Skip to content

[Enhancement]: Revise inbuilt keybox-integrity spoofing method #356

Description

@sreeshankark

Description
Currently we use Play Integrity Fix & Tricky Store to fix integrity of the device. But the major drawback for this combo is this won't allow to add cards for contactless payment in GPay/GWallet. The fix is to revise the spoofing method.

Revised method as follows:
• Modules to be used

• How it works?
Specter coordinates Play Integrity Fix and TEE Simulator-RS to spoof the integrity of the device. Here Specter acts as Tricky Store as well as a coordinator. It will automatically generate targetlist.txt for the available apps each time you execute the script. The main advantage of this is Specter keybox repository will be updated with latest available keybox. So running the script will fetch from the repository and cross check the serial number of keybox with Google to ensure it is not revoked. This allows to pass strong integrity anytime with a single click. By any means if all keyboxes are revoked, then there is an option to import custom keybox into Specter. TEE Simulator-RS will spoof the device as locked bootloader device to make GPay/GWallet contactless payments work.

Specter action script log:

[07:31:54] [I] [ACTION] Running full integrity pipeline
[07:31:54] [D] [PLAY_STORE] Force-stopping Play Store
[07:31:55] [I] [PLAY_STORE] Play Store force-stopped
[07:31:55] [I] [PLAY_STORE] Play Store data cleared
[07:31:55] [I] [PLAY_STORE] Play Store management complete
[07:31:55] [D] [TARGET] Starting target management
[07:31:55] [I] [TARGET] Mode: merge
[07:31:57] [I] [TARGET] Checked  entries, added 0
[07:31:57] [I] [TARGET] Target management complete
[07:31:59] [I] [SECURITY_PATCH] Fetched security patch date: 2026-06-05
[07:31:59] [I] [SECURITY_PATCH] The security patch is written
[07:31:59] [D] [KEYBOX] Starting keybox fetch/install
[07:31:59] [I] [KEYBOX] Fetching available keyboxes...
[07:32:01] [I] [KEYBOX] Randomly selected: @Xiaomi_Lei_Jun 3 (entry 0 of 1)
[07:32:01] [I] [KEYBOX] Downloading keybox...
[07:32:01] [D] [NET] Downloading https://rawbin.dpejoh.com/key/@Xiaomi_Lei_Jun/3
[07:32:02] [D] [NET] Downloaded (22644) bytes
[07:32:02] [D] [KEYBOX] Downloaded 22644 bytes
[07:32:02] [D] [KEYBOX] Decoded 16983 bytes
[07:32:03] [I] [KEYBOX] Checking Google revocation for serial b84c8d317d9a09e35d40cec2191cc4
[07:32:03] [I] [KEYBOX] Keybox is not revoked
[07:32:03] [D] [KEYBOX] TEE Simulator detected, generating locked.xml format
[07:32:03] [D] [KEYBOX] Locked XML written to /data/adb/tricky_store/locked.xml
[07:32:03] [I] [KEYBOX] Keybox install complete
[07:32:03] [I] [PIF] Starting PIF fingerprint update
[07:32:04] [I] [PIF] Detected: Play Integrity Fix [INJECT]
[07:32:21] [I] [PIF] Selected Device: Pixel 6 Pro
[07:32:21] [I] [PIF] PIF fingerprint updating complete
[07:32:23] [D] [DESC] New description: 🔑 @Xiaomi_Lei_Jun 3 · ✅ | 55 apps | 🛡️ 2026-06-05
[07:32:23] [I] [ACTION] Full integrity pipeline completed

Images

GPay/GWallet card added for NFC payments (Proof):

Image

Kindly check @rmp22

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions