I'm working on a way to do this and I think I've got it figured out. Expect an update this weekend coming up
Sent from my SM-N9005 using Tapatalk
If you show me evidences about some positive progress i will raise my bounty valueI'm working on a way to do this and I think I've got it figured out. Expect an update this weekend coming up
Sent from my SM-N9005 using Tapatalk
Wouldn't it be more practical at this point to make a bootloader that ignores it? Just virtualize the efuse as 0x0 instead of physically trying to reset it. Might be just as simple as shadowing a "reprogrammable" region onto the addresses that usually shadow the "q"fuse block.
This reminds me of xbox360 jtagging
The e-fuses were getting blown on dash upgrades to prevent the recovery of CPU key, but the removal of the resistor R6T3,
that supplies the current to blow the e-fuse prevented any future e-fuse blowing
I will update 2nd post with donations when I get home from work. Note 3's here in Canada just got an update (security and stabilty). I'm guessing my knox will read 0x2 after I update and root again ?.
Sent from my SM-N900W8 using Tapatalk 4
Pretty sure it's an e-Fuse... http://xdaforums.com/showpost.php?p=31622172&postcount=9
Wouldn't it be more practical at this point to make a bootloader that ignores it? Just virtualize the efuse as 0x0 instead of physically trying to reset it. Might be just as simple as shadowing a "reprogrammable" region onto the addresses that usually shadow the "q"fuse block.
Unfortunately, this is probably out of bounds for anyone without jtag.
The idea of KNOX is not that you can't beat it, but that it's impractical to do so. I'd say a bootloader is the most likely way to beat it, only with jtag could you then proove it's "really" been blown.
This would also proove that a "hardware chain of trust" can never be reliable for security. (not that we don't already know that)
I can almost bet that if someone checks out the bootloader, we will be able to find a workaround on this :silly:Why are we all so sure the bootloader is what's actually setting the flag? There are other bootloaders within the hardware, the chain of trust begins in hardware. The bootloader is just displaying a value, if that value is read from a hardware flag within the CPU, there's every chance the CPU is what's setting it in the first place.
I can almost bet that if someone checks out the bootloader, we will be able to find a workaround on this :silly:
Of course it isn't simple, it is a security stuff... it's meant to be difficult to crack.. but not impossiblethis isn't a new thing, the galaxy s4 has had this knox counter for months now and all of those developers haven't figured it out yet, either. That includes the likes of Chainfire, who made triangle away. I really don't think it's as simple as some people think.
Why are we all so sure the bootloader is what's actually setting the flag? There are other bootloaders within the hardware, the chain of trust begins in hardware. The bootloader is just displaying a value, if that value is read from a hardware flag within the CPU, there's every chance the CPU is what's setting it in the first place.
Possible, but the point in software is to abstract. Nobody is going to program every little security feature into the hardware. Takes massive R&D with very little reward. Eg. it's not economically feasible.The bootloader is just displaying a value, if that value is read from a hardware flag within the CPU, there's every chance the CPU is what's setting it in the first place.
I'm working on a way to do this and I think I've got it figured out. Expect an update this weekend coming up
Sent from my SM-N9005 using Tapatalk