If you google for hacking the latest devices, you will find a large number of posts of advertisements for Cellebrite (a well-known security research organization) to provide physical extraction of IOS and android devices, including the S9/S9+. You will also discover additional commentary on the latest pursuits in forensics, some claiming the ability to root Samsung devices without tripping the Samsung Knox fuse bit, or other claims with successful attacks against Samsung and its group of Knox enabled phones. Lots of discussion about loading alternative bootloaders, and even some claiming to get past the encryption. Perhaps someone can provide a simple response...
Is there a known attack to gain access to encrypted data on a Samsung S9, S9+, or note 9 device? Particularly, can knox containers be extracted/decrypted with forensics tools and/or physical access attacks?
I think this is particularly interesting since Apple has updated IOS 12 with something that makes it more difficult (I'll wait before saying impossible) for tools/labs used by law enforcement agencies to gain access to their devices... I've always held that the Samsung devices with all their government usage and certifications got a lot more attention with making sure this was not possible... And the record seems to indicate that...
Thanks for any response/contribution to the discussion.
Simple response: We don't know because if they do have a way to break the encryption, they wouldn't want Samsung or anyone else to be aware.
I suspect enabling the login before Android boots fully would help but my guess is that there is likely someone out there capable of breaking all of the encryption.
Related
www.eff.org/issues/dmca-rulemaking
now how can Google/HTC justify legality of avoiding warranty by unlocking our devices......
Very easily - there are no regulations. This is a proposal - which also wasn't accepted, if I read correctly.
Moreover, quoting:
"Another proposal requests a DMCA exemption for cell phone "jailbreaking" -- liberating iPhones and other handsets to run applications from sources other than those approved by the phone maker".
Where do you see anything about warranty? Android's equivalent of "jailbreaking" is going into "Settings/Applications" and selecting a checkbox. Nobody talks about warranty anywhere.
I dont quite agree. This is a clarification. That removing DRM Pprotection is OK.
I know that it not directly gives attention to other than DRM, which in itself is positive. BUT it recognizes the legality of modyfing our phones and I would say this is a step forward.
I guess it will not go without a fight....
Gotta love how people manage to read what they want to read...
Quoting:
"In 2003, EFF filed for four exemptions, all seeking to allow consumers to repair DRM-crippled CDs and DVDs. All four exemptions were denied."
"In 2009, EFF is seeking three exemptions: One to allow video remixing, and two to allow cell phone unlocking."
Let me explain something. DRM protection is stated in LAWS (which vary from country to country, BTW). Laws are made by GOVERNMENTS. EFF is NO GOVERNMENT, it CAN'T CHANGE LAWS, it CAN'T CREATE LAWS, it CAN'T REMOVE LAWS.
Specifically in this case - it ASKED for several exemptions to be made, and they were DENIED. How do you deduce anything of what you wrote here from what you read?
And again, how is that about warranty at all? The warranty isn't void because you install non-certified applications on the phone, or "bypass" DRM. Nobody prevents you from doing that. The warranty is void if you deliberately choose to alter the firmware of the phone - for obvious reasons, which aren't connected to DRM in any way.
On a side note - you might as well be grateful that it is made this way. GPL v2, under which Linux and this phone's FW reside, states that you have to release the software that falls under it, but in no place it says anything about protection mechanisms, and if the platform wasn't designed for tinkering with - you might very well have been stuck with ROMs that you can't flash with anything but provider-signed ROMs with keys that you couldn't have, and it would still be perfectly legal.
A more comprehensive decision from Library of Congress
https://www.eff.org/files/filenode/dmca_2009/RM-2008-8.pdf
A big document, but overall, the conclusion is that circumventing DRM is OK as long as other copyright infringements are not violated.
As for the copyright issue. As you stated Android is GPL, so, as we know, we cant diatribute or even change HTC/Google copyrighted material. However, this is not the case for unlocking, jailbreaking etc.
I rest my case
Final Regulations
For the reasons set forth in the preamble, 37 CFR part 201 is amended as
follows:
<REGTEXT TITLE="GENERAL PROVISIONS" PART="201">
Part 201GENERAL PROVISIONS
1.The authority citation for part 201 continues to read as follows:
Authority:
17 U.S.C. 702
2.Section 201.40 is amended by revising paragraph (b) to read as follows:
201.40 Exemption to prohibition against circumvention.
(b)Classes of copyrighted works. Pursuant to the authority set forth in 17
U.S.C. 1201(a)(1)(C) and (D), and upon the recommendation of the Register of
Copyrights, the Librarian has determined that the prohibition against
circumvention of technological measures that effectively control access to
copyrighted works set forth in 17 U.S.C. 1201(a)(1)(A) shall not apply to
persons who engage in noninfringing uses of the following five classes of
copyrighted works:
(1)Motion pictures on DVDs that are lawfully made and acquired and that are
protected by the Content Scrambling System when circumvention is accomplished
solely in order to accomplish the incorporation of short portions of motion
pictures into new works for the purpose of criticism or comment, and where the
person engaging in circumvention believes and has reasonable grounds for
believing that circumvention is necessary to fulfill the purpose of the use in
the following instances:
(i)Educational uses by college and university professors and by college and
university film and media studies students;
(ii)Documentary filmmaking;
(iii)Noncommercial videos.
(2)Computer programs that enable wireless telephone handsets to execute software
applications, where circumvention is accomplished for the sole purpose of
enabling interoperability of such applications, when they have been lawfully
obtained, with computer programs on the telephone handset.
(3)Computer programs, in the form of firmware or software, that enable used
wireless telephone handsets to connect to a wireless telecommunications network,
when circumvention is initiated by the owner of the copy of the computer program
solely in order to connect to a wireless telecommunications network and access
to the network is authorized by the operator of the network.
(4)Video games accessible on personal computers and protected by technological
protection measures that control access to lawfully obtained works, when
circumvention is accomplished solely for the purpose of good faith testing for,
investigating, or correcting security flaws or vulnerabilities, if:
(i)The information derived from the security testing is used primarily to
promote the security of the owner or operator of a computer, computer system, or
computer network; and
(ii)The information derived from the security testing is used or maintained in a
manner that does not facilitate copyright infringement or a violation of
applicable law.
(5)Computer programs protected by dongles that prevent access due to malfunction
or damage and which are obsolete. A dongle shall be considered obsolete if it is
no longer manufactured or if a replacement or repair is no longer reasonably
available in the commercial marketplace.
(6)Literary works distributed in ebook format when all existing ebook editions
of the work (including digital text editions made available by authorized
entities) contain accesscontrols that prevent the enabling either of the
book’s readaloud function or of screen readers that render the text into a
specialized format.
Dated: July 20, 2010
James H. Billington,
The Librarian of Congress.
Click to expand...
Click to collapse
Excellent, but looks like your case is worth nothing. Here's a quick summary:
You can legally SIM-unlock the phone under Exemption 3. Oh, wait, if there is a SIM-locked Android handset - that definitely won't be Nexus. Useless.
You can run legally obtained SW not provided by your Market / cellular provider / other predefined "allowed" entity, that wouldn't install on your phone otherwise, under Exemption 2. Oh great, that's what the "Unknown sources" checkbox in Application Settings stands for. Again, useless.
All the other DRM in question are completely irrelevant, from CSS which is circumvented since years ago to obsolete dongles.
Now, again, what would be your argument connecting this and warranty?
Look, all Iam saying is It is my opinion this is at least a step in the right direction.
I get all of your points, and they are all valid. I also agree on your statement for specific country laws. However, lots of countries are following directions set by US laws and regulations.
We will see what this brings for the future.
Jack_R1 said:
Excellent, but looks like your case is worth nothing. Here's a quick summary:
You can legally SIM-unlock the phone under Exemption 3. Oh, wait, if there is a SIM-locked Android handset - that definitely won't be Nexus. Useless.
You can run legally obtained SW not provided by your Market / cellular provider / other predefined "allowed" entity, that wouldn't install on your phone otherwise, under Exemption 2. Oh great, that's what the "Unknown sources" checkbox in Application Settings stands for. Again, useless.
All the other DRM in question are completely irrelevant, from CSS which is circumvented since years ago to obsolete dongles.
Now, again, what would be your argument connecting this and warranty?
Click to expand...
Click to collapse
I am no expert but I used to read a lot into resetting/unlocking low-level BIOS passwords/locks/trackers on high security enterprise laptops.
The method was to replace, jump or flash EEPROM chips on the motherboard, sometimes using wires soldered onto specific pins with a flashing device/computer on the other end.
The hardest ones required specific software (probably leaked from the manufacturer) for flashing a modified BIOS binary file to reset locks, or replacing EEPROM chips that matched the unique ID of the rest of the hardware.
If Samsung implements KNOX by using/modifying the hardware on the phones, then a similar hardware level solution might exist.
There's a good chance I am wrong, since the older phones that didn't have Knox got Knox using a software update, but in either case, I think it's going to require a leak from a Samsung insider.
Even then, there's a strong chance Samsung will release an update to disable the leak since the purpose of Knox seems to be to reduce warranty claims and the enterprise customers are just an excuse.
Ultimately, that's bye bye to Samsung for taking this route unless they ALLOW a solution.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Hate to reply to myself but for anyone passing by:
I've realised after reading the Galaxy Note 3 forums, it turns out that Knox IS actually implemented and tripped by hardware, the Qualcomm CPU in particular which has eFuses (that Qualcomm call qFuses) that burn out irreversibly when they are tripped. So resetting the counter is pretty much impossible.
This thread is where the main Knox action is going on in the Note 3 Forums, where a bounty is offered to anyone who can find a solution:
http://forum.xda-developers.com/showthread.php?t=2486346
It seems so far that a method to flash recoveries/kernels/roms without tripping the Knox counter is the best possible option.
I was running a U1 XAA build of Android 10 2.0 with the
June 1 Security patch that I'd downloaded and flashed
from Sammobile.
Awhile ago I downloaded and flashed the U1 XAA 2.1 update from the same place and noticed that there
are a number of apps I can no longer deny Wifi Control
access to under the Apps Special access area:
DeviceTest
DeviceKeystring
FACM
Gear VR Service
Voice wake-up
being 5 out of the 12 I cant deny access to.
Also I am no longer able to disable Google Play Services
whereas before in 2.0 I could. I'm not even allowed to forcestop Play Services now! Its not just these two changes, there are other things I used to be able to disable but now can't. And I have *two* 'SmartThings'
apps, one is version 10.0.37.0 and the other is version
1.7.50-21 (the-21 is just how its listed.)
I know this all sounds somewhat tame and trivial but I would like to know if this is all normal and can be confirmed by anyone else.
Anyone
-----------------
**Update**
Okay, just wanted to post some info on some sort of resolution to the above, mostly for those who make honest and earnest pleas for help and ask really pertinent questions but are ignored by the knowledgable (or criminal)
peruser.
In short, I was hacked. It doesn't come as a surprise (has happened *many* times with my N9. It *does* make me wonder about that supposed military-grade Knox security)
How do you know if you're hacked?? I just used the Running Services lister under Development Tools. Look
for services that shouldn't be running as often as they do
(Last hack they had Samsung Push which is for delivering notifications related to Samsung apps?? running something as a Service (not sure what it was but as soon as I stopped it, it popped right back up) or things you never use or have deactivated showing up in the cache (ESPECIALLY Aircommand!! Disable this as a Trusted Agent immediately! And keep an eye on it, and always keep the Air Remote feature OFF).
