Related
I find it hard to believe that this is a completely irreversible process. There MUST be a way to reset this counter, especially since it's entirely possible for there to be false positives. I can imagine sometime in the future an official update will be released that has a chance of blowing the fuse, even if applied correctly through Kies or OTA. How would they resolve that issue?
I figure that Samsung must have a way of resetting these false positives whether it's through replacing a specific chip or through flashing firmware. It really wouldn't make sense for them economically to not have a way of doing it. What would the alternative be? Trash it and make a new one? Samsung would be sued by their shareholders if this was the case.
Logic would dictate it would be more cost effective for it to be a firmware setting, possibly encrypted and extremely low level with some form of obfuscation so they can release fixes for accidental trips without having to send a recall notice.
As a side note, does anyone else feel violated by Samsung because of Knox? The fact they literally boobytrapped their devices with Knox to flag unlocked bootloaders under the guise of "enterprise security" is absolutely disgusting and pathetic. They should have released versions without Knox for the general consumers.
You can use the phone perfectly wok and without knox. Knox is a separate thing to just using the phone. It's a secure container holding secure information for people who want to user it.
Knox is something that most people will not use
Sent from my SM-N9005 using Tapatalk
alom5 said:
You can use the phone perfectly wok and without knox. Knox is a separate thing to just using the phone. It's a secure container holding secure information for people who want to user it.
Knox is something that most people will not use
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
I understand most people won't use the feature, but the fact remains that there are some that will for whatever reason and if the fuse is triggered for reasons that they didn't cause, they are SOL.
The other side is warrenty. It's stated if knox is triggered, they won't honor the warranty, even if it's unrooted.
Master Thief-117 said:
I understand most people won't use the feature, but the fact remains that there are some that will for whatever reason and if the fuse is triggered for reasons that they didn't cause, they are SOL.
The other side is warrenty. It's stated if knox is triggered, they won't honor the warranty, even if it's unrooted.
Click to expand...
Click to collapse
There is no way to trip knox unless you run a custom recovery / kernel.
Other attempts like vroot or kingoapp and whatnot are blocked and knox is not triggered.
All Samsung firmwares are recognised by knox as stock and no there won't be a firmware that will trigger it, they're not that stupid to do it.
So yeah It's an effective solution to protect the information inside the knox container from potential attacks, you root the device by gaining unauthorised root privileges and the container get's completely disabled with all of it's data.
And the Samsung Knox website does mention a fuse.
https://www.samsungknox.com/en/blog/about-cf-auto-root
"Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. "
Skander1998 said:
There is no way to trip knox unless you run a custom recovery / kernel.
Other attempts like vroot or kingoapp and whatnot are blocked and knox is not triggered.
All Samsung firmwares are recognised by knox as stock and no there won't be a firmware that will trigger it, they're not that stupid to do it.
So yeah It's an effective solution to protect the information inside the knox container from potential attacks, you root the device by gaining unauthorised root privileges and the container get's completely disabled with all of it's data.
And the Samsung Knox website does mention a fuse.
https://www.samsungknox.com/en/blog/about-cf-auto-root
"Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. "
Click to expand...
Click to collapse
I am 90% sure that someone on XDA tripped knox with a stock firmware. On phone so can't search well.
Sent from my SM-N9005 using Tapatalk
danieljamie said:
I am 90% sure that someone on XDA tripped knox with a stock firmware. On phone so can't search well.
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
I remember that there was one case on S4 in the very initial stages of knox implementation. Never heard of this scenario any more after that and never saw any for note 3.
Skander1998 said:
There is no way to trip knox unless you run a custom recovery / kernel.
Other attempts like vroot or kingoapp and whatnot are blocked and knox is not triggered.
All Samsung firmwares are recognised by knox as stock and no there won't be a firmware that will trigger it, they're not that stupid to do it.
So yeah It's an effective solution to protect the information inside the knox container from potential attacks, you root the device by gaining unauthorised root privileges and the container get's completely disabled with all of it's data.
And the Samsung Knox website does mention a fuse.
https://www.samsungknox.com/en/blog/about-cf-auto-root
"Once the e-fuse bit is burned, a Samsung KNOX-enabled device can no longer create a KNOX Container, or access the data previously stored in an existing KNOX Container. "
Click to expand...
Click to collapse
Actually, my knox was tripped flashing stock firmware - trying to go back from MJ? Firmware to MI7.... It wouldn't flash cos it won't allow you to go back so I tried the many different method suggested like deleting the modem file within the stock firmware etc.... and then suddenly knox was 0x1.
It sorted me out cos then I didn't have to carry on pussyfooting around and just do what I was supposed to. .. Flash and customise my phone the way I wanted to. So all good in the end. ?
Sent from my SM-N9005 using Tapatalk
alom5 said:
Actually, my knox was tripped flashing stock firmware - trying to go back from MJ? Firmware to MI7.... It wouldn't flash cos it won't allow you to go back so I tried the many different method suggested like deleting the modem file within the stock firmware etc.... and then suddenly knox was 0x1.
