Hi XDA.
I have had this idea for a while, not specifically for the Galaxy S8+, but if one device were to be worthy, it would be this one, due to the much higher kernel version compared to past devices.
The idea is to keep the 100% stock ROM, except with root, and have the system believe that it is 100% official. My idea is to root, and replace the Device Root Key (DRK) with a self-generated one, and then rebuild the whole ROM with all of the apps, the kernel, and other parts self-signed, with the device believing that the signatures are by Samsung. This would potentially allow us to relock the bootloader by having the device believe that the boot image is official.
This way we should be able to pass dm-verity whilst allowing modifications to system, pass safety net, and in the long run, pass KNOX with a kernel that fakes the KNOX bit to be cleared, and with further modifications, fake KNOX bit cleared in download mode. We could also make system modifications and convince KNOX that the changes are authorised and official.
Also, I do not like how theoretically Samsung can sign custom firmware to break into your device and remove the reactivation locks and potentially decrypt the device. In theory they cannot decrypt it if the encryption key is derived from the password and is not stored on the device, but I would not be surprised if there is a way.
I love Samsung stock software, but I wish I could root and still have the OOBE with Samsung Pay and KNOX containers.
But I am having trouble gathering concrete information. I am only partially sure that the DRK does what I said, and I am not sure if there are any other keys hardcoded into the device hardware, like the bootloader.
Can anybody comment on whether this is theoretically possible, and how? Or just any helpful information.
One thing I need to know is how the system reads the KNOX bit. If it is a protected mode instruction (unlikely because it would violate ARM compatibility) to put the result into a register, then it would be practically impossible to fake. But if only the kernel can check, then we can patch the kernel.
Also, can the KNOX eFuse be blown by unauthorised actions at runtime? As in, if one obtains root through a kernel vulnerability (like Galaxy S6 with PingPong) without tripping KNOX, are there actions / system modifications that can be done as root that can blow KNOX without flashing some unsigned image? My thoughts are that ideally, if rooting without blowing KNOX happens with another kernel exploit, we could use that window to replace the DRK and the whole system with self-signed software, that we would then have the golden experience of truly owning our own Samsung device, without KNOX ever tripping.
Thanks for any discussion!
Karatekid430
karatekid430 said:
Hi XDA.
I have had this idea for a while, not specifically for the Galaxy S8+, but if one device were to be worthy, it would be this one, due to the much higher kernel version compared to past devices.
The idea is to keep the 100% stock ROM, except with root, and have the system believe that it is 100% official. My idea is to root, and replace the Device Root Key (DRK) with a self-generated one, and then rebuild the whole ROM with all of the apps, the kernel, and other parts self-signed, with the device believing that the signatures are by Samsung. This would potentially allow us to relock the bootloader by having the device believe that the boot image is official.
This way we should be able to pass dm-verity whilst allowing modifications to system, pass safety net, and in the long run, pass KNOX with a kernel that fakes the KNOX bit to be cleared, and with further modifications, fake KNOX bit cleared in download mode. We could also make system modifications and convince KNOX that the changes are authorised and official.
Also, I do not like how theoretically Samsung can sign custom firmware to break into your device and remove the reactivation locks and potentially decrypt the device. In theory they cannot decrypt it if the encryption key is derived from the password and is not stored on the device, but I would not be surprised if there is a way.
I love Samsung stock software, but I wish I could root and still have the OOBE with Samsung Pay and KNOX containers.
But I am having trouble gathering concrete information. I am only partially sure that the DRK does what I said, and I am not sure if there are any other keys hardcoded into the device hardware, like the bootloader.
Can anybody comment on whether this is theoretically possible, and how? Or just any helpful information.
One thing I need to know is how the system reads the KNOX bit. If it is a protected mode instruction (unlikely because it would violate ARM compatibility) to put the result into a register, then it would be practically impossible to fake. But if only the kernel can check, then we can patch the kernel.
