This thread was originally created by @Hawke84 over in the i9505 forums. A lot of people are unaware of KNOX or have no idea how exactly it works so I thought we should have a thread like this in our forum as well. I have sent @Hawke84 a PM and would like to let everyone know I take no credit for this idea. Huge thanks goes out to @Hawke84.
Please feel free to ask any question here and i'll do my best to answer it but hopefully some of the other members who know a bit more will also join in and help answer some of the questions people have.
What we know so far:
1. Upgrading to newer 4.3 Samsung firmware will most likely upgrade the bootloader to knox bootloader. This will give an additional 2 lines in download mode about knox status.
2. If the Knox Warranty Void line says 0x1 then you cannot use KNOX Software on your device. Your device has also been flagged as insecure. This means that if your workplace / company supports bring your own device to work for corporate emails, etc. and they use KNOX, your device will not allow this.
3. If the KNOX Warranty Void line says 0x0, KNOX will work and your warranty is still valid.
4. With the new KNOX Bootloader, root will work. However, rooting with CF Auto-Root will trip the KNOX flag. Someone else has developed a way to root without triggering the KNOX flag. (Root de la Vega)
5. If you try to downgrade to an earlier firmware / bootloader it will set the KNOX flag to 0x1 (Void)
6. Once the KNOX flag gets set to 0x1, there is no way to set it back. (Yet!)
Let me clarify some things. The KNOX processes and functions are already on the stock ROM, most devs remove them, though. So many of you with custom ROMs haven't seen anything related to KNOX.
What the new T-Mobile update (when it gets pushed out) is most likely to come with is a "KNOX Bootloader" which will introduce a thing called "KNOX Flag" which is similar to the old counter we're all used to. This is the counter that @Chainfire was successful in resetting with his app, Triangle Away.
Unfortunately, @Chainfire or anyone else for that matter, has not been able to reset the KNOX flag.
The KNOX flags is this:
0x0 = You have not tripped the KNOX flag.
0x1 = You have tripped the KNOX flag.
Again, once you trip that flag, rooting, flashing a custom recovery, etc.. there is NO way to reset it as of now. And any KNOX functionality on your phone will not work. But the worst part is Samsung will refuse warranty on your device if they see a 0x1 in your bootloader.
Another thing.. on the new bootloader, if you try to downgrade, even with an official Samsung firmware, it will fail and you will trip the KNOX flag.
So once you're on the new bootloader, there's no going back.
There's been speculation that there's an eFuse at play here.
Anyway, for this reason.. I am suggesting you all disable OTA updates and wait until a ROM is built without the new bootloader and all the functions (Wifi, MMS, etc.) are working.
Useful links:
[Q&A][i9505] Knox Q&A / Discussion Thread - ask questions here!
[RESEARCH] Samsung Knox: Warranty Void Behavior
Everything KNOX...
agreed... I dont care about knox. since i and our company dont, but i do care about the stupid flag and them disallowing warranties even though that is not legal.. Hardware warranties should NOT be disallowed due to some s/w.
lgkahn said:
agreed... I dont care about knox. since i and our company dont, but i do care about the stupid flag and them disallowing warranties even though that is not legal.. Hardware warranties should NOT be disallowed due to some s/w.
Click to expand...
Click to collapse
Indeed.
I don't mind Samsung at all for KNOX, but for the people that don't use it, it should be optional.
lgkahn said:
agreed... I dont care about knox. since i and our company dont, but i do care about the stupid flag and them disallowing warranties even though that is not legal.. Hardware warranties should NOT be disallowed due to some s/w.
Click to expand...
Click to collapse
I agree. I mean, I understand why they do it; if some idiot roots and then overclocks the phone so much that it damages the CPU, then Samsung shouldn't have to honor the warranty. The device is designed with a certain thermal budget and going beyond that means all bets are off.
On the other hand, if say your microUSB port in the phone breaks off, that's obviously not something that rooting has any effect on; indeed, most physical failures not caused by user error are unaffected by root status. I'd like to believe that people aren't stupid enough to try and overclock the device beyond its thermal budget; its not a CPU where you can just stick a better cooler on and go. But you know what they say about assumptions...
I wish that there was a way for Samsung to honor the warranty on a case-by-case basis. Thermal damage to the CPU should be easily identifiable. I suspect the cost of having the phones examined CBC must outweigh any losses they sustain because of the "locks" they are adding (not to mention the huge potential sales to businesses and governments who want the security implementations).
It will be interesting to see what happens from here on out. I think we can see what Samsung's goals are (at least on the surface), but I wonder what effect Samsung's decisions will have on other phone manufacturers and the market in general.
Sent from my SGH-M919 using XDA Premium HD app
Any word on a fix to reset the warranty flag?
Because it's not very clear even after reading many xda Thread, and users have many problems withknox I deciced to gather informations about Knox.
1 :What is Knox?: http://omegadroid.co/wanted-knox-void-warranty-0x1/
All you wanted to know about KNOX Void Warranty 0×1
By tamirda • October 9, 2013
Screenshot_2013-02-25_11_35_AM
Recently, Samsung announced that her all new devices will get an Android 4.3 update that includes KNOX Security system. According to Samsung, these devices will get the update:
Samsung Galaxy S3
Samsyng Galaxy Note II
Samsung Galaxy S4
Samsung Galaxy Note 3 (already has KNOX Security system)
Most of the users don’t root their devices and use it normally and for them KNOX Security system is a great option.
But what happanes if we want to root our device?
Now the problem begins.
Normal(unrooted and so..) devices are flaged as KNOX Void Warranty 0×0 right from the factory.
When we flash items which weren’t signed by Samsung, it flags your device as KNOX Void Warranty 0×1.
According to Chainfire, KNOX status is indeed an eFuse. This means that even JTAG can not reset the KNOX status back to 0×0.
Some facts about KNOX status:
It isn’t possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0×1) (even though some people state, downgrade is possible when omitting the bootloader file in a firmware package). By downgrading from KNOX-enabled to KNOX-disabled firmware, your devices will be locked to installation of newer firmwares.
Let’s focus on that fact. As we mentioned above, Devices like S4, S3 and Note II which came without KNOX will get the KNOX system.For example, S4 I9505 got about a month ago 4.2.2 update that includes KNOX-enabled system(MH1). If you try to downgrade to KNOX-disabled system(MGA for example) your device will be flaged as KNOX Void Warranty 0×1 and will get a special lock – you won’t be able to update to any KNOX-enabled firmware even by ODIN. Samsung’s 4.3 update is KNOX-enabled, so if you tried to downgrade to KNOX-disabled firmware(for example MH8->MGA), you won’t be able to install 4.3 update.
This problem is only for devices which didn’t come with KNOX-enabled system from the factory(S4, S3 and Note 2)
Jeffery Butler confirmed this information:
FYI…Samsung told me that Knox warranty becomes 0×1(void) when the device with secured bootloader attempts to have non-secured bootloader. MH1 is the very first binary with secured bootloader. If MH1 is attempted to be downgraded to lower version(i.e. MGD) which has non-secured bootloader, then Knox warranty becomes void forever, and this means that the device can be used only for non-Knox device(no container can be created).
If you try to downgrade to KNOX-disabled firmware, you can’t install any new firmaware(that includes KNOX-enabled system) and use your device only with the old firmwares.
Even if you flash a KNOX-enabled firmware via odin (e.g. the latest fw) knox will be set to 0×1.
Flashing unsigned or modified images via odin will set knox to 0×1.
According to these two, flashing root/kernel/recovery/latest firmware by samsung/etc. will set KNOX status to 0×1.
Samsung stated, resetting the flag is impossible.
Chainfire confirmed that it is impossible to reset the flag.
KNOX is mandatory and can not be completely removed.
In custom roms we can remove KNOX apps, but the status remains 0×1.
Warranty Void is not a counter, it is a flag (0,1). We have never seen 0×2 or so.
Mirroring all partitions from a clean 0×0-Device to a 0×1-Device via JTAG produces an unfunctional device (reversible by restoring the 0×1 partitions on the phone).
Using JTAG or other repair tools to reset the flag is impossible.
KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty.
Again, if we flash kernel/recovery/etc. we will void the warranty.
This si how 0×1 looks like:
2rn7beq.jpg
This is how 0×0 looks like:
attachment.php
I guess you are asking yourself now, what the hell 0×1 means?
If your device is flageed as 0×1. you should forget about your warranty.
Chainfire and other people confirmed that your can’t use your warranty:
Worse than that, I’ve also been hearing that service center instructions are indeed that devices with this status tripped will not receive any warranty repairs. (Of course, the action they take may still depend on the service center). Their excuse is that the hardware is damaged by the owner. Seems Samsung is catching up in scumbaggery to HTC, who years ago attributed my HTC Diamond’s screen damage (digitizer detached) to the installation of HSPL
To anyone in the know it is obvious that this doesn’t really fly, and the eFuse blowing (is this the hardware damage?) is intentionally done by the bootloader when unsigned software is loaded.
If you want to read the whole Chainfire’s statement, click here.
What is eFUSE? it’s a technology that allows reprogramming a read-only memory chip in real-time, even though such chips come with hard-coded code that cannot be generally changed after manufacturing.
When flashing unofficial software on the device, the status of the system and KNOX is switched to CUSTOM while increasing a binary flash counter, which helps Samsung find out whether the device has been tampered with. However, while Chainfire’s TriangleAway app has let users switch the status back to official and reset the flash counter until now, the KNOX status is based on eFUSE – basically, once you flash custom kernels or root the Note 3, the KNOX code gets rewritten, and this constitutes hardware damage.
Well, all I can say is think twice before you play with your Samsung device. If you don’t care about warranty, and you like custom roms and cool stuff just be aware of this information and continue with what you are doing.
Rajaasim1980 said:
KNOX is a new security system in official update of Android 4.3
on Samsung devices which prevents access to multiple applications when rooting your device and prevents the flash counter being reset to 0
Click to expand...
Click to collapse
theq86 said:
As you may already know, the latest Samsung firmwares came with a new secured bootloader. You can recognize it in download mode easily. It states: Knox warranty void: 0x0 or 0x1.
As for now, there is no way to reset that flag from 0x1 to 0x0.
Then I read in a comment of Chainfires post concerning that flag, that as long as you do not try to downgrade to a non secured bootloader, this flag will not change. He claims to have that information directly from Samsung.
https://plus.google.com/u/0/+Chainfire/posts
Has anyone already experience with rooting an "untouched" S4 which has the secured bootloader and can confirm or decline that?
- - - - - - - - - -
Conclusions and Facts about KNOX-enabled firmwares (based on statements from chainfires post and it's comments above, ans based on this thread)
Not possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0x1) (even though some people state, downgrade is possible when omitting the bootloader file in a firmware package: see http://forum.xda-developers.com/showthread.php?t=2444671, not confirmed)
Even if you flash a KNOX-enabled firmware via odin (e.g. the latest fw) knox will be set to 0x1
Flashing unsigned or modified images via odin will set knox to 0x1
Samsung stated, resetting the flag is impossible
KNOX is mandatory and can not be completely removed
Warranty Void is no counter, it is a flag (0,1) it was never seen 0x2 or so
Mirroring all partitions from a clean 0x0-Device to a 0x1-Device via JTAG produces an unfunctional device (reversible by restoring the 0x1 partitions on the phone)
KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty
Assumptions on how KNOX flag in bootloader works:
Some experts think, an eFuse is involved. (http://en.wikipedia.org/wiki/EFUSE). An eFuse is mostly only incremential. Even unwriteable by low level tools or JTAG. But it is still not proven, that eFuse is used.
Knox technical information:
https://www.samsungknox.com/overview/technical-details
Click to expand...
Click to collapse
2: Can i downgrade the bootloader?
cosmyndemeter said:
from mj5 bootloader downgrade is possible, read this for newest than mj5 downgrade not possible!
do not try! you can brick your phone forever!!!
Click to expand...
Click to collapse
3:Can i install custom roms?
DeepankarS said:
You can do any customization on your phone like a normal phone, but customizing it means that you have triggered the KNOX counter to 1. Thus on a stock rom you can never use KNOX if KNOX reads 1.
FYI the MK4 (bootloader) or MJ9 (babseband version) has blocked installation of any custom roms on our n7100s via odin. You cannot even downgrade to 4.1.2 official via odin, So flashing via recoveries is the only way left.
And also it is recommended that you install custom roms via Philz/TWRP/CWM recoveries to flash custom roms and everything.
Hope the lil knowledge helped.
Click to expand...
Click to collapse
4 Can i root my note 2 with 4.3 knox?
Yes, but there are chances to trigger the KNOX counter to 1
yeminswe said:
4.3 root
http://forum.xda-developers.com/showthread.php?t=2540761
http://forum.xda-developers.com/showthread.php?t=2573576
>D
Click to expand...
Click to collapse
If you see any questions about knox, post here we will answer.
number 1 link is error,not found.
what about knox container ?
sora9009 said:
number 1 link is error,not found.
what about knox container ?
Click to expand...
Click to collapse
Link fixed.
Thanks
What about kernels?
Smack that thanks button if I helped!
Note 2 LTE powered by Illusion ROM and Plasma Kernel.
Sent from dat small country called Singapore.
P.S. replies with quotes will be replied to faster.
Irwenzhao said:
What about kernels?
Smack that thanks button if I helped!
Note 2 LTE powered by Illusion ROM and Plasma Kernel.
Sent from dat small country called Singapore.
P.S. replies with quotes will be replied to faster.
Click to expand...
Click to collapse
KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty
Is there any way to get the knox back to 0 from 0x1????
Sent from my GT-I9500 using Tapatalk 4 - Hassan K. Malik
HassanM said:
Is there any way to get the knox back to 0 from 0x1????
Sent from my GT-I9500 using Tapatalk 4 - Hassan K. Malik
Click to expand...
Click to collapse
Not yet,although note 3 has been reported to somehow reverse it but that's just wishing too much.
singhpratik87 said:
Not yet,although note 3 has been reported to somehow reverse it but that's just wishing too much.
Click to expand...
Click to collapse
On the note 3 it's done by special bootloader leaked by sammy. The only chance for the note 2 is if note 2 bootloader is leaked. No other way.
Sent from my GT-N7100
I dont care about warranty , all i care that , if i installed a custom rom and the Knox bit is set to 0X1 and i want to get back to the stock , can i install Knox again or not ? because i like the knox idea
hazemsalah said:
I dont care about warranty , all i care that , if i installed a custom rom and the Knox bit is set to 0X1 and i want to get back to the stock , can i install Knox again or not ? because i like the knox idea
Click to expand...
Click to collapse
Once your counter goes to 1 no more Knox app , it can't be used anymore.
Sent from my GT-N7100
gregsarg post :
We have a fix....just not on xda....yet
Mobiletechvideos.com now offers a bootloader downgrade service for our devices. ..
The Knox flags can be reset quite easily according to them....
So if you want the old Knox free phone back....see below and get your anti-knox groove on....
See the product description tab in the middle of the page. ..g
http://mobiletechvideos.mybigcommerce.com/samsung-galaxy-note-2-bootloader-sboot-downgrade-service/
Hmmm it's kinda fishy , but could be true. So you send them your phone ? I don't get it. And all around is jtag heh
Sent from my GT-N7100
note2nooby said:
Hmmm it's kinda fishy , but could be true. So you send them your phone ? I don't get it. And all around is jtag heh
Sent from my GT-N7100
Click to expand...
Click to collapse
Nope i can't risk to send my phone (400 euro), but it looks like they have the solution.I send them mail to ask if i can pay for the file and instruvtions but no answer till now.They want 75 for the reset and 45 for express shipping end delivery.I told them that i am
agree to pay all the ammount for the file.
And one more thing-if i send them phone i can't be sure that they will reset it instead of just replacing MB and write my old IMEI e.t.c
gencho81 said:
Nope i can't risk to send my phone (400 euro), but it looks like they have the solution.I send them mail to ask if i can pay for the file and instruvtions but no answer till now.They want 75 for the reset and 45 for express shipping end delivery.I told them that i am
agree to pay all the ammount for the file.
And one more thing-if i send them phone i can't be sure that they will reset it instead of just replacing MB and write my old IMEI e.t.c
Click to expand...
Click to collapse
I'm quite sure they are using jtag and service bootloader. That's why they need the phone. It's not the same way like the exynos fix for note 3.
Sent from my GT-N7100
I-9192 official status again
i have installed a few weeks later a rooted rom from another forum, and triggered the knox to 0x01 (so i cant receive official updates from samsung)
but, today i needed to reset my phone to factory default, than i was curious to check the phone status, and for my surprise was "Official" again...
i read in various sites that the knox flag cannot be reverted... is that true?
the files i was used to root:
Odin 3.09
Kernel_root_I9192.tar
SuperSU_1.41.zip
the only bad thing is that i lost my root
anyone have the same result just reseting the phone?
thx and sorry for bad english
Soooo. As far as i know the knox wont get updates from Samsung and Block using knox app? And what features are lost from a triggered knox? I flashed the original firmware again and all its ok so far. Theres any blocked feature that o didnt realize?
Need help
I've a s4mini 19192 and today I flashed samsungs official KitKat update to my phone... I tried to root it like I rooted the 4.2.2 update... But can't do.... Then I decided to downgrade to the old version 4.2.2 but odin says can't.... And fails... Someone can help me?
Is it possible to check when the flag was triggered?
I was sold a GN3, in witch the KNOX flag was already set* and I'm trying to avoid a situation in witch the seller will say that I've set the flag.
* not checked beforehand - my mistake - but still I can return it or get a discount under the law
hello..just got the s4 mini dual sim 9192... 2 days back..i was on 4.2.2 indian firmware....checked download mode and it said knox 0*0...now i flashed the 4.4.2 firmware downloaded from sammobile via odin and when i recheck knox is gone....!!!!
just said binary and system which changed from official to custom once i rooted it with CF-root method(nothing else was working...saferoot/towelroot etc)..and as i seem to have read that flashing stock rom reverts these back to official...is it true?
and does this mean that my knox firmware phone has been converted to a non-knox one after kit kat upgrade?
please anyone let me know..thanks
@Fataz bro i have a few questions
I'm currently on FNE2 stock deodexded custom rom with a FNE2 bootloader, when i go download mode it says "KNOX WARRANTY VOID:1"
1 - Does this means Knox is tripped as 0x1
2- Can i install a stock firmware higher than FNE2 from sammobile via odin
GT-N7100 cihazımdan Tapatalk kullanılarak gönderildi
My T705 warranty will expire tomorrow, rooted but knox still 0x0.
I'm thinking of installing custom recovery, kernel, rom => knox 0x1
There's no point keeping it 0x0 right ?
or Samsung wont repair the device in the future if I trip knox ?
(even if I pay for the service)
ayamgoreng said:
My T705 warranty will expire tomorrow, rooted but knox still 0x0.
I'm thinking of installing custom recovery, kernel, rom => knox 0x1
There's no point keeping it 0x0 right ?
or Samsung wont repair the device in the future if I trip knox ?
(even if I pay for the service)
Click to expand...
Click to collapse
nope no point keeping it. samsung will repair your device. even with knox 0x1. already sent mine couple of time.
If i root it will trip knox but does Samsung deny warranty based on this or do normally they dont care?
re: root/knox
cpugeeker said:
If i root it will trip knox but does Samsung deny warranty based on this or do normally they dont care?
Click to expand...
Click to collapse
Samsung and or tmobile don't care if the phone is rooted with knox tripped.
Have a great day.
had anybody actually tried to send in their rooted edge+ for any reason and ended up being rejected because of root?
I've sent tmobile, Samsung and asurant my rooted phone. Never had any issues.
Sent my Knox tripped S6 edge+ in and it was denied service because of Knox being tripped