It sorted me out cos then I didn't have to carry on pussyfooting around and just do what I was supposed to. .. Flash and customise my phone the way I wanted to. So all good in the end. ?
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
Downgrading bootloader will trip knox. It is not allowed as you are going from a secured bootloader back to one with a loophole. Normal users will never encounter this as you cannot downgrade rom with the official kies.
alom5 said:
Actually, my knox was tripped flashing stock firmware - trying to go back from MJ? Firmware to MI7.... It wouldn't flash cos it won't allow you to go back so I tried the many different method suggested like deleting the modem file within the stock firmware etc.... and then suddenly knox was 0x1.
It sorted me out cos then I didn't have to carry on pussyfooting around and just do what I was supposed to. .. Flash and customise my phone the way I wanted to. So all good in the end. ?
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
as antt said, downgrading to a vulnerable firmware is also not allowed, and knox will trip if you flash it after a new secure update.
You can of course customise everything you want and do whatever, but just don't expect to have Knox anymore, and don't expect warranty.
In reality even before knox everyone knew that every root method warned about losing your warranty immediately, but people cheated and reset counters.
Now you are agreeing to the same disclaimers and you just have to live with it.
If you ever had to protect data that badly, KNOX makes perfect sense.
Sometimes people have sensitive data on their phones (we're not talking about pictures of your ****.) that needs a killswitch. If someone steals your phone, roots it, they can access the data. With KNOX, they can't. For some of us, that's relevant. (No, I'm not getting a blackberry.)
No, I don't feel 'violated by samsung'. Ever had a look at a game console, TV, fridge or any other electronic device? Hell, a car even has the principle of 'mess with the engine and we won't pay for the damage you do.'
Everything has a sticker on the side: "If this sticker is broken, warranty is void". EXACT SAME THING. Nobody complained about that for the last 25 years. This is really nothing new. Welcome to reality.
KNOX can probably be reset as Samsung can do it (We've seen it), but once the switch is triggered, the data is gone.
I feel violated! I've spent £500 on a device that by the fact it's Android, is supposed to be customisable - that's sort of the mantra of Android, isn't it?
The fact that I can only disable a few of the Samsung bloatware apps annoys the hell out of me.
If I buy a PC, I can uninstall whatever I wish, so why can't I do that on my phone? Because Samsung don't allow it as they are in the system area of the device. I wouldn't need to root in the first place if I was allowed to choose which software I want to use.
Not all of us want to screw around with the frequencies of their processor, graphics, ram etc.
KNOX is nothing more than a convenient excuse by way of 'security' for Samsung to kill two birds with one stone.
It will be hacked eventually...what is made by a human can be reversed by another, mark my words
jonboyuk said:
I feel violated! I've spent £500 on a device that by the fact it's Android, is supposed to be customisable - that's sort of the mantra of Android, isn't it?
...
Click to expand...
Click to collapse
You can still customize whatever you want - except selected cases (AT&T and Verizon? - where we know it is an explicit request of the carrier) the bootloader configuration will still let you install a custom recovery and custom kernel and custom ROM. And that is still very, very rare among all the non-Nexus and non-developer-edition phones in the world. That is also pretty unheard of in phones outside the Android ecosystem.
Don't get me wrong, the Knox stuff is still pissing me off a little - but on the other hand given the large amount of Samsung phones that I have seen bricked by morons I can't say that I do not understand how Samsung would like to separate things a little.
Knox is not a big deal. You can still do what you want with the phone and make the appearance and performance to suit the individual. Warranty. .... Either the phone goes wrong in the early days or it stays the long haul. ..I still have 2 galaxy s and an s2 and note 1 all working and rooted and running custom rom and kennels and no problems at all.
Worst case scenario. ..I have insurance. ..
Sent from my SM-N9005 using Tapatalk
I have a Note 3 with a funny screen (bent under the glass, hard to explain) but i am afraid to take it back under warranty, because the replacement unit will surely come with rom version mj7 or higher which reportedly has half the battery life of my current mj1, plus it's not possible to root without tripping knox.
Now, if downgrade was allowed, it would be a totally different case, I would not hesitate to claim warranty on this hardware problem.
I can live with the funny looking screen (only noticeable when the screen is turned off), I decided I will wait with the warranty claim until knox reset, or downgrade without knox tripping becomes possible, or a new firmware with at least as good battery life as mj1 comes out...
Battery life is extremely important to me, and I just love to be able to keep all features of the phone enabled (voice wake, quick glance, all location based google now features, location history, lte, nfc, etc etc) and still get over 5-6 hours of screen on time and a full 16-17 hour stand by.
It is so perfect now I am afraid to risk it, not being able to downgrade legally really limits my willingness to ever upgrade
Sent from my SM-N9005 using Tapatalk
Master Thief-117 said:
As a side note, does anyone else feel violated by Samsung because of Knox? The fact they literally boobytrapped their devices with Knox to flag unlocked bootloaders under the guise of "enterprise security" is absolutely disgusting and pathetic. They should have released versions without Knox for the general consumers.
Click to expand...
Click to collapse
i don't feel violated or cheated nor am i pissed at samsung.....they are not stopping you doing what you want with the phone what they are doing is telling you that if you mess with it then the secure area is fubar .....they are not saying the phone is only the secure area .........and with earlier phones the warning was the same root and your warranty is gone.......
....as for the warranty in the eu we are covered as samsung has to prove that rooting the phone has caused the hardware to fail a blanket your warranty is void won't work....eg my phone is knox 0x1 and the home button falls out .....that is not caused by rooting it is a fault and will be covered by the warranty no matter the state of knox
i am happy with the note 3 ...sure there are people complaining of this and that but that will always be the case my phone does what i want it to do when i want it to so i have no problems
ShadowLea said:
If you ever had to protect data that badly, KNOX makes perfect sense.
Sometimes people have sensitive data on their phones (we're not talking about pictures of your ****.) that needs a killswitch. If someone steals your phone, roots it, they can access the data. With KNOX, they can't. For some of us, that's relevant. (No, I'm not getting a blackberry.)
No, I don't feel 'violated by samsung'. Ever had a look at a game console, TV, fridge or any other electronic device? Hell, a car even has the principle of 'mess with the engine and we won't pay for the damage you do.'
Everything has a sticker on the side: "If this sticker is broken, warranty is void". EXACT SAME THING. Nobody complained about that for the last 25 years. This is really nothing new. Welcome to reality.
KNOX can probably be reset as Samsung can do it (We've seen it), but once the switch is triggered, the data is gone.
Click to expand...
Click to collapse
That kind of data protection is achieved with encryption. Good reliable security solutions are open sourced, no need to use some black box, providing Samsung and their partners access to your data.
So to repeat, encrypt phone with stock android encryption, and it is ok. No it is not 100% secure, but nothing is, neither knox.
Sent from my SM-N9005 using Tapatalk
I doubt that is the case, I just got note 3 a few days ago and it's mj7 and I'm getting savage battery life even though it has only been through3 charge cycles, over 18 hours of standby and 4 1/2 hours of on-screen time and I still had 40% on the battery
vgergo said:
I have a Note 3 with a funny screen (bent under the glass, hard to explain) but i am afraid to take it back under warranty, because the replacement unit will surely come with rom version mj7 or higher which reportedly has half the battery life of my current mj1, plus it's not possible to root without tripping knox.
Sent from my SM-N9005 using Tapatalk
Click to expand...
Click to collapse
Hi All,
I'm reading that root can trip knox, having never owned a Galaxy since the S2 I'm not overly familiar with knox but I've read about what it does.
What is bothering me here is that there seems to be a suggestion that once knox is tripped, that's it. There's no way to untrip it even when flashing a stock factory image again via odin?
Firstly, is this correct?
I'm worried about resale value to the point that I might not care about mobile payments etc, but others might, so a tripped knox could affect value.
If the above is correct I might cancel my pre order, I need root but I don't want a phone that's got limited resale either.
TheBlueRaja said:
What is bothering me here is that there seems to be a suggestion that once knox is tripped, that's it. There's no way to untrip it even when flashing a stock factory image again via odin?
Click to expand...
Click to collapse
Yes that is correct. Once the Knox flag is tripped you can not reverse it.
I don't think it has been confirmed yet that Knox flag breaks Samsung Pay. From what I have read it breaks software dependant on Knox security, ie the BYOD type apps. They use it as an indicator your device is insecure, so It seems reasonable to assume Pay would break too.
Damn it, What a stupid thing to do.
I can understand it being tripped if you are rooted, but to make it permanent if the situation is reverted is ridiculous.
Thanks for the info, I'll hold out a few more days to see what develops just in case, but I think I'm going to cancel my preorder as I need root but I also have to consider selling it on eventually.
Stupid, stupid decision. :crying:
TheBlueRaja said:
Thanks for the info, I'll hold out a few more days to see what develops just in case, but I think I'm going to cancel my preorder as I need root but I also have to consider selling it on eventually.
Click to expand...
Click to collapse
hey, why do you need rooting your phone?
I thought the same way but now I'm going to use adaway with setting up proxy settings in my wifi and mobile apn connections.
The only thing I should need root for is Titanium Backup, but I think with Helium (by ClockworkMod) backups should be performed easily
eSportler said:
hey, why do you need rooting your phone?
I thought the same way but now I'm going to use adaway with setting up proxy settings in my wifi and mobile apn connections.
The only thing I should need root for is Titanium Backup, but I think with Helium (by ClockworkMod) backups should be performed easily
Click to expand...
Click to collapse
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Look at it this way, I have a lovely PC for you - top of the line, fast as hell, lots of memory, premium price, but im going to install Windows 8 on there and a bunch of FREE apps , only im going prevent you from removing them, make sure you cant put Linux or Windows 7 or Windows 10 on there until i say so, prevent you from making any change to the Windows directory otherwise we'll stop you from buying things PERMANENTLY and void your warranty on the hardware so that you'll not be able to sell it on. EVEN IF you factory reset it with my software....
