Related
As you may already know, the latest Samsung firmwares came with a new secured bootloader. You can recognize it in download mode easily. It states: Knox warranty void: 0x0 or 0x1.
As for now, there is no way to reset that flag from 0x1 to 0x0.
Then I read in a comment of Chainfires post concerning that flag, that as long as you do not try to downgrade to a non secured bootloader, this flag will not change. He claims to have that information directly from Samsung.
https://plus.google.com/u/0/+Chainfire/posts
Jeffery Butler said:
FYI...Samsung told me that Knox warranty becomes 0x1(void) when the device with secured bootloader attempts to have non-secured bootloader. MH1 is the very first binary with secured bootloader. If MH1 is attempted to be downgraded to lower version(i.e. MGD) which has non-secured bootloader, then Knox warranty becomes void forever, and this means that the device can be used only for non-Knox device(no container can be created).
Click to expand...
Click to collapse
Has anyone already experience with rooting an "untouched" S4 which has the secured bootloader and can confirm or decline that?
- - - - - - - - - -
Conclusions and Facts about KNOX-enabled firmwares (based on statements from chainfires post and it's comments above, ans based on this thread)
Not possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0x1) (even though some people state, downgrade is possible when omitting the bootloader file in a firmware package: see http://forum.xda-developers.com/showthread.php?t=2444671, not confirmed)
Even if you flash a KNOX-enabled firmware via odin (e.g. the latest fw) knox will be set to 0x1
Flashing unsigned or modified images via odin will set knox to 0x1
Samsung stated, resetting the flag is impossible
KNOX is mandatory and can not be completely removed
Warranty Void is no counter, it is a flag (0,1) it was never seen 0x2 or so
Mirroring all partitions from a clean 0x0-Device to a 0x1-Device via JTAG produces an unfunctional device (reversible by restoring the 0x1 partitions on the phone)
KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty
Assumptions on how KNOX flag in bootloader works:
Some experts think, an eFuse is involved. (http://en.wikipedia.org/wiki/EFUSE). An eFuse is mostly only incremential. Even unwriteable by low level tools or JTAG. But it is still not proven, that eFuse is used.
Knox technical information:
https://www.samsungknox.com/overview/technical-details
Also interested in this..
(don't really have high expectations though... )
I used the CF Auto Root to root an unlocked i9505 and the flag changed. I have since un-rooted and restored to factory settings however the flag remains the same and no Knox container can be created on the device now.
If anybody has an update to a solution for this that would be greatly appreciated.
My status changed to 0x1 after flashing full NON-ROOTED , UNTOUCHED XXUDMGG with STOCK KERNEL MH1!!! :/
In my case STOCK KERNEL triggered this flag! When I tried to downgrade the FW it always failed in Odin and KNOX WARRANTY wasn't increased...
It's really confusing and it looks like Samsung is lying to us....
Lie about what?
DjeMBeY said:
My status changed to 0x1 after flashing full NON-ROOTED , UNTOUCHED XXUDMGG with STOCK KERNEL MH1!!! :/
In my case STOCK KERNEL triggered this flag! When I tried to downgrade the FW it always failed in Odin and KNOX WARRANTY wasn't increased...
It's really confusing and it looks like Samsung is lying to us....
Click to expand...
Click to collapse
You flashed stock firmware and you voided KNOX Warranty?
Damn...
I wish you good luck in trying to figure out what to do now!
In the same Chainfire Google+ post, somebody mentioned there could be a so called 'eFuse'.
Like a normal fuse, a piece of hardware gets broken beyond repair. The 'e' means that this can be triggered and checked by software.
But I am no expert, this is just hearsay.
Sent from my GT-I9505 using xda app-developers app
bungadudu said:
Lie about what?
Click to expand...
Click to collapse
About details... This flag should change ONLY if you try to downgrade the bootloader but it's not the case...
nfsmw_gr said:
You flashed stock firmware and you voided KNOX Warranty?
Damn...
I wish you good luck in trying to figure out what to do now!
Click to expand...
Click to collapse
Yeah, I'm really angry! :/
I simply repacked MGG and included previous STOCK Kernel MH1... KNOX WARRANTO VOID = 0x1
WTF Samsung????!!????!!! :/
seems samsung also checks kernel and recovery binaries. whenever something tries to bypass knox the flag is incremented.
OT: It sucks and I really will sell S4 for Nexus 5 when it's released
theq86 said:
seems samsung also checks kernel and recovery binaries. whenever something tries to bypass knox the flag is incremented.
OT: It sucks and I really will sell S4 for Nexus 5 when it's released
Click to expand...
Click to collapse
I think Samsung's aim was to make the Knox functionality as 'secure' as possible and it seems to have worked (for now) and so is fulfilling its intended purpose. When I first heard about it, it seemed to be something intended for business/enterprise mobile use, so wasn't expecting it to roll out to all consumer handsets (especially not fully enforcing it).
Once the flag is incremented does that mean that the knox functionality can no longer be used? I know we all want to have a choice, but are the current consequences just that we are unable to downgrade firmware?
harise100 said:
In the same Chainfire Google+ post, somebody mentioned there could be a so called 'eFuse'.
Like a normal fuse, a piece of hardware gets broken beyond repair. The 'e' means that this can be triggered and checked by software.
But I am no expert, this is just hearsay.
Sent from my GT-I9505 using xda app-developers app
Click to expand...
Click to collapse
Interesting. Offtopic... I remember the Xbox 360 used a similar thing, 192 fuses and one was blown every time the bootloader and/or dashboard was updated, eventually they started using this to prevent downgrades and detect tampering.
They want Knox-enabled firmwares to run on totally secure, untampered phones. Not surprising, really.
jas0nuk said:
Interesting. Offtopic... I remember the Xbox 360 used a similar thing, 192 fuses and one was blown every time the bootloader and/or dashboard was updated, eventually they started using this to prevent downgrades and detect tampering.
They want Knox-enabled firmwares to run on totally secure, untampered phones. Not surprising, really.
Click to expand...
Click to collapse
Well, I am always a fan of full reversibility. It's like a flaw to me to have a visual mark that I changed something.
If that Knox flag would touch the warranty only in case you used the phone in a company, and would not change anything for normal users I could live with is. But how to distinguish exactly between private and corporate usage?
It's unfair to be forced this way...
Does anyone know hot o downgrade ABOOT.MBN
I tried to do JTAG with an old bootloader and now i have no power at all, If I do JTAG with a new bootloader, then phone works fine again.
Even all partition from a good old phone I have copied to new I9505 and as soon flash pass, no power up at all.
Any idea how to downgrade ABOOT.MBN and good scripts to do that?
Thanks.
exprxp said:
I tried to do JTAG with an old bootloader and now i have no power at all, If I do JTAG with a new bootloader, then phone works fine again.
Even all partition from a good old phone I have copied to new I9505 and as soon flash pass, no power up at all.
Click to expand...
Click to collapse
Another indicator for an eFuse. Even with JTAG you can not reprogram the fuse chip. It could be a check somewhere in the low level firmware, or even in PBL for the knox warranty state...
Remember, it could have been there since S4 release. Just that the new bootloader enabled the fuse thing.
theq86 said:
Another indicator for an eFuse. Even with JTAG you can not reprogram the fuse chip. It could be a check somewhere in the low level firmware, or even in PBL for the knox warranty state...
Click to expand...
Click to collapse
What I haven't tried yet to replace eMMC chip, I think that KNOX security inside that chip. I tried to do JTAG via USB Recovery tool for QDLOAD device. When my phone works fine I just shot Resistor on a board and phone will go into QDLOAD by itself.
I will try all ways then I can write you back the status of my job.
I'm very interested in the qdload thing. If I got it right, you can do jtag via usb? how ? what tools needed ?
DjeMBeY said:
I simply repacked MGG and included previous STOCK Kernel MH1... KNOX WARRANTO VOID = 0x1
WTF Samsung????!!????!!! :/
Click to expand...
Click to collapse
So basically you flashed a modified and thus nonofficial firmware?
