Skip to content

sfX-android/update_verifier

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
test_zips
test_zips
 
 
AOSP_TESTKEY_pubkey
AOSP_TESTKEY_pubkey
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bluejay_AXP.OS_avb_pkmd.bin
bluejay_AXP.OS_avb_pkmd.bin
 
 
bluejay_AXP.OS_pubkey
bluejay_AXP.OS_pubkey
 
 
cheetah_AXP.OS_avb_pkmd.bin
cheetah_AXP.OS_avb_pkmd.bin
 
 
cheetah_AXP.OS_pubkey
cheetah_AXP.OS_pubkey
 
 
fajita_AXP.OS_avb_pkmd.bin
fajita_AXP.OS_avb_pkmd.bin
 
 
fajita_AXP.OS_pubkey
fajita_AXP.OS_pubkey
 
 
gtexslte_eos-nougat_dios-nougat_pubkey
gtexslte_eos-nougat_dios-nougat_pubkey
 
 
gtexslte_los-nougat_pubkey
gtexslte_los-nougat_pubkey
 
 
hotdog_AXP.OS_pubkey
hotdog_AXP.OS_pubkey
 
 
hotdog_eos-q_custom-rooted_pkmd.bin
hotdog_eos-q_custom-rooted_pkmd.bin
 
 
hotdog_eos-q_custom-rooted_pubkey
hotdog_eos-q_custom-rooted_pubkey
 
 
hotdog_eos-q_custom_pkmd.bin
hotdog_eos-q_custom_pkmd.bin
 
 
hotdog_eos-q_pubkey
hotdog_eos-q_pubkey
 
 
j5y17lte_AXP.OS_pubkey
j5y17lte_AXP.OS_pubkey
 
 
j5y17lte_eos-oreo_pubkey
j5y17lte_eos-oreo_pubkey
 
 
j5y17lte_eos-q_pubkey
j5y17lte_eos-q_pubkey
 
 
lgg4_eos-pie_pubkey
lgg4_eos-pie_pubkey
 
 
lgg4_los-17.1_pubkey
lgg4_los-17.1_pubkey
 
 
lgg4_los-nougat_pubkey
lgg4_los-nougat_pubkey
 
 
lgg4_los-oreo_pubkey
lgg4_los-oreo_pubkey
 
 
lgg4_los-pie_pubkey
lgg4_los-pie_pubkey
 
 
requirements.txt
requirements.txt
 
 
sunfish_AXP.OS_avb_pkmd.bin
sunfish_AXP.OS_avb_pkmd.bin
 
 
sunfish_AXP.OS_pubkey
sunfish_AXP.OS_pubkey
 
 
update_verifier.py
update_verifier.py
 
 

Repository files navigation

Install

git clone https://github.com/sfX-Android/update_verifier
cd update_verifier
pip install -r requirements.txt

Usage

Verifying Build Authenticity

You can verify whether a build has been signed with our keys with this command:

python update_verifier.py XXX_pubkey /path/to/zip

(obviously replace XXX_pubkey with the public key file and /path/to/zip with the path to the zip you want to verify)

If the script reports verified successfully, the ZIP file signature is valid.

For the paranoid, the contents of this page are stored on our GitHub.

The public known AOSP testkey

If an OS ZIP is not signed with a custom key it will get still signed by the public known AOSP testkey (see here).

But: the private part of that testkey is known to everyone and so cannot be trusted!

So everyone can modify the ZIP and re-sign it with that known testkey and your recovery and/or OS will accept it (if not configured otherwise).

So if the following command succeeds for the ZIP tested it means you should never trust it:

python update_verifier.py AOSP_TESTKEY_pubkey /path/to/zip

If it says: "failed" you are good as it means the ZIP was not signed by the testkey.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages