br0kenpixel/TrickyStore
1
0
Fork 0
mirror of https://github.com/5ec1cff/TrickyStore.git synced 2025-09-06 06:37:07 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
8f6c2b5dc8f5bfd839e12789d1365c7e7bcc5776
TrickyStore/README.md
Chris Renshaw 8f6c2b5dc8 Update README.md
2024-07-24 01:44:36 +08:00

2.5 KiB
Raw Blame History

Tricky Store

A trick of keystore. Android 12 or above is required.

Usage

  1. Flash this module and reboot.
  2. Put keybox.xml at /data/adb/tricky_store/keybox.xml.
  3. Customize target packages at /data/adb/tricky_store/target.txt (Optional).
  4. Enjoy!

keybox.xml

format:

<?xml version="1.0"?>
<AndroidAttestation>
    <NumberOfKeyboxes>1</NumberOfKeyboxes>
    <Keybox DeviceID="...">
        <Key algorithm="ecdsa|rsa">
            <PrivateKey format="pem">
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
            </PrivateKey>
            <CertificateChain>
                <NumberOfCertificates>...</NumberOfCertificates>
                    <Certificate format="pem">
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
                    </Certificate>
                ... more certificates
            </CertificateChain>
        </Key>...
    </Keybox>
</AndroidAttestation>

Build Vars Spoofing

Zygisk (or Zygisk Next) is needed for this feature to work.

If you cannot pass strong integrity, you can try enabling build vars spoofing by creating the file /data/adb/tricky_store/spoof_build_vars.

Tricky Store will automatically generate example config props inside /data/adb/tricky_store/spoof_build_vars on next reboot, then you can manually edit your spoof config.

Here is an example of spoof config:

MANUFACTURER=Google
MODEL=Pixel
FINGERPRINT=google/sailfish/sailfish:8.1.0/OPM1.171019.011/4448085:user/release-keys
BRAND=google
PRODUCT=sailfish
DEVICE=sailfish
RELEASE=8.1.0
ID=OPM1.171019.011
INCREMENTAL=4448085
TYPE=user
TAGS=release-keys
SECURITY_PATCH=2017-12-05

Support TEE broken devices

Tricky Store will hack the leaf certificate by default. On TEE broken devices, this will not work because we can't retrieve the leaf certificate from TEE. You can add a ! after a package name to enable generate certificate support for this package.

For example:

# target.txt
# use leaf certificate hacking mode for KeyAttestation App
io.github.vvb2060.keyattestation
# use certificate generating mode for gms
com.google.android.gms!

Known issues

  • App Attest Key is not supported.
  • StrongBox is not supported.

Acknowledgement