storage-backups/PlayIntegrityFix
1
0
Fork 0
mirror of https://github.com/chiteroman/PlayIntegrityFix.git synced 2025-04-29 01:22:07 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
Maybe actually provide accurate info?
This commit is contained in:
Thisisauser6443 2025-03-01 18:15:21 +00:00 committed by GitHub
parent b9df941b1b
commit e6b5644a55
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -44,7 +44,7 @@ And in SafetyNet you should get this:
- evaluationType: BASIC
## A word on passing Strong Integrity
While this module only returns passing verdicts for as far up as `MEETS_DEVICE_INTEGRITY` (Soon to be only up as far as `MEETS_BASIC_INTEGRITY` by the [new verdict requirements for Android 13 and later](https://developer.android.com/google/play/integrity/improvements)), it is possible to achieve a passing verdict for `MEETS_STRONG_INTEGRITY` by using [5ec1cff's TrickyStore](https://github.com/5ec1cff/TrickyStore), to spoof a valid certificate chain (Often distributed as a file named `keybox.xml` and just called a _keybox_) to your device's [Trusted Execution Environment (TEE) module](https://en.wikipedia.org/wiki/Trusted_execution_environment).
While this module only returns passing verdicts for as far up as `MEETS_DEVICE_INTEGRITY`, it is possible to achieve a passing verdict for `MEETS_STRONG_INTEGRITY` by using [5ec1cff's TrickyStore](https://github.com/5ec1cff/TrickyStore), to spoof a valid certificate chain (Often distributed as a file named `keybox.xml` and just called a _keybox_) to your device's [Trusted Execution Environment (TEE) module](https://en.wikipedia.org/wiki/Trusted_execution_environment).
_**However, it must be stressed that a keybox is hard to come by**_, given that they're leaked (Usually inadvertently) from OEMs and vendors. Even then, they are also often quite quickly revoked, due to a combination of people sending a deluge of server requests (Mostly for flexing their strong verdicts, which they probably didn't need anyway... You know who you are) and Google [deploying specialised crawlers](https://developers.google.com/search/docs/crawling-indexing/google-special-case-crawlers#google-safety) for detecting said keyboxes. You'll know you're using a revoked keybox when you're only passing `MEETS_BASIC_INTEGRITY`, at which point you'll need to find another to return to Strong Integrity, or use the publicly available AOSP keybox/just remove TrickyStore to return to Device Integrity