Remove All Ads from XDA
Honor 9 Lite

What is Samsung Knox? [Answered]

40 posts
Thanks Meter: 47
By allcaps33, Member on 29th June 2014, 07:42 PM
Post Reply Email Thread
[MODs, I know I have answered this before, but I felt it should be pushed into the main forum so everyone can see the answer. As this is a revised answer, please delete the OLD thread first! (please...)

Ok, so I've been asked a couple of times what knox really is. I've also read this question around the forum many, many times.

I hope this is the final answer that everyone can accept.

So let's start at the beginning... literally, the beginning. Right when you power on, Knox begins it's initial processes. You see, QualComm launched it's own SDK, and with this SDK, you can create your own, Hardware Level binaries, that do not actually run inside of Android. Instead, you can Have them run at initial boot with the other QualComm softwares/firmwares simultaneously. Think of the old "Binary Counter" prior to the Knox Generation.

This poses the question, "What is Samsung Knox?" There are several parts to this answer.

First, Knox describes itself as a type of container. Android, applications, almost every peice of software (to include partitions!) runs inside of the Knox container. Each and every application, process, task, etc, can be licensed to be run inside of this container. There are actually two containers, the secure boot, and the User/Industry/Commercial/Government container.

The secure boot, SELinux for Android, and TIMA (TrustZone-based Kernel Integrity Measurement Architecture) all work together to prevent unauthorized OS/Startup Software from loading, unauthorized changes to the kernel, and unauthorized changes to the operating system itself.

I have nicknamed this the "Tier 1 container." As it precedes, OS start up, but launches after the QualComm proprietary blend.

Second, it behaves as an Application-Specific container as well! (I call this the Tier 2 container). That's right, Knox is a service, a Software Development Kit! Did I just blow your mind? Cool...

You see, Samsung thought it would be cool to reach out to the widest Demographic possible. John Doe, Jane Smith, Fortune 500, the DoD, Government entities, and all kinds of Businesses.

How it works is, a random developer, or company will sign up- and pay, for access to the SDK. Like any other closed software, they receive a license/key to use and operate the kit. Once the app or software is developed, they submit it to Samsung, and receive a license to allow it to run inside of Knox.

So why do this?

Knox allows companies to create apps that the end-user has no real authority over. The user might be able to update/edit documents, media, or maybe fill out a DA or DD form, but he or she will not have control of the app itself. Knox allows each app to have it's own configuration. An example would be that your an IT/IS professional, and you work for multiple companies as an adviser. Each company gives you it's own Knox licensed app so you can pull network stats for each network. Each app will have it's own VPN settings, security settings, password, user availabilty, and more.

Any type of intrusion or intercession to Knox, Knox's policies, or Apps (within the Knox Container) will set off a warning system. This we know as "Knox Notifications." As I've told other users, I don't think that Samsung reports us to AT&T or whomever just because we root our phones, or constantly troll on 4chan, but I do think that it is possible for a given company, or business to create an app that can log just such events.

Knox is its own kind of "asec" container. For more info on this, see the "Works Cited" below.

As for the supported devices, again I will point you to the "Works Cited" below.

If you still have questions after reading this, please visit the page. As this was meant as a brief, quick glance article.

Works Cited:
What is Samsung Knox?
What is a Knox Container?
What's the Difference Between Knox and Virtualization?
What's the difference between the Knox license, and the Knox SDK license?
Which Devices are Currently Supported?
The Following User Says Thank You to allcaps33 For This Useful Post: [ View ] Gift allcaps33 Ad-Free
29th June 2014, 07:47 PM |#2  
OP Member
Thanks Meter: 47
Two things to take away from this:

(1) We've obtained root, which means Knox securities can be defeated.
(2) Commands, scripts, and/or binaries can be passed to, ran within, or be exploited by, Knox.

Let's see how far we can smash it into the ground.
The Following 2 Users Say Thank You to allcaps33 For This Useful Post: [ View ] Gift allcaps33 Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes