KeyCrawler is a Python project designed to fetch, validate, and manage keybox.xml files from GitHub. This project is specifically intended to work with TrickyStore, a tool for modifying certificate chains in Android Key Attestation to pass integrity checks.
The scraper uses the GitHub API to locate keybox.xml files, validating their content with the google pubkey.
Hacked together really quick - making it public as now I use a stock rom.
- Scrapes
keybox.xmlfiles from GitHub repositories using the GitHub API. - Validates
keybox.xmlfiles using a custom validation function (keybox_checkfromcheck.py). - Stores validated files in a hashed format to prevent duplicates.
- Provides an interactive interface to manage invalid files.
- Python 3.8+
- Poetry
- A GitHub personal access token with permissions to search code repositories.
-
Clone the repository and navigate to the project directory:
git clone KeyCrawler cd KeyCrawler -
Install the required Python libraries using Poetry:
poetry install
-
Create a
.envfile in the project directory and add your GitHub personal access token:GITHUB_TOKEN=your_personal_access_token
-
Ensure the
check.pyfile exists in the project directory with a valid implementation of thekeybox_checkfunction. -
Create a directory named
keysin the project root to store the downloaded XML files:mkdir keys
-
Run the main script to scrape
keybox.xmlfiles from GitHub, validate them, and save them:poetry run python main.py
-
Follow the interactive prompts to manage invalid files in the
keysdirectory. -
Use the keys with TrickyStore to achive strong intergrity.
- The project uses the GitHub API and requires a valid token in the
.envfile. Make sure the token has the necessary permissions to search code repositories. - This project is intended to be used with TrickyStore.
- The script only processes fully valid xml files.
This project is licensed under the GPLv3 License.
Contributions are welcome! Feel free to fork the repository and submit pull requests.