├── README.md
├── README.zh-CN.md
├── _config.yml
├── changelog.md
└── update.json
/README.md:
--------------------------------------------------------------------------------
1 | # Tricky Store
2 |
3 | A trick of keystore. **Android 10 or above is required**.
4 |
5 | This module is used for modifying the certificate chain generated for android key attestation.
6 |
7 | [中文 README](README.zh-CN.md)
8 |
9 | ## Stop opening source
10 |
11 | Due to the rampant misuse and the contributions received after open-sourcing being less than expected, this module will be closed-source starting from version 1.1.0.
12 |
13 | ## Usage
14 |
15 | 1. Flash this module and reboot.
16 | 2. For more than DEVICE integrity, put an unrevoked hardware keybox.xml at `/data/adb/tricky_store/keybox.xml` (Optional).
17 | 3. Customize target packages at `/data/adb/tricky_store/target.txt` (Optional).
18 | 4. Enjoy!
19 |
20 | **All configuration files will take effect immediately.**
21 |
22 | ## keybox.xml
23 |
24 | format:
25 |
26 | ```xml
27 |
28 |
29 | 1
30 |
31 |
32 |
33 | -----BEGIN EC PRIVATE KEY-----
34 | ...
35 | -----END EC PRIVATE KEY-----
36 |
37 |
38 | ...
39 |
40 | -----BEGIN CERTIFICATE-----
41 | ...
42 | -----END CERTIFICATE-----
43 |
44 | ... more certificates
45 |
46 | ...
47 |
48 |
49 | ```
50 |
51 | ## Support TEE broken devices
52 |
53 | Tricky Store will hack the leaf certificate by default.
54 | On TEE broken devices, this will not work because we can't retrieve the leaf certificate from TEE.
55 | In this case, we fallback to use generate key mode automatically.
56 |
57 | You can add a `!` after a package name to force use generate certificate support for this package.
58 | Also, you can add a `?` after a package name to force use leaf hack mode for this package.
59 |
60 | For example:
61 |
62 | ```
63 | # target.txt
64 | # use auto mode for KeyAttestation App
65 | io.github.vvb2060.keyattestation
66 | # always use leaf hack mode
67 | io.github.vvb2060.mahoshojo?
68 | # always use certificate generating mode for gms
69 | com.google.android.gms!
70 | ```
71 |
72 | ## Customize security patch level (1.2.1+)
73 |
74 | Create the file `/data/adb/tricky_store/security_patch.txt`.
75 |
76 | Simple:
77 |
78 | ```
79 | # Hack os/vendor/boot security patch level
80 | 20241101
81 | ```
82 |
83 | Advanced:
84 |
85 | ```
86 | # os security patch level is 202411
87 | system=202411
88 | # do not hack boot patch level
89 | boot=no
90 | # vendor patch level is 20241101 (another format)
91 | vendor=2024-11-01
92 | # default value
93 | # all=20241101
94 | # keep consistent with system prop
95 | # system=prop
96 | ```
97 |
98 | Note: this feature will only hack the result of KeyAttestation, it will not do resetprop, you need do it yourself.
99 |
100 | ## Acknowledgement
101 |
102 | - [FrameworkPatch](https://github.com/chiteroman/FrameworkPatch)
103 | - [BootloaderSpoofer](https://github.com/chiteroman/BootloaderSpoofer)
104 | - [KeystoreInjection](https://github.com/aviraxp/Zygisk-KeystoreInjection)
105 | - [LSPosed](https://github.com/LSPosed/LSPosed)
106 |
--------------------------------------------------------------------------------
/README.zh-CN.md:
--------------------------------------------------------------------------------
1 | # Tricky Store
2 |
3 | **支持 Android 10 及以上版本**.
4 |
5 | 该模块用于修改 Android Keystore 生成的 Android KeyAttestation 证书链。
6 |
7 | [中文 README](README.zh-CN.md)
8 |
9 | ## 停止开源
10 |
11 | 考虑到二改泛滥,且开源后获得的贡献少于预期,因此本模块自 1.1.0 版本起闭源发布。
12 |
13 | ## 用法
14 |
15 | 1. 刷入模块并重启。
16 | 2. For more than DEVICE integrity, put an unrevoked hardware keybox.xml at `/data/adb/tricky_store/keybox.xml` (可选)。
17 | 3. 在 `/data/adb/tricky_store/target.txt` 自定义修改生效的应用包名(可选) 。
18 | 4. 大功告成!
19 |
20 | **所有配置会立即生效**
21 |
22 | ## keybox.xml
23 |
24 | format:
25 |
26 | ```xml
27 |
28 |
29 | 1
30 |
31 |
32 |
33 | -----BEGIN EC PRIVATE KEY-----
34 | ...