Its a shame as i REALLY wanted this phone, but it looks like it may not be for me unless something crops up with regard to KNOX and root.
TheBlueRaja said:
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Click to expand...
Click to collapse
I'm absolutly with you.
For me it's not a problem because I'm using Facebook, Instagram and Skype. Didn't recognized that they're preinstalled... sry^^
Of course I prefer using the phone the way I want, but it's not as important to me as loosing the warranty. Sure this is quite stupid that Samsung wants to tell us how to use their phone.
If mobile payment will still works with triggered Knox, I'll definetivly root my S6 Edge and maybe try to slim down the stock Rom like I did with my Eragon Rom for the HTC One M7
eSportler said:
I'm absolutly with you.
For me it's not a problem because I'm using Facebook, Instagram and Skype. Didn't recognized that they're preinstalled... sry^^
Of course I prefer using the phone the way I want, but it's not as important to me as loosing the warranty. Sure this is quite stupid that Samsung wants to tell us how to use their phone.
If mobile payment will still works with triggered Knox, I'll definetivly root my S6 Edge and maybe try to slim down the stock Rom like I did with my Eragon Rom for the HTC One M7
Click to expand...
Click to collapse
Yeah - its a shame - hopefully you can still use it, time will tell.
If root comes out without KNOX trigger i'll be all over this - might be too late for day 1 though - i suppose i'll just have to be patient and keep an eye on it.
In the mean time, i'll keep my preorder until the 5th or so then cancel unless something comes up - damn shame though - still i've got my HTC One m8 keeping me happy for now.
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
JuniorGG said:
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
Click to expand...
Click to collapse
If you have root couldn't xposed just hook that call and return KNOX=True whenever queried? I've seen something similar in the past to make Google wallet work with root and without the secure element it required.
Chad
JuniorGG said:
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
Click to expand...
Click to collapse
The thing is, Knox isn't just going to be a Samsung thing, after all its a Samsung and Google collaboration and i believe and it will end up spreading. To be honest, i've no objection and it think its a good idea - HOWEVER
I do think the real problem here is that IF the phone is returned to stock it should reset the KNOX flag back to being unset. Simple, everyone is happy.
If i choose to root then fair enough, trip knox as the phone isn't as secure as it should be - i don't expect to have root access or Admin privileges on my work PC normally and if i try to work round it there are logs to indicate that.
However, i DO expect to have it on my OWN computer and without the threat of the hardware being handicapped should i wish to sell it on, that's just wrong.
TheBlueRaja said:
The thing is, Knox isn't just going to be a Samsung thing, after all its a Samsung and Google collaboration and i believe and it will end up spreading. To be honest, i've no objection and it think its a good idea - HOWEVER
I do think the real problem here is that IF the phone is returned to stock it should reset the KNOX flag back to being unset. Simple, everyone is happy.
If i choose to root then fair enough, trip knox as the phone isn't as secure as it should be - i don't expect to have root access or Admin privileges on my work PC normally and if i try to work round it there are logs to indicate that.
However, i DO expect to have it on my OWN computer and without the threat of the hardware being handicapped should i wish to sell it on, that's just wrong.
Click to expand...
Click to collapse
The problem, from a security perspective, is that there is currently no way to ensure that a phone returned to stock is secure.
Samsung decided from that point to just say once the phone is compromised... that's it. Certain features of Knox disable and, if it's your carrier's policy, the warranty may be void.
But let's be honest from that point as well. Rooting, in most contracts and terms of use, voids the warranty anyhow.
I think many have taken that for granted and don't realize that it can't be in a secure environment.
garwynn said:
The problem, from a security perspective, is that there is currently no way to ensure that a phone returned to stock is secure.
Click to expand...
Click to collapse
Why? I don't see how a phone flashed with Odin using a ROM with a verified cryptographic signature cant be deemed secure? Check this - unset KNOX...
This is like saying that once i've installed Ubuntu on a "Windows" laptop it can no longer be deemed secure and while we are at it, lets fry a hardware fuse?
We are SOFTWARE rooting the phone here, not hardware hacking.
I'm actually curious as to the legality of it as well as they are disabling a part of your phone permanently and on purpose because i choose to run a different OS than the one supplied, but i'm no lawyer and there's probably a loophole or a law allowing it somewhere.
TheBlueRaja said:
Why? I don't see how a phone flashed with Odin using a ROM with a verified cryptographic signature cant be deemed secure? Check this - unset KNOX...
This is like saying that once i've installed Ubuntu on a "Windows" laptop it can no longer be deemed secure and while we are at it, lets fry a hardware fuse?
We are SOFTWARE rooting the phone here, not hardware hacking.
I'm actually curious as to the legality of it as well as they are disabling a part of your phone permanently and on purpose because i choose to run a different OS than the one supplied, but i'm no lawyer and there's probably a loophole or a law allowing it somewhere.
Click to expand...
Click to collapse
What you may be doing is granting software access to root and you may only use root to modify things at a software level.
But you have to keep in mind that's not the only thing root access can do.
