Knox is a software trigger and can be reset !

Status
Not open for further replies.

ajster1989

Senior Member
Feb 1, 2011
515
384
0
NYC
what? no.

let's say for example that i have 10 efuses at my disposal. and i want to use them for knox counter, and to make it resettable atleast a number of times. that is easy peasy. pseudocode could just go like this:

Code:
bool tripped;

for (int i=0;i<5;i++) {
   if (!getfuse(addr+i)) {
       tripped = getfuse(addr2+i);
       break;
   }
}
there you have it. easy code that can just be in the bootloader. no specific hardware code needed and it's resettable 4-5 times.
Dude if that were true someone would have figured it out a long time ago. Plus samsung is also using efuses for the updates too, so that takes away from availible fuses as well.

Sent from another Galaxy... Note 3

---------- Post added at 08:24 AM ---------- Previous post was at 08:21 AM ----------

Plus why would they write a code in their that contradicts the reason for the KNOX trigger to begin with lol.

Sent from another Galaxy... Note 3
 

Braccoz

Senior Member
Dec 2, 2011
276
116
0
you need to store the location of the used fuse.
and as soon as we can change that everything's nice...
no you don't. because they make the hardware and it is always the same hardware, and the bootloader is hardware specific they know the addresses beforehand. they could just be hardcoded.

Dude if that were true someone would have figured it out a long time ago. Plus samsung is also using efuses for the updates too, so that takes away from availible fuses as well.

Sent from another Galaxy... Note 3

---------- Post added at 08:24 AM ---------- Previous post was at 08:21 AM ----------

Plus why would they write a code in their that contradicts the reason for the KNOX trigger to begin with lol.

Sent from another Galaxy... Note 3
first, to figure it out somebody would need to do some heavy reverse engineering. as of now nobody even tried. we had people try to simply mess with the mmc via jtag. chainfire didn't even try to mess with it because of the whole efuse story.
i don't know how many efuses they have at their disposal, i'm just saying there are multiple ways they could have implemented it, making it really hard to reverse engineer but keeping it resetable

last but not least, they would put in such code for the very same reason every other company has put "service entrances" (or call them backdoors) in just about anything. they want complete control over their hardware. they want to cut YOU out while keeping themselves in.
 

ajster1989

Senior Member
Feb 1, 2011
515
384
0
NYC
no you don't. because they make the hardware and it is always the same hardware, and the bootloader is hardware specific they know the addresses beforehand. they could just be hardcoded.



first, to figure it out somebody would need to do some heavy reverse engineering. as of now nobody even tried. we had people try to simply mess with the mmc via jtag. chainfire didn't even try to mess with it because of the whole efuse story.
i don't know how many efuses they have at their disposal, i'm just saying there are multiple ways they could have implemented it, making it really hard to reverse engineer but keeping it resetable

last but not least, they would put in such code for the very same reason every other company has put "service entrances" (or call them backdoors) in just about anything. they want complete control over their hardware. they want to cut YOU out while keeping themselves in.
There is a big difference between a backdoor into software and an efuse work around. If Samsung could simply reset the efuse with software then there claims to a voided warrenty wouldn't be as valid.

I have a source at a Samsung service center I'll ask about this, and cut and paste his email reply l8ter. If he says anything to prove your right I'll be happily to admit it, mostly cuz Im so dang tempted to burn my fuse for a certain custom kernal.

Sent from another Galaxy... Note 3
 

Braccoz

Senior Member
Dec 2, 2011
276
116
0
There is a big difference between a backdoor into software and an efuse work around. If Samsung could simply reset the efuse with software then there claims to a voided warrenty wouldn't be as valid.

I have a source at a Samsung service center I'll ask about this, and cut and paste his email reply l8ter. If he says anything to prove your right I'll be happily to admit it, mostly cuz Im so dang tempted to burn my fuse for a certain custom kernal.

Sent from another Galaxy... Note 3

what? if samsung manages to have a warranty flag so secure that they're pretty much sure nobody can crack, but it's still changeable by them then it makes perfect sense.

anyway, the bottomline is this:

assuming the reports of service centers resetting the flag are true, samsung actually succeeded in turning away the very few developers/hackers that have the know-how to crack it, making the system actually secure while keeping complete control over it. that's pretty much it.

---------- Post added at 02:47 PM ---------- Previous post was at 02:44 PM ----------

does anyone debugged the motherboard of the phone to understand if this fuse is burned or not?
afaik, nobody has.
 

ajster1989

Senior Member
Feb 1, 2011
515
384
0
NYC
what? if samsung manages to have a warranty flag so secure that they're pretty much sure nobody can crack, but it's still changeable by them then it makes perfect sense.

anyway, the bottomline is this:

assuming the reports of service centers resetting the flag are true, samsung actually succeeded in turning away the very few developers/hackers that have the know-how to crack it, making the system actually secure while keeping complete control over it. that's pretty much it.

---------- Post added at 02:47 PM ---------- Previous post was at 02:44 PM ----------



afaik, nobody has.
Then why did it take almost 4 months for people to say anything about service centers resetting their fuses. Before that it was always about how service centers saying you needed a new mother board., anyways I emailed my guy, well see what he says.

