Anyone know how to install knox on rooted s7 edge....
Anyone know how to install a Anti virus on a full infected PC
"Same thing, Knox is a security suit, it isolates part of the system. keeping the security of a device, Rooting your device breaks this security rendering it useless"
Even if KNOX is 0x0 and rooted "Theoretically" it still checks for root access.
The only way is to go back to Stock. Thus is the exact reason we issue devices with Knox, To stop people rooting the device and granting them-self access to parts we wish to not be accessed (The reason list is endless)
This has been asked many a times before on CF-Root thread
Related
hello guys
I have N9005 Galaxy Note 3
latest UK NG1 rom installed, i found a method of rooting without tempering knox status
but is there any method of install custom recovery without changing knox status
and what are other disadvantages of knox 0x1 except warranty, as my phone doesnt have local warranty
You can't install a custom recovery or custom kernel without tripping knox.
Knox is not necessarily for warranty but rather for the knox "app" on your phone. Knox is like having two phones in one. If you run the knox app you will see a separate android environment that is considered secure and you can install apps etc in there. People use this knox environment with their work email etc. Typically, if you use your phone and leave a company for example, they will remotely wipe your phone. In this case, only the Knox partition is wiped and your personal phone side remains untouched.
Tripping Knox tells people that Knox's security is not guaranteed anymore and Knox ceases to function on that phone.
If you've never used knox and don't have a need for it, tripping it won't harm you.
Another alternative is safe strap. This lets you use something that looks nearly identical to a custom recovery (with similar functions), but it was created for phones that can't write over their recovery partition. The AT&T and Verizon US phones have a version that works well. The AT&T safestrap works on the T-Mobile Note 3 and might work on your version. Research it and see if it works for you.
effortless said:
You can't install a custom recovery or custom kernel without tripping knox.
Knox is not necessarily for warranty but rather for the knox "app" on your phone. Knox is like having two phones in one. If you run the knox app you will see a separate android environment that is considered secure and you can install apps etc in there. People use this knox environment with their work email etc. Typically, if you use your phone and leave a company for example, they will remotely wipe your phone. In this case, only the Knox partition is wiped and your personal phone side remains untouched.
Tripping Knox tells people that Knox's security is not guaranteed anymore and Knox ceases to function on that phone.
If you've never used knox and don't have a need for it, tripping it won't harm you.
Another alternative is safe strap. This lets you use something that looks nearly identical to a custom recovery (with similar functions), but it was created for phones that can't write over their recovery partition. The AT&T and Verizon US phones have a version that works well. The AT&T safestrap works on the T-Mobile Note 3 and might work on your version. Research it and see if it works for you.
Click to expand...
Click to collapse
It's nice to see a good, informative response to questions regarding knox.
effortless said:
You can't install a custom recovery or custom kernel without tripping knox.
Knox is not necessarily for warranty but rather for the knox "app" on your phone. Knox is like having two phones in one. If you run the knox app you will see a separate android environment that is considered secure and you can install apps etc in there. People use this knox environment with their work email etc. Typically, if you use your phone and leave a company for example, they will remotely wipe your phone. In this case, only the Knox partition is wiped and your personal phone side remains untouched.
Tripping Knox tells people that Knox's security is not guaranteed anymore and Knox ceases to function on that phone.
If you've never used knox and don't have a need for it, tripping it won't harm you.
Another alternative is safe strap. This lets you use something that looks nearly identical to a custom recovery (with similar functions), but it was created for phones that can't write over their recovery partition. The AT&T and Verizon US phones have a version that works well. The AT&T safestrap works on the T-Mobile Note 3 and might work on your version. Research it and see if it works for you.
Click to expand...
Click to collapse
Efficient and adequate communication Very helpful.
Hi guys so I'm really sorry if this has been asked millions of times but what I want to know is, does tripping the KNOX flag open a huge risk to normal system functionality not working? Now I know KNOX tripping, prevents you from using KNOX related stuff but does it stop you from an average joe using their phone normally, installing apps, sideloading apps, using the camera.
Tripping knox does affect on phone performance when back to stock ?
No it does not
Tripping knox stops you using Knox and also voids your warranty
(Well so called void, people i know still making claims with Samsung even tho Knox is tripped)
I tripped a year ago, and my device is like a fine wine - gets better as each day passes
is knox on 0x1 and back to stock rom is disable OTA and kies update or not ?
Remember Me? said:
is knox on 0x1 and back to stock rom is disable OTA and kies update or not ?
Click to expand...
