What will rooting the S9/S9+ break? - Samsung Galaxy S9 Questions & Answers

Hi all,
Most of the (advanced) users are already familiar with KNOX on Samsung devices.
Since it is a feature making the device secure in terms of keeping the system unmodified, it is well know that rooting it will trigger the KNOX eFuse and security features using it will stop working for good.
Now my question to which I cannot find a strait answer to is...
What will stop working if KNOX is triggered besides Samsung pay and Secure folder?
Will the fingerprint, IRIS/face unlock... still work?
And are there any more downsides?
Thanks!

dedabrane said:
Hi all,
Most of the (advanced) users are already familiar with KNOX on Samsung devices.
Since it is a feature making the device secure in terms of keeping the system unmodified, it is well know that rooting it will trigger the KNOX eFuse and security features using it will stop working for good.
Now my question to which I cannot find a strait answer to is...
What will stop working if KNOX is triggered besides Samsung pay and Secure folder?
Will the fingerprint, IRIS/face unlock... still work?
And are there any more downsides?
Thanks!
Click to expand...
Click to collapse
I think it breaks S health also if im not mistaken.
Iris, fingerprints etc not affected
sent from my Pixel 2 XL or Note FE

The Health App is pretty effective, so it's a shame to lose it. Mainly for the heart rate monitor, personally. (I have some BPM issues.)
Other than that, not sure.

Will this can be fixed with some patch?
Im coming from xperia, which there always a drm fix patch for newer device so we get the lost features back like x-reality, camera etc.
Also we can relock the BL with the backup so the device can be virgin again in case I want to sell it.
So what about the s9+? Can galaxy phone have the nox and all of its features back if we un-root it?
I have this device for 2 months now but still scared to root it since this is my first samsung device.

fizhsmile said:
Will this can be fixed with some patch?
Im coming from xperia, which there always a drm fix patch for newer device so we get the lost features back like x-reality, camera etc.
Also we can relock the BL with the backup so the device can be virgin again in case I want to sell it.
So what about the s9+? Can galaxy phone have the nox and all of its features back if we un-root it?
I have this device for 2 months now but still scared to root it since this is my first samsung device.
Click to expand...
Click to collapse
No.
Once knox is tripped its permanent and all the things that breaks stay broken.
Theres is an abundance of info on this and its common knowledge for us sammy guys. Hit that search button and start reading up on all the samsung quirks so you dont have any surprises. Your very smart to wait as you have so you dont do something you cant undo!
Sent from my Note 9 exynos, S9 plus exynos, Pixel 2 XL or Note FE

There is a fix for S Health, I have it working on mine by following this thread https://forum.xda-developers.com/s7-edge/how-to/guide-how-to-s-health-devices-knox-t3543306

There is ways around this Knox trip. Also read most ROMs and kernels remove any Knox

bahmonkeys said:
There is ways around this Knox trip. Also read most ROMs and kernels remove any Knox
Click to expand...
Click to collapse
The KNOX that rooting trips and the KNOX that breaks Samsung apps is nothing to do with any ROM, it is a hardware e-fuse
There are workarounds to get some of the apps working again, but once you trip KNOX to 0x1, it's permanent

Related

What is Knox an why do I care?

Please forgive the catchy title as well as my ignorance as while I have been around computing stuff for a long time, am kinda new to the Android stuff.
For me, I picked up a Samsung Strat II this summer, an have gotten a bit used to that, so just grabbed a 8.4 for Xmas as I have more uses for that, an would like to get that running as best as possible.
For the Strat II, I did root it with Towelroot an with no noticeable side effects, so understand the hows an why's of this.
But in reading the forums for the 8.4, have been seeing this thing about tripping the Knox from messing with the OS in anyways in regard to rooting.
From the little bit I have read, it seems to be some kind of root tripper, an would assume that voids any warranties too, but was wondering if some could explain it a bit more to me, an perhaps answer the following questions.
1: Does it in fact trip from a root an does this void the warranty?
2: This does not seem to be part of my Strat II OS, so is this something newer?
3: If indeed it is just a warranty thing, do I care once it's out of warranty? Which I think is one year?
4: Is it just a OS recording thing, or does it mess up the tab in anyway, software or hardware wise?
5: From what I have read, once tripped, its permanent an there is no way to reverse that even from a complete system reset, so is that true?
So those are just a few at the moment an again, please forgive my ignorance, but hey, if you don't ask, you don't learn.
Thanks for any help
if you used towelroot then you probably didn't trip knox, knox will trip if you use other root methods like cf-auto-root or flash custom firmwares like CM.
knox is a hardware fuse (at least on the snapdragon cpu) that once tripped cannot be undone as it actually modifies hardware kind-of like burning out a circuit and Samsung checks the flag to see if the device was tampered with and it will void warranty (though they may or may not make an exception depending on the issue like if something was hardware related they might still honor it).
TowelRoot uses a kernel exploit and doesn't mess with bootloaders ..etc , thus keeping knox happy
Thanks for the reply otyg, so can I use towelroot on my 8.4, or does this not work with something like this, or with this OS?
WBFAir said:
Thanks for the reply otyg, so can I use towelroot on my 8.4, or does this not work with something like this, or with this OS?
Click to expand...
Click to collapse
Towelroot only worked on ND1~ND3 Firmware on the tab pro 8.4 then the kernel was patched on newer firmwares--- so if your tab has a newer firmware it won't work anymore without some headaches.
Basically you need to flash the Kernel (not the full firmware) from ND3 root the tab with towelroot then swap the kernel back to the current firmware, and knox should stay at 0x0 .
One of the things that puzzles me is why did they even do this?
Seems that the customization that rooting is needed to be done for, is such a big part of why many buy these things?
Guess there is some that damage things by over clocking or something else, an then rest everything an try to claim warranty, but still gotta be a small amount as apposed to those who buy them as they can do all the software stuff to them.
Seems like they are trying to lock out a good amount of their customer base.
WBFAir said:
One of the things that puzzles me is why did they even do this?
Seems that the customization that rooting is needed to be done for, is such a big part of why many buy these things?
Guess there is some that damage things by over clocking or something else, an then rest everything an try to claim warranty, but still gotta be a small amount as apposed to those who buy them as they can do all the software stuff to them.
Seems like they are trying to lock out a good amount of their customer base.
Click to expand...
Click to collapse
It could be worse, the efuse(s) can be used for all kinds of things like completely locking the bootloader, luckily Samsung didn't go to that extreme
Yeah, I understand.
So by any chance otyg, do you know if regarding my question on anything else it might do, does tripping the knox do anything other then the hardfuse, an the reporting of it?
Does it effect the device in any other way?
Basically I tried the unit I have for just a little bit as I wanted to setup the basics before Xmas an make sure it would work with my WiFi, but all in all the unit ran pretty nice with just the way it was.
So I really even wonder if I want to root it, an then with this Knox thing, its deterring me even more.
But then too, I know some apps just really require it.
So kinda torn.
But if it does something else negative to the device other then what we have already discussed, might just leave it alone for the time being.
Btw, thanks for all the help so far.
There are benefits to rooting like being able to use your sdcard properly , I rooted mine, never tripped knox,
As with all rooting It's a risk if you do trip it it will probably void warranty, it could also brick your device if something goes wrong.
