ASN.1 Decoder API

Decode Android Key Attestation Extension data (OID: 1.3.6.1.4.1.11129.2.1.17) to extract device security and integrity information.

What is this API?

This endpoint decodes the ASN.1 encoded attestation extension from Android device certificates. It extracts critical security information including:

Security Level: TEE, StrongBox, or Software-based key storage
Verified Boot State: GREEN (verified), SELF_SIGNED, TRUSTED, or ORANGE (compromised)
Bootloader Locked: Whether the device bootloader is locked
Package Name: The Android package name being attested
Application Certificate: SHA-256 hash of the app signing certificate
Attestation Challenge: The attestation challenge
Verified Boot Hash: The verified boot hash
Verified Boot Key: The verified boot key
OS Patch Level: The OS patch level
OS Version: The OS version

Important Note

This API expects hex-encoded ASN.1 data, not base64. The data should be the raw attestation extension bytes converted to a hexadecimal string.

Usage

Send a POST request to this endpoint with hex-encoded ASN.1 attestation extension data.

Request:

POST /api/asn1-decoder
Content-Type: application/json

{
  "attestation_asn1": "3082015a30820105a003020102020103300d060960864801650304020130..."
}

Response:

HTTP/1.1 200 OK
Content-Type: application/json

{
	"application_cert": "a1b2c3d4e5f6...",
	"attestation_challenge": "attestation-nonce",
	"bootloader_locked": true,
	"os_patch_level": 202602,
	"os_version": 160000,
	"package_name": "com.example.app",
	"security_level": "TEE",
	"success": true,
	"verified_boot": "GREEN",
	"verified_boot_hash": "a1b2c3d4...",
	"verified_boot_key": "a1b2c3d4..."
}

Data Format

The hex-encoded data should represent the ASN.1 DER-encoded structure containing:

Root of Trust information (security level, verified boot state, device locked)
Attestation Application ID (package name, signature digests)
Key authorization details