reset knox warranty status - Samsung Galaxy S7 Edge Questions and Answers

Hello everybody
I have a question
When we make root or install twrp the counter know write OX1 but where this number is write ? in the bootloader ? In the part of system?
So i think many persons thins to this solution ( if it's possible ) but if we take the file where it's located the counter , it's possible to send to rooted phone for have a counter with OX0 or not?
If we flash a bootloader of someone who don't have rooted the phone?
I hope someone understand me ^^ Sorry for my bad english i am french and i don't have many vocabulary for android phone in english x)
Exemple : The file of my friends(yoyo) "system.sys" have the counter knox to OX0 or " bootloader.img" have the counter knox to OXO , so i take the file and i copy the files of yoyo to my phone rooted
Thanks

Its not a file, its a physical fuse or trace on the mainboard that gets blown out when you root the phone. Next time the phone starts it tries to send a signal through that fuse and notices it can't, therefore the phone was rooted and knox shows 0x1.

peachpuff said:
Its not a file, its a physical fuse or trace on the mainboard that gets blown out when you root the phone. Next time the phone starts it tries to send a signal through that fuse and notices it can't, therefore the phone was rooted and knox shows 0x1.
Click to expand...
Click to collapse
Ohh okay thanks for the explication !!
So i come to the mainboard and i change the fuse ?

Its probably underneath the cpu or on the cpu... good luck.

But why at the time with triangle away it was possible to reset the counter?
It was software?

quadeur06 said:
But why at the time with triangle away it was possible to reset the counter?
It was software?
Click to expand...
Click to collapse
In the past it was possible to reset the knox counter because der wasn't any physical part which got destroyed. The S6 was the first phone with that pull**** haha

A physical trace on the mainboard? Nah! I reading about people who sent their knox tripped S7s to Samsung for repair and got back same phone with knox reset to 0x0

TRoN_1 said:
A physical trace on the mainboard? Nah! I reading about people who sent their knox tripped S7s to Samsung for repair and got back same phone with knox reset to 0x0
Click to expand...
Click to collapse
Most likely the mainboard was replaced.

peachpuff said:
Most likely the mainboard was replaced.
Click to expand...
Click to collapse
Same phone should be same IMEI I think

Tron have reason
In france Samsung have a software for reset the knox counter
I know that because i call samsung to know more about the warranty

Related

[Q] I need to root my device to reset hidden counter, unroot it without voiding KNOX.

Hi guys,
So I have to send my phone away for a repair under warranty with the provider (O2) tomorrow, however, when I unrooted and re-flashed the stock ROM, I forgot to use TriangleAway to reset or even check my hidden flash counter.
My phone had updated to 4.3 before I realised, and now I am stuck between a rock and a hard place. I can flash the Root file onto my phone using Odin to allow me to use TriangleAway, but by doing so I am risking voiding my KNOX Warranty. As we know this is irreversible, but then leaving my flash counter at something other than 0, I'm risking my warranty being made void anyway.
I mean, my counter could be 0 anyway, but I doubt it with the several ROMs I flashed to it, including three CyanogenMod ROMs and a GPE ROM.
What do I do? And more importantly, how do I do it to avoid voiding my KNOX Warranty status?
Thanks guys!
Go to DOWNLOAD MODE and make us a screenshot or write here what appears there pls
Joku1981 said:
Go to DOWNLOAD MODE and make us a screenshot or write here what appears there pls
Click to expand...
Click to collapse
Sorry if I wasn't clear, my current status is "KNOX Warranty Void: 0x0". I want to root my phone to run triangle away to reset the flash counter, and then unroot it, all without changing this to 0x1.
Any ideas?
radiocaf said:
Sorry if I wasn't clear, my current status is "KNOX Warranty Void: 0x0". I want to root my phone to run triangle away to reset the flash counter, and then unroot it, all without changing this to 0x1.
Any ideas?
Click to expand...
Click to collapse
Yes.
- U can root it by this way: HERE. This method no void ur warranty.
- About triangle away u can ask Chainfire directly HERE
Joku1981 said:
Yes.
- U can root it by this way: HERE. This method no void ur warranty.
- About triangle away u can ask Chainfire directly HERE
Click to expand...
Click to collapse
Thank you, I will try that. Do you know if my device status will change to custom by rooting and will TriangleAway change it back to Official?
I did everything you said and it worked perfectly. My phone had a counter of 0 so it was all in vain, but at least I know now. I got my system status back to Official, counter is 0, KNOX is untouched. I just can't update OTA, but that's no problem as long as it looks unmodified ready for it to be sent off for repair under warranty tomorrow. Thanks man!
use xposerd framework and wanam framework to change status to oficjall. this method work and you can check ota updates
Hello,
there is any way for saferoot leaked i9505 4.4?
I tryed saferoot and vroot without luck

