Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,811,847 Members 53,333 Now Online
XDA Developers Android and Mobile Development Forum

[RESEARCH] Samsung Knox: Warranty Void Behavior

Tip us?
 
theq86
Old
(Last edited by theq86; 23rd September 2013 at 02:42 PM.)
#1  
theq86's Avatar
Senior Member - OP
Thanks Meter 732
Posts: 918
Join Date: Jan 2009
Location: Nuremberg

 
DONATE TO ME
Default [RESEARCH] Samsung Knox: Warranty Void Behavior

As you may already know, the latest Samsung firmwares came with a new secured bootloader. You can recognize it in download mode easily. It states: Knox warranty void: 0x0 or 0x1.

As for now, there is no way to reset that flag from 0x1 to 0x0.

Then I read in a comment of Chainfires post concerning that flag, that as long as you do not try to downgrade to a non secured bootloader, this flag will not change. He claims to have that information directly from Samsung.

https://plus.google.com/u/0/+Chainfire/posts
Quote:
Originally Posted by Jeffery Butler
FYI...Samsung told me that Knox warranty becomes 0x1(void) when the device with secured bootloader attempts to have non-secured bootloader. MH1 is the very first binary with secured bootloader. If MH1 is attempted to be downgraded to lower version(i.e. MGD) which has non-secured bootloader, then Knox warranty becomes void forever, and this means that the device can be used only for non-Knox device(no container can be created).
Has anyone already experience with rooting an "untouched" S4 which has the secured bootloader and can confirm or decline that?

- - - - - - - - - -

Conclusions and Facts about KNOX-enabled firmwares (based on statements from chainfires post and it's comments above, ans based on this thread)

  • Not possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0x1) (even though some people state, downgrade is possible when omitting the bootloader file in a firmware package: see http://forum.xda-developers.com/show....php?t=2444671, not confirmed)
  • Even if you flash a KNOX-enabled firmware via odin (e.g. the latest fw) knox will be set to 0x1
  • Flashing unsigned or modified images via odin will set knox to 0x1
  • Samsung stated, resetting the flag is impossible
  • KNOX is mandatory and can not be completely removed
  • Warranty Void is no counter, it is a flag (0,1) it was never seen 0x2 or so
  • Mirroring all partitions from a clean 0x0-Device to a 0x1-Device via JTAG produces an unfunctional device (reversible by restoring the 0x1 partitions on the phone)
  • KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty
Assumptions on how KNOX flag in bootloader works:


  • Some experts think, an eFuse is involved. (http://en.wikipedia.org/wiki/EFUSE). An eFuse is mostly only incremential. Even unwriteable by low level tools or JTAG. But it is still not proven, that eFuse is used.
Knox technical information:
https://www.samsungknox.com/overview/technical-details
Please Search the forums and ask your questions there. I'm no personal supporter.
HTC One (m7_ul)
The Following 79 Users Say Thank You to theq86 For This Useful Post: [ Click to Expand ]
 
bungadudu
Old
#2  
Senior Member
Thanks Meter 416
Posts: 762
Join Date: Feb 2012
Also interested in this..
(don't really have high expectations though... )
 
coligulus
Old
#3  
Junior Member
Thanks Meter 4
Posts: 9
Join Date: Sep 2013
I used the CF Auto Root to root an unlocked i9505 and the flag changed. I have since un-rooted and restored to factory settings however the flag remains the same and no Knox container can be created on the device now.

If anybody has an update to a solution for this that would be greatly appreciated.
The Following 4 Users Say Thank You to coligulus For This Useful Post: [ Click to Expand ]
 
DjeMBeY
Old
#4  
DjeMBeY's Avatar
Recognized Contributor
Thanks Meter 6,391
Posts: 3,235
Join Date: Dec 2011
Location: London, UK

 
DONATE TO ME
My status changed to 0x1 after flashing full NON-ROOTED , UNTOUCHED XXUDMGG with STOCK KERNEL MH1!!! :/
In my case STOCK KERNEL triggered this flag! When I tried to downgrade the FW it always failed in Odin and KNOX WARRANTY wasn't increased...
It's really confusing and it looks like Samsung is lying to us....
<><><><><><><><><><> NOTE: I do NOT respond to any technical Support through PM's. <><><><><><><><><><>
The Following 7 Users Say Thank You to DjeMBeY For This Useful Post: [ Click to Expand ]
 
bungadudu
Old
#5  
Senior Member
Thanks Meter 416
Posts: 762
Join Date: Feb 2012
Lie about what?
 
nfsmw_gr
Old
#6  
nfsmw_gr's Avatar
Senior Member
Thanks Meter 680
Posts: 1,458
Join Date: Dec 2010
Location: Salamina,Greece
Quote:
Originally Posted by DjeMBeY View Post
My status changed to 0x1 after flashing full NON-ROOTED , UNTOUCHED XXUDMGG with STOCK KERNEL MH1!!! :/
In my case STOCK KERNEL triggered this flag! When I tried to downgrade the FW it always failed in Odin and KNOX WARRANTY wasn't increased...
It's really confusing and it looks like Samsung is lying to us....
You flashed stock firmware and you voided KNOX Warranty?
Damn...
I wish you good luck in trying to figure out what to do now!

Press thanks if i've helped you!
It's not much,but it does matter to me.


Anyone plays FIFA 13 on Origin?
Add me so we can play a game!
(nfsmw_gr just like here)

Devices:Nokia 3310-->Nokia 5210-->Nokia 3410-->Motorola V535-->Sony K750i-->Sony W660i-->Nokia 5320-->Sony W595i-->Samsung Galaxy S-->Huawei Ideos X5-->Nokia X2-->Sony Spiro-->Sony Live With Walkman-->Vodafone Joy(Huawei 845)-->Sony Xperia PLAY-->Sony Z550i(temp)-->Samsung Galaxy SIII(Awesome phone!)-->Samsung Galaxy S4
The Following 5 Users Say Thank You to nfsmw_gr For This Useful Post: [ Click to Expand ]
 
harise100
Old
(Last edited by harise100; 17th September 2013 at 11:29 AM.)
#7  
harise100's Avatar
Senior Member
Thanks Meter 214
Posts: 845
Join Date: Oct 2011
In the same Chainfire Google+ post, somebody mentioned there could be a so called 'eFuse'.

Like a normal fuse, a piece of hardware gets broken beyond repair. The 'e' means that this can be triggered and checked by software.

But I am no expert, this is just hearsay.


Sent from my GT-I9505 using xda app-developers app
SGS5 [SM-G900F]: CyanogenMod 11
Nexus 7 [Flo]: SlimKat 4.4.x
The Following User Says Thank You to harise100 For This Useful Post: [ Click to Expand ]
 
DjeMBeY
Old
#8  
DjeMBeY's Avatar
Recognized Contributor
Thanks Meter 6,391
Posts: 3,235
Join Date: Dec 2011
Location: London, UK

 
DONATE TO ME
Quote:
Originally Posted by bungadudu View Post
Lie about what?
About details... This flag should change ONLY if you try to downgrade the bootloader but it's not the case...
Quote:
Originally Posted by nfsmw_gr View Post
You flashed stock firmware and you voided KNOX Warranty?
Damn...
I wish you good luck in trying to figure out what to do now!
Yeah, I'm really angry! :/
I simply repacked MGG and included previous STOCK Kernel MH1... KNOX WARRANTO VOID = 0x1
WTF Samsung????!!????!!! :/
<><><><><><><><><><> NOTE: I do NOT respond to any technical Support through PM's. <><><><><><><><><><>
The Following 6 Users Say Thank You to DjeMBeY For This Useful Post: [ Click to Expand ]
 
theq86
Old
#9  
theq86's Avatar
Senior Member - OP
Thanks Meter 732
Posts: 918
Join Date: Jan 2009
Location: Nuremberg

 
DONATE TO ME
seems samsung also checks kernel and recovery binaries. whenever something tries to bypass knox the flag is incremented.

OT: It sucks and I really will sell S4 for Nexus 5 when it's released
Please Search the forums and ask your questions there. I'm no personal supporter.
HTC One (m7_ul)
The Following 2 Users Say Thank You to theq86 For This Useful Post: [ Click to Expand ]
 
gsmyth
Old
#10  
gsmyth's Avatar
Senior Member
Thanks Meter 406
Posts: 1,216
Join Date: Dec 2010
Quote:
Originally Posted by theq86 View Post
seems samsung also checks kernel and recovery binaries. whenever something tries to bypass knox the flag is incremented.

OT: It sucks and I really will sell S4 for Nexus 5 when it's released
I think Samsung's aim was to make the Knox functionality as 'secure' as possible and it seems to have worked (for now) and so is fulfilling its intended purpose. When I first heard about it, it seemed to be something intended for business/enterprise mobile use, so wasn't expecting it to roll out to all consumer handsets (especially not fully enforcing it).

Once the flag is incremented does that mean that the knox functionality can no longer be used? I know we all want to have a choice, but are the current consequences just that we are unable to downgrade firmware?

The Following 2 Users Say Thank You to gsmyth For This Useful Post: [ Click to Expand ]
Tags
0x1, carrot cake, hehe bottom!, knox, void, warranty
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes