[KNOX] S4 mini and Knox - Galaxy S 4 Mini General

Disclaimer: I'm not liable to any demage to your device, including Knox. The information here is as good as I know, there is no guarantee.
(If you like to provide extra information or have a correction, I'll add it to the OP)
Read this first:
http://forum.xda-developers.com/showthread.php?t=2447832
Additional information:
- How to view if I've Knox enabled or not? Enter download-mode (Power the device off and then press volume down + home + power, then press volume up if the triangle screen appears) If it says Knox 0x1 instead of 0x0, you tripped knox
- You'll get Knox 0x1 (warranty void) when you flash: custom kernel (which is included in many roms) or custom recovery (Update: @gladson1976 claimed a custom recovery didn't trip Knox at him. But at me it did)
- The device will be functional as before, nothing changes, all apps work etc. (Just at booting recovery or system it says "Set warranty bit, custom recovery" and "Set warranty bit, custom kernel" (depending on if you use a custom kernel or recovery)) info provided by @rpgdev (It's been said though, that Knox related app's will stop working.) (Upate: @fburgos claims that tripping knox caused him signal issues)
Another thing is, that if you've Knox apps still installed, they'll give you a message when giving root rights to apps "there is something wrong with the app", as reported by @Flatric
If you get warnings about applications doing not permitted actions, delete the following files from system/app, or let SuperSU fix it for you.
KNOXAgent.apk
KNOXStore.apk
ContainerAgent.apk
(Use a root browser app for deleting the files)
(information provided by @arco68 throught @R_a_z_v_a_n , thanks.
- Can I reverse Knox? So far it's impossible, but maybe one day there is a workaround (Update: workaround for Exynos CPU available, but not s4 mini yet. (see at buttom))
- Will there ever be a workaround? Knox uses and eFuse chip according to @rogier666 so there will be probably no workaround.
- I heard that in Europe your warranty will not be void, even if it's Knox 0x1 (no guarantee) check this thread for germany: http://forum.xda-developers.com/gal...arranty-knox-warranty-void-behaviour-t2919994
- It's been reported that even flashing a newer stock firmware with Odin could cause Knox active @tinko975 (I assume this happens because of Odin update of the recovery and kernel (Use in phone Samsung updater to stay safe)
- Reflashing the firmware doesn't cause KNOX 0x1 as reported by @Gloris, confirmed by @Bullet92
- Many rooting method will enable KNOX too, thanks to @afme89 for the info.
Extra:
- People claimed that if you flash a certain rom and remove the custom kernel from it and flash it with odin then it doesn't get Knox (because no custom kernel, no custom recovery.)
Knox workaround news:
@masinj claimed claimed to has found a workaround for Exynos CPU (Not S4 mini) Further info about this:
How does Knox work? Because Knox is both in the OS (apps) and in the firmware (bootloader) it works in two ways. The OS components prevent attempts to obtain root access and make rooting with these Knox apps a pain in the butt. Fortunately they can be removed. In the firmware component (bootloader), Knox works to prevent the flashing of custom kernels and recoveries. If you flash a custom rom or custom recovery WHILE on the Knox bootloader, your Knox flag will be tripped and your Warranty Bit will go from 0x0 to 0x1. The Knox bootloader cannot be downgraded to, say, the MD4 bootloader because of special protections built into it. If you attempt to downgrade it, your phone will instantly brick. Info provided by @R_a_z_v_a_n , thanks.
Credits:
XDA developers
Me
@tinko975
@Gloris
@Bullet92
@afme89
@rpgdev
@Flatric
@R_a_z_v_a_n
@arco68
@masinj
@gladson1976
@fburgos
@rogier666

Reserved

my device turns knox to 0x1 in the beginning when i flash newer stock firmware with odin..
in Croatia (Europe) Warranty is void if your knox is 0x1.

tinko975 said:
my device turns knox to 0x1 in the beginning when i flash newer stock firmware with odin..
in Croatia (Europe) Warranty is void if your knox is 0x1.
Click to expand...
Click to collapse
Good to know, I'll add this to the OP :good: Thank you for contributing

Information updated, thanks to @Gloris

Aronuser said:
Information updated, thanks to @Gloris
Click to expand...
Click to collapse
Can confirm that. Reflashed it via Odin yesterday and KNOX is still 0x0.

Many rooting methods will set the Knox flag 0x1 too.

Bullet92 said:
Can confirm that. Reflashed it via Odin yesterday and KNOX is still 0x0.
Click to expand...
Click to collapse
afme89 said:
Many rooting methods will set the Knox flag 0x1 too.
Click to expand...
Click to collapse
Thank you both, I added the infos and credits to you.

I think there could also be a list of firmwares which have knox.
Example mine doesn't have one, l9195XXUAMF5.
Edit: Added link to this to few of my threads, also linked this to my signature, thanks!

leripe said:
I think there could also be a list of firmwares which have knox.
Example mine doesn't have one, l9195XXUAMF5.
Edit: Added link to this to few of my threads, also linked this to my signature, thanks!
Click to expand...
Click to collapse
First off, thank you for adding the link to your signature, i really appreciate it.
About the firmware list, well the idea is good but I don't have time for doing that. If you like to provide it I'd add it to the thread if you like (second post).

You can add that your phone will be functionally the same, I bought a 9195 (after owning the 9190) that had knox and went ahead and flashed something else (knowing that it could trip it, guarantee doesn't cover me anyways) and while it is tripped I can still flash anything, use all of my apps, etc. I had an s3 before and knox was tripped and I still could do everything I used to do.
The only really annoying thing about tripping knox is that on the first boot screen it will always show this little message announcing the "set warranty bit" which can be 'kernel' (if you're just normally booting the phone) or 'recovery' if you're booting into recovery. It shows up everytime you turn on your phone. It looks like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

rpgdev said:
You can add that your phone will be functionally the same, I bought a 9195 (after owning the 9190) that had knox and went ahead and flashed something else (knowing that it could trip it, guarantee doesn't cover me anyways) and while it is tripped I can still flash anything, use all of my apps, etc. I had an s3 before and knox was tripped and I still could do everything I used to do.
The only really annoying thing about tripping knox is that on the first boot screen it will always show this little message announcing the "set warranty bit" which can be 'kernel' (if you're just normally booting the phone) or 'recovery' if you're booting into recovery. It shows up everytime you turn on your phone. It looks like this:
Click to expand...
Click to collapse
Thank you I'll add the info to the OP and give you credits :good:

rpgdev said:
You can add that your phone will be functionally the same, I bought a 9195 (after owning the 9190) that had knox and went ahead and flashed something else (knowing that it could trip it, guarantee doesn't cover me anyways) and while it is tripped I can still flash anything, use all of my apps, etc. I had an s3 before and knox was tripped and I still could do everything I used to do.
The only really annoying thing about tripping knox is that on the first boot screen it will always show this little message announcing the "set warranty bit" which can be 'kernel' (if you're just normally booting the phone) or 'recovery' if you're booting into recovery. It shows up everytime you turn on your phone. It looks like this:
Click to expand...
Click to collapse
I've a question about that, I heard the knox app's will stop working. is this true or false?

Aronuser said:
I've a question about that, I heard the knox app's will stop working. is this true or false?
Click to expand...
Click to collapse
I know that sometimes on stock some persistent warning messages show up on the notification bar and to get rid of them you have to freeze some 'knox apps' or remove them from the system apps. I have yet to meet a useful 'knox app' but if there is let me know and next time I'm on stock I could try it out and report back.

Aronuser said:
I've a question about that, I heard the knox app's will stop working. is this true or false?
Click to expand...
Click to collapse
On my phone Knox was tripped after rooting my phone and everytime I wanted to give an application root rights knox said there's something wrong and I should uninstall the app and reboot my phone.

If you get warnings about applications doing not permitted actions, delete the following files from system/app, or let SuperSU fix it for you.
KNOXAgent.apk
KNOXStore.apk
ContainerAgent.apk
Click to expand...
Click to collapse
From arco's root thread.
Powered by CM11 - M6 snapshot

Flatric said:
On my phone Knox was tripped after rooting my phone and everytime I wanted to give an application root rights knox said there's something wrong and I should uninstall the app and reboot my phone.
Click to expand...
Click to collapse
Thanks for providing the info, I'll add it to the OP and give you credits :good:

R_a_z_v_a_n said:
From arco's root thread.
Powered by CM11 - M6 snapshot
Click to expand...
Click to collapse
Thank you, I'll add the info to the OP and give you credits. :good:
------------
To all further informations which can be added I'll add them too and give credits, but skip writing it down here

KNOX tripped
Hi, I like that there is someone taking care for this device.
I have a GT-I9192 (A Duos version of S4 Mini) and rooted it so the KNOX is 0x1
Also a friend of mine has one too, and I updated his phone to the latest stock rom (not rooted or anything other, just update) with Odin, and his warranty bit shows 0x1
but a couple of days ago, his phone had a hardware damage (I think so) there is a problem with the screen so the phone shuts down after 3 or 4 minutes, and then doesn't restart. Went to Samsung Costumer Care and they say that the phone has been rooted, so it's out of the warranty.
also about the knox and eFuse thing, as I could understand in some other topics ( like this one: http://forum.xda-developers.com/showthread.php?t=2486346 ) the eFuse thing comes in use in Snapdragon N9000 and above chips, and this device has a Snapdragon 400
however, it would be very good if we could make a Knox reset...

urtin said:
however, it would be very good if we could make a Knox reset...
Click to expand...
Click to collapse
A knox reset isn't possible right now and probably won't be in a while (or ever). Tripping knox voids your warranty, in many people's cases (like mine) this isn't a problem because they aren't covered by it but if you are then you should probably think it twice before messing with something that could trip knox. There's no way around it sadly. I hope your friend can at least repair the device with a third party.

Related

[GUIDE] Manually up- or downgrade firmware

Responsibility
I am not responsible for your bricked devices, dead ad-card or anything else you did because of this guide. It is up to you, to read this guide carefully and to inform you also on other places, so that you know what you are doing and what are the risks.
If you have fear to brick your Note then better wait and take your time. The official OTA update will also came in some days.
If something goes wrong then don't hesitate and post it here. I - and surly others - will try to help you.
Upgrade
I didn't want to wait for the next OTA update to MK1 (which include user management and other improvements). So, I start to update manually and because I didn't find clearly answers here in the forum, I make afterwards this guide.
This guide should work for all different kind of 10.1 Notes Edition 2014 (WiFi only, GSM, LTE) so long you download the corresponding, correct firmware for your Note version. I did it for a P600 (WiFi only) and it works without any issues.
Results
Updated to newest firmware (MK1)
Normally you don't lose your data and configuration just as by a OTA update. But make however a backup of everything for the case something goes wrong and you have to made a factory reset!
Still everything is working what I use. I didn't and can't test everything and maybe something is not longer working because of the region switch.
The warranty bit is still 0 (after the update):
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Preparation
First we need the firmware, we want to flash to our Note. I got mine from here: Sammobile but you can get it also from here: Samsungis.
You can find a list of all firmwares for your Note model by searching. In the list I choose the newest one for the MK1 update also it is for a different region. Until now I didn't see any issues because of this region switch.
Issue is maybe that you can't download here the firmware because both sides use hotfile for file hosting. Here you can use the pCloud service. I did it and from there I could download the file.
Next we need some tools: Odin (I use version 3.09) and maybe a Samsung usb driver (I got mine because of an earlier installed Kies). There are many places where you can find Odin but I got mine from here: Odin 3.09 (xda).
If you don't have a Windows computer in your reach then there are also tools for MacOS and Linux but I didn't test any of them!
A Samsung USB driver which by example is installed when you install the Kies application from Samsung.
Upgrading
There are many good tutorials for using the Odin application. Therefore I will only describe in a nutshell what I did. When you search for a more detailed guide then you can use one of them: Samsungsi: Using Odin, rootSU (xda): Odin flash guide. They also exists in other languages, you are free to use a search tool.
Start Odin as administrator
Connect the Note via USB too the computer and check that Odin got a connection: One of the ID:COM fields should contain the port number and also the background should be blue (or yellow if you use an older Odin version).
Press the AP (PDA in older versions) button to add the downloaded firmware (tar.md5). In the message box you should see (depending from your Odin version):
Code:
...
<OSM> Please wait...
<OSM> (*) is valid
<OSM> Checking MD5 finishes Successfully...
<OSM> Leave CS..
(*) the filename of your firmware download.
Power-off the Note and wait for 1 minute (I didn't understand this step but found it in some guides)
Hold the power and volume down button pressed until you see the triangle screen.
Press the volume up button to go to the download mode (Odin mode):
New press the Start button in Odin and wait until flash is down. Be very carefully here!
And no, I don't have any photos to show what happens now. Look into other more detailed Odin guides.
At the end the Note reboot by his own and the update is done :laugh:
When something goes wrong then look in the tutorials, how to solve it.
Downgrade
A downgrade works in the same way with Odin. So, you can download an older firmware and flash it in the same way with Odin.
You can here also use Kies to recover an old firmware and Kies download the correct version for you. I try this with the current Kies version 3 for Windows and MacOS and with both it works.
Special thanks to
xda for his great community
Sammobile for the firmware
beanstown106, bigbiff, nrage23 and many others here in the forum for their knowledge and help
lap777 for correction on this guide
rootSU for his Odin guide
F.A.Q
Will the warranty bit change to 1?
As you can see above mine is still 0. I also expect this because with this guide we flash a by Samsung signed firmware. But I read also in other guides for other devices that in some cases the bit is increased to 1. So, don't be surprised when this happens.
Can I get system status 'Official' back?
Yes, with both methods from above, you got current binary: 'Samsung Official' and system status: 'Official' back after you flash a custom recovery or ROM. Only the warranty bit will in this case stay 1.
I would have thought the AP button (PDA?), not CP (Phone/modem?). Sorry, I'm new at this
lap777 said:
I would have thought the AP button (PDA?), not CP (Phone/modem?). Sorry, I'm new at this
Click to expand...
Click to collapse
We are all new to this and you are right. Next time I write my guide in parallel.
PS. The guide is corrected.
I’m wandering if i can flash different regional version and donot trigger knox?
yobyzal said:
I’m wandering if i can flash different regional version and donot trigger knox?
Click to expand...
Click to collapse
I, like others, did it (the MK1 is only for some regions available) and didn't trigger knox. Like I said, this firmwares (from the sources above) are the original ones which are still signed by Samsung. If you flash something with a custom recovery or already rooted than this will not be the case and you will trigger knox.
PS. If you have also an P600: I flash "P600UEUBMK1_P600XARBMK1_HOME.tar.md5" which is for region "Cellular south" which is surly not "Luxembourg".
PPS. And until now I didn't have any other problem because of the different region.
PPPS. In the meantime I rooted my Note and trigger therefore knox. But also this seems no problem for me. I can still flash the stock firmware and got then OTAs (set bit is still set to 1). And the warranty will be still given for 6 month in Europa. Only extra guaranties by Samsung will be maybe a problem. And here I didn't care.
I can confirm that the method provided in this guide has updated my Galaxy Note 10.1 (2014 German Edition) to firmware version MK1 without triggering Knox. Warranty bit still 0.
sbeanie said:
I can confirm that the method provided in this guide has updated my Galaxy Note 10.1 (2014 Edition), German Edition, to firmware version MK1 without triggering Knox. Warranty bit still 0.
Click to expand...
Click to collapse
Congratulations. And German Edition is the original edition for your device, right?
yobyzal said:
Congratulations. And German Edition is the original edition for your device, right?
Click to expand...
Click to collapse
Yes my device was bought in Germany.
my p600was tripped by just flashing the stock firmware again using Odin.
moom999 said:
my p600was tripped by just flashing the stock firmware again using Odin.
Click to expand...
Click to collapse
What did you mean with "again"? (a) you flash it again and then it was tripped or (b) it was already tripped and after flashing was not changed?
b) will be normal because this flag will stay on 1 for ever
I flashed yesterday without tripping Knox.
Maybe I should try this too. Tired of waiting for OTA. Samsung support gave me a generic "we are looking into this matter" reply so my guess is they are totally clueless about eta of MK1 in Europe and probably don't even understand what I'm talking about...
Elim said:
What did you mean with "again"? (a) you flash it again and then it was tripped or (b) it was already tripped and after flashing was not changed?
b) will be normal because this flag will stay on 1 for ever
Click to expand...
Click to collapse
I flashed the stock firmware again then it was tripped
Now I flashed different regional version and the result shows that WARRANTY BIT still be zero.:victory:
home button problem
Is anyone else having problems with their home button not working? I press the home button and it doesnt take me to my "home screen" but it will wake up and return back to the screens from the app drawer. If anyone else has the same problem let me know if you have came to a solution. Thanks
osbrandon said:
Is anyone else having problems with their home button not working? I press the home button and it doesnt take me to my "home screen" but it will wake up and return back to the screens from the app drawer. If anyone else has the same problem let me know if you have came to a solution. Thanks
Click to expand...
Click to collapse
Way to bump a 5 month old thread with a completely unrelated problem. Good work.
osbrandon said:
Is anyone else having problems with their home button not working? confused
Click to expand...
Click to collapse
Yes, you seem to be a little bit confused because this topic has nothing do with your question and otherwise this question is already asked many times.
Stock firmware includes the stock recovery?
Which is the correct Country/Carrier for the US?
Elim said:
What did you mean with "again"? (a) you flash it again and then it was tripped or (b) it was already tripped and after flashing was not changed?
b) will be normal because this flag will stay on 1 for ever
Click to expand...
Click to collapse
Will this work or have you heard if it working for the new Verizon LTE model...mine came with 442 and would like to downgrade so I can root & custom recovery? But I dont see US firmware listed by Samsung lloks like they remvoed it.

[Q] I need to root my device to reset hidden counter, unroot it without voiding KNOX.

