+...
+-----END CERTIFICATE-----
+                    </Certificate>
+                ... more certificates
+            </CertificateChain>
+        </Key>...
+    </Keybox>
+</AndroidAttestation>
+```
+
+## 支持 TEE 损坏的设备
+
+TrickyStore 默认采用修改来自 TEE 的叶证书的方式。
+这在 TEE 损坏的设备上无法工作，因为 TEE 无法提供证书链。
+因此，TrickyStore 会自动切换到生成证书链模式。  
+
+在 target.txt 中，在包名后添加一个 `!` 可以强制使用生成证书链模式。
+添加 `?` 到包名后可强制使用修改证书链模式。如无后缀则自动选择。
+
+例子
+
+```
+# target.txt
+# 对 KeyAttestation App 使用自动模式
+io.github.vvb2060.keyattestation
+# 对 momo 使用修改证书链模式
+io.github.vvb2060.mahoshojo?
+# 对 gms 使用生成证书链模式
+com.google.android.gms!
+```
+
+## 自定义安全补丁级别(1.2.1+)
+
+配置文件 `/data/adb/tricky_store/security_patch.txt`
+
+简易：
+
+```
+# 修改 os/vendor/boot 的安全补丁级别
+20241101
+```
+
+高级：
+
+```
+# os 安全补丁级别为 202411
+system=202411
+# 不要修改 boot 安全补丁级别
+boot=no
+# vendor 安全补丁级别 20241101 （使用了另一种格式）
+vendor=2024-11-01
+# 默认值
+# all=20241101
+# system 安全补丁级别与系统属性一致
+# system=prop
+```
+
+注意：该功能仅修改 KeyAttestation 返回的结果，不会重置系统属性。
+
+## Acknowledgement
+
+- [FrameworkPatch](https://github.com/chiteroman/FrameworkPatch)
+- [BootloaderSpoofer](https://github.com/chiteroman/BootloaderSpoofer)
+- [KeystoreInjection](https://github.com/aviraxp/Zygisk-KeystoreInjection)
+- [LSPosed](https://github.com/LSPosed/LSPosed)
diff --git a/changelog.md b/changelog.md
index 7225702..31ec6af 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,11 @@
+# 1.2.1
+
+支持自定义安全补丁级别（请参见 README.md）
+
+---
+
+Support customizing security patch level (please refer to README.md)
+
 # 1.2.0
 
 修复注入失败的问题
diff --git a/update.json b/update.json
index 677677a..200c94d 100644
--- a/update.json
+++ b/update.json
@@ -1,6 +1,6 @@
 {
-  "versionCode": 155,
-  "version": "v1.2.0",
-  "zipUrl": "https://github.com/5ec1cff/TrickyStore/releases/download/1.2.0/Tricky-Store-v1.2.0-155-331f6fe-release.zip",
+  "versionCode": 158,
+  "version": "v1.2.1",
+  "zipUrl": "https://github.com/5ec1cff/TrickyStore/releases/download/1.2.1/Tricky-Store-v1.2.1-158-51390a7-release",
   "changelog": "https://github.com/5ec1cff/TrickyStore/raw/release/changelog.md"
 }