As we all know Knox is sort of a spyware and a p.i.t.a. A completely unnecessary pile of shiz,crammed in our devices for a very stupid reason. Knox_out will brutalize and defeat Samsung Knox for good. It has not tripped the Knox counter,and makes your device happier. Plus no more stupid Knox warnings,or SU being defeated on boot. Knox_out removes 100% of the Knox, nothing remains.
Knox_out will not remove Knox from bootloader.
Knox_out download and main page. Please use main page for support and comments.thanks.... Feel free to comment here if you really need to.
http://forum.xda-developers.com/showthread.php?t=2807064
Ultra Keaner De-bloater. Get 400+mbs free space, and free your ram.
http://forum.xda-developers.com/showthread.php?t=2809319
Changelog;
7/8/14 Added additional items to removal.
7/17/14 Added removal of annoying security policy updater
blaz1nr said:
As we all know Knox is sort of a spyware and a p.i.t.a. A completely unnecessary pile of shiz,crammed in our devices for a very stupid reason. Knox_out will brutalize and defeat Samsung Knox for good. It has not tripped the Knox counter,and makes your device happier. Plus no more stupid Knox warnings,or SU being defeated on boot. Knox_out removes 100% of the Knox, nothing remains.
Knox_out download and main page. Please use main page for support and comments.thanks.... Feel free to comment here if you really need to.
http://forum.xda-developers.com/showthread.php?t=2807064
Click to expand...
Click to collapse
So it only removes Knox apps in os,and not the Knox bootloader?
Does not remove the knox in bootloader. That seems to dangerous to do on these devices,most are still bl
locked anyway.Knox will be completely disabled with no hope of return.
Updated added new items.
Nice work, but - beg my pardon, mate,-where is the benefit?
The main problem will remain and there is no practical solution for that damn3d Bootloader Lock ?
silentscreamer said:
Nice work, but - beg my pardon, mate,-where is the benefit?
The main problem will remain and there is no practical solution for that damn3d Bootloader Lock ?
Click to expand...
Click to collapse
Without the apk's/libs blah blah blah. Knox cannot block SU access or send/log reports.Plus you get extra free space. There's pretty much no better reason's atm.If free space is what you really want,up soon will be my cleaner script.440+mb gain in free space from stock boot.
OK, ... ? that's pretty straight;... free space ?
The thread title is promising, what I am looking for is an automated solution for the complete patch at least all Knox components (Bootloader, Framework &. Apk's) because I want to go back to one of the stock Samsung Firmware.
@ time ? I don't have the new Bootloader, also no Knox and thanks to a 64 GB Micro SD Card more than enough Space on my GT-I9505 (powered by Android 4.4.4).
[emoji106]But I will subscribe your thread, maybe you are the blessed one who find a solution for the %@*¥^¦™ Bootloader Problem ?
Keep up the good work [emoji772]
If someone can point me in the direction to remove Knox from bootloader through a script. I'll take that challenge on. It's been plaguing me as it is. Since I've already made unsecured kernels, with no way to install them.
thanks for this solution i was trying to fight for it and u got it! thanks again
the results i got through this solution is :-
-more free space
-also some more free Ram due to no more knox booting with android
-feeling little more responsive when dealing with app who needs rooted device
if u would like what kernel or ROM do u i use see my signature...
updated
But will the knox flag get to 1 when flashing a custom rom with this?
Only system items get removed. The Knox counter is inside the bootloader. I don't touch anything in it. My knox counter did not trip. I've tested different variations, several times over and over again. Still no knox counter trip. I would definitely warn people if I saw that occur.
Dude this script works on i9500? or only the active model?
EduRePiN said:
Dude this script works on i9500? or only the active model?
Click to expand...
Click to collapse
Should work on all galaxy devices
blaz1nr said:
If someone can point me in the direction to remove Knox from bootloader through a script. I'll take that challenge on. It's been plaguing me as it is. Since I've already made unsecured kernels, with no way to install them.
Click to expand...
Click to collapse
From what I've read on this, the only way to remove knox from the bootloader is to reverse engineer the bootloader and rebuild it without any of the knox components. Very likely to be impossible. (Note - this is different from removing knox apps/framework or gaining root without tripping the knox counter)
ugly_bob said:
From what I've read on this, the only way to remove knox from the bootloader is to reverse engineer the bootloader and rebuild it without any of the knox components. Very likely to be impossible. (Note - this is different from removing knox apps/framework or gaining root without tripping the knox counter)
Click to expand...
Click to collapse
I had figured that. So much easier to work on HTC. It was worth the ask though.
Will this clean some space even if I already use a custom rom and kernel?
