One-flash STRONG Play Integrity for Magisk / KernelSU / APatch. It bundles TEESimulator-RS and PlayIntegrityFork into a single module so you don't have to stack and wire them up yourself.
To use this module you need one of the following (latest versions), with a Zygisk implementation installed:
- Magisk with Zygisk enabled a standalone Zygisk Next / ReZygisk / NeoZygisk is recommended over Magisk's built-in Zygisk, which is more easily detected
- KernelSU or KernelSU Next with Zygisk Next or ReZygisk or NeoZygisk module installed
- APatch with Zygisk Next or ReZygisk or NeoZygisk module installed
Android 10+ (SDK 29) is required.
- Channel: t.me/keyboxstrong
- Root community: t.me/evokeroot
- Chat / support group: t.me/keyboxstrongchat
If AlwaysStrong is useful to you, you can tip at coindrop.to/evokerrr.
- One flash,
STRONG. TEESimulator-RS + PlayIntegrityFork in a single module. No stacking, no manual wiring. - Keybox on tap. The first Action fetches a working keybox automatically. No hunting, no manual placement.
- A fingerprint that never goes stale. Every Action pulls a fresh Pixel fingerprint and matching security patch — and a background service does the same automatically every hour (interval configurable, each toggle-able from the WebUI), so your spoof keeps up with Google's rotations even if you never open the module.
- Hands-off keybox too. The same hourly service re-checks your keybox and only swaps it in when a newer one is available, restarting Play Integrity only when something actually changed.
- Auto target. A native watcher follows package changes via inotify, with a full rebuild on every Action tap and hourly — install a new app and it's added to the attestation target instantly, with no need to reopen the module or tap Action again.
- Xposed-aware. The same watcher drops Xposed / LSPosed managers from the target list, since attesting through a hooked process breaks
STRONG. - Conflict resolution. Detects known conflicting modules (TrickyStore, other PIF / TEE forks, SafetyNet Fix, MagiskHidePropsConf, and more) and disables and removes them at install and on every boot, so a leftover module can't silently fight AlwaysStrong.
- GMS kill. Force-stops DroidGuard (
com.google.android.gms.unstable) and clears the Play Store on each refresh, so a new fingerprint or keybox takes effect without a reboot. - Security-patch sync. Keeps the OS / vendor / boot security-patch levels reported in attestation aligned with the spoofed fingerprint.
- One clean module. PIF is binary-patched to run inside
tricky_store— it never litters a separateplayintegrityfixfolder under/data/adb/modules.
AlwaysStrong is two parts glued into one module:
- TEESimulator-RS intercepts Binder IPC inside the
keystore2process and builds full attestation certificate chains from your keybox, so apps that verify hardware key attestation see a legitimate TEE. It is not a fork of TrickyStore; it reuses the same/data/adb/tricky_storeconfig layout for drop-in compatibility, but the internals (native Rust certgen,lspltinterception, key persistence) are different. - PlayIntegrityFork injects a
classes.dexto modifyandroid.os.Buildfields and hooks native code to spoof system properties, only to Google Play Services' DroidGuard (Play Integrity).
The two are merged so they coexist in one module: TEESimulator's classes.dex is renamed to tee_classes.dex so it doesn't collide with PIF's, and PIF's hardcoded module paths are binary-patched to point at /data/adb/modules/tricky_store — it never creates a separate playintegrityfix folder. The module id stays tricky_store so existing tooling and tutorials keep working unchanged.
- Install a Zygisk implementation (Zygisk Next / ReZygisk / NeoZygisk).
- Download the latest ZIP from Releases.
- Flash it in your root manager and reboot.
- Open the module and tap Action.
- Check your verdict with a checker (Play Integrity API Checker, YASNAC, Simple PIC).
The first Action tap fetches a working keybox and a fresh Pixel fingerprint and restarts Play Integrity, so there is no manual keybox step. The installer also removes conflicting standalone modules at install time (TrickyStore, PlayIntegrityFix/Fork, TEESimulator, playcurl/playcurlNEXT, SafetyNet Fix, MagiskHidePropsConf, Tricky Addon, Yurikey, and a few others).
All config files live at /data/adb/tricky_store/ and are reloaded automatically when changed. The Action button keeps them current, so most users never need to touch these.
The attestation keybox. Fetched automatically on the first Action tap. To use your own, place it here and it won't be overwritten. To point the auto-refresh at a different mirror, set KEYBOX_URL (any raw HTTPS URL that returns a valid keybox) at the top of keybox_fetch.sh; the script validates the payload before replacing the current file, so a bad download can't break attestation.
Triggered from your root manager, or by running sh action.sh in a root shell. Each tap:
- rebuilds
target.txt - refreshes the keybox
- pulls a fresh Pixel fingerprint and security patch (
autopif4) - restarts DroidGuard and the Play Store
The verdict updates a few seconds later. No reboot is needed. The same fingerprint, security-patch and keybox refresh also runs on its own in the background every hour (interval configurable from the WebUI), so the module keeps passing with zero manual upkeep.
The repo ships no upstream binaries. build.sh downloads the pinned upstream release ZIPs, overlays the glue scripts in module/, and produces one installable ZIP. On Windows run it from WSL or Git Bash.
./build.sh # pinned upstream versions
./build.sh --clean # wipe build/ and rebuild
./build.sh --tee v6.0.1-282 --pif v17 # override upstream tagsOutput is out/AlwaysStrong-<version>.zip. Bump upstream pins by editing the defaults at the top of build.sh, or run scripts/update-upstream.sh --apply to pull the latest. A daily GitHub Action does this and opens a PR.
AlwaysStrong is combine of TEE-Simulator-RS + Play Integrity Fork
- JingMatrix — original TEESimulator and keystore2 interception
- Enginex0 — TEESimulator-RS (Rust port, native certgen, AOSP-spec attestation)
- 5ec1cff — TrickyStore, which pioneered keystore interception and the config-dir layout reused here
- chiteroman — original Play Integrity Fix
- osm0sis — PlayIntegrityFork, the maintained fork bundled here
- Displax — module boot scripts forked into PIF
- daboynb — fingerprint auto-refresh approach
- LSPlt (PLT hooks) and ring (Rust crypto)
Packaging by @evokerr.
GPL-3.0. AlwaysStrong bundles TEESimulator-RS (GPL-3.0), which makes the combined distribution GPL-3.0. See LICENSE and the upstream repos for full terms. Provided as-is, with no warranty; STRONG depends on a non-revoked hardware keybox, which the module cannot mint for you.



