can i downgrade without tripping knox

[Win_7]

hey everyone i recently got a new alaxy a70 and i dont want to trip knox but i want android 9 on it i have checked and there was no bootloader update so can i just flash the files with odin without unlocking bootloader and will this keep knox untripped

 

[V0latyle]

As long as you're flashing official firmware, you shouldn't trip Knox. I could be wrong.

If the bootloader version hasn't changed, you should be able to downgrade. You cannot however downgrade the bootloader, so if it was, say, version 3 on Android 9 but was updated to version 4 on Android 10/11, you wouldn't be able to downgrade.

 

[Win_7]

As long as you're flashing official firmware, you shouldn't trip Knox. I could be wrong.

If the bootloader version hasn't changed, you should be able to downgrade. You cannot however downgrade the bootloader, so if it was, say, version 3 on Android 9 but was updated to version 4 on Android 10/11, you wouldn't be able to downgrade.

official firmware and here you can see theres 1 build of android 9 with a bootloader of 5 same as latest update

 

[V0latyle]

You should be fine then.

I can't say for 100% that this won't trip Knox, but my understanding of KG/Vaultkeeper is that only custom or modified images will trip it. Since you're flashing official signed firmware, I don't think there would be a problem.

 

[Win_7]

You should be fine then.

I can't say for 100% that this won't trip Knox, but my understanding of KG/Vaultkeeper is that only custom or modified images will trip it. Since you're flashing official signed firmware, I don't think there would be a problem.

in my experience it trips when unlocking bootloader but it should be fine for official as for that you dont need to unlock it

 

[V0latyle]

in my experience it trips when unlocking bootloader but it should be fine for official as for that you dont need to unlock it

Unlocking the bootloader does not trip Knox.

Flashing custom or modified firmware does. So, if you unlock the bootloader, but only use pristine OEM firmware and never root the device or flash TWRP or a custom ROM, Knox should remain 0x0

 

[Win_7]

Unlocking the bootloader does not trip Knox.

Flashing custom or modified firmware does. So, if you unlock the bootloader, but only use pristine OEM firmware and never root the device or flash TWRP or a custom ROM, Knox should remain 0x0

interesting thank you for your information

 

[V0latyle]

interesting thank you for your information

No problem.

I think the confusion comes from the fact that unlocking the bootloader means that security sensitive features won't work. SafetyNet (now Play Integrity) fails, and so do apps that depend on Knox security features, even though Knox hasn't been tripped.

The following should help clarify this:

• Locked bootloader, OEM firmware: Knox 0x0, integrity guaranteed
• Unlocked bootloader, unmodified OEM firmware: Knox 0x0, integrity NOT guaranteed
• Relocked bootloader on OEM firmware as long as no modified image was ever flashed: Knox 0x0, integrity guaranteed
• Unlocked bootloader, modified firmware (This means ANY modification, be it Magisk patch, custom recovery, custom ROM, etc): Knox 0x1, integrity NOT guaranteed (but can be fixed in Magisk)
• Relocked bootloader, OEM firmware after Knox tripped: Knox 0x1, integrity guaranteed (Samsung apps might not work, Play Integrity dependent apps should)

 

[Win_7]

No problem.

I think the confusion comes from the fact that unlocking the bootloader means that security sensitive features won't work. SafetyNet (now Play Integrity) fails, and so do apps that depend on Knox security features, even though Knox hasn't been tripped.

The following should help clarify this:

• Locked bootloader, OEM firmware: Knox 0x0, integrity guaranteed
• Unlocked bootloader, unmodified OEM firmware: Knox 0x0, integrity NOT guaranteed
• Relocked bootloader on OEM firmware as long as no modified image was ever flashed: Knox 0x0, integrity guaranteed
• Unlocked bootloader, modified firmware (This means ANY modification, be it Magisk patch, custom recovery, custom ROM, etc): Knox 0x1, integrity NOT guaranteed (but can be fixed in Magisk)
• Relocked bootloader, OEM firmware after Knox tripped: Knox 0x1, integrity guaranteed (Samsung apps might not work, Play Integrity dependent apps should)

so theres no way to untrip knox right? i have a 2nd a70 that i did customize id like to get secure folder working i already tried the following:

1. knoxpatch
2. knoxpatch enhancher
3. smali patcher (pc)
4. general samsung patcher
5. securefolder_magisk.zip

but none worked no matter the order or anything i have hope in knoxpatch and it did work on another device of mine (sm-j330fn) but just not here

my 2nd a70 (unlocked) is running android 10 oneui 2.5

 

[V0latyle]

so theres no way to untrip knox right? i have a 2nd a70 that i did customize id like to get secure folder working i already tried the following:

Nope, Knox trip is basically an e-fuse - once tripped it is permanent and cannot be reversed.

1. knoxpatch
2. knoxpatch enhancher
3. smali patcher (pc)
4. general samsung patcher
5. securefolder_magisk.zip

but none worked no matter the order or anything i have hope in knoxpatch and it did work on another device of mine (sm-j330fn) but just not here

my 2nd a70 (unlocked) is running android 10 oneui 2.5

Don't know anything about that, sorry.

 

[Win_7]

Nope, Knox trip is basically an e-fuse - once tripped it is permanent and cannot be reversed.

Don't know anything about that, sorry.

what advantages does RElocking bootloader have?

 

[V0latyle]

what advantages does RElocking bootloader have?

It's realy a matter of opinion, I think.

I prefer to have my bootloader unlocked so that I can flash whatever I want. I don't use Samsung security features so I don't care about Knox, and I'm able to use other means to pass Play Integrity so I can use Wallet and banking apps.

I personally wouldn't use a Samsung as my daily driver due to the Knox factor, but that's just me. I like my Pixel because I can do whatever I want with it, and should I ever decide that I want to unroot and return to bone stock, I can do that without having any permanent repercussions.

From a technical standpoint, locking the bootloader just means that only official signed binaries will load. This also restores hardware backed attestation allowing for STRONG integrity result in Play Integrity...as useless as that is

 

[Win_7]

It's realy a matter of opinion, I think.

I prefer to have my bootloader unlocked so that I can flash whatever I want. I don't use Samsung security features so I don't care about Knox, and I'm able to use other means to pass Play Integrity so I can use Wallet and banking apps.

I personally wouldn't use a Samsung as my daily driver due to the Knox factor, but that's just me. I like my Pixel because I can do whatever I want with it, and should I ever decide that I want to unroot and return to bone stock, I can do that without having any permanent repercussions.

From a technical standpoint, locking the bootloader just means that only official signed binaries will load. This also restores hardware backed attestation allowing for STRONG integrity result in Play Integrity...as useless as that is

i like samsung more for everything else other than knox and bootloader updates

 

[Win_7]

It's realy a matter of opinion, I think.

I prefer to have my bootloader unlocked so that I can flash whatever I want. I don't use Samsung security features so I don't care about Knox, and I'm able to use other means to pass Play Integrity so I can use Wallet and banking apps.

I personally wouldn't use a Samsung as my daily driver due to the Knox factor, but that's just me. I like my Pixel because I can do whatever I want with it, and should I ever decide that I want to unroot and return to bone stock, I can do that without having any permanent repercussions.

From a technical standpoint, locking the bootloader just means that only official signed binaries will load. This also restores hardware backed attestation allowing for STRONG integrity result in Play Integrity...as useless as that is

so if im scared of frp lock but dont want to trip knox is it fine to unlock bootloader but not flash anything custom

 

[V0latyle]

so if im scared of frp lock but dont want to trip knox is it fine to unlock bootloader but not flash anything custom

FRP has nothing to do with Knox. There is no point in unlocking your bootloader if you aren't going to root or flash custom firmware.

Knox will trip if you flash ANYTHING other than original unmodified firmware. This includes Magisk patched images and custom recovery.

The main effect of tripping Knox is that your warranty will no longer be valid. If you're already outside the 1 year warranty period, it doesn't matter anyway. There is the possibility that some Samsung specific services and apps may not work correctly but from what I've been reading most of them still work even with Knox 0x1.

 

[Win_7]

FRP has nothing to do with Knox. There is no point in unlocking your bootloader if you aren't going to root or flash custom firmware.

Knox will trip if you flash ANYTHING other than original unmodified firmware. This includes Magisk patched images and custom recovery.

The only effect tripped Knox will have is some Samsung security features such as Samsung Pay will not work. It does not affect any Google apps or services.

i know but i ment should i have it unlocked still in case of it getting frp locked i can open it again or is that possible to do by flashing stock on locked?

 

[V0latyle]

i know but i ment should i have it unlocked still in case of it getting frp locked i can open it again or is that possible to do by flashing stock on locked?

I don't see how unlocking the bootloader will help with FRP.

 

[Win_7]

I don't see how unlocking the bootloader will help with FRP.

well then incase its frp locked you can sacrifice knox in order to get twrp and magisk then reflash os and boom frp is one

 

[V0latyle]

well then incase its frp locked you can sacrifice knox in order to get twrp and magisk then reflash os and boom frp is one

Ah.

Well...that seems like a complicated workaround when you can just make sure you have a way to get back into your Google account in case you forget your password.

 

[X.A.N.A]

Hello. Bro did you manage to roll back from andriod 11 to 9 without any problem using odin

Achually im on andriod 11 september 2021 security patch

But im facing a bad battery

I dont know what official firmware should i flash to get stable specially in battery usage when i was on andriod 9 it was lasting about 2 days and 1 day of heavy use . Now im charging it from 2 times per day . It doesnt matter if i rolled back to andriod 9 or not ..


All i just want a stable firmware to flash even from my current version of andriod