br0kenpixel/TrickyStore
1
0
Fork 0
mirror of https://github.com/5ec1cff/TrickyStore.git synced 2025-09-06 06:37:07 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
9be33d95284f35e793f9bdfe1679eb0d8963e2a9
TrickyStore/README.md
LoveSy 9be33d9528 Refine spoof build vars
2024-07-21 09:14:22 +08:00

98 lines
2.6 KiB
Markdown
Raw Blame History

# Tricky Store
A trick of keystore. **Android 12 or above is required**.
## Usage
1. Flash this module and reboot.
2. Put keybox.xml to /data/adb/tricky_store/keybox.xml .
3. Put target packages to /data/adb/tricky_store/target.txt (Optional).
4. Enjoy!
## keybox.xml
format:
```xml
<?xml version="1.0"?>
<AndroidAttestation>
<NumberOfKeyboxes>1</NumberOfKeyboxes>
<Keybox DeviceID="...">
<Key algorithm="ecdsa|rsa">
<PrivateKey format="pem">
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
</PrivateKey>
<CertificateChain>
<NumberOfCertificates>...</NumberOfCertificates>
<Certificate format="pem">
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</Certificate>
... more certificates
</CertificateChain>
</Key>...
</Keybox>
</AndroidAttestation>
```
## Build Vars Spoofing
> **Zygisk (or Zygisk Next) is needed for this feature to work.**
If you can not pass strong integrity, you can try to enable build vars spoofing
by creating a file `/data/adb/tricky_store/spoof_build_vars`.
After doing that, TrickyStore will automatically generate an example config json
inside `/data/adb/tricky_store/spoof_build_vars` on next reboot. Then you can manually
edit your spoof config.
Here is an example of spoof config:
```
MANUFACTURER=Google
MODEL=Pixel
FINGERPRINT=google/sailfish/sailfish:8.1.0/OPM1.171019.011/4448085:user/release-keys
BRAND=google
PRODUCT=sailfish
DEVICE=sailfish
RELEASE=8.1.0
ID=OPM1.171019.011
INCREMENTAL=4448085
TYPE=user
TAGS=release-keys
SECURITY_PATCH=2017-12-05
```
## Support TEE broken devices
TrickyStore will hack leaf certificate by default.
On TEE broken devices, this will not work because we can't retrieve leaf certificate from TEE.
You can add a `!` after package name to enable certificate generate support for this package.
For example:
```
# target.txt
# use leaf certificate hacking mode for KeyAttestation App
io.github.vvb2060.keyattestation
# use certificate generating mode for gms
com.google.android.gms!
```
## Known issue
- App Attest Key is not supported.
- StrongBox is not supported.
## Acknowledgement
- [PlayIntegrityFix](https://github.com/chiteroman/PlayIntegrityFix)
- [FrameworkPatch](https://github.com/chiteroman/FrameworkPatch)
- [BootloaderSpoofer](https://github.com/chiteroman/BootloaderSpoofer)
- [KeystoreInjection](https://github.com/aviraxp/Zygisk-KeystoreInjection)
- [LSPosed](https://github.com/LSPosed/LSPosed)
- [Glaze](https://github.com/stephenberry/glaze)
Reference in New Issue View Git Blame Copy Permalink