Lets Break KNOX!

[KunkerLV]

Currently no one has really figured out what KNOX is. Some say it is a eFuse but there isn't any solid evidence. Even if it is a eFuse there must be some way to bypass it? We just need to knox for what it checks specifically.

Here are some facts:

Some people claim that they got their phone repaired by guarantee and it reset their KNOX counter from 1 to 0 without changing the motherboard.

SamFAIL can currently root your phone without tripping KNOX. The question is how?

 

[sefrcoko]

Currently no one has really figured out what KNOX is. Some say it is a eFuse but there isn't any solid evidence. Even if it is a eFuse there must be some way to bypass it? We just need to knox for what it checks specifically.

Here are some facts:

Some people claim that they got their phone repaired by guarantee and it reset their KNOX counter from 1 to 0 without changing the motherboard.

SamFAIL can currently root your phone without tripping KNOX. The question is how?

We actually know a lot of those answers already...Samsung doesn't exactly keep it all a secret . As per Google:
https://support.samsungknox.com/hc/...-a-Knox-Warranty-Bit-and-how-is-it-triggered-

 

[KunkerLV]

We actually know a lot of those answers already...Samsung doesn't exactly keep it all a secret . As per Google:
https://support.samsungknox.com/hc/...-a-Knox-Warranty-Bit-and-how-is-it-triggered-

Thanks didn't know such an article existed. So perhaps finding out how it detects if a non-knox kernel has been loaded and then bypass it that way.

Also do you have any idea how SamFAIL manages to keep knox 0x0?

 

[sefrcoko]

Thanks didn't know such an article existed. So perhaps finding out how it detects if a non-knox kernel has been loaded and then bypass it that way.

Also do you have any idea how SamFAIL manages to keep knox 0x0?

Hmm not sure... I suspect it has something to do with having a locked bootloader on those Snapdragon models, meaning root must be achieved differently (in a way that doesn't trip knox), but I really am just speculating here. There may be more detail in the SamFail thread, or someone else might be able to better explain. I have an Exynos model.

 

[winol]

I think that the very reason for implementing something like knox is, SAFETY for the user/owner, many see knox as a restraint, something that does not allow them to fully tinker with their devices, at the end, anybody can root the device, knox indeed has nothing to do with it, just flags the fact that the device has been tampered, and no longer as secure as it was before, so, I think knox is a GOOD thing, and that anybody has achieved to return it to 0x0 once tripped, is excellent news, but that is my opinion

 

[shouren04]

Sorry to say but it's unlikely you'll find a way to bypass Knox without tripping it. People much smarter than us have been trying ever since it came out.

In roms you can disable Knox & it will show 0x0 but it will still show tripped in download mode. SamFail doesn't trip Knox cause it's using an engineering bootloader that was leaked from Samsung. Since that engineering bootloader is not custom binary, it won't trip Knox. So until something similar is leaked for Exynos, root without trippin Knox is not possible. Well it's not root exactly, it's flashing custom recovery (like TWRP) is what trips Knox since it's custom binaries & you need TWRP to root.