Keybox management, security spoofing, and detection avoidance: clean, focused, no bloat.

The module is clean by design: that's what makes it the right choice, not bloat and gimmicks like others. With a clean webUI that gives you the best experience.

Download

Specter is a complete rewrite of what I originally built as Yurikey. After the rewrite was turned down by Yuri, I went my own way.

If Specter helps you out, consider supporting the project:

• Ko-fi: ko-fi.com/dpejoh
• PayPal: dpejoh@atomicmail.io
• BTC: bc1qfy4vfstns4aqhvck66x0r53n3hfkkzhwkt7zpw
• ETC: 0x895762C0Fd2BeF54EE3cD478Fc03212aeA673a68

1. Install any PIF fork such as Play Integrity Fix or Play Integrity Fork
2. Install Tricky Store or any fork such as TEESimulator or TEESimulator-RS
3. Install Specter via Magisk / KernelSU / APatch
4. Open the WebUI and configure as you like

• Keybox: multi-source catalog, custom keybox (file/URL/path), Google revocation checking, private keybox support, backup and restore
• Tools: target.txt, App Targeting (per-app states + blacklist), security patch with live fetch from source.android.com, TEESimulator support, GMS kill, PIF fix, HMA-OSS / Zygisk Next configs, detection cleanup, Widevine L1
• Control: per-feature toggles (boot hardening, boot state props, bootloader spoofer block, ROM spoof blocking, LSPosed clean, recovery hide, action pipeline steps), automatic conflict resolution (aggressive: TSupport-Advance/Yurikey/Integrity Box disabled; passive: TreatWheel/NoHello/Sensitive Props coexist)
• Settings: theme (dark/light/auto + 9 color presets + Monet), language, dev mode with terminal, project contributors

• Root access (Magisk / KernelSU / APatch)
• Tricky Store
• Play Integrity Fix or any fork (recommended)

git clone https://github.com/dpejoh/specter
cd specter
npm install
npm run build

Output: Specter-v{version}.zip

# Shell tests (boot scripts, features)
bash tests/run.sh

# Unit tests (vitest, happy-dom)
npm test

# Unit tests with coverage report
npm run test:coverage

# E2E browser smoke tests (Playwright)
npm run test:e2e

# TypeScript type check
npx tsc --noEmit

Shell tests validate boot scripts and feature behavior in a mock environment (112 tests). TypeScript unit tests cover the WebUI bridge, config layer, toast, colour utilities, and helpers (84 tests). E2E tests verify the built HTML loads correctly in a real browser.

CI enforces:

• TypeScript strict compilation (tsc --noEmit)
• ShellCheck linting (severity: warning)
• Shell test suite (16 tests)
• TypeScript test suite (65+ tests, vitest + happy-dom)
• Module structure verification
• No hardcoded /data/adb/modules/Specter paths in lib/ or features/
• No su -c usage in feature scripts

FOR EDUCATIONAL PURPOSES ONLY.
THE DEVELOPER DOES NOT CONDONE ILLEGAL ACTIVITIES INCLUDING BYPASSING DRM, VIOLATING TERMS OF SERVICE, OR COMMITTING FRAUD.
USERS ARE SOLELY RESPONSIBLE FOR COMPLYING WITH APPLICABLE LAWS.

SPECTER IS PROGRAMMED NOT TO CAUSE PROBLEMS, BUT AN UNLOCKED PHONE ALWAYS COMES WITH RISKS.
NOTHING IS 100% GUARANTEED. USE AT YOUR OWN RISK.
YOUR WARRANTY MAY BE VOIDED, APPS MAY BREAK, AND ACCOUNT BANS ARE POSSIBLE.
ALWAYS MAINTAIN BACKUPS OF IMPORTANT DATA.

• chiteroman, KOWX712 and osm0sis — pif.ts and its forks
• vvb2060 — KeyAttestation
• 5ec1cff, JingMatrix and Enginex0 — Tricky Store and its forks
• KOWX712 — Tricky Store Addon
• Citra-Standalone — TSupport-Advance

GNU GPL v3.0