Another common problem I have been seeing is random reboots for people who have a tripped knox flag (this is due to software on the tablet that checks knox and somehow causes reboots, you can disable the software but still troublesome and doesn't work for everyone).
If you really want to root I would go with towelroot method, its the safest and less risk for triggering any knox problems.
you basically update your firmware to the latest version first, extract the kernel from the tar file, download the ND3 firmware extract the kernel, tar the kernel's , flash the nd3 kernel with odin, boot-up , towelroot, install supersu , reboot - switch back to download mode and re-flash the latest kernel)
Read through this thread too, some people have prepared standalone kernels to use if you don't want to do it yourself. you probably need ND3 (or ND1 will work) and K1 if your tablet is the XAR model.
http://forum.xda-developers.com/showthread.php?t=2786800
^ND1 kernel
http://forum.xda-developers.com/gal...320xar1ank1-extracted-stock-firmware-t2954549
^K1 kernel
Thanks greatly otyg, will have to look into this more after the holidays, an thanks so much for the info
WBFAir said:
One of the things that puzzles me is why did they even do this?
Seems that the customization that rooting is needed to be done for, is such a big part of why many buy these things?
Guess there is some that damage things by over clocking or something else, an then rest everything an try to claim warranty, but still gotta be a small amount as apposed to those who buy them as they can do all the software stuff to them.
Seems like they are trying to lock out a good amount of their customer base.
Click to expand...
Click to collapse
Because people mostly don't care and don't know.
If you don't like what they do, then don't support them. Stop buying their products, or buy used if you have to.
Personally, Samsung is the #1 company on my **** list, with Apple being a close 2nd, due to their policies towards their customers.
I only bought my 12.2 Note Pro because nobody else make anything in this class.
I already have Nexus 4 & 7. Xperia. And if I was shopping for a small tablet, I'd get the new Nexus (despite the HTC crappy quality lottery).
I also bought it used/refurbished, not new.
WBFAir said:
Yeah, I understand.
So by any chance otyg, do you know if regarding my question on anything else it might do, does tripping the knox do anything other then the hardfuse, an the reporting of it?
Does it effect the device in any other way?
Click to expand...
Click to collapse
For this device, once you trip Knox you can no longer update firmware through the traditional methods, you have to do it manually through something like Odin or a custom recovery, as far as I can tell. Samsung recognizes that you've "modified" your device and will not let you update through official channels.
gidal said:
Because people mostly don't care and don't know.
If you don't like what they do, then don't support them. Stop buying their products, or buy used if you have to.
Personally, Samsung is the #1 company on my **** list, with Apple being a close 2nd, due to their policies towards their customers.
I only bought my 12.2 Note Pro because nobody else make anything in this class.
I already have Nexus 4 & 7. Xperia. And if I was shopping for a small tablet, I'd get the new Nexus (despite the HTC crappy quality lottery).
I also bought it used/refurbished, not new.
Click to expand...
Click to collapse
I suspect it's to honor their high level contracts (like the govs, and fortune 500 company's) who need to keep the devices secure, knox is a good way to tell the customer their device could have been compromised, unfortunately it does effect normal users like us who like to tweak the devices a little .
otyg said:
I suspect it's to honor their high level contracts (like the govs, and fortune 500 company's) who need to keep the devices secure, knox is a good way to tell the customer their device could have been compromised
Click to expand...
Click to collapse
This is pretty much true, in my understanding. KNOX is aimed at enterprise users (company provided devices) as a means of ensuring the devices are kept in an "approved" or "compliant" configuration. Once a device is rooted, root can be hidden (as well as any number of changes made to the system) so it makes sense for IT departments to want a non-reversible hardware fuse to detect the device has been tampered (mainly by the employees).
Android hasn't had the widest adoption for enterprise use, mainly due to the open nature of the OS. So such security measures are an attempt at changing that perception.
Folks on here have argued that KNOX counter does not void the warranty, and its only purpose if for use along with the KNOX security software. Whether that is 100% true or not, I can't personally say.
Knox allows a device to be setup as two completely separate devices in one. One secured for business use the other for personal use. I tripped Knox immediately on mine when I rooted it.
Can i towelroot and install cm without knockig trox?

