Skip to content

5ec1cff/TrickyStore

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 
README.zh-CN.md
README.zh-CN.md
 
 
_config.yml
_config.yml
 
 
changelog.md
changelog.md
 
 
update.json
update.json
 
 

Repository files navigation

Tricky Store

A trick of keystore. Android 10 or above is required.

This module is used for modifying the certificate chain generated for android key attestation.

中文 README

Stop opening source

Due to the rampant misuse and the contributions received after open-sourcing being less than expected, this module will be closed-source starting from version 1.1.0.

Usage

  1. Flash this module and reboot.
  2. For more than DEVICE integrity, put an unrevoked hardware keybox.xml at /data/adb/tricky_store/keybox.xml (Optional).
  3. Customize target packages at /data/adb/tricky_store/target.txt (Optional).
  4. Enjoy!

All configuration files will take effect immediately.

keybox.xml

format:

<?xml version="1.0"?>
<AndroidAttestation>
    <NumberOfKeyboxes>1</NumberOfKeyboxes>
    <Keybox DeviceID="...">
        <Key algorithm="ecdsa|rsa">
            <PrivateKey format="pem">
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
            </PrivateKey>
            <CertificateChain>
                <NumberOfCertificates>...</NumberOfCertificates>
                    <Certificate format="pem">
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
                    </Certificate>
                ... more certificates
            </CertificateChain>
        </Key>...
    </Keybox>
</AndroidAttestation>

Support TEE broken devices

Tricky Store will hack the leaf certificate by default. On TEE broken devices, this will not work because we can't retrieve the leaf certificate from TEE. In this case, we fallback to use generate key mode automatically.

You can add a ! after a package name to force use generate certificate support for this package. Also, you can add a ? after a package name to force use leaf hack mode for this package.

For example:

# target.txt
# use auto mode for KeyAttestation App
io.github.vvb2060.keyattestation
# always use leaf hack mode 
io.github.vvb2060.mahoshojo?
# always use certificate generating mode for gms
com.google.android.gms!

Customize security patch level (1.2.1+)

Create the file /data/adb/tricky_store/security_patch.txt.

Simple:

# Hack os/vendor/boot security patch level
20241101

Advanced:

# os security patch level is 202411
system=202411
# do not hack boot patch level
boot=no
# vendor patch level is 20241101 (another format)
vendor=2024-11-01
# default value
# all=20241101
# keep consistent with system prop
# system=prop

Note: this feature will only hack the result of KeyAttestation, it will not do resetprop, you need do it yourself.

Acknowledgement

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2k stars

Watchers

30 watching

Forks

177 forks
Report repository

Releases 11

1.2.1 Latest
Feb 7, 2025
+ 10 releases

Packages

No packages published