Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed -66 RSA attestation failed #9

Open
privacyguy123 opened this issue Mar 20, 2024 · 20 comments
Open

Failed -66 RSA attestation failed #9

privacyguy123 opened this issue Mar 20, 2024 · 20 comments

Comments

@privacyguy123
Copy link

Using StrongBox version of the code snippet because my device uses StrongBox. Has anybody else seen this or knows what it means?
@VisionR1
Copy link

VisionR1 commented Mar 21, 2024
edited
Loading

Using StrongBox version of the code snippet because my device uses StrongBox. Has anybody else seen this or knows what it means?

Short
IMG_20240321_175032

Full: https://developer.android.com/privacy-and-security/keystore

@privacyguy123
Copy link
Author

Doesn't really answer the question - the key box supplied is valid yet RSA portion of the command fails?

@VisionR1
Copy link

Doesn't really answer the question - the key box supplied is valid yet RSA portion of the command fails?

Oh another error that, you mean the EC is valid but RSA fails?

@privacyguy123
Copy link
Author

privacyguy123 commented Mar 25, 2024
edited
Loading

Doesn't really answer the question - the key box supplied is valid yet RSA portion of the command fails?

Oh another error that, you mean the EC is valid but RSA fails?

Yes, error 66 from KmInstallKeybox.

The command without StrongBox worked fine.

@VisionR1
Copy link

Doesn't really answer the question - the key box supplied is valid yet RSA portion of the command fails?

Oh another error that, you mean the EC is valid but RSA fails?

Yes, error 66 from KmInstallKeybox.

The command without StrongBox worked fine.

Have you try this

IMG_20240325_162013.jpg

@privacyguy123
Copy link
Author

Yes, false gives a different error saying the device expects props to be attested or something.

@VisionR1
Copy link

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

@privacyguy123
Copy link
Author

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

I've tried 3 now all with this same error. I cannot overwrite StrongBox key.

@VisionR1
Copy link

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

I've tried 3 now all with this same error. I cannot overwrite StrongBox key.

Besides this 3, you have try and the keybox.xml provide with this guide right?

@privacyguy123
Copy link
Author

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

I've tried 3 now all with this same error. I cannot overwrite StrongBox key.

Besides this 3, you have try and the keybox.xml provide with this guide right?

Yes, they all have the same error on StrongBox device ...

@VisionR1
Copy link

Yes, false gives a different error saying the device expects props to be attested or something.

You insert the keybox.xml provided with this guide or try yours?

I've tried 3 now all with this same error. I cannot overwrite StrongBox key.

Besides this 3, you have try and the keybox.xml provide with this guide right?

Yes, they all have the same error on StrongBox device ...

This is strange, maybe your ROM have some wrong and cause this problem

@privacyguy123
Copy link
Author

privacyguy123 commented Mar 26, 2024
edited
Loading

Have you been able to run the StrongBox command and get a successful output? I am talking about the longer code snippet:

adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true /data/nativetest64/qti_keymaster_tests/keybox.xml  0 true

What output do you get from that?

This shorter code snippet says "TEE fine successful" but this is not enough on a StrongBox because it only seems to be reprogramming "half" the key.

@VisionR1
Copy link

VisionR1 commented Mar 26, 2024
edited
Loading

Have you been able to run the StrongBox command and get a successful output? I am talking about the longer code snippet:

adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true /data/nativetest64/qti_keymaster_tests/keybox.xml  0 true

What output do you get from that?

This shorter code snippet says "TEE fine successful" but this is not enough on a StrongBox because it only seems to be reprogramming "half" the key.

You mean this
adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true keybox.xml 0 true
Because i think you write and some else in the end
Don't have try this yet but i take the answer from another users what say like in XDA, and say my opinion.

And maybe is can't work in your device, because @chiteroman say have test this in his Xiaomi Poco X3 Pro.
You have i guess, Samsung?

@VisionR1
Copy link

And you can write here
https://xdaforums.com/t/tee-hacking.4662185/

And if any users have the same problem and found a solution can tell you

@privacyguy123
Copy link
Author

You mean this adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true keybox.xml 0 true Because i think you write and some else in the end

It is necessary to supply to the full path to the keybox twice ...

@VisionR1
Copy link

VisionR1 commented Mar 26, 2024
edited
Loading

You mean this adb shell LD_LIBRARY_PATH=/vendor/lib64/hw KmInstallKeybox /data/nativetest64/qti_keymaster_tests/keybox.xml 0 true keybox.xml 0 true Because i think you write and some else in the end

It is necessary to supply to the full path to the keybox twice ...

Really where say that? 🤔

Because i read this

IMG_20240327_004328.jpg

I think this with keybox twice mean this
IMG_20240327_004653.jpg

Without twice for non StrongBox
And with twice for StrongBox
IMG_20240327_005028.jpg

@privacyguy123
Copy link
Author

privacyguy123 commented Mar 26, 2024
edited
Loading

If you don't understand why that is then I don't know if you're qualified to help me. :)

Writing keybox.xml (with no full path) attempts to read the file from the currently directory you're in - if you dont' supply a full path then KmInstallKeybox won't find the keybox file the 2nd time.

@VisionR1
Copy link

If you don't understand why that is then I don't know if you're qualified to help me. :)

Writing keybox.xml (with no full path) attempts to read the file from the currently directory you're in - if you dont' supply a full path then KmInstallKeybox won't find the keybox file the 2nd time.

Yeah i know that, for that i say only my opinion and maybe some is useful.

Yeah i get your point, just i confused because i read the guide and can't find where say this specific part

@privacyguy123
Copy link
Author

Hes copy pasted the code wrong for StrongBox, it's simple as that

@VisionR1
Copy link

Hes copy pasted the code wrong for StrongBox, it's simple as that

If so like this you say, then @chiteroman must change it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@VisionR1 @privacyguy123