南宫雪珊

/system/app/mediatek-res/mediatek-res.apk I want to know why this file cannot open by root process

Thanks for your PR! I'm a bit surprised that Samsung has another system (even a different root of trust). In AOSP, ID attestation also require privileges (READ_PRIVILEGED_PHONE_STATE). My idea is...

I did not find the public key published by Samsung on the Internet, can you provide the source? https://docs.samsungknox.com/dev/knox-attestation/about-attestation.htm

Due to the significance of root of trust, the app can only accept official public data, such as [Google](https://developer.android.com/training/articles/security-key-attestation#root_certificate). Also, if using AOSP API, is the root certificate signed by...

I guess it might be in the internal Samsung Knox SDK doc, if you can confirm the public key is the same for all Samsung devices, I will add it.

``` critical(false) 1.3.6.1.4.1.236.11.3.23.7 value = Sequence Tagged [CONTEXT 0] PrintableString(Sat Jun 17 18:20:41 GMT+02:00 2023) Tagged [CONTEXT 5] Sequence Tagged [CONTEXT 0] DER Enumerated(1) Tagged [CONTEXT 1] DER Enumerated(1) Tagged...

``` Tagged [CONTEXT 6] DER Octet String[32] ``` what about this?

You are in app attest key mode, it looks like Samsung does not support it, you need to remove this feature for Samsung service.

> ASN1_PRINTABLESTRING challenge > public Builder(String alias, byte[] challenge) What happens if fill it with a random byte array? This is a non-printable string. > ACCESSOR *creator; ACCESSOR_SET *administrators; ACCESSOR_SET...

https://docs.samsungknox.com/devref/knox-sdk/reference/com/samsung/android/knox/integrity/EnhancedAttestationPolicy.html > nonce A nonce value that must be unique for each request. Nonce length can be 32 bytes string. Alphanumeric and underscore(_), dash(-), dot(.) characters are allowed for nonce....