whatisgithub

What is trickystore?

5ec1cff/trickystore — explained in plain English

Analysis updated 2026-06-26

5,876Audience · developerComplexity · 3/5Setup · hard

In one sentence

TrickyStore is a Magisk module for Android that tricks apps into believing your rooted phone is unmodified, by substituting a fake security certificate during hardware integrity checks.

Mindmap

mindmap
  root((TrickyStore))
    What it does
      Integrity spoofing
      Root hiding
      Certificate substitution
    Tech stack
      Magisk
      Zygisk
      Android 12+
    Key features
      Keybox substitution
      Build vars spoofing
      Per-app targeting
      Fake cert chain
    Config files
      target.txt
      Keybox XML
      Props file
    Limitations
      Android 12+ only
      Keybox required
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Make banking or streaming apps work on a rooted Android phone by spoofing the Play Integrity hardware attestation check.

USE CASE 2

Override what model and fingerprint your Android device reports so it appears to be a completely different unmodified phone.

USE CASE 3

Apply integrity spoofing selectively to specific apps only, leaving other apps unaffected via the target list.

What is it built with?

MagiskZygiskAndroid

How does it compare?

5ec1cff/trickystoreglpi-project/glpilark-parser/lark
Stars5,8765,8765,876
LanguagePHPPython
Setup difficultyhardmoderateeasy
Complexity3/54/52/5
Audiencedeveloperops devopsdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires a valid keybox XML file containing cryptographic keys from a real device, these are not provided and must be sourced separately.

So what is it?

TrickyStore is an Android module you install via Magisk, a popular rooting tool. Its core job is to manipulate how Android reports device integrity to apps and services that check whether a phone has been modified or rooted. Android 12 or later is required. Modern Android devices include a security feature called hardware-backed key attestation, which lets apps verify that the phone's security hardware is genuine and unmodified. Services like Google Play and some banking apps use this to block rooted or altered devices. TrickyStore intercepts that process and substitutes a replacement certificate, called a keybox, so the device can pass stronger integrity checks even after modification. You provide this keybox as a specially formatted XML file containing cryptographic private keys and certificate chains, placed at a specific path on the device. TrickyStore also includes a Build Vars Spoofing feature, which requires an additional component called Zygisk. This lets you override what the phone reports as its model, manufacturer, fingerprint, and other identifiers, making the device appear to be a completely different phone. You configure this by editing a text file with key-value pairs for each property you want to fake. You control which apps receive these modifications through a target.txt file. By default, listed apps get the leaf-certificate trick, where TrickyStore intercepts and modifies the certificate the phone's security chip returns. On devices where that security chip is broken or inaccessible, TrickyStore can instead generate an entirely fake certificate chain. You enable this per-app by adding an exclamation mark after the package name in the target list. The project is open-source and credits several related tools from the same Android modification community. The to-do list covers App Attest Key support and compatibility with Android 11 and below. The README is short and aimed at readers already familiar with Magisk and Android rooting.

Copy-paste prompts

Prompt 1
I've installed TrickyStore on a rooted Android phone. Walk me through sourcing a valid keybox XML file and placing it at the correct path so Play Integrity hardware checks pass.
Prompt 2
How do I configure target.txt in TrickyStore to apply the leaf-certificate trick to a banking app and the full fake certificate chain to a game whose security chip is inaccessible?
Prompt 3
Explain what Build Vars Spoofing does in TrickyStore and write the props file entries I need to make my device report as a Pixel 8 Pro.
Prompt 4
What is the difference between the leaf-certificate trick and the fake certificate chain in TrickyStore, and under what circumstances should I use each one?

Frequently asked questions

What is trickystore?

TrickyStore is a Magisk module for Android that tricks apps into believing your rooted phone is unmodified, by substituting a fake security certificate during hardware integrity checks.

How hard is trickystore to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is trickystore for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.