KeyCrawler is a Python project designed to fetch, validate, and manage keybox.xml files from GitHub. This project is specifically intended to work with TrickyStore, a tool for modifying certificate chains in Android Key Attestation to pass integrity checks.
The scraper uses the GitHub API to locate keybox.xml files, validating their content with the Google public key.
Hacked together really quick - making it public as now I use a stock ROM.
- Scrapes
keybox.xmlfiles from GitHub repositories using the GitHub API. - Validates
keybox.xmlfiles using a custom validation function (keybox_checkfromcheck.py). - Stores validated files in a hashed format to prevent duplicates.
- Provides an interactive interface to manage invalid files.
- Python 3.10+
- uv
- A GitHub personal access token with permissions to search code repositories.
-
Clone the repository and navigate to the project directory:
git clone KeyCrawler cd KeyCrawler -
Install the required Python libraries using uv:
uv venv uv pip install . -
Create a
.envfile in the project directory and add your GitHub personal access token:GITHUB_TOKEN=your_personal_access_token
-
Create a directory named
keysin the project root to store the downloaded XML files. Also, create a cache file to store the cache for the URLs already checked:mkdir keys; touch cache.txt
-
Run the main script to scrape
keybox.xmlfiles from GitHub, validate them, and save them:uv run python3 ./keyboxer.py
-
Follow the interactive prompts to manage invalid files in the
keysdirectory. -
Use the keys with TrickyStore to achieve strong integrity.
- The project uses the GitHub API and requires a valid token in the
.envfile. Make sure the token has the necessary permissions to search code repositories. - This project is intended to be used with TrickyStore.
- The script only processes fully valid XML files.
This project is licensed under the GPLv3 License.
Contributions are welcome! Feel free to fork the repository and submit pull requests.