Quick question for anyone that may be more familiar than I am with the KNOX implementation in the Note 8.0 KitKat bootloader.
I know there are methods to root without tripping KNOX now but was wondering if booting a custom recovery (fastboot boot recovery.img) trips the flag or only actually flashing the recovery image. Also, would updating the boot or system partitions with an unsigned image trip the warranty flag even if rooting and booting a custom recovery didn't?
It's too late for me but if there is a way to install custom kernels and ROM's without tripping the KNOX warranty flag I'm sure there are others on these forums that would be interested.
ramjet73
Nevermind.
Since apparently Samsung devices can't boot a custom recovery without flashing it (no fastboot support) my previous question is irrelevant.
ramjet73
Related
Hi All,
I have a 4.3 custom rom and the MJ5 bootloader.
Mostly I have read that the bootloader is safe and the warranty flag will not be triggered.
However some posts speak about a warranty flag 0x1 while using MJ5.
Is the bootloader completely safe or are there some things I should not flash? (Besides newer bootloader)
Thanks in advance.
Regards
It's not warranty flag, it is Knox flag. It doesn't have anything in common with warranty And yes, MJ5 is safe since it has no Knox.
dalanik said:
It's not warranty flag, it is Knox flag. It doesn't have anything in common with warranty And yes, MJ5 is safe since it has no Knox.
Click to expand...
Click to collapse
Does this mean with MJ5 bootloader I can root, flash custom recovery and nonknox-firmware by PC Odin or knox-firmware by Mobile Odin freely without worrying about knox flag 0 to 1?
congminh1709 said:
Does this mean with MJ5 bootloader I can root, flash custom recovery and nonknox-firmware by PC Odin or knox-firmware by Mobile Odin freely without worrying about knox flag 0 to 1?
Click to expand...
Click to collapse
You can flash custom recovery (Phils v5.15 recommended) and custom ROMs. The only thing that will change is flash counter, but you can reset that with Triangle Away (will be increased each time you go to recovery, so you must run triangle away again), but you don't have to worry about KNOX, if you don't flash ROM wih KNOX (that is update bootloader). ROMs that are flashed from ODIN can have bootloader but if you flash from RECOVERY then you don't have to worry because these ROMs can't have bootloader.
dalanik said:
You can flash custom recovery (Phils v5.15 recommended) and custom ROMs. The only thing that will change is flash counter, but you can reset that with Triangle Away (will be increased each time you go to recovery, so you must run triangle away again), but you don't have to worry about KNOX, if you don't flash ROM wih KNOX (that is update bootloader). ROMs that are flashed from ODIN can have bootloader but if you flash from RECOVERY then you don't have to worry because these ROMs can't have bootloader.
Click to expand...
Click to collapse
It means if I flash stock ROM 4.3+ wih KNOX by PC Odin (update bootloader), does knox flag security change 0 to 1? If knox security is 1 then no way to revert back to 0?
congminh1709 said:
It means if I flash stock ROM 4.3+ wih KNOX by PC Odin (update bootloader), does knox flag security change 0 to 1? If knox security is 1 then no way to revert back to 0?
Click to expand...
Click to collapse
No, if you flash STOCK 4.3+ with KNOX, you will have KNOX security and you will not be able to DOWNGRADE bootloader ever again. Only if you try to flash other non-official ROM without KNOX, will you have KNOX security 1.
And yes - there is no way to reverse KNOX security back to 0.
Hi guys I am new to this tablet so any advice but be appreciated.
If i update to kitkat I am told the knox security feature would be installed too.
What if I leave my note 8.0 on 4.2 and root and use custom roms and then if I decide to unroot and flash kitkat, would knox be triggered due to historic custom roms?
fazzxx said:
Hi guys I am new to this tablet so any advice but be appreciated.
If i update to kitkat I am told the knox security feature would be installed too.
What if I leave my note 8.0 on 4.2 and root and use custom roms and then if I decide to unroot and flash kitkat, would knox be triggered due to historic custom roms?
Click to expand...
Click to collapse
Pretty sure flashing a custom recovery will trip knox. No way around it. http://forum.xda-developers.com/showthread.php?t=2800290
Ok thanks what if I just root and not flash a custom rom, would this trigger the knox?
fazzxx said:
Ok thanks what if I just root and not flash a custom rom, would this trigger the knox?
Click to expand...
Click to collapse
It depends on the rooting method you use. The one I used to root 4.4.2 after I updated via Odin was Chainfire's CF-Auto-Root and that tripped KNOX because it installs an unsigned (by Samsung) custom recovery temporarily before re-flashing the stock version.
I've never used Kingo but they claim to be able to root the Note 3 without tripping the KNOX flag so their method using an Android vulnerability to gain temporary root might work for the Note 8.0 as well.
My suggestion would be to use these forums and Google to research all the current methods for rooting the Note 8.0 and make sure there are users who have done it successfully with the KitKat boot loader installed and not tripped the KNOX "warranty" indicator.
Based on the KNOX articles I've read it appears that flashing, or even booting, an insecure kernel can set the eFuse switch which is said to be "impossible" to reverse, so flashing custom kernels and ROM's is out even if you can get root with the stock ROM without tripping the indicator.
I can understand the requirement for KNOX in high security environments but automatically voiding the warranty is just encouraging users to brick their devices in ways that prevent the KNOX flag from being accessed. Perhaps Samsung's position is that once the eFuse flag is set even their service centers cannot reverse it so the device is not able to reconditioned and sold since a tripped KNOX flag also disables some security features in the stock ROM.
Edit: I just read your OP again and if you don't flash the 4.4.2 (KitKat) bootloader and root with CF-Auto-Root you should be fine, even flashing custom kernels and ROM's, and still go back to a completely stock configuration using Odin to install the stock 4.2.2 ROM and TriangleAway to reset the flash counter. AFAIK there is no check of any historical data when the KNOX enabled 4.4.2 bootloader is installed but I would make sure that TriangleAway has successfully reset the flash counter before upgrading just to be safe.
ramjet73
So I rooted using chainfires method for my Tab S 8.4 wifi (T700) and it tripped Knox (0x1). I know there is no way to currently reset it and there is a bounty out for it. No big deal on tripping it, I wanted to root anyways and want to try out CM12 eventually. After doing some research it appears Knox gets tripped when unofficial firmware or recoveries get flashed via Odin. Knox is not tripped when you flash official Samsung firmware. I had a few questions though I can't seem to get a clear answer on and was hoping to find some or get a discussion going at least about Knox for the Tab S.
Questions and Answers
- Are you still able to receive OTA updates on a stock rooted rom/recovery with Knox tripped?
A: No, not while rooted, "Operating System on your device has been modified in an unauthorized way. Try downloading software updates using Samsung Kies on your PC" Unsure if Knox prevents it but most likely does not.
- Will you lose root if you can get OTA updates?
A: No OTA Updates allowed on rooted devices. Reports have stated that flashing the official firmware update via odin will unroot the device but maintain data, most likely kies is the same when updating. However if a bootloop occurs after flashing, you may need to wipe data and cache via stock recovery.
- If knox is tripped (0x1), if I flash a custom recovery (TWRP/CWM) or use chainfires method to root again will it trip Knox again (0x2)?
A: YES & NO, Knox will not read (0x2) if unofficial img's are flashed via Odin but reports on other devices have stated it will read {0x1(2)}
- If yes can you trip Knox too many times, rendering device inoperable or bricked?
A: NO, tripping Knox only informs if warranty has been voided by flashing unofficial firmware/recovery/img files and root kernals via Odin. When the knox warranty void status is tripped, the knox software will no longer work.
- What is tripped specifically in Knox (for the Galaxy Tab S), an efuse, or is it software or binary code?
A: Most likely an eFuse. There is no way to reset the flag counter as it is believed to be an eFuse that once gets blown it stays damaged and cannot be reset.
***New Questions***
- Will flashing a custom recovery img (TWRP/CWM) via ADB trip Knox (0x1)?
