Because it's not very clear even after reading many xda Thread, and users have many problems withknox I deciced to gather informations about Knox.
1 :What is Knox?: http://omegadroid.co/wanted-knox-void-warranty-0x1/
All you wanted to know about KNOX Void Warranty 0×1
By tamirda • October 9, 2013
Screenshot_2013-02-25_11_35_AM
Recently, Samsung announced that her all new devices will get an Android 4.3 update that includes KNOX Security system. According to Samsung, these devices will get the update:
Samsung Galaxy S3
Samsyng Galaxy Note II
Samsung Galaxy S4
Samsung Galaxy Note 3 (already has KNOX Security system)
Most of the users don’t root their devices and use it normally and for them KNOX Security system is a great option.
But what happanes if we want to root our device?
Now the problem begins.
Normal(unrooted and so..) devices are flaged as KNOX Void Warranty 0×0 right from the factory.
When we flash items which weren’t signed by Samsung, it flags your device as KNOX Void Warranty 0×1.
According to Chainfire, KNOX status is indeed an eFuse. This means that even JTAG can not reset the KNOX status back to 0×0.
Some facts about KNOX status:
It isn’t possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0×1) (even though some people state, downgrade is possible when omitting the bootloader file in a firmware package). By downgrading from KNOX-enabled to KNOX-disabled firmware, your devices will be locked to installation of newer firmwares.
Let’s focus on that fact. As we mentioned above, Devices like S4, S3 and Note II which came without KNOX will get the KNOX system.For example, S4 I9505 got about a month ago 4.2.2 update that includes KNOX-enabled system(MH1). If you try to downgrade to KNOX-disabled system(MGA for example) your device will be flaged as KNOX Void Warranty 0×1 and will get a special lock – you won’t be able to update to any KNOX-enabled firmware even by ODIN. Samsung’s 4.3 update is KNOX-enabled, so if you tried to downgrade to KNOX-disabled firmware(for example MH8->MGA), you won’t be able to install 4.3 update.
This problem is only for devices which didn’t come with KNOX-enabled system from the factory(S4, S3 and Note 2)
Jeffery Butler confirmed this information:
FYI…Samsung told me that Knox warranty becomes 0×1(void) when the device with secured bootloader attempts to have non-secured bootloader. MH1 is the very first binary with secured bootloader. If MH1 is attempted to be downgraded to lower version(i.e. MGD) which has non-secured bootloader, then Knox warranty becomes void forever, and this means that the device can be used only for non-Knox device(no container can be created).
If you try to downgrade to KNOX-disabled firmware, you can’t install any new firmaware(that includes KNOX-enabled system) and use your device only with the old firmwares.
Even if you flash a KNOX-enabled firmware via odin (e.g. the latest fw) knox will be set to 0×1.
Flashing unsigned or modified images via odin will set knox to 0×1.
According to these two, flashing root/kernel/recovery/latest firmware by samsung/etc. will set KNOX status to 0×1.
Samsung stated, resetting the flag is impossible.
Chainfire confirmed that it is impossible to reset the flag.
KNOX is mandatory and can not be completely removed.
In custom roms we can remove KNOX apps, but the status remains 0×1.
Warranty Void is not a counter, it is a flag (0,1). We have never seen 0×2 or so.
Mirroring all partitions from a clean 0×0-Device to a 0×1-Device via JTAG produces an unfunctional device (reversible by restoring the 0×1 partitions on the phone).
Using JTAG or other repair tools to reset the flag is impossible.
KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty.
Again, if we flash kernel/recovery/etc. we will void the warranty.
This si how 0×1 looks like:
2rn7beq.jpg
This is how 0×0 looks like:
attachment.php
I guess you are asking yourself now, what the hell 0×1 means?
If your device is flageed as 0×1. you should forget about your warranty.
Chainfire and other people confirmed that your can’t use your warranty:
Worse than that, I’ve also been hearing that service center instructions are indeed that devices with this status tripped will not receive any warranty repairs. (Of course, the action they take may still depend on the service center). Their excuse is that the hardware is damaged by the owner. Seems Samsung is catching up in scumbaggery to HTC, who years ago attributed my HTC Diamond’s screen damage (digitizer detached) to the installation of HSPL
To anyone in the know it is obvious that this doesn’t really fly, and the eFuse blowing (is this the hardware damage?) is intentionally done by the bootloader when unsigned software is loaded.
If you want to read the whole Chainfire’s statement, click here.
What is eFUSE? it’s a technology that allows reprogramming a read-only memory chip in real-time, even though such chips come with hard-coded code that cannot be generally changed after manufacturing.
When flashing unofficial software on the device, the status of the system and KNOX is switched to CUSTOM while increasing a binary flash counter, which helps Samsung find out whether the device has been tampered with. However, while Chainfire’s TriangleAway app has let users switch the status back to official and reset the flash counter until now, the KNOX status is based on eFUSE – basically, once you flash custom kernels or root the Note 3, the KNOX code gets rewritten, and this constitutes hardware damage.