[KNOX] S4 mini and Knox

Disclaimer: I'm not liable to any demage to your device, including Knox. The information here is as good as I know, there is no guarantee.
(If you like to provide extra information or have a correction, I'll add it to the OP)
Read this first:
http://forum.xda-developers.com/showthread.php?t=2447832
Additional information:
- How to view if I've Knox enabled or not? Enter download-mode (Power the device off and then press volume down + home + power, then press volume up if the triangle screen appears) If it says Knox 0x1 instead of 0x0, you tripped knox
- You'll get Knox 0x1 (warranty void) when you flash: custom kernel (which is included in many roms) or custom recovery (Update: @gladson1976 claimed a custom recovery didn't trip Knox at him. But at me it did)
- The device will be functional as before, nothing changes, all apps work etc. (Just at booting recovery or system it says "Set warranty bit, custom recovery" and "Set warranty bit, custom kernel" (depending on if you use a custom kernel or recovery)) info provided by @rpgdev (It's been said though, that Knox related app's will stop working.) (Upate: @fburgos claims that tripping knox caused him signal issues)
Another thing is, that if you've Knox apps still installed, they'll give you a message when giving root rights to apps "there is something wrong with the app", as reported by @Flatric
If you get warnings about applications doing not permitted actions, delete the following files from system/app, or let SuperSU fix it for you.
KNOXAgent.apk
KNOXStore.apk
ContainerAgent.apk
(Use a root browser app for deleting the files)
(information provided by @arco68 throught @R_a_z_v_a_n , thanks.
- Can I reverse Knox? So far it's impossible, but maybe one day there is a workaround (Update: workaround for Exynos CPU available, but not s4 mini yet. (see at buttom))
- Will there ever be a workaround? Knox uses and eFuse chip according to @rogier666 so there will be probably no workaround.
- I heard that in Europe your warranty will not be void, even if it's Knox 0x1 (no guarantee) check this thread for germany: http://forum.xda-developers.com/gal...arranty-knox-warranty-void-behaviour-t2919994
- It's been reported that even flashing a newer stock firmware with Odin could cause Knox active @tinko975 (I assume this happens because of Odin update of the recovery and kernel (Use in phone Samsung updater to stay safe)
- Reflashing the firmware doesn't cause KNOX 0x1 as reported by @Gloris, confirmed by @Bullet92
- Many rooting method will enable KNOX too, thanks to @afme89 for the info.
Extra:
- People claimed that if you flash a certain rom and remove the custom kernel from it and flash it with odin then it doesn't get Knox (because no custom kernel, no custom recovery.)
Knox workaround news:
@masinj claimed claimed to has found a workaround for Exynos CPU (Not S4 mini) Further info about this:
How does Knox work? Because Knox is both in the OS (apps) and in the firmware (bootloader) it works in two ways. The OS components prevent attempts to obtain root access and make rooting with these Knox apps a pain in the butt. Fortunately they can be removed. In the firmware component (bootloader), Knox works to prevent the flashing of custom kernels and recoveries. If you flash a custom rom or custom recovery WHILE on the Knox bootloader, your Knox flag will be tripped and your Warranty Bit will go from 0x0 to 0x1. The Knox bootloader cannot be downgraded to, say, the MD4 bootloader because of special protections built into it. If you attempt to downgrade it, your phone will instantly brick. Info provided by @R_a_z_v_a_n , thanks.
Credits:
XDA developers
Me
@tinko975
@Gloris
@Bullet92
@afme89
@rpgdev
@Flatric
@R_a_z_v_a_n
@arco68
@masinj
@gladson1976
@fburgos
@rogier666
Reserved
my device turns knox to 0x1 in the beginning when i flash newer stock firmware with odin..
in Croatia (Europe) Warranty is void if your knox is 0x1.
tinko975 said:
my device turns knox to 0x1 in the beginning when i flash newer stock firmware with odin..
in Croatia (Europe) Warranty is void if your knox is 0x1.
Click to expand...
Click to collapse
Good to know, I'll add this to the OP :good: Thank you for contributing
Information updated, thanks to @Gloris
Aronuser said:
Information updated, thanks to @Gloris
Click to expand...
Click to collapse
Can confirm that. Reflashed it via Odin yesterday and KNOX is still 0x0.
Many rooting methods will set the Knox flag 0x1 too.
Bullet92 said:
Can confirm that. Reflashed it via Odin yesterday and KNOX is still 0x0.
Click to expand...
Click to collapse
afme89 said:
Many rooting methods will set the Knox flag 0x1 too.
Click to expand...
Click to collapse
Thank you both, I added the infos and credits to you.
I think there could also be a list of firmwares which have knox.
Example mine doesn't have one, l9195XXUAMF5.
Edit: Added link to this to few of my threads, also linked this to my signature, thanks!
leripe said:
I think there could also be a list of firmwares which have knox.
Example mine doesn't have one, l9195XXUAMF5.
Edit: Added link to this to few of my threads, also linked this to my signature, thanks!
Click to expand...
Click to collapse
First off, thank you for adding the link to your signature, i really appreciate it.
About the firmware list, well the idea is good but I don't have time for doing that. If you like to provide it I'd add it to the thread if you like (second post).
You can add that your phone will be functionally the same, I bought a 9195 (after owning the 9190) that had knox and went ahead and flashed something else (knowing that it could trip it, guarantee doesn't cover me anyways) and while it is tripped I can still flash anything, use all of my apps, etc. I had an s3 before and knox was tripped and I still could do everything I used to do.
The only really annoying thing about tripping knox is that on the first boot screen it will always show this little message announcing the "set warranty bit" which can be 'kernel' (if you're just normally booting the phone) or 'recovery' if you're booting into recovery. It shows up everytime you turn on your phone. It looks like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
rpgdev said:
You can add that your phone will be functionally the same, I bought a 9195 (after owning the 9190) that had knox and went ahead and flashed something else (knowing that it could trip it, guarantee doesn't cover me anyways) and while it is tripped I can still flash anything, use all of my apps, etc. I had an s3 before and knox was tripped and I still could do everything I used to do.
The only really annoying thing about tripping knox is that on the first boot screen it will always show this little message announcing the "set warranty bit" which can be 'kernel' (if you're just normally booting the phone) or 'recovery' if you're booting into recovery. It shows up everytime you turn on your phone. It looks like this:
Click to expand...
Click to collapse
Thank you I'll add the info to the OP and give you credits :good:
rpgdev said:
You can add that your phone will be functionally the same, I bought a 9195 (after owning the 9190) that had knox and went ahead and flashed something else (knowing that it could trip it, guarantee doesn't cover me anyways) and while it is tripped I can still flash anything, use all of my apps, etc. I had an s3 before and knox was tripped and I still could do everything I used to do.
The only really annoying thing about tripping knox is that on the first boot screen it will always show this little message announcing the "set warranty bit" which can be 'kernel' (if you're just normally booting the phone) or 'recovery' if you're booting into recovery. It shows up everytime you turn on your phone. It looks like this:
Click to expand...
Click to collapse
I've a question about that, I heard the knox app's will stop working. is this true or false?
Aronuser said:
I've a question about that, I heard the knox app's will stop working. is this true or false?
Click to expand...
Click to collapse
I know that sometimes on stock some persistent warning messages show up on the notification bar and to get rid of them you have to freeze some 'knox apps' or remove them from the system apps. I have yet to meet a useful 'knox app' but if there is let me know and next time I'm on stock I could try it out and report back.
Aronuser said:
I've a question about that, I heard the knox app's will stop working. is this true or false?
Click to expand...
Click to collapse
On my phone Knox was tripped after rooting my phone and everytime I wanted to give an application root rights knox said there's something wrong and I should uninstall the app and reboot my phone.
If you get warnings about applications doing not permitted actions, delete the following files from system/app, or let SuperSU fix it for you.
KNOXAgent.apk
KNOXStore.apk
ContainerAgent.apk
Click to expand...
Click to collapse
From arco's root thread.
Powered by CM11 - M6 snapshot
Flatric said:
On my phone Knox was tripped after rooting my phone and everytime I wanted to give an application root rights knox said there's something wrong and I should uninstall the app and reboot my phone.
Click to expand...
Click to collapse
Thanks for providing the info, I'll add it to the OP and give you credits :good:
R_a_z_v_a_n said:
From arco's root thread.
Powered by CM11 - M6 snapshot
Click to expand...
Click to collapse
Thank you, I'll add the info to the OP and give you credits. :good:
------------
To all further informations which can be added I'll add them too and give credits, but skip writing it down here
KNOX tripped
Hi, I like that there is someone taking care for this device.
I have a GT-I9192 (A Duos version of S4 Mini) and rooted it so the KNOX is 0x1
Also a friend of mine has one too, and I updated his phone to the latest stock rom (not rooted or anything other, just update) with Odin, and his warranty bit shows 0x1
but a couple of days ago, his phone had a hardware damage (I think so) there is a problem with the screen so the phone shuts down after 3 or 4 minutes, and then doesn't restart. Went to Samsung Costumer Care and they say that the phone has been rooted, so it's out of the warranty.
also about the knox and eFuse thing, as I could understand in some other topics ( like this one: http://forum.xda-developers.com/showthread.php?t=2486346 ) the eFuse thing comes in use in Snapdragon N9000 and above chips, and this device has a Snapdragon 400
however, it would be very good if we could make a Knox reset...
urtin said:
however, it would be very good if we could make a Knox reset...
Click to expand...
Click to collapse
A knox reset isn't possible right now and probably won't be in a while (or ever). Tripping knox voids your warranty, in many people's cases (like mine) this isn't a problem because they aren't covered by it but if you are then you should probably think it twice before messing with something that could trip knox. There's no way around it sadly. I hope your friend can at least repair the device with a third party.

How to CREATE full brick?

Hi,
I know this is a weird question, but I was wondering:
Is it possible to create a full bricked Note 4 on purpose?
I mean to make it really really dead, no booting any more, no recovery, no download mode, nothing.
So that a new mainboard is a must? Like, what happens when you flash a BL file and pull the cable in the middle?
And no, I don't want to destroy foreign Notes on purpose.
I am thinking about my Note 4, a 700€ phone which is slightly older than 1 freaking year and where the internal memory suddenly fails,
to maybe get my warranty for this Samsung bull**** to be repaired.
I always treated it like my precious, but unluckily I was one of the cases with a faulty mmc Note 4 (google it, it's quite common).
And since I rooted it, I should pay for the faulty hardware instead of Samsung, which I find a liiiittle bit unfair. :crying:
I remember someone posted a comment about that recently.
Maybe it was in answer to one of those "will root void my warranty by tripping knox" type questions.
From memory, I think the person suggested something like cross circuiting the battery and sim card port, or similar.
It was a physical act and not just software related.
To fully brick your device, flash a bootloader or firmware made for some other model of the note 4 (other than your model) or that of some other samsung phone series like note 5 or s6
Shane_Picardo said:
To fully brick your device, flash a bootloader or firmware made for some other model of the note 4 (other than your model) or that of some other samsung phone series like note 5 or s6
Click to expand...
Click to collapse
Can authorized service discover what you did and then denie your warranty?
I also have some issues that authorized service does not recognize (weak mobile signal).
Shane_Picardo said:
To fully brick your device, flash a bootloader or firmware made for some other model of the note 4 (other than your model) or that of some other samsung phone series like note 5 or s6
Click to expand...
Click to collapse
This just won't flash, and the phone will be in download mode
ph03n!x said:
This just won't flash, and the phone will be in download mode
Click to expand...
Click to collapse
I don't know about this coz about 3 years ago my aunt wanted android 4.x on her galaxy S phone. So I had installed cyanogenmod but then she didn't like it so she told me to revert back to the original firmware. Unfortunately, I downloaded the firmware for gt-i9003 while hers was gt-i9000. It got bricked and I was in a soup!
---------- Post added at 12:32 PM ---------- Previous post was at 12:25 PM ----------
guls said:
Can authorized service discover what you did and then denie your warranty?
I also have some issues that authorized service does not recognize (weak mobile signal).
Click to expand...
Click to collapse
Samsung devices after S3 and note 2 come with "Knox" security. The moment you flash any firmware or ROM that is not official (not signed by samsung), it will trip the counter. It is like a fuse that can't be reset. Go to download mode and check your knox warranty void. If it is: 0x1 then you have lost warranty. It can't be made 0x0 anymore. Thats how service centers get a clue that you have tampered with the OS.
Samsung devices after S3 and note 2 come with "Knox" security. The moment you flash any firmware or ROM that is not official (not signed by samsung), it will trip the counter. It is like a fuse that can't be reset. Go to download mode and check your knox warranty void. If it is: 0x1 then you have lost warranty. It can't be made 0x0 anymore. Thats how service centers get a clue that you have tampered with the OS.
Click to expand...
Click to collapse
If the phone is bricked, how can they see Download mode?
Well, thats exactly the question.
Assuming you flash a bootloader file through Odin, and you then interrupt the process in the middle... What would happen?
Phone dead I guess. But is the DL mode still reachable? Or like someone suggested, maybe try to flash some unfitting FW.
The thing is, with all the warranty denies from Sammy, I am astonished that no one else thought about trying to disguise the Knox flag via completely killing the Software...
Although i think that, even if the device seems very dead, Sammy will still have ways to check the Knox flag. Though it would be worth a try, whats there to loose...
MisterKanister said:
Well, thats exactly the question.
Assuming you flash a bootloader file through Odin, and you then interrupt the process in the middle... What would happen?
Phone dead I guess. But is the DL mode still reachable? Or like someone suggested, maybe try to flash some unfitting FW.
The thing is, with all the warranty denies from Sammy, I am astonished that no one else thought about trying to disguise the Knox flag via completely killing the Software...
Although i think that, even if the device seems very dead, Sammy will still have ways to check the Knox flag. Though it would be worth a try, whats there to loose...
Click to expand...
Click to collapse
Did you find it ? the way of course ...
scamex said:
Did you find it ? the way of course ...
Click to expand...
Click to collapse
No.
My Note further degraded and every try to flash something through Odin fails immediately.
So I only have the Download Mode and Stock Recovery left.
MisterKanister said:
No.
My Note further degraded and every try to flash something through Odin fails immediately.
So I only have the Download Mode and Stock Recovery left.
Click to expand...
Click to collapse
You can find + and - of the sim and after that see where they make contact on simcard reader. After that find a transformer rated 12V and touch with the wires the 2 sim contact. I`m sure it will damage the board.
It wont, it will just fry the sim card circuitry fuse and it will still be able to boot. You could hex edit the bootloader file and write junk data in it, pack it to tar and add md5 to it, then just flash it. I am not responsive for what you do with this.

reset counter the KNOX

Hello my brothers,
it was the first post me here at XDA
will give you the original file for the reset counter the KNOX for note3 n900 only.
and I will raise it on the MEGA.
did you have to do is download and run ODIN program file and enter the device on the status of the DOWNLOADMODE and then you connect the device to USB and choose to reset the counter file after completion remove the battery and reinsert then enter into the DOWNLOADMODE once again and then chose any Software installed and want to be here have restored security
ALRA7AL.SYRIA 😉
Greetings to you if you like this topic only thank enough for me
https://mega.nz/#!VYV3xCzb!_XOkBLULxoAqO73ll2FR_o1I04We2iwCEAKeUCYkeHU
alra7al.syria said:
Hello my brothers,
it was the first post me here at XDA
will give you the original file for the reset counter the KNOX for note3 n900 only.
and I will raise it on the MEGA.
did you have to do is download and run ODIN program file and enter the device on the status of the DOWNLOADMODE and then you connect the device to USB and choose to reset the counter file after completion remove the battery and reinsert then enter into the DOWNLOADMODE once again and then chose any Software installed and want to be here have restored security
ALRA7AL.SYRIA ?
Greetings to you if you like this topic only thank enough for me
https://mega.nz/#!VYV3xCzb!_XOkBLULxoAqO73ll2FR_o1I04We2iwCEAKeUCYkeHU
Click to expand...
Click to collapse
There are already two methods to reset knox.
No point in opening another thread.
Reporting via N910G.
yashthemw said:
There are already two methods to reset knox.
No point in opening another thread.
Reporting via N910G.
Click to expand...
Click to collapse
thank bro i was reported
Sent from my SM-N900 using XDA-Developers mobile app
alra7al.syria said:
Hello my brothers,
it was the first post me here at XDA
will give you the original file for the reset counter the KNOX for note3 n900 only.
and I will raise it on the MEGA.
did you have to do is download and run ODIN program file and enter the device on the status of the DOWNLOADMODE and then you connect the device to USB and choose to reset the counter file after completion remove the battery and reinsert then enter into the DOWNLOADMODE once again and then chose any Software installed and want to be here have restored security
ALRA7AL.SYRIA 😉
Greetings to you if you like this topic only thank enough for me
https://mega.nz/#!VYV3xCzb!_XOkBLULxoAqO73ll2FR_o1I04We2iwCEAKeUCYkeHU
Click to expand...
Click to collapse
Also note 3 is too old and will not get any updates. Notb many would be interested in resetting the Knox.
Does this method actually work, my counter is 0x1, i didnt think it could be reset on the N9005??
gazza35 said:
Does this method actually work, my counter is 0x1, i didnt think it could be reset on the N9005??
Click to expand...
Click to collapse
Read post one .
will give you the original file for the reset counter the KNOX for note3 n900 only.
JJEgan said:
Read post one .
will give you the original file for the reset counter the KNOX for note3 n900 only.
Click to expand...
Click to collapse
Ah ok i see, not the N9005, cheers Anyway.
ok bro
gazza35 said:
Does this method actually work, my counter is 0x1, i didnt think it could be reset on the N9005??
Click to expand...
Click to collapse
us this link
http://forum.xda-developers.com/gal...t-guide-note-3-lte-sm-n9005-lollipop-t3093183
alra7al.syria said:
us this link
http://forum.xda-developers.com/gal...t-guide-note-3-lte-sm-n9005-lollipop-t3093183
Click to expand...
Click to collapse
Yer i have root already and Phronesis installed, unfortunatley i had tripped knox, probably when i installed twrp, but as of yet i dont think there is anyway to reset it.
Unless the phone has warranty or you want to sell the phone, I don't think resetting the Knox counter means much as a tripped Knox counter has never caused me any problems with the phone using stock or custom ROMs.
audit13 said:
Unless the phone has warranty or you want to sell the phone, I don't think resetting the Knox counter means much as a tripped Knox counter has never caused me any problems with the phone using stock or custom ROMs.
Click to expand...
Click to collapse
Yer it was just for re-sale purposes. just to make sure everything as it should be, but i know, means nothing really, just samsungs way of getting out of honouring warranty, interestingly, i once owned a galaxy s2, and purchased a USB JIG, years ago, i then had a s3, s4 and the jig wouldnt work on them so i threw it in a draw.
The other day i came across the jig, and thought id try it on my Note which reported the binary as custom and the counter as 0x1, Upon turning off my Note 3 and inserting the jig into the usb socket, it did indeed fire my phone straight into download mode, although my phone counter is still 0x1, it has indeed changed the binary from custom to official.
Lol, didnt think it would do anything but there ya go, Partial success.
Just Flashed today...
I got my device soft-brick after flashing it,
when i power the phone up, it doesn't boot into system, but showing..
Error Code : [ RST_STAT = 0X400 ]
POWER RESET or
UNKNOWN
UPLOAD MODE
Pls, did somebody experience it?...
---------- Post added at 09:25 AM ---------- Previous post was at 09:15 AM ----------
Thank a lot guys..
The problem is solved..
I have got my device back.

Fake the Knox counter to show 0x0 in Download mode

I was wondering if the Knox counter could be masked to show 0x0 after being tripped to 0x1 with a custom bootloader
I was going through the aboot.mbn file on the SM-T350 stock firmware with a hex editor and I found:
WARRANTY VOID: 0x%x (%d) and
WARRANTY VOID: 0x%x
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What if I change these to:
WARRANTY VOID: 0x0 (0) and
WARRANTY VOID: 0x0
then flash it with Odin
Would it reset the counter to 0x0 (0) or not? If not are there any other ways to reset the counter without replacing hardware?
you cant use a custom bootloader unless u want a bricku also cant rezet knox counter as its a physical efuse that is blown.
magisk already should visually change it on boot but if not make a script n change it using resetprop
elliwigy said:
you cant use a custom bootloader unless u want a bricku also cant rezet knox counter as its a physical efuse that is blown.
magisk already should visually change it on boot but if not make a script n change it using resetprop
Click to expand...
Click to collapse
Doesn't Magisk only hide the value in the system? Won't it still say 0x1 in download mode?
JJcoder said:
Doesn't Magisk only hide the value in the system? Won't it still say 0x1 in download mode?
Click to expand...
Click to collapse
yes.. bcuz u cannot reset knox counter.. its impossible unless you replace the main board since knox counter is a physical efuse..
it has been this way ever since they created it and has never been any way to reset it since its a physical fuse
elliwigy said:
yes.. bcuz u cannot reset knox counter.. its impossible unless you replace the main board since knox counter is a physical efuse..
it has been this way ever since they created it and has never been any way to reset it since its a physical fuse
Click to expand...
Click to collapse
I know you can't reset it entirely but what I'm trying to do is mask the download mode string to show 0x0. I figured out that Odin cannot flash a custom bootloader but I ordered a JTAG box and I'm sure that can. There has to be something in the software (probably in the bootloader) that displays 0x1 in download mode.
JJcoder said:
I know you can't reset it entirely but what I'm trying to do is mask the download mode string to show 0x0. I figured out that Odin cannot flash a custom bootloader but I ordered a JTAG box and I'm sure that can. There has to be something in the software (probably in the bootloader) that displays 0x1 in download mode.
Click to expand...
Click to collapse
there is but that would be useless since itll only change it visually.. and again, its not stored in the bootloader.. and again, u cant modify the bootloader and expect it to work..
the bootloader is one of the first things to be loaded and also is verified against root/privqte key/signature.. its verified even on unlocked devices..
device starts bl gets loaded and verified (if any errors will crash usually into an emergency mode such as edl) then bootloader checks flasgs elsewhere on the device and if its set unlocked it will ignore verification of the next firmware to be loaded.. it does this on every startup, bootloader itself is actually never modified.
knox warranty bit is a physical fuse that gets burned, there is absolutely no way to change this.. even changing it to appear 0x0 is only visual in dl mode. During runtime it can help to be set to 0x0 (again just visual) if the app is looking for that property if its normally blocked due to root. This change also resets when device reboots since the properties are loaded into ram.
elliwigy said:
there is but that would be useless since itll only change it visually.. and again, its not stored in the bootloader.. and again, u cant modify the bootloader and expect it to work..
the bootloader is one of the first things to be loaded and also is verified against root/privqte key/signature.. its verified even on unlocked devices..
device starts bl gets loaded and verified (if any errors will crash usually into an emergency mode such as edl) then bootloader checks flasgs elsewhere on the device and if its set unlocked it will ignore verification of the next firmware to be loaded.. it does this on every startup, bootloader itself is actually never modified.
knox warranty bit is a physical fuse that gets burned, there is absolutely no way to change this.. even changing it to appear 0x0 is only visual in dl mode. During runtime it can help to be set to 0x0 (again just visual) if the app is looking for that property if its normally blocked due to root. This change also resets when device reboots since the properties are loaded into ram.
Click to expand...
Click to collapse
Changing it to 0x0 in download mode would give you warranty because if they check to see in download mode it would show 0x0. The Knox features would still probably not work.
And if it isn't stored in the bootloader then why did I find it in aboot.mbn? Could it be stored in more than one place? The problem is if you modify the bootloader it will probably not work like you said.
There might be a way to "reset" it because people have reported that Samsung reset there Knox counter and the IMEI stayed the same. That either means that they programmed the IMEI into the new motherboard or that there is a way to reset it.
JJcoder said:
Changing it to 0x0 in download mode would give you warranty because if they check to see in download mode it would show 0x0. The Knox features would still probably not work.
And if it isn't stored in the bootloader then why did I find it in aboot.mbn? Could it be stored in more than one place? The problem is if you modify the bootloader it will probably not work like you said.
There might be a way to "reset" it because people have reported that Samsung reset there Knox counter and the IMEI stayed the same. That either means that they programmed the IMEI into the new motherboard or that there is a way to reset it.
Click to expand...
Click to collapse
changing it would not do anything except make it appear not tripped.. and yea, i guess if the techs an idiot and cant see its tripped then he shouldnt b working for samsung as an engineer lmao.. best bet if wanting to do warranty and concerned theyll not like it being tripped then do wat i do, fully brick it so it wont even turn on lol
the knox warranty is NOT in the bootloader.. viewing strings in the bootloader is basically code as it will need to check for the flag.. u will see references to varios flags in the bootloader but its just code saying if knox flag 0x0 then is clean if knox 0x1 then tampered etc etc..
not to b smart or anything but i domt think u understand.. itis literally and physically impossible to reset knox warranty flag.. u can only make it appear 0x0.. its literally a physical fuse that gets blown, only way to get it to a real 0x0 is replace the mptherboard with one not tripped.
