Related
I find it hard to believe that this is a completely irreversible process. There MUST be a way to reset this counter, especially since it's entirely possible for there to be false positives. I can imagine sometime in the future an official update will be released that has a chance of blowing the fuse, even if applied correctly through Kies or OTA. How would they resolve that issue?
I figure that Samsung must have a way of resetting these false positives whether it's through replacing a specific chip or through flashing firmware. It really wouldn't make sense for them economically to not have a way of doing it. What would the alternative be? Trash it and make a new one? Samsung would be sued by their shareholders if this was the case.
Logic would dictate it would be more cost effective for it to be a firmware setting, possibly encrypted and extremely low level with some form of obfuscation so they can release fixes for accidental trips without having to send a recall notice.
As a side note, does anyone else feel violated by Samsung because of Knox? The fact they literally boobytrapped their devices with Knox to flag unlocked bootloaders under the guise of "enterprise security" is absolutely disgusting and pathetic. They should have released versions without Knox for the general consumers.
You can use the phone perfectly wok and without knox. Knox is a separate thing to just using the phone. It's a secure container holding secure information for people who want to user it.
Knox is something that most people will not use
Sent from my SM-N9005 using Tapatalk
alom5 said:
You can use the phone perfectly wok and without knox. Knox is a separate thing to just using the phone. It's a secure container holding secure information for people who want to user it.
Knox is something that most people will not use
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
I understand most people won't use the feature, but the fact remains that there are some that will for whatever reason and if the fuse is triggered for reasons that they didn't cause, they are SOL.
The other side is warrenty. It's stated if knox is triggered, they won't honor the warranty, even if it's unrooted.
Master Thief-117 said:
I understand most people won't use the feature, but the fact remains that there are some that will for whatever reason and if the fuse is triggered for reasons that they didn't cause, they are SOL.
The other side is warrenty. It's stated if knox is triggered, they won't honor the warranty, even if it's unrooted.
Click to expand...
Click to collapse
There is no way to trip knox unless you run a custom recovery / kernel.
Other attempts like vroot or kingoapp and whatnot are blocked and knox is not triggered.
All Samsung firmwares are recognised by knox as stock and no there won't be a firmware that will trigger it, they're not that stupid to do it.
So yeah It's an effective solution to protect the information inside the knox container from potential attacks, you root the device by gaining unauthorised root privileges and the container get's completely disabled with all of it's data.
And the Samsung Knox website does mention a fuse.
https://www.samsungknox.com/en/blog/about-cf-auto-root
"Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. "
Skander1998 said:
There is no way to trip knox unless you run a custom recovery / kernel.
Other attempts like vroot or kingoapp and whatnot are blocked and knox is not triggered.
All Samsung firmwares are recognised by knox as stock and no there won't be a firmware that will trigger it, they're not that stupid to do it.
So yeah It's an effective solution to protect the information inside the knox container from potential attacks, you root the device by gaining unauthorised root privileges and the container get's completely disabled with all of it's data.
And the Samsung Knox website does mention a fuse.
https://www.samsungknox.com/en/blog/about-cf-auto-root
"Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. "
Click to expand...
Click to collapse
I am 90% sure that someone on XDA tripped knox with a stock firmware. On phone so can't search well.
Sent from my SM-N9005 using Tapatalk
danieljamie said:
I am 90% sure that someone on XDA tripped knox with a stock firmware. On phone so can't search well.
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
I remember that there was one case on S4 in the very initial stages of knox implementation. Never heard of this scenario any more after that and never saw any for note 3.
Skander1998 said:
There is no way to trip knox unless you run a custom recovery / kernel.
Other attempts like vroot or kingoapp and whatnot are blocked and knox is not triggered.
All Samsung firmwares are recognised by knox as stock and no there won't be a firmware that will trigger it, they're not that stupid to do it.
So yeah It's an effective solution to protect the information inside the knox container from potential attacks, you root the device by gaining unauthorised root privileges and the container get's completely disabled with all of it's data.
And the Samsung Knox website does mention a fuse.
https://www.samsungknox.com/en/blog/about-cf-auto-root
"Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. "
Click to expand...
Click to collapse
Actually, my knox was tripped flashing stock firmware - trying to go back from MJ? Firmware to MI7.... It wouldn't flash cos it won't allow you to go back so I tried the many different method suggested like deleting the modem file within the stock firmware etc.... and then suddenly knox was 0x1.
It sorted me out cos then I didn't have to carry on pussyfooting around and just do what I was supposed to. .. Flash and customise my phone the way I wanted to. So all good in the end. ?
Sent from my SM-N9005 using Tapatalk
alom5 said:
Actually, my knox was tripped flashing stock firmware - trying to go back from MJ? Firmware to MI7.... It wouldn't flash cos it won't allow you to go back so I tried the many different method suggested like deleting the modem file within the stock firmware etc.... and then suddenly knox was 0x1.
It sorted me out cos then I didn't have to carry on pussyfooting around and just do what I was supposed to. .. Flash and customise my phone the way I wanted to. So all good in the end. ?
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
Downgrading bootloader will trip knox. It is not allowed as you are going from a secured bootloader back to one with a loophole. Normal users will never encounter this as you cannot downgrade rom with the official kies.
alom5 said:
Actually, my knox was tripped flashing stock firmware - trying to go back from MJ? Firmware to MI7.... It wouldn't flash cos it won't allow you to go back so I tried the many different method suggested like deleting the modem file within the stock firmware etc.... and then suddenly knox was 0x1.
It sorted me out cos then I didn't have to carry on pussyfooting around and just do what I was supposed to. .. Flash and customise my phone the way I wanted to. So all good in the end. ?
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
as antt said, downgrading to a vulnerable firmware is also not allowed, and knox will trip if you flash it after a new secure update.
You can of course customise everything you want and do whatever, but just don't expect to have Knox anymore, and don't expect warranty.
In reality even before knox everyone knew that every root method warned about losing your warranty immediately, but people cheated and reset counters.
Now you are agreeing to the same disclaimers and you just have to live with it.
If you ever had to protect data that badly, KNOX makes perfect sense.
Sometimes people have sensitive data on their phones (we're not talking about pictures of your ****.) that needs a killswitch. If someone steals your phone, roots it, they can access the data. With KNOX, they can't. For some of us, that's relevant. (No, I'm not getting a blackberry.)
No, I don't feel 'violated by samsung'. Ever had a look at a game console, TV, fridge or any other electronic device? Hell, a car even has the principle of 'mess with the engine and we won't pay for the damage you do.'
Everything has a sticker on the side: "If this sticker is broken, warranty is void". EXACT SAME THING. Nobody complained about that for the last 25 years. This is really nothing new. Welcome to reality.
KNOX can probably be reset as Samsung can do it (We've seen it), but once the switch is triggered, the data is gone.
I feel violated! I've spent £500 on a device that by the fact it's Android, is supposed to be customisable - that's sort of the mantra of Android, isn't it?
The fact that I can only disable a few of the Samsung bloatware apps annoys the hell out of me.
If I buy a PC, I can uninstall whatever I wish, so why can't I do that on my phone? Because Samsung don't allow it as they are in the system area of the device. I wouldn't need to root in the first place if I was allowed to choose which software I want to use.
Not all of us want to screw around with the frequencies of their processor, graphics, ram etc.
KNOX is nothing more than a convenient excuse by way of 'security' for Samsung to kill two birds with one stone.
It will be hacked eventually...what is made by a human can be reversed by another, mark my words
jonboyuk said:
I feel violated! I've spent £500 on a device that by the fact it's Android, is supposed to be customisable - that's sort of the mantra of Android, isn't it?
...
Click to expand...
Click to collapse
You can still customize whatever you want - except selected cases (AT&T and Verizon? - where we know it is an explicit request of the carrier) the bootloader configuration will still let you install a custom recovery and custom kernel and custom ROM. And that is still very, very rare among all the non-Nexus and non-developer-edition phones in the world. That is also pretty unheard of in phones outside the Android ecosystem.
Don't get me wrong, the Knox stuff is still pissing me off a little - but on the other hand given the large amount of Samsung phones that I have seen bricked by morons I can't say that I do not understand how Samsung would like to separate things a little.
Knox is not a big deal. You can still do what you want with the phone and make the appearance and performance to suit the individual. Warranty. .... Either the phone goes wrong in the early days or it stays the long haul. ..I still have 2 galaxy s and an s2 and note 1 all working and rooted and running custom rom and kennels and no problems at all.
Worst case scenario. ..I have insurance. ..
Sent from my SM-N9005 using Tapatalk
I have a Note 3 with a funny screen (bent under the glass, hard to explain) but i am afraid to take it back under warranty, because the replacement unit will surely come with rom version mj7 or higher which reportedly has half the battery life of my current mj1, plus it's not possible to root without tripping knox.
Now, if downgrade was allowed, it would be a totally different case, I would not hesitate to claim warranty on this hardware problem.
I can live with the funny looking screen (only noticeable when the screen is turned off), I decided I will wait with the warranty claim until knox reset, or downgrade without knox tripping becomes possible, or a new firmware with at least as good battery life as mj1 comes out...
Battery life is extremely important to me, and I just love to be able to keep all features of the phone enabled (voice wake, quick glance, all location based google now features, location history, lte, nfc, etc etc) and still get over 5-6 hours of screen on time and a full 16-17 hour stand by.
It is so perfect now I am afraid to risk it, not being able to downgrade legally really limits my willingness to ever upgrade
Sent from my SM-N9005 using Tapatalk
Master Thief-117 said:
As a side note, does anyone else feel violated by Samsung because of Knox? The fact they literally boobytrapped their devices with Knox to flag unlocked bootloaders under the guise of "enterprise security" is absolutely disgusting and pathetic. They should have released versions without Knox for the general consumers.
Click to expand...
Click to collapse
i don't feel violated or cheated nor am i pissed at samsung.....they are not stopping you doing what you want with the phone what they are doing is telling you that if you mess with it then the secure area is fubar .....they are not saying the phone is only the secure area .........and with earlier phones the warning was the same root and your warranty is gone.......
....as for the warranty in the eu we are covered as samsung has to prove that rooting the phone has caused the hardware to fail a blanket your warranty is void won't work....eg my phone is knox 0x1 and the home button falls out .....that is not caused by rooting it is a fault and will be covered by the warranty no matter the state of knox
i am happy with the note 3 ...sure there are people complaining of this and that but that will always be the case my phone does what i want it to do when i want it to so i have no problems
ShadowLea said:
If you ever had to protect data that badly, KNOX makes perfect sense.
Sometimes people have sensitive data on their phones (we're not talking about pictures of your ****.) that needs a killswitch. If someone steals your phone, roots it, they can access the data. With KNOX, they can't. For some of us, that's relevant. (No, I'm not getting a blackberry.)
No, I don't feel 'violated by samsung'. Ever had a look at a game console, TV, fridge or any other electronic device? Hell, a car even has the principle of 'mess with the engine and we won't pay for the damage you do.'
Everything has a sticker on the side: "If this sticker is broken, warranty is void". EXACT SAME THING. Nobody complained about that for the last 25 years. This is really nothing new. Welcome to reality.
KNOX can probably be reset as Samsung can do it (We've seen it), but once the switch is triggered, the data is gone.
Click to expand...
Click to collapse
That kind of data protection is achieved with encryption. Good reliable security solutions are open sourced, no need to use some black box, providing Samsung and their partners access to your data.
So to repeat, encrypt phone with stock android encryption, and it is ok. No it is not 100% secure, but nothing is, neither knox.
Sent from my SM-N9005 using Tapatalk
I doubt that is the case, I just got note 3 a few days ago and it's mj7 and I'm getting savage battery life even though it has only been through3 charge cycles, over 18 hours of standby and 4 1/2 hours of on-screen time and I still had 40% on the battery
vgergo said:
I have a Note 3 with a funny screen (bent under the glass, hard to explain) but i am afraid to take it back under warranty, because the replacement unit will surely come with rom version mj7 or higher which reportedly has half the battery life of my current mj1, plus it's not possible to root without tripping knox.
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
Wanted to start a thread to celebrate 0x1. So many people worry about tripping the flag. So I would like to hear why you decided you didnt care any more. Was it a certain ROM that made you jump? Speed enhancements? Or just a general "Screw you Samsung" feeling? Let me know and lets show people that 0x1 is not the end of the world!!
*edit* it IS the end of your warrenty as my friend below me just stated. Guess that should be stated. Lol
*edit 2* In light of another post....i did not know some countries actually do not look at knox. So i will add to these questions....does the knox flag even matter in your country?
Definitely not the end of the world. More like the end of your phone's official warranty.
My reason was just overall disgust for big corp telling me what I can and cannot do with my $800 phone. That was my orginal reason. Secondly was I love having a new device anytime i feel like it.
jerverg said:
Definitely not the end of the world. More like the end of your phone's official warranty.
Click to expand...
Click to collapse
But I know personally that it is kind of a 50/50 on trade ins if they will dig that deep. If you re-flash everything back to dead stock you do stand a good chance of pushing it through you carriers grasp. I know with t-mobile atleast
It's actually just the loss of Knox. The area that your phone was able to create to store a secure container housing work email or private apps and documents. Tripping Knox Warranty means your phone can't use Knox anymore.
Samsung did not create that flag for their warranty purposes on the phone (although it could be used for such things). It was created to alert the IT department at your job that you can't house important info on your phone anymore. Knox's warranty was void.
On the Note 4, if you trip Knox, you have to do some other stuff afterwards in order to stop severe lag (that is caused by tripping Knox) and to use private mode again.
Again, this is not something Samsung put on here to screw us, Knox actually has a purpose and place in protecting important information. I wish it was reset able though although I understand why it isn't.
Having a secure container like that on your phone has attracted military as well as many companies in the private sector to buy and approve use of Samsung phones in the workplace.
YouTube Knox 2.0 if you've never actually used Knox and are curious as to what your phone now can't do. If you didn't know what it was, then you probably won't care and will be happy with custom kernels and recoveries (the two things that trip Knox).
effortless said:
It's actually just the loss of Knox. The area that your phone was able to create to store a secure container housing work email or private apps and documents. Tripping Knox Warranty means your phone can't use Knox anymore.
Samsung did not create that flag for their warranty purposes on the phone (although it could be used for such things). It was created to alert the IT department at your job that you can't house important info on your phone anymore. Knox's warranty was void.
On the Note 4, if you trip Knox, you have to do some other stuff afterwards in order to stop severe lag (that is caused by tripping Knox) and to use private mode again.
Again, this is not something Samsung put on here to screw us, Knox actually has a purpose and place in protecting important information. I wish it was reset able though although I understand why it isn't.
Having a secure container like that on your phone has attracted military as well as many companies in the private sector to buy and approve use of Samsung phones in the workplace.
YouTube Knox 2.0 if you've never actually used Knox and are curious as to what your phone now can't do. If you didn't know what it was, then you probably won't care and will be happy with custom kernels and recoveries (the two things that trip Knox).
Click to expand...
Click to collapse
You are correct friend. I guess I kinda was not specific. By Screw Samsung I mean they use it. Yes Knox is a big deal if you are in a business that demands that flag be secure. However Samsung encorperates it, carriers use it against us, so I say SCREW them both.....lol. But I like you description and thank you for contributing it here friend.
Well over here they are not allowed to deney us waranty on hardware when only the software has changged.
So yeah 0x1 over here...
I don't want to conform to the standard phone layout. As im not a sheep I want my phone to be unique. And now for most people it does look like it is.
HanZie82 said:
Well over here they are not allowed to deney us waranty on hardware when only the software has changged.
So yeah 0x1 over here...
I don't want to conform to the standard phone layout. As im not a sheep I want my phone to be unique. And now for most people it does look like it is.
Click to expand...
Click to collapse
So where is it your from? Thats awsome they cant deny you. And i agree, i have to be different. I dont like being told that my phone has to be what they say. Android is free kind of like the freedom of being able to going out side the palace but having to stay within the walls of the grounds. No thanks. Im climbing those walls.
I'm stuck with 0x0 no matter what it seems I do. Damn Canadian bootloaders..... LOL!
Why I didn't care, ever? This is probably my 28th phone (if I had kept the counting right) and only thrice in my life I had to visit service centre. And twice because of my own fcuk up.
Second reason, I can still get it serviced, but for a small amount of course.
So why people care about warranty that much is a questionable thing to me, no offence.
HanZie82 said:
Well over here they are not allowed to deney us waranty on hardware when only the software has changged.
So yeah 0x1 over here...
I don't want to conform to the standard phone layout. As im not a sheep I want my phone to be unique. And now for most people it does look like it is.
Click to expand...
Click to collapse
Same here, 2 year warranty cannot be denied here either.
0x1 straight out of the box. Got this phone since it's release date. Never looked back.
Been living life with security flags being tripped for almost 3 years. First HTC then Samsung it's a way of life now.
I see the benefits of keeping knox at 0x0. You're guaranteed repair if you're in your warranty (repair in warranty with knox at 0x1 is basically a lottery) and, for the most part, you're not missing a lot these days. Most custom stock roms support stock kernels and can be installed with Mobile Odin Pro, meaning no loss of knox. And with Towelroot and MOP root injection, you can root without losing knox too. The only roms you can't use are non-stock AOSP/CM builds. But I've never really understood why anyone with a Note device would bother with these anyway as you're losing the primary advantage these things offer over standard phones, namely the S-Pen. Sure, you can keep some features with certain applications, but things likes Smart Select will never be available.
However, despite all the above, I deliberately tripped my knox because I missed full Nandroid backups and restores. I like testing roms. And changing them for me was a pain in the arse. I like trying a rom, but going back to how my phone was EXACTLY before I flashed it if I don't like it much. Nandroid is the only way of doing that in a decent time frame, and it requires a custom recovery like TWRP and CWM.
It just don't matter
I went in to my carrier and showed them my phone. I had bricked it softly. So, the manager played with til he had gotten the download screen. In the mean time they had made arrangements if I could not get working they were going to hook me up with a new phone. They asked me why I was doing it and I told them I didn't like the bloatware. Yes, it already had the 0x1. Yes, I live in the US. No it just didn't matter.
+1
JayHandsome said:
I went in to my carrier and showed them my phone. I had bricked it softly. So, the manager played with til he had gotten the download screen. In the mean time they had made arrangements if I could not get working they were going to hook me up with a new phone. They asked me why I was doing it and I told them I didn't like the bloatware. Yes, it already had the 0x1. Yes, I live in the US. No it just didn't matter.
Click to expand...
Click to collapse
VICTORY!
Under EU statutory law, the service Centre have to prove that rooting and changing system software was the direct cause of any malfunction. If they can't, they are required, again under statutory law, to repair any android device fee free.
https://fsfe.org/freesoftware/legal/flashingdevices.en.html
I have 0x1 and a custom recovery and ROM.
Is there any way to return the phone to a state in which it receives standard OTA updates again?
Want to sell it and if the buyer isn't a rooter/nerd they might complain that the system has been modified.
-------------------------->SIG<------------------------
Even my house phone's better than your iPhone.
dodgebizkit said:
I have 0x1 and a custom recovery and ROM.
Is there any way to return the phone to a state in which it receives standard OTA updates again?
Want to sell it and if the buyer isn't a rooter/nerd they might complain that the system has been modified.
-------------------------->SIG<------------------------
Even my house phone's better than your iPhone.
Click to expand...
Click to collapse
Just flash official Samsung firmware via odin. Flashing official Samsung firmware doesn't trip Knox. In regards to returning Knox to 0x0....no method has been found as far as I know.
speedyjay said:
Under EU statutory law, the service Centre have to prove that rooting and changing system software was the direct cause of any malfunction. If they can't, they are required, again under statutory law, to repair any android device fee free.
https://fsfe.org/freesoftware/legal/flashingdevices.en.html
Click to expand...
Click to collapse
Thats my whole argument. How can they just refuse you. Its a tactic to save them money. Even though your paying a $175 deductible. They should always have to prives the root had simething to do with it. If i bust my screen how the hell does me having a rooted phone disqualify me from receiving a new one. ESPECIALLY with a $175 payment for it. It B.S.
Since I did not spend much time unrooted or on the stock ROM, I have a few questions:
If you trip Knox by rooting does it actually block anything in Android, or is it just a nag on the boot/odin screen?
I know there is a private mode and so forth, does private mode break as soon as you trip Knox?
If you go back to completely stock does anything that is broken begin to work again, and only leave you with the nag screen on boot?
Basically I am interested in what exactly tripping Knox does other than just incrementing the counter in Download Mode.
miked63017 said:
Since I did not spend much time unrooted or on the stock ROM, I have a few questions:
If you trip Knox by rooting does it actually block anything in Android, or is it just a nag on the boot/odin screen?
I know there is a private mode and so forth, does private mode break as soon as you trip Knox?
If you go back to completely stock does anything that is broken begin to work again, and only leave you with the nag screen on boot?
Basically I am interested in what exactly tripping Knox does other than just incrementing the counter in Download Mode.
Click to expand...
Click to collapse
Well, on the S3 it prevented using the Samsung All-Share Cast Hub unless you went back to stock and reset the flash counter. Even worse, as far as I know nobody has managed to work around that. Though nobody has any idea why Samsung checks the flash counter and blocks wifi screen mirroring if the Knox flag is tripped.
1. OTA's will never come through the same way again. The NEW Knox is implemented even more now into Lollipop. You will always be able to use Kies after removing root and restoring the original recovery image, but trying to OTA will come up short after it's downloaded from the server. I even tried OTA Snatcher. I finally went ahead and took Garwyn's tar ball, then TDunham's DeOdex.
2. Sprint doesn't care as far as warranty work is concerned. Only one guy at the store even knows what root is. BestBuy LOVES root and they know Rompnit's work on MOAR. The tech played with my phone back on NE5 2.2 for like 15 minutes.
3. Towelroots are no more. Not even the "Wrong Kernel" trick for 4.4.4.
4. It operates normal when put back to a factory setting. No apps crash because of root, although I am NOT sure of the Allshare issue.
5. Those private mode and S-health issues are no more. You DO still have to do the Sd Card trick to get media RW capabilities.
For Lollipop, it's worth it. Especially if you stay on an Odexed version. MAN it's blazing fast. I don't know what else to say, Mike. You know more about these phones than I do.
nl3142 said:
Well, on the S3 it prevented using the Samsung All-Share Cast Hub unless you went back to stock and reset the flash counter. Even worse, as far as I know nobody has managed to work around that. Though nobody has any idea why Samsung checks the flash counter and blocks wifi screen mirroring if the Knox flag is tripped.
Click to expand...
Click to collapse
jpgranger said:
1. OTA's will never come through the same way again. The NEW Knox is implemented even more now into Lollipop. You will always be able to use Kies after removing root and restoring the original recovery image, but trying to OTA will come up short after it's downloaded from the server. I even tried OTA Snatcher. I finally went ahead and took Garwyn's tar ball, then TDunham's DeOdex.