Also, can the KNOX eFuse be blown by unauthorised actions at runtime? As in, if one obtains root through a kernel vulnerability (like Galaxy S6 with PingPong) without tripping KNOX, are there actions / system modifications that can be done as root that can blow KNOX without flashing some unsigned image? My thoughts are that ideally, if rooting without blowing KNOX happens with another kernel exploit, we could use that window to replace the DRK and the whole system with self-signed software, that we would then have the golden experience of truly owning our own Samsung device, without KNOX ever tripping.
Thanks for any discussion!
Karatekid430
Click to expand...
Click to collapse
I have also been doing extensive research on this and made some progress. I have a private github wiki where I am detailing my experiments. PM me if you are interested in collaborating.
Related
hello guys
I have N9005 Galaxy Note 3
latest UK NG1 rom installed, i found a method of rooting without tempering knox status
but is there any method of install custom recovery without changing knox status
and what are other disadvantages of knox 0x1 except warranty, as my phone doesnt have local warranty
You can't install a custom recovery or custom kernel without tripping knox.
Knox is not necessarily for warranty but rather for the knox "app" on your phone. Knox is like having two phones in one. If you run the knox app you will see a separate android environment that is considered secure and you can install apps etc in there. People use this knox environment with their work email etc. Typically, if you use your phone and leave a company for example, they will remotely wipe your phone. In this case, only the Knox partition is wiped and your personal phone side remains untouched.
Tripping Knox tells people that Knox's security is not guaranteed anymore and Knox ceases to function on that phone.
If you've never used knox and don't have a need for it, tripping it won't harm you.
Another alternative is safe strap. This lets you use something that looks nearly identical to a custom recovery (with similar functions), but it was created for phones that can't write over their recovery partition. The AT&T and Verizon US phones have a version that works well. The AT&T safestrap works on the T-Mobile Note 3 and might work on your version. Research it and see if it works for you.
effortless said:
You can't install a custom recovery or custom kernel without tripping knox.
Knox is not necessarily for warranty but rather for the knox "app" on your phone. Knox is like having two phones in one. If you run the knox app you will see a separate android environment that is considered secure and you can install apps etc in there. People use this knox environment with their work email etc. Typically, if you use your phone and leave a company for example, they will remotely wipe your phone. In this case, only the Knox partition is wiped and your personal phone side remains untouched.
Tripping Knox tells people that Knox's security is not guaranteed anymore and Knox ceases to function on that phone.
If you've never used knox and don't have a need for it, tripping it won't harm you.
Another alternative is safe strap. This lets you use something that looks nearly identical to a custom recovery (with similar functions), but it was created for phones that can't write over their recovery partition. The AT&T and Verizon US phones have a version that works well. The AT&T safestrap works on the T-Mobile Note 3 and might work on your version. Research it and see if it works for you.
Click to expand...
Click to collapse
It's nice to see a good, informative response to questions regarding knox.
effortless said:
You can't install a custom recovery or custom kernel without tripping knox.
Knox is not necessarily for warranty but rather for the knox "app" on your phone. Knox is like having two phones in one. If you run the knox app you will see a separate android environment that is considered secure and you can install apps etc in there. People use this knox environment with their work email etc. Typically, if you use your phone and leave a company for example, they will remotely wipe your phone. In this case, only the Knox partition is wiped and your personal phone side remains untouched.
Tripping Knox tells people that Knox's security is not guaranteed anymore and Knox ceases to function on that phone.
If you've never used knox and don't have a need for it, tripping it won't harm you.
Another alternative is safe strap. This lets you use something that looks nearly identical to a custom recovery (with similar functions), but it was created for phones that can't write over their recovery partition. The AT&T and Verizon US phones have a version that works well. The AT&T safestrap works on the T-Mobile Note 3 and might work on your version. Research it and see if it works for you.
Click to expand...
Click to collapse
Efficient and adequate communication Very helpful.
Hi
I'm not overly fussed if Knox is tripped or not. What I do want to know though, is if its true that radio updates can't be applied once its tripped?
Cheers
Why would you think this? I can't think of an obvious rationale for Samsung doing that.
In the narrow sense of whether 0x1 would prevent an automatic OTA update.. I don't know. I've never had reason to suspect or look into that. I can tell you that you can manually update the radio with a 0x1 flag.
.
That's what i figured.
I was reading one of the rooting threads and someone was saying that once he had 0x1 he always get a secure error when trying to flash the radio.
If it's fine then I'll just CF Autoroot rather than fussing with towelroot
What is radio ?
TheMathMan said:
That's what i figured.
I was reading one of the rooting threads and someone was saying that once he had 0x1 he always get a secure error when trying to flash the radio.
If it's fine then I'll just CF Autoroot rather than fussing with towelroot
Click to expand...
Click to collapse
I think he must be confused about the changes that occurred with the 4.3+ OS. The bootloader after 4.3 is more restrictive and will sometimes balk at flashing a radio, but it does so for both 0x0 and 0x1 flags, so it's a moot point. The workaround to that is, if necessary, is to flash a full firmware image which will succeed in updating the radio even with a 0x1 flag.
He probably incremented his Knox flag right around the time 4.3 came out and doesn't realize what is really going on. That behaviour i.e. bootloader authorization failures appears to vary by carrier and radio version FWIW. But again, in the worst case, you can still update your radio by flashing a full firmware image.
You could preserve your Knox flag by using Towel root. But you wouldn't be able to use a custom recovery or kernel without incrementing the flag and I for one would not give up either.
The only things that the flag really effect are the secure storage feature that few use and the supposed effect on your warranty. But it's usually Samsung direct trying to deny a warranty claim due to a 0x1 flag. Most carriers don't care about Knox, so claims made through carriers are typically unaffected. And Samsung can't enforce that prejudice in the EU either.
@pratto
The radio (aka modem) is the firmware component that enables your phone to communicate with the carrier's network.
.
.
Cheers for the info. I'm in the UK so root I will
I'm only after root for the Folder Mount app.
I preferred this method of effectively swapping the external and internal SD cards myself. But either way, I'm sure that you will find root useful.
.
Hi guys so I'm really sorry if this has been asked millions of times but what I want to know is, does tripping the KNOX flag open a huge risk to normal system functionality not working? Now I know KNOX tripping, prevents you from using KNOX related stuff but does it stop you from an average joe using their phone normally, installing apps, sideloading apps, using the camera.
Tripping knox does affect on phone performance when back to stock ?
No it does not
Tripping knox stops you using Knox and also voids your warranty
(Well so called void, people i know still making claims with Samsung even tho Knox is tripped)
I tripped a year ago, and my device is like a fine wine - gets better as each day passes
is knox on 0x1 and back to stock rom is disable OTA and kies update or not ?
Remember Me? said:
is knox on 0x1 and back to stock rom is disable OTA and kies update or not ?
Click to expand...
Click to collapse
OTA should update yes, Knox is just a security feature, it does not medal with the OS if its broke / disabled i.e. 0x1
So knox is only for warranty, nothing else is
Remember Me? said:
So knox is only for warranty, nothing else is
Click to expand...
Click to collapse
Pretty much Let me explain in more detail.
Actually maybe not, Have a read here:
http://www.samsung.com/uk/business/solutions-services/mobile-solutions/security/samsung-knox
Its a security feature, The security is rendered usless if you root the device (Trip the Knox)
Imagine you have this device that is encrypted with the highest level of security.
You root the device, meaning the Security is no longer in place as 3rd party apps can have Root access and can meddle with the security.
The device trips itself 0x1 to say DONT use this security any more its pointless
The device has been compromised........
Trying to explain it in a much simpler process
Maybe another way to explain:
The business you work for, Give you a nice shiny note 3, They want you to use this device for Work too, But they are happy for you to use it for pleasure too.
Now the applications the Business will install are private apps, May contain sensitive information or access to the company via VPN or anything.
They company its self would not want to trust a user to install ANY apps that could hijack the phone and attack the company's software / connections
So Knox comes along.
The business installs the Business side on Knox, And you as a user can use the phone normally
Normally cannot touch Knox, and Knox cannot touch Normal
If you trip knox i.e. Root, Then the security is pointless, This then disabled knox - Now the business owner knows of the security breach and none of the company applications or connections have been compromised.
KNOX counters only affect two things: Warranty and the KNOX secure system.
Tripping KNOX is similar to breaking the seal on any piece of hardware. It renders your warranty void. This doesn't mean they won't repair it, just that it'll cost you money. You can always get additional insurance if you worry about it. If you're in the EU it doesn't matter at all. (unless you do something to cause a hardware defect.)
Secondly, KNOX has two parts, the counter and the security container. The latter is an environment on your phone in which you can work and store files. (like a virtual machine.). Any files inside the KNOX container can't be accessed outside it. This is mainly aimed at the business and government market. 99% of regular users do not even enable KNOX's security container. (you have to start it yourself, if isn't active by default.)
Tripping the counter disables the container, for obvious security reasons. (so if you have any files inside they're gone.)
It does not affect anything else.
i had rooted my device a month ago and trapped knox but now i cant even install updates for my device so is there any way to recover it ?
So once u root and trip knox u can't receive ota updates? Is flashing with Odin the only way?
Sent from my SM-G900T using XDA Free mobile app
When you root you can't (and shouldn't) use OTA. When you trip KNOX you can't use OTA.
ODIN is the only option. Any update by any method risks disabling the root method, so think very carefully before updating.
knox
This is like a spam and a virus ,any bussiness owner can modify or block you're phone. I was force to install custom rom because knox block and delete google play on my S9+.Read more on google play reviews who install Samsung Knox Manage.
Replying to 5 year old posts and not a Note 3 .
Hello,
as thread title says, I need some advice from professionals here for my new Galaxy S5.
Well it's not quite new (almost 1 year) but never rooted it or flashed it, so I still got OS (original system) by Samsung.
I am a pretty amateur on such stuff. First I need some advice what to do: Rec & Root or flash custom rom?
Followng things are important to me:
The System has to be stable and fast: no lags, no crashes, no errors (I do not expect 100% stability, since not even OS is 100% stable, but it has to be at least stable as OS or even a bit more)
I need features and nice widgets (Rom must also be afordable to other apps and widgets, I 'd prefer Samsung OS widget)
I need good quality on camera (preferred OS cam software and features)
Good signal and GPS (Good and fast GPS is a MUST!!, as I use often Navigon when I travel with my car)
Good video player and galery app (Preferred Samsung OS Galery App, but video player can also be different than Samsung OS Video Player if its working fine)
What I do not do with my phone:
I do not play games
I do not read e-books
I don't understand the purpose of KNOX! Do I need it really?
Here are some details of my Smartphone:
Model no: SM-G900F
Android version: 5.0
Modem version: G900FXXU1POJ1
Kernel version: 3.4.0-6364590
Build number: LRX21T.G900FXXU1POK5
Securitysoftware version: MDF v1.1 release 4 / VPN v1.4 Release 3
I would be greatful if someone could give an advice if it is worth to flash a custom rom and if yes what rom based in what moden and kernel versions or if a simple root with recovery install is enough?.
Thanks in advance
Regards
Hi @GordonSpace.......
Most of what you said in your post leads me to believe that there are many things about the stock OS that you are happy with. That being the case, the old adage 'if it ain't broke, don't fix it' comes to mind.....meaning (for now) you might as well stay with stock. If you start flashing CM custom roms (for example) you will lose that look and feel.
On to your question about Knox.....
In a nutshell, knox is based around an 'eFuse' which will trip or blow as soon as you modify your device. This eFuse CANNOT be reset. Samsung are, in some cases, denying warranty repairs on devices where knox has been tripped.
So basically, as soon as you flash CF Root or TWRP to gain root, your warranty is void (Samsung normally provide a 2 year warranty on their devices). Tripping knox will also prevent future 'over the air' updates. So even if you unrooted your device you would be stuck with the version of the OS that you have on your device. Finally, tripping knox will prevent your device from connecting to 'business enterprise secure' servers. So if you currently use your phone on your employers network, this will no longer be possible.
If you still want to go ahead and forget about knox, this is the easiest way to gain root......
Follow exactly....
1) deactivate 'Reactivation Lock' (can be found under Security in Settings).
2) copy SuperSU zip to your device.
3) boot into download mode.
4) Odin flash TWRP 2.8.7.0 (specifically this version).
5) DO NOT allow phone to boot, (uncheck auto reboot in odin and if necessary remove the battery as soon as the TWRP flash has completed) then.....
6) boot directly into recovery. (Vol +, Power & Home button combination)
7) flash SuperSU zip.
8) boot device as normal.
TWRP 2.8.7.0 by Dees_Troy
http://forum.xda-developers.com/showthread.php?t=2727406
superSU zip v2.46 by Chainfire
http://forum.xda-developers.com/showthread.php?t=1538053
When you have root access, you can get Titanium Backup from the playstore and freeze/delete the 'bloatware' that comes pre - installed on Samsung firmwares.
That will then give you the stability of the software designed for the phone coupled with the look and feel that you like, but without the resource hogging rubbish that most people with unrooted phones have to put up with......
http://i.imgur.com/rVnFwJM.jpg
thanks
keithross39 said:
Hi @GordonSpace.......
Most of what you said in your post leads me to believe that there are many things about the stock OS that you are happy with. That being the case, the old adage 'if it ain't broke, don't fix it' comes to mind.....meaning (for now) you might as well stay with stock. If you start flashing CM custom roms (for example) you will lose that look and feel.
On to your question about Knox.....
In a nutshell, knox is based around an 'eFuse' which will trip or blow as soon as you modify your device. This eFuse CANNOT be reset. Samsung are, in some cases, denying warranty repairs on devices where knox has been tripped.
So basically, as soon as you flash CF Root or TWRP to gain root, your warranty is void (Samsung normally provide a 2 year warranty on their devices). Tripping knox will also prevent future 'over the air' updates. So even if you unrooted your device you would be stuck with the version of the OS that you have on your device. Finally, tripping knox will prevent your device from connecting to 'business enterprise secure' servers. So if you currently use your phone on your employers network, this will no longer be possible.
If you still want to go ahead and forget about knox, this is the easiest way to gain root......
Follow exactly....
1) deactivate 'Reactivation Lock' (can be found under Security in Settings).
2) copy SuperSU zip to your device.
3) boot into download mode.
4) Odin flash TWRP 2.8.7.0 (specifically this version).
5) DO NOT allow phone to boot, (uncheck auto reboot in odin and if necessary remove the battery as soon as the TWRP flash has completed) then.....
6) boot directly into recovery. (Vol +, Power & Home button combination)
7) flash SuperSU zip.
8) boot device as normal.
TWRP 2.8.7.0 by Dees_Troy
http://forum.xda-developers.com/showthread.php?t=2727406
superSU zip v2.46 by Chainfire
http://forum.xda-developers.com/showthread.php?t=1538053
When you have root access, you can get Titanium Backup from the playstore and freeze/delete the 'bloatware' that comes pre - installed on Samsung firmwares.
That will then give you the stability of the software designed for the phone coupled with the look and feel that you like, but without the resource hogging rubbish that most people with unrooted phones have to put up with......
http://i.imgur.com/rVnFwJM.jpg
Click to expand...
Click to collapse
Hello keithross and thank you for your response.
I use my smartphone only in private.
However it still has 11 months warranty by Samsung. Another Idea I had was to sell my Galaxy S5 as it is (OS and Knox) and buy another smartphone.
However what would be your recommendation for a new smartphone?
I was thinking about LG or HTC. But I'm not sure about to purchase a "famous" brand device or just a cheap one like Mobistel, Huawai and such.
What is a nice smartphone to have it root / flashed?
Regards
Kiri
I have about 9 months of warranty left on my phone....but I was able to root without tripping knox.....simply because I rooted before I allowed my phone to update to Lollipop (I rooted with Towelroot while running KitKat) then debloated, and customised the stock firmware.....so I have my phone as I want it, and still have knox intact.
The S5 will probably be my final Samsung smartphone, but as of this moment, I haven't given much thought as to what I'll replace it with. I'm half tempted to keep it beyond the end of it's warranty and start trying out custom roms at that point. It does everything I want it to do, so why would I need to replace it?