A: Yes, it will trip Knox.
Thanks to all who answer and contribute.
If there are any new questions, updates to be added or wrong information to be corrected please let me know.
No OTAs when you are rooted on custom rom. Dont worry, someone will make a stock custom rom to flash with twrp Or you can odin flash stock lollipop and root with twrp
If you do the ota it will probably not install because of root.
If you flash a custom recovery, or root again.. Knox will stay 0x1. It wont change.
Knox is like a check when booting up your device. Its more like uhh protection. If you install custom stuff then you dont get protection. Knox was a security feature that samsung included. Its really not needed as it really doesnt work. Thats why people trip it. I highly doubt its used for security but I think its just used to detect if warranty has been void or not. Its not something that you should worry.
Hope this helps!
DUHAsianSKILLZ said:
No OTAs when you are rooted on custom rom. Dont worry, someone will make a stock custom rom to flash with twrp Or you can odin flash stock lollipop and root with twrp
If you do the ota it will probably not install because of root.
If you flash a custom recovery, or root again.. Knox will stay 0x1. It wont change.
Knox is like a check when booting up your device. Its more like uhh protection. If you install custom stuff then you dont get protection. Knox was a security feature that samsung included. Its really not needed as it really doesnt work. Thats why people trip it. I highly doubt its used for security but I think its just used to detect if warranty has been void or not. Its not something that you should worry.
Hope this helps!
Click to expand...
Click to collapse
Thanks, I figured Knox is nothing more than just a feature to let Tech's know if the warranty had been voided. Also I figure that flashing the updates myself when they come out would be the best option. Thanks again.
how do you make the knoxx counter back to zero ??
methslushee said:
Thanks, I figured Knox is nothing more than just a feature to let Tech's know if the warranty had been voided. Also I figure that flashing the updates myself when they come out would be the best option. Thanks again.
Click to expand...
Click to collapse
is there a limit to knox number and how can it be made to zero again to retain warranty
[email protected] said:
is there a limit to knox number and how can it be made to zero again to retain warranty
Click to expand...
Click to collapse
Read post two above yours. It can not be reset to zero once it's tripped.
Even if you root and trip knox, although you cannot receive official ota's, you can still use samsung kies to still recieve the updates.
updated OP with answers to questions.
Stupid Knox. This is one "feature" of Samsung devices which makes me less likely to purchase them in the future.
For the new question, flashing any custom recovery with odin or adb will trip knox. Flashing stock should not trip
Hi,
after all the reading I'm a little bit confused and hope somebody can answer my questions:
1) Installing anything which is not signed by samsung (kernel/recovery/rom) will be detected by the bootloader and set knox counter or is this only the case when flashing with odin?
For Example:
- install TWRP with Odin => 0x01
- install TWRP with dd => 0x00
2) When anyway nothing custom can be installed without tripping Knox than the simplest way to install CM12.1 is
- install TWRP with Odin (no root needed)
- flash CM with TWRP
Thanks for help,
Thomas
Custom recovery or kernel will trip Knox no matter how it is installed. Each partition has a signature which the bootloader checks at boot. If it fails then Knox is tripped.
The bootloader allows customization as long as its not locked.
It also allows the system partition to be modified, even though it fails the signature check it doesn't trip Knox.
hey there. i own a Galaxy SM-A325F/DS.
i have a recovery for this phone that i found however since this phone is still untouched i first want to make sure that the recovery boots at all. will using the command "fastboot boot recovery.img" trip knox? i don't think so since it wont modify internal system files but still i just want to make sure. thanks!
Samsung phones don't have fastboot. They have Odin to do the flashing for them. And if you flash anything that is not official by Samsung then yes, it will trip Knox
ShaDisNX255 said:
Samsung phones don't have fastboot. They have Odin to do the flashing for them. And if you flash anything that is not official by Samsung then yes, it will trip Knox
Click to expand...
Click to collapse
how does my galaxy a32 have a fast boot then.
anyways i alr ended up tripping knox hehe..