There have been lots of questions about KNOX like upgrading/rooting methods, warranty status etc etc on 4.3 and information is scattered over multiple forums (development, general and questions)
I am creating this thread to cover the following topics or at least to guide you to the right forum.
1) What is KNOX ?
2) How KNOX affect us ?
3) How do I verify if Warranty BIT on my phone has tripped ?
4) What trips the KNOX counter ?
5) Is it possible to reset the KNOX counter/Warranty Bit ?
6) KNOX counter has been tripped, now what ? What about warranty ?
7) How to root ?
8) Upgrade options for users on 4.1.2.
9) Thoughts
1) What is KNOX.
Samsung KNOX is a new security feature implemented in Samsung Phones.
You can get more information about KNOX here
2) How KNOX affects us ?
In the latest 4.3 update KNOX has implemeted a secure boot technology that prevents unauthorized boot loaders and kernels from being loaded during the startup process.
So, if you flash this bootloader via (OTA or PC ODIN) then you cannot flash older 4.1.x firmwares.
To further illustrate how this works, the “KNOX Warranty Void” bit (or simply KNOX bit) is used to detect if a non-KNOX kernel has been loaded on the device. It is a one-time programmable bit in e-fuse, which can only be turned from “0” to “1” (i.e. burned). If a non-KNOX boot loader or kernel has been put on the device, KNOX can no longer guarantee the security of the KNOX Container. As a result, this KNOX bit will be burned to “1”, indicating that this device can no longer use the KNOX Container service. There are two possible scenarios: first, a new KNOX Container can no longer be created on such a device; and second, the data encrypted and stored in an existing KNOX Container can no longer be retrieved. Everything else should work just as before.
Reference link
3) How do I verify if Warranty BIT on my phone has tripped ?
You can go in download mode (Home+Volume Down) then power,then on prompt press Volume UP.
If you see KNOX or Warranty Bit set to 0x1 that means the counter has tripped.
4) What trips the KNOX counter ?
Rooting, flashing custom ROMS and kernels trips this counter.
5) Is it possible to reset the KNOX counter/Warranty Bit ?
Not as of now, per Samsung it is impossible as this is a one way process but you never know someone might discover a way to reset it.
6) KNOX counter has been tripped, now what ? What about warranty ?
As of now you cannot revert back to 4.1.x firmwares if you do not like 4.3.
You may or may not have issues with your warranty, it all varies at different service centers.
For those who brought this phone at launch, its over a year and warranty as already expired.
There is an interesting thread here which covers this topic.
7) How to root ?
For those who updated via OTA:
Rooting via CF flashes the KNOX Warranty Counter, further information here
You can flash MrRobinson's (Rooted and KNOX free) ROM but a user reported that flashing this tripped his counter.
Switch to page: 45 and Post# 446.
Make sure you download the v2 ROM. http://www.androidfilehost.com/?fid=23252070760975435
There are few other methods but I do not know much about them so if anyone knows please feel free to post or let me know so I can add it to the OP.
8) Upgrade options for users on 4.1.2.
If you DO NOT CARE about KNOX or warranty just update however you like:
1) Via OTA, if system status is modified or if binary count is not 0: a) Flash Mrrobinsons root 66 b)Use triangle away to reset counter c) full unroot via super user d) factory reset, if this does not work then flash stock via odin after step c. Please note this method will only update to 4.3, you will have to root the phone if you want.
If you DO CARE about warranty status then you can try this method.
1) Flash MrRobinsons v2 ROM via mobile ODIN from here, original thread, Switch to page: 45 and Post# 446.
2) I was able to pack together a stock ROM which is rooted, debloated and includes the 4.1.2(UVMBD1)bootloader.
Link here.
Please note: Mobile Odin does not flash the bootloader, you will still have the updated 4.3 firmware but with an old bootloader, the idea here is to avoid the KNOX bootloader altogether.
WIFI does not work but there is a fix.
To fix WIFI you can either flash the Devil Kernel from here
or
You can flash this WIFI patch compiled by DrKetan. Page 21 post 204.
Special thanks to DrKetan for compiling this patch, MattLowry for working with him to get this done, MrRobinson for stock rooted and KNOX free ROM and DerTeufel1980 for Devil Kernel.
9) It will be awesome if there is a stock ROM with old bootloader, newer system/modem image, root injected, KNOX free and integrated with this wifi patch.
- I was able to pack such ROM but without wifi patch here.
Update: 02/05/2013
Downgrading of ROM's from 4.3 to 4.1.x is possible by flashing the ROM using mobile odin.
4.3 bootloader cannot be downgraded, the work-around is to flash 4.1.x ROMs excluding the older bootloader.
You will end up with a 4.1.x rom on a 4.3 bootloader.
Update: 02/10/2013
User esdwa reported that he successfully rooted his phone using Saferoot method described here.:
Rooting phone via this method does not trip the KNOX counter. Se posts 52 through 55.
Please note: These methods I have listed are the only ones which I know, there might be more options and if you let me know I can add it to the post.
Thank you so much man... my buddy accepted the OTA (without listening to me when I told him to wait) and has been hounding me to get JMX on his phone since it was released... your guide answers so much and provides adequate links... if I can buy you a beer let me know how
Sent from my SGH-T889 using xda app-developers app
Funny thing about Knox...