Hi guys,
So I have to send my phone away for a repair under warranty with the provider (O2) tomorrow, however, when I unrooted and re-flashed the stock ROM, I forgot to use TriangleAway to reset or even check my hidden flash counter.
My phone had updated to 4.3 before I realised, and now I am stuck between a rock and a hard place. I can flash the Root file onto my phone using Odin to allow me to use TriangleAway, but by doing so I am risking voiding my KNOX Warranty. As we know this is irreversible, but then leaving my flash counter at something other than 0, I'm risking my warranty being made void anyway.
I mean, my counter could be 0 anyway, but I doubt it with the several ROMs I flashed to it, including three CyanogenMod ROMs and a GPE ROM.
What do I do? And more importantly, how do I do it to avoid voiding my KNOX Warranty status?
Thanks guys!
Go to DOWNLOAD MODE and make us a screenshot or write here what appears there pls
Joku1981 said:
Go to DOWNLOAD MODE and make us a screenshot or write here what appears there pls
Click to expand...
Click to collapse
Sorry if I wasn't clear, my current status is "KNOX Warranty Void: 0x0". I want to root my phone to run triangle away to reset the flash counter, and then unroot it, all without changing this to 0x1.
Any ideas?
radiocaf said:
Sorry if I wasn't clear, my current status is "KNOX Warranty Void: 0x0". I want to root my phone to run triangle away to reset the flash counter, and then unroot it, all without changing this to 0x1.
Any ideas?
Click to expand...
Click to collapse
Yes.
- U can root it by this way: HERE. This method no void ur warranty.
- About triangle away u can ask Chainfire directly HERE
Joku1981 said:
Yes.
- U can root it by this way: HERE. This method no void ur warranty.
- About triangle away u can ask Chainfire directly HERE
Click to expand...
Click to collapse
Thank you, I will try that. Do you know if my device status will change to custom by rooting and will TriangleAway change it back to Official?
I did everything you said and it worked perfectly. My phone had a counter of 0 so it was all in vain, but at least I know now. I got my system status back to Official, counter is 0, KNOX is untouched. I just can't update OTA, but that's no problem as long as it looks unmodified ready for it to be sent off for repair under warranty tomorrow. Thanks man!
use xposerd framework and wanam framework to change status to oficjall. this method work and you can check ota updates
Hello,
there is any way for saferoot leaked i9505 4.4?
I tryed saferoot and vroot without luck

reset counter the KNOX

Hello my brothers,
it was the first post me here at XDA
will give you the original file for the reset counter the KNOX for note3 n900 only.
and I will raise it on the MEGA.
did you have to do is download and run ODIN program file and enter the device on the status of the DOWNLOADMODE and then you connect the device to USB and choose to reset the counter file after completion remove the battery and reinsert then enter into the DOWNLOADMODE once again and then chose any Software installed and want to be here have restored security
ALRA7AL.SYRIA 😉
Greetings to you if you like this topic only thank enough for me
https://mega.nz/#!VYV3xCzb!_XOkBLULxoAqO73ll2FR_o1I04We2iwCEAKeUCYkeHU
alra7al.syria said:
Hello my brothers,
it was the first post me here at XDA
will give you the original file for the reset counter the KNOX for note3 n900 only.
and I will raise it on the MEGA.
did you have to do is download and run ODIN program file and enter the device on the status of the DOWNLOADMODE and then you connect the device to USB and choose to reset the counter file after completion remove the battery and reinsert then enter into the DOWNLOADMODE once again and then chose any Software installed and want to be here have restored security
ALRA7AL.SYRIA ?
Greetings to you if you like this topic only thank enough for me
https://mega.nz/#!VYV3xCzb!_XOkBLULxoAqO73ll2FR_o1I04We2iwCEAKeUCYkeHU
Click to expand...
Click to collapse
There are already two methods to reset knox.
No point in opening another thread.
Reporting via N910G.
yashthemw said:
There are already two methods to reset knox.
No point in opening another thread.
Reporting via N910G.
Click to expand...
Click to collapse
thank bro i was reported
Sent from my SM-N900 using XDA-Developers mobile app
alra7al.syria said:
Hello my brothers,
it was the first post me here at XDA
will give you the original file for the reset counter the KNOX for note3 n900 only.
and I will raise it on the MEGA.
did you have to do is download and run ODIN program file and enter the device on the status of the DOWNLOADMODE and then you connect the device to USB and choose to reset the counter file after completion remove the battery and reinsert then enter into the DOWNLOADMODE once again and then chose any Software installed and want to be here have restored security
ALRA7AL.SYRIA 😉
Greetings to you if you like this topic only thank enough for me
https://mega.nz/#!VYV3xCzb!_XOkBLULxoAqO73ll2FR_o1I04We2iwCEAKeUCYkeHU
Click to expand...
Click to collapse
Also note 3 is too old and will not get any updates. Notb many would be interested in resetting the Knox.
Does this method actually work, my counter is 0x1, i didnt think it could be reset on the N9005??
gazza35 said:
Does this method actually work, my counter is 0x1, i didnt think it could be reset on the N9005??
Click to expand...
Click to collapse
Read post one .
will give you the original file for the reset counter the KNOX for note3 n900 only.
JJEgan said:
Read post one .
will give you the original file for the reset counter the KNOX for note3 n900 only.
Click to expand...
Click to collapse
Ah ok i see, not the N9005, cheers Anyway.
ok bro
gazza35 said:
Does this method actually work, my counter is 0x1, i didnt think it could be reset on the N9005??
Click to expand...
Click to collapse
us this link
http://forum.xda-developers.com/gal...t-guide-note-3-lte-sm-n9005-lollipop-t3093183
alra7al.syria said:
us this link
http://forum.xda-developers.com/gal...t-guide-note-3-lte-sm-n9005-lollipop-t3093183
Click to expand...
Click to collapse
Yer i have root already and Phronesis installed, unfortunatley i had tripped knox, probably when i installed twrp, but as of yet i dont think there is anyway to reset it.
Unless the phone has warranty or you want to sell the phone, I don't think resetting the Knox counter means much as a tripped Knox counter has never caused me any problems with the phone using stock or custom ROMs.
audit13 said:
Unless the phone has warranty or you want to sell the phone, I don't think resetting the Knox counter means much as a tripped Knox counter has never caused me any problems with the phone using stock or custom ROMs.
Click to expand...
Click to collapse
Yer it was just for re-sale purposes. just to make sure everything as it should be, but i know, means nothing really, just samsungs way of getting out of honouring warranty, interestingly, i once owned a galaxy s2, and purchased a USB JIG, years ago, i then had a s3, s4 and the jig wouldnt work on them so i threw it in a draw.
The other day i came across the jig, and thought id try it on my Note which reported the binary as custom and the counter as 0x1, Upon turning off my Note 3 and inserting the jig into the usb socket, it did indeed fire my phone straight into download mode, although my phone counter is still 0x1, it has indeed changed the binary from custom to official.
Lol, didnt think it would do anything but there ya go, Partial success.
Just Flashed today...
I got my device soft-brick after flashing it,
when i power the phone up, it doesn't boot into system, but showing..
Error Code : [ RST_STAT = 0X400 ]
POWER RESET or
UNKNOWN
UPLOAD MODE
Pls, did somebody experience it?...
---------- Post added at 09:25 AM ---------- Previous post was at 09:15 AM ----------
Thank a lot guys..
The problem is solved..
I have got my device back.

Is my KNOX tripped?

Merry Christmas everybody!
I wanted to flash TWRP on my S7 Edge but it didn't really go smooth. I disabled OEM lock and flashed it through Odin and it said it was a success but on reboot I met the FRP screen so I had to flash a stock firmware. Now it's fine but S Health says that my phone is rooted and doesn't launch. I tried in safe mode and it doesn't still launch. The problem is that my counter is at 0! I read that by flashing a custom binary you trip KNOX and the counter can't be reverted to 0. How's it possible? Is my KNOX tripped? And if not, would it be tripped if I manage to correctly install TWRP?
yes, knox is tripped but u can use s-health, just install the ancient version of the app and set it up, after that, just update s-health from play store and also the knox is already tripped, so flash the firmwares and happy flasing.
If i helped u, don't forget to say thanks.
sushant1thakran said:
yes, knox is tripped but u can use s-health, just install the ancient version of the app and set it up, after that, just update s-health from play store and also the knox is already tripped, so flash the firmwares and happy flasing.
If i helped u, don't forget to say thanks.
Click to expand...
Click to collapse
But why does the counter remain at 0x00?
Can you post an image of the counter which shows 0x00?
cheekrox said:
Can you post an image of the counter which shows 0x00?
Click to expand...
Click to collapse
i will second that, can u upload the image. if all u r saying is true,then u have flashed the wrong version of twrp or messed up a few steps of that process.
but if u had done something different and still has knox intact, then sir u r a genius, if the flashing went the right way. but u can try again for that.
sushant1thakran said:
i will second that, can u upload the image. if all u r saying is true,then u have flashed the wrong version of twrp or messed up a few steps of that process.
but if u had done something different and still has knox intact, then sir u r a genius, if the flashing went the right way. but u can try again for that.
Click to expand...
Click to collapse
Here it is
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I believe that something went wrong during the flash process(even if Odin said it was a success) because I used the right version of TWRP. So my Knox isn't tripped? If it isn't is it common for S health to behave this way?
EDIT: i left auto-reboot checked in Odin. Coul this be the cause?
s7frank said:
Here it is
I believe that something went wrong during the flash process(even if Odin said it was a success) because I used the right version of TWRP. So my Knox isn't tripped? If it isn't is it common for S health to behave this way?
Click to expand...
Click to collapse
You need to reflash stock again bro, your knox isn't tripped because twrp wasn't flashed correctly, you need to enable allow oem unlock and usb debugging first in developer options before flashing custom recovery/roms, simply reflash stock samsung for your region again.
Sent from my S7 Edge using XDA Labs
shah22 said:
You need to reflash stock again bro, your knox isn't tripped because twrp wasn't flashed correctly, you need to enable allow oem unlock and usb debugging first in developer options before flashing custom recovery/roms, simply reflash stock samsung for your region again.
Sent from my S7 Edge using XDA Labs
Click to expand...
Click to collapse
I actually did enable OEM unlock and I have USB debugging enabled all the time.
If I flash a stock ROM along with its CSC will S health work again?
Thank you for your answer
s7frank said:
I actually did enable OEM unlock and I have USB debugging enabled all the time.
If I flash a stock ROM along with its CSC will S health work again?
Thank you for your answer
Click to expand...
Click to collapse
Yes according to my knowledge it should work if knox bit is 0x0, but if knox isn't tripped that means recovery wasn't flashed correctly.
Sent from my S7 Edge using XDA Labs
Yeah. That would indeed mean that your recovery was not flashed correctly. So just use Odin to clean flash stock completely and then see what S-health says.
s7frank said:
I actually did enable OEM unlock and I have USB debugging enabled all the time.
If I flash a stock ROM along with its CSC will S health work again?
Thank you for your answer
Click to expand...
Click to collapse
if by doing above steps and flashing your stock rom doent work correctly and s-health shows error, then just install an old version of shealth which you can download from apkmirror and set it up after setting up just update it from play store, it will work again.
I finally managed to find my old firmware. I flashed it and so far it's fine. Thank you everybody.

Fake the Knox counter to show 0x0 in Download mode

I was wondering if the Knox counter could be masked to show 0x0 after being tripped to 0x1 with a custom bootloader
I was going through the aboot.mbn file on the SM-T350 stock firmware with a hex editor and I found:
WARRANTY VOID: 0x%x (%d) and
WARRANTY VOID: 0x%x
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What if I change these to:
WARRANTY VOID: 0x0 (0) and
WARRANTY VOID: 0x0
then flash it with Odin
Would it reset the counter to 0x0 (0) or not? If not are there any other ways to reset the counter without replacing hardware?
you cant use a custom bootloader unless u want a bricku also cant rezet knox counter as its a physical efuse that is blown.
magisk already should visually change it on boot but if not make a script n change it using resetprop
elliwigy said:
you cant use a custom bootloader unless u want a bricku also cant rezet knox counter as its a physical efuse that is blown.
magisk already should visually change it on boot but if not make a script n change it using resetprop
Click to expand...
Click to collapse
Doesn't Magisk only hide the value in the system? Won't it still say 0x1 in download mode?
JJcoder said:
Doesn't Magisk only hide the value in the system? Won't it still say 0x1 in download mode?
Click to expand...
Click to collapse
yes.. bcuz u cannot reset knox counter.. its impossible unless you replace the main board since knox counter is a physical efuse..
it has been this way ever since they created it and has never been any way to reset it since its a physical fuse
elliwigy said:
yes.. bcuz u cannot reset knox counter.. its impossible unless you replace the main board since knox counter is a physical efuse..
it has been this way ever since they created it and has never been any way to reset it since its a physical fuse
Click to expand...
Click to collapse
I know you can't reset it entirely but what I'm trying to do is mask the download mode string to show 0x0. I figured out that Odin cannot flash a custom bootloader but I ordered a JTAG box and I'm sure that can. There has to be something in the software (probably in the bootloader) that displays 0x1 in download mode.
JJcoder said:
I know you can't reset it entirely but what I'm trying to do is mask the download mode string to show 0x0. I figured out that Odin cannot flash a custom bootloader but I ordered a JTAG box and I'm sure that can. There has to be something in the software (probably in the bootloader) that displays 0x1 in download mode.
Click to expand...
Click to collapse
there is but that would be useless since itll only change it visually.. and again, its not stored in the bootloader.. and again, u cant modify the bootloader and expect it to work..
the bootloader is one of the first things to be loaded and also is verified against root/privqte key/signature.. its verified even on unlocked devices..
device starts bl gets loaded and verified (if any errors will crash usually into an emergency mode such as edl) then bootloader checks flasgs elsewhere on the device and if its set unlocked it will ignore verification of the next firmware to be loaded.. it does this on every startup, bootloader itself is actually never modified.
knox warranty bit is a physical fuse that gets burned, there is absolutely no way to change this.. even changing it to appear 0x0 is only visual in dl mode. During runtime it can help to be set to 0x0 (again just visual) if the app is looking for that property if its normally blocked due to root. This change also resets when device reboots since the properties are loaded into ram.
elliwigy said:
there is but that would be useless since itll only change it visually.. and again, its not stored in the bootloader.. and again, u cant modify the bootloader and expect it to work..
the bootloader is one of the first things to be loaded and also is verified against root/privqte key/signature.. its verified even on unlocked devices..
device starts bl gets loaded and verified (if any errors will crash usually into an emergency mode such as edl) then bootloader checks flasgs elsewhere on the device and if its set unlocked it will ignore verification of the next firmware to be loaded.. it does this on every startup, bootloader itself is actually never modified.
knox warranty bit is a physical fuse that gets burned, there is absolutely no way to change this.. even changing it to appear 0x0 is only visual in dl mode. During runtime it can help to be set to 0x0 (again just visual) if the app is looking for that property if its normally blocked due to root. This change also resets when device reboots since the properties are loaded into ram.
Click to expand...
Click to collapse
Changing it to 0x0 in download mode would give you warranty because if they check to see in download mode it would show 0x0. The Knox features would still probably not work.
And if it isn't stored in the bootloader then why did I find it in aboot.mbn? Could it be stored in more than one place? The problem is if you modify the bootloader it will probably not work like you said.
There might be a way to "reset" it because people have reported that Samsung reset there Knox counter and the IMEI stayed the same. That either means that they programmed the IMEI into the new motherboard or that there is a way to reset it.
JJcoder said:
Changing it to 0x0 in download mode would give you warranty because if they check to see in download mode it would show 0x0. The Knox features would still probably not work.
And if it isn't stored in the bootloader then why did I find it in aboot.mbn? Could it be stored in more than one place? The problem is if you modify the bootloader it will probably not work like you said.
There might be a way to "reset" it because people have reported that Samsung reset there Knox counter and the IMEI stayed the same. That either means that they programmed the IMEI into the new motherboard or that there is a way to reset it.
Click to expand...
Click to collapse
changing it would not do anything except make it appear not tripped.. and yea, i guess if the techs an idiot and cant see its tripped then he shouldnt b working for samsung as an engineer lmao.. best bet if wanting to do warranty and concerned theyll not like it being tripped then do wat i do, fully brick it so it wont even turn on lol
the knox warranty is NOT in the bootloader.. viewing strings in the bootloader is basically code as it will need to check for the flag.. u will see references to varios flags in the bootloader but its just code saying if knox flag 0x0 then is clean if knox 0x1 then tampered etc etc..
not to b smart or anything but i domt think u understand.. itis literally and physically impossible to reset knox warranty flag.. u can only make it appear 0x0.. its literally a physical fuse that gets blown, only way to get it to a real 0x0 is replace the mptherboard with one not tripped.
People have tried including legends to "reset" knox counter since it was even a thing.. its just not possible.. anyone who claims to do so is guaranteed to be false or they are simply mistaken and confusing it with something else
samsung definitely woupd replace the mobo and could reprogram the imei.. they can do a lot more than that.. its also possible theres more than one fuse and they just change it to use the new unblown fuse instead of the tripped one
elliwigy said:
changing it would not do anything except make it appear not tripped.. and yea, i guess if the techs an idiot and cant see its tripped then he shouldnt b working for samsung as an engineer lmao.. best bet if wanting to do warranty and concerned theyll not like it being tripped then do wat i do, fully brick it so it wont even turn on lol
the knox warranty is NOT in the bootloader.. viewing strings in the bootloader is basically code as it will need to check for the flag.. u will see references to varios flags in the bootloader but its just code saying if knox flag 0x0 then is clean if knox 0x1 then tampered etc etc..
not to b smart or anything but i domt think u understand.. itis literally and physically impossible to reset knox warranty flag.. u can only make it appear 0x0.. its literally a physical fuse that gets blown, only way to get it to a real 0x0 is replace the mptherboard with one not tripped.
People have tried including legends to "reset" knox counter since it was even a thing.. its just not possible.. anyone who claims to do so is guaranteed to be false or they are simply mistaken and confusing it with something else
samsung definitely woupd replace the mobo and could reprogram the imei.. they can do a lot more than that.. its also possible theres more than one fuse and they just change it to use the new unblown fuse instead of the tripped one
Click to expand...
Click to collapse
So if you somehow make it appear to be 0x0 in download mode Samsung would still know it's tripped? If they would than there is no point in this whole thread.
Again, I know that it is a phisical fuse and can't actually be reset. (Without changing the motherboard)
If it is not stored in the bootloader then where is it stored? On a write-protected partition? Could a JTAG box write on that partition?
I understand that Knox will probably never be reset but I am just posting ideas.
JJcoder said:
So if you somehow make it appear to be 0x0 in download mode Samsung would still know it's tripped? If they would than there is no point in this whole thread.
Again, I know that it is a phisical fuse and can't actually be reset. (Without changing the motherboard)
If it is not stored in the bootloader then where is it stored? On a write-protected partition? Could a JTAG box write on that partition?
I understand that Knox will probably never be reset but I am just posting ideas.
Click to expand...
Click to collapse
it depends on the variant.. sd or exynos but typically its on a non volatile partition such as steady or param for example.. they have to be read/writeable by system usually so u would need at least system privs is my guess..
and samsung will know.. they make the phones obviously and have software, jigs, all sorts of stuff to repair devices which clearly check the warranty status.. i doubt they just enter dl mode and check the screen.. if anything they probably dont even look at this at all.. they probably hook it up to some jig like anyway jig then use some software like daseul which would report the values
elliwigy said:
it depends on the variant.. sd or exynos but typically its on a non volatile partition such as steady or param for example.. they have to be read/writeable by system usually so u would need at least system privs is my guess..
and samsung will know.. they make the phones obviously and have software, jigs, all sorts of stuff to repair devices which clearly check the warranty status.. i doubt they just enter dl mode and check the screen.. if anything they probably dont even look at this at all.. they probably hook it up to some jig like anyway jig then use some software like daseul which would report the values
Click to expand...
Click to collapse
I bet some techs just go to download mode because if no one has ever managed to change it to show 0x0 why would they waste time using something else? Also where is the Odin mode code stored?
JJcoder said:
I bet some techs just go to download mode because if no one has ever managed to change it to show 0x0 why would they waste time using something else? Also where is the Odin mode code stored?
Click to expand...
Click to collapse
because its probably faster for them to hook it up to a cable as well as its probably the way theyre supposed to do it.. dont think they keep their jobs taking shortcuts and cant identify if a device has been tampered with which is their entire reason for having the warranty flag to begin with lol.. if they dont check then end up replacing it im sure at some point theyll fogure it out which by then might have cost them more $$$.
odin mode code? not sure wat u mean but if u think u can edit some code and bypass security that easy then good luck.. the code is everywhere.. it all works together from device identifiers such as imei, edid, oem flags, verified boot, selinux, verity, dtb, tz etc etc. u cant just edit some line of code then have everything b unlocked..
u should search google and read up on previous exploits to get an idea of what ur dealing with.. theres been plenty over the years which of course have all mostly been patched making it even harder..
without an unlocked bl you have to consider avb, verity, signatures, selinux, defex, tima, proca, rkp, encryption, knox and more..
for example on newer devices to even flash combo you need to take ur device specific info such as edid and find someone in samsung to send it to their server to generate a factory token which prolly can only be used once and only on one specific device and that is just to flash combo.. to unlock the bl u really only have eng tokens which are even harder to find if at all that will allow custom firmware.. given you have an inside samsung engineer willing to lose their job at which theyd probably charge more than the phones worth without exploits which really takes hardcore developers that most likely work for a security company and report them to be patched and never release publicly..
even basic root is becoming rare due to all the security and most the obvious exploits have already been found released and patched over the years.
with that being said u have better luck trying to exploit edl mode or exynos usb mode but even then usa locked devices even require signed official files to use these modes which these files are also rare and need to b leaked as well as cost $$$
long story short, good luck lol
elliwigy said:
because its probably faster for them to hook it up to a cable as well as its probably the way theyre supposed to do it.. dont think they keep their jobs taking shortcuts and cant identify if a device has been tampered with which is their entire reason for having the warranty flag to begin with lol.. if they dont check then end up replacing it im sure at some point theyll fogure it out which by then might have cost them more $$$.
odin mode code? not sure wat u mean but if u think u can edit some code and bypass security that easy then good luck.. the code is everywhere.. it all works together from device identifiers such as imei, edid, oem flags, verified boot, selinux, verity, dtb, tz etc etc. u cant just edit some line of code then have everything b unlocked..
u should search google and read up on previous exploits to get an idea of what ur dealing with.. theres been plenty over the years which of course have all mostly been patched making it even harder..
without an unlocked bl you have to consider avb, verity, signatures, selinux, defex, tima, proca, rkp, encryption, knox and more..
for example on newer devices to even flash combo you need to take ur device specific info such as edid and find someone in samsung to send it to their server to generate a factory token which prolly can only be used once and only on one specific device and that is just to flash combo.. to unlock the bl u really only have eng tokens which are even harder to find if at all that will allow custom firmware.. given you have an inside samsung engineer willing to lose their job at which theyd probably charge more than the phones worth without exploits which really takes hardcore developers that most likely work for a security company and report them to be patched and never release publicly..
even basic root is becoming rare due to all the security and most the obvious exploits have already been found released and patched over the years.
with that being said u have better luck trying to exploit edl mode or exynos usb mode but even then usa locked devices even require signed official files to use these modes which these files are also rare and need to b leaked as well as cost $$$
long story short, good luck lol
Click to expand...
Click to collapse
By Odin mode code I mean where is the code for Odin/Download mode stored? I found it coded in aboot.mbn (the bootloader) but you said it isn't stored in the bootloader. If you find out where the code is you can change the value to 0x0 so either way they check it it will return 0x0.
Edit: I put the aboot.mbn file in a .tar format and I tried to flash it with Odin and it just got stuck at file analysis
So I copied the devices aboot file and edited it (To mask Knox to 0x0) and pasted it back to where it was and it did nothing at all so you were right about it not being stored in the bootloader.
Edit 2: What about https://knoxreset.com? I also found the source code here: https://github.com/venus342/KNOX-Reset
And this xda thread: https://forum.xda-developers.com/android/general/disable-knox-reset-knox-counter-to-0x0-t3414890
Edit 3: where is the Knox counter stored? It has to be somewhere.
Edit 4: After some more research I figured out that the aboot.mbn is an executable for ARM processers which you can dissassemble (to get the original code) with IDA Pro but I don't want to buy IDA pro and I tried the free version and it doesn't support ARM. So are there any other dissassemblers that would work to dissassemble this file? (Becuase Odin/Download mode could be coded in this file which would allow us to change the Download mode string to show 0x0) Also I found this site where someone disassembles aboot.mbn and changes download mode to block flashing: https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
Edit 5: I dissassembled the bootloader with another dissassembler and edited it and compressed it in a .tar format correctly (I found out the reason why it got stuck at file analysis... is because I compressed it wrong with WinRAR) and then tried to flash it with Odin but it ended with Secure Check Fail: aboot
Not sure how many times I need to say it, you can't just "edit" the code and reset the knox counter as it is a physical fuse...
the links you posted one is some old website that still shows it installing old supersu, they don't say how or what it does, there isn't any way to reset the counter.. I imagine it is BS.. if it was a thing and worked then surely you'd see others having replicated it or at the very least talking about it over the years which isn't the case.. You can try it if you want but I would highly advise against it as they'll probably steal your money and it won't work.
