TrustZone
TrustZone¶
- https://labs.bluefrostsecurity.de/files/TEE.pdf
- Exploiting Samsung TEE
- Reverse Engineering the Samsung S6 Trustzone
- Reverse Engineering the Samsung S6 Trustzone Part2
- Unbox Your Phone — Part I
- Unbox Your Phone — Part I
- Unbox Your Phone — Part I
- Project Zero Trust Issues: Exploiting TrustZone TEEs
- More Project Zero TrustZone
Keystore¶
https://stackoverflow.com/questions/42127072/how-can-i-use-keystore-in-android-native-code
https://doridori.github.io/android-security-the-forgetful-keystore/
On Android 6+ (API XX) if the device supports it The Master key is stored in the Trusted Execution Environment (TEE).
These are stored in [USERID]_[KEYTYPE]_[KEYNAME].
Key Types
- USRPKEY: User Private Key
- USRSKEY: User Shared Key
- CACERT: CA Certificate
Encrypted Keystore Files:
root@bullhead:/data/misc/keystore/user_0 # ls -al
-rw------- keystore keystore 84 2017-09-20 18:09 .masterkey
-rw------- keystore keystore 1428 2019-07-15 11:02 1000_CACERT_BurpCA
-rw------- keystore keystore 1428 2019-08-21 14:00 1000_CACERT_1
-rw------- keystore keystore 1428 2018-08-08 12:07 1000_CACERT_2+Pburp
-rw------- keystore keystore 1428 2019-12-16 14:25 1000_CACERT_burp
-rw------- keystore keystore 1428 2017-09-22 17:35 1000_CACERT_burpca
-rw------- keystore keystore 1428 2019-06-06 14:46 1000_CACERT_3_burp
-rw------- keystore keystore 324 2019-06-04 16:46 10013_USRCERT_unstable+^825349ac930c2370b39f30e7d789963b+^2
-rw------- keystore keystore 1028 2019-06-04 16:46 10013_USRPKEY_unstable+^825349ac930c2370b39f30e7d789963b+^2
-rw------- keystore keystore 932 2017-09-20 18:37 10013_USRSKEY_android_pay_recent_unlock_key_2
-rw------- keystore keystore 932 2019-06-06 14:49 10087_USRSKEY_AppUserKeyAlias
-rw------- keystore keystore 1428 2019-07-15 11:02 1010_CACERT_portswigger
-rw------- keystore keystore 324 2020-01-21 11:00 10110_USRCERT_TrustDefenderSDK
-rw------- keystore keystore 1012 2020-01-21 11:00 10110_USRPKEY_TrustDefenderSDK
-rw------- keystore keystore 948 2020-01-21 10:54 10110_USRSKEY__androidx_security_master_key_
How to Decrypt Keystore Files:
keystore_cli_v2 list
#Currently Gives ListKeys failed.
keystore_cli list
#Currently Gives Error 6 Permission Denied
An Open Framework for Architecting Trusted Execution Environments
https://doridori.github.io/android-security-the-forgetful-keystore/
https://labs.f-secure.com/blog/how-secure-is-your-android-keystore-authentication/
Fingerprint¶
Setting a Key with setUserAuthenticaitonRequired(true) prevents it from being retrieved without authenticating with a Fingerprint.