Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[RESEARCH] Samsung Knox: Warranty Void Behavior

OP theq86

17th September 2013, 09:18 AM   |  #1  
theq86's Avatar
OP Senior Member
Flag Nuremberg
Thanks Meter: 736
 
918 posts
Join Date:Joined: Jan 2009
Donate to Me
More
As you may already know, the latest Samsung firmwares came with a new secured bootloader. You can recognize it in download mode easily. It states: Knox warranty void: 0x0 or 0x1.

As for now, there is no way to reset that flag from 0x1 to 0x0.

Then I read in a comment of Chainfires post concerning that flag, that as long as you do not try to downgrade to a non secured bootloader, this flag will not change. He claims to have that information directly from Samsung.

https://plus.google.com/u/0/+Chainfire/posts
Quote:
Originally Posted by Jeffery Butler

FYI...Samsung told me that Knox warranty becomes 0x1(void) when the device with secured bootloader attempts to have non-secured bootloader. MH1 is the very first binary with secured bootloader. If MH1 is attempted to be downgraded to lower version(i.e. MGD) which has non-secured bootloader, then Knox warranty becomes void forever, and this means that the device can be used only for non-Knox device(no container can be created).

Has anyone already experience with rooting an "untouched" S4 which has the secured bootloader and can confirm or decline that?

- - - - - - - - - -

Conclusions and Facts about KNOX-enabled firmwares (based on statements from chainfires post and it's comments above, ans based on this thread)

  • Not possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0x1) (even though some people state, downgrade is possible when omitting the bootloader file in a firmware package: see http://forum.xda-developers.com/show....php?t=2444671, not confirmed)
  • Even if you flash a KNOX-enabled firmware via odin (e.g. the latest fw) knox will be set to 0x1
  • Flashing unsigned or modified images via odin will set knox to 0x1
  • Samsung stated, resetting the flag is impossible
  • KNOX is mandatory and can not be completely removed
  • Warranty Void is no counter, it is a flag (0,1) it was never seen 0x2 or so
  • Mirroring all partitions from a clean 0x0-Device to a 0x1-Device via JTAG produces an unfunctional device (reversible by restoring the 0x1 partitions on the phone)
  • KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty
Assumptions on how KNOX flag in bootloader works:


  • Some experts think, an eFuse is involved. (http://en.wikipedia.org/wiki/EFUSE). An eFuse is mostly only incremential. Even unwriteable by low level tools or JTAG. But it is still not proven, that eFuse is used.
Knox technical information:
https://www.samsungknox.com/overview/technical-details
Last edited by theq86; 23rd September 2013 at 03:42 PM.
The Following 80 Users Say Thank You to theq86 For This Useful Post: [ View ]
17th September 2013, 11:51 AM   |  #2  
Senior Member
Thanks Meter: 420
 
767 posts
Join Date:Joined: Feb 2012
Also interested in this..
(don't really have high expectations though... )
17th September 2013, 12:07 PM   |  #3  
Junior Member
Thanks Meter: 4
 
9 posts
Join Date:Joined: Sep 2013
I used the CF Auto Root to root an unlocked i9505 and the flag changed. I have since un-rooted and restored to factory settings however the flag remains the same and no Knox container can be created on the device now.

If anybody has an update to a solution for this that would be greatly appreciated.
The Following 4 Users Say Thank You to coligulus For This Useful Post: [ View ]
17th September 2013, 12:10 PM   |  #4  
DjeMBeY's Avatar
Recognized Contributor
London, UK
Thanks Meter: 6,435
 
3,235 posts
Join Date:Joined: Dec 2011
Donate to Me
More
My status changed to 0x1 after flashing full NON-ROOTED , UNTOUCHED XXUDMGG with STOCK KERNEL MH1!!! :/
In my case STOCK KERNEL triggered this flag! When I tried to downgrade the FW it always failed in Odin and KNOX WARRANTY wasn't increased...
It's really confusing and it looks like Samsung is lying to us....
The Following 8 Users Say Thank You to DjeMBeY For This Useful Post: [ View ]
17th September 2013, 12:20 PM   |  #5  
Senior Member
Thanks Meter: 420
 
767 posts
Join Date:Joined: Feb 2012
Lie about what?
17th September 2013, 12:24 PM   |  #6  
nfsmw_gr's Avatar
Senior Member
Flag Salamina,Greece
Thanks Meter: 695
 
1,483 posts
Join Date:Joined: Dec 2010
More
Quote:
Originally Posted by DjeMBeY

My status changed to 0x1 after flashing full NON-ROOTED , UNTOUCHED XXUDMGG with STOCK KERNEL MH1!!! :/
In my case STOCK KERNEL triggered this flag! When I tried to downgrade the FW it always failed in Odin and KNOX WARRANTY wasn't increased...
It's really confusing and it looks like Samsung is lying to us....

You flashed stock firmware and you voided KNOX Warranty?
Damn...
I wish you good luck in trying to figure out what to do now!
The Following 6 Users Say Thank You to nfsmw_gr For This Useful Post: [ View ]
17th September 2013, 12:27 PM   |  #7  
harise100's Avatar
Senior Member
Thanks Meter: 221
 
866 posts
Join Date:Joined: Oct 2011
More
In the same Chainfire Google+ post, somebody mentioned there could be a so called 'eFuse'.

Like a normal fuse, a piece of hardware gets broken beyond repair. The 'e' means that this can be triggered and checked by software.

But I am no expert, this is just hearsay.


Sent from my GT-I9505 using xda app-developers app
Last edited by harise100; 17th September 2013 at 12:29 PM.
The Following User Says Thank You to harise100 For This Useful Post: [ View ]
17th September 2013, 12:47 PM   |  #8  
DjeMBeY's Avatar
Recognized Contributor
London, UK
Thanks Meter: 6,435
 
3,235 posts
Join Date:Joined: Dec 2011
Donate to Me
More
Quote:
Originally Posted by bungadudu

Lie about what?

About details... This flag should change ONLY if you try to downgrade the bootloader but it's not the case...
Quote:
Originally Posted by nfsmw_gr

You flashed stock firmware and you voided KNOX Warranty?
Damn...
I wish you good luck in trying to figure out what to do now!

Yeah, I'm really angry! :/
I simply repacked MGG and included previous STOCK Kernel MH1... KNOX WARRANTO VOID = 0x1
WTF Samsung????!!????!!! :/
The Following 6 Users Say Thank You to DjeMBeY For This Useful Post: [ View ]
17th September 2013, 01:03 PM   |  #9  
theq86's Avatar
OP Senior Member
Flag Nuremberg
Thanks Meter: 736
 
918 posts
Join Date:Joined: Jan 2009
Donate to Me
More
seems samsung also checks kernel and recovery binaries. whenever something tries to bypass knox the flag is incremented.

OT: It sucks and I really will sell S4 for Nexus 5 when it's released
The Following 2 Users Say Thank You to theq86 For This Useful Post: [ View ]
17th September 2013, 01:28 PM   |  #10  
gsmyth's Avatar
Senior Member
Thanks Meter: 447
 
1,380 posts
Join Date:Joined: Dec 2010
More
Quote:
Originally Posted by theq86

seems samsung also checks kernel and recovery binaries. whenever something tries to bypass knox the flag is incremented.

OT: It sucks and I really will sell S4 for Nexus 5 when it's released

I think Samsung's aim was to make the Knox functionality as 'secure' as possible and it seems to have worked (for now) and so is fulfilling its intended purpose. When I first heard about it, it seemed to be something intended for business/enterprise mobile use, so wasn't expecting it to roll out to all consumer handsets (especially not fully enforcing it).

Once the flag is incremented does that mean that the knox functionality can no longer be used? I know we all want to have a choice, but are the current consequences just that we are unable to downgrade firmware?

The Following 2 Users Say Thank You to gsmyth For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
0x1, carrot cake, hehe bottom!, knox, void, warranty
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes