Is there some secret way to hack or bypass Knox without triggering it?

Voidity

Member
Oct 2, 2017
20
1
0
Hi all.

I'm asking this question because a friend of mine told me that he knows someone who could crack and unlock pretty much any phone's anything, for a price.

Just the other day, my friend took back his phone from another person (why he took it back is another story) who had been using that phone of his. So obviously before my friend could use it he'd need to factory-reset it. But at the last step the phone asked him for the email password of the previous user, the person he took the phone back from. Instead of contacting that person, he sent his phone to the... well, hacker. Then the next day he went to take it back and it was unlocked already! He paid about 40 dollars for it.

How?! o_O

He also told me the hacker could even crack or bypass iPhone X's lock screen, but that would cost about 500 dollars. For Note 8's lock screen, he said he could do it with his eyes closed.

So what is all this?? Is all this possible?
And Knox? Is there really some way to crack Knox?

Please enlighten me. Thank you.
 

winol

Senior Member
Jan 18, 2010
2,264
641
0
COATZACOALCOS
About knox, there is no way to reset it once tripped, because it is a fuse, (an e-fuse), I know
that cracking the lock screen can be done, but it involves resetting the phone
 

Voidity

Member
Oct 2, 2017
20
1
0
The topic question is about NOT tripping Knox while cracking it. Whether there is such a way, or tool. Because I was told by someone that someone else could do it.

Cracking the lock screen can be done but involves resetting phone? Reset how?
 

Voidity

Member
Oct 2, 2017
20
1
0
I'm not saying I believe it. That's why I'm asking here. I wouldn't have if I believed. At least explain how he cracked the FRP.

So I'm taking your response as "no, Knox can't be hacked".

Next person.
 

winol

Senior Member
Jan 18, 2010
2,264
641
0
COATZACOALCOS
Knox is made as it is for this exactly purpose, you can get through it, yes, but leaves the trace 0x1, which means someone tampered with it, so the owner(individuals or corporations) can know for sure it has been compromised, and take the adecuate meassures about it, as for unlocking a device without the propper passwords or biometrics, that is something that can be done, but nobody even knowing how-to do it, will teach you how to do it here, as it could provide a way for potentially illegal practices, and try not to be so adammant in yor post
 

Voidity

Member
Oct 2, 2017
20
1
0
Lol and I'm not even asking to be taught how to do it. I'm only asking to know whether there is or isn't such a way (or ways). That would already be satisfying. Because right now something that I trust a lot (Knox) is, apparently, crackable. I of course wouldn't believe what I was told so easily, and so I'm here.

What I'm saying is that I understand pretty well how Knox works, and I know what I'm looking for. I'm just here requesting input from anyone who might know a bit about this topic, and I thank anyone who responds.
 

Voidity

Member
Oct 2, 2017
20
1
0
Yes, I want to believe "no" as well. And that's what I'd believe for now. I also personally do not think it's possible. But considering it was coming from someone who cracked the FRP....... That was what made me to make the effort to start this thread.
 

sefrcoko

Senior Member
Feb 20, 2012
2,375
1,286
0
OP, you've raised a few different issues here...password unlocking and Knox...

Knox can't be reversed once tripped, period. Fuse-based or something similar to that anyways, no way to undo that.

Breaking lockscreen passwords in another matter entirely...I'm sure you could Google that but I don't think it's appropriate for discussion here.
 
Last edited:
  • Like
Reactions: h0tkey and winol

Voidity

Member
Oct 2, 2017
20
1
0
OP, you've raised a few different issues here...password unlocking and Knox...

Knox can't be reversed once tripped, period. Fuse-based or something similar to that anyways, no way to undo that.

Breaking lockscreen passwords in another matter entirely...I'm sure you could Google that but I don't think it's appropriate for discussion here.
I understand tripped Knox can't be reversed. I know. And if a hack attempt trips it, then the hack has failed. But my question here is whether it's at all possible (even theoretically) to crack Knox without tripping it.

Yes. Lockscreen can be bypassed or broken. But what about FRP? My friend's phone's FRP has just been broken. Hmm...
 

winol

Senior Member
Jan 18, 2010
2,264
641
0
COATZACOALCOS
Discussions about knox have been around in xda for years, no, there is no way around it, never have been, I doubt there will ever be, as it would render samsung pay as not trustworthy, that is why tje e-fuse is a physical security flag
 
  • Like
Reactions: sefrcoko

sefrcoko

Senior Member
Feb 20, 2012
2,375
1,286
0
I understand tripped Knox can't be reversed. I know. And if a hack attempt trips it, then the hack has failed. But my question here is whether it's at all possible (even theoretically) to crack Knox without tripping it.
Ok I understand now... Anything is possible in theory I suppose, but if anyone ever cracked enterprise-grade security like Knox it would essentially render it useless for all (because it could no longer be considered secure). Samsung has millions of dollars, if not more, riding on preventing exactly that. No one has cracked it yet, and it has only become more secure over time...so I doubt they ever will.
 