2. Sprint doesn't care as far as warranty work is concerned. Only one guy at the store even knows what root is. BestBuy LOVES root and they know Rompnit's work on MOAR. The tech played with my phone back on NE5 2.2 for like 15 minutes.
3. Towelroots are no more. Not even the "Wrong Kernel" trick for 4.4.4.
4. It operates normal when put back to a factory setting. No apps crash because of root, although I am NOT sure of the Allshare issue.
5. Those private mode and S-health issues are no more. You DO still have to do the Sd Card trick to get media RW capabilities.
For Lollipop, it's worth it. Especially if you stay on an Odexed version. MAN it's blazing fast. I don't know what else to say, Mike. You know more about these phones than I do.
Click to expand...
Click to collapse
Well the real reason for me asking is because I have slowly been trying to learn assembly, specifically on the arm platform. So the other day I dropped aboot.mbn in IDA and disassembled it, AFAIK aboot is what provides the phone side interface for Odin(Download Mode). I found a few instructions that look interesting, basically they say this:
Code:
if knoxCounter == 0
then
do barely anything and display a zero indicating your warranty is fine
else
do a bunch of stuff and display a 1 indicating your warranty is void
Obviously that isnt the code word for word lol
So my thought was to change the ==(equals(BEQ)) to !=(not equals(BNE)), which could at least in theory make everything that comes after the bootloader think Knox is fine because the bootloader skipped a big chunk of instructions that would have taken place if it saw you tripped it, and instead ran the function that runs when its not tripped.
So I made my change in a hex editor to a temporary file, disassembled it in IDA as well, everything looked legit. I went to flash it in odin by injecting it into a valid OA6 tarball and got Auth failed message. My first thought was our BL is unlocked why am I not allowed to flash it? So I rebooted and flashed it to the proper partition using dd, rebooted to download mode and nothing. After rebooting I then dumped the aboot partition with dd, opened it up in a hex editor and its like my change had never been made? This is about as far as I went and left it alone at this point.
So I am on the fence as to whether or not I should even bother pursuing this any further. At first my thoughts were - I don't like the fact that my own device nags me about warranty so I want to change it. But now its more like - WTF Samsung and Sprint, I though my BL was unlocked, what if I want to plop Linux on this device after I am done using it as a phone?
I don't know if anybody has any knowledge as to why I can't flash my custom aboot partition, maybe there is some signature validation along the way, even though our BL is supposedly unlocked? I thought the sig checks only happened on locked phones.
Its great to be able to browse the code on a theoretical level, but I really want to flash it and play . The other half of me thinks its not worth wasting your time on it, go practice arm assembly on your raspberry pi.
Have you consulted Chainfire? There's a thread floating around where he mentioned the exact same thing. Of course, I think Sammy knew this going into development. And Knox looks different on Lollipop.
Hi All,
I'm reading that root can trip knox, having never owned a Galaxy since the S2 I'm not overly familiar with knox but I've read about what it does.
What is bothering me here is that there seems to be a suggestion that once knox is tripped, that's it. There's no way to untrip it even when flashing a stock factory image again via odin?
Firstly, is this correct?
I'm worried about resale value to the point that I might not care about mobile payments etc, but others might, so a tripped knox could affect value.
If the above is correct I might cancel my pre order, I need root but I don't want a phone that's got limited resale either.
TheBlueRaja said:
What is bothering me here is that there seems to be a suggestion that once knox is tripped, that's it. There's no way to untrip it even when flashing a stock factory image again via odin?
Click to expand...
Click to collapse
Yes that is correct. Once the Knox flag is tripped you can not reverse it.
I don't think it has been confirmed yet that Knox flag breaks Samsung Pay. From what I have read it breaks software dependant on Knox security, ie the BYOD type apps. They use it as an indicator your device is insecure, so It seems reasonable to assume Pay would break too.
Damn it, What a stupid thing to do.
I can understand it being tripped if you are rooted, but to make it permanent if the situation is reverted is ridiculous.
Thanks for the info, I'll hold out a few more days to see what develops just in case, but I think I'm going to cancel my preorder as I need root but I also have to consider selling it on eventually.
Stupid, stupid decision. :crying:
TheBlueRaja said:
Thanks for the info, I'll hold out a few more days to see what develops just in case, but I think I'm going to cancel my preorder as I need root but I also have to consider selling it on eventually.
Click to expand...
Click to collapse
hey, why do you need rooting your phone?
I thought the same way but now I'm going to use adaway with setting up proxy settings in my wifi and mobile apn connections.
The only thing I should need root for is Titanium Backup, but I think with Helium (by ClockworkMod) backups should be performed easily
eSportler said:
hey, why do you need rooting your phone?
I thought the same way but now I'm going to use adaway with setting up proxy settings in my wifi and mobile apn connections.
The only thing I should need root for is Titanium Backup, but I think with Helium (by ClockworkMod) backups should be performed easily
Click to expand...
Click to collapse
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Look at it this way, I have a lovely PC for you - top of the line, fast as hell, lots of memory, premium price, but im going to install Windows 8 on there and a bunch of FREE apps , only im going prevent you from removing them, make sure you cant put Linux or Windows 7 or Windows 10 on there until i say so, prevent you from making any change to the Windows directory otherwise we'll stop you from buying things PERMANENTLY and void your warranty on the hardware so that you'll not be able to sell it on. EVEN IF you factory reset it with my software....
Its a shame as i REALLY wanted this phone, but it looks like it may not be for me unless something crops up with regard to KNOX and root.
TheBlueRaja said:
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Click to expand...
Click to collapse
I'm absolutly with you.
For me it's not a problem because I'm using Facebook, Instagram and Skype. Didn't recognized that they're preinstalled... sry^^
Of course I prefer using the phone the way I want, but it's not as important to me as loosing the warranty. Sure this is quite stupid that Samsung wants to tell us how to use their phone.
If mobile payment will still works with triggered Knox, I'll definetivly root my S6 Edge and maybe try to slim down the stock Rom like I did with my Eragon Rom for the HTC One M7
eSportler said:
I'm absolutly with you.
For me it's not a problem because I'm using Facebook, Instagram and Skype. Didn't recognized that they're preinstalled... sry^^
Of course I prefer using the phone the way I want, but it's not as important to me as loosing the warranty. Sure this is quite stupid that Samsung wants to tell us how to use their phone.
If mobile payment will still works with triggered Knox, I'll definetivly root my S6 Edge and maybe try to slim down the stock Rom like I did with my Eragon Rom for the HTC One M7
Click to expand...
Click to collapse
Yeah - its a shame - hopefully you can still use it, time will tell.
If root comes out without KNOX trigger i'll be all over this - might be too late for day 1 though - i suppose i'll just have to be patient and keep an eye on it.
In the mean time, i'll keep my preorder until the 5th or so then cancel unless something comes up - damn shame though - still i've got my HTC One m8 keeping me happy for now.
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
JuniorGG said:
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
Click to expand...
Click to collapse
If you have root couldn't xposed just hook that call and return KNOX=True whenever queried? I've seen something similar in the past to make Google wallet work with root and without the secure element it required.
Chad
JuniorGG said:
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
Click to expand...
Click to collapse
The thing is, Knox isn't just going to be a Samsung thing, after all its a Samsung and Google collaboration and i believe and it will end up spreading. To be honest, i've no objection and it think its a good idea - HOWEVER
I do think the real problem here is that IF the phone is returned to stock it should reset the KNOX flag back to being unset. Simple, everyone is happy.
If i choose to root then fair enough, trip knox as the phone isn't as secure as it should be - i don't expect to have root access or Admin privileges on my work PC normally and if i try to work round it there are logs to indicate that.
However, i DO expect to have it on my OWN computer and without the threat of the hardware being handicapped should i wish to sell it on, that's just wrong.
TheBlueRaja said:
The thing is, Knox isn't just going to be a Samsung thing, after all its a Samsung and Google collaboration and i believe and it will end up spreading. To be honest, i've no objection and it think its a good idea - HOWEVER
I do think the real problem here is that IF the phone is returned to stock it should reset the KNOX flag back to being unset. Simple, everyone is happy.
If i choose to root then fair enough, trip knox as the phone isn't as secure as it should be - i don't expect to have root access or Admin privileges on my work PC normally and if i try to work round it there are logs to indicate that.
However, i DO expect to have it on my OWN computer and without the threat of the hardware being handicapped should i wish to sell it on, that's just wrong.
Click to expand...
Click to collapse
The problem, from a security perspective, is that there is currently no way to ensure that a phone returned to stock is secure.
Samsung decided from that point to just say once the phone is compromised... that's it. Certain features of Knox disable and, if it's your carrier's policy, the warranty may be void.
But let's be honest from that point as well. Rooting, in most contracts and terms of use, voids the warranty anyhow.
I think many have taken that for granted and don't realize that it can't be in a secure environment.
garwynn said:
The problem, from a security perspective, is that there is currently no way to ensure that a phone returned to stock is secure.
Click to expand...
Click to collapse
Why? I don't see how a phone flashed with Odin using a ROM with a verified cryptographic signature cant be deemed secure? Check this - unset KNOX...
This is like saying that once i've installed Ubuntu on a "Windows" laptop it can no longer be deemed secure and while we are at it, lets fry a hardware fuse?
We are SOFTWARE rooting the phone here, not hardware hacking.
I'm actually curious as to the legality of it as well as they are disabling a part of your phone permanently and on purpose because i choose to run a different OS than the one supplied, but i'm no lawyer and there's probably a loophole or a law allowing it somewhere.
TheBlueRaja said:
Why? I don't see how a phone flashed with Odin using a ROM with a verified cryptographic signature cant be deemed secure? Check this - unset KNOX...
This is like saying that once i've installed Ubuntu on a "Windows" laptop it can no longer be deemed secure and while we are at it, lets fry a hardware fuse?
We are SOFTWARE rooting the phone here, not hardware hacking.
I'm actually curious as to the legality of it as well as they are disabling a part of your phone permanently and on purpose because i choose to run a different OS than the one supplied, but i'm no lawyer and there's probably a loophole or a law allowing it somewhere.
Click to expand...
Click to collapse
What you may be doing is granting software access to root and you may only use root to modify things at a software level.
But you have to keep in mind that's not the only thing root access can do.
It's perfectly legal and I'll even wager they're part of the DoD specification that both they and Apple want to sell to the government.
You have to consider it from a worst case scenario. If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock... both at a hardware, firmware and software level?
Without physically inspecting the phone, they can't - which is why I think this is the way it is.
The Knox team put out a blog entry a while ago about this topic, noting it's a good balance between ensuring security and allowing non-business users to root the device if they want to.
One other note: I don't know enough about the Exynos devices past N2 to say if they've fixed it... but the Note 2's Knox flag was not an e-fuse and could be reset.
garwynn said:
What you may be doing is granting software access to root and you may only use root to modify things at a software level.
But you have to keep in mind that's not the only thing root access can do.
It's perfectly legal and I'll even wager they're part of the DoD specification that both they and Apple want to sell to the government.
You have to consider it from a worst case scenario. If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock... both at a hardware, firmware and software level?
Without physically inspecting the phone, they can't - which is why I think this is the way it is.
The Knox team put out a blog entry a while ago about this topic, noting it's a good balance between ensuring security and allowing non-business users to root the device if they want to.
