Related
I wonder if anyone is developing another method to unlock the bootloader. The one Asus delivers is instantly voiding the warranty and I don't want to loose it
paysen said:
I wonder if anyone is developing another method to unlock the bootloader. The one Asus delivers is instantly voiding the warranty and I don't want to loose it
Click to expand...
Click to collapse
There's no way to do that (at least not without the Asus RSA key ).Read this post from rayman or read the first 10 pages of that thread.
Pretoriano80 said:
There's no way to do that (at least not without the Asus RSA key ).Read this post from rayman or read the first 10 pages of that thread.
Click to expand...
Click to collapse
Nice little bit of info -- I knew it was encrypted, but AES-Rijndael and 2048 bits keys? Seems a bit overkill to me, but yeah, it is a pretty safe peocedure this way.
Indeed this means no chance whatsoever of unlocking without ASUS doing it for you. Definitive answer, thanks Pretoriano!!
Pretoriano80 said:
There's no way to do that (at least not without the Asus RSA key ).Read this post from rayman or read the first 10 pages of that thread.
Click to expand...
Click to collapse
Sad to hear that. Now I have to think about selling it
Why would you sell it. You still have a warranty... Law in US states unlocking bootloader cannot and flashing your own software cannot void warranty. And if you issue is hardware related, then software is unrelated to your warranty anyway. Worst case Scenario, get a SquareTrade warranty.
Sent from my ASUS Transformer Pad TF700T using xda premium
Darksurf said:
Why would you sell it. You still have a warranty... Law in US states unlocking bootloader cannot and flashing your own software cannot void warranty. And if you issue is hardware related, then software is unrelated to your warranty anyway. Worst case Scenario, get a SquareTrade warranty.
Sent from my ASUS Transformer Pad TF700T using xda premium
Click to expand...
Click to collapse
Because I don't live in US states, I live in germany and I don't like the idea that only a lawsuit will help me in a warranty case
Darksurf said:
Law in US states unlocking bootloader cannot and flashing your own software cannot void warranty.
Click to expand...
Click to collapse
Source and link please
paysen said:
Because I don't live in US states, I live in germany and I don't like the idea that only a lawsuit will help me in a warranty case
Click to expand...
Click to collapse
No manufacturer will let you screw up anything for free and then turn a blind eye and save your butt. If you are that scared of using a technically sound procedure provided by the manufacturer itself, you probably even should not be looking at flashing custom ROMs at all. Just my $0.02.
MartyHulskemper said:
No manufacturer will let you screw up anything for free and then turn a blind eye and save your butt. If you are that scared of using a technically sound procedure provided by the manufacturer itself, you probably even should not be looking at flashing custom ROMs at all. Just my $0.02.
Click to expand...
Click to collapse
What are you talking about? I'm talking about a flickering display or other technical defects which are NOT a result of unlocking or flashing.
Can adb read and write the bootloader? I'm wondering if we can do a comparison of an unlocked and locked TF700 bootloader and get something from that. I know the unlock tool can't unlock without the encrypted, signed response from Asus' servers, but can you overwrite the bootloader with one that's already unlocked?
tsymyn said:
Can adb read and write the bootloader? I'm wondering if we can do a comparison of an unlocked and locked TF700 bootloader and get something from that. I know the unlock tool can't unlock without the encrypted, signed response from Asus' servers, but can you overwrite the bootloader with one that's already unlocked?
Click to expand...
Click to collapse
You can't use adb for that and anyway you have to be unlocked before you can flash anything not signed by Asus.
paysen said:
What are you talking about? I'm talking about a flickering display or other technical defects which are NOT a result of unlocking or flashing.
Click to expand...
Click to collapse
In case you have problems with English, I will happily clarify my statement.
You asked: "I wonder if anyone is developing another method to unlock the bootloader. The one Asus delivers is instantly voiding the warranty and I don't want to loose it."
My reply to this was, and is, IF you do not want to use the unlock feature provided by ASUS -- which either works or not, but when it does, unlocks safely -- that you should stay away from unlocking or custom-flashing you device anyway. That way, you'll prevent screwing up your device in the process and subsequently letting ASUS handle the problem for you (or coming in here and go QQ ).
Furthermore, I do not get the point of getting hardware issues into the mix, because that is irrelevant: you can check for hardware issues before, while on the stock ROM. That way, if you find something -- and it sounds like you already have -- you'll still be under warranty.
So... question: what is your point?
MartyHulskemper said:
In case you have problems with English, I will happily clarify my statement.
You asked: "I wonder if anyone is developing another method to unlock the bootloader. The one Asus delivers is instantly voiding the warranty and I don't want to loose it."
My reply to this was, and is, IF you do not want to use the unlock feature provided by ASUS -- which either works or not, but when it does, unlocks safely -- that you should stay away from unlocking or custom-flashing you device anyway. That way, you'll prevent screwing up your device in the process and subsequently letting ASUS handle the problem for you (or coming in here and go QQ ).
Furthermore, I do not get the point of getting hardware issues into the mix, because that is irrelevant: you can check for hardware issues before, while on the stock ROM. That way, if you find something -- and it sounds like you already have -- you'll still be under warranty.
So... question: what is your point?
Click to expand...
Click to collapse
I'm not afraid of screwing up my device by unlocking or flashing, I've done that 100 times before with my htc devices and my current gnex, I just don't want to loose warranty?!
So why are you writing this?
MartyHulskemper said:
IF you do not want to use the unlock feature provided by ASUS -- which either works or not, but when it does, unlocks safely -- that you should stay away from unlocking or custom-flashing you device anyway. That way, you'll prevent screwing up your device in the process and subsequently letting ASUS handle the problem for you (or coming in here and go QQ ).
Click to expand...
Click to collapse
I didn't even mention that I'm afraid of unlocking, I just don't want to loose the warranty.
paysen said:
The one Asus delivers is instantly voiding the warranty and I don't want to loose it
Click to expand...
Click to collapse
MartyHulskemper said:
Furthermore, I do not get the point of getting hardware issues into the mix, because that is irrelevant: you can check for hardware issues before, while on the stock ROM. That way, if you find something -- and it sounds like you already have -- you'll still be under warranty.
So... question: what is your point?
Click to expand...
Click to collapse
So your point is, that hardware issues won't occur after months of usage? That's simply not true, defects can occur in a year or 2 weeks, no matter how perfect it is working at the moment. The speaker of my HTC Desire HD stopped working after 7 months. That had nothing to do with unlocking - it was just a hardware issue.
My galaxy nexus for example is unlocked, but I can re-lock my bootloader and flash the stock rom if a harware issue occurs (where I am not responsible for) and get it repaired by Samsung.
When I unlock the TF700, Asus instantly voids your warranty because you have to use their software which automatically sends your serial number to their server. So you have no chance to get your device repaired by Asus, even if a hardware issue occurs where you are NOT responsible for.
I don't want to return my device to Asus if I mess sth up.
Is this so hard to understand?
paysen said:
I'm not afraid of screwing up my device by unlocking or flashing, I've done that 100 times before with my htc devices and my current gnex, I just don't want to loose warranty?!
So why are you writing this?
I didn't even mention that I'm afraid of unlocking, I just don't want to loose the warranty.
Click to expand...
Click to collapse
I'm saying that because if you poop your pants for what may, eventually, in a case of bad luck, go wrong with your device, you should not be taking any risk with it *at all*. The main reasoning behind ASUS' contention of the POSSIBILITY of revoking the warranty is clear: only tinkerers do this with their devices -- the majority of users will run devices in the retail, stock state. Tinkerers run a relatively higher risk of screwing up their devices, a simple to comprehend fact not to be explained or elaborated upon.
So your point is, that hardware issues won't occur after months of usage? That's simply not true, defects can occur in a year or 2 weeks, no matter how perfect it is working at the moment. The speaker of my HTC Desire HD stopped working after 7 months. That had nothing to do with unlocking - it was just a hardware issue.
My galaxy nexus for example is unlocked, but I can re-lock my bootloader and flash the stock rom if a harware issue occurs (where I am not responsible for) and get it repaired by Samsung.
When I unlock the TF700, Asus instantly voids your warranty because you have to use their software which automatically sends your serial number to their server. So you have no chance to get your device repaired by Asus, even if a hardware issue occurs where you are NOT responsible for.
I don't want to return my device to Asus if I mess sth up.
Is this so hard to understand?
Click to expand...
Click to collapse
No, this is perfectly understood from even your first post -- the point is tht it is plain bull****. ASUS has, in many cases before -- and you can look that up in several other Transformer subfora in here -- repaired an unlocked device without asking questions, and without apparently caring whether it was unlocked or not.
You act as if you're living in a lawless third-rate (not necessarily meaning third-world) country whereas European consumer law -- and the German consumer law in particular -- is one of the most stringent in the world. If your device has a fault clearly attributable to a manufacturing error, there's no way ASUS is getting away with that -- they are obliged under European law to cover all defects detracting from user experience or device longevity/usefulness for the purpose intended for a minimum of two (2) years. It doesn't matter if the user shat his pants in the process or not.
Oh, if your speaker borking out was a manufacturing error, good for you to have HTC fix it, as they should have! However, 99.999% of the time, on a smartphone, a cracked screen, for example, is user error -- someone's wife should have been on a diet instead of sitting on top of his smartphone or something like that. In rare circumstances, it might be a warranty case, but if your device is of good quality, YOU and you alone are responsible for keeping it that way. And that's what I meant before -- don't screw up your device and then pass on the sh** to ASUS, going QQ to have them fix a previously perfectly good device. That's all.
MartyHulskemper said:
I'm saying that because if you poop your pants for what may, eventually, in a case of bad luck, go wrong with your device, you should not be taking any risk with it *at all*. The main reasoning behind ASUS' contention of the POSSIBILITY of revoking the warranty is clear: only tinkerers do this with their devices -- the majority of users will run devices in the retail, stock state. Tinkerers run a relatively higher risk of screwing up their devices, a simple to comprehend fact not to be explained or elaborated upon..
Click to expand...
Click to collapse
Okay, but that's not my problem, I'm not even afraid of it.
MartyHulskemper said:
No, this is perfectly understood from even your first post -- the point is tht it is plain bull****. ASUS has, in many cases before -- and you can look that up in several other Transformer subfora in here -- repaired an unlocked device without asking questions, and without apparently caring whether it was unlocked or not.
Click to expand...
Click to collapse
I've read several times that they don't even open an RMA case if you have an unlocked bootlader
FE this:
unknown_owner said:
I found this thread after searching for more info on the Device Tracker. To make a long story short, Asus has voided my Prime warranty saying my tablet has been rooted. After digging into them about how they got that information knowing I never sent my tablet to them, they said that they were able to get that from the devicetracker.asus.com website. Not only is it used to used to track the GPS of your tablet, but apparently they are able to get system information as well and something in there told them that my tablet was rooted. My tablet is not unlocked though. So be careful what you do.
Click to expand...
Click to collapse
Transformer Prime:
almightywhacko said:
If you unlock your tablet's bootloader, you basically void your warranty.
Unless you know for certain that you never want to get an OTA update, or warranty repair again, don't unlock your Prime.
If you think you may have hardware issues in the future, and you don't want to buy a new tablet or pay to have them fixed, don't unlock your bootloader.
If all you bought the Prime for was playing around with custom ROMs, or if the only way Android has ever made you happy is through a custom ROM and you don't mind not having a warranty, then yes, go ahead and unlock your bootloader.
And yes. Asus knows when when a tablet's bootloader has been unlocked.
Click to expand...
Click to collapse
MartyHulskemper said:
You act as if you're living in a lawless third-rate (not necessarily meaning third-world) country whereas European consumer law -- and the German consumer law in particular -- is one of the most stringent in the world. If your device has a fault clearly attributable to a manufacturing error, there's no way ASUS is getting away with that -- they are obliged under European law to cover all defects detracting from user experience or device longevity/usefulness for the purpose intended for a minimum of two (2) years. It doesn't matter if the user shat his pants in the process or not.
Click to expand...
Click to collapse
paysen said:
I live in germany and I don't like the idea that only a lawsuit will help me in a warranty case
Click to expand...
Click to collapse
I know we have a good consumer law in germany, but Asus will reject my RMA request, even if it's against the law. Forcing me to open a lawsuit - which I am not interested in for getting my device repaired. Beside that, this would take months..
MartyHulskemper said:
Oh, if your speaker borking out was a manufacturing error, good for you to have HTC fix it, as they should have! (But they may have done that because I was able to unlock / lock the bootloader without their knowing)
but if your device is of good quality, YOU and you alone are responsible for keeping it that way.(Where am I talking about screwing the device myself) And that's what I meant before -- don't screw up your device and then pass on the sh** to ASUS, going QQ to have them fix a previously perfectly good device. That's all.
Click to expand...
Click to collapse
I'm not going to spend any more time on this than typing this sentence.
Hi All,
I'm reading that root can trip knox, having never owned a Galaxy since the S2 I'm not overly familiar with knox but I've read about what it does.
What is bothering me here is that there seems to be a suggestion that once knox is tripped, that's it. There's no way to untrip it even when flashing a stock factory image again via odin?
Firstly, is this correct?
I'm worried about resale value to the point that I might not care about mobile payments etc, but others might, so a tripped knox could affect value.
If the above is correct I might cancel my pre order, I need root but I don't want a phone that's got limited resale either.
TheBlueRaja said:
What is bothering me here is that there seems to be a suggestion that once knox is tripped, that's it. There's no way to untrip it even when flashing a stock factory image again via odin?
Click to expand...
Click to collapse
Yes that is correct. Once the Knox flag is tripped you can not reverse it.
I don't think it has been confirmed yet that Knox flag breaks Samsung Pay. From what I have read it breaks software dependant on Knox security, ie the BYOD type apps. They use it as an indicator your device is insecure, so It seems reasonable to assume Pay would break too.
Damn it, What a stupid thing to do.
I can understand it being tripped if you are rooted, but to make it permanent if the situation is reverted is ridiculous.
Thanks for the info, I'll hold out a few more days to see what develops just in case, but I think I'm going to cancel my preorder as I need root but I also have to consider selling it on eventually.
Stupid, stupid decision. :crying:
TheBlueRaja said:
Thanks for the info, I'll hold out a few more days to see what develops just in case, but I think I'm going to cancel my preorder as I need root but I also have to consider selling it on eventually.
Click to expand...
Click to collapse
hey, why do you need rooting your phone?
I thought the same way but now I'm going to use adaway with setting up proxy settings in my wifi and mobile apn connections.
The only thing I should need root for is Titanium Backup, but I think with Helium (by ClockworkMod) backups should be performed easily
eSportler said:
hey, why do you need rooting your phone?
I thought the same way but now I'm going to use adaway with setting up proxy settings in my wifi and mobile apn connections.
The only thing I should need root for is Titanium Backup, but I think with Helium (by ClockworkMod) backups should be performed easily
Click to expand...
Click to collapse
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Look at it this way, I have a lovely PC for you - top of the line, fast as hell, lots of memory, premium price, but im going to install Windows 8 on there and a bunch of FREE apps , only im going prevent you from removing them, make sure you cant put Linux or Windows 7 or Windows 10 on there until i say so, prevent you from making any change to the Windows directory otherwise we'll stop you from buying things PERMANENTLY and void your warranty on the hardware so that you'll not be able to sell it on. EVEN IF you factory reset it with my software....
Its a shame as i REALLY wanted this phone, but it looks like it may not be for me unless something crops up with regard to KNOX and root.
TheBlueRaja said:
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Click to expand...
Click to collapse
I'm absolutly with you.
For me it's not a problem because I'm using Facebook, Instagram and Skype. Didn't recognized that they're preinstalled... sry^^
Of course I prefer using the phone the way I want, but it's not as important to me as loosing the warranty. Sure this is quite stupid that Samsung wants to tell us how to use their phone.
If mobile payment will still works with triggered Knox, I'll definetivly root my S6 Edge and maybe try to slim down the stock Rom like I did with my Eragon Rom for the HTC One M7
eSportler said:
I'm absolutly with you.
For me it's not a problem because I'm using Facebook, Instagram and Skype. Didn't recognized that they're preinstalled... sry^^
Of course I prefer using the phone the way I want, but it's not as important to me as loosing the warranty. Sure this is quite stupid that Samsung wants to tell us how to use their phone.
If mobile payment will still works with triggered Knox, I'll definetivly root my S6 Edge and maybe try to slim down the stock Rom like I did with my Eragon Rom for the HTC One M7
Click to expand...
Click to collapse
Yeah - its a shame - hopefully you can still use it, time will tell.
If root comes out without KNOX trigger i'll be all over this - might be too late for day 1 though - i suppose i'll just have to be patient and keep an eye on it.
In the mean time, i'll keep my preorder until the 5th or so then cancel unless something comes up - damn shame though - still i've got my HTC One m8 keeping me happy for now.
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
JuniorGG said:
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
Click to expand...
Click to collapse
If you have root couldn't xposed just hook that call and return KNOX=True whenever queried? I've seen something similar in the past to make Google wallet work with root and without the secure element it required.
Chad
JuniorGG said:
There hasn't been solution for KNOX for so long, that it's very hard to imagine that there will ever be one.
I hate KNOX so much, I don't think I will ever purchase another Samsung phone. This is not an absolute statement of course, however it is rather so.
Click to expand...
Click to collapse
The thing is, Knox isn't just going to be a Samsung thing, after all its a Samsung and Google collaboration and i believe and it will end up spreading. To be honest, i've no objection and it think its a good idea - HOWEVER
I do think the real problem here is that IF the phone is returned to stock it should reset the KNOX flag back to being unset. Simple, everyone is happy.
If i choose to root then fair enough, trip knox as the phone isn't as secure as it should be - i don't expect to have root access or Admin privileges on my work PC normally and if i try to work round it there are logs to indicate that.
However, i DO expect to have it on my OWN computer and without the threat of the hardware being handicapped should i wish to sell it on, that's just wrong.
TheBlueRaja said:
The thing is, Knox isn't just going to be a Samsung thing, after all its a Samsung and Google collaboration and i believe and it will end up spreading. To be honest, i've no objection and it think its a good idea - HOWEVER
I do think the real problem here is that IF the phone is returned to stock it should reset the KNOX flag back to being unset. Simple, everyone is happy.
If i choose to root then fair enough, trip knox as the phone isn't as secure as it should be - i don't expect to have root access or Admin privileges on my work PC normally and if i try to work round it there are logs to indicate that.
However, i DO expect to have it on my OWN computer and without the threat of the hardware being handicapped should i wish to sell it on, that's just wrong.
Click to expand...
Click to collapse
The problem, from a security perspective, is that there is currently no way to ensure that a phone returned to stock is secure.
Samsung decided from that point to just say once the phone is compromised... that's it. Certain features of Knox disable and, if it's your carrier's policy, the warranty may be void.
But let's be honest from that point as well. Rooting, in most contracts and terms of use, voids the warranty anyhow.
I think many have taken that for granted and don't realize that it can't be in a secure environment.
garwynn said:
The problem, from a security perspective, is that there is currently no way to ensure that a phone returned to stock is secure.
Click to expand...
Click to collapse
Why? I don't see how a phone flashed with Odin using a ROM with a verified cryptographic signature cant be deemed secure? Check this - unset KNOX...
This is like saying that once i've installed Ubuntu on a "Windows" laptop it can no longer be deemed secure and while we are at it, lets fry a hardware fuse?
We are SOFTWARE rooting the phone here, not hardware hacking.
I'm actually curious as to the legality of it as well as they are disabling a part of your phone permanently and on purpose because i choose to run a different OS than the one supplied, but i'm no lawyer and there's probably a loophole or a law allowing it somewhere.
TheBlueRaja said:
Why? I don't see how a phone flashed with Odin using a ROM with a verified cryptographic signature cant be deemed secure? Check this - unset KNOX...
This is like saying that once i've installed Ubuntu on a "Windows" laptop it can no longer be deemed secure and while we are at it, lets fry a hardware fuse?
We are SOFTWARE rooting the phone here, not hardware hacking.
I'm actually curious as to the legality of it as well as they are disabling a part of your phone permanently and on purpose because i choose to run a different OS than the one supplied, but i'm no lawyer and there's probably a loophole or a law allowing it somewhere.
Click to expand...
Click to collapse
What you may be doing is granting software access to root and you may only use root to modify things at a software level.
But you have to keep in mind that's not the only thing root access can do.
It's perfectly legal and I'll even wager they're part of the DoD specification that both they and Apple want to sell to the government.
You have to consider it from a worst case scenario. If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock... both at a hardware, firmware and software level?
Without physically inspecting the phone, they can't - which is why I think this is the way it is.
The Knox team put out a blog entry a while ago about this topic, noting it's a good balance between ensuring security and allowing non-business users to root the device if they want to.
One other note: I don't know enough about the Exynos devices past N2 to say if they've fixed it... but the Note 2's Knox flag was not an e-fuse and could be reset.
garwynn said:
What you may be doing is granting software access to root and you may only use root to modify things at a software level.
But you have to keep in mind that's not the only thing root access can do.
It's perfectly legal and I'll even wager they're part of the DoD specification that both they and Apple want to sell to the government.
You have to consider it from a worst case scenario. If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock... both at a hardware, firmware and software level?
Without physically inspecting the phone, they can't - which is why I think this is the way it is.
The Knox team put out a blog entry a while ago about this topic, noting it's a good balance between ensuring security and allowing non-business users to root the device if they want to.
One other note: I don't know enough about the Exynos devices past N2 to say if they've fixed it... but the Note 2's Knox flag was not an e-fuse and could be reset.
Click to expand...
Click to collapse
Hmm..
Keep in mind here i'm not suggesting apps requiring KNOX are made available whilst rooted like Samsung pay etc, only that the KNOX bit is reset if the phone is flashed back to factory defaults using Samsungs own Odin program and a cryptographically signed firmware. If at that point the phone is rooted again, it would expect it to re-trip KNOX just like it did the first time.
But, lets play a game, lets say i gain root, KNOX bit set and i cant use KNOX apps. I then use that root to make modifications to firmware on the device somehow, which is what i think your insinuating above, not necessarily the Android System partition, maybe the modem firmware (even though its closed source) or something else, for whatever purpose.
IF you have that level of knowledge of the phones hardware then i don't think it would be too much of a stretch to suggest masking the KNOX bit as set would be too hard either, maybe by intercepting the system call to check its status etc but even then when you say:-
"If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock, both at a hardware, firmware and software level"
The firmware and software is taken care of by Odin, that does both, say we did modify the modem firmware above, Odin would write right over it with a VERIFIED image wouldn't it?
Whether you have root or not, you cant do anything about somebody hardware hacking, that's a whole different ball game, if you hacked the hardware you could just change to always respond as the KNOX bit not being set but that would be low level stuff way beyond what pretty much anyone here could do.
Would be interested in that blog post if you have a link - I just don't see this as anything more than a way to discourage more people from rooting.
TheBlueRaja said:
Hmm..
Keep in mind here i'm not suggesting apps requiring KNOX are made available whilst rooted like Samsung pay etc, only that the KNOX bit is reset if the phone is flashed back to factory defaults using Samsungs own Odin program and a cryptographically signed firmware. If at that point the phone is rooted again, it would expect it to re-trip KNOX just like it did the first time.
But, lets play a game, lets say i gain root, KNOX bit set and i cant use KNOX apps. I then use that root to make modifications to firmware on the device somehow, which is what i think your insinuating above, not necessarily the Android System partition, maybe the modem firmware (even though its closed source) or something else, for whatever purpose.
IF you have that level of knowledge of the phones hardware then i don't think it would be too much of a stretch to suggest masking the KNOX bit as set would be too hard either, maybe by intercepting the system call to check its status etc but even then when you say:-
"If a device has been modified in any way, how can they assure it's been reset 100% completely back to stock, both at a hardware, firmware and software level"
The firmware and software is taken care of by Odin, that does both, say we did modify the modem firmware above, Odin would write right over it with a VERIFIED image wouldn't it?
Whether you have root or not, you cant do anything about somebody hardware hacking, that's a whole different ball game, if you hacked the hardware you could just change to always respond as the KNOX bit not being set but that would be low level stuff way beyond what pretty much anyone here could do.
Would be interested in that blog post if you have a link - I just don't see this as anything more than a way to discourage more people from rooting.
Click to expand...
Click to collapse
Blog entries:
https://www.samsungknox.com/en/blog/about-cf-auto-root
https://www.samsungknox.com/en/blog/samsung’s-official-response-“towelroot”
https://www.samsungknox.com/en/blog...ox-enabled-devices-and-knox-warranty-void-bit
There are many, many more on the site, just use the search keyword root.
But that's the gist of it - they understand that some may want root for simpler reasons.
Others may want it for more nefarious ways, like trying to access the keys within the TPM.
The end result sucks for consumers; but as a IT admin I can tell you I wouldn't trust a device with sensitive corporate data if it has been rooted... ever.
Thanks very much, I'll take a look when I get a chance later.
Anyone have an idea which carriers enforce the Knox tripping for repair?
Although this looks like a great device, if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Might as well buy a Note 4 exynos since apparently warranty is not valid in usa.
bjrmd said:
Anyone have an idea which carriers enforce the Knox tripping for repair?
Although this looks like a great device, if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Might as well buy a Note 4 exynos since apparently warranty is not valid in usa.
Click to expand...
Click to collapse
Technically the US has a law, the Magnuson-Moss Warranty Act, which should limit manufacturers voiding of warranties to that damage which can reasonably be blamed on the consumer. (for example, rooting your device shouldn't void the warranty for a defective power button) However, manufacturers usually claim the opposite here and I'm not aware of successful legal challenges.
Looks like sprint at least is ok with it
http://forum.xda-developers.com/showthread.php?t=2674884
TheBlueRaja said:
Its more than Adaway / Titanium backup, its removing Facebook, Instagram and Skype, which i don't use and or want, being able to run Xposed and root explorer so that i can use MY phone the way I want it without permanently affecting the resale value even if its returned to stock.
Look at it this way, I have a lovely PC for you - top of the line, fast as hell, lots of memory, premium price, but im going to install Windows 8 on there and a bunch of FREE apps , only im going prevent you from removing them, make sure you cant put Linux or Windows 7 or Windows 10 on there until i say so, prevent you from making any change to the Windows directory otherwise we'll stop you from buying things PERMANENTLY and void your warranty on the hardware so that you'll not be able to sell it on. EVEN IF you factory reset it with my software....
Its a shame as i REALLY wanted this phone, but it looks like it may not be for me unless something crops up with regard to KNOX and root.
Click to expand...
Click to collapse
I agree. My last Samsung was a note 2 which knox wasn't a factor and not a big push then. I didn't got to any Samsung's after that due to knox.
I just want root for the reason's you do and edit the phone's density.
Its a shame that we cannot just flash back to stock and "close things up" per say if we want to sell it or have a non root related warranty issue.
Knox is mainly geared toward the business side , so why not make Knox activated by a Admin when the phone is to be used for business where the security is needed. And leave it un-activated for the rest of us.
And i would think the ratio of people rooting vs people not rooting (nor even knowing what it is) is so slim that allowing it wouldn't cause a pandemic in warranty claims.
I know before i root anything i make sure all my points are covered and there are processes in place to un-brick a device. Which i haven't had to unbrick a device since my Moto X or OG Droid.
---------- Post added at 11:13 AM ---------- Previous post was at 10:28 AM ----------
bjrmd said:
if the Knox trip invalidates warranty, you may be very angry if lets say the usb port or power button malfunctions and repair is not covered.
Click to expand...
Click to collapse
I agree +1
Hello, everybody.
@Moderators: If this thread is irrelevant, please let me know the reason.
When EFuse was released on the Galaxy Note 2 and the S3, not many people knew about this.
The Knox-Counter is just software-based and resetable, so it's not a problem.
The idea behind the EFuse is rather good.
It will make your device much more secure.
If you root a device, you'll lose some software features (like Samsung Pay/Fingerprints on S6, KNOX, etc.). This will happen due to several security reasons .
But a huge problem is, that it makes you to feel very restricted.
Well, it would be no problem, if this EFuse was resettable.
...But if the EFuse is triggered, the EFuse-Chip will take physical damage (short circuit), so you'll lose some software features.
