Forwarded from 5ec1cff (5ec1cff)
Tricky-Store-v1.4.0-235-e15da3d-release.zip
2.6 MB
TrickyStore 1.4.0
支持持久化存储已生成的密钥
支持自动解析 AVB key(联发科设备疑似使用了自定义算法,暂不支持)
支持自定义认证密钥的解析和导入
支持拦截并模拟更多 keystore 操作
修复一些证书链生成问题
新功能用法请参照安装包中的 README.MD 和 SECURITY.MD。
Support persistent storage of generated keys
Support automatic parsing of AVB keys (MediaTek devices seem to use a custom algorithm, currently not supported)
Support parsing and importing of custom attestation keys
Support intercepting and simulating more keystore operations
Fix some certificate chain generation issues
For usage of the new features, please refer to README.MD and SECURITY.MD in installation package.
SHA256: 147eeaf08ae50793a689b1de17bd17f96747b9c7e8a46f9576d3f15e8ba9942c
real5ec1cff | Github
支持持久化存储已生成的密钥
支持自动解析 AVB key(联发科设备疑似使用了自定义算法,暂不支持)
支持自定义认证密钥的解析和导入
支持拦截并模拟更多 keystore 操作
修复一些证书链生成问题
新功能用法请参照安装包中的 README.MD 和 SECURITY.MD。
Support persistent storage of generated keys
Support automatic parsing of AVB keys (MediaTek devices seem to use a custom algorithm, currently not supported)
Support parsing and importing of custom attestation keys
Support intercepting and simulating more keystore operations
Fix some certificate chain generation issues
For usage of the new features, please refer to README.MD and SECURITY.MD in installation package.
SHA256: 147eeaf08ae50793a689b1de17bd17f96747b9c7e8a46f9576d3f15e8ba9942c
real5ec1cff | Github
👍21🔥3❤🔥2🤔1
5ec1cff
Tricky-Store-v1.4.0-235-e15da3d-release.zip
Luckily I'm no longer using MediaTek for Root. Nothing to worry about.
👍20🤯2
Citra Integrity Trick
Request Automation log has an error. One line showing request approved until 2026. Account successfully added also, but Mi Unlock say "This device not actived, please activate it and try to unlock it again". Looks I didn't get the chance.
Unlocking status :
Last check 18 hours to unlock.
Last check 18 hours to unlock.
🥰9👍5❤🔥3🔥1
I use pif_nozygisk with Tricky Store. It work pass integrity.
Forwarded from Disclosure | Root detector (Rem01 Gaming)
Disclosure Just Updated To Version 1.2.1
Disclosure is a root detection program to identify detection loopholes on a wide range of Android root solutions, similar to Reveny's ND or Momo.
📥 Download
🧑💻 @disclosureofroot
Disclosure is a root detection program to identify detection loopholes on a wide range of Android root solutions, similar to Reveny's ND or Momo.
Changelog
• Fix false positives
• Fix edge-to-edge UI issue
• Improve SELinux context leak detection
• Misc changes and optimizations
📥 Download
🧑💻 @disclosureofroot
1🤔8👍2
1😱22🔥14👍8
Version R251029 public test.
Changelog :
- added built-in PIF props spoof.
Note:
Changelog :
- added built-in PIF props spoof.
Note:
Do not enable developers option from your root manager, it for debugging.
If you have issue installing, read this post.
👍11🔥4
Citra Integrity Trick
Version R251029 public test. Changelog : - added built-in PIF props spoof. Note: Do not enable developers option from your root manager, it for debugging. If you have issue installing, read this post.
To pass integrity.
- make sure Tricky Store installed.
- retrieve new key from TSupport.
- use stockrom ( custom rom need pif module )
- make sure Tricky Store installed.
- retrieve new key from TSupport.
