Related
I find it hard to believe that this is a completely irreversible process. There MUST be a way to reset this counter, especially since it's entirely possible for there to be false positives. I can imagine sometime in the future an official update will be released that has a chance of blowing the fuse, even if applied correctly through Kies or OTA. How would they resolve that issue?
I figure that Samsung must have a way of resetting these false positives whether it's through replacing a specific chip or through flashing firmware. It really wouldn't make sense for them economically to not have a way of doing it. What would the alternative be? Trash it and make a new one? Samsung would be sued by their shareholders if this was the case.
Logic would dictate it would be more cost effective for it to be a firmware setting, possibly encrypted and extremely low level with some form of obfuscation so they can release fixes for accidental trips without having to send a recall notice.
As a side note, does anyone else feel violated by Samsung because of Knox? The fact they literally boobytrapped their devices with Knox to flag unlocked bootloaders under the guise of "enterprise security" is absolutely disgusting and pathetic. They should have released versions without Knox for the general consumers.
You can use the phone perfectly wok and without knox. Knox is a separate thing to just using the phone. It's a secure container holding secure information for people who want to user it.
Knox is something that most people will not use
Sent from my SM-N9005 using Tapatalk
alom5 said:
You can use the phone perfectly wok and without knox. Knox is a separate thing to just using the phone. It's a secure container holding secure information for people who want to user it.
Knox is something that most people will not use
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
I understand most people won't use the feature, but the fact remains that there are some that will for whatever reason and if the fuse is triggered for reasons that they didn't cause, they are SOL.
The other side is warrenty. It's stated if knox is triggered, they won't honor the warranty, even if it's unrooted.
Master Thief-117 said:
I understand most people won't use the feature, but the fact remains that there are some that will for whatever reason and if the fuse is triggered for reasons that they didn't cause, they are SOL.
The other side is warrenty. It's stated if knox is triggered, they won't honor the warranty, even if it's unrooted.
Click to expand...
Click to collapse
There is no way to trip knox unless you run a custom recovery / kernel.
Other attempts like vroot or kingoapp and whatnot are blocked and knox is not triggered.
All Samsung firmwares are recognised by knox as stock and no there won't be a firmware that will trigger it, they're not that stupid to do it.
So yeah It's an effective solution to protect the information inside the knox container from potential attacks, you root the device by gaining unauthorised root privileges and the container get's completely disabled with all of it's data.
And the Samsung Knox website does mention a fuse.
https://www.samsungknox.com/en/blog/about-cf-auto-root
"Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. "
Skander1998 said:
There is no way to trip knox unless you run a custom recovery / kernel.
Other attempts like vroot or kingoapp and whatnot are blocked and knox is not triggered.
All Samsung firmwares are recognised by knox as stock and no there won't be a firmware that will trigger it, they're not that stupid to do it.
So yeah It's an effective solution to protect the information inside the knox container from potential attacks, you root the device by gaining unauthorised root privileges and the container get's completely disabled with all of it's data.
And the Samsung Knox website does mention a fuse.
https://www.samsungknox.com/en/blog/about-cf-auto-root
"Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. "
Click to expand...
Click to collapse
I am 90% sure that someone on XDA tripped knox with a stock firmware. On phone so can't search well.
Sent from my SM-N9005 using Tapatalk
danieljamie said:
I am 90% sure that someone on XDA tripped knox with a stock firmware. On phone so can't search well.
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
I remember that there was one case on S4 in the very initial stages of knox implementation. Never heard of this scenario any more after that and never saw any for note 3.
Skander1998 said:
There is no way to trip knox unless you run a custom recovery / kernel.
Other attempts like vroot or kingoapp and whatnot are blocked and knox is not triggered.
All Samsung firmwares are recognised by knox as stock and no there won't be a firmware that will trigger it, they're not that stupid to do it.
So yeah It's an effective solution to protect the information inside the knox container from potential attacks, you root the device by gaining unauthorised root privileges and the container get's completely disabled with all of it's data.
And the Samsung Knox website does mention a fuse.
https://www.samsungknox.com/en/blog/about-cf-auto-root
"Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. "
Click to expand...
Click to collapse
Actually, my knox was tripped flashing stock firmware - trying to go back from MJ? Firmware to MI7.... It wouldn't flash cos it won't allow you to go back so I tried the many different method suggested like deleting the modem file within the stock firmware etc.... and then suddenly knox was 0x1.
It sorted me out cos then I didn't have to carry on pussyfooting around and just do what I was supposed to. .. Flash and customise my phone the way I wanted to. So all good in the end. ?
Sent from my SM-N9005 using Tapatalk
alom5 said:
Actually, my knox was tripped flashing stock firmware - trying to go back from MJ? Firmware to MI7.... It wouldn't flash cos it won't allow you to go back so I tried the many different method suggested like deleting the modem file within the stock firmware etc.... and then suddenly knox was 0x1.
It sorted me out cos then I didn't have to carry on pussyfooting around and just do what I was supposed to. .. Flash and customise my phone the way I wanted to. So all good in the end. ?
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
Downgrading bootloader will trip knox. It is not allowed as you are going from a secured bootloader back to one with a loophole. Normal users will never encounter this as you cannot downgrade rom with the official kies.
alom5 said:
Actually, my knox was tripped flashing stock firmware - trying to go back from MJ? Firmware to MI7.... It wouldn't flash cos it won't allow you to go back so I tried the many different method suggested like deleting the modem file within the stock firmware etc.... and then suddenly knox was 0x1.
It sorted me out cos then I didn't have to carry on pussyfooting around and just do what I was supposed to. .. Flash and customise my phone the way I wanted to. So all good in the end. ?
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
as antt said, downgrading to a vulnerable firmware is also not allowed, and knox will trip if you flash it after a new secure update.
You can of course customise everything you want and do whatever, but just don't expect to have Knox anymore, and don't expect warranty.
In reality even before knox everyone knew that every root method warned about losing your warranty immediately, but people cheated and reset counters.
Now you are agreeing to the same disclaimers and you just have to live with it.
If you ever had to protect data that badly, KNOX makes perfect sense.
Sometimes people have sensitive data on their phones (we're not talking about pictures of your ****.) that needs a killswitch. If someone steals your phone, roots it, they can access the data. With KNOX, they can't. For some of us, that's relevant. (No, I'm not getting a blackberry.)
No, I don't feel 'violated by samsung'. Ever had a look at a game console, TV, fridge or any other electronic device? Hell, a car even has the principle of 'mess with the engine and we won't pay for the damage you do.'
Everything has a sticker on the side: "If this sticker is broken, warranty is void". EXACT SAME THING. Nobody complained about that for the last 25 years. This is really nothing new. Welcome to reality.
KNOX can probably be reset as Samsung can do it (We've seen it), but once the switch is triggered, the data is gone.
I feel violated! I've spent £500 on a device that by the fact it's Android, is supposed to be customisable - that's sort of the mantra of Android, isn't it?
The fact that I can only disable a few of the Samsung bloatware apps annoys the hell out of me.
If I buy a PC, I can uninstall whatever I wish, so why can't I do that on my phone? Because Samsung don't allow it as they are in the system area of the device. I wouldn't need to root in the first place if I was allowed to choose which software I want to use.
Not all of us want to screw around with the frequencies of their processor, graphics, ram etc.
KNOX is nothing more than a convenient excuse by way of 'security' for Samsung to kill two birds with one stone.
It will be hacked eventually...what is made by a human can be reversed by another, mark my words
jonboyuk said:
I feel violated! I've spent £500 on a device that by the fact it's Android, is supposed to be customisable - that's sort of the mantra of Android, isn't it?
...
Click to expand...
Click to collapse
You can still customize whatever you want - except selected cases (AT&T and Verizon? - where we know it is an explicit request of the carrier) the bootloader configuration will still let you install a custom recovery and custom kernel and custom ROM. And that is still very, very rare among all the non-Nexus and non-developer-edition phones in the world. That is also pretty unheard of in phones outside the Android ecosystem.
Don't get me wrong, the Knox stuff is still pissing me off a little - but on the other hand given the large amount of Samsung phones that I have seen bricked by morons I can't say that I do not understand how Samsung would like to separate things a little.
Knox is not a big deal. You can still do what you want with the phone and make the appearance and performance to suit the individual. Warranty. .... Either the phone goes wrong in the early days or it stays the long haul. ..I still have 2 galaxy s and an s2 and note 1 all working and rooted and running custom rom and kennels and no problems at all.
Worst case scenario. ..I have insurance. ..
Sent from my SM-N9005 using Tapatalk
I have a Note 3 with a funny screen (bent under the glass, hard to explain) but i am afraid to take it back under warranty, because the replacement unit will surely come with rom version mj7 or higher which reportedly has half the battery life of my current mj1, plus it's not possible to root without tripping knox.
Now, if downgrade was allowed, it would be a totally different case, I would not hesitate to claim warranty on this hardware problem.
I can live with the funny looking screen (only noticeable when the screen is turned off), I decided I will wait with the warranty claim until knox reset, or downgrade without knox tripping becomes possible, or a new firmware with at least as good battery life as mj1 comes out...
Battery life is extremely important to me, and I just love to be able to keep all features of the phone enabled (voice wake, quick glance, all location based google now features, location history, lte, nfc, etc etc) and still get over 5-6 hours of screen on time and a full 16-17 hour stand by.
It is so perfect now I am afraid to risk it, not being able to downgrade legally really limits my willingness to ever upgrade
Sent from my SM-N9005 using Tapatalk
Master Thief-117 said:
As a side note, does anyone else feel violated by Samsung because of Knox? The fact they literally boobytrapped their devices with Knox to flag unlocked bootloaders under the guise of "enterprise security" is absolutely disgusting and pathetic. They should have released versions without Knox for the general consumers.
Click to expand...
Click to collapse
i don't feel violated or cheated nor am i pissed at samsung.....they are not stopping you doing what you want with the phone what they are doing is telling you that if you mess with it then the secure area is fubar .....they are not saying the phone is only the secure area .........and with earlier phones the warning was the same root and your warranty is gone.......
....as for the warranty in the eu we are covered as samsung has to prove that rooting the phone has caused the hardware to fail a blanket your warranty is void won't work....eg my phone is knox 0x1 and the home button falls out .....that is not caused by rooting it is a fault and will be covered by the warranty no matter the state of knox
i am happy with the note 3 ...sure there are people complaining of this and that but that will always be the case my phone does what i want it to do when i want it to so i have no problems
ShadowLea said:
If you ever had to protect data that badly, KNOX makes perfect sense.
Sometimes people have sensitive data on their phones (we're not talking about pictures of your ****.) that needs a killswitch. If someone steals your phone, roots it, they can access the data. With KNOX, they can't. For some of us, that's relevant. (No, I'm not getting a blackberry.)
No, I don't feel 'violated by samsung'. Ever had a look at a game console, TV, fridge or any other electronic device? Hell, a car even has the principle of 'mess with the engine and we won't pay for the damage you do.'
Everything has a sticker on the side: "If this sticker is broken, warranty is void". EXACT SAME THING. Nobody complained about that for the last 25 years. This is really nothing new. Welcome to reality.
KNOX can probably be reset as Samsung can do it (We've seen it), but once the switch is triggered, the data is gone.
Click to expand...
Click to collapse
That kind of data protection is achieved with encryption. Good reliable security solutions are open sourced, no need to use some black box, providing Samsung and their partners access to your data.
So to repeat, encrypt phone with stock android encryption, and it is ok. No it is not 100% secure, but nothing is, neither knox.
Sent from my SM-N9005 using Tapatalk
I doubt that is the case, I just got note 3 a few days ago and it's mj7 and I'm getting savage battery life even though it has only been through3 charge cycles, over 18 hours of standby and 4 1/2 hours of on-screen time and I still had 40% on the battery
vgergo said:
I have a Note 3 with a funny screen (bent under the glass, hard to explain) but i am afraid to take it back under warranty, because the replacement unit will surely come with rom version mj7 or higher which reportedly has half the battery life of my current mj1, plus it's not possible to root without tripping knox.
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
Hi All,
I'm reading that root can trip knox, having never owned a Galaxy since the S2 I'm not overly familiar with knox but I've read about what it does.
What is bothering me here is that there seems to be a suggestion that once knox is tripped, that's it. There's no way to untrip it even when flashing a stock factory image again via odin?
Firstly, is this correct?
I'm worried about resale value to the point that I might not care about mobile payments etc, but others might, so a tripped knox could affect value.
If the above is correct I might cancel my pre order, I need root but I don't want a phone that's got limited resale either.
TheBlueRaja said:
What is bothering me here is that there seems to be a suggestion that once knox is tripped, that's it. There's no way to untrip it even when flashing a stock factory image again via odin?
Click to expand...
Click to collapse
Yes that is correct. Once the Knox flag is tripped you can not reverse it.
I don't think it has been confirmed yet that Knox flag breaks Samsung Pay. From what I have read it breaks software dependant on Knox security, ie the BYOD type apps. They use it as an indicator your device is insecure, so It seems reasonable to assume Pay would break too.
Damn it, What a stupid thing to do.
I can understand it being tripped if you are rooted, but to make it permanent if the situation is reverted is ridiculous.
Thanks for the info, I'll hold out a few more days to see what develops just in case, but I think I'm going to cancel my preorder as I need root but I also have to consider selling it on eventually.
Stupid, stupid decision. :crying:
TheBlueRaja said:
Thanks for the info, I'll hold out a few more days to see what develops just in case, but I think I'm going to cancel my preorder as I need root but I also have to consider selling it on eventually.
Click to expand...
Click to collapse
hey, why do you need rooting your phone?
I thought the same way but now I'm going to use adaway with setting up proxy settings in my wifi and mobile apn connections.
The only thing I should need root for is Titanium Backup, but I think with Helium (by ClockworkMod) backups should be performed easily
eSportler said:
hey, why do you need rooting your phone?
I thought the same way but now I'm going to use adaway with setting up proxy settings in my wifi and mobile apn connections.
The only thing I should need root for is Titanium Backup, but I think with Helium (by ClockworkMod) backups should be performed easily
Click to expand...
Click to collapse
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Look at it this way, I have a lovely PC for you - top of the line, fast as hell, lots of memory, premium price, but im going to install Windows 8 on there and a bunch of FREE apps , only im going prevent you from removing them, make sure you cant put Linux or Windows 7 or Windows 10 on there until i say so, prevent you from making any change to the Windows directory otherwise we'll stop you from buying things PERMANENTLY and void your warranty on the hardware so that you'll not be able to sell it on. EVEN IF you factory reset it with my software....
Its a shame as i REALLY wanted this phone, but it looks like it may not be for me unless something crops up with regard to KNOX and root.
TheBlueRaja said:
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Click to expand...
Click to collapse
I'm absolutly with you.
For me it's not a problem because I'm using Facebook, Instagram and Skype. Didn't recognized that they're preinstalled... sry^^
Of course I prefer using the phone the way I want, but it's not as important to me as loosing the warranty. Sure this is quite stupid that Samsung wants to tell us how to use their phone.
If mobile payment will still works with triggered Knox, I'll definetivly root my S6 Edge and maybe try to slim down the stock Rom like I did with my Eragon Rom for the HTC One M7
eSportler said:
I'm absolutly with you.
For me it's not a problem because I'm using Facebook, Instagram and Skype. Didn't recognized that they're preinstalled... sry^^
Of course I prefer using the phone the way I want, but it's not as important to me as loosing the warranty. Sure this is quite stupid that Samsung wants to tell us how to use their phone.
If mobile payment will still works with triggered Knox, I'll definetivly root my S6 Edge and maybe try to slim down the stock Rom like I did with my Eragon Rom for the HTC One M7
Click to expand...
Click to collapse
Yeah - its a shame - hopefully you can still use it, time will tell.
If root comes out without KNOX trigger i'll be all over this - might be too late for day 1 though - i suppose i'll just have to be patient and keep an eye on it.
In the mean time, i'll keep my preorder until the 5th or so then cancel unless something comes up - damn shame though - still i've got my HTC One m8 keeping me happy for now.
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
JuniorGG said:
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
Click to expand...
Click to collapse
If you have root couldn't xposed just hook that call and return KNOX=True whenever queried? I've seen something similar in the past to make Google wallet work with root and without the secure element it required.
Chad
JuniorGG said:
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
Click to expand...
Click to collapse
The thing is, Knox isn't just going to be a Samsung thing, after all its a Samsung and Google collaboration and i believe and it will end up spreading. To be honest, i've no objection and it think its a good idea - HOWEVER
I do think the real problem here is that IF the phone is returned to stock it should reset the KNOX flag back to being unset. Simple, everyone is happy.
If i choose to root then fair enough, trip knox as the phone isn't as secure as it should be - i don't expect to have root access or Admin privileges on my work PC normally and if i try to work round it there are logs to indicate that.
However, i DO expect to have it on my OWN computer and without the threat of the hardware being handicapped should i wish to sell it on, that's just wrong.
TheBlueRaja said:
The thing is, Knox isn't just going to be a Samsung thing, after all its a Samsung and Google collaboration and i believe and it will end up spreading. To be honest, i've no objection and it think its a good idea - HOWEVER
I do think the real problem here is that IF the phone is returned to stock it should reset the KNOX flag back to being unset. Simple, everyone is happy.
If i choose to root then fair enough, trip knox as the phone isn't as secure as it should be - i don't expect to have root access or Admin privileges on my work PC normally and if i try to work round it there are logs to indicate that.
However, i DO expect to have it on my OWN computer and without the threat of the hardware being handicapped should i wish to sell it on, that's just wrong.
Click to expand...
Click to collapse
The problem, from a security perspective, is that there is currently no way to ensure that a phone returned to stock is secure.
Samsung decided from that point to just say once the phone is compromised... that's it. Certain features of Knox disable and, if it's your carrier's policy, the warranty may be void.
But let's be honest from that point as well. Rooting, in most contracts and terms of use, voids the warranty anyhow.
I think many have taken that for granted and don't realize that it can't be in a secure environment.
garwynn said:
The problem, from a security perspective, is that there is currently no way to ensure that a phone returned to stock is secure.
Click to expand...
Click to collapse
Why? I don't see how a phone flashed with Odin using a ROM with a verified cryptographic signature cant be deemed secure? Check this - unset KNOX...
This is like saying that once i've installed Ubuntu on a "Windows" laptop it can no longer be deemed secure and while we are at it, lets fry a hardware fuse?
We are SOFTWARE rooting the phone here, not hardware hacking.
I'm actually curious as to the legality of it as well as they are disabling a part of your phone permanently and on purpose because i choose to run a different OS than the one supplied, but i'm no lawyer and there's probably a loophole or a law allowing it somewhere.
TheBlueRaja said:
Why? I don't see how a phone flashed with Odin using a ROM with a verified cryptographic signature cant be deemed secure? Check this - unset KNOX...
This is like saying that once i've installed Ubuntu on a "Windows" laptop it can no longer be deemed secure and while we are at it, lets fry a hardware fuse?
We are SOFTWARE rooting the phone here, not hardware hacking.
I'm actually curious as to the legality of it as well as they are disabling a part of your phone permanently and on purpose because i choose to run a different OS than the one supplied, but i'm no lawyer and there's probably a loophole or a law allowing it somewhere.
Click to expand...
Click to collapse
What you may be doing is granting software access to root and you may only use root to modify things at a software level.
But you have to keep in mind that's not the only thing root access can do.
It's perfectly legal and I'll even wager they're part of the DoD specification that both they and Apple want to sell to the government.
You have to consider it from a worst case scenario. If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock... both at a hardware, firmware and software level?
Without physically inspecting the phone, they can't - which is why I think this is the way it is.
The Knox team put out a blog entry a while ago about this topic, noting it's a good balance between ensuring security and allowing non-business users to root the device if they want to.
One other note: I don't know enough about the Exynos devices past N2 to say if they've fixed it... but the Note 2's Knox flag was not an e-fuse and could be reset.
garwynn said:
What you may be doing is granting software access to root and you may only use root to modify things at a software level.
But you have to keep in mind that's not the only thing root access can do.
It's perfectly legal and I'll even wager they're part of the DoD specification that both they and Apple want to sell to the government.
You have to consider it from a worst case scenario. If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock... both at a hardware, firmware and software level?
Without physically inspecting the phone, they can't - which is why I think this is the way it is.
The Knox team put out a blog entry a while ago about this topic, noting it's a good balance between ensuring security and allowing non-business users to root the device if they want to.
One other note: I don't know enough about the Exynos devices past N2 to say if they've fixed it... but the Note 2's Knox flag was not an e-fuse and could be reset.
Click to expand...
Click to collapse
Hmm..
Keep in mind here i'm not suggesting apps requiring KNOX are made available whilst rooted like Samsung pay etc, only that the KNOX bit is reset if the phone is flashed back to factory defaults using Samsungs own Odin program and a cryptographically signed firmware. If at that point the phone is rooted again, it would expect it to re-trip KNOX just like it did the first time.
But, lets play a game, lets say i gain root, KNOX bit set and i cant use KNOX apps. I then use that root to make modifications to firmware on the device somehow, which is what i think your insinuating above, not necessarily the Android System partition, maybe the modem firmware (even though its closed source) or something else, for whatever purpose.
IF you have that level of knowledge of the phones hardware then i don't think it would be too much of a stretch to suggest masking the KNOX bit as set would be too hard either, maybe by intercepting the system call to check its status etc but even then when you say:-
"If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock, both at a hardware, firmware and software level"
The firmware and software is taken care of by Odin, that does both, say we did modify the modem firmware above, Odin would write right over it with a VERIFIED image wouldn't it?
Whether you have root or not, you cant do anything about somebody hardware hacking, that's a whole different ball game, if you hacked the hardware you could just change to always respond as the KNOX bit not being set but that would be low level stuff way beyond what pretty much anyone here could do.
Would be interested in that blog post if you have a link - I just don't see this as anything more than a way to discourage more people from rooting.
TheBlueRaja said:
Hmm..
Keep in mind here i'm not suggesting apps requiring KNOX are made available whilst rooted like Samsung pay etc, only that the KNOX bit is reset if the phone is flashed back to factory defaults using Samsungs own Odin program and a cryptographically signed firmware. If at that point the phone is rooted again, it would expect it to re-trip KNOX just like it did the first time.
But, lets play a game, lets say i gain root, KNOX bit set and i cant use KNOX apps. I then use that root to make modifications to firmware on the device somehow, which is what i think your insinuating above, not necessarily the Android System partition, maybe the modem firmware (even though its closed source) or something else, for whatever purpose.
IF you have that level of knowledge of the phones hardware then i don't think it would be too much of a stretch to suggest masking the KNOX bit as set would be too hard either, maybe by intercepting the system call to check its status etc but even then when you say:-
"If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock, both at a hardware, firmware and software level"
The firmware and software is taken care of by Odin, that does both, say we did modify the modem firmware above, Odin would write right over it with a VERIFIED image wouldn't it?
Whether you have root or not, you cant do anything about somebody hardware hacking, that's a whole different ball game, if you hacked the hardware you could just change to always respond as the KNOX bit not being set but that would be low level stuff way beyond what pretty much anyone here could do.
Would be interested in that blog post if you have a link - I just don't see this as anything more than a way to discourage more people from rooting.
Click to expand...
Click to collapse
Blog entries:
https://www.samsungknox.com/en/blog/about-cf-auto-root
https://www.samsungknox.com/en/blog/samsung’s-official-response-“towelroot”
https://www.samsungknox.com/en/blog...ox-enabled-devices-and-knox-warranty-void-bit
There are many, many more on the site, just use the search keyword root.
But that's the gist of it - they understand that some may want root for simpler reasons.
Others may want it for more nefarious ways, like trying to access the keys within the TPM.
The end result sucks for consumers; but as a IT admin I can tell you I wouldn't trust a device with sensitive corporate data if it has been rooted... ever.
Thanks very much, I'll take a look when I get a chance later.
Anyone have an idea which carriers enforce the Knox tripping for repair?
Although this looks like a great device, if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Might as well buy a Note 4 exynos since apparently warranty is not valid in usa.
bjrmd said:
Anyone have an idea which carriers enforce the Knox tripping for repair?
Although this looks like a great device, if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Might as well buy a Note 4 exynos since apparently warranty is not valid in usa.
Click to expand...
Click to collapse
Technically the US has a law, the Magnuson-Moss Warranty Act, which should limit manufacturers voiding of warranties to that damage which can reasonably be blamed on the consumer. (for example, rooting your device shouldn't void the warranty for a defective power button) However, manufacturers usually claim the opposite here and I'm not aware of successful legal challenges.
Looks like sprint at least is ok with it
http://forum.xda-developers.com/showthread.php?t=2674884
TheBlueRaja said:
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Look at it this way, I have a lovely PC for you - top of the line, fast as hell, lots of memory, premium price, but im going to install Windows 8 on there and a bunch of FREE apps , only im going prevent you from removing them, make sure you cant put Linux or Windows 7 or Windows 10 on there until i say so, prevent you from making any change to the Windows directory otherwise we'll stop you from buying things PERMANENTLY and void your warranty on the hardware so that you'll not be able to sell it on. EVEN IF you factory reset it with my software....
Its a shame as i REALLY wanted this phone, but it looks like it may not be for me unless something crops up with regard to KNOX and root.
Click to expand...
Click to collapse
I agree. My last Samsung was a note 2 which knox wasn't a factor and not a big push then. I didn't got to any Samsung's after that due to knox.
I just want root for the reason's you do and edit the phone's density.
Its a shame that we cannot just flash back to stock and "close things up" per say if we want to sell it or have a non root related warranty issue.
Knox is mainly geared toward the business side , so why not make Knox activated by a Admin when the phone is to be used for business where the security is needed. And leave it un-activated for the rest of us.
And i would think the ratio of people rooting vs people not rooting (nor even knowing what it is) is so slim that allowing it wouldn't cause a pandemic in warranty claims.
I know before i root anything i make sure all my points are covered and there are processes in place to un-brick a device. Which i haven't had to unbrick a device since my Moto X or OG Droid.
---------- Post added at 11:13 AM ---------- Previous post was at 10:28 AM ----------
bjrmd said:
if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Click to expand...
Click to collapse
I agree +1
So my phone is now prompting me to update (and I can't even tell it to got to hell like I could on my S4 Mini ) but I refuse to do so until I know I can keep my root intact (or until Kingroot becomes capable of rooting that version).
Is there ANY way of keeping my root intact? Maybe by using the PC companion to update (this used to work before ICS didn't it?)? Or doing something to the phone (besides flashing firmware) to preserve the root ahead of the update?
I don't want to be installing a custom rom (and yes, I still count generic stock as a custom rom because it would get onto my phone just like any other custom rom) just to update and I absolutely need root for Link2SD so if I can't keep root in some way and Kingroot doesn't catch up then I'm going to stay on my current version forever, security be damned.
SCHUMI_4EVER said:
So my phone is now prompting me to update (and I can't even tell it to got to hell like I could on my S4 Mini ) but I refuse to do so until I know I can keep my root intact (or until Kingroot becomes capable of rooting that version).
Is there ANY way of keeping my root intact? Maybe by using the PC companion to update (this used to work before ICS didn't it?)? Or doing something to the phone (besides flashing firmware) to preserve the root ahead of the update?
I don't want to be installing a custom rom (and yes, I still count generic stock as a custom rom because it would get onto my phone just like any other custom rom) just to update and I absolutely need root for Link2SD so if I can't keep root in some way and Kingroot doesn't catch up then I'm going to stay on my current version forever, security be damned.
Click to expand...
Click to collapse
No. You can make prerooted 546 and flash it in recovery and it's only way how to retain root. As soon as you update using OTA you will loose root as system will be overwritten.
Sent from my D6603 using Tapatalk
Thanks, guess I'm waiting then.
Any way to temporarily disable the update message/get it out of my notification bar?
SCHUMI_4EVER said:
Thanks, guess I'm waiting then.
Any way to temporarily disable the update message/get it out of my notification bar?
Click to expand...
Click to collapse
Maybe you can disable the Software Update app in settings...
By the way, however it`s your decision, I don`t understand reasons behind why not flashing latest software with Flashtool. There are sometimes nasty issues with upgrades, like people loosing LTE with OTA upgrades to 5.1.1 and so on. I would just backup everything and flash latest .570/.580 firmware (yes, even .546 is now getting outdated as upgrade to .580 becomes available to address MMS based vulnerabilities). Flashing software in flashmode is the same like flashing it through PC Companion and provides for clean way how to do system updates. You can even download version intended directly for your market/provider instead of generic one.
Flash the pre-rooted .546 zip. It has been posted weeks ago.
ondrejvaroscak said:
Maybe you can disable the Software Update app in settings...
By the way, however it`s your decision, I don`t understand reasons behind why not flashing latest software with Flashtool. There are sometimes nasty issues with upgrades, like people loosing LTE with OTA upgrades to 5.1.1 and so on. I would just backup everything and flash latest .570/.580 firmware (yes, even .546 is now getting outdated as upgrade to .580 becomes available to address MMS based vulnerabilities). Flashing software in flashmode is the same like flashing it through PC Companion and provides for clean way how to do system updates. You can even download version intended directly for your market/provider instead of generic one.
Click to expand...
Click to collapse
Because the phone isn't even two weeks old. Nowhere near time yet to risk bricking it doing non-standard things, I've already tested my luck enough by rooting it. And my region doesn't have 580 yet anyways. The inability to remove the battery makes me even more nervous about this sort of stuff, and yes I know there is a simulated battery pull, but that's still software and software gets fudged up which is the whole reason to actually physically remove the battery from your phone.
Not gonna happen thank you very much. Besides I'm never in a hurry with updating Android, it's always 2 steps forward one step back, never an all-round improvement. Some monkey of a programmer inevitably always rips out some base function every device should have, just look at ICS and the mess it's caused by choosing to ignore SD cards. Even Lollipop lacks things prior Android versions had for utterly no reason. Stagefright can kiss my you know what. Not gonna update till I can root with the click of a button avoiding almost all risk (in my mind anyways).
SCHUMI_4EVER said:
Because the phone isn't even two weeks old. Nowhere near time yet to risk bricking it doing non-standard things, I've already tested my luck enough by rooting it. And my region doesn't have 580 yet anyways. The inability to remove the battery makes me even more nervous about this sort of stuff, and yes I know there is a simulated battery pull, but that's still software and software gets fudged up which is the whole reason to actually physically remove the battery from your phone.
Not gonna happen thank you very much. Besides I'm never in a hurry with updating Android, it's always 2 steps forward one step back, never an all-round improvement. Some monkey of a programmer inevitably always rips out some base function every device should have, just look at ICS and the mess it's caused by choosing to ignore SD cards. Even Lollipop lacks things prior Android versions had for utterly no reason. Stagefright can kiss my you know what. Not gonna update till I can root with the click of a button avoiding almost all risk (in my mind anyways).
Click to expand...
Click to collapse
Well, seems you are new to XPERIA`s because there is hardly any way you can brick it. Battery pull is not a problem, because in addition to Power+VolUp reste, there is a push button hidden on the side of SIM card that triggers hard reset and switches the phone off.
But I aknowledge that you have your rights for your fears. However I wonder that with all your fears you would allow to install and run undocumented chinese app, that although roots your phone, may do other things and you will never know. Everyone is responsible for his own luck.
ondrejvaroscak said:
Well, seems you are new to XPERIA`s because there is hardly any way you can brick it. Battery pull is not a problem, because in addition to Power+VolUp reste, there is a push button hidden on the side of SIM card that triggers hard reset and switches the phone off.
But I aknowledge that you have your rights for your fears. However I wonder that with all your fears you would allow to install and run undocumented chinese app, that although roots your phone, may do other things and you will never know. Everyone is responsible for his own luck.
Click to expand...
Click to collapse
Yes and no. I had a neo but that was a very different device and I never felt the need to do anything custom to it (although I did check XDA for it) so it remains stock even today. Then I went to Samsung cuz everything Sony sucked at the time, at least in my price range. And now I'm back with Sony cuz there's something wrong with Samsung, dunno what, but I just don't like them so unless they're far ahead on paper I won't touch them again. (unless Sony tanks).
I didn't know about that button but I'd still rather not.
And I don't have anything sensitive on my phone so Kingroot can spy all it wants to. Of course I'd prefer it didn't, but if they absolutely have to then they're welcome to any and all info. Simply running an APK on my phone (that thousands have run before me) just seemed like the least brickable way of getting root (since I didn't have to do anything special like stuff up in the recovery or mess up an ADB command or anything like that). When I'd read about there being no root methods for 5.1.1 yet I erroneously took that to be all of Lollipop so I thought my phone was unrootable anyways when I turned it on and found it had lollipop (it was sealed so I thought it would still be on KitKat and easily rootable) so Kingroot was basically just a hail mary at the time. And since it worked so well I see no reason to ever do anything else.
so, i have an A530F and its giving the "this phone is rooted you a$$hole" message on certain games and apps, but its not rooted, knox has NOT been tripped and has the most recent update flashed on it using Odin. Firmware obtained from the Frija tool. Issue is that it was doing the stupid root error thing before flashing pie on it and even after flashing pie and ensuring its up and running properly, it still gets that dumb message. When i flashed the firmware, i flashed the home_csc as to not factory reset it. Please dont tell me that a factory reset is needed. Id hate to do that and it not make any difference after all the trouble of setting it back up again
Why did you let this persist? I'm assuming you obtained the phone brand new. Why would you not return the device or contact Samsung or just basically do absolutely nothing the average customer should do?
mindlery said:
Why did you let this persist? I'm assuming you obtained the phone brand new. Why would you not return the device or contact Samsung or just basically do absolutely nothing the average customer should do?
Click to expand...
Click to collapse
correction to initial post.
i did flash twrp shortly after i got it, but never booted into it, so knox was actually tripped
yes, bought it brand new.
didnt contact samsung, because it was my primary phone when knox was tripped and it didnt bother me enough to give it a second thought and it still doesnt bother me in the slightest. It bothers the 17 year old son who inherited it, and only slightly so.
and i didnt do anything an average consumer would have, because meh. Plus the problem caused by knox only appeared when that game was installed. I forgot that i knew knox was tripped and made sure to only use my watch for SPay as the phone would have needed to be fully rooted to tinker with magisk to hide root and make payment services resume functionality on the phone. I havent been using that phone for months and the kiddo is very happy minus the every so often bug with that one game.
Ah. Ok that all makes sense. I figured something was done and that's why i was wondering why you hadn't taken it back. At least you know who tampered with it
youdoofus said:
correction to initial post.
i did flash twrp shortly after i got it, but never booted into it, so knox was actually tripped
yes, bought it brand new.
didnt contact samsung, because it was my primary phone when knox was tripped and it didnt bother me enough to give it a second thought and it still doesnt bother me in the slightest. It bothers the 17 year old son who inherited it, and only slightly so.
and i didnt do anything an average consumer would have, because meh. Plus the problem caused by knox only appeared when that game was installed. I forgot that i knew knox was tripped and made sure to only use my watch for SPay as the phone would have needed to be fully rooted to tinker with magisk to hide root and make payment services resume functionality on the phone. I havent been using that phone for months and the kiddo is very happy minus the every so often bug with that one game.
Click to expand...
Click to collapse
Well why not beat the game at its own game and actually root the device with magisk?
Magisk can fake knox to 0 and hide root from most apps and games.
ashyx said:
Well why not beat the game at its own game and actually root the device with magisk?
Magisk can fake knox to 0 and hide root from most apps and games.
Click to expand...
Click to collapse
im just afraid that the 17 year old will get some "awesome ideas" and play with magisk and screw it all up. He is like that even when told not to lol
what modules would you suggest so we can make that game work?
youdoofus said:
im just afraid that the 17 year old will get some "awesome ideas" and play with magisk and screw it all up. He is like that even when told not to lol
what modules would you suggest so we can make that game work?
Click to expand...
Click to collapse
You don't need modules you just need to hide root from it or whatever it is detecting.
Most can be defeated.
It's probably worth to search for magisk and the game in the same sentence to see if anyone else has solved it. .
ashyx said:
You don't need modules you just need to hide root from it or whatever it is detecting.
Most can be defeated.
It's probably worth to search for magisk and the game in the same sentence to see if anyone else has solved it. .
Click to expand...
Click to collapse
well, i did exactly that, and look what i found "In other words, Niantic is taking advantage of the permissions that you grant the app when you run it to sift through your storage and check for any files that might suggest your phone is or has been rooted. Android Police tested the theory by simply creating a blank folder titled “MagiskManager” (a tool for rooting Android devices) and was promptly locked out of the game. Even legitimate players are being punished with this update."
https://bgr.com/2018/08/21/pokemon-go-spying-block-root-files/
so, it seems that there might be more to this story from the kiddos side. He is notorious about denying having had messed with anything software or hardware related until there is reasonably irrefutable evidence proving that he is guilty. Im willing to bet that he has at least towelroot on his phone. Im saying towelroot because he doesnt understand that itll never work for his phone, but id be willing to bet hes got it anyways lol or something along those lines
Ok well now's the time for a birds and the bees about rooting. If you know how to do it (TWRP and magisk) you might as well show him. It isn't such a bad thing. Better you show him the right way and tell him what you know to the best of your ability.
We're ALL a little notorious in our own ways on this site. But if you bring it in the open at least he'll not have to hide it or panic because he's in a bootloop and afraid to tell you.
Get him to use this site. And mostly, get that towelroot (or something) off his phone!
mindlery said:
Ok well now's the time for a birds and the bees about rooting. If you know how to do it (TWRP and magisk) you might as well show him. It isn't such a bad thing. Better you show him the right way and tell him what you know to the best of your ability.
We're ALL a little notorious in our own ways on this site. But if you bring it in the open at least he'll not have to hide it or panic because he's in a bootloop and afraid to tell you.
Get him to use this site. And mostly, get that towelroot (or something) off his phone!
Click to expand...
Click to collapse
nice!! and yes, he needs to be on this site. but he is lazy LOLOL
i messaged him earlier about what root apps he has on his storage, and he said none.
i asked him if any folders were made when he was trying to root the phone, he said "ahhhh". Havent heard back from him yet LOLOLOLOLOL!!!!
Hi I've been rooting phones for over 10 years now but the past couple of devices I haven't due to it tripping knox etc but I miss a few things with root and looking for peoples opinions
I love having adaway and been able to fully uninstall apps I don't use
Is there much of an improvement on battery life as I have the exynos version :crying:
Also an app i haven't had chance to use is viper4android is it as good as people say and does it actually boot volume on bluetooth audio without distorting etc as that would be my main use for it
Also what exactly does tripping know destroy? I've read it affects Samsung pay and Samsung pass is there anything else
And has anyone had problems selling there device afterwards from tripping know (mainly in the uk) as I change devices quite a bit and sell them on lol
Thanks
You can use adguard if you don't want to root. I haven't bothered rooting anything for a few years now. It doesn't deliver any additional must have features i can't live without, unlike it used to.
Same boat, rooting for decades. Yet it seems a bit too immature this time on this device.
Also got the exynos junk (Iknew before getting it, but free phone from work).
I decided to go without for now.
Same here - decided to go on without root. The features I miss are - firewall (need to try knox firewall though), direct time sync (minor), some console commands to manage files, titanium backup - this is a major issue, so I can't backup OTP apps etc.
Don't root your device since that requires you unlocking bootloader to root and doing that triggers knock safety thing so it destroys knox permanently and then apps such as Samsung pay, samsung pass, secret folder, encryption and few more that requires knox to work will be unavailable, since knox chip is no longer functioning. Also warranty would be voided if you got 2 years warranty.
So if you plan to use samsung pay or any of other apps later on then avoid rooting and touching bootloader.
Jake.S said:
Don't root your device since that requires you unlocking bootloader to root and doing that triggers knock safety thing so it destroys knox permanently and then apps such as Samsung pay, samsung pass, secret folder, encryption and few more that requires knox to work will be unavailable, since knox chip is no longer functioning. Also warranty would be voided if you got 2 years warranty.
So if you plan to use samsung pay or any of other apps later on then avoid rooting and touching bootloader.
Click to expand...
Click to collapse
i dont know about usa and other countries, but in europe ur warranty won't be void if knox is tripped (afaik)
Still can't do without root unless there a way to block ads while using a vpn of my choice and control a firewall. Have my Note two days now after waiting 3 weeks for it to ship from Hong Kong and first thing I did was to root.
destz0r said:
i dont know about usa and other countries, but in europe ur warranty won't be void if knox is tripped (afaik)
Click to expand...
Click to collapse
Well actually to get it tripped requires bootloader unlock for root and that would void your warranty in Europe. So id knox says 0x0 it also voids warranty
Only those that care about Samsung's proprietary Knox and it's associated bloat should worry about knox being tripped. Only thing I'd probably care about is 3rd party banking apps that might not work with patch hide. If that still works or not unsure.
rooting my n9860 asap. finally just got the oem option to show up. last phone i had was a note 8 not unlockable...and had to keep it for too long, wanting root the entire time. so i'm not missing the chance to do it now. why? to try custom rom, get all bloats/google/samsung apps off the phone and stop looking at system settings that i cannot change(top reason), learn about android / do some dev on it, test root apps made by community(2nd best reason), get a recovery installed, nethunter, call recording, toolbox, run my fav firewall. probably more reasons that im not thinking about right now
mgagnequebec said:
rooting my n9860 asap. finally just got the oem option to show up. last phone i had was a note 8 not unlockable...and had to keep it for too long, wanting root the entire time. so i'm not missing the chance to do it now. why? to try custom rom, get all bloats/google/samsung apps off the phone and stop looking at system settings that i cannot change(top reason), learn about android / do some dev on it, test root apps made by community(2nd best reason), get a recovery installed, nethunter, call recording, toolbox, run my fav firewall. probably more reasons that im not thinking about right now
Click to expand...
Click to collapse
im considering rooting my N9810, but im wondering if I will still receive OTA updates then? or do i have to manually flash the update with each ota?
destz0r said:
im considering rooting my N9810, but im wondering if I will still receive OTA updates then? or do i have to manually flash the update with each ota?
Click to expand...
Click to collapse
You wont get OTA after rooting, since rooting requires you to unlock bootloader so then OTA won't work. Also KNOX won't function permanently once this is done too.
So think if you going to use samsung apps like samsung pay and such then avoid touching bootloader and rooting.
mgagnequebec said:
rooting my n9860 asap. finally just got the oem option to show up. last phone i had was a note 8 not unlockable...and had to keep it for too long, wanting root the entire time. so i'm not missing the chance to do it now. why? to try custom rom, get all bloats/google/samsung apps off the phone and stop looking at system settings that i cannot change(top reason), learn about android / do some dev on it, test root apps made by community(2nd best reason), get a recovery installed, nethunter, call recording, toolbox, run my fav firewall. probably more reasons that im not thinking about right now
Click to expand...
Click to collapse
Is one of them being able to tether (hot spot) without the carrier detecting it
cenwesi said:
Is one of them being able to tether (hot spot) without the carrier detecting it
Click to expand...
Click to collapse
I doubt it but I never tried it before tbh. I guess i should say that i might not be a good example to follow when it comes to updates. i almost never do them. because it always was a compromise one have to make if wanting to root. at least from my experience. like, keep your firmware version low or you loose the ability to root. but gain security patches. i chose my side of the fence long ago hehe