[Bounty] [05/20/2014]Reset KNOX counter to 0x0 (UPDATE: 3k +)

[djnoicatse]

Created this bounty thread hoping to find a way to reset our KNOX counter to 0x0. It's great that @designgears and @Chainfire found a way to root without tripping the Knox counter, but unfortunately a lot of us have already voided our warranty using the old way.

I know it's a long shot and almost impossible (as far as we know) to reset the Knox counter, so I'm hoping there's a dev out there that would be willing to give this a shot and see if it can be done. I'm sure there are tons of people out here in the xda community who would like to have their mind at ease knowing that their warranty will still be good when they need their phone serviced.

So I'll start off with donating $20 to the first person that finds a way to reset the infamous knox flag!

May 5th 2014

Hey everyone, sorry I haven't been able to update this thread. I've been really busy with work and my family. Any time I have to go on XDA is simply just checking up on some PM's and maybe some quick browsing. When I get the chance (hopefully soon) I will update the OP with some missed donations that I have missed. I don't even know what the update is on this whole KNOX fiasco. What I do know, is that was 4.4.2 came out, KNOX was updated to 3.0. I would assume that finding a solution is probably harder than ever.


Sent from my SM-N900W8 using Tapatalk 4

 

[djnoicatse]

Donations so far,

Me- $20
@NoEnd- $20
@Skander1998- $120
@Kinoal- $30
@Imoseyon- $20
@zylor- $50
@xda_q8 -$100
@Yuhfhrh- $20
@odeccacccp- $20
@Poisyx -80€
@danieljamie - £10
@Raphy511- $5
@apd- $20
@Jack Barrett- $10
@checkmateyou- $50
@mrQQ- $20
@Meanee- $20
@Steezy5- $20
@micger21- $20
@Kingybear- $20
@zbz999- $20
@Action B- $10
@yulet- $10
@Virusbetax- $30
@ytwytw- $20
@piit79- $40
@erubey21- $20
@perosredo- $10
@lordmusik- $50
@LemonPowerForce- $50
@AUSTAB2012- $20
@samuraiofu- $20
@valix2fr- $30
@Wayne7497- $100
@vincedoggy- $50
@almacncheese- $2
@simon2k10- $20
@iakovidis- $20
@GeorgEveS- $20
@kakyyabata- $20
@Café King- $20
@dukhan- $80
@zocster- $20
@Shadowjump- $5
@oofol- $20
@maniacscorpio- $20
@iceghost1210- $20
@chrisrotolo- $25
@Volrath- $20
@apfelsaftkotzer- $10
@layercake87- 10€
@moto211- $10
@radicalisto- £10
@tongueman87- $20
@alesa1988- 20€
@bones718- $10
@k4syx- $10
@Michuta- 10€
@m7md garrah- $250
@droidan- $52
@madridfran- $10
@trubster- $25
@dpoverlord - $20
@dukhan - $6
@OmarManLover- $20
@Maroc_Specops- $10
@ramsenn- $4
@ysr84- $40
@ashT1971- $40
@iT iS Me- $11
@eraybozkurt- $50
@vinokirk- $10
@Cyenominerva- $10
@cocokasper- $20
@hussam1988- $10
@theunderling- $40
@Bitmixer- $20
@censor2005- $15
@otakuloser- $20
@r3scue- $13
@leboural- $20
@Hepokatti- $20
@redwhiteblackandblue- $12
@IOU-1- $13
@mr sharpey- $30




Sent from my SM-N900W8 using Tapatalk 4

 

[_frog hair]

Knox will prevail! Hil the mighty KNOX! ;D Lol.. great thread man. I will def follow =)

Sendt fra min SM-N9005 med Tapatalk

 

[djnoicatse]

Knox will prevail! Hil the mighty KNOX! ;D Lol.. great thread man. I will def follow =)

Sendt fra min SM-N9005 med Tapatalk

I've got a strong feeling that KNOX will end up winning ?. But we'll never know if we don't try.



Sent from my SM-N900W8 using Tapatalk 4

 

[kaos_king]

I was wondering how they can make knox irreversible.

One idea i came up with is there could be a piece of hardware that is triggered, irreversibly by maybe destroying it.

Does anyone else think it could be linked to hardware?

 

[NoEnd]

I pledge by $20

Please keep a record of all pledges with the total in 1st or 2nd post

Thanks

 

[Skander1998]

40$ here.
My counter is still 0x0, but not for long as I'm tempted to just flash everything beyond control

 

[iankellogg]

THe knox flag is an EFUSE, you will NEVER be able to reset it back to 0. It is PHYSICALLY destroyed in the S800 chip and there is no way to change that fact. The best you can hope for custom bootloader that fakes the flag. But they will always be able to check the flag.

 

[Kinoal]

I pledge 30$ here!

 

[Skander1998]

THe knox flag is an EFUSE, you will NEVER be able to reset it back to 0. It is PHYSICALLY destroyed in the S800 chip and there is no way to change that fact. The best you can hope for custom bootloader that fakes the flag. But they will always be able to check the flag.

There is no concrete evidence that it is an e-FUSE.
All is speculation.

 

[iankellogg]

There is no concrete evidence that it is an e-FUSE.
All is speculation.

The speculation is that KNOX is using an E-FUSE. chainfire has said everything he can tell its an e-fuse. The S800 has at least 1 E-FUSE register that I know of and I think maybe 4 total.

