Skip to content

Commit 63dd76f

Browse files
authored
Merge pull request #2458 from HackTricks-wiki/research_update_src_mobile-pentesting_android-app-pentesting_play-integrity-attestation-bypass_20260702_141403
Research Update Enhanced src/mobile-pentesting/android-app-p...
2 parents 1643351 + b854efd commit 63dd76f

1 file changed

Lines changed: 35 additions & 3 deletions

File tree

src/mobile-pentesting/android-app-pentesting/play-integrity-attestation-bypass.md

Lines changed: 35 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,13 @@
99
- **`appIntegrity`**: APK build/signature match (no repack/tamper).
1010
- **`deviceIntegrity`**: genuine & certified device, locked bootloader, no root/system tamper.
1111
- **`accountDetails`**: installation via Google Play.
12+
- **`environmentDetails`** *(optional)*: recent integrations can also request signals about risky apps in the environment (overlay, capture, control) and Play Protect state.
13+
- **Other optional signals**: some backends also enable **recent device activity** or **device recall** to catch hyperactive devices and previously flagged hardware even when a verdict otherwise looks valid.
1214

1315
Key verdict flags commonly enforced:
1416
- `MEETS_BASIC_INTEGRITY`: token generated by genuine Play Services (not emulator/tampered transport).
1517
- `MEETS_DEVICE_INTEGRITY`: genuine/certified device, bootloader locked, no root/system tamper.
16-
- `MEETS_STRONG_INTEGRITY`: requires `DEVICE` plus **recent security patches on all partitions (OS + vendor)**.
18+
- `MEETS_STRONG_INTEGRITY`: on **Android 13+** it requires `DEVICE` plus **recent security patches on all partitions (OS + vendor)**. On **Android 12 and lower**, it mainly means hardware-backed boot integrity, so it is a weaker signal than many testers assume.
1719

1820
## Bypass Model
1921

@@ -26,8 +28,9 @@ Google mitigates by **revoking abused keyboxes**; rotation is required when a ke
2628

2729
## Prerequisites & Tooling
2830

29-
- **Root hiding:** [ReZygisk](https://github.com/PerformanC/ReZygisk) (or ZygiskNext). Disable Zygisk, enable Magisk Hide, install module, reboot.
31+
- **Root hiding:** [ReZygisk](https://github.com/PerformanC/ReZygisk) (or ZygiskNext). Disable Zygisk, enable Magisk Hide, install module, reboot. If the target also detects Zygote injection or Frida side effects, cross-check [Android anti-instrumentation and SSL pinning bypass](android-anti-instrumentation-and-ssl-pinning-bypass.md).
3032
- **Key attestation spoofing:** [TrickyStore](https://github.com/5ec1cff/TrickyStore) + [Tricky Addon](https://github.com/KOWX712/Tricky-Addon-Update-Target-List) (Magisk modules).
33+
- **Property / fingerprint spoofing:** [PlayIntegrityFork](https://github.com/osm0sis/PlayIntegrityFork). It mainly spoofs props only for the Google Play Services **DroidGuard** path. This mainly helps with **Android `<13`** or apps that still gate on legacy/softer checks; on **Android 13+** a passing `DEVICE` verdict still depends on locked-bootloader, hardware-backed signals.
3134
- **UI helper:** [KSU Web UI](https://github.com/adivenxnataly/KsuWebUI) to drive TrickyStore.
3235
- **Validation:** [Play Integrity API Checker](https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck) and [Key Attestation](https://github.com/vvb2060/KeyAttestation) APKs.
3336
- Optional background on attestation key material: <https://tryigit.dev/android-keybox-attestation-analysis>
@@ -46,10 +49,37 @@ Google mitigates by **revoking abused keyboxes**; rotation is required when a ke
4649
1. In TrickyStore, pick **Set Security Patch****Get Security Patch Date****Save**.
4750
2. Re-run *Play Integrity API Checker*; `MEETS_STRONG_INTEGRITY` should now pass.
4851

52+
## Practical Tester Angles Against Weak Integrations
53+
54+
Even when you cannot permanently recover `DEVICE`/`STRONG`, many app backends still misuse the API. During testing, look for:
55+
56+
- **Missing action binding:** `standard` requests should bind the protected action to `requestHash`; `classic` requests should bind it to a high-entropy `nonce`. `standard` requests have Google-managed replay mitigation, but the backend still needs to validate `requestHash` (and the request timestamp) against the protected action. `classic` integrations are especially replay-prone if the server accepts any valid token without matching the original `nonce`.
57+
- **Weak freshness checks:** verify whether the backend enforces `timestampMillis` and rejects old tokens. Long replay windows are common in rushed integrations.
58+
- **Over-trusting package metadata:** Google documents that `requestPackageName` can be spoofed in the middle of the request, so it should not be the only app-identity check.
59+
- **Legacy policy assumptions:** some apps still treat `MEETS_STRONG_INTEGRITY` as equivalent across Android versions. On pre-13 devices that can lead to weaker trust decisions than the product team expects.
60+
61+
## Emerging Technique: Remote Key Attestation (RKA)
62+
63+
A newer evolution is to **relay the attestation request to another Android device** instead of copying `keybox.xml` onto every client device. The usual flow is:
64+
65+
1. Intercept the local Key Attestation / Play Integrity request before it reaches the TEE/KeyStore path.
66+
2. Forward the nonce / app identity / request details to a remote rooted host.
67+
3. Let that host generate the attestation response using either an unrevoked legacy keybox or a genuinely vulnerable device whose boot chain still reports a locked state.
68+
4. Return the attestation blob to the client app/backend.
69+
70+
Why it matters for testers:
71+
72+
- it avoids burning a public `keybox.xml` on every device used during an assessment;
73+
- it makes simple certificate-serial revocation less effective against the operator;
74+
- it shifts the problem from **keybox distribution** to **relay infrastructure + host-device compromise**.
75+
76+
This is where the ecosystem is moving: **Remote Key Provisioning (RKP)** reduces the long-term value of leaked static keyboxes, but it does **not** fully remove relay-style attacks when the attacker controls a privileged or exploited host device.
77+
4978
## Operational Notes
5079

5180
- **Revocation risk:** Hitting the API repeatedly with the same `keybox.xml` can flag and block it. If blocked, replace with a fresh valid keybox.
52-
- **Arms race:** Publicly shared keyboxes burn fast; keep private copies and track community module updates (XDA/Telegram/GitHub) for new working chains.
81+
- **Arms race:** Publicly shared keyboxes burn fast; keep private copies and track community module updates (XDA/Telegram/GitHub) for new working chains. Newer RKA-style setups reduce direct keybox exposure but increase operational complexity.
82+
- **Optional environment / abuse signals:** Some newer apps also evaluate `environmentDetails` (for example risky overlay/capture/control apps), `recentDeviceActivity`, or `deviceRecall`. In those cases, passing `DEVICE`/`STRONG` alone is not enough if your testing stack leaves visible overlay, accessibility, screen-capture artifacts, or generates obviously abnormal token volume.
5383
- **Scope:** This bypass only spoofs attestation inputs; backend signature verification by Google still succeeds because the JWT itself is genuine.
5484

5585
## References
@@ -62,5 +92,7 @@ Google mitigates by **revoking abused keyboxes**; rotation is required when a ke
6292
- [Play Integrity API Checker](https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck)
6393
- [Key Attestation](https://github.com/vvb2060/KeyAttestation)
6494
- [Android keybox attestation analysis](https://tryigit.dev/android-keybox-attestation-analysis)
95+
- [Integrity verdicts | Android Developers](https://developer.android.com/google/play/integrity/verdicts)
96+
- [Bypassing the Key Attestation API with Remote Devices](https://www.guardsquare.com/blog/bypassing-key-attestation-api)
6597

6698
{{#include ../../banners/hacktricks-training.md}}

0 commit comments

Comments
 (0)