From the S5 to S6E or 6??

So I want to switch from my s5 to the 6E but is it really worth it to get over the regular 6 in your guys opinions? I have the 64GB in Black probably. And coming from an S5 to the Edge, is there any major differences on this phone while using ODIN to root? Anything I should be aware of before I try to root the phone, or what recovery should I be using.... I dont not want a brick lol and just want to be on the safe side. I haven't done this stuff in over a year so I feel very far behind everyone else. Thanks
Edit- I also have a macbook so will I be affected at all trying to root my phone?
If you can use a stock phone that works great out of the box, with all its premium features working, that can make /receive calls all day, text, multitask like a boss and take super photos like a premium camera and have a unique look that NO Other Phone has. Get yourself a GS6 Edge.
If you want root and custom roms & features, stay with your S5 until the Dev's figure out how to get past the bootloader securities that Samsung has put in place to prevent anything custom from being flashed to the phone.
There are procedures for rooting and custom recovery that claim it works but you trip Knox, lose fingerprint scanner, lose call audio and some other stuff I can't remember right now.
??? In my book they don't work. ???
Balls in your court.
I was looking forward to root, but not until it's foolproof, for now I'm really enjoying my Gold stock GS6E with great battery life and a look that everyone wants to touch.
Pp.
PanchoPlanet said:
There are procedures for rooting and custom recovery that claim it works but you trip Knox, lose fingerprint scanner, lose call audio and some other stuff I can't remember right now.
Click to expand...
Click to collapse
Pretty much the current story is:
- Want root on 5.0.2 without tripping Knox? No problem, so long as you haven't upgraded to 5.1.1 (OF6) yet. Reasonably high chances that new phones are shipping with 5.1.1 already.
- Want root on 5.1.1? You'll need a custom kernel that disables dm_verity and sets SEAndroid to Permissive. But flashing a custom kernel will void Knox.
- Want root on 5.1.1 but without tripping Knox? You'll need an engineering bootloader before flashing anything. Side-effects currently include: no fingerprint scanner. In-call audio seems to be working now, if you're running the correct [custom] kernel for your device.
- Want root on 5.1.1 without tripping Knox and without any side-effects? Too bad.
- Want root on 5.1.1 without any side-effects, and don't care about Knox? Easy, and it's working great.
Edit: Forgot to mention, if you're on a Verizon or Sprint device... good luck. Last I hear, due to locked bootloaders, 5.1.1 = no root whatsoever.
Don't forget any new phones recently purchased after June update will only have 5.1.1 firmware. No 5.0.2 .
Pp.
Stay with your GS5. Development for this phone (S6 and S6e) is going at the speed of fart. I'm a flashoholic. I've owned the phone for less than two months and am already extremely bored with it.
PanchoPlanet said:
Don't forget any new phones recently purchased after June update will only have 5.1.1 firmware. No 5.0.2 .
Pp.
Click to expand...
Click to collapse
I mentioned that, kinda.
They're just 2 different phones. Not even sure there's such thing as better. S6 will have faster updates which i think is due to elimination of sd card support and sealed battery which people find as a detractor. Camera is better with s6 and has silent option without turning off all phone sounds. Quick charging on a regular sized port is good on S6. I like the edge for lazy scrolling of not reaching around the bezel on S6 Edge. I do think the screen looks nicer on the S6 as well. I'd really say to play with it at the store and decide. I use my wife's S5 for stuff and find that it's just fine. Not brave enough to test the waterproofing on a phone that's not mine, but my friend in Cali takes pictures in the pool with his and I think that it's a good feature as long as nothing goes wrong.
Thanks guys for the quick replies!
Aou said:
Pretty much the current story is:
- Want root on 5.0.2 without tripping Knox? No problem, so long as you haven't upgraded to 5.1.1 (OF6) yet. Reasonably high chances that new phones are shipping with 5.1.1 already.
- Want root on 5.1.1? You'll need a custom kernel that disables dm_verity and sets SEAndroid to Permissive. But flashing a custom kernel will void Knox.
- Want root on 5.1.1 but without tripping Knox? You'll need an engineering bootloader before flashing anything. Side-effects currently include: no fingerprint scanner. In-call audio seems to be working now, if you're running the correct [custom] kernel for your device.
- Want root on 5.1.1 without tripping Knox and without any side-effects? Too bad.
- Want root on 5.1.1 without any side-effects, and don't care about Knox? Easy, and it's working great.
Edit: Forgot to mention, if you're on a Verizon or Sprint device... good luck. Last I hear, due to locked bootloaders, 5.1.1 = no root whatsoever.
Click to expand...
Click to collapse
Great info!!! Will keep in mind all of this. And I'm on Tmobile... Will prob wait for the devs to get this figured out. I like flashing roms due to less bloat ware and usually a good solid battery life.
Brad4891 said:
Great info!!! Will keep in mind all of this. And I'm on Tmobile... Will prob wait for the devs to get this figured out. I like flashing roms due to less bloat ware and usually a good solid battery life.
Click to expand...
Click to collapse
The ROMs will probably be mainly TW-based if the Exynos thing hasn't been overcome for AOS/KP.
S6 edge. I rooted this bad boy and tripped the Knox no problem and using a stock rom which is much faster with awesome battery life.
Sent from my SM-G925T using Tapatalk

Official Recoveries and Kernels that trips you up called KNOX.

Everywhere I read about how people are afraid to trip KNOX, will flashing this trip it.. YES what I understand is that FLASHING anything that is an Unofficial Recovery or Kernel is what will trip this security feature, TRIPPING KNOX will DISABLE SAMSUNG PAY
Samsung Pay relies on the security features of KNOX. Once KNOX is tripped you can't go back.
1st question is how can we make an Official Kernel with ROOT...???
2nd question is what makes it Official to begin with..???????,
no where have I seen any forum discuss how these companies make Official Firmware and kernels, Seems like every phone company can alter Official Firmware and kernels to suit the needs and its still an Official update and does not trip KNOX.
Just curious as to the inner workings on being Official. Would be nice to see a Official Rooted Kernel kind of like the leaked T-Mobile Engineering Kernel but even it was limited in ways.
Anyway about KNOX... trip it.
If you are just using your phone for personal and like custom roms tripping KNOX means nothing and its OKAY.
If your going to use Samsung Pay then step away from ROOT and don't look back. Tripping Knox is not for you.
As far as I can tell the only people who can't root are the people who work for big business and have work related files on their phones, KNOX is going to make a partition and keep all this stuff secret for them so if you rooted your phone and work for lets say the "Department of Defense" chances of you getting fired and your phone destroyed are like 100% so if your the sole owner of your phone and like to tinker with custom roms TRIP KNOX its okay, I just wish we had a way to make Official Firmware and Kernels but I can see problems for big business if we did.
Not to be mean, but you have absolutely no idea what you are talking about. I am only saying that so that anyone else reading this knows that.
"Official Kernel With Root" is not going to happen.
If you trip Knox, you will not be able to use Samsung features such as Samsung Pay. This is important to a number of people.
You really should do some research before posting.
Your not being mean at all but you did not answer either, why is it not going to happen? I would like to know what makes it official and why can't it be done?
I get Samsung pay users, but for those who Root usually are going to flash custom roms and don't care about that feature, if your using Samsung pay then you need KNOX to keep your data secure. I will edit the OP and state the facts for those who don't already know about this.
It it was that easy to work around knox, i guess it wouldnt be that great of a security feature huh? Samsung didnt waste all that time for nothing, theyre protecting your data, and rooting your device makes it vulnerable. Im amazed there was ever a way around it before 5.1.1
lootbooper said:
It it was that easy to work around knox, i guess it wouldnt be that great of a security feature huh? Samsung didnt waste all that time for nothing, theyre protecting your data, and rooting your device makes it vulnerable. Im amazed there was ever a way around it before 5.1.1
Click to expand...
Click to collapse
So true, but I been looking at this 2 ways, as what I read and heard from Samsung about KNOX is you have software which is what the security Suite of apps is all about, it handles all the security features, the KNOX (EFUSE) when rooted or phone is set to custom trips the KNOX Counter which Samsung told me in an email its not connected to the Software Suite for Security, its in place to tell them (Samsung) that the phone has been altered, which VOIDS the WARRANTY and Samsung can refuse to fix your phone. I am trying to get more answers from Samsung about why Samsung Pay stops working if this (Efuse) KNOX Counter is tripped, so far they say the Counter is not related to the software suite. I get no direct answer about it. They don't claim is stops Samsung Pay from working but they really don't tell me why it does stop it either.
UPDATE: " just got an email back from a tech at Samsung, tells me if phone is rooted or custom or if the knox counter is 0x1 you can not install samsung pay, told me the counter is part of the security being used in the Knox Suite." So I guess they are linked then.
Well i see what your getting at i think, but seems like no one has had an issue getting a replacement device with knox tripped. And samsung pay does not even open after tripping when it previously worked. So someone is lying.
Look at all the problems with apple pay. If you dont want your bank account tapped or credit cards maxxed dont break knox. On my opinion its not even that great of a feature, most banks dont support it, and many card terminals wont either until they get updated.
I was just thinking about this myself. I liked having a rooted phone before, but the advantages of having a sandbox on my phone for extra security is nice. You can even use it to have 2 of apps. Like ig or snapchat where u have more than 1 account. Besides some of the little things i miss like xposed, there is no real reason to root the phone, besides maybe tethering. You even can do themes if you want it to look different or a launcher. but can't totally reset your phone after that damn counter.
stldelsol said:
I was just thinking about this myself. I liked having a rooted phone before, but the advantages of having a sandbox on my phone for extra security is nice. You can even use it to have 2 of apps. Like ig or snapchat where u have more than 1 account. Besides some of the little things i miss like xposed, there is no real reason to root the phone, besides maybe tethering. You even can do themes if you want it to look different or a launcher. but can't totally reset your phone after that damn counter.
Click to expand...
Click to collapse
I am still a newbie at this , I rooted my moto razor when I first got it, best damn phone at the time, then I got into Samsung because the camera was better, first Samsung was the S4, what an upgrade from moto... I rooted and tweaked it and never left Android 4.2.2, its still that way, but I wanted a better camera and thought everyone was all happy about lollipop so I got a S6, which it has KNOX, my old s4 has no knox not even in the bootloader, I used triangle away to reset the binary counter but with this S6 I am torn between root or no root, am I going to custom it out or stick around to see if Samsung Pay will actually work out. Rooting does have a purpose but if manufacturers would just let us get rid of bloat maybe the phones could be ours. I also wondered about if rooting would leave your phone open to security risks, I thought you had to grant root access to get into the sandbox.???
I disabled everything i dont use so almost feels like no bloat lol. If you open knox you can set it to be a launcher and have a different set of apps, background and so on. Its nice to keep work separate from regular life. But with root you can achieve a lot of cool things. But after years of rooting and custom roms i am happy with a vanilla phone........ for know haha

s6 edge 925T fingerprint dead?

just done rooting and install twrp on my device on 5.1.1 ( tmobile 925T s6 edge ) without tripping knox using AOU kernel . some how fingerprint is dead and security notice kept poping up ( how to turn this off ? ) any way to fix this ? , also is there any good rom out there that i can flash right now without tripping knox ? . thanks
It clearly states it in the thread that the rooting method without tripping KNOX will break the fingerprint scanner.
There is NO way to get root, not trip KNOX, and have the fingerprint scanner working on 5.1.1.
And no, you can't flash custom ROMs without tripping KNOX.
lemonov said:
It clearly states it in the thread that the rooting method without tripping KNOX will break the fingerprint scanner.
There is NO way to get root, not trip KNOX, and have the fingerprint scanner working on 5.1.1.
And no, you can't flash custom ROMs without tripping KNOX.
Click to expand...
Click to collapse
well thank you for the quick reply, and i just found out rooting w/o tripping knox will broke fingerprint sensor .
sjhotwings said:
well thank you for the quick reply, and i just found out rooting w/o tripping knox will broke fingerprint sensor .
Click to expand...
Click to collapse
It really comes down to what you want more. A working fingerprint scanner and a selection of relly good custom roms (considering it's an exynos device), or Samsung pay. When I put it that way to myself, the decision was kinda easy for me.
Akw6190 said:
It really comes down to what you want more. A working fingerprint scanner and a selection of relly good custom roms (considering it's an exynos device), or Samsung pay. When I put it that way to myself, the decision was kinda easy for me.
Click to expand...
Click to collapse
Yeah, this is the direction I'm likely to go. I just don't like that it's irrevocable, but Samsung/T-Mobile will likely discontinue support within a year (as soon as the S7 comes out? Yeah, probably). It's a really good phone but Exynos is going to limit its lifetime.
Pyperkub said:
Yeah, this is the direction I'm likely to go. I just don't like that it's irrevocable, but Samsung/T-Mobile will likely discontinue support within a year (as soon as the S7 comes out? Yeah, probably). It's a really good phone but Exynos is going to limit its lifetime.
Click to expand...
Click to collapse
Well at least it's gonna get Marshmallow. I'm excited that the S7 is supposed to have a Qualcomm chip again, though.

Question Root and Knox Vault

Good morning everyone. As someone very curious about tech, and since they are advertising the Knox Vault feature on latest Exynos chips here in France, I wonder how the Knox Vault affects rooting. I had a rooted S8 and I couldn't launch things like SM pay, and health. I already read the white paper and to root guide in sticky, but I want to know if one of you actually have a teardown of the software part, or how does the root tamper with the Vault and the Knox keys. Thanks in advance to everyone that have answers!
loulou310 said:
Good morning everyone. As someone very curious about tech, and since they are advertising the Knox Vault feature on latest Exynos chips here in France, I wonder how the Knox Vault affects rooting. I had a rooted S8 and I couldn't launch things like SM pay, and health. I already read the white paper and to root guide in sticky, but I want to know if one of you actually have a teardown of the software part, or how does the root tamper with the Vault and the Knox keys. Thanks in advance to everyone that have answers! 10.0.0.0.1 192.168.1.254
Click to expand...
Click to collapse
I got this,..
loulou310 said:
Good morning everyone. As someone very curious about tech, and since they are advertising the Knox Vault feature on latest Exynos chips here in France, I wonder how the Knox Vault affects rooting. I had a rooted S8 and I couldn't launch things like SM pay, and health. I already read the white paper and to root guide in sticky, but I want to know if one of you actually have a teardown of the software part, or how does the root tamper with the Vault and the Knox keys. Thanks in advance to everyone that have answers!
Click to expand...
Click to collapse
There is a belief (with some proof) that the KNOX is tied to an E-Fuse (physical) on the board which breaks when we root or anything which alters the system. Once the fuse melts, nothing to be done. KNOX retaliates with the security measures like stopping the functions of the apps like S Secure, S Health, Pay and Pass to protect the device.. So far, there is no way to reverse the fuse condition. Motherboard replacement is the only option. Hope this helps your question.
Vorion said:
There is a belief (with some proof) that the KNOX is tied to an E-Fuse (physical) on the board which breaks when we root or anything which alters the system. Once the fuse melts, nothing to be done. KNOX retaliates with the security measures like stopping the functions of the apps like S Secure, S Health, Pay and Pass to protect the device.. So far, there is no way to reverse the fuse condition. Motherboard replacement is the only option. Hope this helps your question.
Click to expand...
Click to collapse
Is not a physical fuse it's purely software. If you root, it breaks Knox. Knox is the security (think Fort Knox) that Samsung implemented. Once Knox is tripped it cannot be restored and you can no longer use Samsung Wallet, Secured Folder, most banking apps, Samsung Health, DeX, and creating a work profile.
gernerttl said:
Is not a physical fuse it's purely software. If you root, it breaks Knox. Knox is the security (think Fort Knox) that Samsung implemented. Once Knox is tripped it cannot be restored and you can no longer use Samsung Wallet, Secured Folder, most banking apps, Samsung Health, DeX, and creating a work profile.
Click to expand...
Click to collapse
This is a false information. Learn more about KNOX and e-Fuse on these links.
What is a Knox Warranty Bit and how is it triggered?
eFuse - Wikipedia
en.wikipedia.org
If it had been purely a software thing, Devs at XDA, Github, StackOverflow communities would have found a way to reverse it many many years ago. Some devs here tried to find ways to reverse it. It's almost a decade now.
Edit: Banking apps have nothing to do with KNOX. It's to do with Google's Safety Net Attestation. And DEX will work fine on a KNOX triggered device as it did on mine.
Vorion said:
This is a false information. Learn more about KNOX and e-Fuse on these links.
What is a Knox Warranty Bit and how is it triggered?
eFuse - Wikipedia
en.wikipedia.org
If it had been purely a software thing, Devs at XDA, Github, StackOverflow communities would have found a way to reverse it many many years ago. Some devs here tried to find ways to reverse it. It's almost a decade now.
Edit: Banking apps have nothing to do with KNOX. It's to do with Google's Safety Net Attestation. And DEX will work fine on a KNOX triggered device as it did on mine.
Click to expand...
Click to collapse
You are correct about the hardware part. However, anything that relies on Knox will not work. That includes any banking apps that rely on it. There are ways around getting banking apps working again using Magisk. It depends on the banking app.
Also, if you have the US version of the S22 you won't be able to root it anyway. US Carriers required that Samsung lock the bootloader. Nobody has been able to unlock the bootloader, yet.
You don't need to change out the motherboard though. If you send it back to Samsung, they can reload the firmware. It's a matter of rewriting the firmware back to the hardware with the proper encryption keys (in otherwards a full factory reinstall). It's not cheap though. It would be cheaper to buy a new phone.
gernerttl said:
You are correct about the hardware part. However, anything that relies on Knox will not work. That includes any banking apps that rely on it. There are ways around getting banking apps working again using Magisk. It depends on the banking app.
