Related
FYI: Please don't get offended by me posting this thread. I searched and couldn't find anything dedicated to KNOX and discussions about it. So I created a thread where we can hammer out our ideas, and logic.
Firstly, here is a little video explaining what Samsung KNOX is:
My "cliff note" explanation of what KNOX is:
A virtual environment, on your phone, where running "un-approved" applications, will not affect the KNOX environment. In other words, it's like running a program like Virtual Box for your Note 3, and only pre-approved "limited" apps can run in this environment. In the video, it says how taking a picture, can be emailed and shared, yet outside of KNOX, you can't access this picture.
https://www.samsungknox.com/
KNOX has been in development for quite some time. What I have found out, it's like Fort Knox (get the pun?). Fort Knox is known to be impenetrable (http://ainulfarina.blogspot.com/2013/01/fort-knox-most-secure-vault-in-world.html). Samsung has partnered with various software and hardware companies to develop a platform for the infrastructure of business, with security in mind. We're talking about security on the hardware level. To market this, to tap into the business/enterprise world, using the Note 3 as the preferred paperless, go to device. To achieve this, they need sell the idea that security is king. However, they don't want to exclude the rest of the market of the common everyday individual. That's why Samsung tag line is "Work and play on one device".
This KNOX environment needs to be installed and set up. The desired list of apps would need to be pre-approved for your devise as part of the set-up process. I'm sure this is on an organizational level.
I have a couple of questions on KNOX which I hope the answer is Yes to both:
Will it work if the phone is un-rooted, but had been previously rooted?
Will it prevent MDM applications from reading personal stuff like installed text messages and other stuff outside of KNOX on the phone?
There are a few things that I'd like to do which requires root to do. A couple of examples, among many, are removing bloatware that can't be disabled and BT pairing a PS3 controller.
My employer has selected MobileIron for their MDM due to the head of Security having some relative there (nepotism) when there were plans to use and sell as a SaaS solution the less intrusive AirWatch. Interest in MobileIron by our customers is much lower than AirWatch since it doesn't fit into the SaaS model like our other services.
The big problem with MobileIron from an end user perspective is how intrusive it is. It logs everything and sends that info to the management server; this includes text messages. On company issued equipment, no privacy is to be expected however, that privacy is expected on my personal stuff. I'm told MobileIron has the capability to go through the phones storage and download anything.
I'll consider leveraging KNOX if those two questions have "Yes" as an answer. Frankly, my employer is being unreasonable with their mobile requirements (long story) and the head of Security maintains his ass as his hat with more power than he should because of his relationship with a VP or the CEO. I have been using an alternate method to the silliness of walking around with two phones that facilitates their electronic checks; I just don't advocate the solution.
noc007 said:
I have a couple of questions on KNOX which I hope the answer is Yes to both:
Will it work if the phone is un-rooted, but had been previously rooted?
Will it prevent MDM applications from reading personal stuff like installed text messages and other stuff outside of KNOX on the phone?
Click to expand...
Click to collapse
I have many friends who have rooted their phones, but none that I know use the KNOX environment. Even using the Note 2 for a full year, this is the first time i've heard of KNOX when exploring my Note 3.
I also want to know if triggering the KNOX flag, can that environment still be accessed, or even installed?
I can only assume the answer would be "yes" to your second questions, since it's a separate environment altogether. I understand that anything done outside KNOX mode is excluded from effecting it, however wouldn't it be the same from within?
To answer your first question, we would need someone who rooted their phone, and simply select KNOX from the app drawer, go through the install process and find out.
While I haven't chosen to activate or use Knox, I believe you are limited to installing apps from the Knox store. You can see the apps available on the store at the Knox Website.
Not only will Knox basically run all apps in a sandbox, it will only run Knox approved apps, further locking down the possibility of something bad being installed. You can't even take a screen shot in the Knox environment. Think of it as a locked down virtual box on your phone, that separates your work life from your private, and protects the work related data.
selinux
lawalty said:
I also want to know if triggering the KNOX flag, can that environment still be accessed, or even installed?
Click to expand...
Click to collapse
Once the KNOX WARRANTY VOID bootloader flag is set to 0x1, the phone is considered compromised and the KNOX secure container cannot be created. In other words, once you root, the KNOX sandbox will never function again.
The flag is there for exactly this purpose - to disallow compromised devices from accessing secure apps and systems that require sandboxing; the fact Samsung also started using it to deny warranty claims is a side effect caused by their greed.
siraltus said:
Once the KNOX WARRANTY VOID bootloader flag is set to 0x1, the phone is considered compromised and the KNOX secure container cannot be created. In other words, once you root, the KNOX sandbox will never function again.
The flag is there for exactly this purpose - to disallow compromised devices from accessing secure apps and systems that require sandboxing; the fact Samsung also started using it to deny warranty claims is a side effect caused by their greed.
Click to expand...
Click to collapse
I really think Samsung should of had a business line of Note 3 devices, as compared to every phone having the Knox "container", I think it's a contributing Factor to the bootloop issues that are widespread and creating more headaches than it's worth.
There's going to be a very small population of users that will actually consider even using Knox, yet as stated, is creating major issues in the Note 3 community.
Sent from my SM-N900T using XDA Premium 4 mobile app
What was Samsung thinking of putting KNOX on the Note 3s with unlocked bootloaders? If simply rooting the phone triggers the KNOX flag, permanently flagging the phone for any future dealings with this secure mode for businesses, wouldn't it be simpler to only have the flag if rooted?
So if your phone is not rooted, then you can install KNOX. If you phone currently is rooted, then no KNOX.
My fear is that other companies, that don't like people rooting the phones where their apps are installed on, might hop on this, and consider this as a solution.
Sent from my SM-N900T using XDA Premium 4 mobile app
knox flag is the same thing as the note ii warranty flag. wtf do they call it knox
anyway its bs i cant use knox if im rooted
siraltus said:
Once the KNOX WARRANTY VOID bootloader flag is set to 0x1, the phone is considered compromised and the KNOX secure container cannot be create.... the fact Samsung also started using it to deny warranty claims is a side effect caused by their greed.
Click to expand...
Click to collapse
Just open the phone, use some fine wires to pump enough voltage and current into it to fry some stuff. Make it look like a charger or battery issue. Warranty still "valid". They want to screw us, we can screw back.
muqali said:
Just open the phone, use some fine wires to pump enough voltage and current into it to fry some stuff. Make it look like a charger or battery issue. Warranty still "valid". They want to screw us, we can screw back.
Click to expand...
Click to collapse
So I wasn't the only one. Did this once back in the Nokia 2110 days. They got smart and put tamper proof stickers on them these days. Some I heard even hide them.
Sent from my SM-N900T using Tapatalk 4
You can root, install ROMs, trigger all the trip wires they have, and if something does go wrong, or there is a real issue that has nothing to do with rooting like dust under the screen, but now Samsung refuses to honor the warranty because the Knox is void, try to install a ROM that is not for the phone and hard brick it. 100% no chance of it ever booting again. No tamper evidence of opening the phone. "Gee Samsung I don't know what happened. I went to turn it on, and nothing happens. I'm under warranty, so I'll send it in for repair." "Hello customer, We confirm the phone will not turn on. We are replacing it for you under warranty. Here is your new phone." Hmm.. I can see people doing this because Samsung is trying to avoid warranty claims for legit issues.
bobbyphoenix said:
You can root, install ROMs, trigger all the trip wires they have, and if something does go wrong, or there is a real issue that has nothing to do with rooting like dust under the screen, but now Samsung refuses to honor the warranty because the Knox is void, try to install a ROM that is not for the phone and hard brick it. 100% no chance of it ever booting again. No tamper evidence of opening the phone. "Gee Samsung I don't know what happened. I went to turn it on, and nothing happens. I'm under warranty, so I'll send it in for repair." "Hello customer, We confirm the phone will not turn on. We are replacing it for you under warranty. Here is your new phone." Hmm.. I can see people doing this because Samsung is trying to avoid warranty claims for legit issues.
Click to expand...
Click to collapse
Actually, Samsung will still fix a KNOX-tripped device, as long as it's under 12-months old, just not for FREE. You pay shipping + materials + labor, which is still way better than having to a re-buy a new $700 device. We can argue all day that Samsung shouldn't be "lame" in refusing to fix certain hardware problems that could not possibly be blamed on rooting & ROMming, but that's their right.
(Read Samsung's warranty fine-print yourself if you'd like)
zmore said:
Actually, Samsung will still fix a KNOX-tripped device, as long as it's under 12-months old, just not for FREE. You pay shipping + materials + labor, which is still way better than having to a re-buy a new $700 device. We can argue all day that Samsung shouldn't be "lame" in refusing to fix certain hardware problems that could not possibly be blamed on rooting & ROMming, but that's their right.
(Read Samsung's warranty fine-print yourself if you'd like)
Click to expand...
Click to collapse
That's like saying buying a laptop that comes with Windows and then installing Linux on it voids the warranty. They are getting absurd amounts of money from us, it's just pure greed on their part.
01010001 said:
That's like saying buying a laptop that comes with Windows and then installing Linux on it voids the warranty. They are getting absurd amounts of money from us, it's just pure greed on their part.
Click to expand...
Click to collapse
PC makers would do the same if they could. They started down that road with Trusted Computing and secureboot, but PCs have historically been more open.
Steve Lazarus said:
I really think Samsung should of had a business line of Note 3 devices, as compared to every phone having the Knox "container".
Click to expand...
Click to collapse
I TOTALLY agree! Again, why would the brain-heads over at Sammys have this KNOX crap on all their flag ship phones, with unlocked bootloaders? Wouldn't it make more sense to sell a business/enterprise Note 3 directly to businesses with this KNOX crap pre-installed with locked bootloaders, and leave us flag ship unlocked bootloaders alone.
GEEZUS! [face-palm] It just doesn't make sense.
Sent from my SM-N900T using XDA Premium 4 mobile app
I'm telling you all. If this doesn't get bypassed somehow, and it remains completely permanent, other companies will eventually get on board with this nonsense. Especially DRM with music and video. This KNOX flag just might stand the test, and remain.
Sent from my SM-N900T using XDA Premium 4 mobile app
Knox seems to me, to be a bit of a redundant idea.
If you cannot protect your own device, because let's be serious security starts at the USER not some software you have installed, then watch the websites you visit and the apps you load from third parties.
Knox is a false sense of security if you ask me. It makes the inexperienced user feel like their device is impenetrable, which it isn't.
Its like a desktop, your desktop will only be as secure as you make it, based on how you use it. There will always be security threats, always. You need to learn how to protect YOURSELF rather than depend on some bogus app.
d474corruption said:
Knox seems to me, to be a bit of a redundant idea.
If you cannot protect your own device, because let's be serious security starts at the USER not some software you have installed, then watch the websites you visit and the apps you load from third parties.
Knox is a false sense of security if you ask me. It makes the inexperienced user feel like their device is impenetrable, which it isn't.
Its like a desktop, your desktop will only be as secure as you make it, based on how you use it. There will always be security threats, always. You need to learn how to protect YOURSELF rather than depend on some bogus app.
Click to expand...
Click to collapse
I think you misunderstand the purpose of knox. Knox does not exist to provide security to the end user. Knox is for BYOD business environments. Because the devices are user not employer provided, it would be an administrative nightmare to inspect every device that users want to bring into the corporate environment. By leveraging knox, a company can institute a policy that user provided devices cannot have the knox flag tripped if they want access to the corporate network resources and applications. Trip the flag, no access for you.
Sent from my SM-N900T using XDA Premium 4 mobile app
moto211 said:
I think you misunderstand the purpose of knox. Knox does not exist to provide security to the end user. Knox is for BYOD business environments. Because the devices are user not employer provided, it would be an administrative nightmare to inspect every device that users want to bring into the corporate environment. By leveraging knox, a company can institute a policy that user provided devices cannot have the knox flag tripped if they want access to the corporate network resources and applications. Trip the flag, no access for you.
Sent from my SM-N900T using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I agree, however it should be more a toggle than a permanent switch. Example, if your device is presently rooted with a custom recovery, then no knox. If your device was rooted but not anymore with oem recovery, then yes to knox.
This permanent flag is disheartening.
However, I can envision using this as a good selling point. Taking a pic of your phone's screen for ebay, showing to the world it has NEVER been rooted. I guess you would have proof.
Sent from my SM-N900T using XDA Premium 4 mobile app
Just wondering whether there is any reason to NOT trip Knox, besides wanting to keep warranty and if you actually use it...
Samsung Knox offers security for enterprises and businesses, but it doesn't seem like Knox is made for the average user. I don't really care about warranty since I don't think Samsung UK would be able to do sh*t for my T325 since isn't sold in retail here.
I just want to confirm whether I need my T325 at 0x0 or not? I'm just scared that Samsung will release something that needs 0x0 all of a sudden -_-
What do you guys think? Thanks!
Once Knox is 0x1, you will not be able to install Knox apps only. It also has nothing to do with the hardware warranty. The Knox flag is there to be absolutely certain that a tablet/phone has not been modified in a way that could circumvent Knox Security software.
Sent from my SM-P900 using Tapatalk
dodo99x said:
Once Knox is 0x1, you will not be able to install Knox apps only......
Click to expand...
Click to collapse
Some people, such as myself, consider this a benefit... :silly:
Has anyone tripped Knox and still been able to use the warranty on a hardware issue? I could care less about using Knox apps, but I'd like to keep my new tablet warranty.
FitchVA said:
Has anyone tripped Knox and still been able to use the warranty on a hardware issue? I could care less about using Knox apps, but I'd like to keep my new tablet warranty.
Click to expand...
Click to collapse
Is there an easy way to check knox? SuperSu disabled it.
Cheers,
Rich
Sent from my SCH-I535 using Tapatalk
rholm said:
Is there an easy way to check knox? SuperSu disabled it.
Cheers,
Rich
Sent from my SCH-I535 using Tapatalk
Click to expand...
Click to collapse
Boot into Download Mode. Volume down + Home Button + Power Button. You will see Knox warranty in upper left corner of the screen. To exit Download mode, hold Power button until it shuts off.
Hope this helps,
Steve
Please forgive the catchy title as well as my ignorance as while I have been around computing stuff for a long time, am kinda new to the Android stuff.
For me, I picked up a Samsung Strat II this summer, an have gotten a bit used to that, so just grabbed a 8.4 for Xmas as I have more uses for that, an would like to get that running as best as possible.
For the Strat II, I did root it with Towelroot an with no noticeable side effects, so understand the hows an why's of this.
But in reading the forums for the 8.4, have been seeing this thing about tripping the Knox from messing with the OS in anyways in regard to rooting.
From the little bit I have read, it seems to be some kind of root tripper, an would assume that voids any warranties too, but was wondering if some could explain it a bit more to me, an perhaps answer the following questions.
1: Does it in fact trip from a root an does this void the warranty?
2: This does not seem to be part of my Strat II OS, so is this something newer?
3: If indeed it is just a warranty thing, do I care once it's out of warranty? Which I think is one year?
4: Is it just a OS recording thing, or does it mess up the tab in anyway, software or hardware wise?
5: From what I have read, once tripped, its permanent an there is no way to reverse that even from a complete system reset, so is that true?
So those are just a few at the moment an again, please forgive my ignorance, but hey, if you don't ask, you don't learn.
Thanks for any help
if you used towelroot then you probably didn't trip knox, knox will trip if you use other root methods like cf-auto-root or flash custom firmwares like CM.
knox is a hardware fuse (at least on the snapdragon cpu) that once tripped cannot be undone as it actually modifies hardware kind-of like burning out a circuit and Samsung checks the flag to see if the device was tampered with and it will void warranty (though they may or may not make an exception depending on the issue like if something was hardware related they might still honor it).
TowelRoot uses a kernel exploit and doesn't mess with bootloaders ..etc , thus keeping knox happy
Thanks for the reply otyg, so can I use towelroot on my 8.4, or does this not work with something like this, or with this OS?
WBFAir said:
Thanks for the reply otyg, so can I use towelroot on my 8.4, or does this not work with something like this, or with this OS?
Click to expand...
Click to collapse
Towelroot only worked on ND1~ND3 Firmware on the tab pro 8.4 then the kernel was patched on newer firmwares--- so if your tab has a newer firmware it won't work anymore without some headaches.
Basically you need to flash the Kernel (not the full firmware) from ND3 root the tab with towelroot then swap the kernel back to the current firmware, and knox should stay at 0x0 .
One of the things that puzzles me is why did they even do this?
Seems that the customization that rooting is needed to be done for, is such a big part of why many buy these things?
Guess there is some that damage things by over clocking or something else, an then rest everything an try to claim warranty, but still gotta be a small amount as apposed to those who buy them as they can do all the software stuff to them.
Seems like they are trying to lock out a good amount of their customer base.
WBFAir said:
One of the things that puzzles me is why did they even do this?
Seems that the customization that rooting is needed to be done for, is such a big part of why many buy these things?
Guess there is some that damage things by over clocking or something else, an then rest everything an try to claim warranty, but still gotta be a small amount as apposed to those who buy them as they can do all the software stuff to them.
Seems like they are trying to lock out a good amount of their customer base.
Click to expand...
Click to collapse
It could be worse, the efuse(s) can be used for all kinds of things like completely locking the bootloader, luckily Samsung didn't go to that extreme
Yeah, I understand.
So by any chance otyg, do you know if regarding my question on anything else it might do, does tripping the knox do anything other then the hardfuse, an the reporting of it?
Does it effect the device in any other way?
Basically I tried the unit I have for just a little bit as I wanted to setup the basics before Xmas an make sure it would work with my WiFi, but all in all the unit ran pretty nice with just the way it was.
So I really even wonder if I want to root it, an then with this Knox thing, its deterring me even more.
But then too, I know some apps just really require it.
So kinda torn.
But if it does something else negative to the device other then what we have already discussed, might just leave it alone for the time being.
Btw, thanks for all the help so far.
There are benefits to rooting like being able to use your sdcard properly , I rooted mine, never tripped knox,
As with all rooting It's a risk if you do trip it it will probably void warranty, it could also brick your device if something goes wrong.
Another common problem I have been seeing is random reboots for people who have a tripped knox flag (this is due to software on the tablet that checks knox and somehow causes reboots, you can disable the software but still troublesome and doesn't work for everyone).