People have tried including legends to "reset" knox counter since it was even a thing.. its just not possible.. anyone who claims to do so is guaranteed to be false or they are simply mistaken and confusing it with something else
samsung definitely woupd replace the mobo and could reprogram the imei.. they can do a lot more than that.. its also possible theres more than one fuse and they just change it to use the new unblown fuse instead of the tripped one
elliwigy said:
changing it would not do anything except make it appear not tripped.. and yea, i guess if the techs an idiot and cant see its tripped then he shouldnt b working for samsung as an engineer lmao.. best bet if wanting to do warranty and concerned theyll not like it being tripped then do wat i do, fully brick it so it wont even turn on lol
the knox warranty is NOT in the bootloader.. viewing strings in the bootloader is basically code as it will need to check for the flag.. u will see references to varios flags in the bootloader but its just code saying if knox flag 0x0 then is clean if knox 0x1 then tampered etc etc..
not to b smart or anything but i domt think u understand.. itis literally and physically impossible to reset knox warranty flag.. u can only make it appear 0x0.. its literally a physical fuse that gets blown, only way to get it to a real 0x0 is replace the mptherboard with one not tripped.
People have tried including legends to "reset" knox counter since it was even a thing.. its just not possible.. anyone who claims to do so is guaranteed to be false or they are simply mistaken and confusing it with something else
samsung definitely woupd replace the mobo and could reprogram the imei.. they can do a lot more than that.. its also possible theres more than one fuse and they just change it to use the new unblown fuse instead of the tripped one
Click to expand...
Click to collapse
So if you somehow make it appear to be 0x0 in download mode Samsung would still know it's tripped? If they would than there is no point in this whole thread.
Again, I know that it is a phisical fuse and can't actually be reset. (Without changing the motherboard)
If it is not stored in the bootloader then where is it stored? On a write-protected partition? Could a JTAG box write on that partition?
I understand that Knox will probably never be reset but I am just posting ideas.
JJcoder said:
So if you somehow make it appear to be 0x0 in download mode Samsung would still know it's tripped? If they would than there is no point in this whole thread.
Again, I know that it is a phisical fuse and can't actually be reset. (Without changing the motherboard)
If it is not stored in the bootloader then where is it stored? On a write-protected partition? Could a JTAG box write on that partition?
I understand that Knox will probably never be reset but I am just posting ideas.
Click to expand...
Click to collapse
it depends on the variant.. sd or exynos but typically its on a non volatile partition such as steady or param for example.. they have to be read/writeable by system usually so u would need at least system privs is my guess..
and samsung will know.. they make the phones obviously and have software, jigs, all sorts of stuff to repair devices which clearly check the warranty status.. i doubt they just enter dl mode and check the screen.. if anything they probably dont even look at this at all.. they probably hook it up to some jig like anyway jig then use some software like daseul which would report the values
elliwigy said:
it depends on the variant.. sd or exynos but typically its on a non volatile partition such as steady or param for example.. they have to be read/writeable by system usually so u would need at least system privs is my guess..
and samsung will know.. they make the phones obviously and have software, jigs, all sorts of stuff to repair devices which clearly check the warranty status.. i doubt they just enter dl mode and check the screen.. if anything they probably dont even look at this at all.. they probably hook it up to some jig like anyway jig then use some software like daseul which would report the values
Click to expand...
Click to collapse
I bet some techs just go to download mode because if no one has ever managed to change it to show 0x0 why would they waste time using something else? Also where is the Odin mode code stored?
JJcoder said:
I bet some techs just go to download mode because if no one has ever managed to change it to show 0x0 why would they waste time using something else? Also where is the Odin mode code stored?
Click to expand...
Click to collapse
because its probably faster for them to hook it up to a cable as well as its probably the way theyre supposed to do it.. dont think they keep their jobs taking shortcuts and cant identify if a device has been tampered with which is their entire reason for having the warranty flag to begin with lol.. if they dont check then end up replacing it im sure at some point theyll fogure it out which by then might have cost them more $$$.
odin mode code? not sure wat u mean but if u think u can edit some code and bypass security that easy then good luck.. the code is everywhere.. it all works together from device identifiers such as imei, edid, oem flags, verified boot, selinux, verity, dtb, tz etc etc. u cant just edit some line of code then have everything b unlocked..
u should search google and read up on previous exploits to get an idea of what ur dealing with.. theres been plenty over the years which of course have all mostly been patched making it even harder..
without an unlocked bl you have to consider avb, verity, signatures, selinux, defex, tima, proca, rkp, encryption, knox and more..
for example on newer devices to even flash combo you need to take ur device specific info such as edid and find someone in samsung to send it to their server to generate a factory token which prolly can only be used once and only on one specific device and that is just to flash combo.. to unlock the bl u really only have eng tokens which are even harder to find if at all that will allow custom firmware.. given you have an inside samsung engineer willing to lose their job at which theyd probably charge more than the phones worth without exploits which really takes hardcore developers that most likely work for a security company and report them to be patched and never release publicly..
even basic root is becoming rare due to all the security and most the obvious exploits have already been found released and patched over the years.
with that being said u have better luck trying to exploit edl mode or exynos usb mode but even then usa locked devices even require signed official files to use these modes which these files are also rare and need to b leaked as well as cost $$$
long story short, good luck lol
elliwigy said:
because its probably faster for them to hook it up to a cable as well as its probably the way theyre supposed to do it.. dont think they keep their jobs taking shortcuts and cant identify if a device has been tampered with which is their entire reason for having the warranty flag to begin with lol.. if they dont check then end up replacing it im sure at some point theyll fogure it out which by then might have cost them more $$$.
odin mode code? not sure wat u mean but if u think u can edit some code and bypass security that easy then good luck.. the code is everywhere.. it all works together from device identifiers such as imei, edid, oem flags, verified boot, selinux, verity, dtb, tz etc etc. u cant just edit some line of code then have everything b unlocked..
u should search google and read up on previous exploits to get an idea of what ur dealing with.. theres been plenty over the years which of course have all mostly been patched making it even harder..
without an unlocked bl you have to consider avb, verity, signatures, selinux, defex, tima, proca, rkp, encryption, knox and more..
for example on newer devices to even flash combo you need to take ur device specific info such as edid and find someone in samsung to send it to their server to generate a factory token which prolly can only be used once and only on one specific device and that is just to flash combo.. to unlock the bl u really only have eng tokens which are even harder to find if at all that will allow custom firmware.. given you have an inside samsung engineer willing to lose their job at which theyd probably charge more than the phones worth without exploits which really takes hardcore developers that most likely work for a security company and report them to be patched and never release publicly..
even basic root is becoming rare due to all the security and most the obvious exploits have already been found released and patched over the years.
with that being said u have better luck trying to exploit edl mode or exynos usb mode but even then usa locked devices even require signed official files to use these modes which these files are also rare and need to b leaked as well as cost $$$
long story short, good luck lol
Click to expand...
Click to collapse
By Odin mode code I mean where is the code for Odin/Download mode stored? I found it coded in aboot.mbn (the bootloader) but you said it isn't stored in the bootloader. If you find out where the code is you can change the value to 0x0 so either way they check it it will return 0x0.
Edit: I put the aboot.mbn file in a .tar format and I tried to flash it with Odin and it just got stuck at file analysis
So I copied the devices aboot file and edited it (To mask Knox to 0x0) and pasted it back to where it was and it did nothing at all so you were right about it not being stored in the bootloader.
Edit 2: What about https://knoxreset.com? I also found the source code here: https://github.com/venus342/KNOX-Reset
And this xda thread: https://forum.xda-developers.com/android/general/disable-knox-reset-knox-counter-to-0x0-t3414890
Edit 3: where is the Knox counter stored? It has to be somewhere.
Edit 4: After some more research I figured out that the aboot.mbn is an executable for ARM processers which you can dissassemble (to get the original code) with IDA Pro but I don't want to buy IDA pro and I tried the free version and it doesn't support ARM. So are there any other dissassemblers that would work to dissassemble this file? (Becuase Odin/Download mode could be coded in this file which would allow us to change the Download mode string to show 0x0) Also I found this site where someone disassembles aboot.mbn and changes download mode to block flashing: https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
Edit 5: I dissassembled the bootloader with another dissassembler and edited it and compressed it in a .tar format correctly (I found out the reason why it got stuck at file analysis... is because I compressed it wrong with WinRAR) and then tried to flash it with Odin but it ended with Secure Check Fail: aboot
Not sure how many times I need to say it, you can't just "edit" the code and reset the knox counter as it is a physical fuse...
the links you posted one is some old website that still shows it installing old supersu, they don't say how or what it does, there isn't any way to reset the counter.. I imagine it is BS.. if it was a thing and worked then surely you'd see others having replicated it or at the very least talking about it over the years which isn't the case.. You can try it if you want but I would highly advise against it as they'll probably steal your money and it won't work.
as for the xda thread you linked you can clearly see it was closed by mods years ago, multiple users say it showed up as a virus as well as many saying it didn't work and was crap as well as some even saying it was a rip off indicating they were charging for it lol.. My guess is they got enough complaints that it didn't work so they closed the thread.
Yes, the code is in the bootloader for ODIN/download mode.. but A - You can't edit/modify the bootloader and have the device boot, in fact it will hard brick causing you to go into exynos usb mode or EDL mode B) The code for it to work is in the bootloader, the flags and such you are thinking about are not stored in the bootloader. If that was the case then one could just install the bootloader from a stock firmware and it would reset which isn't the case, this is because it is a physical efuse that is blown so when device starts up it write the flag on some other partition that it is tripped then the bootloader reads this flag.. what is displayed in download mode is only visual.. changing it to appear as 0x0 does not mean it is actually 0x0 since the physical fuse is blown.. not sure how hard this is to understand lol
As far as the CC mode, again, this is not something they change in the bootloader, they dissassembled the bootloader to determine how it boots and how it determines which mode to boot into. CC mode is also known as common criteria mode, samsung provides an app you can download if you want to test it out. Also, MDM can do the same thing as far as not allowing firmware to be flashed in odin/dl mode. They basically found out what the bootloader checks for when starting up or entering download mode and edited that flag to not allow flashing in odin, this is a software thing, not a physical thing. Neither of these modify the bootloader and neither of these use a physical efuse like the knox warranty bit does so they are two completely different things.
Also, just because you can change the way something appears on the screen doesn't always mean it will do what you want. For example I can make download mode say it is in ENG mode but doesn't mean it actually is.