SAFE with Knox
I am not a developer so I just add here a few links from Engadget:
It's an IT manager's pipe dream, of sorts. A comprehensive collection of features that include Security Enhanced (SE) Android, secure boot, TrustZone-based Integrity Monitoring (TIMA) for protecting the kernel, Single Sign On (SSO) and that application container concept made famous by BlackBerry, just to name a few
Feb 2013 - Samsung announces SAFE with Knox
http://www.engadget.com/2013/02/25/samsung-safe-with-knox/
May 2013 - Samsung Knox gets official DoD approval for government use
http://www.engadget.com/2013/05/03/samsung-knox-gets-official-dod-approval-for-government-use/
Sept 2013 - Samsung opens up Knox security platform to all consumers - HAPPY people!
http://www.engadget.com/2013/09/04/samsung-opens-up-knox-security-platform-to-all-consumers/
http://www.engadget.com/2013/09/04/lookout-knox/
So it is a 'Feature' - we still should have the option to say 'No thanks'.
trveller72 said:
I am not a developer so I just add here a few links from Engadget:
It's an IT manager's pipe dream, of sorts. A comprehensive collection of features that include Security Enhanced (SE) Android, secure boot, TrustZone-based Integrity Monitoring (TIMA) for protecting the kernel, Single Sign On (SSO) and that application container concept made famous by BlackBerry, just to name a few
Feb 2013 - Samsung announces SAFE with Knox
http://www.engadget.com/2013/02/25/samsung-safe-with-knox/
May 2013 - Samsung Knox gets official DoD approval for government use
http://www.engadget.com/2013/05/03/samsung-knox-gets-official-dod-approval-for-government-use/
Sept 2013 - Samsung opens up Knox security platform to all consumers - HAPPY people!
http://www.engadget.com/2013/09/04/samsung-opens-up-knox-security-platform-to-all-consumers/
http://www.engadget.com/2013/09/04/lookout-knox/
So it is a 'Feature' - we still should have the option to say 'No thanks'.
Click to expand...
Click to collapse
darn it.. Samsung :x :screwy::screwy:
Send my E-960/S4 LTE/N2 GSM and /Galaxy Y to xda
Does knox warranty change the device status to unofficial? If so, this will also break Miracast/screen mirroring (HDCP fails) permanently until one is able to reset the counter.
Hello Community!!
I have owned many androids over the years, and have recently got an S6, hoping to dive back into the game of rooting, modding and messing around until my phones works the way i want it to. There are MANY things that really Piss me off about my T-MObile variant of the S6, including the horrible battery life, bloatware, and lack of personality. I Really would love to root my device, but KNOX. OMG what is this?! If i Root, no Samsung pay? What other downsides are there to rooting? But recently, my phone installed "ANdroid Pay" SO I am thinking, I should just root, forget Samsung pay and just use Google pay or whatever they call it.
As you guys can tell from my sig, I have been very inactive on these forums. I am hoping someone can give me some advice here---
Thanks So much
EMilio
beforedenied said:
Hello Community!!
I have owned many androids over the years, and have recently got an S6, hoping to dive back into the game of rooting, modding and messing around until my phones works the way i want it to. There are MANY things that really Piss me off about my T-MObile variant of the S6, including the horrible battery life, bloatware, and lack of personality. I Really would love to root my device, but KNOX. OMG what is this?! If i Root, no Samsung pay? What other downsides are there to rooting? But recently, my phone installed "ANdroid Pay" SO I am thinking, I should just root, forget Samsung pay and just use Google pay or whatever they call it.
As you guys can tell from my sig, I have been very inactive on these forums. I am hoping someone can give me some advice here---
Thanks So much
EMilio
Click to expand...
Click to collapse
There are pros and cons to root.
The first pro is limitless customizations and personalizations.
The first con is OTA updates get disabled.
Another pro is you are able to dramatically improve battery and overall performance using various apps.
Another con is your warranty will be void, assuming you tripped KNOX.
If you trip KNOX, Samsung Pay no longer works; if you have root (even without touching KNOX) Android Pay does not work.
I obtained root just to prove to myself it could be done.
Since then there have been dramatic improvements with speed and battery life.
Package Disabler Pro can freeze a lot of the bloatware without root: https://play.google.com/store/apps/details?id=com.ospolice.packagedisablerpro&hl=en
Hi,
It's a highly personal decision. I myself for the first time am holding on rooting - I was the one who made the most famous Xoom rooting tool and also S4 Linux Root Script, so that tells a lot. The thing is, meanwhile my device is satisfying my needs, and I'm really curious about Samsung Pay, as it has a way wider support than Android Pay and other systems.