Sent from another Galaxy... Note 3
 
  • Like
Reactions: bungadudu

Braccoz

Senior Member
Dec 2, 2011
276
116
0
Then why did it take almost 4 months for people to say anything about service centers resetting their fuses. Before that it was always about how service centers saying you needed a new mother board., anyways I emailed my guy, well see what he says.

Sent from another Galaxy... Note 3
samsung has no obligation of making their tools available to anyone. they can choose if and when. also, im pretty sure not all the service centers have the ability (and knowledge of) to reset knox counter.
 

perezmarka

Member
Nov 5, 2013
42
8
0
This is a Software Issue

When I first got my phone, I did not have a Knox Boot Loader. I avoided it by Odin updates of modems with no Boot Loader by Unknownforce. Then I was trying out new roms and Odined the wrong ROM and suddenly I have a Knox Boot Loader. The Boot Loader is installed in a Sprint software update. People avoid it by removing that bit of software code from the update before installing new modems on their phone. If Sprint wants to reset the boot loader it would be easy for them to just write a bit of code that over wrote the last bit of code.

I'm new to this so I'll ask the obvious questions:

Can a new update be created that simply overwrites the old one and eliminates Knox or deletes the boot loader?
If we know where the Boot Loader partition is, can we remove the partition and recreate a new empty boot loader partition.

I started another thread a few days ago before stumbling on this one. As I stated there, when comparing a non-boot-loader modem and a boot loader modem, the boot loader version has three extra files. Something I said there:

"After MF9, the Knox Bootloader was included in the update. Unknownforce has a great thread that has the modems with or without the boot loader. What I did first was unzip the tar files for MF9 (with and without the boot loader.)

Both files have:
modem.bin
NON-HLOS.bin
rpm.mbn
tz.mbn

When I compare the files in both, they seem identical. Same creation date, same size, ect. They may or may not be the same? But the boot loader version has some extra files.

Boot Loader Version has these files:
aboot.mbn
sbl2.mbn
sbl3.mbn

Process of elimination indicates that these have the Knox Boot loader encoded in some way. The sbl files are placed in the root directory /firmware-mdm/image/ . Try as I might, I can't find aboot.mbn. I did a nandroid backup of my system, then I deleted sbl2.mbn and sbl3.mbn using ES File Explorer. When I rebooted the phone, the files were back in the directory."

This is a long thread so I am still reading through it all but has anyone explored these files more. Since aboot.mbn is the one hiding somewhere, I think is may be the most important. I've opened it with a hex editor but I don't know enough to edit it in the right place. But it seems like the boot loader is encoded somewhere in these three files.

Could a new modem update be created that has these files edited ignore the efuse, overwrite the previous boot loader or to delete it entirely? Instead of trying to delete it why not do what Sprint did and just update it with a custom bootloader?

Thoughts?
 

Zibri

Senior Member
Dec 10, 2010
193
46
0
I think it was done just to cause confusion. I have read and re-read Samsungs literature on this knox rubbish and I am still of the opinion that 0x1 means your KNOX security warranty is void, not your phones warranty!! They seem to be pulling the wool over peoples eyes with this.

With regards to the phone warranty, in the leaflet, in the box, that you cannot see until you open it, it states that software not approved by Samsung will mean your warranty is void. I raised the point with Samsung UK that does that mean that any apps we download MUST come from the samsung market, and not google play???? Also, as the phones ship with Google's Android system, any custom rom loaded should be valid as well as they are ALL based upon Google's Android system, which is approved by Samsung???? I then got really pedantic and asked about running linux of the Note 3 and would that invalidate a warranty claim. Also, if I had a problem with my phone, and I reloaded a stock rom, and the fault was still there, then what happens?//

I guess I wasted my time as they haven't responded!!!
The fact is this:

1) you are right "knox security warranty" is void not the phone warranty! BUT:
Samsung voids the warranty if non official firmware is used and if knox is 0x1 then non official system was used. So Warranty is void.

That's it.
 
  • Like
Reactions: ZDeuce2

timberwolf60

Senior Member
Apr 2, 2008
1,934
428
0
Singapore
I suggested to sell away Samsung phone and get other brands like me and enjoy.

Send from my C6903 using TapatalkPro
my SG device: Z1 rooted 681 ROM by NUT with 2.7.101 xzdualrecovery, mod by GavityBox 3.0.1
Samsung S2 standby for Z1 when Z1 no power.
 

ZDeuce2

Senior Member
Apr 26, 2011
3,126
3,256
263
44
Cincinnati
I suggested to sell away Samsung phone and get other brands like me and enjoy.

Send from my C6903 using TapatalkPro
my SG device: Z1 rooted 681 ROM by NUT with 2.7.101 xzdualrecovery, mod by GavityBox 3.0.1
Samsung S2 standby for Z1 when Z1 no power.
Your phone's warranty (although easier to hide) is still void once you rooted it... so to each their own, I'm very happy with my note3 warranty or no... so I'll stay right here.

Infamous, the dynasty of development.
 
Status
Not open for further replies.