One other note: I don't know enough about the Exynos devices past N2 to say if they've fixed it... but the Note 2's Knox flag was not an e-fuse and could be reset.
Click to expand...
Click to collapse
Hmm..
Keep in mind here i'm not suggesting apps requiring KNOX are made available whilst rooted like Samsung pay etc, only that the KNOX bit is reset if the phone is flashed back to factory defaults using Samsungs own Odin program and a cryptographically signed firmware. If at that point the phone is rooted again, it would expect it to re-trip KNOX just like it did the first time.
But, lets play a game, lets say i gain root, KNOX bit set and i cant use KNOX apps. I then use that root to make modifications to firmware on the device somehow, which is what i think your insinuating above, not necessarily the Android System partition, maybe the modem firmware (even though its closed source) or something else, for whatever purpose.
IF you have that level of knowledge of the phones hardware then i don't think it would be too much of a stretch to suggest masking the KNOX bit as set would be too hard either, maybe by intercepting the system call to check its status etc but even then when you say:-
"If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock, both at a hardware, firmware and software level"
The firmware and software is taken care of by Odin, that does both, say we did modify the modem firmware above, Odin would write right over it with a VERIFIED image wouldn't it?
Whether you have root or not, you cant do anything about somebody hardware hacking, that's a whole different ball game, if you hacked the hardware you could just change to always respond as the KNOX bit not being set but that would be low level stuff way beyond what pretty much anyone here could do.
Would be interested in that blog post if you have a link - I just don't see this as anything more than a way to discourage more people from rooting.
TheBlueRaja said:
Hmm..
Keep in mind here i'm not suggesting apps requiring KNOX are made available whilst rooted like Samsung pay etc, only that the KNOX bit is reset if the phone is flashed back to factory defaults using Samsungs own Odin program and a cryptographically signed firmware. If at that point the phone is rooted again, it would expect it to re-trip KNOX just like it did the first time.
But, lets play a game, lets say i gain root, KNOX bit set and i cant use KNOX apps. I then use that root to make modifications to firmware on the device somehow, which is what i think your insinuating above, not necessarily the Android System partition, maybe the modem firmware (even though its closed source) or something else, for whatever purpose.
IF you have that level of knowledge of the phones hardware then i don't think it would be too much of a stretch to suggest masking the KNOX bit as set would be too hard either, maybe by intercepting the system call to check its status etc but even then when you say:-
"If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock, both at a hardware, firmware and software level"
The firmware and software is taken care of by Odin, that does both, say we did modify the modem firmware above, Odin would write right over it with a VERIFIED image wouldn't it?
Whether you have root or not, you cant do anything about somebody hardware hacking, that's a whole different ball game, if you hacked the hardware you could just change to always respond as the KNOX bit not being set but that would be low level stuff way beyond what pretty much anyone here could do.
Would be interested in that blog post if you have a link - I just don't see this as anything more than a way to discourage more people from rooting.
Click to expand...
Click to collapse
Blog entries:
https://www.samsungknox.com/en/blog/about-cf-auto-root
https://www.samsungknox.com/en/blog/samsung’s-official-response-“towelroot”
https://www.samsungknox.com/en/blog...ox-enabled-devices-and-knox-warranty-void-bit
There are many, many more on the site, just use the search keyword root.
But that's the gist of it - they understand that some may want root for simpler reasons.
Others may want it for more nefarious ways, like trying to access the keys within the TPM.
The end result sucks for consumers; but as a IT admin I can tell you I wouldn't trust a device with sensitive corporate data if it has been rooted... ever.
Thanks very much, I'll take a look when I get a chance later.
Anyone have an idea which carriers enforce the Knox tripping for repair?
Although this looks like a great device, if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Might as well buy a Note 4 exynos since apparently warranty is not valid in usa.
bjrmd said:
Anyone have an idea which carriers enforce the Knox tripping for repair?
Although this looks like a great device, if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Might as well buy a Note 4 exynos since apparently warranty is not valid in usa.
Click to expand...
Click to collapse
Technically the US has a law, the Magnuson-Moss Warranty Act, which should limit manufacturers voiding of warranties to that damage which can reasonably be blamed on the consumer. (for example, rooting your device shouldn't void the warranty for a defective power button) However, manufacturers usually claim the opposite here and I'm not aware of successful legal challenges.
Looks like sprint at least is ok with it
http://forum.xda-developers.com/showthread.php?t=2674884
TheBlueRaja said:
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Look at it this way, I have a lovely PC for you - top of the line, fast as hell, lots of memory, premium price, but im going to install Windows 8 on there and a bunch of FREE apps , only im going prevent you from removing them, make sure you cant put Linux or Windows 7 or Windows 10 on there until i say so, prevent you from making any change to the Windows directory otherwise we'll stop you from buying things PERMANENTLY and void your warranty on the hardware so that you'll not be able to sell it on. EVEN IF you factory reset it with my software....
Its a shame as i REALLY wanted this phone, but it looks like it may not be for me unless something crops up with regard to KNOX and root.
Click to expand...
Click to collapse
I agree. My last Samsung was a note 2 which knox wasn't a factor and not a big push then. I didn't got to any Samsung's after that due to knox.
I just want root for the reason's you do and edit the phone's density.
Its a shame that we cannot just flash back to stock and "close things up" per say if we want to sell it or have a non root related warranty issue.
Knox is mainly geared toward the business side , so why not make Knox activated by a Admin when the phone is to be used for business where the security is needed. And leave it un-activated for the rest of us.
And i would think the ratio of people rooting vs people not rooting (nor even knowing what it is) is so slim that allowing it wouldn't cause a pandemic in warranty claims.
I know before i root anything i make sure all my points are covered and there are processes in place to un-brick a device. Which i haven't had to unbrick a device since my Moto X or OG Droid.
---------- Post added at 11:13 AM ---------- Previous post was at 10:28 AM ----------
bjrmd said:
if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Click to expand...