 

[djnoicatse]

I pledge by $20

Please keep a record of all pledges with the total in 1st or 2nd post

Thanks

Record of pledges is now posted

Sent from my SM-N900W8 using Tapatalk 4

 

[djnoicatse]

THe knox flag is an EFUSE, you will NEVER be able to reset it back to 0. It is PHYSICALLY destroyed in the S800 chip and there is no way to change that fact. The best you can hope for custom bootloader that fakes the flag. But they will always be able to check the flag.

I've heard this too....
Nothing is impossible if it hasn't been tried.

Sent from my SM-N900W8 using Tapatalk 4

 

[NoEnd]

THe knox flag is an EFUSE, you will NEVER be able to reset it back to 0. It is PHYSICALLY destroyed in the S800 chip and there is no way to change that fact. The best you can hope for custom bootloader that fakes the flag. But they will always be able to check the flag.

I'm not an expert, but guessing if KNOX is a hardware validation, can we replace this chip or manipulate with it?

 

[iankellogg]

I'm not an expert, but guessing if KNOX is a hardware validation, can we replace this chip or manipulate with it?

the EFUSE is built into the Qualcomm S800 chipset. So there is no practical way to fix it.

 

[NoEnd]

the EFUSE is built into the Qualcomm S800 chipset. So there is no practical way to fix it.

other smartphones like the G2 uses the same chipset, how come they don't have the same validation?

I guess that either Samsung have their own version of S800 or there is another chipset in the system represents KNOX.

 

[iankellogg]

other smartphones like the G2 uses the same chipset, how come they don't have the same validation?

I guess that either Samsung have their own version of S800 or there is another chipset in the system represents KNOX.

So I was wrong about the number of Efuses (which qualcomm calls QFuses) THere are over 100 of these QFuses. THey can be used for pretty much anything the manufacture wants (from what I have read all manufactures use QFuses for disabling Debugging). All Qualcomm chips and pretty much any CPU or FPGA on the market has at least 1 EFuse. It is up to the company to determine how those are used. LG decided against using EFuse checks in their bootloader. Samsung decided it was the only way to make Knox secure.

 

[NoEnd]

So I was wrong about the number of Efuses (which qualcomm calls QFuses) THere are over 100 of these QFuses. THey can be used for pretty much anything the manufacture wants (from what I have read all manufactures use QFuses for disabling Debugging). All Qualcomm chips and pretty much any CPU or FPGA on the market has at least 1 EFuse. It is up to the company to determine how those are used. LG decided against using EFuse checks in their bootloader. Samsung decided it was the only way to make Knox secure.

Ok now I understood your point

Thanks for explaining

 

[neoKushan]

other smartphones like the G2 uses the same chipset, how come they don't have the same validation?

I guess that either Samsung have their own version of S800 or there is another chipset in the system represents KNOX.

What you have to remember is that Qualcomm license their chipsets out, but it's up to the device manufacturer to use it however they want. Not all features get used or enabled and not all will be used for the same purpose. They all use efuses for things like disabling debugging and such but Samsung has potentially chosen to use it as a hardware flag for Knox.

I was wondering how they can make knox irreversible.

One idea i came up with is there could be a piece of hardware that is triggered, irreversibly by maybe destroying it.

Does anyone else think it could be linked to hardware?

What you're describing is an "efuse". It's a well known method of securing a system to prevent it from doing things like downgrades. It's a piece of hardware, as you describe, that gets permanently "blown". This is nothing like a traditional fuse that you can replace, it's a tiny, tiny part of the silicon inside the CPU itself. You can't "repair" it, it's only a few nm in size. It would be easier to thread a needle using two Boeing 747's.

Anyway...

The efuse thing is, at this time, speculation. There's a lot of evidence to say it's an efuse being used but nothing concrete as of yet. There's a good chance we may never be able to reset the Knox flag, however it has been shown that we can at least bypass it in certain instances.

 

[iankellogg]

What you have to remember is that Qualcomm license their chipsets out, but it's up to the device manufacturer to use it however they want. Not all features get used or enabled and not all will be used for the same purpose. They all use efuses for things like disabling debugging and such but Samsung has potentially chosen to use it as a hardware flag for Knox.



What you're describing is an "efuse". It's a well known method of securing a system to prevent it from doing things like downgrades. It's a piece of hardware, as you describe, that gets permanently "blown". This is nothing like a traditional fuse that you can replace, it's a tiny, tiny part of the silicon inside the CPU itself. You can't "repair" it, it's only a few nm in size. It would be easier to thread a needle using two Boeing 747's.

Anyway...

The efuse thing is, at this time, speculation. There's a lot of evidence to say it's an efuse being used but nothing concrete as of yet. There's a good chance we may never be able to reset the Knox flag, however it has been shown that we can at least bypass it in certain instances.

To add to this. The motorola bootloader for the atrix, razr and others used an EFuse to lock the bootloader and I wouldn't be surprised if that was the case here now for samsung. If you aren't familar, Motorola's bootloader can not be unlocked (unless its a dev phone) and their solution to people was to give them a coupon to buy a new device that didn't have a locked bootloader. I have no faith that we will be able to reverse KNOX flag or be able to unlock the bootloaders but I do have confidence that we will have a safestrap.