But the worst thing is, that you can't revert the EFuse, without replacing the motherboard of your phone.:crying:
That software-based KNOX-Counter is easily revertable. But EFuse can be used, to detect, whether the device was ever rooted. So a triggered eFuse will cause your guarantee to die forever. And some software-features also will be gone, even if you Unroot the Device.
EFuse would be a better idea, if it was just temporairly activated, when the device is rooted.
When the device recieves an unroot, efuse should reset, but it does not.
The Knox-Counter can be resetted manually, as it's no physical hardware.
A triggered Efuse means: You'll lose your guarantee and some features of your phone - for ever - unrevertable.
What do you think about that? Let me know by posting here and/or voting on the poll.
As far as i know, Flashing some software also triggers the eFusee
A better solution for eFuse
I can understand, why some software features have to be disabled after Rooting the Device or Flashing some software, but here's a better solution:
Flash
Flashing Software only disables features, until this software is uninstalled again.
OR: KNOX, Samsung Pay, etc. is only disabled, while a flashed software is running. After taskkilling it, knox and pay come back again.
Root:
Only disable KNOX and PAY - while the device is rooted - enable it again, when the device recieves an unroot. (Don't disable features forever
Avoiding the EFuse-Trigger also restricts the Backup Capatibilities.
Yes i know, you can't be secure enough, but freedom should also have it's place, as long as EFuse is secure enough. And it's secure enough, if it is just temporairly triggered.
But i think, the main reason, why EFuse isn't resettable without motherboard replacement is, the guarantee. Manufacturers can see, whenever something like root/flash ever happened.
Trapped
Because of EFuse, i'm pretty much trapped.
See my other thread: Note 3 Downgrade
http://forum.xda-developers.com/galaxy-note-3/help/downgrading-galaxy-note-3-sm-n9005-4-4-t3131338
Let's hope the Note 5, to have a revertable EFuse.
Hannah Stern said:
Let's hope the Note 5, to have a revertable EFuse.
Click to expand...
Click to collapse
Naaa, JJD will stick to his nexus type devices, he likes the flexibility and development.
««Judging the unjustly via my Nexus 6»»
Neo says no Efuse allowed. Saying that to someone just isn't nice. Sticking with my m9 also
Chuck Norris can reverse an E Fuse...
orangekid said:
Chuck Norris can reverse an E Fuse...
Click to expand...
Click to collapse
Where is he? :laugh:
http://www.nochucknorris.com/
Judge Joseph Dredd said:
Naaa, JJD will stick to his nexus type devices, he likes the flexibility and development.
««Judging the unjustly via my Nexus 6»»
Click to expand...
Click to collapse
Yes, Wugs Toolkit is great. I think, the Nexus 6 has no EFuse.
But Hannah likes replacable batteries and MicroSD and super-cameras.
And misses the TouchWiz from the darling Note 2.
I hope the Note 5 not to have Pj.Zero.
...and no EFuse
eFuse, by design, is irreversible. Designing a "reversible" eFuse would pretty much have no meaning - it would be like making a safe that can't be locked.
The eFuse has a great role in Samsung devices, but the WAY Samsung uses them (warranty void, if ever triggered, you can't use a lot of features) is not great, actually, it's far from great.
Instead of eFuses, I'd suggest using a different mechanism, something used in the Nexus devices - lock the bootloader, make a bootloader unlock code generator available, and check bootloader status. While unlocked, NAND is not encrypted, system partition is not protected, etc., and specific features are locked. If the BL lock is reactivated, do not boot until a valid stock firmware is flashed, then reactivate the disabled features.
fonix232 said:
eFuse, by design, is irreversible. Designing a "reversible" eFuse would pretty much have no meaning - it would be like making a safe that can't be locked.
The eFuse has a great role in Samsung devices, but the WAY Samsung uses them (warranty void, if ever triggered, you can't use a lot of features) is not great, actually, it's far from great.
Instead of eFuses, I'd suggest using a different mechanism, something used in the Nexus devices - lock the bootloader, make a bootloader unlock code generator available, and check bootloader status. While unlocked, NAND is not encrypted, system partition is not protected, etc., and specific features are locked. If the BL lock is reactivated, do not boot until a valid stock firmware is flashed, then reactivate the disabled features.
Click to expand...
Click to collapse
EXACTLY. While the bootloader is unlocked, access to KNOX and Samsung Pay etc. should be denied. Flashing and Rooting is only possible with unlocked bootloader. But the bootloader can be locked again anytime.
The only problem is the WIPE in the nexus devices.
EFuse-Such a horribly bad Idea.
They had to do something to prevent it being reversed. With all the idiots returning devices because they messed it up to a non Bootable state, this allows them to see if it was their fault or some idiot messing with things that they had no place messing with.
I rEfuse to buy anything with Efuse. :silly:
No thank you.
Most devices shipped nowadays have some sort of Incremental fuse. Whether that fuse is checked by software or vise versa, is another story.
Sent from my SCH-I545 using XDA Free mobile app
Darth said:
I rEfuse to buy anything with Efuse. :silly:
No thank you.
Click to expand...
Click to collapse
Agreed. Then I stopped using Samsung devices right after they lied to the dev community
zelendel said:
They had to do something to prevent it being reversed. With all the idiots returning devices because they messed it up to a non Bootable state, this allows them to see if it was their fault or some idiot messing with things that they had no place messing with.
Click to expand...
Click to collapse
Yes. But who the hell wants that? Nobody.
On Nexus devices, unrooting and bootloader-locking the device will recover the Warrenty.
Hannah Stern said:
Yes. But who the hell wants that? Nobody.
On Nexus devices, unrooting and bootloader-locking the device will recover the Warrenty.
Click to expand...
Click to collapse
Technically incorrect, rooting/unlocking bootloader voids warranty - once something us void you can't legally unvoid it. Just because you can unroot/relock bootloader and make it look like it wasn't tampered with, doesn't mean you recover warranty - but it becomes your word against Google/supplier.
I'm sure in most cases with the Nexus it's not cost effective to determine if any tampering went on, but I'd imagine if for example someone built/deployed an aggressive OC'ed kernel and burnt out the CPU there'd be questions asked during an RMA.
All of the discussions I am seeing are about people trying to root their new Pixel 2 devices. They are worried they won't be able to root due to the Verizon locking and/or lack of images. My question is simple. If I buy a Pixel 2 / XL from google's site, is there anyway I can prevent the phone from being rooted and/or flashed with another (custom or google) bootloader? Can the FRP help me here? I'm just getting ramped on how google's phones work and I want to know if I can prevent evil maid attacks (someone temporarily gets access and loads malicious software on it). If someone has rooted it, is there anyway I would know? Would it have been erased? If I set the OEM unlock to disabled in the developer's options, would that prevent it, or is there a way to disable that in the recovery boot environment? I know the blackberry prevents root and I'm wondering how to achieve similar security with Pixel 2 devices.
Thanks in advance
brainysmurf said:
All of the discussions I am seeing are about people trying to root their new Pixel 2 devices. They are worried they won't be able to root due to the Verizon locking and/or lack of images. My question is simple. If I buy a Pixel 2 / XL from google's site, is there anyway I can prevent the phone from being rooted and/or flashed with another (custom or google) bootloader? Can the FRP help me here? I'm just getting ramped on how google's phones work and I want to know if I can prevent evil maid attacks (someone temporarily gets access and loads malicious software on it). If someone has rooted it, is there anyway I would know? Would it have been erased? If I set the OEM unlock to disabled in the developer's options, would that prevent it, or is there a way to disable that in the recovery boot environment? I know the blackberry prevents root and I'm wondering how to achieve similar security with Pixel 2 devices.
Thanks in advance
Click to expand...
Click to collapse
If you let people spend inordinate amounts of time with your phone, there's not much you can do to prevent someone from rooting your phone... except putting a password on it and not letting people spend inordinate amounts of time with your phone.
Sent from my Pixel 2 using Tapatalk
ajrty33 said:
If you let people spend inordinate amounts of time with your phone, there's not much you can do to prevent someone from rooting your phone... except putting a password on it and not letting people spend inordinate amounts of time with your phone.
Sent from my Pixel 2 using Tapatalk
Click to expand...
Click to collapse
Thanks for the answer. However this has not been true for many phones, namely the blackberry, and even some models of the Pixel (verizon). I noticed you mentioned "putting a password on it". Assuming my phone is entirely feature protected (password, encryption, oem unlock disabled...), will this prevent the the standard rooting procedures? I understand exploits may be found, but I'm not considering those seeing as they will be patched. It's the standard rooting procedures I'm concerned about. I don't want rooting my phone (without me knowing) to be an enabled feature (or possible at at all if that is feasible). My only goal here is to stop that.
Thank you
brainysmurf said:
Thanks for the answer. However this has not been true for many phones, namely the blackberry, and even some models of the Pixel (verizon). I noticed you mentioned "putting a password on it". Assuming my phone is entirely feature protected (password, encryption, oem unlock disabled...), will this prevent the the standard rooting procedures? I understand exploits may be found, but I'm not considering those seeing as they will be patched. It's the standard rooting procedures I'm concerned about. I don't want rooting my phone (without me knowing) to be an enabled feature (or possible at at all if that is feasible). My only goal here is to stop that.
Thank you
Click to expand...
Click to collapse
To root you need to have an unlocked bootloader. Unlocking the bootloader requires the OEM unlocking switch to be flipped. Getting to that point requires you to enter your password twice (unlocking the phone and enabling developer options). You also need a computer with a functional fastboot setup. Unlocking the bootloader wipes the phone and all of your personal information with it. After unlocking the bootloader you have to push some files to the phone via adb or with mtp after you have logged back into your phone. Then you have to flash twrp via fastboot and in turn flash magisk. (This is all of the to of my head. You can read the root threads for the exact details.)
The point is your phone can't be rooted without you knowing it.
Sent from my Pixel 2 using Tapatalk
PiousInquisitor said:
To root you need to have an unlocked bootloader. Unlocking the bootloader requires the OEM unlocking switch to be flipped. Getting to that point requires you to enter your password twice (unlocking the phone and enabling developer options). You also need a computer with a functional fastboot setup. Unlocking the bootloader wipes the phone and all of your personal information with it. After unlocking the bootloader you have to push some files to the phone via adb or with mtp after you have logged back into your phone. Then you have to flash twrp via fastboot and in turn flash magisk. (This is all of the to of my head. You can read the root threads for the exact details.)
The point is your phone can't be rooted without you knowing it.
Sent from my Pixel 2 using Tapatalk
Click to expand...
Click to collapse
Excellent. That is what I was looking for. If that is true, this phone meets my security needs.
brainysmurf said:
Excellent. That is what I was looking for. If that is true, this phone meets my security needs.
Click to expand...
Click to collapse
You don't need to be rooted for malicious software to be loaded on to your phone. Just stick with installation of apps from the play store and check the reviews/ratings and if something sounds to good to be true then it's probably best to avoid it unless you have valid sources authenticating it.
flunk03 said:
You don't need to be rooted for malicious software to be loaded on to your phone. Just stick with installation of apps from the play store and check the reviews/ratings and if something sounds to good to be true then it's probably best to avoid it unless you have valid sources authenticating it.
Click to expand...
Click to collapse
right, we already have those principles down. we're just trying to understand how vulnerable we are to specific attacks that are out there, namely the evil maid attacks. our team is extremely conservative on the basics that you are speaking of. we're just filling in the blanks for some more sophisticated attacks that are possible on the pixel, which is a new platform to us.
Thanks
brainysmurf said:
right, we already have those principles down. we're just trying to understand how vulnerable we are to specific attacks that are out there, namely the evil maid attacks. our team is extremely conservative on the basics that you are speaking of. we're just filling in the blanks for some more sophisticated attacks that are possible on the pixel, which is a new platform to us.
Thanks
Click to expand...
Click to collapse
The workflow that @PiousInquisitor stated is true for, AFAIK, every modern Android device in existence.
brainysmurf said:
right, we already have those principles down. we're just trying to understand how vulnerable we are to specific attacks that are out there, namely the evil maid attacks. our team is extremely conservative on the basics that you are speaking of. we're just filling in the blanks for some more sophisticated attacks that are possible on the pixel, which is a new platform to us.
Thanks
Click to expand...
Click to collapse
So far all the above answers are correct. I'll add a couple more. Evil maid attacks are not being used on phones/android afaik. My understanding is that a computer must be booted with a USB stick while you're not looking, installing software onto your computer/laptop and then hijacking it. So I wouldn't worry about that. Even so, keeping OEM lock in the disabled state in dev options will prevent root on your device. Also do not install unapproved software and if you are that worried you might want a scanning program that will root (no pun intended) out malicious software. I think there are a few out there.
As for FRP, it's a good idea but it can be bypassed. There are people out there that can take a stolen phone and bypass FRP for a fee of around $30. Also searching for FRP bypass will give you some ways as well. So I would not rely on that. Nonetheless they would need to wipe the device to do that and by that time you would have blacklisted the IMEI and rendered the phone useless to the thieves. You and your company seem aware and cautious. I don't think you'll run into any issues with the Pixel 2. You made a good choice.
The device software is rarely the vulnerability, it's the people using the device.
If your threat model is such that the ultimate question is "what can someone do with physical access to the device", you're dealing with zero day exploits that aren't publicly known and all of our feedback is out the window.
Telperion said:
The device software is rarely the vulnerability, it's the people using the device.
If your threat model is such that the ultimate question is "what can someone do with physical access to the device", you're dealing with zero day exploits that aren't publicly known and all of our feedback is out the window.
Click to expand...
Click to collapse
The op is gone. Not sure if she was trolling but this thread is over.
Sent from my Pixel 2 using XDA-Developers Legacy app
If I lose my phone or it gets stolen how secure is my pin protected data with an unlocked bootloader as opposed to a locked bootloader?
Pretty sure you have to wipe all to get rid of a pin, so I would say it is almost the same.
Connorsdad said:
If I lose my phone or it gets stolen how secure is my pin protected data with an unlocked bootloader as opposed to a locked bootloader?
Click to expand...
Click to collapse
There are two schools of thought on locked vs. unlocked bootloader security (both which I quote below) that I saw discussed a while back on the subject. It may not directly speak on pin protecting your data -- they discuss some on how your device is encrypted behind your pin so even if stolen, it should still be secure (enough) -- but at the very least there are ways around EFS so your device might still be of some use and/or, maybe given enough time you never know what can happen; which is discussed a bit in the quote & discussion (in the thread they do it in) below...
You could click on either posts (they are made in the same thread) to follow the discussion more (they go on for a bit, but not to too much more of a degree)...
96carboard said:
Everything will work perfectly with an unlocked bootloader. It will just give you an annoying warning screen briefly when powering on.
If you want to know about security risks, they're fairly small, and ONLY apply if your phone is handled physically by someone untrusted for an extended period of time, in which the only thing they could actually do is install a modified boot image. Under those circumstances, the device security has to be assumed compromised whether the bootloader is unlocked or not.
An unlocked bootloader will NOT allow a 3rd party to access data on the device, since it is encrypted and requires your security code to unlock.
Now, you can actually tell if they've rebooted the device, which they would HAVE to do in order to install a different boot image; the unlock screen (which they are NOT able to modify without resulting in boot failure) will tell you!
And I absolutely disagree that it is shortsighted to advise immediate unlocking. Nothing of real benefit comes from having a locked bootloader. Any sense of security you gain from it is smoke and mirrors. It can only be tampered with if someone has physical access, and if somebody has physical access, it has to be assumed compromised regardless of whether it is unlocked or not. If anything, your security is improved because it is now on your mind that it could potentially be tampered with, and you are reminded of it with the id10t warning every time it reboots.
Click to expand...
Click to collapse
bobby janow said:
Everything will not work perfectly. Let's be honest here. Look it up, some banking apps work mine doesn't. Pay will work one day and not the next. And if your bank finds out your account was hacked and your phone is unlocked and/or bypasses bank security protocols who will pay for the missing funds when they find out?
A missing device can be booted into a custom recovery and adb commands will be available to take everything on your device bypassing any security you have. With a locked bootloader that is not possible. So if you know your phone can be compromised you feel more secure? That is ludicrous and really doesn't make sense. I mean talk about smoke and mirrors.
Now that being said there are a lot of folks in your camp that say you're living a pipe dream if you think the phone is more easily hacked or info stolen. I understand that argument entirely and it's possibly correct to a certain degree. But to summarily say immediately unlock your bootloader if you don't plan on rooting because.. well just in case, is really disingenuous to a great many individuals. At the very least look up some articles on why to keep your bootloader locked, especially for someone that hasn't done it in some time, if ever. The beauty of Android is the possibility if you so desire. Just be conscience of the advice you give. Many years ago Chainfire said in his blog that if you have an unlocked bootloader and have financial apps on your device you're asking for trouble and you might want to rethink that. (not in so many words) That weekend I locked my bootloader and never looked back. I haven't missed anything.. well other than flashing MVK kernel for my 6a. ;-) But then I'd need root and that brings a host of other issues.
Click to expand...
Click to collapse