Click to collapse
I agree +1
I'm just curious to know whether or not it's possible to restore from a KNOX trip after installing TWRP and a custom Rom. Does restoring stock Rom via Odin restore KNOX status to x0?
No. Once it's done it's done. It's a hardware fuse that blows. You can't undo that.....
Thanks for taking the time to reply. Damn that sucks. So if i trip KNOX and go back to stock Rom via Odin, will I experience tripped KNOX related errors and popups? Would Samsung Pay still be functional?
michel5891 said:
Thanks for taking the time to reply. Damn that sucks. So if i trip KNOX and go back to stock Rom via Odin, will I experience tripped KNOX related errors and popups? Would Samsung Pay still be functional?
Click to expand...
Click to collapse
No Samsung Pay, S Health, Secure Folder, and everything that is knox related.
I just got mine in the mail. Literally 3 minutes ago. SM-G955FD.
So aster rooting I'm definitely going to see Samsung Pay related errors and if i were to attempt to resell, those errors would be dead giveaway. Correct?
I'm debating whether or not to root and put custom Rom on it.
michel5891 said:
I just got mine in the mail. Literally 3 minutes ago. SM-G955FD.
So aster rooting I'm definitely going to see Samsung Pay related errors and if i were to attempt to resell, those errors would be dead giveaway. Correct?
I'm debating whether or not to root and put custom Rom on it.
Click to expand...
Click to collapse
Most definitely
The phone will be missing all those features stated above and also no warranty
Will majorly affect resale price
Not really fair to resell without stating the issues from rooting
So I guess that settles it. Not going to root. That sucks. How is Samsung getting away with this ****? Apple-like behavior. I'll miss rooting; custom roms etc.
Thats whay i will sale my s8+. Thats bored whithout custom roms.
I will back to Note 5, S7 Edge. I think the "new" note 7 will come whith the same problem like the s8. Fu()/&= KNOX !
It's Samsung's loss, modding community will move away from Samsung devices if they continue this lock down crap. I got an international variant so I can root. I don't really care about Samsung pay, S health and secure folder are nice so that sucks but there are likely alternatives in the play store.
VICosPhi said:
It's Samsung's loss, modding community will move away from Samsung devices if they continue this lock down crap. I got an international variant so I can root. I don't really care about Samsung pay, S health and secure folder are nice so that sucks but there are likely alternatives in the play store.
Click to expand...
Click to collapse
You're absolutely right. I've already started looking as other devices, the only caveat is the specs -- the hardware. They're not up to par with Samsung's technology. I hope I'm wrong about this. If i am and there are other devices that are just as good or even better, I'll jump ship.
so u cant use S health in a rooted device? like heart rate monitor and running stress test? etc?
You can use those on a rooted device by hiding root. If you go back to stock, those will not work.
Well now this is confusing me a bit. There's rooting and there's installing custom recovery. Which of the two is going to trip Knox?
michel5891 said:
Well now this is confusing me a bit. There's rooting and there's installing custom recovery. Which of the two is going to trip Knox?
Click to expand...
Click to collapse
Both; you need to install a custom recovery to root.
Near_07 said:
so u cant use S health in a rooted device? like heart rate monitor and running stress test? etc?
Click to expand...
Click to collapse
AFAIK, S Health is the only one of the knox-related apps that can work on a rooted device. Check out this post for instructions.
zfzszt said:
Both; you need to install a custom recovery to root.
AFAIK, S Health is the only one of the knox-related apps that can work on a rooted device. Check out this post for instructions.
Click to expand...
Click to collapse
I'm waiting for that mothership.:crying:
Samsung had locked devices since at least the S6 using Knox. Still one of the highest selling phones out there so I doubt they will care about a few losses in sales. Provably make up more I sales gained by corporate clients.
Sent from my SM-G955F using Tapatalk
Lets be clear here, warranty is only lost in some countries, not all. In the EU its not, even if Samsung claim it is. You should be getting the seller to deal with any warranty claim anyway, not Samsung directly.
As for it being Samsungs loss, well the modding community is absolutely tiny, far less than 1% of sales, so they really dont care and lose nothing. Its a small price to pay for the potential security issues a hacked Knox can bring, for example.. Its possible to simulate knox, or 'secure folder' on a device, but in reality the phone is sending back all the information in that folder to a third party server. However to do this you have to root and flash custom software, this trips the real knox, which the device will then complain about. Tripping Knox has to be permanent otherwise it can be bypassed.
ChrisM75 said:
Lets be clear here, warranty is only lost in some countries, not all. In the EU its not, even if Samsung claim it is. You should be getting the seller to deal with any warranty claim anyway, not Samsung directly.
As for it being Samsungs loss, well the modding community is absolutely tiny, far less than 1% of sales, so they really dont care and lose nothing. Its a small price to pay for the potential security issues a hacked Knox can bring, for example.. Its possible to simulate knox, or 'secure folder' on a device, but in reality the phone is sending back all the information in that folder to a third party server. However to do this you have to root and flash custom software, this trips the real knox, which the device will then complain about. Tripping Knox has to be permanent otherwise it can be bypassed.
Click to expand...
Click to collapse
1% is an over statement.
0.01% is probably still overkill.
Far less than 1%... Well, for giant company like Samsung is, thats lot of money.. But... where is Knox exactly located on motherboard? Can be regain by erasing all (nand erase all, efs, etc) and than flashing all partitions through BOX-Octopus Box and dongle????
zfzszt said:
Both; you need to install a custom recovery to root.
AFAIK, S Health is the only one of the knox-related apps that can work on a rooted device. Check out this post for instructions.
Click to expand...
Click to collapse
No. Rooting has literally nothing to do with the knox counter. Knox is protection against untrusted code.
Every single snapdragon s8 s8+ and n8 of rooted with a 0x0 counter, so it's a little more than possible