Galaxy S5 Knox Reset (New Hope)

Vaira said:

Many are speaking of 'the S5'. It very depends on the type of SoC (Qualcomm or Exynos). Also when reading the thread there are many pointless assumptions without tech. background. Both bootchains are different. Also one q-fuse can theoretically re-set the state of another when programmed that way (odd / even).

Knox is a combination of bootloader / kernel implementation / Knox system apps and the 'flag'. There are different ways how Knox flag could be triggered.
It depends on where I modify and what I modify and when I modify. AFAIK both kernels and the bootloader are digitally signed (recovery and OS). As soon as the digital signature of one of the kernel has changed Knox will be triggered, also when flashing an unsigned bootloader.
Custom roms can be applied as long as the stock kernel remains untouched.

The primary control instance is the bootloader itself (flashing with Odin). Now we're having towel root. Nobody knows exactly how 'knox' knows when the kernel has changed. Is it the bootloader directly that verifies on any boot? Is there code that calculates the 'new' signature?

Click to expand...

Click to collapse

Hi there, may I introduce some mind boggling facts into your assumption as well?

I have the Canadian Note 3, and I am currently the OP of the N900W8 KNOX 0x0 guide.

I added an educated answer to why this is happening only for our devices on my thread, if you want to check it out.

I am on NA2 bootloader (Mexican leaked), Custom Recovery, Custom Kernel, Custom ROM - and KNOX is still at 0x0.

The fact that people have been using MOP to flash custom ROMs and keep KNOX at 0x0 shows that custom ROMs don't trigger the flag, and neither do modem flashes. It is all within the Recovery-Kernel TrustZone.

To answer your "Nobody knows exactly how 'knox' knows when the kernel has changed" with an educated theoretical answer - KNOX tests for Su/checks typical directories for Su and hence it starts crashing (but this doesn't mean that it would trip KNOX, it has just detected an unsafe environment in the userland) [Which is why people disable KNOX/uninstall KNOX on custom ROMs - disabling KNOX through SuperSU has no adverse effects towards the flag].

If you take a look at how KNOX functions, you will know what the so-called TrustZone is, which is typically why after the SECOND reboot after a normal root using Odin, your flag would be tripped on a normal device. Your phone goes into it's boot algorithm called "Secure Boot" which verifies the signatures on the bootloader, kernel and occasionally system software. As CF-Root is injected into a partition without any need of authentication or permissions, it will automatically boot after applying the "update", bypassing the check once, but after a reboot, poof goes your KNOX.

If I could dumb it down any further, when regarding Towelroot and not getting KNOX 0x1, it is because it is essentially a backdoor exploit using the signed Samsung kernel, which does not breach any of the TrustZone partition checks. A userland exploit, while gaining the help of the kernel (either through a backdoor or a buffer overflow) will not, and is unable to, destroy any higher level system structures such as the Kernel, ROM structure or Bootloader (as an office worker can't just fire their boss, they can still help and change ideas of their boss, but they can't make them *not* the boss (digitally UNsign him to trip KNOX)). However changing the officer in the company just by firing and hiring a new one, can easily corrupt the company by changing rules of the lower hierarchical members (Using Odin to inject Auto CF-Root). This is KNOX's main rule, written out for us to know.

All I can say is, after nearly a full year with my Canadian Note 3 and half a year with KNOX 0x0, this answer is the car and the driver relationship. The Car being the bootloader, and the driver being the kernel. As these are the two main things that KNOX loves tripping us on, I can safely assume that the bootloader is the key reason why people get tripped KNOXes.

Some useful information here on KNOX: http://www.samsung.com/my/business-..._whitepaper_An_Overview_of_Samsung_KNOX-0.pdf

Problem is you guys are just having chit chats on this thread with no helpful development - hence it's under General, go find sh*t out yourself and don't ask to get spoonfed answers.

If you want to know what's happening, this is the bounty thread that just has bounties: http://xdaforums.com/showthread.php?t=2486346

This is the useful thread you should try to understand 100% before just blatantly asking whether there's a fix or not: http://xdaforums.com/showthread.php?t=2642207

This was our last hope: http://xdaforums.com/showthread.php?t=2721505 (which contained the actual Qualcomm certificate signing tool to reset KNOX, if you guys have been following the right threads, you would have already gotten hands on this)

cloudx720 said:

Knox won't ever be cracked, ever. NSA approved.

Click to expand...

Click to collapse

All that meas is that they already know how to crack it :angel:

It seems like there is a cure and its not impossible.. Does this mean that all that crap that people said about a physical eFuse blowing up was debunked... Meaning we have hope!!! ?????


BTW sorry i forgot to mention.. It's for the galaxy note 3..?

here's the link to the original thread http://xdaforums.com/showthread.php?t=2486346

Thanks in advance
Sent from my SM-G900T using Tapatalk

Airboner said:

someone have to test it and report it back to know
we hope that works

Click to expand...

Click to collapse

I downloaded the tar and checked it's contents.

It's for the Exynos Note 3. Both files are only for that variant. (N900)

No one should try to cross-flash them in another device, it will most likely brick your phone.

Sent from my SM-G900H using Tapatalk