Hey!
To all the developers out there.
Please go through this message carefully.
There're so many custom ROMs out. But most importantly, neither one of them supports Android Pay, or Samsung Pay.
You people should know you should keep it in mind that the ROMs and Recoveries, even certain apps like adaway should not modify the /system partition to make it working. Also, use magisk for systemless root, and develop kernels that can bypass Google's safety net check. Knox and Samsung Pay verifies the whether or not the system is intact to 0x0. So, try to mask it to so, to make it working.
Related
hello guys
I have N9005 Galaxy Note 3
latest UK NG1 rom installed, i found a method of rooting without tempering knox status
but is there any method of install custom recovery without changing knox status
and what are other disadvantages of knox 0x1 except warranty, as my phone doesnt have local warranty
You can't install a custom recovery or custom kernel without tripping knox.
Knox is not necessarily for warranty but rather for the knox "app" on your phone. Knox is like having two phones in one. If you run the knox app you will see a separate android environment that is considered secure and you can install apps etc in there. People use this knox environment with their work email etc. Typically, if you use your phone and leave a company for example, they will remotely wipe your phone. In this case, only the Knox partition is wiped and your personal phone side remains untouched.
Tripping Knox tells people that Knox's security is not guaranteed anymore and Knox ceases to function on that phone.
If you've never used knox and don't have a need for it, tripping it won't harm you.
Another alternative is safe strap. This lets you use something that looks nearly identical to a custom recovery (with similar functions), but it was created for phones that can't write over their recovery partition. The AT&T and Verizon US phones have a version that works well. The AT&T safestrap works on the T-Mobile Note 3 and might work on your version. Research it and see if it works for you.
effortless said:
You can't install a custom recovery or custom kernel without tripping knox.
Knox is not necessarily for warranty but rather for the knox "app" on your phone. Knox is like having two phones in one. If you run the knox app you will see a separate android environment that is considered secure and you can install apps etc in there. People use this knox environment with their work email etc. Typically, if you use your phone and leave a company for example, they will remotely wipe your phone. In this case, only the Knox partition is wiped and your personal phone side remains untouched.
Tripping Knox tells people that Knox's security is not guaranteed anymore and Knox ceases to function on that phone.
If you've never used knox and don't have a need for it, tripping it won't harm you.
Another alternative is safe strap. This lets you use something that looks nearly identical to a custom recovery (with similar functions), but it was created for phones that can't write over their recovery partition. The AT&T and Verizon US phones have a version that works well. The AT&T safestrap works on the T-Mobile Note 3 and might work on your version. Research it and see if it works for you.
Click to expand...
Click to collapse
It's nice to see a good, informative response to questions regarding knox.
effortless said:
You can't install a custom recovery or custom kernel without tripping knox.
Knox is not necessarily for warranty but rather for the knox "app" on your phone. Knox is like having two phones in one. If you run the knox app you will see a separate android environment that is considered secure and you can install apps etc in there. People use this knox environment with their work email etc. Typically, if you use your phone and leave a company for example, they will remotely wipe your phone. In this case, only the Knox partition is wiped and your personal phone side remains untouched.
Tripping Knox tells people that Knox's security is not guaranteed anymore and Knox ceases to function on that phone.
If you've never used knox and don't have a need for it, tripping it won't harm you.
Another alternative is safe strap. This lets you use something that looks nearly identical to a custom recovery (with similar functions), but it was created for phones that can't write over their recovery partition. The AT&T and Verizon US phones have a version that works well. The AT&T safestrap works on the T-Mobile Note 3 and might work on your version. Research it and see if it works for you.
Click to expand...
Click to collapse
Efficient and adequate communication Very helpful.
So how likely is it that SafetyNet will be updated in the future to properly detect Systemless root existence, or Magisk itself?
I'm no android system expert, but assume its possible and if/when the day comes devices that have tripped knox will no longer be able to run apps like Samsung pay.
It's possible the cat and mouse game could continue and another bypass could come out, but sadly as time goes on there is much less support for our devices that are now multiple years old.