Just a noob question but how do I use this? A step by step procedure will be greatly appreciated.
download the zip.
copy to sdcard
reboot into recovery (press and hold Power + Home + Volume up Button)
choose install zip from sd card
select and let the recovery install it
One question. This will work on 4.4.2 S4 i9506?
And do phone need to be rooted? since there is no serious custom roms for i9506 I hope so someone will make some soon..
Related
Hello all,
I've searched all over XDA and Google, to give me definitive answer about issue i am about to raise, i rooted and put custom roms on all my previous samsung/htc devices, and WAS about to do the same for my Note 3 (its a beastly device, and doesnt need modifications, however it has been a routine for me to root and put custom roms into any devices that i've used)
Now the issue is this:
Yes, i've read about KNOX security system that Samsung has implemented, which would trip a counter and supposedly locked the bootloader of the phone, i've also read that due to the e-fuse that has been implemented, my Note 3 internals could be damaged due to it (?), and also i wouldnt be able to go back to the old version/bootloader as it will be parmanently locked by Samsung if i flash using Odin.
Do take note..that my Note 3 is not under warranty..so if KNOX triggers, it doesnt matter for me , as i wont be going to my local phone shop or official Samsung Officials (there isnt one here in my country) if anything would happen to my device. However i do need to know if its gonna mess with my device due to the e-fuse.
My questions are these..
1) If i root it, using CF's method as i usually do..and will definately put Custom Rom in it...and that will trigger KNOX for sure..will it destroy the internals? say the MOBO..and the phone will be rendered useless and become an expensive paperweight (i dont have warranty, so no replacements)
2) If i use for e.g Omega Rom which released two versions, one, with 4.3 JB and one, with 4.4 KitKat...will i be able to go back and forth for e.g 4.4 to 4.3 as well as jumping to different custom roms with diffrent Android versions?! as i usually do with me previous devices
Thanks and i will definately delete this thread once i'm fully convinced that rooting , putting roms should be avoided or ''Since you dont care about tripping knox, go ahead and do it as ur previous devices'' kinda answer..
Truly Sorry if you guys come across this question already..i've searched for it and come to no avail.. this is my last resort. Thnks XDA and everyone.:good:
qilrfn said:
My questions are these..
1) If i root it, using CF's method as i usually do..and will definately put Custom Rom in it...and that will trigger KNOX for sure..will it destroy the internals? say the MOBO..and the phone will be rendered useless and become an expensive paperweight (i dont have warranty, so no replacements)
2) If i use for e.g Omega Rom which released two versions, one, with 4.3 JB and one, with 4.4 KitKat...will i be able to go back and forth for e.g 4.4 to 4.3 as well as jumping to different custom roms with diffrent Android versions?! as i usually do with me previous devices
Thanks and i will definately delete this thread once i'm fully convinced that rooting , putting roms should be avoided or ''Since you dont care about tripping knox, go ahead and do it as ur previous devices'' kinda answer..
Truly Sorry if you guys come across this question already..i've searched for it and come to no avail.. this is my last resort. Thnks XDA and everyone.:good:
Click to expand...
Click to collapse
Firstly wrong section - should go to Q&A
1) -- Well you can mess up if you don't follow the right methods (not hard)
2) you can only be on one, if you use 4.3 BL you can't use 4.4 and vice versa... once you go to 4.4 you cannot downgrade back to 4.3 unless you have an N900w8
Generally, rooting/custom ROM's won't hurt your device, just make sure you have the right ROM/Kernel and make the proper backups if needed.
Disable Reactivation Lock, and read about backing up your EFS and how to get out of it if it goes mad (which it sometimes does at random)
I think Radicalisto didn't make it clear enough: I'm not aware of tripped Knox flag affecting anything else on the phone except for warranty and inability to use Knox software. Any type of phone issues would probably be due to user error, or loaded software, not the flag itself.
radicalisto said:
Firstly wrong section - should go to Q&A
1) -- Well you can mess up if you don't follow the right methods (not hard)
2) you can only be on one, if you use 4.3 BL you can't use 4.4 and vice versa... once you go to 4.4 you cannot downgrade back to 4.3 unless you have an N900w8
Generally, rooting/custom ROM's won't hurt your device, just make sure you have the right ROM/Kernel and make the proper backups if needed.
Disable Reactivation Lock, and read about backing up your EFS and how to get out of it if it goes mad (which it sometimes does at random)
Click to expand...
Click to collapse
Thanks for answering first of all..will defo hit the thnx button..
for the 1) i always make sure i read the instructions and follow steps..no problem there..
2) this one tho..is a bit weird for me..i was able to do it on my note 2..going back and forth 4.3 to 4.1.2 cus i found the 4.1.2 more stable..i guess for note 3 i cant do that anymore? even if use custom roms to up/downgrade?
thnx for ur time..and will take ur advice next time on posting it at the q and a section (still learning)
ON 4.3 you once you go to MJ7 Bootloader you cannot downgrade -- however you can go to ML and MK bootloaders and go back to MJ7 again.
