Skip to content

Magniquick/KeyCrawler

BranchesTags

Repository files navigation

KeyCrawler 🔑

Overview

KeyCrawler is a Python project designed to fetch, validate, and manage keybox.xml files from GitHub. This project is specifically intended to work with TrickyStore / TrickyStoreOSS, tools for modifying certificate chains in Android Key Attestation to pass integrity checks.

The scraper uses the GitHub API to locate keybox.xml files, validating their content with the Google public key.

Hacked together really quick - any contributions to improve the code quality are welcome!

Features

  • Scrapes keybox.xml files from GitHub repositories using the GitHub API.
  • Validates keybox.xml files using a custom validation function (keybox_check from check.py).
  • Stores validated files in a hashed format to prevent duplicates.
  • Provides an interactive interface to manage invalid files.

Requirements

  • Python 3.10+
  • Uv (recommended) or your preferred Python environment manager.
  • A GitHub personal access token with permissions to search code repositories.

Setup

  1. Clone the repository and navigate to the project directory:

    git clone KeyCrawler
cd KeyCrawler

  2. Install the required Python libraries using uv:

    uv venv
uv sync

    (Or use your preferred method to install dependencies from pyproject.toml.)

  3. Create a .env file in the project directory and add your GitHub personal access token:

    GITHUB_TOKEN=your_personal_access_token

Note

Visit GitHub's tokens panel to create a token.

Usage

Run the main script to

  1. Import any custom keyboxes from the manual directory,
  2. Scrape keybox.xml files from GitHub, validate them, and save them.
  3. Clean up old and invalid files from the keys directory.
uv run python3 ./main.py

Use the keys with TrickyStore or TrickyStoreOSS to achieve strong integrity.

Important

The project uses the GitHub API and requires a valid token in the .env file. Make sure the token has the necessary permissions ( the public_repo permission) to search code repositories.

Limitations

  • The script only processes fully valid XML files.

License

This project is licensed under the GPLv3 License.

Contributing

Contributions are welcome! Feel free to fork the repository and submit pull requests.

Tip

To install development dependencies (type hints for now), run:

uv sync --dev

Acknowledgments

About

Crawls android keybox files from literally all of GitHub.

Resources

Readme
Activity

Stars

96 stars

Watchers

6 watching

Forks

34 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages