What we know so far:
-The Knox flag is physically stored in the eMMC, not in the SoC. Replacing the eMMC resets the flag.
-Some phones with Knox have Toshiba eMMCs supporting only eMMC v4.5, meaning, a standard eMMC 4.5 feature is being used (not ...
Apparently my RPMB theory is right then.
We know so far:
-Samsung can reset the flag without altering any hardware.
-The flag is in the eMMC.
-Apparently not in either the Boot or User partition areas.
-The flag is not a Samsung extension to eMMC...
Efuses are normally built into the SoC, I have never heard of an efuse in an eMMC chip. However, someone reported that replacing the eMMC removes Knox.
My guess is that "Knox warranty void" is indeed an efuse, but "Accept Knox-signed bo...
The ATF Box is not just a hardware dongle - it's an FPGA device that is used for reading/writing the eMMC chip. Also, it doesn't simply implement the MMC protocol as a card reader would - it actually tampers with the MMC command/data messages sent...
Probable boxless - though still hardware-based - way of unlocking the bootloader on Lumia 800 (also Lumia 900, with different test-point layouts):
You will need an MMC card reader that supports >4GB cards, a good soldering iron and some thin, ins...