Code:
Sooner or later it will be hard to get a rootable Chromecast. The community is limited by the number of people able to root their own devices. A remote exploit is desirable to expand the community. Please brainstorm and post progress in exploring the targets.
Targets:
Web interface
Chromecast executes commands to start netflix etc with user specified arguments. Arguments are sent through dial interface. From app.conf:
Code:
{ "app_name": "Netflix",
"external": true,
"command_line": "/bin/logwrapper /netflix/bin/netflix_init --data-dir /data/netflix/data -I /data/netflix/AACS -D QWS_DISPLAY=directfb -D LD_LIBRARY_PATH=/system/lib:/netflix/qt/lib -D NF_PLAYREADY_DIR=/data/netflix/playready -D KEYSTORE=/data/netflix/AACS -D KEYBOARD_PORT=7000 -D ENABLE_SECURITY_PATH=1 -D DISABLE_SECURITY_PATH_VIDEO=0 -D DISABLE_SECURITY_PATH_AUDIO=1 --dpi-friendlyname ${FRIENDLY_NAME} -Q source_type=12&dial=${URL_ENCODED_POST_DATA}",
"allow_empty_post_data": true,
"dial_info": "<port>9080</port><capabilities>websocket</capabilities>"
},
FFMPEG vulnerabilities
Intercepting updates (I know, the signatures would likely prevent this.)
Cable based attacks similar to current root methods
Soldering based attacks
Post your ideas and progress.
My chromecast is not rooted, so I can't get logs from netflix being run with different URL_ENCODED_POST_DATA, but we might be able to fork the command.
TVRemoteExploit said:
Code:
Sooner or later it will be hard to get a rootable Chromecast. The community is limited by the number of people able to root their own devices. A remote exploit is desirable to expand the community. Please brainstorm and post progress in exploring the targets.
Targets:
Web interface
Chromecast executes commands to start netflix etc with user specified arguments. Arguments are sent through dial interface. From app.conf:
Code:
{ "app_name": "Netflix",
"external": true,
"command_line": "/bin/logwrapper /netflix/bin/netflix_init --data-dir /data/netflix/data -I /data/netflix/AACS -D QWS_DISPLAY=directfb -D LD_LIBRARY_PATH=/system/lib:/netflix/qt/lib -D NF_PLAYREADY_DIR=/data/netflix/playready -D KEYSTORE=/data/netflix/AACS -D KEYBOARD_PORT=7000 -D ENABLE_SECURITY_PATH=1 -D DISABLE_SECURITY_PATH_VIDEO=0 -D DISABLE_SECURITY_PATH_AUDIO=1 --dpi-friendlyname ${FRIENDLY_NAME} -Q source_type=12&dial=${URL_ENCODED_POST_DATA}",
"allow_empty_post_data": true,
"dial_info": "<port>9080</port><capabilities>websocket</capabilities>"
},
FFMPEG vulnerabilities
Intercepting updates (I know, the signatures would likely prevent this.)
Cable based attacks similar to current root methods
Soldering based attacks
Post your ideas and progress.
My chromecast is not rooted, so I can't get logs from netflix being run with different URL_ENCODED_POST_DATA, but we might be able to fork the command.
Click to expand...
Click to collapse
what if somehow we were able to attack it like jailbreakme used to. Looking at the developer options in chrome you could write a program for your phone that has the cast button when you click it, it'll tell chrome cast to go to the apps domain where it automatically roots for you. I'm no developer, so i don't even know if that kind of hack would even be possible. I did download the cast app for windows and it has a button for factory reset. Would it be possible to hack that chromecast program and change the factory reset to use a hacked pulled firmware?
scarygood536 said:
what if somehow we were able to attack it like jailbreakme used to. Looking at the developer options in chrome you could write a program for your phone that has the cast button when you click it, it'll tell chrome cast to go to the apps domain where it automatically roots for you.
Click to expand...
Click to collapse
This would be extremely difficult to pull off, as you would need to both escape Chrome's sandbox and find a privilege escalation vulnerability in the Linux kernel or a setuid binary. Both Chrome and Linux are extremely mature and secure pieces of software, so vulnerabilities are few and far between and get patched quickly when they are found.