The best thing about rooting in my opinion was the endless system customization - specially after Xposed was released. The way better data management I had, better system control and some exclusive apps that require root or works better with root. If you are really pissed about Samsung TouchWiz apps and system "features", rooting would be a nice idea. Just keep in mind that after rooting Knox will be tripped and there's no turning back with Knox. Depending on your country, Knox trip also means warranty void, because once rooted you can unroot and make it looks like nothing happened.
Just adding what was already said, but Android Pay doesn't work with root.
All the best,
~Lord
Sent from my SM-G920I using Tapatalk
XxLordxX said:
Hi,
It's a highly personal decision. I myself for the first time am holding on rooting - I was the one who made the most famous Xoom rooting tool and also S4 Linux Root Script, so that tells a lot. The thing is, meanwhile my device is satisfying my needs, and I'm really curious about Samsung Pay, as it has a way wider support than Android Pay and other systems.
The best thing about rooting in my opinion was the endless system customization - specially after Xposed was released. The way better data management I had, better system control and some exclusive apps that require root or works better with root. If you are really pissed about Samsung TouchWiz apps and system "features", rooting would be a nice idea. Just keep in mind that after rooting Knox will be tripped and there's no turning back with Knox. Depending on your country, Knox trip also means warranty void, because once rooted you can unroot and make it looks like nothing happened.
Just adding what was already said, but Android Pay doesn't work with root.
All the best,
~Lord
Sent from my SM-G920I using Tapatalk
Click to expand...
Click to collapse
Rooting doesn't allways mean tripped knox. I have my G920F rooted and knox intact. This can be done even after updrade to 5.1.1 stok firmware.
An android phone for me is worthless without root permissions. I need it for:
adaway adds
iptables (firewall)
better battery life (debloat)
titanium backup
JuanRamiro said:
Rooting doesn't allways mean tripped knox. I have my G920F rooted and knox intact. This can be done even after updrade to 5.1.1 stok firmware.
Click to expand...
Click to collapse
I was only aware of root that can be applied before upgrade to 5.1.1.
Can you advise how you applied root after 5.1.1? Thanks.
Iceman_jkh said:
I was only aware of root that can be applied before upgrade to 5.1.1.
Can you advise how you applied root after 5.1.1? Thanks.
Click to expand...
Click to collapse
Just install de 5.0.2 engineering bootloader via ODIN. Then instal TRWP via ODIN.
After this two steps you can flash whatever you want via TRWP.
Edit: with the 5.0.2 bootloader you will loose fingerprint scanner, the rest works great, at least with the custom rom I am using.
JuanRamiro said:
Just install de 5.0.2 engineering bootloader via ODIN. Then instal TRWP via ODIN.
After this two steps you can flash whatever you want via TRWP.
Edit: with the 5.0.2 bootloader you will loose fingerprint scanner, the rest works great, at least with the custom rom I am using.
Click to expand...
Click to collapse
Keep in mind this engineering bootloader does not work with all variants. For example there is no Eng Bootloader for the Canadian phones.
Thank you both. I have the international SM-G920F (technically it's the dual Sim version, SM-G920FD, (from United Arab Emirates)).
So, to confirm, would the eng boot loader still work on my device variant, and allow root without tripping KNOX?
Sent from my SM-G920F using Tapatalk
Iceman_jkh said:
Thank you both. I have the international SM-G920F (technically it's the dual Sim version, SM-G920FD, (from United Arab Emirates)).
So, to confirm, would the eng boot loader still work on my device variant, and allow root without tripping KNOX?
Sent from my SM-G920F using Tapatalk
Click to expand...
Click to collapse
I have the single sim version of the G920F, so I don't know if it will work with the dual sim.
I don't think that it will strip you knox...
... and I think that if your phone doesn't work with this bootloader, you can just flash the correct one and make it work again.
But these are just guesses... you decide if you want to take the risk.
Good luck.
JuanRamiro said:
I have the single sim version of the G920F, so I don't know if it will work with the dual sim.
I don't think that it will strip you knox...
... and I think that if your phone doesn't work with this bootloader, you can just flash the correct one and make it work again.
But these are just guesses... you decide if you want to take the risk.
