Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

question about https://github.com/chiteroman/android_system_security #472

Open
long-crypto opened this issue Nov 9, 2024 · 11 comments
Open

Comments

@long-crypto
Copy link

sorry to post issue here.
since all public keybox are revoked. is it possible to make this patch use device default keybox?

@DanGLES3
Copy link
Contributor

DanGLES3 commented Nov 9, 2024

sorry to post issue here. since all public keybox are revoked. is it possible to make this patch use device default keybox?

Play Integrity Fix can't simply use the device's default keybox as it's embedded into the TEE which it has no way to access.

@long-crypto
Copy link
Author

not pif , this patch https://github.com/chiteroman/android_system_security

@DanGLES3
Copy link
Contributor

DanGLES3 commented Nov 9, 2024

not pif , this patch https://github.com/chiteroman/android_system_security

That still requires one to provide a keybox, it can't just use the embedded device keybox

@DanGLES3
Copy link
Contributor

DanGLES3 commented Nov 9, 2024

not pif , this patch https://github.com/chiteroman/android_system_security

Extracting/using the device's stock keybox would require finding an exploit that would allow doing so as the stock keybox isn't just a file you can easily access

@DanGLES3
Copy link
Contributor

DanGLES3 commented Nov 9, 2024

not pif , this patch https://github.com/chiteroman/android_system_security

The keystore system this patch modifies doesn't have access to the TEE thus no way to see/access the device's stock keybox (not a single part of Android can access the stock keybox)

@long-crypto
Copy link
Author

oh, sad

@DanGLES3
Copy link
Contributor

DanGLES3 commented Nov 9, 2024

oh, sad

If it were so easy to extract a device's keybox then all devices would have to be revoked

@long-crypto
Copy link
Author

hope we will get another solution in the future.

@long-crypto
Copy link
Author

can we just call it to work instead of extract keybox?

@DanGLES3
Copy link
Contributor

DanGLES3 commented Nov 9, 2024

can we just call it to work instead of extract keybox?

What do you mean exactly? If you mean somehow use the device's keybox without extracting it, then no, because to use a keybox you would need to know what the keybox is exactly

@long-crypto
Copy link
Author

long-crypto commented Nov 9, 2024

understand, thank you for your reply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants