In this guide, we will show you the steps to pass the Strong Integrity on an unlocked bootloader and rooted device. While gaining administrative access by rooting the device has forever been the tech enthusiast’s go-to tweak, however, the number of users who used to do so is on a continuous decline. One major reason for the same is the continuous tightening of screws from the Silicon Valley giant.
Every other year, it tends to introduce new stringent measures that end up doing more harm than good to a rooted device. Granted, rooting a device would leave it more prone to attacks and Google is only introducing these security measures to prevent users from rooting their devices so that they remain confined within a safe environment. However, the users are fully aware of what they are doing and what use will an open source OS be if they have to be enclosed within the gated society.
Unfortunately, this is how things stand at the moment and the likes of SafetyNet and Play Integrity have proven to be the final nail in the coffin. The former was the starting point of this fiasco but has since been replaced with the latter. For the unaware, the Play Integrity Test consists of three tests: Basic, Device, and Strong. As soon as you root your device [or even install a custom ROM], all these three tests will fail.
As a result of this, you wouldn’t be able to use any banking and payment apps. However, thanks to some nifty work done by the developer, you can partially pass this test and at least run numerous banking and payments. But did you notice the word partial? We used this because the module that allows us to get this job done only passes the Basic and Device Integrity tests and not the Strong one.
While that is sufficient for most apps, some have started looking for Strong Integrity as well, and that has proven to be a major cause of concern. Well, not anymore! There now exists a method using which you can even pass the Strong Integrity, apart from the Basic and Device on your unlocked bootloader and rooted Android device. And in this guide, we will show you how to do just that. So without further ado, let’s get started.
Table of Contents
How to Pass Strong Integrity on Unlocked Bootloader & Root!
Do note that this tweak requires an unrevoked keybox.xml file which cannot be publically shared as it will then be revoked [you know why and how!] and will no longer be of any use to us.
So from where can you get this file? Well, you can search for it using a less popular search engine like Ecosia, go through forums like Reddit and X, or search on Discord Servers and Telegram channels. However, once you get hold of this file, please do not share it with anyone else due to the reasons already mentioned above. Keeping all these points in mind, let’s get started.
Before starting, please take a backup of all the data on your device, just to be on the safer side. Moreover, it’s quite obvious that your device should already be rooted at this point in time. However, if that is not the case and you are here to test out this tweak for the first time, then make sure to root your device via our guide. Droidwin and its members wouldn’t be held responsible in case of a thermonuclear war, your alarm doesn’t wake you up, or if anything happens to your device and data by performing the below steps.
- First off, here are all the required files that you need to get hold of:
- Magisk Canary [For Root]
- Shamiko Module
- LSPosed Framework [For Shamiko]
- Play Integrity [For Spoofing Device]
- Zygisk Assistant [For Hiding Zygisk]
- Tricky Store [For modifying the certificate chain generated for Android key attestation]
- Unrevoked keybox.xml [For passing Strong Integrity]
- Root Supported File Manager [For accessing the /data directory]
- Play Integrity API Checker [To check if your device passes Strong Integrity]
- Once you have downloaded all the files, launch Magisk > go to Settings > enable Zygisk.
- Then go to Modules > Install from Storage > flash the following modules:
- Shamiko Module
- LSPosed Framework
- Play Integrity
- Zygisk Assistant
- Tricky Store
- Once done, extract manager.apk from LSPosed ZIP and install it.
- Now install a root-supported file manager app like Solid File Explorer.
- Then launch it, tap on the hamburger menu, and select Root. You’ll get an SU request, tap Grant.
- Now go to the below directory. There will already be a keybox.xml file present there.
data/adb/tricky_store
- Replace it with the unrevoked one that you have downloaded [select New in the prompt that appears].
- Finally, restart your device and then install the Play Integrity API Checker app.
- Launch the app [make sure you’re connected to the Internet] and tap on Check.
- You should now be passing all three tests, including the Meets_Strong_Integrity.
That’s it. These were the steps to pass the Strong Integrity on an unlocked bootloader and rooted device. If you have any queries concerning the aforementioned steps, do let us know in the comments. We will get back to you with a solution at the earliest.
UPDATE 1: Keybox [1] Has Been Revoked!
See UPDATE 2
Well, our worst fear came true [though we all saw it coming]! The keybox XML shared with you all has been revoked and will no longer work. Currently, I’m on the lookout for a new unrevoked XML file. As and when I get hold of the same, I will send it to you. Moreover, once again we request you all not to share this XML file with anyone else, because the more you share, the faster it will be revoked. [NOTE: I have many of your requests lined up in the comments section, as and when I get hold of the file, I’ll send it to you. Thanks for your patience].
UPDATE 2: A New Keybox XML [2] File is Now Live!
Well, we have found a new working unrevoked keybox XML file. Drop your request in their comments section along with your email and we’ll mail it to you.
UPDATE 3: Here’s Another Keybox [3] For You!
We have managed to find yet another unrevoked keybox XML file. However, we will keep on sharing the second one given above until that gets revoked [do let me know as well when that happens]. As before, sharing of this keybox will also be done via your email ID. So drop in your request in the comments with the correct email address and we will share the file with you.
Passing Strong Without Keybox
Since the keybox XML file is being revoked at frequent intervals, I found out a nifty method using which you can easily pass all three Play Integirty Tests, Device, Basic, and Strong, without using any Keybox XML File! Refer to the below guide and the attached video in that guide for more: