Clarification on what triggers Knox on the S9 SM-G960F?

Jarmezrocks

Senior Member
Mar 25, 2011
959
493
0
Gold Coast
tinyurl.com
Ok, first of all I've been member here since Galaxy S1 days, so I'm not a n00b as such, however I've done pretty much no modifications to my Galaxy S9 international.
Because I've been "out of the mobile development" scene for quite some time, I understand the the progression that Samsung has been continuing with trying to secure Samsung devices? So it would be very naive of me to assume that the boundaries are the same as when I had my Galaxy S7 or Galaxy S3?

Now I understand people are going to say use the search function bla bla blah, but I've not been able to find the specifics for what I'm trying to achieve?

This brings me my exact point of what I'm trying to achieve:
First point is Facebook is embedded with in the system with Signature checking FFS! Damn you Zuckerberg!
Is it possible to decompile the system image and swap out the Facebook app for Facebook LC or even no Facebook at all?
Is it only having the SU binary that triggers Knox or is it because the flash files are not signed by Samsung? As in the 4 part firmware BL, AP, CSC etc?

The other thing I wanted to change would be the boot animation QMG file. I know how to create a new and compatible QMG for my S9 no worries.
Is there a hash file checking all the internal files of the software against their listed signatures?
I know within the settings APK that there are also signature checking against flip fonts that are signed by Mono so understand that some checks are deeply embedded in some places; that doesn't worry me. I'm quite happy to not run root but curious to know what Odin checks when flashing and what things will actually trigger Knox?
Are we able to modify files and replace them back into the system image of the firmware, and re-sign these with .md5 and be able to flash the firmware without triggering Knox?

If someone could enlighten me of the specifics of Knox and flashing on the Galaxy S9, that would be great ?
 

Charkatak

Senior Member
Aug 11, 2012
1,560
269
0
WA
Ok, first of all I've been member here since Galaxy S1 days, so I'm not a n00b as such, however I've done pretty much no modifications to my Galaxy S9 international.
Because I've been "out of the mobile development" scene for quite some time, I understand the the progression that Samsung has been continuing with trying to secure Samsung devices? So it would be very naive of me to assume that the boundaries are the same as when I had my Galaxy S7 or Galaxy S3?

Now I understand people are going to say use the search function bla bla blah, but I've not been able to find the specifics for what I'm trying to achieve?

This brings me my exact point of what I'm trying to achieve:
First point is Facebook is embedded with in the system with Signature checking FFS! Damn you Zuckerberg!
Is it possible to decompile the system image and swap out the Facebook app for Facebook LC or even no Facebook at all?
Is it only having the SU binary that triggers Knox or is it because the flash files are not signed by Samsung? As in the 4 part firmware BL, AP, CSC etc?

The other thing I wanted to change would be the boot animation QMG file. I know how to create a new and compatible QMG for my S9 no worries.
Is there a hash file checking all the internal files of the software against their listed signatures?
I know within the settings APK that there are also signature checking against flip fonts that are signed by Mono so understand that some checks are deeply embedded in some places; that doesn't worry me. I'm quite happy to not run root but curious to know what Odin checks when flashing and what things will actually trigger Knox?
Are we able to modify files and replace them back into the system image of the firmware, and re-sign these with .md5 and be able to flash the firmware without triggering Knox?

If someone could enlighten me of the specifics of Knox and flashing on the Galaxy S9, that would be great
If you flash custom ROM, that should trigger the knox. If you get an official firmware and flash using Odin, knox is happy
 

Jarmezrocks

Senior Member
Mar 25, 2011
959
493
0
Gold Coast
tinyurl.com
Thanks but that's not really the response I was looking for? Sounds like you're just wanting to get your post count up, and not really knowledgeable. I probably know more than what you've written, but thanks anyway (I think? Maybe for wasting my time)
 

Devo7v

Senior Member
Oct 12, 2010
1,871
675
133
Washington, D.C.
Thanks but that's not really the response I was looking for? Sounds like you're just wanting to get your post count up, and not really knowledgeable. I probably know more than what you've written, but thanks anyway (I think? Maybe for wasting my time)
No need to talk down to somebody, he may be genuinely trying to help.

That said, all the questions you are asking have been answered in various threads, I suggest searching in the future. If you flash anything that isn't signed by Samsung you will trip Knox. You can make the modifications you suggested to get rid of Facebook and anything else, but since you don't have the Samsung keys, once you flash it, you will trip Knox. There was some discussion that simply enabling the OEM unlock would trip Knox, but I haven't been able to verify that since mine is already tripped.

You can however use ADB commands to disable packages installed on your phone but once you update your phone they will be reenabled and you will have to run the ADB commands again. This may be a roundabout way of doing what you're trying to accomplish. Hopefully this is helpful.
 

Youdoofus

Forum Moderator
Staff member
Feb 21, 2011
3,428
922
253
Sioux Falls, SD
If you flash custom ROM, that should trigger the knox. If you get an official firmware and flash using Odin, knox is happy
flashing a custom recovery triggers knox and its irreversible. flashing an official firmware will not reset the knox counter nor will it make the phone believe that knox isnt tripped

Thanks but that's not really the response I was looking for? Sounds like you're just wanting to get your post count up, and not really knowledgeable. I probably know more than what you've written, but thanks anyway (I think? Maybe for wasting my time)
kinda snide, but ive seen worse especially considering the response he posted was rife with wrong stuff

No need to talk down to somebody, he may be genuinely trying to help.

That said, all the questions you are asking have been answered in various threads, I suggest searching in the future. If you flash anything that isn't signed by Samsung you will trip Knox. You can make the modifications you suggested to get rid of Facebook and anything else, but since you don't have the Samsung keys, once you flash it, you will trip Knox. There was some discussion that simply enabling the OEM unlock would trip Knox, but I haven't been able to verify that since mine is already tripped.

You can however use ADB commands to disable packages installed on your phone but once you update your phone they will be reenabled and you will have to run the ADB commands again. This may be a roundabout way of doing what you're trying to accomplish. Hopefully this is helpful.
enabling OEM unlock will not trip knox. personally verified on my A8. painstakingly went thru each step really slowly and deliberately to check that stuff out. XDA folks are posting more and more specific questions nowadays lol