Related
Dear Administrator or moderators...
Once this thread went to a conflict with gekkehenkie11 and according to that I spent about a week time researching this "knox" thing without having normal sleep even it was the limit for me, when by the words of gekkehenkie11 he pointer at me boing uselessly wasting people's time and like I'm being a liar. I got finally mad and deleted(overwritten own original posts). I need a 3-4 days to come down and think if I continue development of this KNOX thing(pointing at me like a liar and noob is a very bad motivation to continue, but maybe I will continue just for other people who didn't point at me that way). So far, Admin and moderators it's up to you to decide either to restore original posts from backup(if you have ones) or delete this topic. Any your decision will be accepted without any protest from my side. (I personally didn't leave any backups for myself).
Thanks for understanding!
i dont want to come across as a boyscout or anything, but isnt this essentially committing fraud (possibly insurance fraud)?
it depends
deleted
phoenix91140 said:
Hi Guys. Hope here are some programmers.
I have a good news for all Galaxy Note 4 users and owners, who have ever rooted it and got "KNOX WARRANTY VOID: 1" message. So from now(if developers, who write cf-auto-root tool) will use my advice, you can forget about warranty void. I'm linux expert and C/C++ programming expert too. So, once Samsung told me, that because of root warranty is void and they don't wanna repair factory cauzed mainboard damage(short-circle on mainboard), I wondered, how to solve that problem. And I found the solution(will do it on my own for my device when it gets back from service center) to hack that warranty void thing. So, first of all you go there sammobile.com /firmwares/database/SM-N910C/ to get original firmware(in my case SM-N910C, but choose yours, or you'll kill your device). You'll get original firmware. And KNOX uses value to print if warranty is 0 or 1 (0x0 or 0x1). But actually it makes no sence, since in service centers they just place Odin boot to check if it's 0 or 1. More over, they not goig to place root on it, to figure out, if knox works fine or not.
WARNING!!! READ CAREFULLY!!!
Any kind of warranty or usability are voided! By using this hacking method you accept, that you USE IT ON YOUR OWN RISK!!! This info basically is meant for xda-developers crew to release a massive hack. Any broken, died etc phone - IS YOUR OWN FAULT! If you don't know what you're doing - DON'T USE IT, UNTILL YOU KNOW WHAT YOU'RE DOING!!!
NEW!!! Since new Android Lollipop released, it's unknown behavior on android 5 firmware. I strongly reccomend to get a default stock firmware(Kitkat 4.4.4), cauze this hack was made on Kitkat and not tested on Lollipop(Android 5),
So guide to disable KNOX WARRANTY void:
1) download original firmware
2) unzip file you get(it is about 1.6 GB).
3) Need to modify sboot.bin image. Suitable is disassembler, or hex editor like Octeta for linux.
4) Search "KNOX WARRANTY VOID" text in sboot.bin file. You'll find something like (test device) ??? KNOX WARRANTY VOID: %d. In my case start position is 2786.
5) Now need to make it print Zerro (0). They use ordinary printf() command. "%d" symbol means, that digital value(number) gonna be printed. Here we can place statical Zerro, or if you're good at assembler and hacking, can search what varriable is used and where it comes from. But regular 0 on Odin near field of "KNOW Warranty void" is enough. So we take "%d" down and placing "0 " (ZERO + SPACE, 2 chars must be used, otherwise you you'll break binary file geometry and it will crash on execution time causing segmentation fault. Probably, if you break geometry of bin file device will die) instead.
6) When sboot.bin hacking is done, you'll need to pack all contents back again(images we got from original firmware archive, including hacked "sboot.bin" file), then upload new firmware(original + hacked sboot.bin inside) and reboot device.
7) Place reset to factory firmware(turn off phone, hold volume up + home button + power button) on emergency recovery during boot(so that root will be lost).
8) Done. Run Odin, and see that Odin shows Warranty void 0. Now warranty restored and you can go to nearest repair center, and make them note, that warranty void is 0. If they update firmware and it's 1 again, it's not your problem anymore.
Hope XDA-DEVELOPERS crew will release new cf-auto-root with this hack, or make a firmware(factory default) with KNOX warranty void hacked.
To those, who are not a programmers, please ask xda-developers to apply that stuff to firmware on this site.
Now the question, can we cooperate with xda-developers to make that hack publicly available?