- use stockrom ( custom rom need pif module )
1👍29
#updates #tsupport #hmaoss
TSupport-Advance [ R251030 ]
Changes :
- Add Compatibility for HMA-OSS
Usefull Link:
📥 Download
❗️ Install error
🚫 Bug report
TSupport-Advance [ R251030 ]
Changes :
- Add Compatibility for HMA-OSS
Usefull Link:
📥 Download
❗️ Install error
🚫 Bug report
1🔥25👍12❤🔥2🤔2
Forwarded from Yiğit
🚨 URGENT SECURITY ADVISORY
SUBJECT: Malicious Persistence and Covert Networking in Magisk Module "Play Integrity Pr**ium -v19.9"
DEV OF CONCERN: f***h7
ACTION REQUIRED: IMMEDIATE UNINSTALLATION AND MANDATORY FACTORY RESET
------
1. EXECUTIVE SUMMARY
A security alert's been sent out about the Magisk add-on "Play Integrity P*m -v19.9". Tests show it’s harmful, once loaded, a hidden component sticks around even after removal. Instead of shutting down, it quietly phones home to a remote attacker’s machine.
This hands over total power to the hacker. One sure way to get rid of it? Wipe the device clean using a factory reset.
------
2. DETAILED ANALYSIS
The module uses various harmful methods, this is why experts often label it a risky spyware tool or even a rootkit
- CODE OBFUSCATION: The module’s noscripts are purposely jumbled and concealed; this approach aims to keep users or security analysts from spotting its real, harmful actions.
- PERSISTENCE SETUP: This module drops a program into a main system folder (/system/bin/), one that’s separate from Magisk itself, so it sticks around even after uninstall. Because it's set to launch at startup with elevated access, it kicks in each time the device powers up - no extra steps needed.
- COVERT NETWORKING: A sneaky payload like this one's main job is phoning back to base. It works quietly behind the scenes, reaching out to a far-off server controlled by a hacker. From there, that hacker can steal info off your gadget, push fresh instructions to it, or rope your phone into a network of hijacked devices, all while you stay clueless.
------
3. EVIDENCE
The data shown here came straight from the setup files of the module.
EVIDENCE A: Code Obfuscation
The noscript hides a payload through layered encoding along with reversed instructions, so checking it by hand won't work unless it's first cleaned up.
EVIDENCE B: Persistence Command
This command grabs the harmful code from the module’s temporary spot, then moves it to a fixed system folder while setting it to run. That's what lets the malware stick around even after removal attempts.
------
4. POTENTIAL RISKS
A hacked gadget running deep malware lets the attacker:
- Snatch every bit of your info: login codes, bank stuff, personal chats, pictures.
Keep tabs on your moves by grabbing control of the camera~ also listens through the mic while tracking where you are right now.
- Keep track of what you type by saving each key pressed.
Unauthorized access to your device and malicious use.
------
5. MANDATORY ACTION PLAN
If you once put in this module, your device’s already at risk - do exactly what's next without delay.
1. BACKUP ESSENTIAL FILES ONLY:
Right away, save your private stuff - like pictures or paperwork - to a separate gadget. Don’t make a complete copy of the whole system, since that could include infected parts.
2. PERFORM A FACTORY RESET:
This’s the single method that clears the system partition while making sure malware’s gone. Head into Settings, tap System, pick Reset options, then choose Erase all data - basically a factory reset.
3. CHANGE ALL YOUR PASSWORDS
(Banks, online profiles, stuff like that) Take it as given that someone’s already got every password)
------
6. HOW TO PROTECT YOURSELF IN THE FUTURE
When code’s deliberately obscured, like being encrypted or jumbled, flag it as dangerous. Real devs show their work clearly. If something’s cloaked, it’s likely malicious; that’s the top warning sign.
- MAKE SURE IT'S SAFE WITH COMMUNITY CHECKS: When adding a fresh or unfamiliar module, hold off until reliable folks have looked it over; look up comments on solid boards such as XDA Developers or stick around till recognized group leads (for example, Cleverestech mods) break down what’s inside.
