There have been lots of questions about KNOX like upgrading/rooting methods, warranty status etc etc on 4.3 and information is scattered over multiple forums (development, general and questions)
I am creating this thread to cover the following topics or at least to guide you to the right forum.
1) What is KNOX ?
2) How KNOX affect us ?
3) How do I verify if Warranty BIT on my phone has tripped ?
4) What trips the KNOX counter ?
5) Is it possible to reset the KNOX counter/Warranty Bit ?
6) KNOX counter has been tripped, now what ? What about warranty ?
7) How to root ?
8) Upgrade options for users on 4.1.2.
9) Thoughts
1) What is KNOX.
Samsung KNOX is a new security feature implemented in Samsung Phones.
You can get more information about KNOX here
2) How KNOX affects us ?
In the latest 4.3 update KNOX has implemeted a secure boot technology that prevents unauthorized boot loaders and kernels from being loaded during the startup process.
So, if you flash this bootloader via (OTA or PC ODIN) then you cannot flash older 4.1.x firmwares.
To further illustrate how this works, the “KNOX Warranty Void” bit (or simply KNOX bit) is used to detect if a non-KNOX kernel has been loaded on the device. It is a one-time programmable bit in e-fuse, which can only be turned from “0” to “1” (i.e. burned). If a non-KNOX boot loader or kernel has been put on the device, KNOX can no longer guarantee the security of the KNOX Container. As a result, this KNOX bit will be burned to “1”, indicating that this device can no longer use the KNOX Container service. There are two possible scenarios: first, a new KNOX Container can no longer be created on such a device; and second, the data encrypted and stored in an existing KNOX Container can no longer be retrieved. Everything else should work just as before.
Reference link
3) How do I verify if Warranty BIT on my phone has tripped ?
You can go in download mode (Home+Volume Down) then power,then on prompt press Volume UP.
If you see KNOX or Warranty Bit set to 0x1 that means the counter has tripped.
4) What trips the KNOX counter ?
Rooting, flashing custom ROMS and kernels trips this counter.
5) Is it possible to reset the KNOX counter/Warranty Bit ?
Not as of now, per Samsung it is impossible as this is a one way process but you never know someone might discover a way to reset it.
6) KNOX counter has been tripped, now what ? What about warranty ?
As of now you cannot revert back to 4.1.x firmwares if you do not like 4.3.
You may or may not have issues with your warranty, it all varies at different service centers.
For those who brought this phone at launch, its over a year and warranty as already expired.
There is an interesting thread here which covers this topic.
7) How to root ?
For those who updated via OTA:
Rooting via CF flashes the KNOX Warranty Counter, further information here
You can flash MrRobinson's (Rooted and KNOX free) ROM but a user reported that flashing this tripped his counter.
Switch to page: 45 and Post# 446.
Make sure you download the v2 ROM. http://www.androidfilehost.com/?fid=23252070760975435
There are few other methods but I do not know much about them so if anyone knows please feel free to post or let me know so I can add it to the OP.
8) Upgrade options for users on 4.1.2.
If you DO NOT CARE about KNOX or warranty just update however you like:
1) Via OTA, if system status is modified or if binary count is not 0: a) Flash Mrrobinsons root 66 b)Use triangle away to reset counter c) full unroot via super user d) factory reset, if this does not work then flash stock via odin after step c. Please note this method will only update to 4.3, you will have to root the phone if you want.
If you DO CARE about warranty status then you can try this method.
1) Flash MrRobinsons v2 ROM via mobile ODIN from here, original thread, Switch to page: 45 and Post# 446.
2) I was able to pack together a stock ROM which is rooted, debloated and includes the 4.1.2(UVMBD1)bootloader.
Link here.
Please note: Mobile Odin does not flash the bootloader, you will still have the updated 4.3 firmware but with an old bootloader, the idea here is to avoid the KNOX bootloader altogether.
WIFI does not work but there is a fix.
To fix WIFI you can either flash the Devil Kernel from here
or
You can flash this WIFI patch compiled by DrKetan. Page 21 post 204.
