A trick of keystore. Android 12 or above is required.
PIFork is required for device spoofing using Build fields and system properties, for SafetyNet/Play Integrity purposes. This provides a larger working pool of fingerprints for DEVICE integrity with the included default AOSP software keybox.
Shamiko (or similar) may also be required/desired for the global props changes (if not using PIFork) and root hiding it provides.
- Flash this module and reboot.
- For more than possible DEVICE integrity, put an unrevoked hardware keybox.xml at
/data/adb/tricky_store/keybox.xml(Optional). - Customize target packages at
/data/adb/tricky_store/target.txt(Optional). - Enjoy!
All configuration files will automatically take effect after a short time, or immediately by killing gms.
format:
<?xml version="1.0"?>
<AndroidAttestation>
<NumberOfKeyboxes>1</NumberOfKeyboxes>
<Keybox DeviceID="...">
<Key algorithm="ecdsa|rsa">
<PrivateKey format="pem">
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
</PrivateKey>
<CertificateChain>
<NumberOfCertificates>...</NumberOfCertificates>
<Certificate format="pem">
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</Certificate>
... more certificates
</CertificateChain>
</Key>...
</Keybox>
</AndroidAttestation>Tricky Store will hack the leaf certificate by default. On TEE broken devices, this will not work because we can't retrieve the leaf certificate from TEE. You can add a ! after a package name to enable generate certificate support for this package.
For example:
# target.txt
# use leaf certificate hacking mode for KeyAttestation App
io.github.vvb2060.keyattestation
# use certificate generating mode for gms
com.google.android.gms!
- App Attest Key doesn't work (so users should disable testing for it in Key Attestation Demo for now).
- Android 11 and below is not currently supported.
Pull Requests welcome.