as for the xda thread you linked you can clearly see it was closed by mods years ago, multiple users say it showed up as a virus as well as many saying it didn't work and was crap as well as some even saying it was a rip off indicating they were charging for it lol.. My guess is they got enough complaints that it didn't work so they closed the thread.
Yes, the code is in the bootloader for ODIN/download mode.. but A - You can't edit/modify the bootloader and have the device boot, in fact it will hard brick causing you to go into exynos usb mode or EDL mode B) The code for it to work is in the bootloader, the flags and such you are thinking about are not stored in the bootloader. If that was the case then one could just install the bootloader from a stock firmware and it would reset which isn't the case, this is because it is a physical efuse that is blown so when device starts up it write the flag on some other partition that it is tripped then the bootloader reads this flag.. what is displayed in download mode is only visual.. changing it to appear as 0x0 does not mean it is actually 0x0 since the physical fuse is blown.. not sure how hard this is to understand lol
As far as the CC mode, again, this is not something they change in the bootloader, they dissassembled the bootloader to determine how it boots and how it determines which mode to boot into. CC mode is also known as common criteria mode, samsung provides an app you can download if you want to test it out. Also, MDM can do the same thing as far as not allowing firmware to be flashed in odin/dl mode. They basically found out what the bootloader checks for when starting up or entering download mode and edited that flag to not allow flashing in odin, this is a software thing, not a physical thing. Neither of these modify the bootloader and neither of these use a physical efuse like the knox warranty bit does so they are two completely different things.
Also, just because you can change the way something appears on the screen doesn't always mean it will do what you want. For example I can make download mode say it is in ENG mode but doesn't mean it actually is.
If you need to know why the bootloader cannot be modified it's because of AVB. When device starts it verifies the bootloader against the devices root key/signature. If it is modified at all it will break this signature and since it is one of the very first things that get loaded (and is needed to load other stuff such as secondary bootloader or kernel etc. depending on the device) the startup will be killed forcing the device into an emergency recovery mode. Even if the BL is unlocked you cannot flash a modified bootloader without it bricking.
I am done trying to explain it, if you want to keep trying where experienced developers have tried for years n years and when it is technically impossible then by all means good luck and have fun.
JJcoder said:
By Odin mode code I mean where is the code for Odin/Download mode stored? I found it coded in aboot.mbn (the bootloader) but you said it isn't stored in the bootloader. If you find out where the code is you can change the value to 0x0 so either way they check it it will return 0x0.
Edit: I put the aboot.mbn file in a .tar format and I tried to flash it with Odin and it just got stuck at file analysis
So I copied the devices aboot file and edited it (To mask Knox to 0x0) and pasted it back to where it was and it did nothing at all so you were right about it not being stored in the bootloader.
Edit 2: What about https://knoxreset.com? I also found the source code here: https://github.com/venus342/KNOX-Reset
And this xda thread: https://forum.xda-developers.com/android/general/disable-knox-reset-knox-counter-to-0x0-t3414890
Edit 3: where is the Knox counter stored? It has to be somewhere.
Edit 4: After some more research I figured out that the aboot.mbn is an executable for ARM processers which you can dissassemble (to get the original code) with IDA Pro but I don't want to buy IDA pro and I tried the free version and it doesn't support ARM. So are there any other dissassemblers that would work to dissassemble this file? (Becuase Odin/Download mode could be coded in this file which would allow us to change the Download mode string to show 0x0) Also I found this site where someone disassembles aboot.mbn and changes download mode to block flashing: https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
Click to expand...
Click to collapse
elliwigy said:
Not sure how many times I need to say it, you can't just "edit" the code and reset the knox counter as it is a physical fuse...
the links you posted one is some old website that still shows it installing old supersu, they don't say how or what it does, there isn't any way to reset the counter.. I imagine it is BS.. if it was a thing and worked then surely you'd see others having replicated it or at the very least talking about it over the years which isn't the case.. You can try it if you want but I would highly advise against it as they'll probably steal your money and it won't work.
as for the xda thread you linked you can clearly see it was closed by mods years ago, multiple users say it showed up as a virus as well as many saying it didn't work and was crap as well as some even saying it was a rip off indicating they were charging for it lol.. My guess is they got enough complaints that it didn't work so they closed the thread.
Yes, the code is in the bootloader for ODIN/download mode.. but A - You can't edit/modify the bootloader and have the device boot, in fact it will hard brick causing you to go into exynos usb mode or EDL mode B) The code for it to work is in the bootloader, the flags and such you are thinking about are not stored in the bootloader. If that was the case then one could just install the bootloader from a stock firmware and it would reset which isn't the case, this is because it is a physical efuse that is blown so when device starts up it write the flag on some other partition that it is tripped then the bootloader reads this flag.. what is displayed in download mode is only visual.. changing it to appear as 0x0 does not mean it is actually 0x0 since the physical fuse is blown.. not sure how hard this is to understand lol
As far as the CC mode, again, this is not something they change in the bootloader, they dissassembled the bootloader to determine how it boots and how it determines which mode to boot into. CC mode is also known as common criteria mode, samsung provides an app you can download if you want to test it out. Also, MDM can do the same thing as far as not allowing firmware to be flashed in odin/dl mode. They basically found out what the bootloader checks for when starting up or entering download mode and edited that flag to not allow flashing in odin, this is a software thing, not a physical thing. Neither of these modify the bootloader and neither of these use a physical efuse like the knox warranty bit does so they are two completely different things.
Also, just because you can change the way something appears on the screen doesn't always mean it will do what you want. For example I can make download mode say it is in ENG mode but doesn't mean it actually is.
If you need to know why the bootloader cannot be modified it's because of AVB. When device starts it verifies the bootloader against the devices root key/signature. If it is modified at all it will break this signature and since it is one of the very first things that get loaded (and is needed to load other stuff such as secondary bootloader or kernel etc. depending on the device) the startup will be killed forcing the device into an emergency recovery mode. Even if the BL is unlocked you cannot flash a modified bootloader without it bricking.
I am done trying to explain it, if you want to keep trying where experienced developers have tried for years n years and when it is technically impossible then by all means good luck and have fun.
Click to expand...
Click to collapse
I know but that is all I want to do is make it say 0x0 in download mode so what do I need to edit?
Deleted member 10802473 said:
I know but that is all I want to do is make it say 0x0 in download mode so what do I need to edit?
Click to expand...
Click to collapse
Hi Deleted member 10802473
Modifying bootloader is not Possible because the bootloader is signed with OEM Private Keys you can simply Brick it. Make it 0x0 by Visual is your best option you will get your warranty back because they will see it as 0x0 in Odin Mode.
Best Regards
William Liu
.
OK. Here they did not answer the question of how to visually change the display of the knox.
And the second. If, as they say here, knox is a physical fuse, then why not just replace it on the board itself? One fuse should obviously cost less than the entire board. I'm sure I wasn't the first to come up with this idea. If it were that easy, Chinese stores would be full of these fuses. On the other hand, maybe it is, but I don't know about it?
Okay if i can rewrote a driver when i can add exception and emulate a return data(knox data)
knox can't reset, but we will edit it to show 0x0 and modify custom rom so it's 0x0 rom

Resources