Special thanks to DrKetan for compiling this patch, MattLowry for working with him to get this done, MrRobinson for stock rooted and KNOX free ROM and DerTeufel1980 for Devil Kernel.
9) It will be awesome if there is a stock ROM with old bootloader, newer system/modem image, root injected, KNOX free and integrated with this wifi patch.
- I was able to pack such ROM but without wifi patch here.
Update: 02/05/2013
Downgrading of ROM's from 4.3 to 4.1.x is possible by flashing the ROM using mobile odin.
4.3 bootloader cannot be downgraded, the work-around is to flash 4.1.x ROMs excluding the older bootloader.
You will end up with a 4.1.x rom on a 4.3 bootloader.
Update: 02/10/2013
User esdwa reported that he successfully rooted his phone using Saferoot method described here.:
Rooting phone via this method does not trip the KNOX counter. Se posts 52 through 55.
Please note: These methods I have listed are the only ones which I know, there might be more options and if you let me know I can add it to the post.
Thank you so much man... my buddy accepted the OTA (without listening to me when I told him to wait) and has been hounding me to get JMX on his phone since it was released... your guide answers so much and provides adequate links... if I can buy you a beer let me know how
Sent from my SGH-T889 using xda app-developers app
Funny thing about Knox...
Lets say an employee isnt rooted or custom and has knox-provided accessvto company/enterprise material... how is that more safe than a person who roots/mods their phone with processes/roms that are provided through xda which monitors (these downloads/processes with advanced moderators/users) more frequently and just as fast as even microsoft can inhibit billions of porn site "foul play".
Honestly... if I invested in Knox for my company, would I feel more protected from a closet porn fanatic than someone who was intelligent enough to root and flash custom roms through proven methods?? Moreover, why flag the "flasher" and make his device "null", while allowing the "porn-surfer" continual access to my companies "sacred data"...
Nothing against porn surfing just my analogy of how foolish businesses are too buy into this... ultimately I think knox isnt just an enterprise security for any any company outside of samsungs own personal interest... they are probably receiving "knox flag" info from every phone "tripped" and will increase device pricing accordingly
Sent from my SGH-T889 using xda app-developers app
PhxDroid86 said:
Funny thing about Knox...
Lets say an employee isnt rooted or custom and has knox-provided accessvto company/enterprise material... how is that more safe than a person who roots/mods their phone with processes/roms that are provided through xda which monitors (these downloads/processes with advanced moderators/users) more frequently and just as fast as even microsoft can inhibit billions of porn site "foul play".
Honestly... if I invested in Knox for my company, would I feel more protected from a closet porn fanatic than someone who was intelligent enough to root and flash custom roms through proven methods?? Moreover, why flag the "flasher" and make his device "null", while allowing the "porn-surfer" continual access to my companies "sacred data"...
Nothing against porn surfing just my analogy of how foolish businesses are too buy into this... ultimately I think knox isnt just an enterprise security for any any company outside of samsungs own personal interest... they are probably receiving "knox flag" info from every phone "tripped" and will increase device pricing accordingly
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Because with Knox the access is limited. so let's say you have access to financial documents. In the Knox environment you can't copy it and send it to a competitor. Read the
Containers & App Wrapping section from the link in op. There's also protection from key logging apps, etc. To your porn addict analogy with Knox regardless of the morals of your employees they can't physically compromise any data.
Knox really is great for corporations and a brilliant move by Samsung to try and take some of the corporate market from apples locked up devices. The problem is carriers using it to deny warranty claims (which there seems to be mixed reports if they do or not) and most of us dunt need it
Sent from my SGH-T889 using xda app-developers app
kintwofan said:
Knox really is great for corporations and a brilliant move by Samsung to try and take some of the corporate market from apples locked up devices. The problem is carriers using it to deny warranty claims (which there seems to be mixed reports if they do or not) and most of us dunt need it
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
I think it's good for corporations who provide cell phones to their employees, this does not fit well in BYOD environment.
Samsung should have released an enterprise firmware altogether and the developers at each company can update/modify as per their policies.
On a funnier side: Whats next - Verifying the device status or KNOX via download mode at gates?
kintwofan said:
Because with Knox the access is limited. so let's say you have access to financial documents. In the Knox environment you can't copy it and send it to a competitor. Read the
Containers & App Wrapping section from the link in op. There's also protection from key logging apps, etc. To your porn addict analogy with Knox regardless of the morals of your employees they can't physically compromise any data.
Knox really is great for corporations and a brilliant move by Samsung to try and take some of the corporate market from apples locked up devices. The problem is carriers using it to deny warranty claims (which there seems to be mixed reports if they do or not) and most of us dunt need it
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
I think the point is for the BYOD system because they know your phone is untouched since Knox can't run if you've ever rooted your device. I would be all for enterprise firmware though.
Sent from my SGH-T889 using xda app-developers app
Doesnt root access on any device get exploited by "holes" that the device already has in place prior to any dev taking advantage of?.. yes by having Knox, a company can "potentially" know when they've "potentially" been compromised but those same holes are being exploited by "foul play" (whether that be porn sites or the like) and most of these exploits dont need root access established by the device holder in order to gain access... to single out the rooter is totally irrelevant
Sent from my SGH-T889 using xda app-developers app
PhxDroid86 said:
Doesnt root access on any device get exploited by "holes" that the device already has in place prior to any dev taking advantage of?.. yes by having Knox, a company can "potentially" know when they've "potentially" been compromised but those same holes are being exploited by "foul play" (whether that be porn sites or the like) and most of these exploits dont need root access established by the device holder in order to gain access... to single out the rooter is totally irrelevant
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
I think you're a little confused on what Knox is (and possibly a porn addict). Knox in its most simple definition is basically a dual boot in Android. It is it's own environment, separate from your other apps and only certain apps and programs can run within this Knox environment. The reason root is"singled out"is because your device is no longer secure and you could potentially gain unauthorized access to the Knox sector now. Yes there may still be potential to access information from Knox without being rooted, but it would be very difficult and your average person would have no idea how. There's a reason it is the only DOD approved mobile security system.
So basically Knox isnt just a number on your download screen that says if your phone is rooted.
By the way joking about the porn addict thing.
Sent from my SGH-T889 using xda app-developers app
kintwofan said:
I think the point is for the BYOD system because they know your phone is untouched since Knox can't run if you've ever rooted your device. I would be all for enterprise firmware though.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Yes, I do understand but again asking an employee to have his personal phone in compliance with company policy does not go well. Yes, you can have them not bring their phones if it's a requirement.
From security standpoint, it helps to save encrypted company data if phone is lost, maintain system integrity and detect tampered devices.
But pushing this type of update without informing the customers that there is no going back is not a good move.
This is a broad topic for discussion !
Sent from my SGH-T889 using xda app-developers app
ciphercodes said:
Yes, I do understand but again asking an employee to have his personal phone in compliance with company policy does not go well. Yes, you can have them not bring their phones if it's a requirement.
From security standpoint, it helps to save encrypted company data if phone is lost, maintain system integrity and detect tampered devices.
But pushing this type of update without informing the customers that there is no going back is not a good move.
This is a broad topic for discussion !
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Ya I didn't explain my point very good. I agree with you. Knox is designed for BYOD however it would make more sense for a corporation that requires that level of security to provide a phone to their employee, the they can put as much security on it as they deem necessary.
Sent from my SGH-T889 using xda app-developers app
kintwofan said:
Ya I didn't explain my point very good. I agree with you. Knox is designed for BYOD however it would make more sense for a corporation that requires that level of security to provide a phone to their employee, the they can put as much security on it as they deem necessary.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
It only makes sense (when talki mm g byod) if an employee has to turn their phone in at the end of the day (not exactly byod at that point)... when it comes to addicts (whether that be porn or anything else) the bottom line falls on integrity, not encryption... for a company to trust an employee to do things with their device (beyond their control) is a matter of integrity. Encryption is irrelevant. My dad is a senior IT manager for one of the 5th largest cities, by brother in law is an IT manager for one of that cities najor metropolis's and I have many friends capable of programming things in manners not in accordance with benefiting the whole as a group... I know both sides of the equation... what doesnt add up is samsungs "Knox" being out to to protect anything outside of its own personal interest
Sent from my SGH-T889 using xda app-developers app
Couldn't agree more.