Well, all I can say is think twice before you play with your Samsung device. If you don’t care about warranty, and you like custom roms and cool stuff just be aware of this information and continue with what you are doing.
Rajaasim1980 said:
KNOX is a new security system in official update of Android 4.3
on Samsung devices which prevents access to multiple applications when rooting your device and prevents the flash counter being reset to 0
Click to expand...
Click to collapse
theq86 said:
As you may already know, the latest Samsung firmwares came with a new secured bootloader. You can recognize it in download mode easily. It states: Knox warranty void: 0x0 or 0x1.
As for now, there is no way to reset that flag from 0x1 to 0x0.
Then I read in a comment of Chainfires post concerning that flag, that as long as you do not try to downgrade to a non secured bootloader, this flag will not change. He claims to have that information directly from Samsung.
https://plus.google.com/u/0/+Chainfire/posts
Has anyone already experience with rooting an "untouched" S4 which has the secured bootloader and can confirm or decline that?
- - - - - - - - - -
Conclusions and Facts about KNOX-enabled firmwares (based on statements from chainfires post and it's comments above, ans based on this thread)
Not possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0x1) (even though some people state, downgrade is possible when omitting the bootloader file in a firmware package: see http://forum.xda-developers.com/showthread.php?t=2444671, not confirmed)
Even if you flash a KNOX-enabled firmware via odin (e.g. the latest fw) knox will be set to 0x1
Flashing unsigned or modified images via odin will set knox to 0x1
Samsung stated, resetting the flag is impossible
KNOX is mandatory and can not be completely removed
Warranty Void is no counter, it is a flag (0,1) it was never seen 0x2 or so
Mirroring all partitions from a clean 0x0-Device to a 0x1-Device via JTAG produces an unfunctional device (reversible by restoring the 0x1 partitions on the phone)
KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty
Assumptions on how KNOX flag in bootloader works:
Some experts think, an eFuse is involved. (http://en.wikipedia.org/wiki/EFUSE). An eFuse is mostly only incremential. Even unwriteable by low level tools or JTAG. But it is still not proven, that eFuse is used.
Knox technical information:
https://www.samsungknox.com/overview/technical-details
Click to expand...
Click to collapse
2: Can i downgrade the bootloader?
cosmyndemeter said:
from mj5 bootloader downgrade is possible, read this for newest than mj5 downgrade not possible!
do not try! you can brick your phone forever!!!
Click to expand...
Click to collapse
3:Can i install custom roms?
DeepankarS said:
You can do any customization on your phone like a normal phone, but customizing it means that you have triggered the KNOX counter to 1. Thus on a stock rom you can never use KNOX if KNOX reads 1.
FYI the MK4 (bootloader) or MJ9 (babseband version) has blocked installation of any custom roms on our n7100s via odin. You cannot even downgrade to 4.1.2 official via odin, So flashing via recoveries is the only way left.
And also it is recommended that you install custom roms via Philz/TWRP/CWM recoveries to flash custom roms and everything.
Hope the lil knowledge helped.
Click to expand...
Click to collapse
4 Can i root my note 2 with 4.3 knox?
Yes, but there are chances to trigger the KNOX counter to 1
yeminswe said:
4.3 root
http://forum.xda-developers.com/showthread.php?t=2540761
http://forum.xda-developers.com/showthread.php?t=2573576
>D
Click to expand...
Click to collapse
If you see any questions about knox, post here we will answer.
number 1 link is error,not found.
what about knox container ?
sora9009 said:
number 1 link is error,not found.
what about knox container ?
Click to expand...
Click to collapse
Link fixed.
Thanks
What about kernels?
Smack that thanks button if I helped!
Note 2 LTE powered by Illusion ROM and Plasma Kernel.
Sent from dat small country called Singapore.
P.S. replies with quotes will be replied to faster.
Irwenzhao said:
What about kernels?
Smack that thanks button if I helped!
Note 2 LTE powered by Illusion ROM and Plasma Kernel.
Sent from dat small country called Singapore.
P.S. replies with quotes will be replied to faster.
Click to expand...
Click to collapse
KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty
Is there any way to get the knox back to 0 from 0x1????
Sent from my GT-I9500 using Tapatalk 4 - Hassan K. Malik
HassanM said:
Is there any way to get the knox back to 0 from 0x1????
Sent from my GT-I9500 using Tapatalk 4 - Hassan K. Malik
Click to expand...
Click to collapse
Not yet,although note 3 has been reported to somehow reverse it but that's just wishing too much.
singhpratik87 said:
Not yet,although note 3 has been reported to somehow reverse it but that's just wishing too much.
Click to expand...
Click to collapse
On the note 3 it's done by special bootloader leaked by sammy. The only chance for the note 2 is if note 2 bootloader is leaked. No other way.
Sent from my GT-N7100
I dont care about warranty , all i care that , if i installed a custom rom and the Knox bit is set to 0X1 and i want to get back to the stock , can i install Knox again or not ? because i like the knox idea
hazemsalah said:
I dont care about warranty , all i care that , if i installed a custom rom and the Knox bit is set to 0X1 and i want to get back to the stock , can i install Knox again or not ? because i like the knox idea
Click to expand...
Click to collapse
Once your counter goes to 1 no more Knox app , it can't be used anymore.
Sent from my GT-N7100
gregsarg post :
We have a fix....just not on xda....yet
Mobiletechvideos.com now offers a bootloader downgrade service for our devices. ..
The Knox flags can be reset quite easily according to them....
So if you want the old Knox free phone back....see below and get your anti-knox groove on....
See the product description tab in the middle of the page. ..g
http://mobiletechvideos.mybigcommerce.com/samsung-galaxy-note-2-bootloader-sboot-downgrade-service/
Hmmm it's kinda fishy , but could be true. So you send them your phone ? I don't get it. And all around is jtag heh
Sent from my GT-N7100
note2nooby said:
Hmmm it's kinda fishy , but could be true. So you send them your phone ? I don't get it. And all around is jtag heh
Sent from my GT-N7100
Click to expand...
Click to collapse
Nope i can't risk to send my phone (400 euro), but it looks like they have the solution.I send them mail to ask if i can pay for the file and instruvtions but no answer till now.They want 75 for the reset and 45 for express shipping end delivery.I told them that i am
agree to pay all the ammount for the file.
And one more thing-if i send them phone i can't be sure that they will reset it instead of just replacing MB and write my old IMEI e.t.c
gencho81 said:
Nope i can't risk to send my phone (400 euro), but it looks like they have the solution.I send them mail to ask if i can pay for the file and instruvtions but no answer till now.They want 75 for the reset and 45 for express shipping end delivery.I told them that i am
agree to pay all the ammount for the file.
And one more thing-if i send them phone i can't be sure that they will reset it instead of just replacing MB and write my old IMEI e.t.c
Click to expand...
Click to collapse
I'm quite sure they are using jtag and service bootloader. That's why they need the phone. It's not the same way like the exynos fix for note 3.
Sent from my GT-N7100
I-9192 official status again
i have installed a few weeks later a rooted rom from another forum, and triggered the knox to 0x01 (so i cant receive official updates from samsung)
but, today i needed to reset my phone to factory default, than i was curious to check the phone status, and for my surprise was "Official" again...
i read in various sites that the knox flag cannot be reverted... is that true?
the files i was used to root:
Odin 3.09
Kernel_root_I9192.tar
SuperSU_1.41.zip
the only bad thing is that i lost my root
anyone have the same result just reseting the phone?
thx and sorry for bad english
Soooo. As far as i know the knox wont get updates from Samsung and Block using knox app? And what features are lost from a triggered knox? I flashed the original firmware again and all its ok so far. Theres any blocked feature that o didnt realize?
Need help
I've a s4mini 19192 and today I flashed samsungs official KitKat update to my phone... I tried to root it like I rooted the 4.2.2 update... But can't do.... Then I decided to downgrade to the old version 4.2.2 but odin says can't.... And fails... Someone can help me?
Is it possible to check when the flag was triggered?
I was sold a GN3, in witch the KNOX flag was already set* and I'm trying to avoid a situation in witch the seller will say that I've set the flag.
* not checked beforehand - my mistake - but still I can return it or get a discount under the law
hello..just got the s4 mini dual sim 9192... 2 days back..i was on 4.2.2 indian firmware....checked download mode and it said knox 0*0...now i flashed the 4.4.2 firmware downloaded from sammobile via odin and when i recheck knox is gone....!!!!
just said binary and system which changed from official to custom once i rooted it with CF-root method(nothing else was working...saferoot/towelroot etc)..and as i seem to have read that flashing stock rom reverts these back to official...is it true?
and does this mean that my knox firmware phone has been converted to a non-knox one after kit kat upgrade?
please anyone let me know..thanks
@Fataz bro i have a few questions
I'm currently on FNE2 stock deodexded custom rom with a FNE2 bootloader, when i go download mode it says "KNOX WARRANTY VOID:1"
1 - Does this means Knox is tripped as 0x1
2- Can i install a stock firmware higher than FNE2 from sammobile via odin
GT-N7100 cihazımdan Tapatalk kullanılarak gönderildi
Related
So... after first being impatient and buying a T-Mobile Note3 on Craigslist to use on AT&T and then later seeing how the bootloader locked AT&T Note3 was rooted by DG and Chainfire I ended up getting a contract renewal with AT&T after all and went with the AT&T Note3.
Now I thought I might try to experiment a little and see if I can replicate that root method on the T-Mobile Note3 because it's so brilliant and doesn't trigger the Know warranty void flag.
I can confirm it works just as well on the T-Mobile Note3 !!
ALL CREDIT for the method goes to DesignGears and Chainfire! The Original Thread is HERE: http://forum.xda-developers.com/showthread.php?t=2474422
All steps are exactly the same. THIS IS ONLY FOR N900TUVUBMI7 firmware, so that must be the current one installed on your phone.
Please follow all steps in the original AT&T thread, just skip the oneclick.exe and start with flashing the root_de_la_vega.tar using ODIN.
There is not really a need to so this if you already rooted with the AutoRoot method and triggered the Knox flag. This is for the careful guys who have NOT rooted yet, only want root (no custom ROM or recovery) and would rather like to preserve that Know Warranty 0x0 Flag
Link to the needed file for T-Mobile Note3 is HERE:
http://www.electron73.org/XDA/N900T/ROOT_DE_LA_VEGA-TMO.ZIP
Enjoy
Nice! If I wanted to go stock again, can I just flash the stock firmware in odin and it wont trip the knox flag?
lm that guy said:
Nice! If I wanted to go stock again, can I just flash the stock firmware in odin and it wont trip the knox flag?
Click to expand...
Click to collapse
Unfortunatley, once you trip the Knox Flag you can't untrip it - doing Odin to Stock will return you to stock but it does not remove the Knox flag...once it's tripped - it's tripped.
mocsab said:
Unfortunatley, once you trip the Knox Flag you can't untrip it - doing Odin to Stock will return you to stock but it does not remove the Knox flag...once it's tripped - it's tripped.
Click to expand...
Click to collapse
Oh no I haven't tripped my Knox flag yet I was asking if I use this method to root and I wanted to go back to stock later down the road, Will I trip the Knox flag if i odin the official stock firmware?
Its good to have this method available for those who are very conscious of Knox falg/warranty. Personally:
I will be doing a full root on my second N3. I have to; in the memory of my first N3... RIP where ever you are now.
lm that guy said:
Oh no I haven't tripped my Knox flag yet I was asking if I use this method to root and I wanted to go back to stock later down the road, Will I trip the Knox flag if i odin the official stock firmware?
Click to expand...
Click to collapse
I am not positive - but I think if you flash anything - it will trip it - if you odin back to stock - it would include a new kernel and that would tirp the flag - I may be wrong - but I believe I read this the other day.
WHy would you want to return to stock? To return the phone or something if something went wrong? Maybe there is another way to remove root.?
I dont think you even have to remove root. There will be now ay to tell if you are rooted using that method. Unless you use app that ask you SU permission. So before return just do Factory Reset. That i think should take care of things. IMHO.
lm that guy said:
Oh no I haven't tripped my Knox flag yet I was asking if I use this method to root and I wanted to go back to stock later down the road, Will I trip the Knox flag if i odin the official stock firmware?
Click to expand...
Click to collapse
No, if you ODIN back to full stock or do a factory reset/wipe the Knox flag will NOT be triggered. That flag only triggers if you install a CUSTOM recovery or kernel (custom rom).
For the Galaxy S3, there's also a "no trip root" thread where you simply flash a root-injected TouchWhiz, which I used, and as long as you never flash anything non-Samsung in ODIN, you'll never trip the flash counter flag (which can be reset with TriangleAway anyway, unlike the KNOX flag afaik). But, once rooted, you don't need ODIN, and flashing TWRP recovery via the GooManager app (or dd'ing the img over the recovery partition) doesn't trip the flag, nor does subsequent ROM flashes from recovery over the system partition.
Is it the same situation here, or is the KNOX flag different, in that it will always get tripped as soon as it sees an unsigned partition on bootup?
Darn.. Wish I came upon this like 2 days after I had my TMO note 3. Ive already tripped my Knox. Oh well.
Has anybody tested this method. Does it work
Sent from my SM-N900T using xda app-developers app
DriftorX said:
Darn.. Wish I came upon this like 2 days after I had my TMO note 3. Ive already tripped my Knox. Oh well.
Click to expand...
Click to collapse
The one thing that will eventually have me tripping my Knox flag is if a nice custom kernel comes along. But until then, a simple way to root without tripping the flag will hold me over :fingers-crossed:. Also I'm returning my phone in a week so it's important I don't trip it right now. I want to root and play around with my phone until then.
bbh4r4l said:
Has anybody tested this method. Does it work
Sent from my SM-N900T using xda app-developers app
Click to expand...
Click to collapse
I will test in about 10 minutes when my phone gets finished charging to 100% and will report back. :laugh:
Edit: everything works Thanks OP for posting this!!
Just rooted via this method. It worked fine and knox is stil 0x0. It also didn't factory reset my phone like I thought it would, I'm going to do it anyway, but I wasn't getting any FCs or anything either. Thank you for getting this out to us TMO users!
I don't get it. Rooting doesn't trip knox regardless. But flashing a custom kernel or rom does. So what is the point of this method if it will trip knox as soon as you flash a kernel or rom anyway.
HughesNet said:
I don't get it. Rooting doesn't trip knox regardless. But flashing a custom kernel or rom does. So what is the point of this method if it will trip knox as soon as you flash a kernel or rom anyway.
Click to expand...
Click to collapse
For one you can use apps that require root. Also, you can uninstall bloatware and push apks to your phone using adb etc. A little more work than flashing a prebuilt custom rom, but you can get many of the same results.
*You also said rooting doesn't trip knox regardless, but it actually does unless you do it via this method.
Just did this. Easy as cake. Now I just need to sim unlock my note to use my ATT sim and I will be good to go!!
effortless said:
For one you can use apps that require root. Also, you can uninstall bloatware and push apks to your phone using adb etc. A little more work than flashing a prebuilt custom rom, but you can get many of the same results.
*You also said rooting doesn't trip knox regardless, but it actually does unless you do it via this method.
Click to expand...
Click to collapse
I know you don't need a custom rom for some things. I run stock deodex myself. I flashed custom recovery immediately after root. I guess I thought that is what triggered knox. Either way matters little to me though. I know tmobile won't check knox counter if I use jump and even if they did I could sell on ebay and come out ahead. So I don't really understand why people worry about it. Insurance covers it if you damage it or need warranty service.
HughesNet said:
I know you don't need a custom rom for some things. I run stock deodex myself. I flashed custom recovery immediately after root. I guess I thought that is what triggered knox. Either way matters little to me though. I know tmobile won't check knox counter if I use jump and even if they did I could sell on ebay and come out ahead. So I don't really understand why people worry about it. Insurance covers it if you damage it or need warranty service.
Click to expand...
Click to collapse
Yeah... Seems to me like a kinda-sorta placebo effect or simply one of those things that people can use who *must* have everything completely untraceable to the "T." Like you said, there's virtually no "real" reason this is very necessary, far's I can tell... But, regardless, good work on this - without a doubt - and definitely always a big "plus" to have multiple working methods! :good:
HughesNet said:
I don't get it. Rooting doesn't trip knox regardless. But flashing a custom kernel or rom does. So what is the point of this method if it will trip knox as soon as you flash a kernel or rom anyway.
Click to expand...
Click to collapse
exactly. I think op might not know everything like he is implying. he just wants some attention
*****es be be like "nice phone"
mocsab said:
I am not positive - but I think if you flash anything - it will trip it - if you odin back to stock - it would include a new kernel and that would tirp the flag - I may be wrong - but I believe I read this the other day.
WHy would you want to return to stock? To return the phone or something if something went wrong? Maybe there is another way to remove root.?
Click to expand...
Click to collapse
If people read up on how KNOX actually works, there wouldn't be so much confusion.
The KNOX WARRANTY VOID flag is set to 0x1 when the bootloader detects (via Qualcomm SecureBoot) that you are booting either a kernel or a recovery that isn't SELinux enforcing (it displays a message such as RECOVERY IS NOT SEANDROID ENFORCING - Set Warranty Bit: recovery). It remembers that the partition you booted was insecure and flags it in its own little memory area. It sets individual warranty bits for each partition - boot (kernel), recovery, cache (if you happen to put something there that it doesn't approve of), system. If ANY of those partition warranty bits are set, the KNOX WARRANTY VOID flag is set to 0x1.
This is all explained in the KNOX white paper available on the Samsung web site.
Now, if someone figures out how to write-enable the protected flash area so the flag can be reset AND disable Qualcomm SecureBoot so that it doesn't set the flag over and over again, we'll be in business. For now, only Samsung knows how to do it.
I'm currently using stock MF6 firmware and there is no indication of the Knox warranty void flag in download mode. Does anyone know which firmware introduced this flag on the S4 mini or is it not implemented, yet? I'm asking because I want root access and need to know which prerooted firmwares I can choose from without this flag.
kodan2k said:
I'm currently using stock MF6 firmware and there is no indication of the Knox warranty void flag in download mode. Does anyone know which firmware introduced this flag on the S4 mini or is it not implemented, yet? I'm asking because I want root access and need to know which prerooted firmwares I can choose from without this flag.
Click to expand...
Click to collapse
As far as I can tell, there's no Knox flag known on any S4 mini firmware or variant. Definitely mine has no sign of it either. And from what I read, at least ith the S4 it was never transparent, only when the flag appared could you kill it, in older firmwares no matter what you did the flag was never set until you upgraded and there was something considered wrong then.
4.4 is supposed to bring Knox for the mini so it may bring the flag, which could be easier, harder or the same to avoid as the S4, only time will tell I guess. If it's similar, hopefully enough will have been learnt by the time S4 mini get 4.4 that we can easily get around it.
@Nil Einne
Thank you for your reply. Which firmware version are you using?
(I9195XXUA)MG3 (which is 4.2.2 / JDQ39). It's currently the latest for my CSC. I may root soon perhaps using a prerooted firmware (since mine is so old) but I'm waiting to see if anyone has tried it on a 16GB version. I didn't mention before but I guess it's clear now I have an I9195 but I haven't seen any mention of Knox flag seen for any variant of the S4 mini on current firmwares.
My s4 mini (I9195) came with firmware MF7 and was upgraded OTA to MG8.
After that I flashed with Odin to MH2 (Android 4.2.2).
Thereafter I flashed a custom rom (Slim with 4.3.1).
Where and how can I see whether my Knox warranty void might be 0x1 now.
And what if I flash back with Odin to firmware MF7?
Is that still possible without a later upgrade problem?
Curious about your info.
New Rom XXUBMJ7 whit KNOX bootloader (aboot.mbn) and aplications.
After flash this Rom we have on Download Mode:
KnoxKernelLock: 0x0
KnoxWarrantyVoid: 0x0
Like on Note 3 N9005, if we flash something, customer, root, KnoxWarrantyVoid: go to 0x1 and this is not reversible.
To Root
The Root-Kit-V1 install all superuser, SU and busybox but after reboot the SuperSU can't access to system, KNOX not permit.
To solve this we must flash after, on recovery the UPDATE-SuperSU-v1.65.zip from Chainfire. After we have root alright.
My case like on Note 3:
I not need the KNOX, the phone is only for me, then after root I delete all KNOX apk + odex from system/app.
Good luck
Is it possible to go back to old bootloader WITHOUT knox?
ladislav.heller said:
Is it possible to go back to old bootloader WITHOUT knox?
Click to expand...
Click to collapse
See response on Development Thread to this your question.
Always the KNOX:
You can read this post Always the KNOX.
Many info about KNOX.
I've had my I9192 for about 2 months. I updated it right after receiving it, and rooted it using Kingo. Everything was working great until I received the software update. I installed the update a couple of days ago and lost root. I tried Kingo again, but I'm getting the Samsung Security (knox) message that it was blocking it. Even though I never installed Knox, it must be running in the background.
I've done some reading since on Kingo, Knox, and updating while rooting. I have now come to the realization that my warranty is probably void, my phone will no longer get official updates, and there is no Santa Claus.
In researching the problem, I found some reference to download mode. and the Knox Kernel lock. When I start my phone in download mode, this is what it shows:
Current Binary: Samsung Official
System Status: Custom
Knox Kernel Lock: 0x0 (I think this and the next one are good)
Knox Warranty Void: 0x0
CSB-Config-LSB: 0x30 (I don't know what this is)
Write Protection: Enabled
Can anyone confirm my assumptions? I just want to get back to my original state before updating a few days ago. Original FW with root capability. I'm ok with resetting the phone and reinstalling if necessary.
If I screwed the pooch on this one, then I guess it's time to go CFW route to get to root.
Thanks for any input.
Once you got a fw with Knox you can't go back.
And yes, 0x0 is good but if you flash a kernel for root you will get 0x1..
Sent from my GT-I9195 using xda app-developers app
mnezo said:
Once you got a fw with Knox you can't go back.
And yes, 0x0 is good but if you flash a kernel for root you will get 0x1..
Sent from my GT-I9195 using xda app-developers app
Click to expand...
Click to collapse
Thanks for the input. Since, I am at 0x0, will I still get fw updates?
As I mentioned, I thought you had to be a 0x1 to be excluded from official updates. Or does the fact the System Status is now Custom, exclude me from those updates?
Snotick said:
Thanks for the input. Since, I am at 0x0, will I still get fw updates?
As I mentioned, I thought you had to be a 0x1 to be excluded from official updates. Or does the fact the System Status is now Custom, exclude me from those updates?
Click to expand...
Click to collapse
Yes. As your System Status is now set to Custom then you can not receive official updates by OTA.
GeoDum said:
Yes. As your System Status is now set to Custom then you can not receive official updates by OTA.
Click to expand...
Click to collapse
Thanks.
I'm still reading conflicting reports about how Samsung is handling all of this. You say I won't receive official updates OTA. Will I be able to side load them via Kies?
I'm also confused about the Knox security. It seems like it is more for people that want to use their phones for work. I don't, and am 99% certain that I never will. Should I even care what my Knox count is?
Snotick said:
Thanks.
I'm still reading conflicting reports about how Samsung is handling all of this. You say I won't receive official updates OTA. Will I be able to side load them via Kies?
I'm also confused about the Knox security. It seems like it is more for people that want to use their phones for work. I don't, and am 99% certain that I never will. Should I even care what my Knox count is?
Click to expand...
Click to collapse
In some countries Knox warranty 0x1 = Void warranty So yes sometimes u should care about Knox
Read more here
SilviuMik said:
In some countries Knox warranty 0x1 = Void warranty So yes sometimes u should care about Knox
Read more here
Click to expand...
Click to collapse
Sorry, I should have mentioned that I am in the U.S.
At this point, I would trade my warranty for a rooted phone running stock fw going forward. As it stands now, I can't root (at least not the with one click) and I won't be updating fw going forward. Seems like a double whammy.
Snotick said:
I've had my I9192 for about 2 months. I updated it right after receiving it, and rooted it using Kingo. Everything was working great until I received the software update. I installed the update a couple of days ago and lost root. I tried Kingo again, but I'm getting the Samsung Security (knox) message that it was blocking it. Even though I never installed Knox, it must be running in the background.
I've done some reading since on Kingo, Knox, and updating while rooting. I have now come to the realization that my warranty is probably void, my phone will no longer get official updates, and there is no Santa Claus.
In researching the problem, I found some reference to download mode. and the Knox Kernel lock. When I start my phone in download mode, this is what it shows:
Current Binary: Samsung Official
System Status: Custom
Knox Kernel Lock: 0x0 (I think this and the next one are good)
Knox Warranty Void: 0x0
CSB-Config-LSB: 0x30 (I don't know what this is)
Write Protection: Enabled
Can anyone confirm my assumptions? I just want to get back to my original state before updating a few days ago. Original FW with root capability. I'm ok with resetting the phone and reinstalling if necessary.
If I screwed the pooch on this one, then I guess it's time to go CFW route to get to root.
Thanks for any input.
Click to expand...
Click to collapse
Hi man many Questions but i think i can help you.
If made nearly the same like you the only differnce i flash the new upadte by my self via Odin.
So lets start step by Step:
1. You can go back to your old Firmeware with root is possible as befor! For that you must search your Firmeware via I-net and flash them via Odin like me. No changes on the Knox flag
2. That Custom stat: Yes you will be able to get OTA by me it Works. You can emulated the Offical state via Wanam Xposed and it will show you too as Offical in the Download mod.
3. Warranty is still in place
Look at my Post on a other Thread: littel Guide from me
There i explain what you must do to get back to your older Firmeware
Happy new Year for you all
Greets
Killer
hello i have a question ive boughed a galaxy note 8 a last week and stuped me updated to 4.4.2 and im not new to samsung device i had one my self and rooted not even(for my friends) one but never had such situasion but i still got warranty and i dont want to lose it i know there is knox on my device now and if i root with vroot my system status will change to custom and will not touch knox so my question is when ill root and use triangle away and send my note to samsung after theyll format it will the system status stay official or go back to custom?
the_ziom said:
hello i have a question ive boughed a galaxy note 8 a last week and stuped me updated to 4.4.2 and im not new to samsung device i had one my self and rooted not even(for my friends) one but never had such situasion but i still got warranty and i dont want to lose it i know there is knox on my device now and if i root with vroot my system status will change to custom and will not touch knox so my question is when ill root and use triangle away and send my note to samsung after theyll format it will the system status stay official or go back to custom?
Click to expand...
Click to collapse
TriangleAway still works with the KitKat KNOX enabled bootloader but the counter it resets is not the KNOX warranty flag. If you've flashed any unsigned (by Samsung) image to your tablet, including custom recoveries, kernels and/or ROM's, or rooted with CF Auto Root (which flashes a custom recovery) since upgrading to KitKat 4.4.2, your KNOX flag has been triggered and your warranty is already voided.
ramjet73
ramjet73 said:
TriangleAway still works with the KitKat KNOX enabled bootloader but the counter it resets is not the KNOX warranty flag. If you've flashed any unsigned (by Samsung) image to your tablet, including custom recoveries, kernels and/or ROM's, or rooted with CF Auto Root (which flashes a custom recovery) since upgrading to KitKat 4.4.2, your KNOX flag has been triggered and your warranty is already voided.
ramjet73
Click to expand...
Click to collapse
No you dont get my question im aware of knox and I dont want to touch it but I head that rooting changes the system status to custom in download modeand in system it changes to modified and if samsung see tht than the warranty if void so once again my question is when I root with vroot or with kingo root they both dont touch knox and than use triangle away and SET system status back to official or normal and after formating will the official or normal status stay of will it be turned back to custom/modified
the_ziom said:
No you dont get my question im aware of knox and I dont want to touch it but I head that rooting changes the system status to custom in download modeand in system it changes to modified and if samsung see tht than the warranty if void so once again my question is when I root with vroot or with kingo root they both dont touch knox and than use triangle away and SET system status back to official or normal and after formating will the official or normal status stay of will it be turned back to custom/modified
Click to expand...
Click to collapse
I haven't used either of those rooting methods so I can't answer that. According to the Kingo website the chances of tripping the KNOX flag are 1 in 1000, but they don't mention the flash counter. OTOH, Samsung claims that KNOX can be tripped with as little as a custom kernel initialization script:
For example, some KNOX security mechanisms, such as SE for Android, will trigger an e-fuse if the system is booted with an arbitrary kernel, kernel initialization script or data, and therefore be disabled and no longer function correctly.
Click to expand...
Click to collapse
I know you said that you're not asking about the KNOX implications but maybe you should. Regarding resetting the flash counter and custom configuration with TriangleAway, I suggest posting your scenario in that thread and hope for a response from Chainfire, the developer of that app. If you can root with one of those methods without tripping Knox, my experience is that after using Odin to flash the stock ROM and running TriangleAway when I was using the 4.2 ROM and bootloader there was no indication on the bootloader screen or using the stock ROM that "tampering" was detected, but things might have changed with the 4.4 bootloader.
Good luck, and please let us know how it turns out.
ramjet73
ramjet73 said:
I haven't used either of those rooting methods so I can't answer that. According to the Kingo website the chances of tripping the KNOX flag are 1 in 1000, but they don't mention the flash counter. OTOH, Samsung claims that KNOX can be tripped with as little as a custom kernel initialization script:
I know you said that you're not asking about the KNOX implications but maybe you should. Regarding resetting the flash counter and custom configuration with TriangleAway, I suggest posting your scenario in that thread and hope for a response from Chainfire, the developer of that app. If you can root with one of those methods without tripping Knox, my experience is that after using Odin to flash the stock ROM and running TriangleAway when I was using the 4.2 ROM and bootloader there was no indication on the bootloader screen or using the stock ROM that "tampering" was detected, but things might have changed with the 4.4 bootloader.
Good luck, and please let us know how it turns out.
ramjet73
Click to expand...
Click to collapse
Well non of those methods worked I had to root via odin so bye bye warranty
I just picked up a refurb i317 and have a question obout this Knox rom counter/security thing: Does it matter for a refurb that's out of warranty? Is it just a counter or is it something more nasty?
jocala said:
I just picked up a refurb i317 and have a question obout this Knox rom counter/security thing: Does it matter for a refurb that's out of warranty? Is it just a counter or is it something more nasty?
Click to expand...
Click to collapse
Knox is a Samsung corporate security suite that is built into the stock OS.
Sadly it's also present in the bootloader. ..so if an unsigned flash is performed. .the flag is set to 1....
Knox ( or the knox container) is best described as a secured software partition that is set aside for the use of high security apps and functions at the corporate or government level...and isolates these proprietary functions from the rest of the regular OS....
Once a custom rom is flashed. .This container is violated and the flag is set via the bootloader. ..and the device can never be used as a secured corporate device again. ..
With devices under warranty it will void them...but for flashing and modding a device it means very little to us. .
Root and flash is no problem on the note 2 device. ..but note 3 or higher has a true locked bootloader. ..and won't allow different kernel images to be flashed at all. ..(last I heard)...
We are the first generation of knox infected devices. ..but we are not truly locked. ..However. ..Once the device is running the mk6 or higher bootloader. ..it cannot be reverted back to a non-knox version. ...
You are good to flash any roms in the I317 section to include custom kernels....radio images etc...
Enjoy. ...g
gregsarg said:
Knox is a Samsung corporate security suite that is built into the stock OS.
Sadly it's also present in the bootloader. ..so if an unsigned flash is performed. .the flag is set to 1....
Knox ( or the knox container) is best described as a secured software partition that is set aside for the use of high security apps and functions at the corporate or government level...and isolates these proprietary functions from the rest of the regular OS....
Once a custom rom is flashed. .This container is violated and the flag is set via the bootloader. ..and the device can never be used as a secured corporate device again. ..
With devices under warranty it will void them...but for flashing and modding a device it means very little to us. .
Root and flash is no problem on the note 2 device. ..but note 3 or higher has a true locked bootloader. ..and won't allow different kernel images to be flashed at all. ..(last I heard)...
We are the first generation of knox infected devices. ..but we are not truly locked. ..However. ..Once the device is running the mk6 or higher bootloader. ..it cannot be reverted back to a non-knox version. ...
You are good to flash any roms in the I317 section to include custom kernels....radio images etc...
Enjoy. ...g
Click to expand...
Click to collapse
Thanks for the thoughtful reply. I'm playing with a CM12 nightly now, but will probably scout out a nice stock rom as a daily driver. As a retired gentleman of a certain age, I never go for latest and greatest these days, but I'm impressed with this phone thus far.