To those of you, who used that hack, please provide feedback(phone model, sboot.bin availability and the result of odin status(mean if that helped you to get 0 or not). If you have any problems, ask xda-developers crew, or me for assistance.
Enjoy.
PS. I attach photo so, that you can see where to search warranty void stuff. I believe it's the same story for all new Samsung mobile phones.
Enjoy once again.
Click to expand...
Click to collapse
if this actually works, it doesn't change the FUSE-based KNOX warranty flag. i.e., it makes the software/bootloader prints 0x0, but this will change once you flash official firmware.
it's a fake value, but it helps
deleted
phoenix91140 said:
Yes, it works and yes, on firmware reinstallation it will get back 1(I wrote about it in my first post). But, if you have the latest firmware installed with that hack, they only check knox warranty void status(they have no reason for installing again the same firmware). But there should be an official status(that's why you need official firmware). And if problem on device carries hardware deffect issue(short-circuits, damaged BGA etc) and you can show the deffect in action - then they repair device(they do not change chips etc, they replace entire mainboard). Sure, if have broken bootloader and your device is a "software brick" it will not help, and it's already your fault. But for hardware issues it will pass. More over, even KIES on software update crash can set 1 to knox warranty void, so, even if they flash firmware, they will see 0 at first place and then see, that their action made it 1. And believe me, they not gonna look KNOX WARRANTY VOID twice. If at the time they flash firmware it's 0 and you have broken hardware(factory deffect) they will replace it. Also Samsung service friend told me that all damaged mainboards are destroyed after replacement, cauze they will place the same IMEI and the same S/N to new mainboard and the reason for that is that on network carrier cann't be at the same time 2 devices with the same IMEI.
Samsung services don't have programmers there and they have no idea about such hack and how to identify that. But to be serious, it's up to you to choose to fake "know warranty void" and get ~90% chance for warranty works or to pay on your own for repair works. And if xda-developers will take a look at that file, there should be assembler instructions for getting that warranty void value, so can track where it comes from and try to reset it.
Click to expand...
Click to collapse
I know it's a fake trick that may help in your situation with warranty claim.
Unfortunately, this is confusing when compared with real KNOX reset for Exynos Note 3 (N900) by a leaked firmware. Moreover, it seems that you own N910C while your thread is posted on N910V section where the majority (retail editions) are on LOCKED bootloader & without ROOT access (so, they can't even flash any modified images).
deleted
phoenix91140 said:
OK. I'll write to moderator once again. I'm newbie here, and didn't find the correct section for this topic.
Click to expand...
Click to collapse
No problem! Thanks for sharing your trick
deleted
+1 amazingly nice solution. will it work if a knox container tries to access the value as well ?
sounds like it will since youre hard coding the knox value in the kernel.
yes, it will
deleted
You can check knox status even when Phone is powered on, here is a simple app that can do that https://play.google.com/store/apps/details?id=it.ale32thebest.galaxywarrantycheck (I'm the dev of the app, if can help i can tell you how i read the value) if can help, i have n910f and i tried the app on it and other internarional samsung Phone model (s3-s4-s5)
deleted
phoenix91140 said:
You're welcome. At the moment I simply don't know ARM assebler well, since I'm linux programmer and there basically x86 & x86_64 assembler instructions used. But if you want to hack counter itself, it's also a good place to start from, cauze this sboot.bin originally has access to that "0x1" value and disassembling the code we could find out where and how it comes from. This hack is just a temporary solution for the cases of factory deffects revealed and warranty voided cauze of rooting device.
Click to expand...
Click to collapse
does it mean if I know where the variable comes from, I can modify KNOX mechanism so that. I can.flash everything without tripping it. maybe I can modify the official firmware so that even my device doesn't know KNOX fuse exist?
PS: I have voided my warranty, can I still use Kies to update in this way?
deleted
Sent from my SM-N910C using XDA Free mobile app
Great work man,hats off
Sent from my SM-N910G using XDA Premium 4 mobile app
phoenix91140 said:
Yep. Point is, that even if imagine, that we cann't overwrite 0x1 flag to set it real 0x0, we still can if we find where knox(except bootloader, cauze I showed already how to make it show 0) print 0 and think its 0. Such way we make it lie like it's all ok. That is option number 1.