Lets say an employee isnt rooted or custom and has knox-provided accessvto company/enterprise material... how is that more safe than a person who roots/mods their phone with processes/roms that are provided through xda which monitors (these downloads/processes with advanced moderators/users) more frequently and just as fast as even microsoft can inhibit billions of porn site "foul play".
Honestly... if I invested in Knox for my company, would I feel more protected from a closet porn fanatic than someone who was intelligent enough to root and flash custom roms through proven methods?? Moreover, why flag the "flasher" and make his device "null", while allowing the "porn-surfer" continual access to my companies "sacred data"...
Nothing against porn surfing just my analogy of how foolish businesses are too buy into this... ultimately I think knox isnt just an enterprise security for any any company outside of samsungs own personal interest... they are probably receiving "knox flag" info from every phone "tripped" and will increase device pricing accordingly
Sent from my SGH-T889 using xda app-developers app
PhxDroid86 said:
Funny thing about Knox...
Lets say an employee isnt rooted or custom and has knox-provided accessvto company/enterprise material... how is that more safe than a person who roots/mods their phone with processes/roms that are provided through xda which monitors (these downloads/processes with advanced moderators/users) more frequently and just as fast as even microsoft can inhibit billions of porn site "foul play".
Honestly... if I invested in Knox for my company, would I feel more protected from a closet porn fanatic than someone who was intelligent enough to root and flash custom roms through proven methods?? Moreover, why flag the "flasher" and make his device "null", while allowing the "porn-surfer" continual access to my companies "sacred data"...
Nothing against porn surfing just my analogy of how foolish businesses are too buy into this... ultimately I think knox isnt just an enterprise security for any any company outside of samsungs own personal interest... they are probably receiving "knox flag" info from every phone "tripped" and will increase device pricing accordingly
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Because with Knox the access is limited. so let's say you have access to financial documents. In the Knox environment you can't copy it and send it to a competitor. Read the
Containers & App Wrapping section from the link in op. There's also protection from key logging apps, etc. To your porn addict analogy with Knox regardless of the morals of your employees they can't physically compromise any data.
Knox really is great for corporations and a brilliant move by Samsung to try and take some of the corporate market from apples locked up devices. The problem is carriers using it to deny warranty claims (which there seems to be mixed reports if they do or not) and most of us dunt need it
Sent from my SGH-T889 using xda app-developers app
kintwofan said:
Knox really is great for corporations and a brilliant move by Samsung to try and take some of the corporate market from apples locked up devices. The problem is carriers using it to deny warranty claims (which there seems to be mixed reports if they do or not) and most of us dunt need it
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
I think it's good for corporations who provide cell phones to their employees, this does not fit well in BYOD environment.
Samsung should have released an enterprise firmware altogether and the developers at each company can update/modify as per their policies.
On a funnier side: Whats next - Verifying the device status or KNOX via download mode at gates?
kintwofan said:
Because with Knox the access is limited. so let's say you have access to financial documents. In the Knox environment you can't copy it and send it to a competitor. Read the
Containers & App Wrapping section from the link in op. There's also protection from key logging apps, etc. To your porn addict analogy with Knox regardless of the morals of your employees they can't physically compromise any data.
Knox really is great for corporations and a brilliant move by Samsung to try and take some of the corporate market from apples locked up devices. The problem is carriers using it to deny warranty claims (which there seems to be mixed reports if they do or not) and most of us dunt need it
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
I think the point is for the BYOD system because they know your phone is untouched since Knox can't run if you've ever rooted your device. I would be all for enterprise firmware though.
Sent from my SGH-T889 using xda app-developers app
Doesnt root access on any device get exploited by "holes" that the device already has in place prior to any dev taking advantage of?.. yes by having Knox, a company can "potentially" know when they've "potentially" been compromised but those same holes are being exploited by "foul play" (whether that be porn sites or the like) and most of these exploits dont need root access established by the device holder in order to gain access... to single out the rooter is totally irrelevant
Sent from my SGH-T889 using xda app-developers app
PhxDroid86 said:
Doesnt root access on any device get exploited by "holes" that the device already has in place prior to any dev taking advantage of?.. yes by having Knox, a company can "potentially" know when they've "potentially" been compromised but those same holes are being exploited by "foul play" (whether that be porn sites or the like) and most of these exploits dont need root access established by the device holder in order to gain access... to single out the rooter is totally irrelevant
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
I think you're a little confused on what Knox is (and possibly a porn addict). Knox in its most simple definition is basically a dual boot in Android. It is it's own environment, separate from your other apps and only certain apps and programs can run within this Knox environment. The reason root is"singled out"is because your device is no longer secure and you could potentially gain unauthorized access to the Knox sector now. Yes there may still be potential to access information from Knox without being rooted, but it would be very difficult and your average person would have no idea how. There's a reason it is the only DOD approved mobile security system.
So basically Knox isnt just a number on your download screen that says if your phone is rooted.
By the way joking about the porn addict thing.
Sent from my SGH-T889 using xda app-developers app
kintwofan said:
I think the point is for the BYOD system because they know your phone is untouched since Knox can't run if you've ever rooted your device. I would be all for enterprise firmware though.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Yes, I do understand but again asking an employee to have his personal phone in compliance with company policy does not go well. Yes, you can have them not bring their phones if it's a requirement.
From security standpoint, it helps to save encrypted company data if phone is lost, maintain system integrity and detect tampered devices.
But pushing this type of update without informing the customers that there is no going back is not a good move.
This is a broad topic for discussion !