If you need to know why the bootloader cannot be modified it's because of AVB. When device starts it verifies the bootloader against the devices root key/signature. If it is modified at all it will break this signature and since it is one of the very first things that get loaded (and is needed to load other stuff such as secondary bootloader or kernel etc. depending on the device) the startup will be killed forcing the device into an emergency recovery mode. Even if the BL is unlocked you cannot flash a modified bootloader without it bricking.
I am done trying to explain it, if you want to keep trying where experienced developers have tried for years n years and when it is technically impossible then by all means good luck and have fun.
JJcoder said:
By Odin mode code I mean where is the code for Odin/Download mode stored? I found it coded in aboot.mbn (the bootloader) but you said it isn't stored in the bootloader. If you find out where the code is you can change the value to 0x0 so either way they check it it will return 0x0.
Edit: I put the aboot.mbn file in a .tar format and I tried to flash it with Odin and it just got stuck at file analysis
So I copied the devices aboot file and edited it (To mask Knox to 0x0) and pasted it back to where it was and it did nothing at all so you were right about it not being stored in the bootloader.
Edit 2: What about https://knoxreset.com? I also found the source code here: https://github.com/venus342/KNOX-Reset
And this xda thread: https://forum.xda-developers.com/android/general/disable-knox-reset-knox-counter-to-0x0-t3414890
Edit 3: where is the Knox counter stored? It has to be somewhere.
Edit 4: After some more research I figured out that the aboot.mbn is an executable for ARM processers which you can dissassemble (to get the original code) with IDA Pro but I don't want to buy IDA pro and I tried the free version and it doesn't support ARM. So are there any other dissassemblers that would work to dissassemble this file? (Becuase Odin/Download mode could be coded in this file which would allow us to change the Download mode string to show 0x0) Also I found this site where someone disassembles aboot.mbn and changes download mode to block flashing: https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
Click to expand...
Click to collapse
elliwigy said:
Not sure how many times I need to say it, you can't just "edit" the code and reset the knox counter as it is a physical fuse...
the links you posted one is some old website that still shows it installing old supersu, they don't say how or what it does, there isn't any way to reset the counter.. I imagine it is BS.. if it was a thing and worked then surely you'd see others having replicated it or at the very least talking about it over the years which isn't the case.. You can try it if you want but I would highly advise against it as they'll probably steal your money and it won't work.
as for the xda thread you linked you can clearly see it was closed by mods years ago, multiple users say it showed up as a virus as well as many saying it didn't work and was crap as well as some even saying it was a rip off indicating they were charging for it lol.. My guess is they got enough complaints that it didn't work so they closed the thread.
Yes, the code is in the bootloader for ODIN/download mode.. but A - You can't edit/modify the bootloader and have the device boot, in fact it will hard brick causing you to go into exynos usb mode or EDL mode B) The code for it to work is in the bootloader, the flags and such you are thinking about are not stored in the bootloader. If that was the case then one could just install the bootloader from a stock firmware and it would reset which isn't the case, this is because it is a physical efuse that is blown so when device starts up it write the flag on some other partition that it is tripped then the bootloader reads this flag.. what is displayed in download mode is only visual.. changing it to appear as 0x0 does not mean it is actually 0x0 since the physical fuse is blown.. not sure how hard this is to understand lol
As far as the CC mode, again, this is not something they change in the bootloader, they dissassembled the bootloader to determine how it boots and how it determines which mode to boot into. CC mode is also known as common criteria mode, samsung provides an app you can download if you want to test it out. Also, MDM can do the same thing as far as not allowing firmware to be flashed in odin/dl mode. They basically found out what the bootloader checks for when starting up or entering download mode and edited that flag to not allow flashing in odin, this is a software thing, not a physical thing. Neither of these modify the bootloader and neither of these use a physical efuse like the knox warranty bit does so they are two completely different things.
Also, just because you can change the way something appears on the screen doesn't always mean it will do what you want. For example I can make download mode say it is in ENG mode but doesn't mean it actually is.
If you need to know why the bootloader cannot be modified it's because of AVB. When device starts it verifies the bootloader against the devices root key/signature. If it is modified at all it will break this signature and since it is one of the very first things that get loaded (and is needed to load other stuff such as secondary bootloader or kernel etc. depending on the device) the startup will be killed forcing the device into an emergency recovery mode. Even if the BL is unlocked you cannot flash a modified bootloader without it bricking.
I am done trying to explain it, if you want to keep trying where experienced developers have tried for years n years and when it is technically impossible then by all means good luck and have fun.
Click to expand...
Click to collapse
I know but that is all I want to do is make it say 0x0 in download mode so what do I need to edit?
Deleted member 10802473 said:
I know but that is all I want to do is make it say 0x0 in download mode so what do I need to edit?
Click to expand...
Click to collapse
Hi Deleted member 10802473
Modifying bootloader is not Possible because the bootloader is signed with OEM Private Keys you can simply Brick it. Make it 0x0 by Visual is your best option you will get your warranty back because they will see it as 0x0 in Odin Mode.
Best Regards
William Liu
.
OK. Here they did not answer the question of how to visually change the display of the knox.
And the second. If, as they say here, knox is a physical fuse, then why not just replace it on the board itself? One fuse should obviously cost less than the entire board. I'm sure I wasn't the first to come up with this idea. If it were that easy, Chinese stores would be full of these fuses. On the other hand, maybe it is, but I don't know about it?
Okay if i can rewrote a driver when i can add exception and emulate a return data(knox data)
knox can't reset, but we will edit it to show 0x0 and modify custom rom so it's 0x0 rom

Categories

Resources