If you really want to root I would go with towelroot method, its the safest and less risk for triggering any knox problems.
you basically update your firmware to the latest version first, extract the kernel from the tar file, download the ND3 firmware extract the kernel, tar the kernel's , flash the nd3 kernel with odin, boot-up , towelroot, install supersu , reboot - switch back to download mode and re-flash the latest kernel)
Read through this thread too, some people have prepared standalone kernels to use if you don't want to do it yourself. you probably need ND3 (or ND1 will work) and K1 if your tablet is the XAR model.
http://forum.xda-developers.com/showthread.php?t=2786800
^ND1 kernel
http://forum.xda-developers.com/gal...320xar1ank1-extracted-stock-firmware-t2954549
^K1 kernel
Thanks greatly otyg, will have to look into this more after the holidays, an thanks so much for the info
WBFAir said:
One of the things that puzzles me is why did they even do this?
Seems that the customization that rooting is needed to be done for, is such a big part of why many buy these things?
Guess there is some that damage things by over clocking or something else, an then rest everything an try to claim warranty, but still gotta be a small amount as apposed to those who buy them as they can do all the software stuff to them.
Seems like they are trying to lock out a good amount of their customer base.
Click to expand...
Click to collapse
Because people mostly don't care and don't know.
If you don't like what they do, then don't support them. Stop buying their products, or buy used if you have to.
Personally, Samsung is the #1 company on my **** list, with Apple being a close 2nd, due to their policies towards their customers.
I only bought my 12.2 Note Pro because nobody else make anything in this class.
I already have Nexus 4 & 7. Xperia. And if I was shopping for a small tablet, I'd get the new Nexus (despite the HTC crappy quality lottery).
I also bought it used/refurbished, not new.
WBFAir said:
Yeah, I understand.
So by any chance otyg, do you know if regarding my question on anything else it might do, does tripping the knox do anything other then the hardfuse, an the reporting of it?
Does it effect the device in any other way?
Click to expand...
Click to collapse
For this device, once you trip Knox you can no longer update firmware through the traditional methods, you have to do it manually through something like Odin or a custom recovery, as far as I can tell. Samsung recognizes that you've "modified" your device and will not let you update through official channels.
gidal said:
Because people mostly don't care and don't know.
If you don't like what they do, then don't support them. Stop buying their products, or buy used if you have to.
Personally, Samsung is the #1 company on my **** list, with Apple being a close 2nd, due to their policies towards their customers.
I only bought my 12.2 Note Pro because nobody else make anything in this class.
I already have Nexus 4 & 7. Xperia. And if I was shopping for a small tablet, I'd get the new Nexus (despite the HTC crappy quality lottery).
I also bought it used/refurbished, not new.
Click to expand...
Click to collapse
I suspect it's to honor their high level contracts (like the govs, and fortune 500 company's) who need to keep the devices secure, knox is a good way to tell the customer their device could have been compromised, unfortunately it does effect normal users like us who like to tweak the devices a little .
otyg said:
I suspect it's to honor their high level contracts (like the govs, and fortune 500 company's) who need to keep the devices secure, knox is a good way to tell the customer their device could have been compromised
Click to expand...
Click to collapse
This is pretty much true, in my understanding. KNOX is aimed at enterprise users (company provided devices) as a means of ensuring the devices are kept in an "approved" or "compliant" configuration. Once a device is rooted, root can be hidden (as well as any number of changes made to the system) so it makes sense for IT departments to want a non-reversible hardware fuse to detect the device has been tampered (mainly by the employees).
Android hasn't had the widest adoption for enterprise use, mainly due to the open nature of the OS. So such security measures are an attempt at changing that perception.
Folks on here have argued that KNOX counter does not void the warranty, and its only purpose if for use along with the KNOX security software. Whether that is 100% true or not, I can't personally say.
Knox allows a device to be setup as two completely separate devices in one. One secured for business use the other for personal use. I tripped Knox immediately on mine when I rooted it.
Can i towelroot and install cm without knockig trox?
Everywhere I read about how people are afraid to trip KNOX, will flashing this trip it.. YES what I understand is that FLASHING anything that is an Unofficial Recovery or Kernel is what will trip this security feature, TRIPPING KNOX will DISABLE SAMSUNG PAY
Samsung Pay relies on the security features of KNOX. Once KNOX is tripped you can't go back.
1st question is how can we make an Official Kernel with ROOT...???
2nd question is what makes it Official to begin with..???????,
no where have I seen any forum discuss how these companies make Official Firmware and kernels, Seems like every phone company can alter Official Firmware and kernels to suit the needs and its still an Official update and does not trip KNOX.
Just curious as to the inner workings on being Official. Would be nice to see a Official Rooted Kernel kind of like the leaked T-Mobile Engineering Kernel but even it was limited in ways.
Anyway about KNOX... trip it.
If you are just using your phone for personal and like custom roms tripping KNOX means nothing and its OKAY.
If your going to use Samsung Pay then step away from ROOT and don't look back. Tripping Knox is not for you.
As far as I can tell the only people who can't root are the people who work for big business and have work related files on their phones, KNOX is going to make a partition and keep all this stuff secret for them so if you rooted your phone and work for lets say the "Department of Defense" chances of you getting fired and your phone destroyed are like 100% so if your the sole owner of your phone and like to tinker with custom roms TRIP KNOX its okay, I just wish we had a way to make Official Firmware and Kernels but I can see problems for big business if we did.
Not to be mean, but you have absolutely no idea what you are talking about. I am only saying that so that anyone else reading this knows that.
"Official Kernel With Root" is not going to happen.
If you trip Knox, you will not be able to use Samsung features such as Samsung Pay. This is important to a number of people.
You really should do some research before posting.
Your not being mean at all but you did not answer either, why is it not going to happen? I would like to know what makes it official and why can't it be done?
I get Samsung pay users, but for those who Root usually are going to flash custom roms and don't care about that feature, if your using Samsung pay then you need KNOX to keep your data secure. I will edit the OP and state the facts for those who don't already know about this.
It it was that easy to work around knox, i guess it wouldnt be that great of a security feature huh? Samsung didnt waste all that time for nothing, theyre protecting your data, and rooting your device makes it vulnerable. Im amazed there was ever a way around it before 5.1.1
lootbooper said:
It it was that easy to work around knox, i guess it wouldnt be that great of a security feature huh? Samsung didnt waste all that time for nothing, theyre protecting your data, and rooting your device makes it vulnerable. Im amazed there was ever a way around it before 5.1.1
Click to expand...
Click to collapse
So true, but I been looking at this 2 ways, as what I read and heard from Samsung about KNOX is you have software which is what the security Suite of apps is all about, it handles all the security features, the KNOX (EFUSE) when rooted or phone is set to custom trips the KNOX Counter which Samsung told me in an email its not connected to the Software Suite for Security, its in place to tell them (Samsung) that the phone has been altered, which VOIDS the WARRANTY and Samsung can refuse to fix your phone. I am trying to get more answers from Samsung about why Samsung Pay stops working if this (Efuse) KNOX Counter is tripped, so far they say the Counter is not related to the software suite. I get no direct answer about it. They don't claim is stops Samsung Pay from working but they really don't tell me why it does stop it either.
UPDATE: " just got an email back from a tech at Samsung, tells me if phone is rooted or custom or if the knox counter is 0x1 you can not install samsung pay, told me the counter is part of the security being used in the Knox Suite." So I guess they are linked then.
Well i see what your getting at i think, but seems like no one has had an issue getting a replacement device with knox tripped. And samsung pay does not even open after tripping when it previously worked. So someone is lying.
Look at all the problems with apple pay. If you dont want your bank account tapped or credit cards maxxed dont break knox. On my opinion its not even that great of a feature, most banks dont support it, and many card terminals wont either until they get updated.
I was just thinking about this myself. I liked having a rooted phone before, but the advantages of having a sandbox on my phone for extra security is nice. You can even use it to have 2 of apps. Like ig or snapchat where u have more than 1 account. Besides some of the little things i miss like xposed, there is no real reason to root the phone, besides maybe tethering. You even can do themes if you want it to look different or a launcher. but can't totally reset your phone after that damn counter.
stldelsol said:
I was just thinking about this myself. I liked having a rooted phone before, but the advantages of having a sandbox on my phone for extra security is nice. You can even use it to have 2 of apps. Like ig or snapchat where u have more than 1 account. Besides some of the little things i miss like xposed, there is no real reason to root the phone, besides maybe tethering. You even can do themes if you want it to look different or a launcher. but can't totally reset your phone after that damn counter.
Click to expand...
Click to collapse
I am still a newbie at this , I rooted my moto razor when I first got it, best damn phone at the time, then I got into Samsung because the camera was better, first Samsung was the S4, what an upgrade from moto... I rooted and tweaked it and never left Android 4.2.2, its still that way, but I wanted a better camera and thought everyone was all happy about lollipop so I got a S6, which it has KNOX, my old s4 has no knox not even in the bootloader, I used triangle away to reset the binary counter but with this S6 I am torn between root or no root, am I going to custom it out or stick around to see if Samsung Pay will actually work out. Rooting does have a purpose but if manufacturers would just let us get rid of bloat maybe the phones could be ours. I also wondered about if rooting would leave your phone open to security risks, I thought you had to grant root access to get into the sandbox.???
I disabled everything i dont use so almost feels like no bloat lol. If you open knox you can set it to be a launcher and have a different set of apps, background and so on. Its nice to keep work separate from regular life. But with root you can achieve a lot of cool things. But after years of rooting and custom roms i am happy with a vanilla phone........ for know haha
Good morning everyone. As someone very curious about tech, and since they are advertising the Knox Vault feature on latest Exynos chips here in France, I wonder how the Knox Vault affects rooting. I had a rooted S8 and I couldn't launch things like SM pay, and health. I already read the white paper and to root guide in sticky, but I want to know if one of you actually have a teardown of the software part, or how does the root tamper with the Vault and the Knox keys. Thanks in advance to everyone that have answers!
loulou310 said:
Good morning everyone. As someone very curious about tech, and since they are advertising the Knox Vault feature on latest Exynos chips here in France, I wonder how the Knox Vault affects rooting. I had a rooted S8 and I couldn't launch things like SM pay, and health. I already read the white paper and to root guide in sticky, but I want to know if one of you actually have a teardown of the software part, or how does the root tamper with the Vault and the Knox keys. Thanks in advance to everyone that have answers! 10.0.0.0.1 192.168.1.254
Click to expand...
Click to collapse
I got this,..
loulou310 said:
Good morning everyone. As someone very curious about tech, and since they are advertising the Knox Vault feature on latest Exynos chips here in France, I wonder how the Knox Vault affects rooting. I had a rooted S8 and I couldn't launch things like SM pay, and health. I already read the white paper and to root guide in sticky, but I want to know if one of you actually have a teardown of the software part, or how does the root tamper with the Vault and the Knox keys. Thanks in advance to everyone that have answers!
Click to expand...
Click to collapse
There is a belief (with some proof) that the KNOX is tied to an E-Fuse (physical) on the board which breaks when we root or anything which alters the system. Once the fuse melts, nothing to be done. KNOX retaliates with the security measures like stopping the functions of the apps like S Secure, S Health, Pay and Pass to protect the device.. So far, there is no way to reverse the fuse condition. Motherboard replacement is the only option. Hope this helps your question.
Vorion said:
There is a belief (with some proof) that the KNOX is tied to an E-Fuse (physical) on the board which breaks when we root or anything which alters the system. Once the fuse melts, nothing to be done. KNOX retaliates with the security measures like stopping the functions of the apps like S Secure, S Health, Pay and Pass to protect the device.. So far, there is no way to reverse the fuse condition. Motherboard replacement is the only option. Hope this helps your question.
Click to expand...
Click to collapse
Is not a physical fuse it's purely software. If you root, it breaks Knox. Knox is the security (think Fort Knox) that Samsung implemented. Once Knox is tripped it cannot be restored and you can no longer use Samsung Wallet, Secured Folder, most banking apps, Samsung Health, DeX, and creating a work profile.
gernerttl said:
Is not a physical fuse it's purely software. If you root, it breaks Knox. Knox is the security (think Fort Knox) that Samsung implemented. Once Knox is tripped it cannot be restored and you can no longer use Samsung Wallet, Secured Folder, most banking apps, Samsung Health, DeX, and creating a work profile.
Click to expand...
Click to collapse
This is a false information. Learn more about KNOX and e-Fuse on these links.
What is a Knox Warranty Bit and how is it triggered?
eFuse - Wikipedia
en.wikipedia.org
If it had been purely a software thing, Devs at XDA, Github, StackOverflow communities would have found a way to reverse it many many years ago. Some devs here tried to find ways to reverse it. It's almost a decade now.
Edit: Banking apps have nothing to do with KNOX. It's to do with Google's Safety Net Attestation. And DEX will work fine on a KNOX triggered device as it did on mine.
Vorion said:
This is a false information. Learn more about KNOX and e-Fuse on these links.
What is a Knox Warranty Bit and how is it triggered?
eFuse - Wikipedia
en.wikipedia.org
If it had been purely a software thing, Devs at XDA, Github, StackOverflow communities would have found a way to reverse it many many years ago. Some devs here tried to find ways to reverse it. It's almost a decade now.
Edit: Banking apps have nothing to do with KNOX. It's to do with Google's Safety Net Attestation. And DEX will work fine on a KNOX triggered device as it did on mine.
Click to expand...
Click to collapse
You are correct about the hardware part. However, anything that relies on Knox will not work. That includes any banking apps that rely on it. There are ways around getting banking apps working again using Magisk. It depends on the banking app.
Also, if you have the US version of the S22 you won't be able to root it anyway. US Carriers required that Samsung lock the bootloader. Nobody has been able to unlock the bootloader, yet.
You don't need to change out the motherboard though. If you send it back to Samsung, they can reload the firmware. It's a matter of rewriting the firmware back to the hardware with the proper encryption keys (in otherwards a full factory reinstall). It's not cheap though. It would be cheaper to buy a new phone.
gernerttl said:
You are correct about the hardware part. However, anything that relies on Knox will not work. That includes any banking apps that rely on it. There are ways around getting banking apps working again using Magisk. It depends on the banking app.
Also, if you have the US version of the S22 you won't be able to root it anyway. US Carriers required that Samsung lock the bootloader. Nobody has been able to unlock the bootloader, yet.
You don't need to change out the motherboard though. If you send it back to Samsung, they can reload the firmware. It's a matter of rewriting the firmware back to the hardware with the proper encryption keys (in otherwards a full factory reinstall). It's not cheap though. It would be cheaper to buy a new phone.
Click to expand...
Click to collapse
Yes, any app which relies on KNOX, won't work on a fuse-blown device. However, only a handful of Samsung's proprietory apps rely on Knox. Earlier, I used to change the TIMA value and get S Health app to work by circumventing Knox Status. That's not happening nowadays. Banking apps rely only on Google's Safety Net. Banking apps have no direct ties to Knox. Magisk module, Universal Safety Net Fix being the solution. Again, it's called Safety Net Fix for the same reason.
There are some sources to unlock US variants. I never had the need to use their services. So I can't recommend it. But there are people who claim to have unlocked their US devices through their services.
About flashing the firmware with "proper" encryption keys is an "interesting" news. But all these years, I have only known about Samsung Customer Care around the world, telling the people that the motherboard replacement being the only option in such cases. Again, you are implying that there's a software fix. May I know where you got this info?
Vorion said:
There is a belief (with some proof) that the KNOX is tied to an E-Fuse (physical) on the board which breaks when we root or anything which alters the system. Once the fuse melts, nothing to be done. KNOX retaliates with the security measures like stopping the functions of the apps like S Secure, S Health, Pay and Pass to protect the device.. So far, there is no way to reverse the fuse condition. Motherboard replacement is the only option. Hope this helps your question.
Click to expand...
Click to collapse
gernerttl said:
Is not a physical fuse it's purely software. If you root, it breaks Knox. Knox is the security (think Fort Knox) that Samsung implemented. Once Knox is tripped it cannot be restored and you can no longer use Samsung Wallet, Secured Folder, most banking apps, Samsung Health, DeX, and creating a work profile.
Click to expand...
Click to collapse
Vorion said:
Yes, any app which relies on KNOX, won't work on a fuse-blown device. However, only a handful of Samsung's proprietory apps rely on Knox. Earlier, I used to change the TIMA value and get S Health app to work by circumventing Knox Status. That's not happening nowadays. Banking apps rely only on Google's Safety Net. Banking apps have no direct ties to Knox. Magisk module, Universal Safety Net Fix being the solution. Again, it's called Safety Net Fix for the same reason.
There are some sources to unlock US variants. I never had the need to use their services. So I can't recommend it. But there are people who claim to have unlocked their US devices through their services.
About flashing the firmware with "proper" encryption keys is an "interesting" news. But all these years, I have only known about Samsung Customer Care around the world, telling the people that the motherboard replacement being the only option in such cases. Again, you are implying that there's a software fix. May I know where you got this info?
Click to expand...
Click to collapse
Perhaps you might like to try my little module if you have magisk installed ...
GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices
Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices - GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" f...
github.com
73sydney said:
Perhaps you might like to try my little module if you have magisk installed ...
GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices
Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices - GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" f...
github.com
Click to expand...
Click to collapse
Thanks. I'm not rooted, nor do I intend to. My S22 Ultra does everything I want and need it to do as is.
gernerttl said:
Thanks. I'm not rooted, nor do I intend to. My S22 Ultra does everything I want and need it to do as is.
Click to expand...
Click to collapse
Not sure why you replied in a thread about rooting, just to tell me you werent interested in rooting?
Seems odd....
73sydney said:
Perhaps you might like to try my little module if you have magisk installed ...
GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices
Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices - GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" f...
github.com
Click to expand...
Click to collapse
I would be trying this in a few days. Thank you for the suggestion and your work!
73sydney said:
Not sure why you replied in a thread about rooting, just to tell me you werent interested in rooting?
Seems odd....
Click to expand...
Click to collapse
I do have the same feeling. Feels like he has never used rooted/Knox Tripped Samsung device yet he is giving out his opinions on root and Knox, Magisk, etc., which are far from the facts. When I asked about the source of his claims, he went silent untill your reply. It's better to leave it at that.