Please pass on this info to keep folks around safe.
SUBJECT: Malicious Persistence and Covert Networking in Magisk Module "Play Integrity Pr**ium -v19.9"
DEV OF CONCERN: f***h7
ACTION REQUIRED: IMMEDIATE UNINSTALLATION AND MANDATORY FACTORY RESET
------
1. EXECUTIVE SUMMARY
A security alert's been sent out about the Magisk add-on "Play Integrity P*m -v19.9". Tests show it’s harmful, once loaded, a hidden component sticks around even after removal. Instead of shutting down, it quietly phones home to a remote attacker’s machine.
This hands over total power to the hacker. One sure way to get rid of it? Wipe the device clean using a factory reset.
------
2. DETAILED ANALYSIS
The module uses various harmful methods, this is why experts often label it a risky spyware tool or even a rootkit
- CODE OBFUSCATION: The module’s noscripts are purposely jumbled and concealed; this approach aims to keep users or security analysts from spotting its real, harmful actions.
- PERSISTENCE SETUP: This module drops a program into a main system folder (/system/bin/), one that’s separate from Magisk itself, so it sticks around even after uninstall. Because it's set to launch at startup with elevated access, it kicks in each time the device powers up - no extra steps needed.
- COVERT NETWORKING: A sneaky payload like this one's main job is phoning back to base. It works quietly behind the scenes, reaching out to a far-off server controlled by a hacker. From there, that hacker can steal info off your gadget, push fresh instructions to it, or rope your phone into a network of hijacked devices, all while you stay clueless.
------
3. EVIDENCE
The data shown here came straight from the setup files of the module.
EVIDENCE A: Code Obfuscation
The noscript hides a payload through layered encoding along with reversed instructions, so checking it by hand won't work unless it's first cleaned up.
shell
eval "$(echo "long.encoded.string..." | rev | base64 -d)"
EVIDENCE B: Persistence Command
This command grabs the harmful code from the module’s temporary spot, then moves it to a fixed system folder while setting it to run. That's what lets the malware stick around even after removal attempts.
shell
ui_print "- Installing core service..."
cp -f $MODPATH/system/payload.sh into /system/bin/sysdaemon
chmod 755 /system/bin/sysdaemon
------
4. POTENTIAL RISKS
A hacked gadget running deep malware lets the attacker:
- Snatch every bit of your info: login codes, bank stuff, personal chats, pictures.
Keep tabs on your moves by grabbing control of the camera~ also listens through the mic while tracking where you are right now.
- Keep track of what you type by saving each key pressed.
Unauthorized access to your device and malicious use.
------
5. MANDATORY ACTION PLAN
If you once put in this module, your device’s already at risk - do exactly what's next without delay.
1. BACKUP ESSENTIAL FILES ONLY:
Right away, save your private stuff - like pictures or paperwork - to a separate gadget. Don’t make a complete copy of the whole system, since that could include infected parts.
2. PERFORM A FACTORY RESET:
This’s the single method that clears the system partition while making sure malware’s gone. Head into Settings, tap System, pick Reset options, then choose Erase all data - basically a factory reset.
3. CHANGE ALL YOUR PASSWORDS
(Banks, online profiles, stuff like that) Take it as given that someone’s already got every password)
------
6. HOW TO PROTECT YOURSELF IN THE FUTURE
When code’s deliberately obscured, like being encrypted or jumbled, flag it as dangerous. Real devs show their work clearly. If something’s cloaked, it’s likely malicious; that’s the top warning sign.
- MAKE SURE IT'S SAFE WITH COMMUNITY CHECKS: When adding a fresh or unfamiliar module, hold off until reliable folks have looked it over; look up comments on solid boards such as XDA Developers or stick around till recognized group leads (for example, Cleverestech mods) break down what’s inside.
Please pass on this info to keep folks around safe.
😱39🔥9👍5👨💻4❤🔥1