Live-verified against Google’s revocation list

The community
keybox repository

A continuously updated collection of Android attestation keyboxes. Every entry is checked in real time — valid keys first, revoked ones archived below, all free to download.

keyboxes tracked
currently usable
revoked by Google
last update
ad slot — paste your Adsterra / Monetag code here
Repository

Available keyboxes

Sorted best-first by attestation grade, then newest. Revoked keys are kept at the bottom for reference and testing.

checking Google revocation list…
Stop updating by hand

Tired of replacing keyboxes manually?

Every time a key gets revoked you shouldn’t have to hunt for a new one and copy it over yourself. AlwaysStrong is a drop-in Magisk / KernelSU module that pulls the newest strong keybox from this repository onto your device — automatically. Set it once, stay strong.

Grading

What the statuses mean

attestation grade emblem
Strong
Hardware-backed attestation — the strongest verdict

The dots on each channel post encode the attestation result. Google’s revocation list can override any grade to “Revoked”.

Strong Strong

Three green — passes hardware-backed (STRONG) attestation. Banking apps, Google Wallet and Play Integrity’s strongest verdict all work.

Soft-banned Soft-banned

Two green — still functional but flagged on some services. Good as a fallback when no strong key is available.

Basic integrity Basic

One green — only passes BASIC integrity. Enough for light root hiding, not for strong-attestation apps.

Revoked Revoked

Listed by Google as compromised. It will fail attestation regardless of its certificate expiry — kept here only for reference.

ad slot — paste your ad code here
Install guide

Using a keybox with TrickyStore

You’ll need a rooted device (Magisk / KernelSU / APatch) with the TrickyStore module installed.

1

Download a valid keybox

Pick the top entry marked Strong above and tap Download. You’ll get a keybox.xml file.

2

Place it in the TrickyStore folder

Copy the file to the path below (any root file manager works):

# replace the existing keybox
/data/adb/tricky_store/keybox.xml
3

Enable “valid keybox” mode

Make sure TrickyStore is set to use a custom keybox. Some builds auto-detect it; others need security patch spoofing enabled in the config.

4

Reboot & verify

Reboot, then check with an attestation tester (e.g. Play Integrity API Checker). A strong key returns STRONG / DEVICE + STRONG. If it fails, the key may have just been revoked — grab a newer one.

FAQ

Frequently asked

Why did a “Strong” keybox stop working?
Google periodically revokes leaked keyboxes. A key that graded Strong yesterday can be added to the revocation list at any time — this page re-checks on every visit and moves revoked keys to the archive automatically. When that happens, just download the newest valid one.
Is “valid” the same as “not expired”?
No — and this is the most common mistake. A keybox’s certificates can be valid for years yet already be revoked by Google for key compromise. Validity here means not on Google’s revocation list plus the attestation grade from testing, not the certificate expiry date.
How often is the repository updated?
Whenever a new keybox is posted to the Telegram channel, it appears here within about a minute. Revocation status, however, is evaluated live every time you load the page.
Is this safe / where do the keyboxes come from?
Keyboxes are community-sourced and shared for research and root-hiding on your own devices. The files are provided as-is; verify anything important yourself. This project only mirrors and grades them — it doesn’t generate keys.
What is a keybox, exactly?
It’s an XML file holding a device attestation key and its certificate chain. TrickyStore uses it to answer hardware-attestation challenges so Play Integrity and similar checks pass on a rooted device.
ad slot — paste your ad code here