Click to collapse
OTA should update yes, Knox is just a security feature, it does not medal with the OS if its broke / disabled i.e. 0x1
So knox is only for warranty, nothing else is
Remember Me? said:
So knox is only for warranty, nothing else is
Click to expand...
Click to collapse
Pretty much Let me explain in more detail.
Actually maybe not, Have a read here:
http://www.samsung.com/uk/business/solutions-services/mobile-solutions/security/samsung-knox
Its a security feature, The security is rendered usless if you root the device (Trip the Knox)
Imagine you have this device that is encrypted with the highest level of security.
You root the device, meaning the Security is no longer in place as 3rd party apps can have Root access and can meddle with the security.
The device trips itself 0x1 to say DONT use this security any more its pointless
The device has been compromised........
Trying to explain it in a much simpler process
Maybe another way to explain:
The business you work for, Give you a nice shiny note 3, They want you to use this device for Work too, But they are happy for you to use it for pleasure too.
Now the applications the Business will install are private apps, May contain sensitive information or access to the company via VPN or anything.
They company its self would not want to trust a user to install ANY apps that could hijack the phone and attack the company's software / connections
So Knox comes along.
The business installs the Business side on Knox, And you as a user can use the phone normally
Normally cannot touch Knox, and Knox cannot touch Normal
If you trip knox i.e. Root, Then the security is pointless, This then disabled knox - Now the business owner knows of the security breach and none of the company applications or connections have been compromised.
KNOX counters only affect two things: Warranty and the KNOX secure system.
Tripping KNOX is similar to breaking the seal on any piece of hardware. It renders your warranty void. This doesn't mean they won't repair it, just that it'll cost you money. You can always get additional insurance if you worry about it. If you're in the EU it doesn't matter at all. (unless you do something to cause a hardware defect.)
Secondly, KNOX has two parts, the counter and the security container. The latter is an environment on your phone in which you can work and store files. (like a virtual machine.). Any files inside the KNOX container can't be accessed outside it. This is mainly aimed at the business and government market. 99% of regular users do not even enable KNOX's security container. (you have to start it yourself, if isn't active by default.)
Tripping the counter disables the container, for obvious security reasons. (so if you have any files inside they're gone.)
It does not affect anything else.
i had rooted my device a month ago and trapped knox but now i cant even install updates for my device so is there any way to recover it ?
So once u root and trip knox u can't receive ota updates? Is flashing with Odin the only way?
Sent from my SM-G900T using XDA Free mobile app
When you root you can't (and shouldn't) use OTA. When you trip KNOX you can't use OTA.
ODIN is the only option. Any update by any method risks disabling the root method, so think very carefully before updating.
knox
This is like a spam and a virus ,any bussiness owner can modify or block you're phone. I was force to install custom rom because knox block and delete google play on my S9+.Read more on google play reviews who install Samsung Knox Manage.
Replying to 5 year old posts and not a Note 3 .
Hi XDA.
I have had this idea for a while, not specifically for the Galaxy S8+, but if one device were to be worthy, it would be this one, due to the much higher kernel version compared to past devices.
The idea is to keep the 100% stock ROM, except with root, and have the system believe that it is 100% official. My idea is to root, and replace the Device Root Key (DRK) with a self-generated one, and then rebuild the whole ROM with all of the apps, the kernel, and other parts self-signed, with the device believing that the signatures are by Samsung. This would potentially allow us to relock the bootloader by having the device believe that the boot image is official.
This way we should be able to pass dm-verity whilst allowing modifications to system, pass safety net, and in the long run, pass KNOX with a kernel that fakes the KNOX bit to be cleared, and with further modifications, fake KNOX bit cleared in download mode. We could also make system modifications and convince KNOX that the changes are authorised and official.
Also, I do not like how theoretically Samsung can sign custom firmware to break into your device and remove the reactivation locks and potentially decrypt the device. In theory they cannot decrypt it if the encryption key is derived from the password and is not stored on the device, but I would not be surprised if there is a way.
I love Samsung stock software, but I wish I could root and still have the OOBE with Samsung Pay and KNOX containers.
But I am having trouble gathering concrete information. I am only partially sure that the DRK does what I said, and I am not sure if there are any other keys hardcoded into the device hardware, like the bootloader.
Can anybody comment on whether this is theoretically possible, and how? Or just any helpful information.
One thing I need to know is how the system reads the KNOX bit. If it is a protected mode instruction (unlikely because it would violate ARM compatibility) to put the result into a register, then it would be practically impossible to fake. But if only the kernel can check, then we can patch the kernel.