For some reason Samsung blocked a downgrade to 4.3 from 4.4 (as the Note shipped with 4.3 no logical reason to allow 4.2 imo) - but if you choose to move to 4.4. bootloader do be aware it can be buggy on some devices (NEE region also Hong Kong notes have issues) - If you have a read around you will see the issues people are having and not having with stock 4.4.
There's plenty of ROMs for both bootloaders CM works on both and most of the Stock based ROM dev's have moved up to the newest NB* Bootloader from NA* - I flashed 4.4 day it leaked (the next hour to be precise and I have had no issues)
qilrfn said:
Thanks for answering first of all..will defo hit the thnx button..
for the 1) i always make sure i read the instructions and follow steps..no problem there..
2) this one tho..is a bit weird for me..i was able to do it on my note 2..going back and forth 4.3 to 4.1.2 cus i found the 4.1.2 more stable..i guess for note 3 i cant do that anymore? even if use custom roms to up/downgrade?
thnx for ur time..and will take ur advice next time on posting it at the q and a section (still learning)
Click to expand...
Click to collapse
since note 3 came with 4.3 and currently latest stock is 4.4.2. even if u wanna go back to 4.3 from what i read around it is not possible. There are alot of aosp roms and stock rooted roms with all kinds of kernel build for both stock and aosp. Im sure if u were to follow the instructions given and do it diligently surely nthg goes wrong unless u overclock ur phone too high or flashing stuff which weren't meant for ur specific device then nthg to be afraid of. I sure glad i went ahead and root. Coz to me knox is a totally BS. all down to ur own preference. u like it u root it u use it. best is to keep reading different threads.
Sent from my SM-N9005 using XDA Premium 4 mobile app
radicalisto said:
ON 4.3 you once you go to MJ7 Bootloader you cannot downgrade -- however you can go to ML and MK bootloaders and go back to MJ7 again.
For some reason Samsung blocked a downgrade to 4.3 from 4.4 (as the Note shipped with 4.3 no logical reason to allow 4.2 imo) - but if you choose to move to 4.4. bootloader do be aware it can be buggy on some devices (NEE region also Hong Kong notes have issues) - If you have a read around you will see the issues people are having and not having with stock 4.4.
There's plenty of ROMs for both bootloaders CM works on both and most of the Stock based ROM dev's have moved up to the newest NB* Bootloader from NA* - I flashed 4.4 day it leaked (the next hour to be precise and I have had no issues)
Click to expand...
Click to collapse
Okay..so i would only flash 4.4 roms when Im really really convinced that its time for KitKat..but as of right now, i can only play around with 4.3 roms..ok..understood. You've cleared my doubts man, thanks a bunch and i guess its time to root and flash.
pete4k said:
I think Radicalisto didn't make it clear enough: I'm not aware of tripped Knox flag affecting anything else on the phone except for warranty and inability to use Knox software. Any type of phone issues would probably be due to user error, or loaded software, not the flag itself.
Click to expand...
Click to collapse
I did read somewhere, the e-fuse is like an internal bomb..if i flag it, some sort of ''internal parts destroyer'' would be unleashed and mess up my device. I guess its just a rumour...hopefully.
qilrfn said:
I did read somewhere, the e-fuse is like an internal bomb..if i flag it, some sort of ''internal parts destroyer'' would be unleashed and mess up my device. I guess its just a rumour...hopefully.
Click to expand...
Click to collapse
If it's not humour, there's gonna be a lot of angry Note owners here on XDA -- Some tripped KNOX accidently lol - I wouldn't worry too much in all honesty.
I'm sure using cf root trips knox
Sent from my SM-N9005 using xda app-developers app
An e-fuse is just a silicon bridge on the processor that gets burnt out. Once you burn the bridge it can't revert back.
This is technically damaging the internal hardware BUT this is due to Samsung software doing this so I don't see how they can claim we have damaged the hardware.... There should be no other problems resulting from this....
First of all, many people already claim their phones had Knox flag reset to zero by Samsung service centers. Either they're all lying (why?), there are more than one e-fuse inside and Samsung can simply reset software to ignore burned fuse and check next one, or the whole e-fuse story is made up and not true. Personally I lean towards the last possibility, for 2 reasons: e-fuse is permanent so couldn't be reset and if they're using multiple e-fuses then it is not more secure than encrypted software code and also possibly e-fuse could be defeated from tripping: I believe e-fuse needs higher than normal voltage to be burned out (otherwise it could burn accidentally) and that voltage is probably coming on separate rail, I wonder what would happen if one would either cut this high voltage or short it out, just during flag tripping operations.
Secondly many people tripped their Knox flags already, if there was some side effects, we would know about it already.
