# 5ec1cff/trickystore

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/5ec1cff-trickystore).**

5,235 stars · 339 forks

## Links

- GitHub: https://github.com/5ec1cff/TrickyStore
- awesome-repositories: https://awesome-repositories.com/repository/5ec1cff-trickystore.md

## Description

TrickyStore is an Android device integrity emulator and keystore attestation spoofer. It functions as a framework to intercept keystore calls and provide modified certificate chains and security metadata to bypass hardware attestation requirements.

The project enables the injection of hardware keyboxes and the modification of key attestation certificates to simulate a secure root of trust. It allows for the overriding of security patch levels and operating system versions to mask a device's identity and state from third party applications.

The system includes capabilities for application-specific attestation filtering, asymmetric key generation, and the persistent storage of attestation keys to maintain consistency across device reboots. It can toggle between modifying existing certificates and generating new chains based on a target configuration list.

## Tags

### Security & Cryptography

- [Device Integrity Emulators](https://awesome-repositories.com/f/security-cryptography/android-device-spoofing/device-integrity-emulators.md) — Modifying security metadata and attestation targets to masquerade a device's identity and state from third party apps.
- [Keystore Attestation Spoofing](https://awesome-repositories.com/f/security-cryptography/android-device-spoofing/keystore-attestation-spoofing.md) — Bypasses device integrity checks by intercepting and modifying certificate chains returned by the Android Keystore.
- [Keystore Call Interception](https://awesome-repositories.com/f/security-cryptography/keystore-management/keystore-call-interception.md) — Intercepts system keystore calls to provide modified certificate chains and security metadata to applications. ([source](https://github.com/5ec1cff/TrickyStore/blob/release/changelog.md))
- [Security Patch Level Spoofing](https://awesome-repositories.com/f/security-cryptography/application-and-system-security/automated-security-patching/security-patch-level-spoofing.md) — A product feature to modify or spoof the reported security patch level returned by the key attestation process. ([source](https://github.com/5ec1cff/TrickyStore#readme))
- [Attestation Metadata Overriding](https://awesome-repositories.com/f/security-cryptography/attestation-metadata-overriding.md) — Rewrites security patch levels and OS versions within attestation certificates to mask device state.
- [Attestation Metadata Spoofing](https://awesome-repositories.com/f/security-cryptography/attestation-metadata-spoofing.md) — Provides capabilities to adjust security patch levels and OS versions within attestation certificates to mask device state. ([source](https://github.com/5ec1cff/TrickyStore/blob/release/changelog.md))
- [Certificate Chain Spoofing](https://awesome-repositories.com/f/security-cryptography/certificate-chain-spoofing.md) — Modifies leaf and intermediate certificates of key attestations to spoof device security properties.
- [Keybox Injection](https://awesome-repositories.com/f/security-cryptography/device-attestation-provisioning/hardware-identity-attestations/keybox-injection.md) — Enables the injection of provided keybox files to achieve higher levels of device integrity attestation. ([source](https://github.com/5ec1cff/TrickyStore#readme))
- [Hardware Attestation Bypasses](https://awesome-repositories.com/f/security-cryptography/hardware-attestation-bypasses.md) — Simulates hardware-backed security and valid keyboxes to pass integrity verification in restricted applications.
- [Application Target Filtering](https://awesome-repositories.com/f/security-cryptography/attestation-metadata-spoofing/application-target-filtering.md) — A product capability to define specific packages that undergo certificate modification through a configuration list. ([source](https://github.com/5ec1cff/TrickyStore#readme))
- [Attestation Mode Toggles](https://awesome-repositories.com/f/security-cryptography/attestation-mode-toggles.md) — A product feature to determine whether to modify the leaf certificate or generate a new certificate for individual target packages. ([source](https://github.com/5ec1cff/TrickyStore/blob/release/README.md))
- [Software-Backed Key Emulation](https://awesome-repositories.com/f/security-cryptography/cryptographic-key-management/cryptographic-key-generation/hardware-internal-key-generation/software-backed-key-emulation.md) — Creates and stores asymmetric keys in a root-protected database to simulate hardware-backed generation. ([source](https://github.com/5ec1cff/TrickyStore/blob/release/SECURITY.md))
- [Hardware Key Importations](https://awesome-repositories.com/f/security-cryptography/cryptographic-key-management/external-key-integration/hardware-key-importations.md) — Implements utilities to parse and import custom attestation keys and extract verified boot keys. ([source](https://github.com/5ec1cff/TrickyStore/blob/release/changelog.md))
- [Attestation Keybox Injection](https://awesome-repositories.com/f/security-cryptography/cryptographic-key-management/external-key-integration/hardware-key-importations/attestation-keybox-injection.md) — Imports hardware-backed attestation keys to pass strict integrity verification on Android devices.
- [Application-Based Filters](https://awesome-repositories.com/f/security-cryptography/granular-access-controls/query-permission-filters/application-based-filters.md) — Uses application-based filters to determine which specific packages receive modified certificates.

### Operating Systems & Systems Programming

- [Keystore Call Interception](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/system-calls/system-call-interceptors/symbol-interception/keystore-call-interception.md) — Intercepts requests to the device keystore to replace authentic responses with modified attestation data.

### Development Tools & Productivity

- [Application-Specific Attestation Filtering](https://awesome-repositories.com/f/development-tools-productivity/attestation-verification-tools/app-integrity-attestations/application-specific-attestation-filtering.md) — A feature in the product to identify and filter which applications undergo certificate chain modifications using a target list. ([source](https://github.com/5ec1cff/TrickyStore/blob/release/README.zh-CN.md))