Second option is to disassemble sboot.bin and see on low programming level where it takes value and try to make it overwrite it to 0 back. But it's already much harder. For warranty terms its enought if bootloader lies like its all ok. You can also hack KNOX libs too. There are always much more then one option to hack the system
There is one more great solution, but I would need xda crew help for that. Look. We could hack bootloader(the one I did) and make it on firmware update ignore new sboot.bin or replace it with itself. So then it would be odin mode ALWAYS 0 even on firmware update. But to do it alone not easy. Even one more improovement. We could make sboot.bin to load new sboot.bin or delete it is some file contains some magic key.
Sent from my SM-N910C using XDA Free mobile app
Click to expand...
Click to collapse
I see! can I say in this way? sboot.bin does nothing but to void our warranty, if we just leave this bit*ch alone, don't touch her, we.are free to flash into whatever we want without tripping knox?
---------- Post added at 05:30 AM ---------- Previous post was at 05:19 AM ----------
phoenix91140 said:
Yep. Point is, that even if imagine, that we cann't overwrite 0x1 flag to set it real 0x0, we still can if we find where knox(except bootloader, cauze I showed already how to make it show 0) print 0 and think its 0. Such way we make it lie like it's all ok. That is option number 1.
Second option is to disassemble sboot.bin and see on low programming level where it takes value and try to make it overwrite it to 0 back. But it's already much harder. For warranty terms its enought if bootloader lies like its all ok. You can also hack KNOX libs too. There are always much more then one option to hack the system
There is one more great solution, but I would need xda crew help for that. Look. We could hack bootloader(the one I did) and make it on firmware update ignore new sboot.bin or replace it with itself. So then it would be odin mode ALWAYS 0 even on firmware update. But to do it alone not easy. Even one more improovement. We could make sboot.bin to load new sboot.bin or delete it is some file contains some magic key.
Sent from my SM-N910C using XDA Free mobile app
Click to expand...
Click to collapse
lol, looks like you just need two more posts to express your terrific idea to the developer. I strongly believe it will be a millstone in Samsung mobile, please, just make it happen! what you did will be great appreciated by note4. and S6 and later Samsung device community!
Oh boy, this is a hell of a risky hack. The file sboot.bin is the secondary bootloader. If you somehow screw up the change, such as... say adding a 00 instead of replacing it in the file - a very common screwup when hexediting, I might add - you will have a HARD BRICK on your hands that cannot be fixed or reverted without Samsung repair. The phone will appear to no longer power up as the sboot.bin file is executed before anything the user would notice.
So yeah.... just be really careful.
I know. And to be EXTREMELLY CAREFULL. AND ANY WARRANTY IS VOID. Use at your own risk
Sent from my SM-N910C using XDA Free mobile app
deleted
I've ran into this problem twice now either using .img to .tar tool that isn't set up properly with an incompatable version of stock rom or a corrupt dump of a stock rom or even using a proper stock rom. Or if you just so happen to accidently turn off O..E.M unlock... and your phone died or you restarted it.... Download mode spits out some red code usually or fails or even can complete but not in any case I've ever seen and boot sucessfully.... usually if you try to many times with odin you'll end up with a blue screen that comes up stating something went wrong during update process and to use Samsung's smart switch program on a pc. Only problem is at this point you've already tripped Knox and your warranty is now void so downloading smart switch and typing in your serial and one I will only give you another error stating that your phone is not comparable with smart switch due to Knox being tripped at 0x1......
At that point there are a couple options claim insurance if you have it, $200 or if you don't have insurance. Samsung will give you a spill about how your 1yr warranty is over and even if it isn't when they get your phone they will see your Knox status of 0x1 and tell you sorry your warranty is void due to end user tampering. So they offer a reflash for a cool $80 without warranty and that will reset your phone back to O.E.M specs with a Knox of 0x0 fix it for a mere $80. Smartswitch won't reflash firmware do to Knox being tripped. Sorry. You are more than welcome to try....*
COLOR="red"]NEVER, I REPEAT, NEVER TURN OFF O.E.M. UNLOCK UNDER ANY CIRCUMSTANCES IF YOU HAVE ROOTED YOUR PHONE, OR PUT A CUSTOM KERNEL OR FLASH A CUSTOM RECOVERY OR YOUR FAIL TO BOOT.[/COLOR]If you turned off O.E.M unlocking. Basically O.E.M unlocking is telling your phone it's okay that Knox is tripped. O.E.M unlock allows the skipping verified samsung signature checks on the first rom based bootloade rduring the boot sequence alowing it to bypass into the secondary bootloader and kernel.*
O.E.M. stands for "Original Equipment Manafacturer" i.e. being Samsung in this case so when you have not done anything to your phone when it comes brand new out of the package. Developer mode is hidden and unacessable for a reason.... O.E.M unlock means that in download mode you can flash unofficial code, i.e. C.W.M., TWRP, Other unsigned code from various developers. With no hassle due to Samsung being so kind to us developers and allowing us the option to manually unlock our bootloaders.*
Usually what happens specifically is Samsung has a secure bootloader which uses digital certificates to ensure that the software loaded before the operating system is trusted to boot the linux kernel shell we all know and love as android OS when you load a custom bootloader such as anything not signed by Samsung it fails to pass the signature checks and that's exactly what turning off O.E.M unlock did.*
But with us all being blessed with the option to manually unlock our Bootloaders through O.E.M unlock now so many options are open to us so as but not limited to.: Roms, MODS, Hacks, Busybox, Root, Xposed, Various Root Applications, Magisk, Kingoroot, GeoHots stuff, HashCodes stuff, even have the oppourtunity to create and test various of our own creations.*
Once upon a time Bootloaders were locked, meaning, No Roms, No kernels, etc, etc... Very, Very difficult to even root phone's. The reason I go into all of that is Because with great power comes great responsibility. Always back up your eds partition, and always always if you root and like to run custom rom Roms and all the development for this scene that only continues to grow and evolve Make sure you do one thing if nothing else and that is to read, read, read and know your phone inside and out. I am a developer and I work with software as much as I do hardware. I can afford to make mistakes as these aren't my daily drivers. I suggest if you like to unlock the full potential of your devices then please heed my warning about reading and knowing all the dos and dont's for what your devices is capable of and what will turn it into a very expensive paper weight. I'm not being a **** I'm trying to help. Because you have now tripped your Knox counter meaning it is permanently stuck in the state of your phone now having a void warranty and there is no going back.*
Once you turn O.E.M mode off you lock your bootloader and if you've already tripped Knox you can't flash a stock bootloader or Rom because your phone's hardware is preventing anything unauthorized from making it past the kernel checks..... clear some things up for You? I don't care the people say they have work around forCOLOR="red"]"custom binary frp lock"[/COLOR]because I have yet to see a phone recover. P.S. word to the wise that is one error you never, and I mean never want to see on your boot screen...
I came back from it once with a zeroed out serial number and a null one I. Once and that's a whole nother ball of wax. Claim warranty, play stupid if still covered if not Sammy will know so just shell out the $80 send it to them. They will reflash it and that's the end of that.
Hi
I just bought a 2nd handed phone from my friend and all of the samsung apps said my phone has been rooted.
I'm quite sure my phone is not rooted and Knox still stay at 0x0
I have gone to samsung warranty service and know that this phone has broken the contract with some kind of 3rd party certified reseller, for that reason it will cause my phone to void the warranty and the phone will keep in rooted state.
Is anyone have any idea about this?
Thanks
romi1996 said:
Hi
I just bought a 2nd handed phone from my friend and all of the samsung apps said my phone has been rooted.
I'm quite sure my phone is not rooted and Knox still stay at 0x0
I have gone to samsung warranty service and know that this phone has broken the contract with some kind of 3rd party certified reseller, for that reason it will cause my phone to void the warranty and the phone will keep in rooted state.
Is anyone have any idea about this?
Thanks
Click to expand...
Click to collapse
probably was rooted. go to dl mode and check "warranty:
romi1996 said:
Hi
I just bought a 2nd handed phone from my friend and all of the samsung apps said my phone has been rooted.
I'm quite sure my phone is not rooted and Knox still stay at 0x0
I have gone to samsung warranty service and know that this phone has broken the contract with some kind of 3rd party certified reseller, for that reason it will cause my phone to void the warranty and the phone will keep in rooted state.
Is anyone have any idea about this?
Thanks
Click to expand...