On the other hand, if i did replace it, I'd probably stay with one of the well known brand names.....The chances are that they'll have more dev support than the less popular makes of device....but I won't waste my money on any more flagship devices, I'll probably look at the 'upper midrange' devices as they'll (by that time) probably have similar specs to my current device (the way technology is currently advancing, they may even be superior to the S5)......
http://i.imgur.com/rVnFwJM.jpg
CyanogenMod
I decided to flash cyanogenmod snapshot
1. However I do not understand the difference between klte and kltedv rom (kltedv = vodafone. does that mean my provider has to be vodafone?)
2. TWRP or Cyanogen Recovery?
3. Do I need to install a diff Kernel version?
4. Anything I should take care about before I flash? (something special about Samsung drivers, kernel, odin etc...?)
Thx for your support.
1....In all honesty I can't answer having never flashed custom to my S5.
2....TWRP recovery over Cyanogen recovery....Every time. Cyanogen recovery is little better (if at all) than stock recovery.
3....flashing a different kernel isn't strictly speaking necessary....unless you want to be able to change processor clock speeds and voltage and apply various other specialist 'tweaks'.....
4....after rooting (but before flashing) make a backup of your EFS folder (critically important) it contains, amongst other things, your IMEI number. If this folder becomes corrupted, you're in a whole world of hurt....
Back up any personal data that you can't afford to lose....things like photos etc.
Make sure you have a copy of your current firmware available....If it all goes pear shaped, you'll possibly need it to recover your phone.
The version of Odin that has most compatibility with the S5 is v3.10.7 though other versions *should* work.
Get hold of and install the Samsung USB drivers on your pc....They come bundled with Kies available on Samsung's website. (If you install Kies, you will need to use task manager on your pc to kill the kies processes prior to flashing anything with Odin).
Use the usb cable that came with your phone when connecting it to your pc.
Make sure you've disabled your firewall and antivirus before attempting to use Odin.
If you need any more help just let me know by commenting below.....
Luck fella
http://i.imgur.com/rVnFwJM.jpg
Hey thanks mate. I rooted my device with CF autoroot via odin. I read that CM13 with Android 6 is as a stable version out now. Probably I am gonna flash it. However, I have a question with my current root of S5. Currently the wifi passwords are being save as an encrypted hex key in the wifi_supplicant.conf file. However I would like to use an app that saves and shows my wifi passwords, but unfortunately due to the encryption of S5 it's not a help for me. Any recommendations what can I do to save the real PW instead of the encrypted key?
Sorry fella....The tech aspects of your question have gone right over my head like an international Jumbo Jet....I have no idea what you're even asking about, let alone how to solve it for you. Your best bet would be to create a thread specifically for this question.....you will probably get more views for that thread than for this one.....sorry mate....
http://i.imgur.com/rVnFwJM.jpg
GordonSpace said:
Hey thanks mate. I rooted my device with CF autoroot via odin. I read that CM13 with Android 6 is as a stable version out now. Probably I am gonna flash it. However, I have a question with my current root of S5. Currently the wifi passwords are being save as an encrypted hex key in the wifi_supplicant.conf file. However I would like to use an app that saves and shows my wifi passwords, but unfortunately due to the encryption of S5 it's not a help for me. Any recommendations what can I do to save the real PW instead of the encrypted key?
Click to expand...
Click to collapse
You should already know the passwords if they are your routers/APs
I don't know my passwords. The thing is, that sometimes we go to some cafés and such where I have saved the PW of the router, but sitting with friends some of them do not have it to connect with wifi. Thats why I am asking if there is a possibility to view the passwords I saved in my wifi connections (not as a hex key but the true passwords). Anyway.. thx for help. I guess thats Samsung OS. Hope it won't be with CM13 like this.
Anyone know how to install knox on rooted s7 edge....
Anyone know how to install a Anti virus on a full infected PC
"Same thing, Knox is a security suit, it isolates part of the system. keeping the security of a device, Rooting your device breaks this security rendering it useless"
Even if KNOX is 0x0 and rooted "Theoretically" it still checks for root access.
The only way is to go back to Stock. Thus is the exact reason we issue devices with Knox, To stop people rooting the device and granting them-self access to parts we wish to not be accessed (The reason list is endless)
This has been asked many a times before on CF-Root thread