br0kenpixel/TrickyStore
1
0
Fork 0
mirror of https://github.com/5ec1cff/TrickyStore.git synced 2025-09-06 06:37:07 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity
Files
b8dce5ed5f435c8b8881000964cc45a31d4241c5
TrickyStore/README.md
GarfieldHan 4d7257fcc7 README: Add customize spoof build vars illustration 
Signed-off-by: GarfieldHan <2652609017@qq.com>
2024-07-18 13:53:57 +08:00

99 lines
2.7 KiB
Markdown
Raw Blame History

# Tricky Store
A trick of keystore. **Android 12 or above is required**.
## Usage
1. Flash this module and reboot.
2. Put keybox.xml to /data/adb/tricky_store/keybox.xml .
3. Put target packages to /data/adb/tricky_store/target.txt (Optional).
4. Enjoy!
## keybox.xml
format:
```xml
<?xml version="1.0"?>
<AndroidAttestation>
<NumberOfKeyboxes>1</NumberOfKeyboxes>
<Keybox DeviceID="...">
<Key algorithm="ecdsa|rsa">
<PrivateKey format="pem">
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
</PrivateKey>
<CertificateChain>
<NumberOfCertificates>...</NumberOfCertificates>
<Certificate format="pem">
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</Certificate>
... more certificates
</CertificateChain>
</Key>...
</Keybox>
</AndroidAttestation>
```
## Build Vars Spoofing
If you can not pass strong integrity, you can try to enable build vars spoofing
by creating a file `/data/adb/tricky_store/spoof_build_vars`.
After doing that, TrickyStore will automatically generate an example config json
inside `/data/adb/tricky_store/spoof_build_vars` on next reboot. Then you can manually
edit your spoof config.
Here is an example of spoof config:
```json
{
"manufacturer": "Google",
"model": "Pixel",
"fingerprint": "google/sailfish/sailfish:8.1.0/OPM1.171019.011/4448085:user/release-keys",
"brand": "google",
"product": "sailfish",
"device": "sailfish",
"release": "8.1.0",
"id": "OPM1.171019.011",
"incremental": "4448085",
"security_patch": "2017-12-05",
"type": "user",
"tags": "release-keys"
}
```
Zygisk (or Zygisk Next) is needed for this feature to work.
## Support TEE broken devices
TrickyStore will hack leaf certificate by default.
On TEE broken devices, this will not work because we can't retrieve leaf certificate from TEE.
You can add a `!` after package name to enable certificate generate support for this package.
For example:
```
# target.txt
# use leaf certificate hacking mode for KeyAttestation App
io.github.vvb2060.keyattestation
# use certificate generating mode for gms
com.google.android.gms!
```
## Known issue
- App Attest Key is not supported.
- StrongBox is not supported.
## Acknowledgement
- [PlayIntegrityFix](https://github.com/chiteroman/PlayIntegrityFix)
- [FrameworkPatch](https://github.com/chiteroman/FrameworkPatch)
- [BootloaderSpoofer](https://github.com/chiteroman/BootloaderSpoofer)
- [KeystoreInjection](https://github.com/aviraxp/Zygisk-KeystoreInjection)
- [LSPosed](https://github.com/LSPosed/LSPosed)
- [Glaze](https://github.com/stephenberry/glaze)
Reference in New Issue View Git Blame Copy Permalink