So i've been searching for a couple days now, but can't seem to find a straight answer.
If i root my note 12.2, will it trip Knox to 0x1, or will knox only trip if i flash a custom rom?
I don't care too much for modding and such, just interested in rooting to remove blaotware. From what i've been seeing though, it looks like knox will trip just by rooting. However i'v seen others say it only tripped after installing custom roms. Maybe im just getting my references mixed up though.
AANNDD if rooting will trip knox, any idea if it will ever be possible to root without buggin knox? I have the note3 and was able to root and keep 0x0. I know they are very different when it comes to kernels, but maybe one day?
o0pyroguy0o said:
So i've been searching for a couple days now, but can't seem to find a straight answer.
If i root my note 12.2, will it trip Knox to 0x1, or will knox only trip if i flash a custom rom?
I don't care too much for modding and such, just interested in rooting to remove blaotware. From what i've been seeing though, it looks like knox will trip just by rooting. However i'v seen others say it only tripped after installing custom roms. Maybe im just getting my references mixed up though.
AANNDD if rooting will trip knox, any idea if it will ever be possible to root without buggin knox? I have the note3 and was able to root and keep 0x0. I know they are very different when it comes to kernels, but maybe one day?
Click to expand...
Click to collapse
I tripped knox trying to install TWRP... I know this doesn't exactly answer your question.
o0pyroguy0o said:
So i've been searching for a couple days now, but can't seem to find a straight answer.
If i root my note 12.2, will it trip Knox to 0x1, or will knox only trip if i flash a custom rom?
I don't care too much for modding and such, just interested in rooting to remove blaotware. From what i've been seeing though, it looks like knox will trip just by rooting. However i'v seen others say it only tripped after installing custom roms. Maybe im just getting my references mixed up though.
AANNDD if rooting will trip knox, any idea if it will ever be possible to root without buggin knox? I have the note3 and was able to root and keep 0x0. I know they are very different when it comes to kernels, but maybe one day?
Click to expand...
Click to collapse
I have root, stock recovery, stock firmware, never installed anything custom and KNOX is tripped. AFAIK, no way to achieve root without tripping KNOX, but so worth it to root. I have Exposed installed with Wanam and have my tablet set to Custom instead of Modified so I still get updates. I also have a Note 3 rooted on 4.4.2 without tripping KNOX.
It's not possible to root / flash custom ROMs or recoveries without tripping KNOX. At last for now.
And a bit off topic:
Note 3 was different since @designgears found way (URDLV) to root without triggering KNOX.. But it didn't took very long for Samsung to release a patch for that and downgrading is also impossible. So if you updated your phone via Kies or OTA when that exploit were patched, you got "bootloader of doom" and no way root without triggering KNOX flag (and since downgrading is impossible, you can't go back to "rootable" version). And I'm talking now about international Snapdragon version (since my Note 3 and NP 12.2 are international versions)
One day . . perhaps. .
I'm now on my second Note Pro having lost the first to an act of stupidity. This time around I've purchased a square trade warranty with accidental damage coverage for 2-years and as with the first I'll be rooting this tablet as well (gave it a week to settle in so that I'm sure that there's no hardware issues).
Here's my take on KNOX; Unless there were applications that I relied on that are checking on KNOX or evidence of root to stop me from using them I'm not going to worry myself at all about it. If I'm going to be sending in my device for repair it's going to be for a hardware issue NOT a software one because if I have the knowledge to be doing things like rooting and installing custom recoveries then I should be able to solve my own software issues (most likely through a factory reset if need be). Warranty coverage for hardware defect shouldn't be influenced by software.
wow, thanks for the fast replies guy!
So another quick question. (since muzzy mentioned breaking)
Lets say i root my note, knox trips 0x1, and in 3 months my volume rocker stops working (hardware problem). With other devices, i would call customer support, we troubleshoot for a bit, they decide to send me a new device (refurbished most likely) and i send my broken one to them since im still in warranty time wise. If they receive my note 12 and knox says 0x1, what do they do? Since my warranty is technically void, could they charge me for the tablet they sent me?
i think i just answered my own question as im thinking about it more.
SO knox is specifically SOFTWARE, if something hardware wise go amiss, my warranty is still good?
Root that bad boy. Get the files you need to root here:
http://forum.xda-developers.com/showthread.php?p=50492301
and when you encounter problems, go to this thread for answers:
http://forum.xda-developers.com/showthread.php?t=2710004&page=3
Russbad said:
Root that bad boy. Get the files you need to root here:
http://forum.xda-developers.com/showthread.php?p=50492301
and when you encounter problems, go to this thread for answers:
http://forum.xda-developers.com/showthread.php?t=2710004&page=3
Click to expand...
Click to collapse
awesome! I'll get this done as soon as im home then. Thanks for the quick responses everyone!
I installed CF auto root via Odin and it tripped the knox flag.
Bummer =(
oh well, as long as hardware wise, the warranty is fine, i guess its no big deal. Like muzzy said, anything software wise, i can fix. And if rooting trips KNOX and only void software warranty, i don't care too much about that.
Russbad said:
Root that bad boy. Get the files you need to root here:
http://forum.xda-developers.com/showthread.php?p=50492301
and when you encounter problems, go to this thread for answers:
http://forum.xda-developers.com/showthread.php?t=2710004&page=3
Click to expand...
Click to collapse
Unfortunately this won't work for the P905V (Verizon Variant). I've tried, since it said LTE but it's not for the Verizon LTE version. Still waiting for Root so I can at least install Xposed. I bought my device outright and couldn't care less about tripping KNOX.
I bought my device outright and couldn't care less about tripping KNOX
Click to expand...
Click to collapse
The only crappy part is if you get an actual hardware failure it sucks that they invalidate your entire warranty.
KNOX Warranty has nothing to do with the hardware warranty. The Knox warranty flag is there to make sure a device has never been tampered with in a way that could compromise their Knox services. Period.
Sent from my SM-P900 using Tapatalk
dodo99x said:
KNOX Warranty has nothing to do with the hardware warranty.
Click to expand...
Click to collapse
Well that's a relief.
dodo99x said:
KNOX Warranty has nothing to do with the hardware warranty. The Knox warranty flag is there to make sure a device has never been tampered with in a way that could compromise their Knox services. Period.
Sent from my SM-P900 using Tapatalk
Click to expand...
Click to collapse
Those Knox services were the first thing I froze then deleted after root
Huh... im failing at the cache. Those recovery images have sure come in handy. Any tips?
Ive used odin 3.07/3.09 and CF-Auto-Root-v1awifi-v1awifixx-smp900? Im seeing a bunch of people getting stuck on the cache.img.
EDIT * USB debugging is on btw
EDIT* Got it! I unplugged ALL my other usb devices and changed the port i was using... stupid fix, but it worked.
Goodbye knox and all you other battery sucking memory hogging pieces of bloatware!
Thanks for you great help and suggestions! Greatly appreciated =D
Once the flag is tripped you can't even install Knox anymore
Sent from my SM-P900 using Tapatalk
o0pyroguy0o said:
Huh... im failing at the cache. Those recovery images have sure come in handy. Any tips?
Ive used odin 3.07/3.09 and CF-Auto-Root-v1awifi-v1awifixx-smp900? Im seeing a bunch of people getting stuck on the cache.img.
EDIT * USB debugging is on btw
EDIT* Got it! I unplugged ALL my other usb devices and changed the port i was using... stupid fix, but it worked.
Goodbye knox and all you other battery sucking memory hogging pieces of bloatware!
Thanks for you great help and suggestions! Greatly appreciated =D
Click to expand...
Click to collapse
Congrats to you, glad you worked it out! Enjoy your rooted tablet!
dodo99x said:
Once the flag is tripped you can't even install Knox anymore
Sent from my SM-P900 using Tapatalk
Click to expand...
Click to collapse
I REALLY don't care for knox anyways. Basically what i did right after rooting was open TB and uninstall everything that started with K and ended with NOX... removed a totall of 48 other programs too. Running smooth with no errors =D
Couldn't be happier.... well i could be happier if i could actually transfer files from my computer to my tablet... that would be nice. Good thing i have a card reader right?
o0pyroguy0o said:
I REALLY don't care for knox anyways. Basically what i did right after rooting was open TB and uninstall everything that started with K and ended with NOX... removed a totall of 48 other programs too. Running smooth with no errors =D
Couldn't be happier.... well i could be happier if i could actually transfer files from my computer to my tablet... that would be nice. Good thing i have a card reader right?
Click to expand...
Click to collapse
Hey, can you post your list of programs you uninstalled? I would love to take a look at it and compare it to the other threads about this, but I don't think anyone posted that many. I'm trying to improve my battery life, right now the screen takes the most and exchange service the next most.
On KNOX, I can't find anything at all that I would ever use it for so it didn't matter to me. Seems like Samsung could make it so that they could still have KNOX but allow us to root all the same. They even talk about CF root in their literature not installing a rootkit so they are not worried about it like other rooting methods that don't trip the KNOX circuit and DO instal a rootkit.
I see a lot of similar questions, but am getting yes and no answers.
Background+Rant: after spending yesterday bashing my head against knox, i managed to get my new sm-g900p from oem 5.0 back to stock 4.4.2, towel-rooted successfully (keeping 0x0). Good, but not enough. without a real recovery to make a backup, samsung is actually putting me at more risk than ever at turning my phone into a brick (security my ***). plus the slow/ugly stock rom hurts my head after seeing what Android should be. They act like making a rewarding process dangerous is going to stop this entire community! Anyway enough ranting from a non-dev.
what i need to know is since i have NOT sent knox into lockdown mode(0x1), can i get knox out of the Bootloader? from what i understand, you can disable the knox apps using superSU, titanium, or a command prompt, but this will not effect the flash counter (not eliminating the risk of permanent 0x1). we flash bootloaders all the time with our recoveries, firmwares, and roms. If knox has not activated (ie blocking root, apps, etc) how is this bootloader different?
http://www.s4miniarchive.com/2013/12/how-to-remove-knox-bootloader-from-new.html seems hopeful as it involves extracting the firmware to linux, removing the knox code, repacking and reflashing. sounds like something even i could do, but would feel more comfortable downloading from a real developer.
Hopes and thoughts to go along with my disappointment and concerns?
3rdsurfer said:
I see a lot of similar questions, but am getting yes and no answers.
Background+Rant: after spending yesterday bashing my head against knox, i managed to get my new sm-g900p from oem 5.0 back to stock 4.4.2, towel-rooted successfully (keeping 0x0). Good, but not enough. without a real recovery to make a backup, samsung is actually putting me at more risk than ever at turning my phone into a brick (security my ***). plus the slow/ugly stock rom hurts my head after seeing what Android should be. They act like making a rewarding process dangerous is going to stop this entire community! Anyway enough ranting from a non-dev.
what i need to know is since i have NOT sent knox into lockdown mode(0x1), can i get knox out of the Bootloader? from what i understand, you can disable the knox apps using superSU, titanium, or a command prompt, but this will not effect the flash counter (not eliminating the risk of permanent 0x1). we flash bootloaders all the time with our recoveries, firmwares, and roms. If knox has not activated (ie blocking root, apps, etc) how is this bootloader different?
http://www.s4miniarchive.com/2013/12/how-to-remove-knox-bootloader-from-new.html seems hopeful as it involves extracting the firmware to linux, removing the knox code, repacking and reflashing. sounds like something even i could do, but would feel more comfortable downloading from a real developer.
Hopes and thoughts to go along with my disappointment and concerns?
Click to expand...
Click to collapse
I did a little reading on the xda thread that links to but other than it being done just because it can, I don't see the real usefulness in the exercise of removing knox from a stock bootloader.
As you already pointed out, getting anywhere with a stock rom is pretty much pointless without two things:
1. Root
2. Custom Recovery
First of all, lets face it, there is only so much you can do with a stock odexed rom. Secondly, I personally dont understand the need to keep the knox bit untripped. Even if you remove knox from the bootloader, once custom recovery is installed, I'm pretty sure you're going to trip the bit anyway.
He even states so in the thread here:
http://forum.xda-developers.com/showpost.php?p=51828541&postcount=102
---------- Post added at 02:25 PM ---------- Previous post was at 02:17 PM ----------
And FYI, no one to my knowledge has ever hard bricked a Sprint Galaxy S5 phone. The only real issue at the moment is once you flash the OD3 Lollipop firmware or newer (currently OF6 I think) or take the OTA update, flashing any firmware older than OD3 is blocked.
Hi guys! with all due respect my question might be dumb but here it goes, after flashing custom recovery TWRP on my S7 the phone seems to stop working like google playstore keep on hanging along with touchwiz blank page nothing on the main screen. To fix this I have to flash back to stock rom from Odin with the correct updated firmware and Odin3 v3.12.3. All this happens after I wanted to sell my phone to a new buyer, he installed knox and failed so insisted to return the phone back to me. After I got it decided to root the phone again then that happen and my knox counter trip is 0x030? Does this means anything? Because before it was 0x1 ?
one more question can I rooted with Magisk and Super Su both is available on my S7? Maybe its a dumb question too to cheers
hmm nobody gonna give me a few tips on how to solve this?
The Knox flag is still void. Mine is the same. Seems indicate different levels of tripped, or maybe changes depending on if a full custom ROM is installed. SuperSU and magisk do work, and work best when flashed through TWRP. It's tricky to get root to work with encryption though, so most people just disable encryption and format data.
Hi Folks,
I hope you guys can shed some light into this, sorry if this is long and if this has been asked I'm sorry but I could not find the answers I was looking for, as some results they sound almost the same and some had not specified enough. So I hope the clever people here can explain a few things before I go ahead.
Background on my Phone (don't know if its relevant or not)
I own an Exynos SM-G970F, on One UI 3.1, June 2021 Update, this was purchased in Australia. Now that my phone is out of warranty I was thinking of installing a custom ROM. The main motivation was to reduce CPU usage and improve battery life.
I have installed a custom ROM and rooted my tablet for practice and it was easy to follow. I gotta say it was phenomenal how it brought back ancient hardware to buttery smooth performance of newer android versions. I wanted this same experience on my daily driver phone and there are some security based questions I would like to know.
Questions
1. First off unlocking the bootloader, I have read that it reduces your security of the phone as this allows hackers to gain access to your phone unlike a locked bootloader. As far as I understand the bootloader is to check if the system partition is a Samsung ROM. So in an unlocked state it will still load the kernel and run the system regardless if the ROM is Samsung or not, am I correct in this?
1a. If that's the case and if I installed the custom ROM and then locked the bootloader I would brick my phone right? as the bootloader is looking for a Samsung ROM but since it can't recognize the ROM it will boot loop.
1b. So in this case how would an unlocked bootloader make it vulnerable apart from accessing the OS? I'm thinking in a real word scenario if I were to lose my phone and someone found it, they could have means of access from an unlocked bootloader? but then again they could have access through custom recovery?
1c. Would it be necessary to lock a bootloader once you install a custom ROM? Do some custom ROM support signing bootloaders?
2. SafetyNet, as far as I understand this is a Google thing? like the app from Play store will check your system for any tampered software before functioning or at least warning the consequences of using the app in a custom ROM, is this right?
2a. So this could lead to some banking apps not working as it requires a SafetyNet pass on your device. But this only happens if you end up rooting your device? I understand Magisk is systemless root so the SafetyNet should pass in theory?
Primarily I'm concerned of the security and privacy of the phone but nothing is perfect, so there has to be some give and take with privacy and security? Though I will lose some privacy as I will install OpenGApps for some applications to work. So security would be the most important thing. What would be some best practices for a daily driver phone on custom ROM?
I imagine that hackers are not interested attacking an individual as this takes a lot of time and energy, unless they are bored or something like that.
Thanks for taking the time to read all this and if you can shed more information that would be great! I would like to learn more before giving the green light for custom ROM on my Samsung S10e.
With the caveat that I'm really bad at Samsung, I'll try to give a couple of answers. Sounds like you have the gist of it though...
Unlocking the bootloader is necessary to install anything custom, yes, and it does reduce the security of the device but mainly if someone has physical access to it. Keeping the device encrypted can help protecting your data though. There are some devices that allow locking the bootloader with custom firmware installed, but those are few. General rule: don't even try. I've seen some talk from people at Google about letting custom ROMs be certified, so that you could lock the bootloader with them, but currently there's nothing like that (that I know of). Once in a while I see people talking about trying to sign their images to lock the bootloader, but IMHBCO it's not worth the effort (if it's possible). If you're going custom, keep the bootloader unlocked.
About SafetyNet, it's an API provided with Google's play services and can be used by apps to check if a device's security has been compromised. Far from all bank apps will be using this and many instead have their own ways of detecting a "tampered" device (more on that below). SafetyNet will trigger from a number of things:
Unlocked bootloader
Custom ROM
Root
Etc...
So, as you see it's not only rooting that will cause you problems. There are ways around it though, mainly with the help of Magisk.
When it comes to what bank apps will detect, that could include a custom ROM, root apps, files on your device, Magisk, etc. They're often much more picky than SafetyNet even...
If you need help with getting SafetyNet and banking apps working on a custom ROM, with Magisk, I've got a few resources and tips collected here:
https://www.didgeridoohan.com/magisk/HomePage
Regarding security and custom ROMs it's pretty much the same as on a stock device. Don't install weird apps from outside the Play Store, don't click links in emails, etc. On to of that, another thing to look out for is SELinux. Don't use a ROM that has it disabled. It's quite important for the security of the OS... And if you do root, be careful with what apps you give root access, since an app with root access can do whatever it wants.
No idea if this cleared anything up or just created more questions. If there are Samsung specific stuff I've gotten wrong or missed I hope that someone that actually knows what they're talking about shows up...
Didgeridoohan said:
With the caveat that I'm really bad at Samsung, I'll try to give a couple of answers. Sounds like you have the gist of it though...
Unlocking the bootloader is necessary to install anything custom, yes, and it does reduce the security of the device but mainly if someone has physical access to it. Keeping the device encrypted can help protecting your data though. There are some devices that allow locking the bootloader with custom firmware installed, but those are few. General rule: don't even try. I've seen some talk from people at Google about letting custom ROMs be certified, so that you could lock the bootloader with them, but currently there's nothing like that (that I know of). Once in a while I see people talking about trying to sign their images to lock the bootloader, but IMHBCO it's not worth the effort (if it's possible). If you're going custom, keep the bootloader unlocked.
About SafetyNet, it's an API provided with Google's play services and can be used by apps to check if a device's security has been compromised. Far from all bank apps will be using this and many instead have their own ways of detecting a "tampered" device (more on that below). SafetyNet will trigger from a number of things:
Unlocked bootloader
Custom ROM
Root
Etc...
So, as you see it's not only rooting that will cause you problems. There are ways around it though, mainly with the help of Magisk.
When it comes to what bank apps will detect, that could include a custom ROM, root apps, files on your device, Magisk, etc. They're often much more picky than SafetyNet even...
If you need help with getting SafetyNet and banking apps working on a custom ROM, with Magisk, I've got a few resources and tips collected here:
https://www.didgeridoohan.com/magisk/HomePage
Regarding security and custom ROMs it's pretty much the same as on a stock device. Don't install weird apps from outside the Play Store, don't click links in emails, etc. On to of that, another thing to look out for is SELinux. Don't use a ROM that has it disabled. It's quite important for the security of the OS... And if you do root, be careful with what apps you give root access, since an app with root access can do whatever it wants.
No idea if this cleared anything up or just created more questions. If there are Samsung specific stuff I've gotten wrong or missed I hope that someone that actually knows what they're talking about shows up...
Click to expand...
Click to collapse
Hi Didgeridoohan,
Thank you for taking the time to comb through my queries and I believe you have answered what I was looking for. So it has dispelled any myths and misconceptions of custom roms.
Personally I use the phone most and my significant other uses my phone for some games. So physical access is not likely to fall in the hands of someone else unless I lost it. Encrypting the phone is a good safety measure, I assume this is something that can be done in the settings of the OS?
With banking I guess I will have to install and see if it works out, otherwise I don't mind going to a phone web browser and do it that way.
I appreciate your link for further info of Magisk, I will be reading through the page to get better insight.
Regarding SELinux, I had seen this on my phone though it says SE for Android Status and says 'Enforcing' and on the Custom ROM on my tablet in the settings it also says 'Enforcing'. So I can assume that its ensuring the security of the OS.
I didn't have the intention of rooting as I thought I can root at any point in time but if its good practice to do it when flashing the custom ROM please let me know.
I had planned on installing TWRP and use either Lineage or crDroid (kinda leaning to this one). They both are supported on their website so I don't think I will run into issues.
Once again thanks for your help and advice on the custom ROM, I think my questions were broad and it may not be Samsung specific as there are features I know I will lose but have never used when I had the original ROM.
dude777 said:
Encrypting the phone is a good safety measure, I assume this is something that can be done in the settings of the OS?
Click to expand...
Click to collapse
Yes. Just make sure that any ROM you choose is compatible with encryption. And remember that if you ever want to remove the encryption you'll have to wipe the device.
Regarding SELinux, I had seen this on my phone though it says SE for Android Status and says 'Enforcing' and on the Custom ROM on my tablet in the settings it also says 'Enforcing'. So I can assume that its ensuring the security of the OS.
Click to expand...
Click to collapse
Correct. That's the way it should be if you want to keep some security on your device.
I didn't have the intention of rooting as I thought I can root at any point in time but if its good practice to do it when flashing the custom ROM please let me know.
Click to expand...
Click to collapse
You can wait with rooting. If you don't have any need for it, why bother? I use Magisk to hide the fact that I have an unlocked bootloader (and to hide Magisk from some apps), to use a custom hosts file (for adblocking) and for app backups (I use Swift Backup, works great).
Once again thanks for your help and advice on the custom ROM, I think my questions were broad and it may not be Samsung specific as there are features I know I will lose but have never used when I had the original ROM.
Click to expand...
Click to collapse
There are some things you'll lose when unlocking the bootloader on a Samsung, due to the tripped Knox fuse. I can't say much about that though, since I don't do Samsung...
Have fun!
Thanks Didgeridoohan,
This has given me some confidence in going forward with custom ROM. I will make some backups and take measures and if it doesn't work out I can go back but I probably wont .
I've been running LineageOS on my Exynos S10e for a few days now and it's great, better battery life than on Samsung's firmware too from what I can see.
Settings say encryption is enabled. I'm assuming on /data only, I'll have to poke around as I've been away from Android for a while and I haven't been keeping up with what's going on.
I had to use the Magisk props module (selected the same phone model) to pass SafetyNet and enable Google Pay. Banking apps here in Australia don't seem to care, at least CommBank, Bendigo, AMP by I did select them in MagiskHide just in case.
If you decide to go for it, remove all your accounts before flashing the LineageOS recovery. I didn't and wasn't able to flash recovery until I re-added and removed them (Factory Reset Protection kicked in apparently). Smooth ride after I did this.
If you don't like the LOS gestures use Fluid (FNG), I love how customizable it is. You can hide the navigation bar in Termux by running:
su
props qemu.hw.mainkeys 1
Good luck and feel free to ask me questions if you have any!