Last edited:
  • Like
Reactions: winol

Voidity

Member
Oct 2, 2017
20
1
0
Discussions about knox have been around in xda for years, no, there is no way around it, never have been, I doubt there will ever be, as it would render samsung pay as not trustworthy, that is why tje e-fuse is a physical security flag
Ok I understand now... Anything is possible in theory I suppose, but if anyone ever cracked enterprise-grade security like Knox it would essentially render it useless for all (because it could no longer be considered secure). Samsung has millions of dollars, if not more, riding on preventing exactly that. No one has cracked it yet, and it has only become more secure over time...so I doubt they ever will.
Thanks. The ways both of you put it make lots of sense. I'm regaining my confidence. After all, Knox is something that has gained the approval of many governments and organizations around the world and is declared fit for government work.

Then again, I learned that the Snapdragon Note 8 could be rooted without tripping Knox right? (Is this still the case?) Does this mean anything in terms of Knox security? (Mine is an Exynos by the way, and AFAIK Exynos Note 8 doesn't have this issue.)

Lastly, well... this concern isn't exclusive to Knox because any security system may have yet-to-be-discovered potential exploitable flaws, but Knox also has its share of flaws in the past, such as http://www.wired.co.uk/article/samsung-knox-security-vulnerabilities. I guess we can't really do anything about this individually.
 

sefrcoko

Senior Member
Feb 20, 2012
2,375
1,286
0
Thanks. The ways both of you put it make lots of sense. I'm regaining my confidence. After all, Knox is something that has gained the approval of many governments and organizations around the world and is declared fit for government work.

Then again, I learned that the Snapdragon Note 8 could be rooted without tripping Knox right? (Is this still the case?) Does this mean anything in terms of Knox security? (Mine is an Exynos by the way, and AFAIK Exynos Note 8 doesn't have this issue.)

Lastly, well... this concern isn't exclusive to Knox because any security system may have yet-to-be-discovered potential exploitable flaws, but Knox also has its share of flaws in the past, such as http://www.wired.co.uk/article/samsung-knox-security-vulnerabilities. I guess we can't really do anything about this individually.
Most of the Note 8 Snapdragon variants have a locked bootloader, so the root method is different there and do not affect Knox as far as I know. Other differences though, like not being able to charge past 80%, etc. Exynos bootloaders are not locked and use the standard root methods.
 

smokeyb4201

Member
Feb 12, 2018
9
1
0
Hello all i think i have managed to turn off the samsung secure boot. i can write to the recovery without blowing the bootloader fuse i tried write the s8 snapdragon twrp to my recovery in past always just getting secure boot fuse blown resulting in having to odin

---------- Post added at 03:07 AM ---------- Previous post was at 03:04 AM ----------

back to samfail v3. Somehow this time all i get is a screen saying please take phone to att authorized retailer we knoticed you have unauthorized software on recovery. I reboot phone boots back into the pre rooted stock rom samfail v3. My knox is not tripped i also can do full back up and restore on flashfire pro no problems all partitions i was to afraid do bootloader partitions but can all the other protected ones modem efs ect. Am i losing my mind or is something going on here i have the full backups 6 gig worth saved so if so maybe someone more qualified can look at it.
 

ultramag69

Senior Member
Nov 6, 2007
5,885
1,021
243
Waratah
Just throwing in my 2 cents...
I believe there is a hack whereby the kernel is replaced when rooted. This will show that KNOX Warranty void is 0x0...
In reality KNOX has been triggered and Samsung pay won't work but the bootloader screen does say that KNOX hasn't been tampered with. Flashing a stock rom with ODIIN will reveal this trick however...
 

Voidity

Member
Oct 2, 2017
20
1
0
Most of the Note 8 Snapdragon variants have a locked bootloader, so the root method is different there and do not affect Knox as far as I know. Other differences though, like not being able to charge past 80%, etc. Exynos bootloaders are not locked and use the standard root methods.
What I meant was if rooting could be done undetected by Knox, essentially does that mean Knox has... failed?

Hello all i think i have managed to turn off the samsung secure boot. i can write to the recovery without blowing the bootloader fuse i tried write the s8 snapdragon twrp to my recovery in past always just getting secure boot fuse blown resulting in having to odin

---------- Post added at 03:07 AM ---------- Previous post was at 03:04 AM ----------

back to samfail v3. Somehow this time all i get is a screen saying please take phone to att authorized retailer we knoticed you have unauthorized software on recovery. I reboot phone boots back into the pre rooted stock rom samfail v3. My knox is not tripped i also can do full back up and restore on flashfire pro no problems all partitions i was to afraid do bootloader partitions but can all the other protected ones modem efs ect. Am i losing my mind or is something going on here i have the full backups 6 gig worth saved so if so maybe someone more qualified can look at it.
Cash that i odin it back samfail v3 if only that easy
All this is beyond me as I don't have knowledge of those inner workings of them. :confused:

Just throwing in my 2 cents...
I believe there is a hack whereby the kernel is replaced when rooted. This will show that KNOX Warranty void is 0x0...
In reality KNOX has been triggered and Samsung pay won't work but the bootloader screen does say that KNOX hasn't been tampered with. Flashing a stock rom with ODIIN will reveal this trick however...
One of Knox's primary jobs is to monitor and protect the kernel, no?
I guess if in reality Knox has still been tripped then Knox has done its job...
 

smokeyb4201

Member
Feb 12, 2018
9
1
0
No I have a Knox checker it says Knox is valid and see linux is in permissive. I'm on a att n950U but my stock recovery is for a n950X but I can load it and be rooted . I assume all v3 samfails are same.