I tried tacking commands onto the tail of the netflix commands like this:
Code:
curl ****192.168.1.126:8008/apps/Netflix -X POST -d "intent=play&titleid=***%3A%2F%2Fapi.netflix.com%2Fcatalog%2Ftitles%2Fmovies%2F70138593;reboot"
, however I can't see the log file without root.
tchebb said:
This would be extremely difficult to pull off, as you would need to both escape Chrome's sandbox and find a privilege escalation vulnerability in the Linux kernel or a setuid binary. Both Chrome and Linux are extremely mature and secure pieces of software, so vulnerabilities are few and far between and get patched quickly when they are found.
Click to expand...
Click to collapse
so is our best bet to find a vulnerability within the hardware level we could utilize and wouldn't have the chance of being patched?
In all honesty, the best method of attack would be to figure out the JTAG port. with that, you could then simply just flash back on the rootable bootloader on any device, and go from there. I doubt any software methods will be found, and even if one is found, it will be patched by google within a month. The JTAG port however is at a hardware level, and unless it actually does signature checks (like the USB method does on updated devices), it would allow a person full control of the flash chip.
EDIT: To clarify, if the UART port is hardware based (like normal JTAG ports on wireless routers and such), then there should be no security checks. If, for whatever reason, it is software based though (so like fastboot, or Samsungs ODIN mode), then there is a chance it checks image files.
ddggttff3 said:
In all honesty, the best method of attack would be to figure out the JTAG port. with that, you could then simply just flash back on the rootable bootloader on any device, and go from there. I doubt any software methods will be found, and even if one is found, it will be patched by google within a month. The JTAG port however is at a hardware level, and unless it actually does signature checks (like the USB method does on updated devices), it would allow a person full control of the flash chip.
EDIT: To clarify, if the UART port is hardware based (like normal JTAG ports on wireless routers and such), then there should be no security checks. If, for whatever reason, it is software based though (so like fastboot, or Samsungs ODIN mode), then there is a chance it checks image files.
Click to expand...
Click to collapse
Unfortunately (although I don't believe anyone has confirmed this on the Chromecast), all known GTV devices with this SoC ship with their JTAG port disabled. It may be possible to re-enable it in software, but (of course) that requires running your own kernel. The only hardware hack I know of that is sure to work is manually soldering a NAND flasher up to the memory chip and rewriting the partitions that way, which is expensive, error-prone, and extremely tricky to do right.
tchebb said:
Unfortunately (although I don't believe anyone has confirmed this on the Chromecast), all known GTV devices with this SoC ship with their JTAG port disabled. It may be possible to re-enable it in software, but (of course) that requires running your own kernel. The only hardware hack I know of that is sure to work is manually soldering a NAND flasher up to the memory chip and rewriting the partitions that way, which is expensive, error-prone, and extremely tricky to do right.
Click to expand...
Click to collapse
The more you know.
Well, while looking through the chromecast's "fts" partition in a hex editor, I found the following variable show up in multiple places.
Code:
device_configured=true
makes me wonder what happens if this is flipped to false. I will look through the bootloader source more to see if it is used at a software level.
EDIT: Doesn't look like it does anything for us, seems to just enable the crash counter.
tchebb said:
Unfortunately (although I don't believe anyone has confirmed this on the Chromecast), all known GTV devices with this SoC ship with their JTAG port disabled. It may be possible to re-enable it in software, but (of course) that requires running your own kernel. The only hardware hack I know of that is sure to work is manually soldering a NAND flasher up to the memory chip and rewriting the partitions that way, which is expensive, error-prone, and extremely tricky to do right.
Click to expand...
Click to collapse
ddggttff3 said:
The more you know.
Well, while looking through the chromecast's "fts" partition in a hex editor, I found the following variable show up in multiple places.
Code:
device_configured=true
makes me wonder what happens if this is flipped to false. I will look through the bootloader source more to see if it is used at a software level.
EDIT: Doesn't look like it does anything for us, seems to just enable the crash counter.
Click to expand...
Click to collapse
ddggttff3 said:
In all honesty, the best method of attack would be to figure out the JTAG port. with that, you could then simply just flash back on the rootable bootloader on any device, and go from there. I doubt any software methods will be found, and even if one is found, it will be patched by google within a month. The JTAG port however is at a hardware level, and unless it actually does signature checks (like the USB method does on updated devices), it would allow a person full control of the flash chip.
EDIT: To clarify, if the UART port is hardware based (like normal JTAG ports on wireless routers and such), then there should be no security checks. If, for whatever reason, it is software based though (so like fastboot, or Samsungs ODIN mode), then there is a chance it checks image files.
Click to expand...