Naddict please come on in and shut this 4.3 thread down,remember you need to keep it all in one place
Macklessdaddy said:
Naddict please come on in and shut this 4.3 thread down,remember you need to keep it all in one place
Click to expand...
Click to collapse
I apologize for things getting off topic but for the op to provide so much perspective regaurding the early stages of the 4.3 update is more important than "consolidating" threads
Sent from my SGH-T889 using xda app-developers app
PhxDroid86 said:
I apologize for things getting off topic but for the op to provide so much perspective regaurding the early stages of the 4.3 update is more important than "consolidating" threads
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
No bro I was just messing with the super powerful mod who keeps shutting down any thread that has to do with 4.3
dude is merging every damn thread in sight
Im so ready to just root and flash a custom rom on my buddies OTA'd rom but im seriously hoping that Mr. R or Matt L. Can cimetgrough in the clutch to save us all from knox being tripped while engaging in the root process... reseting it is one thing but if we dont have to reset it than that would be ideal... patience is such q virtue at this point
Sent from my SGH-T889 using xda app-developers app
Since this is about Knox -- it includes SE Android as part of it which is from SE Linux --- The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency. With what the NSA has been caught doing recently.... anybody looked at the basecode for their backdoor which is probably in there?
I tripped my know already.
Cab i go back 4.1.2?
Sent from my SGH-T889 using xda app-developers app
Mynameisbruce said:
I tripped my know already.
Cab i go back 4.1.2?
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
No.
Sent from my GT-N7105 using xda app-developers app
From my understanding you can go back to 4.1.2
I saw someone post the instructions in the Galaxy Note 2 community on Google+
After rooting my Note 7, I've noticed that my Knox counter has been triggered, normally I would mind but several apps seem to depend on it to work properly(I can't even open S Health!). Is there away to reset it yet? thanks
Nope. When you root, a physical fuse in the phone is blown, so unless you have epic soldering and mad haxorz skills then you're pretty much screwed
get it exchanged in the recall, and don't root your new phone.
there's not that much you can do with root that you can't do without root, especially on recent high-end Samsung phones.
I am rooted and my S Health works. I believe the only thing that would be permanently disabled is Samsung Pay. Some banking apps will not run if you have root but you can always install an Xposed module called root cloak to circumvent that issue.
Sent from my SM-N930F using Tapatalk
S-health is still there, do a search and you can find instructions to access it. You should only lose secure folder and pay, if you want those things you should follow the advice above and not root your replacement phone. I'm not beating you up here but as an FYI you should have known the ramifications of rooting before you rooted, it's best to know what you're in for before you commit to a course of action that may be irreversible.
thedicemaster said:
get it exchanged in the recall, and don't root your new phone.
there's not that much you can do with root that you can't do without root, especially on recent high-end Samsung phones.
Click to expand...
Click to collapse
Sadly depending on what you want not everything is available without rooting.
Unless you can tell me how to change all app dpi individually.
YouTube adblocker
Synapse
Adaway
Greenify... not as as good un rooted mode
Amplify
Smart network
Sent from my SM-N930F using XDA-Developers mobile app
you're mentioning specific root-only apps.
obviously those won't work, but there are alternative methods with (close to) the same results.
adaway: adguard, it's better anyway(doesn't rely on a system designed for no more than 100 rules, easy to toggle on/off, supports whitelisting of apps, supports firewall functionality, and can target not just entire domains but also single lines of code)
adfree YouTube: yes this one is trickier, you'd need a 3rd party YouTube app or the website+adguard to avoid ads.
alternatively you can use "Cygery AdSkip for YouTube" to automatically skip ads after 5 seconds.
as you said, greenify works just not as effective.
similar "power saving" functions however are built in on recent android devices.
and from what I can tell every function in "smart network" except switching to 2G can be achieved without root using tasker.
synapse and per app DPI are the only things on your list that are completely impossible without root(although using game tuner's resolution settings you should be able to influence scaling in some apps)
Also if you use YouTube backgrounder, OGyoutube works great and allows background / downloading of content. I'm still looking for an ad free YouTube but this suffices in the meantime.
