ASN.1 Decoder API

Decode Android Key Attestation Extension data (OID: 1.3.6.1.4.1.11129.2.1.17) to extract device security and integrity information.

What is this API?

This endpoint decodes the ASN.1 encoded attestation extension from Android device certificates. It extracts critical security information including:

Security Level: TEE, StrongBox, or Software-based key storage
Verified Boot State: GREEN (verified), SELF_SIGNED, TRUSTED, or ORANGE (compromised)
Bootloader Locked: Whether the device bootloader is locked
Package Name: The Android package name being attested
Application Certificate: SHA-256 hash of the app signing certificate

Important Note

This API expects hex-encoded ASN.1 data, not base64. The data should be the raw attestation extension bytes converted to a hexadecimal string.

Usage

Send a POST request to this endpoint with hex-encoded ASN.1 attestation extension data.

Request:

POST /android/device/integrity/attestation/asn1_decoder
Content-Type: application/json

{
  "attestation_asn1": "3082015a30820105a003020102020103300d060960864801650304020130..."
}

Response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "success": true,
  "security_level": "TEE",
  "package_name": "com.example.app",
  "application_cert": "a1b2c3d4e5f6...",
  "bootloader_locked": true,
  "verified_boot": "GREEN"
}

Data Format

The hex-encoded data should represent the ASN.1 DER-encoded structure containing:

Root of Trust information (security level, verified boot state, device locked)
Attestation Application ID (package name, signature digests)
Key authorization details