It's perfectly legal and I'll even wager they're part of the DoD specification that both they and Apple want to sell to the government.
You have to consider it from a worst case scenario. If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock... both at a hardware, firmware and software level?
Without physically inspecting the phone, they can't - which is why I think this is the way it is.
The Knox team put out a blog entry a while ago about this topic, noting it's a good balance between ensuring security and allowing non-business users to root the device if they want to.
One other note: I don't know enough about the Exynos devices past N2 to say if they've fixed it... but the Note 2's Knox flag was not an e-fuse and could be reset.
garwynn said:
What you may be doing is granting software access to root and you may only use root to modify things at a software level.
But you have to keep in mind that's not the only thing root access can do.
It's perfectly legal and I'll even wager they're part of the DoD specification that both they and Apple want to sell to the government.
You have to consider it from a worst case scenario. If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock... both at a hardware, firmware and software level?
Without physically inspecting the phone, they can't - which is why I think this is the way it is.
The Knox team put out a blog entry a while ago about this topic, noting it's a good balance between ensuring security and allowing non-business users to root the device if they want to.
One other note: I don't know enough about the Exynos devices past N2 to say if they've fixed it... but the Note 2's Knox flag was not an e-fuse and could be reset.
Click to expand...
Click to collapse
Hmm..
Keep in mind here i'm not suggesting apps requiring KNOX are made available whilst rooted like Samsung pay etc, only that the KNOX bit is reset if the phone is flashed back to factory defaults using Samsungs own Odin program and a cryptographically signed firmware. If at that point the phone is rooted again, it would expect it to re-trip KNOX just like it did the first time.
But, lets play a game, lets say i gain root, KNOX bit set and i cant use KNOX apps. I then use that root to make modifications to firmware on the device somehow, which is what i think your insinuating above, not necessarily the Android System partition, maybe the modem firmware (even though its closed source) or something else, for whatever purpose.
IF you have that level of knowledge of the phones hardware then i don't think it would be too much of a stretch to suggest masking the KNOX bit as set would be too hard either, maybe by intercepting the system call to check its status etc but even then when you say:-
"If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock, both at a hardware, firmware and software level"
The firmware and software is taken care of by Odin, that does both, say we did modify the modem firmware above, Odin would write right over it with a VERIFIED image wouldn't it?
Whether you have root or not, you cant do anything about somebody hardware hacking, that's a whole different ball game, if you hacked the hardware you could just change to always respond as the KNOX bit not being set but that would be low level stuff way beyond what pretty much anyone here could do.
Would be interested in that blog post if you have a link - I just don't see this as anything more than a way to discourage more people from rooting.
TheBlueRaja said:
Hmm..
Keep in mind here i'm not suggesting apps requiring KNOX are made available whilst rooted like Samsung pay etc, only that the KNOX bit is reset if the phone is flashed back to factory defaults using Samsungs own Odin program and a cryptographically signed firmware. If at that point the phone is rooted again, it would expect it to re-trip KNOX just like it did the first time.
But, lets play a game, lets say i gain root, KNOX bit set and i cant use KNOX apps. I then use that root to make modifications to firmware on the device somehow, which is what i think your insinuating above, not necessarily the Android System partition, maybe the modem firmware (even though its closed source) or something else, for whatever purpose.
IF you have that level of knowledge of the phones hardware then i don't think it would be too much of a stretch to suggest masking the KNOX bit as set would be too hard either, maybe by intercepting the system call to check its status etc but even then when you say:-
"If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock, both at a hardware, firmware and software level"
The firmware and software is taken care of by Odin, that does both, say we did modify the modem firmware above, Odin would write right over it with a VERIFIED image wouldn't it?
Whether you have root or not, you cant do anything about somebody hardware hacking, that's a whole different ball game, if you hacked the hardware you could just change to always respond as the KNOX bit not being set but that would be low level stuff way beyond what pretty much anyone here could do.
Would be interested in that blog post if you have a link - I just don't see this as anything more than a way to discourage more people from rooting.
Click to expand...
Click to collapse
Blog entries:
https://www.samsungknox.com/en/blog/about-cf-auto-root
https://www.samsungknox.com/en/blog/samsung’s-official-response-“towelroot”
https://www.samsungknox.com/en/blog...ox-enabled-devices-and-knox-warranty-void-bit
There are many, many more on the site, just use the search keyword root.
But that's the gist of it - they understand that some may want root for simpler reasons.
Others may want it for more nefarious ways, like trying to access the keys within the TPM.
The end result sucks for consumers; but as a IT admin I can tell you I wouldn't trust a device with sensitive corporate data if it has been rooted... ever.
Thanks very much, I'll take a look when I get a chance later.
Anyone have an idea which carriers enforce the Knox tripping for repair?
Although this looks like a great device, if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Might as well buy a Note 4 exynos since apparently warranty is not valid in usa.
bjrmd said:
Anyone have an idea which carriers enforce the Knox tripping for repair?
Although this looks like a great device, if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Might as well buy a Note 4 exynos since apparently warranty is not valid in usa.
Click to expand...
Click to collapse
Technically the US has a law, the Magnuson-Moss Warranty Act, which should limit manufacturers voiding of warranties to that damage which can reasonably be blamed on the consumer. (for example, rooting your device shouldn't void the warranty for a defective power button) However, manufacturers usually claim the opposite here and I'm not aware of successful legal challenges.
Looks like sprint at least is ok with it
http://forum.xda-developers.com/showthread.php?t=2674884
TheBlueRaja said:
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Look at it this way, I have a lovely PC for you - top of the line, fast as hell, lots of memory, premium price, but im going to install Windows 8 on there and a bunch of FREE apps , only im going prevent you from removing them, make sure you cant put Linux or Windows 7 or Windows 10 on there until i say so, prevent you from making any change to the Windows directory otherwise we'll stop you from buying things PERMANENTLY and void your warranty on the hardware so that you'll not be able to sell it on. EVEN IF you factory reset it with my software....
Its a shame as i REALLY wanted this phone, but it looks like it may not be for me unless something crops up with regard to KNOX and root.
Click to expand...
Click to collapse
I agree. My last Samsung was a note 2 which knox wasn't a factor and not a big push then. I didn't got to any Samsung's after that due to knox.
I just want root for the reason's you do and edit the phone's density.
Its a shame that we cannot just flash back to stock and "close things up" per say if we want to sell it or have a non root related warranty issue.
Knox is mainly geared toward the business side , so why not make Knox activated by a Admin when the phone is to be used for business where the security is needed. And leave it un-activated for the rest of us.
And i would think the ratio of people rooting vs people not rooting (nor even knowing what it is) is so slim that allowing it wouldn't cause a pandemic in warranty claims.
I know before i root anything i make sure all my points are covered and there are processes in place to un-brick a device. Which i haven't had to unbrick a device since my Moto X or OG Droid.
---------- Post added at 11:13 AM ---------- Previous post was at 10:28 AM ----------
bjrmd said:
if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Click to expand...
Click to collapse
I agree +1
I'm just curious to know whether or not it's possible to restore from a KNOX trip after installing TWRP and a custom Rom. Does restoring stock Rom via Odin restore KNOX status to x0?
No. Once it's done it's done. It's a hardware fuse that blows. You can't undo that.....
Thanks for taking the time to reply. Damn that sucks. So if i trip KNOX and go back to stock Rom via Odin, will I experience tripped KNOX related errors and popups? Would Samsung Pay still be functional?
michel5891 said:
Thanks for taking the time to reply. Damn that sucks. So if i trip KNOX and go back to stock Rom via Odin, will I experience tripped KNOX related errors and popups? Would Samsung Pay still be functional?
Click to expand...
Click to collapse
No Samsung Pay, S Health, Secure Folder, and everything that is knox related.
I just got mine in the mail. Literally 3 minutes ago. SM-G955FD.
So aster rooting I'm definitely going to see Samsung Pay related errors and if i were to attempt to resell, those errors would be dead giveaway. Correct?
I'm debating whether or not to root and put custom Rom on it.
michel5891 said:
I just got mine in the mail. Literally 3 minutes ago. SM-G955FD.
So aster rooting I'm definitely going to see Samsung Pay related errors and if i were to attempt to resell, those errors would be dead giveaway. Correct?
I'm debating whether or not to root and put custom Rom on it.
Click to expand...
Click to collapse
Most definitely
The phone will be missing all those features stated above and also no warranty
Will majorly affect resale price
Not really fair to resell without stating the issues from rooting
So I guess that settles it. Not going to root. That sucks. How is Samsung getting away with this ****? Apple-like behavior. I'll miss rooting; custom roms etc.
Thats whay i will sale my s8+. Thats bored whithout custom roms.
I will back to Note 5, S7 Edge. I think the "new" note 7 will come whith the same problem like the s8. Fu()/&= KNOX !
It's Samsung's loss, modding community will move away from Samsung devices if they continue this lock down crap. I got an international variant so I can root. I don't really care about Samsung pay, S health and secure folder are nice so that sucks but there are likely alternatives in the play store.
VICosPhi said:
It's Samsung's loss, modding community will move away from Samsung devices if they continue this lock down crap. I got an international variant so I can root. I don't really care about Samsung pay, S health and secure folder are nice so that sucks but there are likely alternatives in the play store.
Click to expand...
Click to collapse
You're absolutely right. I've already started looking as other devices, the only caveat is the specs -- the hardware. They're not up to par with Samsung's technology. I hope I'm wrong about this. If i am and there are other devices that are just as good or even better, I'll jump ship.
so u cant use S health in a rooted device? like heart rate monitor and running stress test? etc?
You can use those on a rooted device by hiding root. If you go back to stock, those will not work.
Well now this is confusing me a bit. There's rooting and there's installing custom recovery. Which of the two is going to trip Knox?
michel5891 said:
Well now this is confusing me a bit. There's rooting and there's installing custom recovery. Which of the two is going to trip Knox?
Click to expand...
Click to collapse
Both; you need to install a custom recovery to root.
Near_07 said:
so u cant use S health in a rooted device? like heart rate monitor and running stress test? etc?
Click to expand...
Click to collapse
AFAIK, S Health is the only one of the knox-related apps that can work on a rooted device. Check out this post for instructions.
zfzszt said:
Both; you need to install a custom recovery to root.
AFAIK, S Health is the only one of the knox-related apps that can work on a rooted device. Check out this post for instructions.
Click to expand...
Click to collapse
I'm waiting for that mothership.:crying:
Samsung had locked devices since at least the S6 using Knox. Still one of the highest selling phones out there so I doubt they will care about a few losses in sales. Provably make up more I sales gained by corporate clients.
Sent from my SM-G955F using Tapatalk
Lets be clear here, warranty is only lost in some countries, not all. In the EU its not, even if Samsung claim it is. You should be getting the seller to deal with any warranty claim anyway, not Samsung directly.
As for it being Samsungs loss, well the modding community is absolutely tiny, far less than 1% of sales, so they really dont care and lose nothing. Its a small price to pay for the potential security issues a hacked Knox can bring, for example.. Its possible to simulate knox, or 'secure folder' on a device, but in reality the phone is sending back all the information in that folder to a third party server. However to do this you have to root and flash custom software, this trips the real knox, which the device will then complain about. Tripping Knox has to be permanent otherwise it can be bypassed.
ChrisM75 said:
Lets be clear here, warranty is only lost in some countries, not all. In the EU its not, even if Samsung claim it is. You should be getting the seller to deal with any warranty claim anyway, not Samsung directly.
As for it being Samsungs loss, well the modding community is absolutely tiny, far less than 1% of sales, so they really dont care and lose nothing. Its a small price to pay for the potential security issues a hacked Knox can bring, for example.. Its possible to simulate knox, or 'secure folder' on a device, but in reality the phone is sending back all the information in that folder to a third party server. However to do this you have to root and flash custom software, this trips the real knox, which the device will then complain about. Tripping Knox has to be permanent otherwise it can be bypassed.
Click to expand...
Click to collapse
1% is an over statement.
0.01% is probably still overkill.
Far less than 1%... Well, for giant company like Samsung is, thats lot of money.. But... where is Knox exactly located on motherboard? Can be regain by erasing all (nand erase all, efs, etc) and than flashing all partitions through BOX-Octopus Box and dongle????
zfzszt said:
Both; you need to install a custom recovery to root.
AFAIK, S Health is the only one of the knox-related apps that can work on a rooted device. Check out this post for instructions.
Click to expand...
Click to collapse
No. Rooting has literally nothing to do with the knox counter. Knox is protection against untrusted code.
Every single snapdragon s8 s8+ and n8 of rooted with a 0x0 counter, so it's a little more than possible
Hi guys!
I currently own an iPhone and have for the past 2 years, last time I owned an Android there was none of this "apps blocking because of root". I've been really wanting to move back to android but absolutely DESPISE the Samsung emojis.
My question is, is it possible for me to root the 8+, change the emojis then unroot again? I don't mind tripping KNOX but I do not want to block Snapchat/my banking app.
Thanks
What model? The exynos (G955F) is very different than the snapdragon one (G950U/W) and those are different than the hong Kong/china one (G9500)
I live in UK so it’d be the exynos model
I live in the UK so it's exynos. I just want to be able to root it then change emojis and then unroot.
And leave Knox at 0x0? Unfortunately no.
Snapchat totally works under exynos root though. Magisk can pass safety net. Depending on your bank you can likely get that working too.
The only real impossibles once you root an exynos are Samsung pay and secure folder. That is because they both rely on Knox and once it's 0x1 there's no changing it back. There is literally a tiny electronic fuse that physically pops, making it impossible to put back. As far as I know though only those two things absolutely depend on it. There are even custom kernels that fake 0x0 cosmetically both in the os and in download mode. The only other thing that may matter to you is warranty. Samsung wants to void warranty for every device with tripped Knox, however in many European countries it's illegal for a country to void for that reason, so if the UK is one of them you will be safe from that. I can't say for sure though you will have to check yourself.
If none of those things are showstoppers, I recommend starting with doing some reading on the forums about various things with root and custom recovery on the exynos s8. Be sure to avoid the threads that talk only about "snapdragon" as those are n American phones (usually) with locked bootloaders, so their options are much more limited than yours.
Hope that helps!
Wow! That was more than enough information. Thank you so much for all the help. I really appreciate it.
You should be fine, I've seen people on here do that all time time. But be warned, if you used Samsung pay or secure folder; those will be non-functional once you root because Knox is tripped. I'll never work again even if you flash stock odin.
Hi I've been rooting phones for over 10 years now but the past couple of devices I haven't due to it tripping knox etc but I miss a few things with root and looking for peoples opinions
I love having adaway and been able to fully uninstall apps I don't use
Is there much of an improvement on battery life as I have the exynos version :crying:
Also an app i haven't had chance to use is viper4android is it as good as people say and does it actually boot volume on bluetooth audio without distorting etc as that would be my main use for it
Also what exactly does tripping know destroy? I've read it affects Samsung pay and Samsung pass is there anything else
And has anyone had problems selling there device afterwards from tripping know (mainly in the uk) as I change devices quite a bit and sell them on lol
Thanks
You can use adguard if you don't want to root. I haven't bothered rooting anything for a few years now. It doesn't deliver any additional must have features i can't live without, unlike it used to.
Same boat, rooting for decades. Yet it seems a bit too immature this time on this device.
Also got the exynos junk (Iknew before getting it, but free phone from work).
I decided to go without for now.
Same here - decided to go on without root. The features I miss are - firewall (need to try knox firewall though), direct time sync (minor), some console commands to manage files, titanium backup - this is a major issue, so I can't backup OTP apps etc.
Don't root your device since that requires you unlocking bootloader to root and doing that triggers knock safety thing so it destroys knox permanently and then apps such as Samsung pay, samsung pass, secret folder, encryption and few more that requires knox to work will be unavailable, since knox chip is no longer functioning. Also warranty would be voided if you got 2 years warranty.
So if you plan to use samsung pay or any of other apps later on then avoid rooting and touching bootloader.
Jake.S said:
Don't root your device since that requires you unlocking bootloader to root and doing that triggers knock safety thing so it destroys knox permanently and then apps such as Samsung pay, samsung pass, secret folder, encryption and few more that requires knox to work will be unavailable, since knox chip is no longer functioning. Also warranty would be voided if you got 2 years warranty.
So if you plan to use samsung pay or any of other apps later on then avoid rooting and touching bootloader.
Click to expand...
Click to collapse
i dont know about usa and other countries, but in europe ur warranty won't be void if knox is tripped (afaik)
Still can't do without root unless there a way to block ads while using a vpn of my choice and control a firewall. Have my Note two days now after waiting 3 weeks for it to ship from Hong Kong and first thing I did was to root.
destz0r said:
i dont know about usa and other countries, but in europe ur warranty won't be void if knox is tripped (afaik)
Click to expand...
Click to collapse
Well actually to get it tripped requires bootloader unlock for root and that would void your warranty in Europe. So id knox says 0x0 it also voids warranty
Only those that care about Samsung's proprietary Knox and it's associated bloat should worry about knox being tripped. Only thing I'd probably care about is 3rd party banking apps that might not work with patch hide. If that still works or not unsure.
rooting my n9860 asap. finally just got the oem option to show up. last phone i had was a note 8 not unlockable...and had to keep it for too long, wanting root the entire time. so i'm not missing the chance to do it now. why? to try custom rom, get all bloats/google/samsung apps off the phone and stop looking at system settings that i cannot change(top reason), learn about android / do some dev on it, test root apps made by community(2nd best reason), get a recovery installed, nethunter, call recording, toolbox, run my fav firewall. probably more reasons that im not thinking about right now
mgagnequebec said:
rooting my n9860 asap. finally just got the oem option to show up. last phone i had was a note 8 not unlockable...and had to keep it for too long, wanting root the entire time. so i'm not missing the chance to do it now. why? to try custom rom, get all bloats/google/samsung apps off the phone and stop looking at system settings that i cannot change(top reason), learn about android / do some dev on it, test root apps made by community(2nd best reason), get a recovery installed, nethunter, call recording, toolbox, run my fav firewall. probably more reasons that im not thinking about right now
Click to expand...
Click to collapse
im considering rooting my N9810, but im wondering if I will still receive OTA updates then? or do i have to manually flash the update with each ota?
destz0r said:
im considering rooting my N9810, but im wondering if I will still receive OTA updates then? or do i have to manually flash the update with each ota?
Click to expand...
Click to collapse
You wont get OTA after rooting, since rooting requires you to unlock bootloader so then OTA won't work. Also KNOX won't function permanently once this is done too.
So think if you going to use samsung apps like samsung pay and such then avoid touching bootloader and rooting.
mgagnequebec said:
rooting my n9860 asap. finally just got the oem option to show up. last phone i had was a note 8 not unlockable...and had to keep it for too long, wanting root the entire time. so i'm not missing the chance to do it now. why? to try custom rom, get all bloats/google/samsung apps off the phone and stop looking at system settings that i cannot change(top reason), learn about android / do some dev on it, test root apps made by community(2nd best reason), get a recovery installed, nethunter, call recording, toolbox, run my fav firewall. probably more reasons that im not thinking about right now
Click to expand...
Click to collapse
Is one of them being able to tether (hot spot) without the carrier detecting it
cenwesi said:
Is one of them being able to tether (hot spot) without the carrier detecting it
Click to expand...
Click to collapse
I doubt it but I never tried it before tbh. I guess i should say that i might not be a good example to follow when it comes to updates. i almost never do them. because it always was a compromise one have to make if wanting to root. at least from my experience. like, keep your firmware version low or you loose the ability to root. but gain security patches. i chose my side of the fence long ago hehe