Click to collapse
Are you using an app to check if Knox is 0x0 ? Apps are telling me Knox is not tripped, when it is! Best way to check is go into download mode, check via there!
bober10113 said:
probably was rooted. go to dl mode and check "warranty:
Click to expand...
Click to collapse
N1NJATH3ORY said:
Are you using an app to check if Knox is 0x0 ? Apps are telling me Knox is not tripped, when it is! Best way to check is go into download mode, check via there!
Click to expand...
Click to collapse
I have reached Download Mode as you guys have asked and noticed some lines like this, take a look
Current BINARY : Samsung Official
KG STATE: CHECKING
FRP LOCK: OFF
OEM LOCK: OFF
WARRANTY VOID: 0 (0x0000)
romi1996 said:
I have reached Download Mode as you guys have asked and noticed some lines like this, take a look
Current BINARY : Samsung Official
KG STATE: CHECKING
FRP LOCK: OFF
OEM LOCK: OFF
WARRANTY VOID: 0 (0x0000)
Click to expand...
Click to collapse
looks good then.
maybe you should just reset phone. go to recovery mode and wipe cache a data maybe?
im at a loss
bober10113 said:
looks good then.
maybe you should just reset phone. go to recovery mode and wipe cache a data maybe?
im at a loss
Click to expand...
Click to collapse
I did try soft restore in phone setting except recovery one but no luck, maybe recovery mode and wipe everything should do the trick I think.
I heard they have mentioned something like F.nox (Similar to locked carrier phone contract) that caused all of this.
More confusing, this phone somehow broke out the contract with "F.nox" and work like global except Knox involved Samsung apps.
romi1996 said:
I did try soft restore in phone setting except recovery one but no luck, maybe recovery mode and wipe everything should do the trick I think.
I heard they have mentioned something like F.nox (Similar to locked carrier phone contract) that caused all of this.
More confusing, this phone somehow broke out the contract with "F.nox" and work like global except Knox involved Samsung apps.
Click to expand...
Click to collapse
oh if it was a rental?
maybe but again try a reset in recovery if you can't then yeah maybe its the mdm that the rental company activated that is causing this
edit:
maybe it jsut needs a good old fashion reflash of stock firmware via odin
bober10113 said:
oh if it was a rental?
maybe but again try a reset in recovery if you can't then yeah maybe its the mdm that the rental company activated that is causing this
edit:
maybe it jsut needs a good old fashion reflash of stock firmware via odin
Click to expand...
Click to collapse
I have quite some baddddddddd memories with odin but maybe yeah I should think about that solution too.
EDIT : Last time I flashed my note 2 with it. It blown my imei and baseband away
romi1996 said:
I have quite some baddddddddd memories with odin but maybe yeah I should think about that solution too.
EDIT : Last time I flashed my note 2 with it. It blown my imei and baseband away
Click to expand...
Click to collapse
sounds like modem issue.
but regardless, ive not herd of such issues lately.
anyways ill let you decide.
a good way to get non corrupt firmware is to use samfirm tool 0.3.6 just enter phone model: SM-N960F
and your region code.
when using odin 3.13.1
fill all slots but for csc use regular csc.md5 not the one with home.
bober10113 said:
sounds like modem issue.
but regardless, ive not herd of such issues lately.
anyways ill let you decide.
a good way to get non corrupt firmware is to use samfirm tool 0.3.6 just enter phone model: SM-N960F
and your region code.
when using odin 3.13.1
fill all slots but for csc use regular csc.md5 not the one with home.
Click to expand...
Click to collapse
Thanks, I'll try it out later, currently, I'm trying to test if the recovery mode work or not. I hope it work.
Possible that the device had a bad IMEI/ESN and was a new CERT file was created to allow network access.
Hi everybody,
I have a "strange" problem here with my SM-N960F: after having pressed enough times the "build version", having inserted the device password, having seen the "you now are a developer" message... nothing happens... the developer menu does NOT show up...
I have the italian "TIM" branded original ROM, but I think our company has a personalized version of "Knox configuration" (I have a "Knox Configure" menu item in settings... with an "applied profile"...).
Any ideas on how to be able to enable USB debug and use ADB... ?! In my opinion I can only change ROM version... maybe using the italian "ITV" (unbranded...), but... can I ?
Reading and serching "here and there"... as I cannot find "TIM" version in the OXM multi CSCs... can I change official ROM (and, if I am not wrong, change CSC...) and use OXM WITHOUT BREAKING KNOX ?!