Good luck.
Click to expand...
Click to collapse
Thanks. I did some additional research, thanks to your advice about eng boot loader, and seems like it will work ☺
Sent from my SM-G920F using Tapatalk
JuanRamiro said:
I have the single sim version of the G920F, so I don't know if it will work with the dual sim.
I don't think that it will strip you knox...
... and I think that if your phone doesn't work with this bootloader, you can just flash the correct one and make it work again.
But these are just guesses... you decide if you want to take the risk.
Good luck.
Click to expand...
Click to collapse
Hi,
I wouldn't risk that "you can just flash the correct one and make it work again". If you know how a bootloader work, if it gets broken there is no way to get to Download Mode and flash a new firmware/bootloader.
For information sake, a bootloader is a piece of software that is the first thing loaded when you boot your device, it comes before anything, be it kernel, be it recovery or anything else, that means, if you have a broken bootloader, the moment you try to boot your device up, it will try loading BL and it will fail, so it will shut down back again. I've had a broken BL once before on S4, the only way to recover was a direct flash of software in system chip using a tool called JTAG.
So, all I can say to users who still didn't get it: beware with this. It seems that many people are getting successful results, but it's an extremely risk procedure, make sure you read every single instruction and follow it, the possibility of a hard brick is high.
Even still, it's a great find, thanks for sharing with me, I didn't know of this until early today .
All the best,
~Lord
I wonder whether Samsung pay will work again after reflash stock rom after root? Is it like knox, once rooted you will never have it no mater what you do including going back to pure stock?
XxLordxX said:
Depending on your country, Knox trip also means warranty void, because once rooted you can unroot and make it looks like nothing happened.
Click to expand...
Click to collapse
Did you mean, once rooted we can unroot and install the stock firmware and hence tripped Knox will be restored as well?
Or the unrooting will only help to restore the stock but the knox will continue to remain tripped. I would like to know this as I am considering purchasing S6. The last samsung phone I owned was S2 and used that for 3 full years with out any problems.
Thanks.
coolmalayalee said:
Did you mean, once rooted we can unroot and install the stock firmware and hence tripped Knox will be restored as well?
Or the unrooting will only help to restore the stock but the knox will continue to remain tripped. I would like to know this as I am considering purchasing S6. The last samsung phone I owned was S2 and used that for 3 full years with out any problems.
Thanks.
Click to expand...
Click to collapse
Once Knox is tripped its tripped but, yes you can flash original firmware and as long as you factory reset it, it will be unrooted and ready for official updates.
jetbruceli said:
Once Knox is tripped its tripped but, yes you can flash original firmware and as long as you factory reset it, it will be unrooted and ready for official updates.
Click to expand...
Click to collapse
Thanks. But can you be a bit more specific of if the unrooting, flashing stock, and factory resting will finally untrip the tripped Knox as well? My question in the event I need to take this back to a service center to claim warranty for whatever reason, is there any way for them to know that I have voided warranty if I unroot, flash back the stock and factory reset?
coolmalayalee said:
Thanks. But can you be a bit more specific of if the unrooting, flashing stock, and factory resting will finally untrip the tripped Knox as well? My question in the event I need to take this back to a service center to claim warranty for whatever reason, is there any way for them to know that I have voided warranty if I unroot, flash back the stock and factory reset?
Click to expand...
Click to collapse
Once tripped there is no going back. Voided warranty depends on laws of your country and your retailers policy.
coolmalayalee said:
Thanks. But can you be a bit more specific of if the unrooting, flashing stock, and factory resting will finally untrip the tripped Knox as well? My question in the event I need to take this back to a service center to claim warranty for whatever reason, is there any way for them to know that I have voided warranty if I unroot, flash back the stock and factory reset?
Click to expand...
Click to collapse
YOU CAN NOT UNTRIP KNOX, you can reflash your firmware from Sammobile, http://www.sammobile.com/firmwares/database/SM-G920F/
use odin and then after you flash, go into recovery or use system settings and conduct a factory reset. It will say Official in the status but, since they will reflash your rom anyways, they will see the knox trip.
It depends on where you purschased your device whether or not they will warranty it with Knox tripped.
Honestly, anyone who roots should understand this information before hand. You should always know how to return to stock unroot.
Jameslwoodward said:
I wonder whether Samsung pay will work again after reflash stock rom after root? Is it like knox, once rooted you will never have it no mater what you do including going back to pure stock?
Click to expand...
Click to collapse
After rooting my 5.1.1 without tripping Knox, with the 5.0.2 engineering bootloader (as as described a few posts ago) I have flashed a stok rom with odin and then everything went back as it was before the rooting procedure.
1. I was on stok oficial rom with oficial bootloader.
2. I lost root.
3. Knox was still intact: 0.
4. Fingerprint scanner and MyKnox worked again.
So: after upgrade to 5.1.1, rooting with the 5.0.2 engineering bootloader seems to be safe and also easy to bo back to stock... at least for my model (G920F)
1. Did anyone try KingRoot and found a working method?
2. Does this trip the Knox Counter as soon as it works?
Both questions are related to the portable version of KingRoot for Android.
Thanks.
1) no
2) no one used it so they can't say what it does, if anything
Mystixor said:
2. Does this trip the Knox Counter as soon as it works?
Both questions are related to the portable version of KingRoot for Android.
Thanks.
Click to expand...
Click to collapse
Any method of rooting this device will trip the Knox counter.
the_scotsman said:
Any method of rooting this device will trip the Knox counter.
Click to expand...
Click to collapse
Really? And I always thought it was due to flashing a new firmware...
Sent from my SM-G955F using XDA Labs
Mystixor said:
Really? And I always thought it was due to flashing a new firmware...
Sent from my SM-G955F using XDA Labs
Click to expand...
Click to collapse
Nope, flashing new official samsung firmware won't trip Knox.
the_scotsman said:
Nope, flashing new official samsung firmware won't trip Knox.
Click to expand...
Click to collapse
Well what I wanted to stress wasn't that a custom firmware trips Knox but that KingRoot does not flash a new firmware and therefore potentially does not trip Knox. All it uses is an exploit to change some specific root-determining system files.
Sent from my SM-G955F using XDA Labs
Mystixor said:
Well what I wanted to stress wasn't that a custom firmware trips Knox but that KingRoot does not flash a new firmware and therefore potentially does not trip Knox. All it uses is an exploit to change some specific root-determining system files.
Sent from my SM-G955F using XDA Labs
Click to expand...
Click to collapse
Knox detects if system files are changed, it is simply not possible to change or modify any system files in any way without tripping Knox. So if you managed to use any sort of 3rd party application to root (not possible currently), the application would trip Knox, because it modifies system files.
The Knox security bombproof to the level that a physical fuse is blown inside the phone when Knox is tripped, meaning there is no way to un-trip Knox through software once it's been tripped. It's possible to fool the ROM to think that it's not tripped (like some S8 ported ROMs, to enable secure folder), but warranty can never be restored, as the Knox counter in download mode can't be tricked.
galaxyYtester said:
Knox detects if system files are changed, it is simply not possible to change or modify any system files in any way without tripping Knox. So if you managed to use any sort of 3rd party application to root (not possible currently), the application would trip Knox, because it modifies system.
Click to expand...
Click to collapse
It was possible
Kingroot used to work on s6 you could root with knox intact and use all root features only thing that would trip knox was custom recovery and/or rom
Wish it could be done with s8
skinza said:
It was possible
Kingroot used to work on s6 you could root with knox intact and use all root features only thing that would trip knox was custom recovery and/or rom
Wish it could be done with s8
Click to expand...
Click to collapse
That was over 2 years ago, when you could use root tools to reset the counter back to not tripped. Nowadays the security is much more strict, and there's a physical fuse inside the phone that gets blown when Knox is tripped. Knox isn't a bootloader-only thing anymore, now it scans system files to see any third party tampering, and gets tripped if it's detected.
galaxyYtester said:
That was over 2 years ago, when you could use root tools to reset the counter back to not tripped. Nowadays the security is much more strict, and there's a physical fuse inside the phone that gets blown when Knox is tripped. Knox isn't a bootloader-only thing anymore, now it scans system files to see any third party tampering, and gets tripped if it's detected.
Click to expand...
Click to collapse
Yep, Knox is totally solid these days. Its impossible to not trip it when rooting. F*** it and root the phone anyway, if it breaks ill claim it on insurance not through warranty.
Sent from my SM-G955F using Tapatalk
galaxyYtester said:
That was over 2 years ago, when you could use root tools to reset the counter back to not tripped. Nowadays the security is much more strict, and there's a physical fuse inside the phone that gets blown when Knox is tripped. Knox isn't a bootloader-only thing anymore, now it scans system files to see any third party tampering, and gets tripped if it's detected.
Click to expand...
Click to collapse
There was no need to reset anything i rooted used some tweaks then when i restored my knox was still 0x0
I never phiscally reset anything
Even while i was rooted my phone still said 0x0
skinza said:
There was no need to reset anything i rooted used some tweaks then when i restored my knox was still 0x0
I never phiscally reset anything
Even while i was rooted my phone still said 0x0
Click to expand...
Click to collapse
I didn't mean that, I meant that if you rooted with a method that worked through bootloader (Not kingoroot), you still could restore Knox to not tripped through root tools. Knox security used to be that simple to bypass, nowadays it's impossible to revert once tripped.
Having successfully rooted two HTC devices and a Samsung devices in the past and loved every minute of it, I was kinda excited when Kingroot props said it was possible to root the later Notes... but I never did my old Note 4, partially but not primarily because of the Knox issue.
I've heard different things RE: Knox, pretty much covers what everyone else has been saying here (no way to reset Knox, possible to reset Knox, "soft-root" via Kingroot trips/doesn't trip Knox counter, etc.) Personally, since the Note 4 issue where (correct me if I'm wrong) that Samsung phone was the first one that full rooting was impossible, I've pretty much given up on rooting for a while. Though S8+ may be possible to root (provided you're OK with possibly never resetting Knox), I'm OK with my S8+ non-rooted stock (for now), just like I HAD to be OK with my old Note 4 never being able to be rooted.
I guess my bottom line take on all this is, root at your own risk, know what you're doing, and do it if you can say "Knox be damned" and have no intention of trading the phone back in or reselling it to someone who knows nothing about rooting.
Sent from my SM-G955U using XDA Premium HD app
BereanPK said:
Having successfully rooted two HTC devices and a Samsung devices in the past and loved every minute of it, I was kinda excited when Kingroot props said it was possible to root the later Notes... but I never did my old Note 4, partially but not primarily because of the Knox issue.
I've heard different things RE: Knox, pretty much covers what everyone else has been saying here (no way to reset Knox, possible to reset Knox, "soft-root" via Kingroot trips/doesn't trip Knox counter, etc.) Personally, since the Note 4 issue where (correct me if I'm wrong) that Samsung phone was the first one that full rooting was impossible, I've pretty much given up on rooting for a while. Though S8+ may be possible to root (provided you're OK with possibly never resetting Knox), I'm OK with my S8+ non-rooted stock (for now), just like I HAD to be OK with my old Note 4 never being able to be rooted.
I guess my bottom line take on all this is, root at your own risk, know what you're doing, and do it if you can say "Knox be damned" and have no intention of trading the phone back in or reselling it to someone who knows nothing about rooting.
Click to expand...
Click to collapse
Root became possible on note 4 after a program to alter cid to dev version was released. Also because something was possible before shouldn't mean it's possible anymore as things are updated, common sense.
skinza said:
There was no need to reset anything i rooted used some tweaks then when i restored my knox was still 0x0
I never phiscally reset anything
Even while i was rooted my phone still said 0x0
Click to expand...
Click to collapse
As I said, it's not possible to root the S8 without tripping Knox. Regardless of how it was with the S6. This is the S8, it's different. It cannot be done.
the_scotsman said:
As I said, it's not possible to root the S8 without tripping Knox. Regardless of how it was with the S6. This is the S8, it's different. It cannot be done.
Click to expand...
Click to collapse
Definitely
Those days are over unless someone gets lucky,i know they wont though just wishful thinking
Well.. Do samsung says knox became bulletproof, or does the best hackers see it that way to?
rk73 said:
Well.. Do samsung says knox became bulletproof, or does the best hackers see it that way to?
Click to expand...
Click to collapse
Both sides.
Sent from my SM-G955F using XDA Labs
Good Morning Everyone
As the title suggests, i am looking to return my S22 Ultra back to stock.
i was on beyond rom for a bit, but too many apps complaining that my device was rooted has forced my hand to return my device back to stock once again.
I flashed the stock rom via odin, then locked my bootloader and wiped all data.
However i am still getting messages that my device is modifed.
Anyone got any ideas how to can truely return to full stock?
Thanks in advanced.
And yes i did do a search on the internet before asking, but i have been unable to find any advice outside of what i have already done.
happend to me, too. But only on the latest firmware. When I flash an older firmware, it won't appear. But after updating again to the latest ROM the message appears
Cheers mate. I'll give that a go.
Also note that if the device was rooted then you triggered the Knox flag and that one CANNOT BE RESET, it's an "efuse" (a hardware component that once changed it's state can only be reset by replacing it, i believe you need to replace the entire motherboard for that).
So, if the application checks the Knox status it will fail.
Here are a few apps that i know that will not work anymore :
- Knox itself (and any app that uses the Knox library/API )
- Samsung Pay
- Samsung Health
- Secure Folder
A few years ago I also had a banking app that failed to worked with a Knox flag triggered (on a Note 8), but after an update it allowed me to use the phone as long as i didn't have it rooted.
Suppose I have rooted my phone and my Knox gets tripped then what if I flash the brand new official firmware then will everything be normal?
Once knox is tripped it's gone forever
EugenStanis said:
Once knox is tripped it's gone forever
Click to expand...
Click to collapse
What if i flash a brand new official firmware?
__ashuuu.02 said:
What if i flash a brand new official firmware?
Click to expand...
Click to collapse
Knox will be tripped like before, some functions may not work.
__ashuuu.02 said:
Suppose I have rooted my phone and my Knox gets tripped then what if I flash the brand new official firmware then will everything be normal?
Click to expand...
Click to collapse
There is a LSposed module supposedly for knox features, never tried it though.
I haven't tried it yet, either. https://github.com/BlackMesa123/KnoxPatch
No matter what, of course (for the OP), Knox will be permanently tripped, and there's no way to untrip it.
So, the KNOX status is stored in an "efuse" (electronic fuse), once tripped it cannot be reset, the only way to "fix it" is to replace the entire motherboard, not worth the cost.
You can of course put back a native/oficial firmware, most things will work, but anything that is using the KNOX flag will fail.
From what i remember this are a few of the things that will not work anymore :
- samsung health
- samsung payment
- secure folder
- possibly the dual account support (work/personal) won't work, never used it so not sure
If you don't use those then it's not an issue to have the flag.
You can also use an xpose/lsposed module to hide the knox status, but there's no guarantee that it works or that a firmware update won't make that module fail in the future.
Also, i had a banking app (from a romanian bank) that didn't work with tripped knox, but they did give an update that fixed it so as long as the phone was not rooted the bank app worked without issues (this was about 5-6 years ago on a Note 3)
If you really need to use an app that checks the Knox status, the easisest/cheapest would be to get a second hand phone (with the flag still intact) and sell this one, you'll loose some money but it will be cheaper than replacing the entire motherboard
verszipo said:
So, the KNOX status is stored in an "efuse" (electronic fuse), once tripped it cannot be reset, the only way to "fix it" is to replace the entire motherboard, not worth the cost.
You can of course put back a native/oficial firmware, most things will work, but anything that is using the KNOX flag will fail.
From what i remember this are a few of the things that will not work anymore :
- samsung health
- samsung payment
- secure folder
- possibly the dual account support (work/personal) won't work, never used it so not sure
If you don't use those then it's not an issue to have the flag.
You can also use an xpose/lsposed module to hide the knox status, but there's no guarantee that it works or that a firmware update won't make that module fail in the future.
Also, i had a banking app (from a romanian bank) that didn't work with tripped knox, but they did give an update that fixed it so as long as the phone was not rooted the bank app worked without issues (this was about 5-6 years ago on a Note 3)
If you really need to use an app that checks the Knox status, the easisest/cheapest would be to get a second hand phone (with the flag still intact) and sell this one, you'll loose some money but it will be cheaper than replacing the entire
Click to expand...
Click to collapse
thank you very much your reply helped me a lot you explained everything very well thank you
How to unlock BL, is there any way, US version