⚡ Tricky Addon Enhanced

Automated TrickyStore & TEESimulator Management

Flash once. Forget forever.

---

Note

This is a personal project built for automation enthusiasts — flash and forget.

It was never planned for public release, but enough people wanted it, so here it is. It's open-source because sharing is good — not because anyone is owed support, features, or responses on a timeline. If something breaks, report it on Telegram. PRs are welcome. Entitlement is not.

Do NOT report issues to TrickyStore, TEESimulator, or any upstream project. They have nothing to do with this module. All support goes through one place: the SuperPowers Telegram.

---

🧬 What is Tricky Addon Enhanced?

A native Rust daemon that manages TrickyStore and TEESimulator silently in the background — keybox rotation, security patch spoofing, VBHash injection, attestation engine monitoring, and target list management — all running as a single process with zero user intervention after install.

This is a clean-room rewrite. The original concept drew from several community projects, but every line of backend logic has been rebuilt from scratch in Rust with a completely different architecture — a single native daemon replacing 6 shell processes, inotify replacing poll loops, in-memory config replacing fork-per-read patterns. No commits were squashed or rebased from any other project. This is new code.

---

🔥 Why Rust?

The previous shell-based approach worked, but it was fragile. Config reads forked a new process every time. App detection polled in a sleep loop. Six separate scripts competed for resources. The result was hundreds of thousands of unnecessary wakeups per day, constant JVM spawns, and race conditions that caused intermittent failures users couldn't diagnose.

The Rust rewrite eliminates all of that:

Metric	Shell	Rust
Wakeups/day	884,449	~100 (timer fires only)
JVM spawns/day	20,170	~200 (only for pm when inotify can't detect)
Processes	6	1
Background CPU	~28 min/day	<1 min/day
Config reads	43,200 forks/day	0 (in-memory struct)
App detection latency	10s–minutes	Instant (inotify)

One binary. One process. One config file. No shell scripts in the hot path.

---

✨ Features

Keybox Management

• 3-source failover — Yurikey → KOW → Custom, with automatic rotation
• XML validation before applying — never installs a broken keybox
• Automatic backup — existing keybox backed up before every replacement
• Custom keybox protection — set source to custom and it stays untouched
• Device keybox generation — ECDSA P-256 + RSA-2048 keygen for AOSP-level attestation
• Configurable fetch interval — preset chips (1h–7d) or custom value with min/hr/day unit toggle from WebUI

Security Patch Automation

• Engine-aware patching — auto-detects James Fork, standard TrickyStore, or TEESimulator
• All three dates — system, boot, and vendor patch levels set on boot and daily
• Latest patch fetch — pulls current dates from Google's Pixel bulletin

VBHash Spoofing

• 15 properties spoofed — vbmeta.digest, device_state, verifiedbootstate, and 12 more
• Captured at install time — reads ro.boot.vbmeta.digest before any modules are active
• Fallback chain — persisted file → bootloader property → APK extraction (last resort)

Custom ROM Identity Hiding

• LineageOS prop scrub on boot: strips the lineage_ prefix from ro.product.vendor.name, replaces org.lineageos.aperture in vendor.camera.aux.packagelist and persist.vendor.camera.privapp.list, stops vendor.lineage_health and deletes its init.svc.* status prop
• Stock-safe gating: every block matches a LineageOS-only signature before writing, so stock ROMs trigger nothing

Attestation Engine Health Monitor

• Auto-restart on crash — polls every 10s, detects TEESimulator or TrickyStore, restarts if dead
• Grace period — 5s window for the engine's internal restart loop before intervening
• Restart tracking — count persisted to .health_state, visible in WebUI

Target List Automation

• inotify-based app detection — new installs added to target.txt instantly
• Xposed exclusion — auto-detects and excludes Xposed modules
• Denylist merge — optionally pulls from Magisk denylist

Conflict Detection

• 19 conflicting modules detected and handled (auto-remove, block, or warn)

Live Status Monitor

• Module description updates every 30s — app count, keybox source, patch level, VBHash state

⚡ 37 Apps │ 🔑 Yurikey │ 🛡️ 2026-01-05 │ 🔒 VBHash

Real-time status directly in your module manager — no need to open anything.

WebUI

• Glass morphism design — AMOLED dark gradient (#0F0F1A → #1A1A2E), 6 accent color presets with random selection on launch
• Health status banner — live engine state (green/red/orange)
• Keybox status pill: green OK, blue AOSP when an AOSP-rooted keybox is loaded on a non-AOSP device, amber Invalid for structural failures, gray No Keybox when absent. Hover surfaces the full validation error list. Revocation is exposed as JSON metadata but no longer drives the badge color since TEESimulator routes around Google's attestation status list at runtime
• Keybox automation panel — 6 source cards, interval scheduler with preset chips (1h–7d) and custom input with min/hr/day toggle, manual fetch
• Target list auto-refresh — every 3s, with search and per-app mode control
• 23 languages with RTL support
• Single batched init — one shell call loads the entire UI state

Set It and Forget It

A single native daemon manages all background tasks — if anything dies, it restarts within 1s:

• App Watcher — auto-adds new installations to target.txt via inotify
• Xposed Detection — auto-excludes Xposed modules from targeting
• Health Monitor — auto-restarts attestation engine on crash
• Status Monitor — live module description updates every 30s
• Conflict Detection — warns about 19 conflicting modules on boot
• Log Rotation — 1MB limit with automatic cleanup

---

📱 Compatibility

Root Manager	Minimum Version	WebUI Support
KernelSU	32234+	Built-in
APatch	11159+	Built-in
Magisk	20.4+	KSUWebUIStandalone or WebUI-X required

Requires: TEESimulator or TrickyStore installed as the attestation engine.

---

🚀 Installation

1. Download the latest release
2. Install via your root manager
3. No reboot required on KSU and APatch (hot install). Magisk applies on the next boot.

During install, press Vol− for manual target mode (GMS/GSF only) or Vol+ / wait 10s for full automation.

Conflicting modules are detected and rm -rf'd at install time, so an old TA fork or competing keybox/VBHash module is removed automatically.

The module captures VBHash, builds the exclude list, generates target.txt, fetches a valid keybox, sets security patch dates, and starts the daemon. Nothing else to do.

---

🔨 Building from Source

Requires Rust toolchain and Android NDK.

git clone https://github.com/Enginex0/tricky-addon-enhanced.git
cd tricky-addon-enhanced
bash package.sh --no-bump

The ZIP lands in release/. CI also builds on every push — grab artifacts from the Actions tab.

Build options

Flag	Effect
(none)	Bump version, cross-compile, package
--no-bump	Build without incrementing version
--no-build	Package only (skip Rust compile)
--clean	Remove old ZIPs before packaging

---

⚙️ Configuration

All settings are configurable from the WebUI (open from your root manager) or via CLI:

ta-enhanced config get keybox.source
ta-enhanced config set keybox.interval 3600

Config lives at /data/adb/tricky_store/config.toml and is preserved across reinstalls.

Config Reference

Key	Default	Description
keybox.enabled	true	Auto keybox fetching
keybox.source	yurikey	Primary source (yurikey, upstream, custom)
keybox.interval	300	Seconds between fetch attempts
security_patch.auto_update	true	Auto patch date updates
security_patch.interval	86400	Seconds between patch checks
automation.enabled	true	Auto target.txt population
automation.use_inotify	true	Use inotify for instant app detection
health.enabled	true	Attestation engine health monitor
health.interval	10	Seconds between health checks
conflict.enabled	true	Conflicting module detection
vbhash.enabled	true	VBHash spoofing

File Locations

/data/adb/tricky_store/
├── config.toml                # Module configuration
├── target.txt                 # Apps to protect
├── keybox.xml                 # Current keybox
├── keybox.xml.bak             # Keybox backup
├── security_patch.txt         # Patch dates
├── .health_state              # Health monitor state

/data/adb/Tricky-addon-enhanced/logs/
├── daemon.log                 # Unified daemon log
└── conflict.log               # Conflict detection

/data/adb/boot_hash            # Persisted VBHash

---

🛠️ Troubleshooting

Fingerprint enrollment fails after install

On Snapdragon-class devices, the runtime VBMeta digest spoof can prevent enrollment of new fingerprints. Existing prints keep working; only adding new ones fails. Two escape hatches, available from the WebUI under Automation → Compatibility, or via terminal:

• touch /data/adb/disable_vbmeta_digest_spoof — keeps Play Integrity spoofing, drops only the digest rewrite. Try this first.
• touch /data/adb/disable_prop_handler — disables the entire boot-state spoof. Use only if the first doesn't help.

Reboot after either change. Remove the file to restore the spoof.

---

💬 Community

$ ta-enhanced --connect

 ███████╗██╗   ██╗██████╗ ███████╗██████╗
 ██╔════╝██║   ██║██╔══██╗██╔════╝██╔══██╗
 ███████╗██║   ██║██████╔╝█████╗  ██████╔╝
 ╚════██║██║   ██║██╔═══╝ ██╔══╝  ██╔══██╗
 ███████║╚██████╔╝██║     ███████╗██║  ██║
 ╚══════╝ ╚═════╝ ╚═╝     ╚══════╝╚═╝  ╚═╝
              POWERS

 [✓] SIGNAL    ──→  t.me/superpowers9
 [✓] UPLINK    ──→  bug reports · feature drops · dev updates
 [✓] STATUS    ──→  OPEN — all operators welcome

---

🙏 Credits

• KOWX712 — original Tricky Addon concept and WebUI foundation
• JingMatrix — TEESimulator
• 5ec1cff — TrickyStore attestation module
• XtrLumen/TS-Enhancer-Extreme — VBHash extraction concept
• Yurikey — primary keybox source
• Zero-Mount — WebUI design inspiration
• j-hc/zygisk-detach — WebUI template

---

📄 License

This project is licensed under the GNU General Public License v3.0.

---

⚡ Flash once. Forget forever.