Also, can the KNOX eFuse be blown by unauthorised actions at runtime? As in, if one obtains root through a kernel vulnerability (like Galaxy S6 with PingPong) without tripping KNOX, are there actions / system modifications that can be done as root that can blow KNOX without flashing some unsigned image? My thoughts are that ideally, if rooting without blowing KNOX happens with another kernel exploit, we could use that window to replace the DRK and the whole system with self-signed software, that we would then have the golden experience of truly owning our own Samsung device, without KNOX ever tripping.
Thanks for any discussion!
Karatekid430
karatekid430 said:
Hi XDA.
I have had this idea for a while, not specifically for the Galaxy S8+, but if one device were to be worthy, it would be this one, due to the much higher kernel version compared to past devices.
The idea is to keep the 100% stock ROM, except with root, and have the system believe that it is 100% official. My idea is to root, and replace the Device Root Key (DRK) with a self-generated one, and then rebuild the whole ROM with all of the apps, the kernel, and other parts self-signed, with the device believing that the signatures are by Samsung. This would potentially allow us to relock the bootloader by having the device believe that the boot image is official.
This way we should be able to pass dm-verity whilst allowing modifications to system, pass safety net, and in the long run, pass KNOX with a kernel that fakes the KNOX bit to be cleared, and with further modifications, fake KNOX bit cleared in download mode. We could also make system modifications and convince KNOX that the changes are authorised and official.
Also, I do not like how theoretically Samsung can sign custom firmware to break into your device and remove the reactivation locks and potentially decrypt the device. In theory they cannot decrypt it if the encryption key is derived from the password and is not stored on the device, but I would not be surprised if there is a way.
I love Samsung stock software, but I wish I could root and still have the OOBE with Samsung Pay and KNOX containers.
But I am having trouble gathering concrete information. I am only partially sure that the DRK does what I said, and I am not sure if there are any other keys hardcoded into the device hardware, like the bootloader.
Can anybody comment on whether this is theoretically possible, and how? Or just any helpful information.
One thing I need to know is how the system reads the KNOX bit. If it is a protected mode instruction (unlikely because it would violate ARM compatibility) to put the result into a register, then it would be practically impossible to fake. But if only the kernel can check, then we can patch the kernel.
Also, can the KNOX eFuse be blown by unauthorised actions at runtime? As in, if one obtains root through a kernel vulnerability (like Galaxy S6 with PingPong) without tripping KNOX, are there actions / system modifications that can be done as root that can blow KNOX without flashing some unsigned image? My thoughts are that ideally, if rooting without blowing KNOX happens with another kernel exploit, we could use that window to replace the DRK and the whole system with self-signed software, that we would then have the golden experience of truly owning our own Samsung device, without KNOX ever tripping.
Thanks for any discussion!
Karatekid430
Click to expand...
Click to collapse
I have also been doing extensive research on this and made some progress. I have a private github wiki where I am detailing my experiments. PM me if you are interested in collaborating.
Just wondering if installing stock firmware using Odin resets knox. I of course tripped it without even knowing what it was, and it looks like my banks mobile payment option requires knox 0x0 to work. I've looked at lot of posts on here with regards to resetting the knox counter, etc, but they are pretty outdated and most of the files required to accomplish it are long gone. If anyone could point me in the right direction it would be so helpful. I don't care about having root, I'd prefer to stay on the custom rom I'm on, but if that's not possible I'm willing to go back to stock. I noticed a lot of the threads are asking how to keep root while resetting the knox counter, but I just want to know if installing stock rom will do this for me.
Did a little digging and it looks like its impossible to do. Oh well, mods can close this thread.
Knox so important?
Even my note 3 got 0x20 count i will no bother if no abnormality happen..just carry on and live with it
I think it's only possible on the Exynos version, not on Snapdragon.
As for your bank, maybe it only detects root, NOT knox 0x1
So, you can try Magisk root method instead of the traditional SuperSU, because Magisk can hide root from a couple of apps that detect root, like Google Pay
Hi,
I've never rooted a Knox device before, and I can't find any good generic FAQ about this subject. If there is, feel free to direct me to it and delete this post.
I've read about flashing without tripping Knox, but only other devices. It seemed to involve not flashing the recovery though... Does anyone know anything about this?
If I cannot flash without tripping Knox, can I use XPOSED/MAGISK to make my apps work as normal? Or is this only for apps that detect the device is rooted?
Will my fingerprint scanner still work in Paypal, my banking app, Samsung Pass, etc? (Not sure if this is Knox or Root related in this instance)
If no to either of the previous two questions: is there a complete list of apps that are affected by the Knox flag?