Also, if you have the US version of the S22 you won't be able to root it anyway. US Carriers required that Samsung lock the bootloader. Nobody has been able to unlock the bootloader, yet.
You don't need to change out the motherboard though. If you send it back to Samsung, they can reload the firmware. It's a matter of rewriting the firmware back to the hardware with the proper encryption keys (in otherwards a full factory reinstall). It's not cheap though. It would be cheaper to buy a new phone.
Click to expand...
Click to collapse
Yes, any app which relies on KNOX, won't work on a fuse-blown device. However, only a handful of Samsung's proprietory apps rely on Knox. Earlier, I used to change the TIMA value and get S Health app to work by circumventing Knox Status. That's not happening nowadays. Banking apps rely only on Google's Safety Net. Banking apps have no direct ties to Knox. Magisk module, Universal Safety Net Fix being the solution. Again, it's called Safety Net Fix for the same reason.
There are some sources to unlock US variants. I never had the need to use their services. So I can't recommend it. But there are people who claim to have unlocked their US devices through their services.
About flashing the firmware with "proper" encryption keys is an "interesting" news. But all these years, I have only known about Samsung Customer Care around the world, telling the people that the motherboard replacement being the only option in such cases. Again, you are implying that there's a software fix. May I know where you got this info?
Vorion said:
There is a belief (with some proof) that the KNOX is tied to an E-Fuse (physical) on the board which breaks when we root or anything which alters the system. Once the fuse melts, nothing to be done. KNOX retaliates with the security measures like stopping the functions of the apps like S Secure, S Health, Pay and Pass to protect the device.. So far, there is no way to reverse the fuse condition. Motherboard replacement is the only option. Hope this helps your question.
Click to expand...
Click to collapse
gernerttl said:
Is not a physical fuse it's purely software. If you root, it breaks Knox. Knox is the security (think Fort Knox) that Samsung implemented. Once Knox is tripped it cannot be restored and you can no longer use Samsung Wallet, Secured Folder, most banking apps, Samsung Health, DeX, and creating a work profile.
Click to expand...
Click to collapse
Vorion said:
Yes, any app which relies on KNOX, won't work on a fuse-blown device. However, only a handful of Samsung's proprietory apps rely on Knox. Earlier, I used to change the TIMA value and get S Health app to work by circumventing Knox Status. That's not happening nowadays. Banking apps rely only on Google's Safety Net. Banking apps have no direct ties to Knox. Magisk module, Universal Safety Net Fix being the solution. Again, it's called Safety Net Fix for the same reason.
There are some sources to unlock US variants. I never had the need to use their services. So I can't recommend it. But there are people who claim to have unlocked their US devices through their services.
About flashing the firmware with "proper" encryption keys is an "interesting" news. But all these years, I have only known about Samsung Customer Care around the world, telling the people that the motherboard replacement being the only option in such cases. Again, you are implying that there's a software fix. May I know where you got this info?
Click to expand...
Click to collapse
Perhaps you might like to try my little module if you have magisk installed ...
GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices
Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices - GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" f...
github.com
73sydney said:
Perhaps you might like to try my little module if you have magisk installed ...
GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices
Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices - GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" f...
github.com
Click to expand...
Click to collapse
Thanks. I'm not rooted, nor do I intend to. My S22 Ultra does everything I want and need it to do as is.
gernerttl said:
Thanks. I'm not rooted, nor do I intend to. My S22 Ultra does everything I want and need it to do as is.
Click to expand...
Click to collapse
Not sure why you replied in a thread about rooting, just to tell me you werent interested in rooting?
Seems odd....
73sydney said:
Perhaps you might like to try my little module if you have magisk installed ...
GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices
Removes "sakv2" from ro.security.keystore.keytype to help make Samsung Health run on rooted Samsung devices - GitHub - stylemessiah/SamsungHealthSecurityProps: Removes "sakv2" f...
github.com
Click to expand...
Click to collapse
I would be trying this in a few days. Thank you for the suggestion and your work!
73sydney said:
Not sure why you replied in a thread about rooting, just to tell me you werent interested in rooting?
Seems odd....
Click to expand...
Click to collapse
I do have the same feeling. Feels like he has never used rooted/Knox Tripped Samsung device yet he is giving out his opinions on root and Knox, Magisk, etc., which are far from the facts. When I asked about the source of his claims, he went silent untill your reply. It's better to leave it at that.

Categories

Resources