Click to collapse
Maybe I'm missing something, possibly am, but couldn't we dual boot firmwares? Have the normal factory firmware on the eMMC chip, then, install a rooted image to a USB stick. Next solder a different wire to each side of pin 26, finally solder a switch in between. This should force the device to load off the USB rather than eMMC. On paper it works. On the physical device? That could be a bit different. If you do try this, I'll do my best to help you and point you in the right direction.
The switch is to choose between the two firmwares, if however, you only want to boot from the USB, you could, possibly, just have a permanent jump of pin 26. That should force booting from the EMMC to fail every time forcing it to boot from USB.
NOTICE: none of these suggested ideas have been used and or tested. They work on paper only! The real device may, and possibly is, different! Attempt at your own risk.
OP, XDA, nor I am responsible for anything that happens to your device. If anything does happen it's completely on you! This is a dangerous hardware mod, I don't recommend if you don't know how to solder. Also, the points for pin 26 are very very small, smaller than some solder iron's tips. All of mine are way too big, and I have bought small tips to use on other mobile devices. If you mess this up there is none to very little chance of going back.
SECOND NOTICE: constantly jumping the 26th pin of the CPU could cause permanent hardware problems. If such problem does happen, it is not known at this time. Once again, this is a dangerous hardware mod that should not be attempted by those who aren't good with soldering.
The good news: if you do attempt this and it works, we could have a hardware way to be rooted. More good news is that if you mess up and can't fix it, then it's only $35 to get a new one.
Aaron Swartz, Rest in Pixels.
jamcar said:
The switch is to choose between the two firmwares, if however, you only want to boot from the USB, you could, possibly, just have a permanent jump of pin 26. That should force booting from the EMMC to fail every time forcing it to boot from USB.
Click to expand...
Click to collapse
Just to let you know, a permanent jump to pin 26 will cause the device to not boot, at all. It causes a read interrupt to the EMMC, so if jumped permanently the device will not see the flash, so it wouldn't even load the bootloader. Jumping the pin should ONLY be used if the standard button hold boot process does not work.
jamcar said:
Maybe I'm missing something, possibly am, but couldn't we dual boot firmwares? Have the normal factory firmware on the eMMC chip, then, install a rooted image to a USB stick. Next solder a different wire to each side of pin 26, finally solder a switch in between. This should force the device to load off the USB rather than eMMC. On paper it works. On the physical device? That could be a bit different. If you do try this, I'll do my best to help you and point you in the right direction.
The switch is to choose between the two firmwares, if however, you only want to boot from the USB, you could, possibly, just have a permanent jump of pin 26. That should force booting from the EMMC to fail every time forcing it to boot from USB.
NOTICE: none of these suggested ideas have been used and or tested. They work on paper only! The real device may, and possibly is, different! Attempt at your own risk.
OP, XDA, nor I am responsible for anything that happens to your device. If anything does happen it's completely on you! This is a dangerous hardware mod, I don't recommend if you don't know how to solder. Also, the points for pin 26 are very very small, smaller than some solder iron's tips. All of mine are way too big, and I have bought small tips to use on other mobile devices. If you mess this up there is none to very little chance of going back.
SECOND NOTICE: constantly jumping the 26th pin of the CPU could cause permanent hardware problems. If such problem does happen, it is not known at this time. Once again, this is a dangerous hardware mod that should not be attempted by those who aren't good with soldering.
The good news: if you do attempt this and it works, we could have a hardware way to be rooted. More good news is that if you mess up and can't fix it, then it's only $35 to get a new one.
Aaron Swartz, Rest in Pixels.
Click to expand...
Click to collapse
This wouldn't work with any post-12072 bootloader, since the USB image's signature is still checked. The signature verification would simply fail and the device would fail to boot, same as if.you tried to boot from USB with a button press.
If you google for hacking the latest devices, you will find a large number of posts of advertisements for Cellebrite (a well-known security research organization) to provide physical extraction of IOS and android devices, including the S9/S9+. You will also discover additional commentary on the latest pursuits in forensics, some claiming the ability to root Samsung devices without tripping the Samsung Knox fuse bit, or other claims with successful attacks against Samsung and its group of Knox enabled phones. Lots of discussion about loading alternative bootloaders, and even some claiming to get past the encryption. Perhaps someone can provide a simple response...
Is there a known attack to gain access to encrypted data on a Samsung S9, S9+, or note 9 device? Particularly, can knox containers be extracted/decrypted with forensics tools and/or physical access attacks?
I think this is particularly interesting since Apple has updated IOS 12 with something that makes it more difficult (I'll wait before saying impossible) for tools/labs used by law enforcement agencies to gain access to their devices... I've always held that the Samsung devices with all their government usage and certifications got a lot more attention with making sure this was not possible... And the record seems to indicate that...
Thanks for any response/contribution to the discussion.
Simple response: We don't know because if they do have a way to break the encryption, they wouldn't want Samsung or anyone else to be aware.
I suspect enabling the login before Android boots fully would help but my guess is that there is likely someone out there capable of breaking all of the encryption.
I was running a U1 XAA build of Android 10 2.0 with the
June 1 Security patch that I'd downloaded and flashed
from Sammobile.
Awhile ago I downloaded and flashed the U1 XAA 2.1 update from the same place and noticed that there
are a number of apps I can no longer deny Wifi Control
access to under the Apps Special access area:
DeviceTest
DeviceKeystring
FACM
Gear VR Service
Voice wake-up
being 5 out of the 12 I cant deny access to.
Also I am no longer able to disable Google Play Services
whereas before in 2.0 I could. I'm not even allowed to forcestop Play Services now! Its not just these two changes, there are other things I used to be able to disable but now can't. And I have *two* 'SmartThings'
apps, one is version 10.0.37.0 and the other is version
1.7.50-21 (the-21 is just how its listed.)
I know this all sounds somewhat tame and trivial but I would like to know if this is all normal and can be confirmed by anyone else.
Anyone
-----------------
**Update**
Okay, just wanted to post some info on some sort of resolution to the above, mostly for those who make honest and earnest pleas for help and ask really pertinent questions but are ignored by the knowledgable (or criminal)
peruser.
In short, I was hacked. It doesn't come as a surprise (has happened *many* times with my N9. It *does* make me wonder about that supposed military-grade Knox security)
How do you know if you're hacked?? I just used the Running Services lister under Development Tools. Look
for services that shouldn't be running as often as they do
(Last hack they had Samsung Push which is for delivering notifications related to Samsung apps?? running something as a Service (not sure what it was but as soon as I stopped it, it popped right back up) or things you never use or have deactivated showing up in the cache (ESPECIALLY Aircommand!! Disable this as a Trusted Agent immediately! And keep an eye on it, and always keep the Air Remote feature OFF).
Also, the Google Play Store app. When I flashed the July 2020 Security update I noticed the Play Store was still at the May 2020 version update. I didn't think much of it at the time, but after having to Factory Reset I noticed it now read July 1 2020. So I guess the 'worms' have the May version hacked. Sucks that villany loves working for free breaking stuff, but in order to build something up and protect it, it takes toil and coercion.
Finally (Not sure if this is actually a sign of malware or hacking, but the only reference I could find relating to it
was from a guy who was truly beleaguered by hackers)
theres a User Certificate under Biometrics & Security / Other
Security settings / User Certificates that reads as
'FindMyMobile' and purports to being necessary for VPN security and other applications. Well, I had Find My Mobile
deactivated and uninstalled via ADB and it still showed back up after being deleted numerous times and my VPN seems to work without it. It might be for the Note 9's
built-in Knox android VPN strengthening parameters, but I couldn't find nfo online about it anywhere except in the case I mentioned which seems very odd. Qualifying proof of its malicious intent for me?: After factory resetting it hasn't shown back up.
I dont think my N9 is cleaned or I should say I'll never trust a smart phone fully again, not until the outdated and hacked 40 year old SS7 protocol that runs all cellular communications is updated, not until something more reliably secure than 'somewhat' obsfucatingly complex baseband processors are present in phones and maybe something akin to a hardware firewall in the soc that can interpret and filter non-carrier invalid commands (prob only need to update that damn SS7 protocol!) I'd also love it if Google/Alphabet would dump Android and start over with a new updated mobile OS with security at the forefront (Think, updates delivered via 'Middleware', roms bought initially directly from the manufacturer that can be crytographically flashed up to three times with signed updates with each update burned and locked into the rom via fuses. Each factory reset brings you back to your last update. The roms are only updatable if a hardware dip switch is tripped which moves actual physical leads in the soc which powers the ability to flash this chip. And maybe screw AOSP, I wonder if all this open sourceness has actually given the malware creators more knowledge to
finess the software and the hardware. The so-called white-hat 'Ethical Hackers' (LOL! HOW can breaking into someone's personal space without permission outside of national defense be considered ethical?!? All hackers are criminals. If you want to be considered a 'good' hacker (*snort*) bring to light the measly exploits and software, the slime who make and distribute the same and tell how to protect against them and detect them and disable them. Criminals giving webinars and seminars about how to circumvent protections for devices that billions of people rely on for living should be outlawed FULL-STOP-PERIOD I'd rather have one slime who knows how to get into a system than having that slime be allowed to freely distribute the software and knowledge so that millions of other definately less conscionable scum can make use of his knowledge.)
hackers only care about making their fame and fortune by
beinging to light obscure and unknown exploits that no one has ever used or are likely to use than going after to exoloits that *are* in use and *do* affect those in the here and now. It must give some sense of ease not to be in contention with real criminality and the fear of any reprisals from the 'less-ethically saturated' in the tech community.
Just wanted to get that out somewhere. I know its pointless and no-one will listen. Look at what Edward Snowden sacrificed for people who were/are unworthy of *any* sacrifice by betraying everything bit by bit, battle by battle until it must one day be reclaimed (if it can be) via costly confrontation, disruption and perhaps irrevocable critical loss.
Okay, END RANT. Yeah, a slow day, corona cloud and all.
But seriuosly the Feds need to check all this electronic criminality, its gotten waaay out of hand. TO FEDS: Less hunting terrorists, MORE hunting electronic predators and anarchists!
Hi, @tamdwin,
Even though you believe your phone may have been hacked, DeviceKeystring, DeviceTest, EmergencyManagerService, FACM, IMS Service, IOTHiddenMenu, Samsung MirrorLink 1.1, Settings, Setup Wizard, Wi-Fi Direct & WlanTest are enabled on my Note9 with One UI 2.1, Security patch: 1 July 2020 (w/out Google Play Services/Google Play Store, Bixby, GearVR, DeX...only have Google Services Framework installed).
After downloading the 1 July 2020 Security update, I noticed that these services could no longer be turned off for wi-fi control.
Wish I never downloaded the update for the fancy camera features, lol.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
Some of the settings, such as disabling "Find My Mobile" from running in the background, reset/enable after you restart the phone.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
But will it blend!
https://www.youtube.com/watch?v=FN9mktgYZJ8
I am worried about these things, so I am looking at developing my own custom ROM.
Sorry for my English I Am brazillian
@P00r ROFL! The Samsung S4 Active shake looks delicious! Thank you for sharing the vid!
silvaBR said:
I am worried about these things, so I am looking at developing my own custom ROM.
Click to expand...
Click to collapse
That sounds like an excellent plan!
I recently had a mint Samsung Galaxy Note 9 SM-N960U with Knox Mobile Enrollment already setup on the device. I used a remote service to remove the Knox Security, during the remote service, the technician used the combination file, he extracted the combination to be seeing all the files and he took the file devcfg.mbn and flashed it on the phone with Odin, then the phone shutted off and refused to boot again, completely dead, i say it again was completely dead.
So i found on the internet that Samsung is advancing is security and so the process to remove Knox is used with a connection to the CPU of the device and use the CPU for calculating the bypass of that security. So Samsung in the development of the security of Knox implanted the same security then the one the Government uses which consist about hacker which use the calculation of the processor to hack the system or a security system files, if it happen then the processor is automatically destroyed remotely by the network and the Cyber Police receive a red flag concerning that processor, with location of the event and they receive the auto-logs of the device which is on the network a virtual copy of your real devices, and then they can confirm that the CPU destruction was required because it was giving a danger for their content.
Because the CPU is hacking the Security Knox, then their development reached to be the same method then the Government. Who didn't heard that the FBI, CIA, NSA had the possibility to destroy any laptop or computer immediately when a hack is detected, This is in place in case of hacker using the 32bits or 64bits of the processor to process some exploits or hacks directly to Network.
I let you know that Samsung Corp. made about 53 Trillions of Sales in 2019 and in that amount 17 Trillions was pure profit for Samsung. Corp. so for them to reach the norm of the security on the market of phone and tablet have made them spending a lot of billions into their security and of their network. I believe they can put a 300 billions really easy into the development of a security that businesses and corporations are using, Knox is Samsung brand (if i don't do mistake, at least it used by Samsung i'm sure).I believe in this security to be coming pretty soon as Samsung is pushing to implant that to his new Knox Security and to the Firmware Root Security also. Does It mean that using a box (Z3X, Octoplus, Miracle Thunder) and to run the process normal of FRP reset will destroy the motherboard now, because these box they connect directly to CPU, chips and they uses them to remove the locks and to reset the security of the devices.
I ask you if the things is possible do Samsung coded in their security that the CPU is auto-destroyed and if not do a J-Tag will be bringing back the Motherboard alive, i had not even the time to use it it been destroyed in about an hour and not even by me. But i'm not mad against the company i used they paid me a motherboard refurbished for the Galaxy Note 9 value of 139$.
Anyway let me know folks.
GSM SylVaincouver
Web: www(dot)gsmsylvaincouver(dot)com
If I root my tab s8+ and then wipe the OneUI from twrp and flash android 12L firmware from Google will it work and will the tablet boot up? Also what effect does rooting have on Knox does it disables it completely or there is just a failsafe which tells samsung i attempted to root my device but the Knox keeps on functioning?
I might try this when my warranty is finished.
I am attempting to get rid of GOS since Samsung has so heavily throttled the performance of Tab s8 series and the lack of optimized apps is even more frustrating. I bought Samsung rather than apple cause of the more open and accessible ecosystem but I think IOS is much better for it's app optimization and smoothness, I used my friends Ipad air and the applications are so smooth compared to on my tab s8+.
Rooting requires bootloader unlock and unlocking the bootloader triggers KNOX chip permanently. So apps like Samsung pass, secret folder and such also becomes permanently disabled since they require a working knox chip to work. Since they use knox chip to encrypt it's data and then stores key securitly in knox chip. So no-one can get key and decrypt the data if the device is hacked or similar.
Jake.S said:
Rooting requires bootloader unlock and unlocking the bootloader triggers KNOX chip permanently. So apps like Samsung pass, secret folder and such also becomes permanently disabled since they require a working knox chip to work. Since they use knox chip to encrypt it's data and then stores key securitly in knox chip. So no-one can get key and decrypt the data if the device is hacked or similar.
Click to expand...
Click to collapse
Well I have read several reports of Knox getting hacked or samsung getting hacked and Knox user data getting released. It's not a military grade security solution I don't use secure folder, as it has deleted the data of it's users or lost it after some time without any reason.
If I flash 12L on this tablet shouldn't it work since the hardware is there albeit I will lose some good functionality like samsung dex and the OneUI user interface but I can revert back by flashing samsung firmware. I want to get the max performance as possible without kernels from this device and GOS is completely baked deep in OneUI, stock android can atleast allow normal performance from this tablet.
I have a mobile with sdm 845 and I can play games on 60 fps constant on that but on this tablet it goes from 60 to 45 and is extremely unstable lot of spikes and frame drops, even though it has a much stronger processor and GPU and they are not throttling but idling about 35-40 °C. Initially disabling gos (AllianceShieldX) allowed for constant 85-90 fps on this tablet but now on OneUI 4.1.1 even after clearing data and disabling it does not do so, anything, AllianceshieldX knox license is currently banned by samsung they are looking for a workaround so I can try that as well on this new Android version when that is available.
HARNATH said:
Well I have read several reports of Knox getting hacked or samsung getting hacked and Knox user data getting released. It's not a military grade security solution I don't use secure folder, as it has deleted the data of it's users or lost it after some time without any reason.
If I flash 12L on this tablet shouldn't it work since the hardware is there albeit I will lose some good functionality like samsung dex and the OneUI user interface but I can revert back by flashing samsung firmware. I want to get the max performance as possible without kernels from this device and GOS is completely baked deep in OneUI, stock android can atleast allow normal performance from this tablet.
I have a mobile with sdm 845 and I can play games on 60 fps constant on that but on this tablet it goes from 60 to 45 and is extremely unstable lot of spikes and frame drops, even though it has a much stronger processor and GPU and they are not throttling but idling about 35-40 °C. Initially disabling gos (AllianceShieldX) allowed for constant 85-90 fps on this tablet but now on OneUI 4.1.1 even after clearing data and disabling it does not do so, anything, AllianceshieldX knox license is currently banned by samsung they are looking for a workaround so I can try that as well on this new Android version when that is available.
Click to expand...
Click to collapse
That hack was hacking Samsungs servers containing customers data. Not data from mobile phones or tablets. Since KNOX stores locally and does not communicate with Samsung servers or so. So that data is unaffected by the hack that happened to Samsung in USA.
Also only data samsung has got is name, street, email and so on that kind of data was hacked from samsung servers.