--
Edit: It's too bad Magisk (as far as I know) cannot be flashed with Flashfire. Using FlashFire I currently have a rooted device, latest stock firmware, xposed framework and knox 0x0... so I'm" knox check" future proof for now and continually hesitant towards installing a custom recovery. The note 3 will continue to be a great phone for at least a few more years
Hi XDA.
I have had this idea for a while, not specifically for the Galaxy S8+, but if one device were to be worthy, it would be this one, due to the much higher kernel version compared to past devices.
The idea is to keep the 100% stock ROM, except with root, and have the system believe that it is 100% official. My idea is to root, and replace the Device Root Key (DRK) with a self-generated one, and then rebuild the whole ROM with all of the apps, the kernel, and other parts self-signed, with the device believing that the signatures are by Samsung. This would potentially allow us to relock the bootloader by having the device believe that the boot image is official.
This way we should be able to pass dm-verity whilst allowing modifications to system, pass safety net, and in the long run, pass KNOX with a kernel that fakes the KNOX bit to be cleared, and with further modifications, fake KNOX bit cleared in download mode. We could also make system modifications and convince KNOX that the changes are authorised and official.
Also, I do not like how theoretically Samsung can sign custom firmware to break into your device and remove the reactivation locks and potentially decrypt the device. In theory they cannot decrypt it if the encryption key is derived from the password and is not stored on the device, but I would not be surprised if there is a way.
I love Samsung stock software, but I wish I could root and still have the OOBE with Samsung Pay and KNOX containers.
But I am having trouble gathering concrete information. I am only partially sure that the DRK does what I said, and I am not sure if there are any other keys hardcoded into the device hardware, like the bootloader.
Can anybody comment on whether this is theoretically possible, and how? Or just any helpful information.
One thing I need to know is how the system reads the KNOX bit. If it is a protected mode instruction (unlikely because it would violate ARM compatibility) to put the result into a register, then it would be practically impossible to fake. But if only the kernel can check, then we can patch the kernel.
Also, can the KNOX eFuse be blown by unauthorised actions at runtime? As in, if one obtains root through a kernel vulnerability (like Galaxy S6 with PingPong) without tripping KNOX, are there actions / system modifications that can be done as root that can blow KNOX without flashing some unsigned image? My thoughts are that ideally, if rooting without blowing KNOX happens with another kernel exploit, we could use that window to replace the DRK and the whole system with self-signed software, that we would then have the golden experience of truly owning our own Samsung device, without KNOX ever tripping.
Thanks for any discussion!
Karatekid430
karatekid430 said:
Hi XDA.
I have had this idea for a while, not specifically for the Galaxy S8+, but if one device were to be worthy, it would be this one, due to the much higher kernel version compared to past devices.
The idea is to keep the 100% stock ROM, except with root, and have the system believe that it is 100% official. My idea is to root, and replace the Device Root Key (DRK) with a self-generated one, and then rebuild the whole ROM with all of the apps, the kernel, and other parts self-signed, with the device believing that the signatures are by Samsung. This would potentially allow us to relock the bootloader by having the device believe that the boot image is official.
This way we should be able to pass dm-verity whilst allowing modifications to system, pass safety net, and in the long run, pass KNOX with a kernel that fakes the KNOX bit to be cleared, and with further modifications, fake KNOX bit cleared in download mode. We could also make system modifications and convince KNOX that the changes are authorised and official.
Also, I do not like how theoretically Samsung can sign custom firmware to break into your device and remove the reactivation locks and potentially decrypt the device. In theory they cannot decrypt it if the encryption key is derived from the password and is not stored on the device, but I would not be surprised if there is a way.
I love Samsung stock software, but I wish I could root and still have the OOBE with Samsung Pay and KNOX containers.
But I am having trouble gathering concrete information. I am only partially sure that the DRK does what I said, and I am not sure if there are any other keys hardcoded into the device hardware, like the bootloader.
Can anybody comment on whether this is theoretically possible, and how? Or just any helpful information.
One thing I need to know is how the system reads the KNOX bit. If it is a protected mode instruction (unlikely because it would violate ARM compatibility) to put the result into a register, then it would be practically impossible to fake. But if only the kernel can check, then we can patch the kernel.
Also, can the KNOX eFuse be blown by unauthorised actions at runtime? As in, if one obtains root through a kernel vulnerability (like Galaxy S6 with PingPong) without tripping KNOX, are there actions / system modifications that can be done as root that can blow KNOX without flashing some unsigned image? My thoughts are that ideally, if rooting without blowing KNOX happens with another kernel exploit, we could use that window to replace the DRK and the whole system with self-signed software, that we would then have the golden experience of truly owning our own Samsung device, without KNOX ever tripping.
Thanks for any discussion!
Karatekid430
Click to expand...
Click to collapse
I have also been doing extensive research on this and made some progress. I have a private github wiki where I am detailing my experiments. PM me if you are interested in collaborating.
Hello, I'm trying to figure out if I understand everything correctly
1. Root always means knox counter goes >0
1.1. That always means Samsung Pay won't work even with magisk and stuff?
1.2 What else won't work? I've read Samsung Health might be not working, but I'm not sure why as it's perfectly working on unhidden root devices.
2. Adblocking w/o is possible? Disconnect Pro is only option?
3. bixby button is mappable to anything except actions like "imediately take picture"?
4. removing bloatware is possible with Package Disabler, right?
5. What is optimal non-root backup solution that would backup both app and data? I know Helium does that with USB Debugging, but I think Samsung should have something on it's own, right? Also How good is Samsung solution for non-Samsung phones?
6. Is USB debugging working fine? I'm concerned as heard using Secure Folders disabled it. That's the only thing to be aware of?
Thx
Ryotsuke said:
Hello, I'm trying to figure out if I understand everything correctly
1. Root always means knox counter goes >0
1.1. That always means Samsung Pay won't work even with magisk and stuff?
1.2 What else won't work? I've read Samsung Health might be not working, but I'm not sure why as it's perfectly working on unhidden root devices.
2. Adblocking w/o is possible? Disconnect Pro is only option?
3. bixby button is mappable to anything except actions like "imediately take picture"?
4. removing bloatware is possible with Package Disabler, right?
5. What is optimal non-root backup solution that would backup both app and data? I know Helium does that with USB Debugging, but I think Samsung should have something on it's own, right? Also How good is Samsung solution for non-Samsung phones?
6. Is USB debugging working fine? I'm concerned as heard using Secure Folders disabled it. That's the only thing to be aware of?
Thx
Click to expand...
Click to collapse
1.1 About Samsung pay, AFAIK, it won't work. At least for now.
1.2 Secure folder won't work as well.
2. There are many options for root adblocking.. In fact, very few available for non-root devices.
3. AFAIK, no. Need to open the camera app and press the capture button.
4. Hadn't info for that since never attempted one.. Sorry..
5. There is a PC option.. I heard it is named Samsung switch or something else? Never tried it so can't say much.. The last time I'm using backup un-rooted is using helium, and I think it is good one already..
6. Never tried using USB debugging, so can't say much..
Hope this partially helps..
Ryotsuke said:
Hello, I'm trying to figure out if I understand everything correctly
1. Root always means knox counter goes >0
1.1. That always means Samsung Pay won't work even with magisk and stuff?
1.2 What else won't work? I've read Samsung Health might be not working, but I'm not sure why as it's perfectly working on unhidden root devices.
2. Adblocking w/o is possible? Disconnect Pro is only option?
3. bixby button is mappable to anything except actions like "imediately take picture"?
4. removing bloatware is possible with Package Disabler, right?
5. What is optimal non-root backup solution that would backup both app and data? I know Helium does that with USB Debugging, but I think Samsung should have something on it's own, right? Also How good is Samsung solution for non-Samsung phones?
6. Is USB debugging working fine? I'm concerned as heard using Secure Folders disabled it. That's the only thing to be aware of?
Thx
Click to expand...
Click to collapse
2 - https://forum.xda-developers.com/galaxy-s8/themes/adhell-2-rootless-ad-blocking-t3663559
4 - https://forum.xda-developers.com/galaxy-s8/how-to/how-to-remove-oem-bloatware-s8-s8-t3654687
3 -bxactions, click to open and then click again to take pic
Ryotsuke said:
Hello, I'm trying to figure out if I understand everything correctly
1. Root always means knox counter goes >0
1.1. That always means Samsung Pay won't work even with magisk and stuff?
1.2 What else won't work? I've read Samsung Health might be not working, but I'm not sure why as it's perfectly working on unhidden root devices.
2. Adblocking w/o is possible? Disconnect Pro is only option?
3. bixby button is mappable to anything except actions like "imediately take picture"?
4. removing bloatware is possible with Package Disabler, right?
5. What is optimal non-root backup solution that would backup both app and data? I know Helium does that with USB Debugging, but I think Samsung should have something on it's own, right? Also How good is Samsung solution for non-Samsung phones?
6. Is USB debugging working fine? I'm concerned as heard using Secure Folders disabled it. That's the only thing to be aware of?
Thx
Click to expand...
Click to collapse
#1 is not true and a common falsehood repeated here often.
partcyborg said:
#1 is not true and a common falsehood repeated here often.
Click to expand...
Click to collapse
I would appreciate if that was supported by some kind of links. 100% of information I've seen so far is "knox counter is not revertible" and "with knox>0 Samsung Pay, Samsung Health and Secure Folder won't work"
Ryotsuke said:
I would appreciate if that was supported by some kind of links. 100% of information I've seen so far is "knox counter is not revertible" and "with knox>0 Samsung Pay, Samsung Health and Secure Folder won't work"
Click to expand...
Click to collapse
Knox the efuse backed device in your phone which turns 0x1 and is not reversable has absolutely nothing to do with whether your device is rooted or not. It is concerned with only one thing, and that is has your device had unsigned boot images written to it. That's it, full stop. In fact, it is currently 100% for a snapdragon (n America) device to *ever* be 0x1 because the bootloader is locked and therefore it is impossible to flash any unsigned code in the first place.
I can provide you with links saying that a thing is not affected by another thing because, well, they aren't related. I would be hard pressed to find proof that monkeys don't fly out of my ass either, but I can assure you they don't.
The reason for the pervasiveness of this incorrect information is that the installation methods of some root management systems involve the writing of a custom boot image, usually to get around things like selinux without compromising safetynet. However it is that boot image patch&flash that causes 0x1, it would happen whether you also rooted or not, and if you choose a traditional systemroot (and have a signed kernel that is permissive, but all Samsung's do), then you can be rooted all day and knox isn't even capable of knowing much less changing your unsigned flash count
partcyborg said:
The reason for the pervasiveness of this incorrect information is that the installation methods of some root management systems involve the writing of a custom boot image, usually to get around things like selinux without compromising safetynet. However it is that boot image patch&flash that causes 0x1, it would happen whether you also rooted or not, and if you choose a traditional systemroot (and have a signed kernel that is permissive, but all Samsung's do), then you can be rooted all day and knox isn't even capable of knowing much less changing your unsigned flash count
Click to expand...
Click to collapse
But is there a root for S8 (Exynoss one G950FD to be specific) that is not triggering knox->1? I kinda assumed such thing does not exists, would be happy to know I'm wrong. If there is zero-knox root, is it still hideable like magisk to be still able to pass SafetyNet?
Hi, after over a year without unlocking my Moto G 5 Plus I'm eager to make the move to unlock and root it. But I've seen that things have changed quite a bit since the last time I rooted my old phone.
As far as I know unlocking the bootloader wipes the DRM keys for ever. What implications does that have? Is there any way to back them up before unlocking to restore them later? What won't work without them?
Will it influence Netflix and Banking apps like Mobilepay (Denmark)? From what I could find out Magisk can help to patch the system without being detected. How does Safety net detect system changes? How to prevent an accidental system change that would break SafetyNet? What about future updates to SaftyNet?
I'm mainly planning to unlock Camera2 API and Miracast. And also install XPosed and some audio enhancement mod if possible. Would any of these break SafetyNet? Would a 64bit ROM break SafetyNet?
Any information is highly appreciated.