Sent from my SM-N930T using Tapatalk
krabman said:
S-health is still there, do a search and you can find instructions to access it. You should only lose secure folder and pay, if you want those things you should follow the advice above and not root your replacement phone. I'm not beating you up here but as an FYI you should have known the ramifications of rooting before you rooted, it's best to know what you're in for before you commit to a course of action that may be irreversible.
Click to expand...
Click to collapse
do you have the link for it? when I try to open it, it says the following:
"Unable to open app
Because of a new security policy introduced in version 5.0, Knox is not available on compromised devices"
I've already frozen all the knox apps I could find in TB.
strange, I just checked my 2-year old Note 4, the knox has also been triggered awhile ago, but i could use S Health fine. Why would S Health have anything to do with Knox?
shinew said:
strange, I just checked my 2-year old Note 4, the knox has also been triggered awhile ago, but i could use S Health fine. Why would S Health have anything to do with Knox?
Click to expand...
Click to collapse
S Health may use Knox to protect your health data (HIPAA in the USA).
The S-health thing is new, people are circumventing it by an app that lets you access the widget and from it you can open it up or some such, don't use it so I paid little attention to the fix. Don't remember where I saw that but it's here somewhere shine, I would peruse the development threads, I'm thinking I saw it in one of them.
Can somebody tell what native apps or features no longer work after rooting? (KNOX not important to me) I will root my note 7, but, if really important and useful stuff is going to break down, I would think about rooting with much more attention
winol said:
Can somebody tell what native apps or features no longer work after rooting? (KNOX not important to me) I will root my note 7, but, if really important and useful stuff is going to break down, I would think about rooting with much more attention
Click to expand...
Click to collapse
Nothing is broken on my end.
Sent from the Upside Down
someone posted that s health stops working, anybody knows?
Samsung Pay
S Health and Secure Folder won't work if Knox gets tripped.
People, plz don't be mad at me.
I was a user of s7 edge, and did't root or install any mods in it to not lose Nox and the garantee.
Before s7 I had an Opo and bricked it installing to many roms.
So I lived 2yrs without following root/mod/rom world.
But I saw some news talking about some apps, like netflix, limiting access from users with rooted phones.
So, finally, my question is:
What apps are limiting access/functionality in rooted phones?
What would I lose if a root mine?
Probably payment platform apps dont work on root due to security issues. But due to systemless magisk root now you can hide root status using Magisk hide which enables us to use apps that dont work with root also.
About samsung knox is such a security measure designed by them like once you root your phone. The knox status changes to O x 3 or something which means modified status.
Than after that whether you come to stock unroot your phone do whatever you want you cant change the knox status. Only option some phones had is the kernal knox status being modified to fool it.
Apps like android pay samsung pay wont work because of that.
I have never used such payment app like samsung pay and all thats y i didnt had any problems with root.
Yash93 said:
Probably payment platform apps dont work on root due to security issues. But due to systemless magisk root now you can hide root status using Magisk hide which enables us to use apps that dont work with root also.
About samsung knox is such a security measure designed by them like once you root your phone. The knox status changes to O x 3 or something which means modified status.
Than after that whether you come to stock unroot your phone do whatever you want you cant change the knox status. Only option some phones had is the kernal knox status being modified to fool it.
Apps like android pay samsung pay wont work because of that.
I have never used such payment app like samsung pay and all thats y i didnt had any problems with root.
Click to expand...
Click to collapse
Thank you for your Answer.
I never have the patience to do anything with my s7e, it uses an Exynos processor, highly modified AndroidOs, and at that time (2yrs ago) I was already thinking in selling it.
I just give a Galaxy S product a try and although it's specs and high quality hardware (no one can deny it) I never liked it's usability and its edge screen.
Op5T has a worse screen (in specs) but it feels so much comfortable in my hand.
I'm really not missing my old S7e at all.