Export/Import from AndroidKeyStore

MuntashirAkon / AppManager

A full-featured package manager and viewer for Android

https://muntashirakon.github.io/AppManager/

Other

4.29k stars 252 forks source link

Export/Import from AndroidKeyStore #1350

Closed mid-kid closed 4 weeks ago

mid-kid commented 1 month ago

Please check before submitting an issue

[X] I am using the latest version of App Manager
[X] I have searched the issues and haven't found anything relevant
[X] I have read the docs

Describe a description of the new feature

I would like to have a feature to read the keys and export/import from the device-wide Android Keystore.

Describe the solution you'd like

A simple interface that shows the existing keys in the AndroidKeyStore, and allows you to dump them into .pem format.

Describe alternatives you've considered

I have searched all over the internet but I haven't been able to find any reasonable way to extract keypairs from the keystore, and it's becoming increasingly relevant to read the keystore in order to decrypt app-specific data, and transfer backups from device to device. This app has root access, and allows editing app properties and making backups, so it feels like a natural fit.

Additional context

No response

MuntashirAkon commented 4 weeks ago

I have searched all over the internet but I haven't been able to find any reasonable way to extract keypairs from the keystore

You haven't find one because it's not possible to do so. However, it doesn't mean it's completely impossible. It may be possible to extract certain keypairs using Frida. But that's beyond the scope of the project. What App Manager does is simply backing up the encrypted files themselves and restoring them. It does not attempt to extract the actual keypairs.

mid-kid commented 4 weeks ago

@MuntashirAkon Thanks a lot for the thoughtful reply. I have very little experience with Android in general and how things work, so that might be the cause of some misunderstanding.

My concrete goal right now, is extracting the TOTP token from a MFA app, so I can use it to log in without the app. What I don't understand is that it seems to be getting the actual public and private keys from the keystore.

If I look at sqlite3 /data/misc/keystore/persistent.sqlite on my phone, and run select alias from keyentry;, I can see a bunch of secrets stored in it from different apps, such as signal, and the ONELOGIN one. What I don't really understand is how to go from there to getting the keys like the app seems to do(?), or if I can't directly get the keys, using it to decrypt a bit of data.

Don't worry if you don't know or don't feel like explaining, I'm just surprised by the seeming lack of information about this on the internet.

MuntashirAkon commented 4 weeks ago

You're doing it wrong. As with any MFA app, it must be storing those information to a database for later use. I can see androidx.room library dependency in the build.gradle file. So, it may be using that library to manage a SQLite3 DB. You need to find out how it's storing those info in the DB. If you find that the DB is encrypted or has some encrypted data, you can write a simple Frida script to extract those info.