Fork Warning

This code is in early stages and from an older version of Tricky Store since Tricky Store is now closed-source. This code needs fixes and future improvements - if your're dev, feel free to use it as an base (start point) but if you're an end/advanced user, please backup your data and be prepared for facing bootloops.

Use this code at your own risk.

Tricky Store

A trick of keystore. Android 12 or above is required.

Usage

1. Flash this module and reboot.
2. For more than DEVICE integrity, put an unrevoked hardware keybox.xml at /data/adb/tricky_store/keybox.xml (Optional).
3. Customize target packages at /data/adb/tricky_store/target.txt (Required if you don't stick with "all" keyword).
4. Enjoy!

All configuration files will take effect immediately.

keybox.xml

format:

<?xml version="1.0"?>
<AndroidAttestation>
    <NumberOfKeyboxes>1</NumberOfKeyboxes>
    <Keybox DeviceID="...">
        <Key algorithm="ecdsa|rsa">
            <PrivateKey format="pem">
-----BEGIN EC PRIVATE KEY-----
...
-----END EC PRIVATE KEY-----
            </PrivateKey>
            <CertificateChain>
                <NumberOfCertificates>...</NumberOfCertificates>
                    <Certificate format="pem">
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
                    </Certificate>
                ... more certificates
            </CertificateChain>
        </Key>...
    </Keybox>
</AndroidAttestation>

Build Vars Spoofing

Zygisk (or Zygisk Next) is needed for this feature to work.

If you still do not pass you can try enabling/disabling Build variable spoofing by creating/deleting the file /data/adb/tricky_store/spoof_build_vars.

Tricky Store will automatically generate example config props inside /data/adb/tricky_store/spoof_build_vars once created, on next reboot, then you may manually edit your spoof config.

Here is an example of a spoof config:

MANUFACTURER=Google
MODEL=Pixel 8 Pro
FINGERPRINT=google/husky_beta/husky:15/AP31.240617.009/12094726:user/release-keys
BRAND=google
PRODUCT=husky_beta
DEVICE=husky
RELEASE=15
ID=AP31.240617.009
INCREMENTAL=12094726
TYPE=user
TAGS=release-keys
SECURITY_PATCH=2024-07-05

For Magisk users: if you don't need this feature and zygisk is disabled, please remove or rename the folder /data/adb/modules/tricky_store/zygisk manually.

Support TEE broken devices

Tricky Store will hack the leaf certificate by default. On TEE broken devices, this will not work because we can't retrieve the leaf certificate from TEE. You can add a ! after a package name to enable generate certificate support for this package.

For example:

# target.txt
# use leaf certificate hacking mode for KeyAttestation App
io.github.vvb2060.keyattestation
# use certificate generating mode for gms
com.google.android.gms!

Global Implementation Support

Tricky Store will also hack the leaf certificate by default for global feature. On TEE broken devices this method will not work. You can add a ! after keyword all to enable generate certificate support for ALL PACKAGES

For example:

# target.txt
# use leaf certificate hacking mode for all packages
all
# use certificate generating mode for all packages
all!

TODO

• Support App Attest Key.
• Support Android 11 and below.
• Support automatic selection mode.

PR is welcomed.

Acknowledgement

• PlayIntegrityFix
• FrameworkPatch
• BootloaderSpoofer
• KeystoreInjection
• LSPosed
• Main dev 5ec1cff
• Module Source