35 | -----END EC PRIVATE KEY-----
36 |
37 |
38 | ...
39 |
40 | -----BEGIN CERTIFICATE-----
41 | ...
42 | -----END CERTIFICATE-----
43 |
44 | ... more certificates
45 |
46 | ...
47 |
48 |
49 | ```
50 |
51 | ## 支持 TEE 损坏的设备
52 |
53 | TrickyStore 默认采用修改来自 TEE 的叶证书的方式。
54 | 这在 TEE 损坏的设备上无法工作,因为 TEE 无法提供证书链。
55 | 因此,TrickyStore 会自动切换到生成证书链模式。
56 |
57 | 在 target.txt 中,在包名后添加一个 `!` 可以强制使用生成证书链模式。
58 | 添加 `?` 到包名后可强制使用修改证书链模式。如无后缀则自动选择。
59 |
60 | 例子
61 |
62 | ```
63 | # target.txt
64 | # 对 KeyAttestation App 使用自动模式
65 | io.github.vvb2060.keyattestation
66 | # 对 momo 使用修改证书链模式
67 | io.github.vvb2060.mahoshojo?
68 | # 对 gms 使用生成证书链模式
69 | com.google.android.gms!
70 | ```
71 |
72 | ## 自定义安全补丁级别(1.2.1+)
73 |
74 | 配置文件 `/data/adb/tricky_store/security_patch.txt`
75 |
76 | 简易:
77 |
78 | ```
79 | # 修改 os/vendor/boot 的安全补丁级别
80 | 20241101
81 | ```
82 |
83 | 高级:
84 |
85 | ```
86 | # os 安全补丁级别为 202411
87 | system=202411
88 | # 不要修改 boot 安全补丁级别
89 | boot=no
90 | # vendor 安全补丁级别 20241101 (使用了另一种格式)
91 | vendor=2024-11-01
92 | # 默认值
93 | # all=20241101
94 | # system 安全补丁级别与系统属性一致
95 | # system=prop
96 | ```
97 |
98 | 注意:该功能仅修改 KeyAttestation 返回的结果,不会重置系统属性。
99 |
100 | ## Acknowledgement
101 |
102 | - [FrameworkPatch](https://github.com/chiteroman/FrameworkPatch)
103 | - [BootloaderSpoofer](https://github.com/chiteroman/BootloaderSpoofer)
104 | - [KeystoreInjection](https://github.com/aviraxp/Zygisk-KeystoreInjection)
105 | - [LSPosed](https://github.com/LSPosed/LSPosed)
106 |
--------------------------------------------------------------------------------
/_config.yml:
--------------------------------------------------------------------------------
1 | theme: jekyll-theme-slate
2 |
--------------------------------------------------------------------------------
/changelog.md:
--------------------------------------------------------------------------------
1 | # 1.2.1
2 |
3 | 支持自定义安全补丁级别(请参见 README.md)
4 |
5 | ---
6 |
7 | Support customizing security patch level (please refer to README.md)
8 |
9 | # 1.2.0
10 |
11 | 修复注入失败的问题
12 | 修复安装失败的问题
13 | 修复 cert hack 下报错的问题
14 |
15 | ---
16 |
17 | Fixed the injection failure issue
18 | Fixed the installation failure issue
19 | Fixed the error issue under cert hack
20 |
21 | # 1.2.0-RC2
22 |
23 | 修改叶证书模式同时会修改安全等级与信任根为非软件
24 | 修复缺失的 osVersion 字段
25 |
26 | ---
27 |
28 | Leaf hack mode will also change the security level and root of trust to non-software based
29 | Fix missing osVersion field
30 |
31 | # 1.2.0-RC1
32 |
33 | 初步支持 Android 10-11 (感谢 @N-X-T )
34 | 自动模式会检测是否支持硬件加密
35 | 修复模块损坏问题
36 | 修复证书签名算法选择的问题
37 |
38 | ---
39 |
40 | Add initial support for Android 10-11 (Thanks @N-X-T )
41 | Auto mode will detect if hardware encryption is supported
42 | Fix issue that module may be corrupted
43 | Fix issue with certificate signature algorithm selection
44 |
--------------------------------------------------------------------------------
/update.json:
--------------------------------------------------------------------------------
1 | {
2 | "versionCode": 158,
3 | "version": "v1.2.1",
4 | "zipUrl": "https://github.com/5ec1cff/TrickyStore/releases/download/1.2.1/Tricky-Store-v1.2.1-158-51390a7-release.zip",
5 | "changelog": "https://github.com/5ec1cff/TrickyStore/raw/release/changelog.md"
6 | }
7 |
--------------------------------------------------------------------------------