A trick of keystore. Android 10 or above is required .
This module is used for modifying the certificate chain generated for android key attestation.
Due to the rampant misuse and the contributions received after open-sourcing being less than expected, this module will be closed-source starting from version 1.1.0.
考慮到二改氾濫,且開源後獲得的貢獻少於預期,因此本模組自1.1.0 版本起閉源發布。
/data/adb/tricky_store/keybox.xml
(Optional)./data/adb/tricky_store/target.txt
(Optional).All configuration files will take effect immediately.
format:
<? xml version = " 1.0 " ?>
< AndroidAttestation >
< NumberOfKeyboxes >1</ NumberOfKeyboxes >
< Keybox DeviceID = " ... " >
< Key algorithm = " ecdsa|rsa " >
< PrivateKey format = " pem " >
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
</ PrivateKey >
< CertificateChain >
< NumberOfCertificates >...</ NumberOfCertificates >
< Certificate format = " pem " >
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ Certificate >
... more certificates
</ CertificateChain >
</ Key >...
</ Keybox >
</ AndroidAttestation >
Tricky Store will hack the leaf certificate by default. On TEE broken devices, this will not work because we can't retrieve the leaf certificate from TEE. In this case, we fallback to use generate key mode automatically.
You can add a !
after a package name to force use generate certificate support for this package. Also, you can add a ?
after a package name to force use leaf hack mode for this package.
For example:
# target.txt
# use auto mode for KeyAttestation App
io.github.vvb2060.keyattestation
# always use leaf hack mode
io.github.vvb2060.mahoshojo?
# always use certificate generating mode for gms
com.google.android.gms!