Or... any other ideas ?
Thanks in advance !
K
Your company where you work has enforced knox config/profile? In which case there is nothing you can do without breaking knox.
raul6 said:
Your company where you work has enforced knox config/profile? In which case there is nothing you can do without breaking knox.
Click to expand...
Click to collapse
... even flashing another original rom with odin ?! It's a pity...
kostas66 said:
... even flashing another original rom with odin ?! It's a pity...
Click to expand...
Click to collapse
I wouldn't recommend doing that as if the profile as a restriction on flashing, it can trip Knox or FRP, OR whatever they have in the profile for the device to do. I had a Note 8 that got blacklisted automatically because the software version changed without permission.
Jammol said:
I wouldn't recommend doing that as if the profile as a restriction on flashing, it can trip Knox or FRP, OR whatever they have in the profile for the device to do. I had a Note 8 that got blacklisted automatically because the software version changed without permission.
Click to expand...
Click to collapse
Clear... thanks....
So I think I'd better play with "Linux on DeX"... it works fine and lets me do what I need !
K
Jammol said:
I wouldn't recommend doing that as if the profile as a restriction on flashing, it can trip Knox or FRP, OR whatever they have in the profile for the device to do. I had a Note 8 that got blacklisted automatically because the software version changed without permission.
Click to expand...
Click to collapse
kostas66 said:
Clear... thanks....
So I think I'd better play with "Linux on DeX"... it works fine and lets me do what I need !
K
Click to expand...
Click to collapse
Sorry for the typos in my post, that definitely makes it unclear what I was saying.
What I meant was...
I wouldn't recommend doing that, because if the profile has a restriction on flashing or changing firmware, it can trip Knox or FRP, OR whatever they have set in the profile for the device to do if either if software changes are detected. I had a Note 8 that got blacklisted automatically because the software version changed without permission.
How is Linux on DeX? I have been meaning to give it a try but hasn't had the time to. What would be awesome is if there was a foldable display that could be powered by the device or HDMI hub with external power source. I would totally use that as I am always traveling daily for work.
Jammol said:
...
How is Linux on DeX? I have been meaning to give it a try but hasn't had the time to. What would be awesome is if there was a foldable display that could be powered by the device or HDMI hub with external power source. I would totally use that as I am always traveling daily for work.
Click to expand...
Click to collapse
In my opinion it is definitely worth a try !! And the "container app" is still beeing updated, for example on April the 22nd they released a version with support for other devices (ver. .51, check APKMirror) !
Even if it "lives" inside an android app/container it works fluently on the Note 9... and as I do not plan to use it for development/compiling sw now I am looking around to see what other apps exist compiled for arm64...
K
Greetins to all. Am a young enthusiast of tech and am a newbie here. So I got a note 9 from a friend but I think it has already been tempered with, cause I can't receive updates. So I decided to install a recent custom rom but can't find the oem unlock option in the developer menu... if it has been tempered with in anyway(rooting or custom rom), can I still install twrp ? So i can install a new custom rom ?
Model : SM-N960F exynos 9810
Base-Band version : N960NKOU3ETF2
Thank you
Take a look at this
[GUIDE][17.06.2019] RMM/KG bypass - Root/Install TWRP on Exynos Samsung after 2018
UPDATE 17.06.2019 - NEW RMM/KG bypass patch UPDATE 23.02.2019 - Pie and more Please take some time and read carefully the whole post. I am not and i won`t be responsable for anything. Disclaimer I am not responsible for bricked devices, dead...
forum.xda-developers.com
VHFG22 said:
Take a look at this
[GUIDE][17.06.2019] RMM/KG bypass - Root/Install TWRP on Exynos Samsung after 2018
UPDATE 17.06.2019 - NEW RMM/KG bypass patch UPDATE 23.02.2019 - Pie and more Please take some time and read carefully the whole post. I am not and i won`t be responsable for anything. Disclaimer I am not responsible for bricked devices, dead...
forum.xda-developers.com
Click to expand...
Click to collapse
Thank you for this
i think this has something to do with theft protection. I got rid of it after connecting the phone to wifi. I assume it need to ensure that the device was reset properly, using your samsung account.
After connecting to wifi the OEM unlock switch, also was visible in the developer options.