Sent from my SGH-T889 using xda app-developers app
ciphercodes said:
Yes, I do understand but again asking an employee to have his personal phone in compliance with company policy does not go well. Yes, you can have them not bring their phones if it's a requirement.
From security standpoint, it helps to save encrypted company data if phone is lost, maintain system integrity and detect tampered devices.
But pushing this type of update without informing the customers that there is no going back is not a good move.
This is a broad topic for discussion !
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Ya I didn't explain my point very good. I agree with you. Knox is designed for BYOD however it would make more sense for a corporation that requires that level of security to provide a phone to their employee, the they can put as much security on it as they deem necessary.
Sent from my SGH-T889 using xda app-developers app
kintwofan said:
Ya I didn't explain my point very good. I agree with you. Knox is designed for BYOD however it would make more sense for a corporation that requires that level of security to provide a phone to their employee, the they can put as much security on it as they deem necessary.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
It only makes sense (when talki mm g byod) if an employee has to turn their phone in at the end of the day (not exactly byod at that point)... when it comes to addicts (whether that be porn or anything else) the bottom line falls on integrity, not encryption... for a company to trust an employee to do things with their device (beyond their control) is a matter of integrity. Encryption is irrelevant. My dad is a senior IT manager for one of the 5th largest cities, by brother in law is an IT manager for one of that cities najor metropolis's and I have many friends capable of programming things in manners not in accordance with benefiting the whole as a group... I know both sides of the equation... what doesnt add up is samsungs "Knox" being out to to protect anything outside of its own personal interest
Sent from my SGH-T889 using xda app-developers app
Couldn't agree more.
Naddict please come on in and shut this 4.3 thread down,remember you need to keep it all in one place
Macklessdaddy said:
Naddict please come on in and shut this 4.3 thread down,remember you need to keep it all in one place
Click to expand...
Click to collapse
I apologize for things getting off topic but for the op to provide so much perspective regaurding the early stages of the 4.3 update is more important than "consolidating" threads
Sent from my SGH-T889 using xda app-developers app
PhxDroid86 said:
I apologize for things getting off topic but for the op to provide so much perspective regaurding the early stages of the 4.3 update is more important than "consolidating" threads
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
No bro I was just messing with the super powerful mod who keeps shutting down any thread that has to do with 4.3
dude is merging every damn thread in sight
Im so ready to just root and flash a custom rom on my buddies OTA'd rom but im seriously hoping that Mr. R or Matt L. Can cimetgrough in the clutch to save us all from knox being tripped while engaging in the root process... reseting it is one thing but if we dont have to reset it than that would be ideal... patience is such q virtue at this point
Sent from my SGH-T889 using xda app-developers app
Since this is about Knox -- it includes SE Android as part of it which is from SE Linux --- The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency. With what the NSA has been caught doing recently.... anybody looked at the basecode for their backdoor which is probably in there?
I tripped my know already.
Cab i go back 4.1.2?
Sent from my SGH-T889 using xda app-developers app
Mynameisbruce said:
I tripped my know already.
Cab i go back 4.1.2?
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
No.
Sent from my GT-N7105 using xda app-developers app
From my understanding you can go back to 4.1.2
I saw someone post the instructions in the Galaxy Note 2 community on Google+
Related
I rooted my GN2 the day I bought it but now with OTA update rolling out I have to unroot. Wonder why I rooted in the first place...
The only good thing about rooting so far is being able to remove bloatware (flipboard, etc.). What are other benefits? No wireless tether yet (and I'm sure there will be a non-root solution to this coming), no access to google wallet, tweaking CPU or other settings is not really a concern since phone is so snappy with stock rom unrooted. I don't think the benefits of rooting justify the hassle and disadvantages (such as not being able to receive OTA update) of rooting.
What do you think?
For the fun of tinkering?
Sent from my SPH-L900 using xda premium
mrcrptguy said:
For the fun of tinkering?
Sent from my SPH-L900 using xda premium
Click to expand...
Click to collapse
This.........
And knowing you can restore from backup if something goes wrong. Everyone has their own reasons for root. But just knowing if you want to tinker around with your device, you can.
kg1128 said:
I rooted my GN2 the day I bought it but now with OTA update rolling out I have to unroot. Wonder why I rooted in the first place...
The only good thing about rooting so far is being able to remove bloatware (flipboard, etc.). What are other benefits? No wireless tether yet (and I'm sure there will be a non-root solution to this coming), no access to google wallet, tweaking CPU or other settings is not really a concern since phone is so snappy with stock rom unrooted. I don't think the benefits of rooting justify the hassle and disadvantages (such as not being able to receive OTA update) of rooting.
What do you think?
Click to expand...
Click to collapse
You can be rooted and still receive the OTA update. As long as you dont remove any system apps or install a custom recovery you are good to go! If you would like to keep root during OTA you can enable SuperSU survival mode also.
mrcrptguy said:
For the fun of tinkering?
Sent from my SPH-L900 using xda premium
Click to expand...
Click to collapse
If your asking yourself why root then why did you choose to root? Root is awesome for people who love to play around with their devices and make changes to them to fit their needs. If you think the device is awesome the way it is then the only reason to root would probably be for backing up your apps.
To proper answer this question. "So why root?". Because we want to. Not everyone shares our joy of rooting but this is XDA and most of what we do here revolves around having a rooted device.
If u dont want to root then the question should be why android ? U like being limited to what the company gives u dont u ?
Sent from my GT-I9300 using xda premium
With rooting you can customize your device as you like
Sent from my LG-P500 using xda premium
kg1128 said:
I rooted my GN2 the day I bought it but now with OTA update rolling out I have to unroot. Wonder why I rooted in the first place...
The only good thing about rooting so far is being able to remove bloatware (flipboard, etc.). What are other benefits? No wireless tether yet (and I'm sure there will be a non-root solution to this coming), no access to google wallet, tweaking CPU or other settings is not really a concern since phone is so snappy with stock rom unrooted. I don't think the benefits of rooting justify the hassle and disadvantages (such as not being able to receive OTA update) of rooting.
What do you think?
Click to expand...
Click to collapse
There is a laundry list of benefits to rooting your device, too many to list here, but the main reason IMO is so you can make your device YOUR own!
Eventually the DEVs will have the OTA built into their ROMS and tweeks. You also benefit from adding the BEST features and tweeks that often are not included in Stock builds, or are actually screwed up by Stock builds and updates. You can also just root your device and stay mostly stock, then add features, mods, and tweeks at your liking.
So, for me, its all about having options and being able to set up the device how I like it best. I think you'll find most people on here feel the same way. For me, I don't even activate a device unless its rooted first... Not rooting is kind of like having a Sports car and not being able to do any mods to it,- no air cleaners, no wheels, no gauges, no upgrades, just having to leave it the way you bought isn't ANY fun!
Thanks to all the people who work hard to make the good stuff happen!
ROOT IT :good:
It's not that complicated to un root and takes 60 seconds. ..
Full App+Data backup/restore and tethering.
---------- Post added at 10:48 AM ---------- Previous post was at 10:46 AM ----------
BigJPNut said:
You can be rooted and still receive the OTA update. As long as you dont remove any system apps or install a custom recovery you are good to go! If you would like to keep root during OTA you can enable SuperSU survival mode also.
Click to expand...
Click to collapse
That's not been my experience with my GS3. I've attempted to install the few OTA's that have come for the phone and while you can hit the Install now button, it fails to actually install it. Only once I unrooted did it actually complete.
I root cause its there.
Actually, its for the Ad Block and Titanium Backup and then Tether whenever that comes along.
I did it so I could meet and date supermodels
to get rid of ads, I also plan on putting the perseus kernal on it so I can charge my phone with a car charger. and as everyone else stated, to be able to make it how I like it.
Sent from my Ubuntu Note II
epicnoob66 said:
Sent from my Ubuntu Note II
Click to expand...
Click to collapse
In 8bit color?
kg1128 said:
I rooted my GN2 the day I bought it but now with OTA update rolling out I have to unroot. Wonder why I rooted in the first place...
The only good thing about rooting so far is being able to remove bloatware (flipboard, etc.). What are other benefits? No wireless tether yet (and I'm sure there will be a non-root solution to this coming), no access to google wallet, tweaking CPU or other settings is not really a concern since phone is so snappy with stock rom unrooted. I don't think the benefits of rooting justify the hassle and disadvantages (such as not being able to receive OTA update) of rooting.
What do you think?
Click to expand...
Click to collapse
Its still a relatively new device and dev support hasn't REALLY taken off yet IMO. Go look at the S3 forum for example and there are threads all over the place with ROMs, kernels and MODs.
Please go to POST 56 for updated information. I will update the OP over the weekend. Thanks!
As many of you already know, with our recent official Jelly Bean release came a new, updated flash counter. With ICS we were able to either just root via the root66 method and not trip the counter, or we could just use Chainfire's Triangle Away app to reset it. This is no longer the case. Now, with JB, unless our firmware meets a very strict set of conditions, it will trip the counter every time you reboot the device. If you simply just flash the root66 firmware, and do nothing else beyond that, you will not raise your count. But then, whats the point of rooting???
DON'T PANIC!
We can still zero it out for Warranty returns! The biggest issues arise when you want to utilize certain apps and/or services such as All Share Cast, Media Hub and other Samsung apps. For example, if you have purchased the $100 equipment, the All Share Cast Hub, it will not work! Additionally, DRM protected content may not play anymore. (Probably just applies to DRM protected media you got from Samsung, but this needs verification). For example, if you got to download the Avengers a couple of months ago, it will not play, even though it is perfectly legal to do so!
So are we able to get around this? Yes and No, for the moment. There are at least 2 separate detections going on. One is done post-boot, using the SysScope app. If you remove this from /system/app/ you will be able to install a custom recovery, and probably also a kernel and another modem without tripping the counter! I have yet to see any negative side effects from removing this app, so until I find more info proving otherwise, I suggest backing it up and deleting it. Hopefully Chainfire will decide to update Triangle Away to counter the updated detection. He may not though. Please read what he has to say about it here.
This does not solve the whole problem though. There is still another method Samsung coded in to detect if your system has been modified. I am not sure yet what is responsible fot this. But if you were to simply deodex your rom, it will begin tripping the counter at boot again! (It may not be the deodexing that is trigging it though, I believe it is also scanning for any processes that are running with root privledges that should not be there, and it may also have to do with busybox). Either way, if you are running pretty much any kind of custom rom, it will retrip the counter at bootup. This method is different in that it happens during boot, not after, and it does not look at recovery, and probably not at kernel or modem either. It appears to look specifically at the system partition for anything not stock. I am trying to narrow this down.
Because the other 2nd part seems to happen during bootup, I think that Chainfire's paid version may be able to help here. If you purchase it on the Play Store, it will have enabled the ability to Auto run at boot. Since SysScope is now removed, I dont think any detections are running post-boot anymore, meaning Auto run from Triangle Away should work. I do not have the paid version to test with right now. But I will try and test this soon.
I am fairly certain that the rest of the detection process is running either from the kernel, or from a completely separate partition. It is going to require quite a few flashes and test to narrow it down for sure. So if you guys will report your experiences with it, particularly on different kernels, I would be greatly appreciative.
As I find and/or remember more about this, I will update it here. If anyone has any other information about this, please do post it here! Any help, tips, info, etc that you can provide can be very helpful!
I hope this all made sense to you guys! I will go back and clarify some stuff a little later, but Ive got a 6 year old kid going stir crazy waiting on me to be done with this! I wanted to go ahead and get something up though to get the conversation started! I will also post some links to some information later on.
In the meantime, you can Odin back to ICS build UVALJ4, and then flash your roms from there...yes even the JB ones! I hate saying that after suggesting to Odin flash the JB update, but if you have anything not working because of this, it may be your best option temporarily.
Otherwise, delete SysScope from /system/app! And keep Triangle Away handy!
I will continue doing a lot of testing and trying to investigate this problem. But I do appreciate any help that you guys can give!
Hopefully, with a little luck we can figure this out! :highfive:
I think that pretty much covers it...
I know that if you triangle away, and reboot to download mode, the counter's zero... if you boot into recovery and then boot into download mode the counter's still zero...
It gets triggered when you boot into the actual rom... I wonder if you odin to JB... then actually flash down to an ICS rom, does the counter get reset on boot?
scifan said:
I think that pretty much covers it...
I know that if you triangle away, and reboot to download mode, the counter's zero... if you boot into recovery and then boot into download mode the counter's still zero...
It gets triggered when you boot into the actual rom... I wonder if you odin to JB... then actually flash down to an ICS rom, does the counter get reset on boot?
Click to expand...
Click to collapse
That's SysScope running after booting up. Flashing an ics rom over a fully updated JB will most likely also trip the counter due to the 2nd part of the device check which runs during boot. Worth trying though.
Sent from my SGH-T999 using xda app-developers app
Also need to find out if its the deodexing that triggers it, or something like busybox.
Sent from my SGH-T999 using xda app-developers app
Good info. And nice write up so your saying if we odin root66 ics we are ok to say flash gs3r7.zip to jb and the new custom rom detection wont be present?
Sent from my SGH-T999 using xda app-developers app
There's also a manual way I used to reset, back when my touchscreen died (and therefore could not even use TriangleAway) that we should 'throw into the mix' and test against JB...lemme see if I can dig up that thread...
Okay, here was the progenitor post, that may give clues if the old (ICS) way no longer works:
http://forum.xda-developers.com/showpost.php?p=28953690&postcount=67
and the resultant manual method, which I verified worked on TMO (ICS):
http://forum.xda-developers.com/showthread.php?t=1781471
1Shotwonder said:
Good info. And nice write up so your saying if we odin root66 ics we are ok to say flash gs3r7.zip to jb and the new custom rom detection wont be present?
Sent from my SGH-T999 using xda app-developers app
Click to expand...
Click to collapse
Thanks!
Yes that is correct. I cannot guarantee you wont have any other bugs. Doing it this way you are essentially running half ics half jb. If you have no need of samsung services like media hub or all share cast, id go full jb. Otherwise id go with the ics UVALJ4 firmware and a jb rom.
wideasleep1 said:
There's also a manual way I used to reset, back when my touchscreen died (and therefore could not even use TriangleAway) that we should 'throw into the mix' and test against JB...lemme see if I can dig up that thread...
Click to expand...
Click to collapse
That would be great! Thanks!
Sent from my SGH-T999 using xda app-developers app
Good job Doc... :thumbup::thumbup::thumbup:
Sent from my SGH-T999 using Tapatalk 2
Doc, I'd be more than happy to help out with this. Just shoot me a PM about where you are heading and I can see what I can do. I'm not adverse to getting in deep, so that is a non-issue.
My initial thoughts are to take a pretty simple approach and, for lack of a better few words, do a side-by-side of the new JB and the recent leaks and see what is different. Obviously it is a bit harder than than but we could breakdown the /system/apps, then move on the each partition scheme and see what the differences are and why they are different. Then start crossing off things like apps, 2boot check, something buried in on of the other partitions, ....
Really Samsung? God this crap is really starting to piss me off. Love how manufacturers don't want be enjoying my device.
On a more positive note, can't Samsung deny claims for just the CPU?
Sent from my SGH-T999 using Tapatalk 2
only thing that bothers me is the avengers movie not playing in any of the players on the GS3R7 rom. ( I have tried to reset the counter and still does not play the movie... any ideas? It does work on stock jb root66 though). Other than that I dont use any other samsung apps. The other issue I have come across is with Root Explorer when trying to modify the build.prop for GW I can edit the build.prop but it will not save the changes I believe this to be an issue with the sdcard now being sdcard0 but I am not 100% any one have a way around this or know the fix?
wideasleep1 said:
There's also a manual way I used to reset, back when my touchscreen died (and therefore could not even use TriangleAway) that we should 'throw into the mix' and test against JB...lemme see if I can dig up that thread...
Okay, here was the progenitor post, that may give clues if the old (ICS) way no longer works:
http://forum.xda-developers.com/showpost.php?p=28953690&postcount=67
and the resultant manual method, which I verified worked on TMO (ICS):
http://forum.xda-developers.com/showthread.php?t=1781471
Click to expand...
Click to collapse
Thanks for looking those back up. Ill be checking them out later on today.
Woodrube said:
Doc, I'd be more than happy to help out with this. Just shoot me a PM about where you are heading and I can see what I can do. I'm not adverse to getting in deep, so that is a non-issue.
My initial thoughts are to take a pretty simple approach and, for lack of a better few words, do a side-by-side of the new JB and the recent leaks and see what is different. Obviously it is a bit harder than than but we could breakdown the /system/apps, then move on the each partition scheme and see what the differences are and why they are different. Then start crossing off things like apps, 2boot check, something buried in on of the other partitions, ....
Click to expand...
Click to collapse
sounds good man! Kinda have a feeling ill be needing help on this one! Ill shoot you a pm later on. Gotta get going for now, but wanted to respond real quick.
1Shotwonder said:
only thing that bothers me is the avengers movie not playing in any of the players on the GS3R7 rom. ( I have tried to reset the counter and still does not play the movie... any ideas? It does work on stock jb root66 though). Other than that I dont use any other samsung apps. The other issue I have come across is with Root Explorer when trying to modify the build.prop for GW I can edit the build.prop but it will not save the changes I believe this to be an issue with the sdcard now being sdcard0 but I am not 100% any one have a way around this or know the fix?
Click to expand...
Click to collapse
Its another thing I've got to figure out. If its just breaking Samsung related/downloaded stuff, or is it screwing with DRM altogether.
As to your other issue, wallets included with jb now so I assumed it wouldn't require a 'fix'. But it sounds more like a superuser problem with root explorer. Download chainfires cwm supersu from his thread and flash it. See if that helps. Not going to be related to this stuff though.
Sent from my SGH-T999 using xda app-developers app
Does reverting back to ics roll back the flash counter? I am really liking JB TW maybe time for a change lol
Sent from my SGH-T999 using xda premium
Unfortunately I doesn't work that way. Would be sweet if it did, then all we'd have to do is roll back and we'd be good. Plus we could figure out the trigger and remedy it.
md1008 said:
Does reverting back to ics roll back the flash counter? I am really liking JB TW maybe time for a change lol
Sent from my SGH-T999 using xda premium
Click to expand...
Click to collapse
If I'm not mistaken, you should be able to revert to ICS then use triangleaway and your counter will stay at 0.
Sent from my SGH-T999 using Tapatalk 2
Woodrube said:
Unfortunately I doesn't work that way. Would be sweet if it did, then all we'd have to do is roll back and we'd be good. Plus we could figure out the trigger and remedy it.
Click to expand...
Click to collapse
Triangle away, boot to recovery, then flash ICS on your phone...
Well my counter is stuck at 1 lol
What exactly trips the counter? I've seen multiple answers for the question but I figured ide ask here since there are so many knowledgeable people here
Sent from my SGH-T999 using xda premium
So ive been reading this and from what i can gather, it seems that samsung (or T-Mobile) placed a new apk file into the system directory (or maybe a lib file?) and that if you root your device, every time you reboot your phone, it will +1 to the flash counter?
Has anyone asked any ATT, Sprint or Verizon users if their flash counter goes up with root after each reboot as well? If it doesnt, we could probably do a system file comparison between the two to isolate the file(s) which are causing the incremental flash counter at boot.
That's what I was saying earlier about comparing official and leak and seeing the differences. Sprint is the only one that has had official so not sure if that would work for us. Think we need to differentiate between Samsung and TMo and see where the "fault" lies.
Woodrube said:
That's what I was saying earlier about comparing official and leak and seeing the differences. Sprint is the only one that has had official so not sure if that would work for us. Think we need to differentiate between Samsung and TMo and see where the "fault" lies.
Click to expand...
Click to collapse
That sounds like a good idea. I'll download one of the leaks and see if anything is obvious. It may also be a new line of code inside an apk or lib file as well. Making things a bit more difficult. As im comparing them i will check the size of each APK as well as if new code is added to them it should increase the size of the compiled apk. And i have my computer set up to show individual bytes of data.
Nice article to read.. Just thought I would share.. MODS PLEASE DELETE IN CASE THIS IS A DUPLICATE.
http://news.yahoo.com/theres-zombie-security-flaw-almost-every-android-phone-013019842.html
There's a Zombie-like Security Flaw in Almost Every Android Phone
LikeDislike
Abby Ohlheiser 56 minutes ago
Technology & Electronics
.
View gallery
There's a Zombie-like Security Flaw in Almost Every Android Phone
Almost every Android phone has a big, gaping security weakness, according to the security startup who discovered the vulnerability. Essentially, according to BlueBox, almost every Android phone made in the past four years (or, since Android "Donut," version 1.6) is just a few steps away from becoming a virtual George Romero film, thanks to a weakness that can "turn any legitimate application into a malicious Trojan."
While news of a security vulnerability in Android might not exactly be surprising to users, the scope of the vulnerability does give one pause: "99 percent" of Android mobiles, or just under 900 million phones, are potentially vulnerable, according to the company. All hackers have to do to get in is modify an existing, legitimate app, which they're apparently able to do without breaking the application's security signature. Then, distribute the app and convince users to install it.
Google, who hasn't commented on the vulnerability yet, has known about the weakness since February, and they've already patched the Samsung Galaxy S4, according to CIO. And they've also made it impossible for the malicious apps to to install through Google Play. But the evil apps could still get onto a device via email, a third-party store, or basically any website. Here's the worst-case scenario for exploitation of the vulnerability, or what could potentially happen to an infected phone accessed via an application developed by a device manufacturer, which generally come with elevated access, according to BlueBox:
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
The company recommends users of basically every Android phone double check the source of any apps they install, keep their devices updated, and take their own precautions to protect their data. But as TechCrunch notes, Android users really should be doing this anyway, as the devices tend to come with a " general low-level risk" from malware. That risk, however, is elevated for users who venture outside of the Google Play store for their apps.
So while the actual impact of the vulnerability is not known, neither is the timeline for fixing it. Manufacturers will have to release their own patches for the problem in order to fix it, something that happens notoriously slowly among Android devices.
I was under the impression that the very latest android is not vulnerable (4.2.2). Is this true of CyanogenMod?
Sent from my SGH-T999 using xda app-developers app
It says almost everything since 1.6 is vulnerable. It also says its up to the device manufacturers to patch the vulnerability. So 4.2.2 is just as vulnerable. My guess is aosp will be patched in 4.3.
So unless the CM team already knew about this, and have already solved it, it'll be at risk. And I doubt they would have. Pretty sure they'd make it public if they did.
@op Thanks for posting! Hopefully this'll wake some golks up and they'll stop installing anything they find. This could be one helluva strike against software pirates too! Obviously one of the easiest way to infect someone is if they use pirated root capable apps.
Be aware too though, a simple themed system app could just as easily do this. I'd say that untill we know more, be cautious with any themed or modded system apps, even those you find here on xda. (Of course if they are from our RD/RC/RT's, or from reputable sources such as Wicked (Deviant Development) you're most likely ok) But watch for stuff released by people with brand new accounts.
Hopefully we will know more soon. And more hopeful that the oatch will be simple as in the past. (Dont remember the name right now but one was patched by an empty file with no permissions.)
Sent from my SGH-T999 using xda premium
And yet for all these years I don't have any problem of somebody broke my house. I would take this with reserve and as scare tactic. Of course there always be some hacks, even pentagon is prone and vulnerable to cyber attacks, just keep your private stuff private.
Sent from my SGH-T999 using xda app-developers app
vulnerabilities
dito33 said:
And yet for all these years I don't have any problem of somebody broke my house. I would take this with reserve and as scare tactic. Of course there always be some hacks, even pentagon is prone and vulnerable to cyber attacks, just keep your private stuff private.
Sent from my SGH-T999 using xda app-developers app
Click to expand...
Click to collapse
Don't panic or get scared just be aware. These days mass hysteria can be easily created by the mass media. Ahhhh!!!! My android phone turned my family and friends in ANDROID ZOMBIES.
Mass hysteria and mass hypnosis are spreading across North America like unstoppable waves of hypnosis. The concepts of vulnerability and media go hand and foot. But I find it to be crap .. Who care ?? It a phone not your person safe.. If you dont want it seen dont keep it or type it on you phone. Android is not the only phone there are exposed security holes in Apple products such as the iPhone which allowed applications to connect to remote computers and transfer personal data. It is extremely difficult to defend against unknown vulnerabilities. Especially if we choose to believe everything the media and the masses say.
LOL dont worry about it ...you should be worried about the app that unlocks your brain vulnerabilities and takes over your MIND....:good::good:
Common Sense is the best defense!
Sent from my SGH-T999 using xda premium
They have been talking about this a little on twit.tv , it's mostly a worry only if you side load apps you don't get from the play store. They are said to reveal the vulnerability at the next black hat convention.
Sent from my SGH-T999 using xda app-developers app
Trevorlay said:
They have been talking about this a little on twit.tv , it's mostly a worry only if you side load apps you don't get from the play store. They are said to reveal the vulnerability at the next black hat convention.
Sent from my SGH-T999 using xda app-developers app
Click to expand...
Click to collapse
Not mostly. You are only vulnerable if you side load. Google runs verification on apps before they are uploaded to play to ensure they don't have malicious behavior or request undocumented permissions.
With that said, just be careful what you download, as always. The best virus protection is common sense.
Sent from my SGH-T999 using xda premium
Maybe apple paid the person to write the article lol
Sent from my EVO using xda premium
Adreaver said:
Not mostly. You are only vulnerable if you side load. Google runs verification on apps before they are uploaded to play to ensure they don't have malicious behavior or request undocumented permissions.
With that said, just be careful what you download, as always. The best virus protection is common sense.
Sent from my SGH-T999 using xda premium
Click to expand...
Click to collapse
It's not fool proof. There have been several instances where malicious apps made it onto the play store. Just cause it's there doesn't make it safe.
Sent from my SGH-T999V using xda premium
Is anti-virus app can detect the zombie?
Sent from my SGH-T999 using xda premium
Didn't the article say? I don't think there is. It's been a while since I read it but I thought it touched on that.
Sent from my SGH-T999V using xda premium
I am sick of the laggy, crappy stock T-Mobile 4.1.2 ROM and would like to install something faster, smoother and better like Wicked ROM.
My employer mandates that no rooted phones can be used if they are used to access corporate network - and they are a global company that are experts in intrusion detection etc. so they can probably detect a phone that is not compliant.
Is there any way to remove root/ensure the boot loader is locked after installing a custom ROM to ensure compliance?
Thanks.
Globespy said:
I am sick of the laggy, crappy stock T-Mobile 4.1.2 ROM and would like to install something faster, smoother and better like Wicked ROM.
My employer mandates that no rooted phones can be used if they are used to access corporate network - and they are a global company that are experts in intrusion detection etc. so they can probably detect a phone that is not compliant.
Is there any way to remove root/ensure the boot loader is locked after installing a custom ROM to ensure compliance?
Thanks.
Click to expand...
Click to collapse
The bootloader on this phone is not locked.
You can unroot with SuperSU or a billion other apps from the store. But you will cripple Wicked if you unroot it. Maybe stock rooted (debloat it yourself, then unroot it) would be the appropriate choice for you.
Aerowinder said:
The bootloader on this phone is not locked.
You can unroot with SuperSU or a billion other apps from the store. But you will cripple Wicked if you unroot it. Maybe stock rooted (debloat it yourself, then unroot it) would be the appropriate choice for you.
Click to expand...
Click to collapse
Thanks for the reply. Any recommendations for a good stock ROM that's a better option than the chunk of turd from T-Mobile?
Globespy said:
Thanks for the reply. Any recommendations for a good stock ROM that's a better option than the chunk of turd from T-Mobile?
Click to expand...
Click to collapse
1: without physically having the phone, there is no way for your IT department to know if you're rooted. If the carrier that provides voice and data service can't differentiate a rooted phone from a not rooted phone, I very much doubt that the it department of your company can.
2: using the rooted stock ROM, then debloating it (better known as removing the tmo crapware), then unrooting, is the best option. Most custom ROMs rely on root access for the customizations they make to the framework, system apps, etc. Stock ROMs do not.
Sent from my T999L on PACman
I am one who believes the carrier and/or manufacturer are able to tell if you're rooted. Or they have the ability to anyway. Things such as sysscope make this possible. And if they can check your imei they can check more, if they want to. Lots of info gets sent back to google, sammy, T-Mobile, etc via check-ins and such.
Sent from my SGH-T999 using xda premium
DocHoliday77 said:
I am one who believes the carrier and/or manufacturer are able to tell if you're rooted. Or they have the ability to anyway. Things such as sysscope make this possible. And if they can check your imei they can check more, if they want to. Lots of info gets sent back to google, sammy, T-Mobile, etc via check-ins and such.
Sent from my SGH-T999 using xda premium
Click to expand...
Click to collapse
This was my thinking, and the company that I work for is one of 5 on the planet that does what they do - they essentially provide the entire physical backbone that allows companies like Microsoft, IBM, major banks etc actually HAVE internet. I'm certain they know exactly what's going in the network and have an array of tools designed to ensure full security.
I think the stock ROM, debloated and then root removed is best. I don't mind twiz, would just like my phone to run smoother.
I heard the sgs3 will get 4.3 but lord only knows how long it will take T-Mobile to release it, if ever!
Thanks.
I work for tmobile & im not from store. And theres no tool other than a physical inspection in store to tell if the device is rooted.
Even the so cal updates comes directly from manufacture they just have the provider crap the provider request.
I can see who you call, and who call you & for how long. Not hear the call. Text same **** we have no acess to the content. As far as what in your phone thats for you to know and for carriers & your company to find out.
Theres a lot of myths...now theres a few selectec engineers that will have access to the cells & repeater or the switch and if they want to they can see info. But they are not suppose to its against federal laws.
Sent from my LG-E980 using xda app-developers app
hi
last month i flashed twrp and a custom ROM
today i flashed a original firmware [stock] and Samsung pass and know not working..
it say : your device has been rooted. Samsung pass cannot be used on rooted devices for security reasons
Please help me to solve problem
sorry for my bad english language
I think it's because Knox has been tripped. This means you cannot use apps like Samsung pay and Samsung pass. There is no way to get around this that I am aware of. However I'm am not to experienced and could be wrong.
Sent from my SM-A520F using XDA Labs
NickFreeruns said:
I think it's because Knox has been tripped. This means you cannot use apps like Samsung pay and Samsung pass. There is no way to get around this that I am aware of. However I'm am not to experienced and could be wrong.
Click to expand...
Click to collapse
Yeah, that's exactly what happened. On these new phones there is NO possible way to reset knox. On the older Samsung phones you could, but Samsung keeps tightening their grip on developers.
Sent from my SM-A520W using XDA Labs
Knox is tripped (unintentionally) on my phone, so I use Google Pay instead of Samsung Pay, and Google Fit instead of S-Health. Most non-Samsung apps don't care about knox.
ryebuck said:
Knox is tripped (unintentionally) on my phone, so I use Google Pay instead of Samsung Pay, and Google Fit instead of S-Health. Most non-Samsung apps don't care about knox.
Click to expand...
Click to collapse
Ya knox is mostly useless, in my opinion.
Sent from my SM-A520W using XDA Labs
To run Samsung Health on a rooted device:
edit /system/build.prop
change:
ro.config.tima=1
to
ro.config.tima=0
reboot
But I could not find a way to make Samsung Pass work or login to mobile banking applications (like Revolut) using the fingerprint.