Also, the Google Play Store app. When I flashed the July 2020 Security update I noticed the Play Store was still at the May 2020 version update. I didn't think much of it at the time, but after having to Factory Reset I noticed it now read July 1 2020. So I guess the 'worms' have the May version hacked. Sucks that villany loves working for free breaking stuff, but in order to build something up and protect it, it takes toil and coercion.
Finally (Not sure if this is actually a sign of malware or hacking, but the only reference I could find relating to it
was from a guy who was truly beleaguered by hackers)
theres a User Certificate under Biometrics & Security / Other
Security settings / User Certificates that reads as
'FindMyMobile' and purports to being necessary for VPN security and other applications. Well, I had Find My Mobile
deactivated and uninstalled via ADB and it still showed back up after being deleted numerous times and my VPN seems to work without it. It might be for the Note 9's
built-in Knox android VPN strengthening parameters, but I couldn't find nfo online about it anywhere except in the case I mentioned which seems very odd. Qualifying proof of its malicious intent for me?: After factory resetting it hasn't shown back up.
I dont think my N9 is cleaned or I should say I'll never trust a smart phone fully again, not until the outdated and hacked 40 year old SS7 protocol that runs all cellular communications is updated, not until something more reliably secure than 'somewhat' obsfucatingly complex baseband processors are present in phones and maybe something akin to a hardware firewall in the soc that can interpret and filter non-carrier invalid commands (prob only need to update that damn SS7 protocol!) I'd also love it if Google/Alphabet would dump Android and start over with a new updated mobile OS with security at the forefront (Think, updates delivered via 'Middleware', roms bought initially directly from the manufacturer that can be crytographically flashed up to three times with signed updates with each update burned and locked into the rom via fuses. Each factory reset brings you back to your last update. The roms are only updatable if a hardware dip switch is tripped which moves actual physical leads in the soc which powers the ability to flash this chip. And maybe screw AOSP, I wonder if all this open sourceness has actually given the malware creators more knowledge to
finess the software and the hardware. The so-called white-hat 'Ethical Hackers' (LOL! HOW can breaking into someone's personal space without permission outside of national defense be considered ethical?!? All hackers are criminals. If you want to be considered a 'good' hacker (*snort*) bring to light the measly exploits and software, the slime who make and distribute the same and tell how to protect against them and detect them and disable them. Criminals giving webinars and seminars about how to circumvent protections for devices that billions of people rely on for living should be outlawed FULL-STOP-PERIOD I'd rather have one slime who knows how to get into a system than having that slime be allowed to freely distribute the software and knowledge so that millions of other definately less conscionable scum can make use of his knowledge.)
hackers only care about making their fame and fortune by
beinging to light obscure and unknown exploits that no one has ever used or are likely to use than going after to exoloits that *are* in use and *do* affect those in the here and now. It must give some sense of ease not to be in contention with real criminality and the fear of any reprisals from the 'less-ethically saturated' in the tech community.
Just wanted to get that out somewhere. I know its pointless and no-one will listen. Look at what Edward Snowden sacrificed for people who were/are unworthy of *any* sacrifice by betraying everything bit by bit, battle by battle until it must one day be reclaimed (if it can be) via costly confrontation, disruption and perhaps irrevocable critical loss.
Okay, END RANT. Yeah, a slow day, corona cloud and all.
But seriuosly the Feds need to check all this electronic criminality, its gotten waaay out of hand. TO FEDS: Less hunting terrorists, MORE hunting electronic predators and anarchists!
Hi, @tamdwin,
Even though you believe your phone may have been hacked, DeviceKeystring, DeviceTest, EmergencyManagerService, FACM, IMS Service, IOTHiddenMenu, Samsung MirrorLink 1.1, Settings, Setup Wizard, Wi-Fi Direct & WlanTest are enabled on my Note9 with One UI 2.1, Security patch: 1 July 2020 (w/out Google Play Services/Google Play Store, Bixby, GearVR, DeX...only have Google Services Framework installed).
After downloading the 1 July 2020 Security update, I noticed that these services could no longer be turned off for wi-fi control.
Wish I never downloaded the update for the fancy camera features, lol.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
Some of the settings, such as disabling "Find My Mobile" from running in the background, reset/enable after you restart the phone.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
But will it blend!
https://www.youtube.com/watch?v=FN9mktgYZJ8
I am worried about these things, so I am looking at developing my own custom ROM.
Sorry for my English I Am brazillian
@P00r ROFL! The Samsung S4 Active shake looks delicious! Thank you for sharing the vid!
silvaBR said:
I am worried about these things, so I am looking at developing my own custom ROM.
Click to expand...
Click to collapse
That sounds like an excellent plan!
I recently had a mint Samsung Galaxy Note 9 SM-N960U with Knox Mobile Enrollment already setup on the device. I used a remote service to remove the Knox Security, during the remote service, the technician used the combination file, he extracted the combination to be seeing all the files and he took the file devcfg.mbn and flashed it on the phone with Odin, then the phone shutted off and refused to boot again, completely dead, i say it again was completely dead.
So i found on the internet that Samsung is advancing is security and so the process to remove Knox is used with a connection to the CPU of the device and use the CPU for calculating the bypass of that security. So Samsung in the development of the security of Knox implanted the same security then the one the Government uses which consist about hacker which use the calculation of the processor to hack the system or a security system files, if it happen then the processor is automatically destroyed remotely by the network and the Cyber Police receive a red flag concerning that processor, with location of the event and they receive the auto-logs of the device which is on the network a virtual copy of your real devices, and then they can confirm that the CPU destruction was required because it was giving a danger for their content.
Because the CPU is hacking the Security Knox, then their development reached to be the same method then the Government. Who didn't heard that the FBI, CIA, NSA had the possibility to destroy any laptop or computer immediately when a hack is detected, This is in place in case of hacker using the 32bits or 64bits of the processor to process some exploits or hacks directly to Network.
I let you know that Samsung Corp. made about 53 Trillions of Sales in 2019 and in that amount 17 Trillions was pure profit for Samsung. Corp. so for them to reach the norm of the security on the market of phone and tablet have made them spending a lot of billions into their security and of their network. I believe they can put a 300 billions really easy into the development of a security that businesses and corporations are using, Knox is Samsung brand (if i don't do mistake, at least it used by Samsung i'm sure).I believe in this security to be coming pretty soon as Samsung is pushing to implant that to his new Knox Security and to the Firmware Root Security also. Does It mean that using a box (Z3X, Octoplus, Miracle Thunder) and to run the process normal of FRP reset will destroy the motherboard now, because these box they connect directly to CPU, chips and they uses them to remove the locks and to reset the security of the devices.
I ask you if the things is possible do Samsung coded in their security that the CPU is auto-destroyed and if not do a J-Tag will be bringing back the Motherboard alive, i had not even the time to use it it been destroyed in about an hour and not even by me. But i'm not mad against the company i used they paid me a motherboard refurbished for the Galaxy Note 9 value of 139$.
Anyway let me know folks.
GSM SylVaincouver
Web: www(dot)gsmsylvaincouver(dot)com
If I root my tab s8+ and then wipe the OneUI from twrp and flash android 12L firmware from Google will it work and will the tablet boot up? Also what effect does rooting have on Knox does it disables it completely or there is just a failsafe which tells samsung i attempted to root my device but the Knox keeps on functioning?
I might try this when my warranty is finished.
I am attempting to get rid of GOS since Samsung has so heavily throttled the performance of Tab s8 series and the lack of optimized apps is even more frustrating. I bought Samsung rather than apple cause of the more open and accessible ecosystem but I think IOS is much better for it's app optimization and smoothness, I used my friends Ipad air and the applications are so smooth compared to on my tab s8+.
Rooting requires bootloader unlock and unlocking the bootloader triggers KNOX chip permanently. So apps like Samsung pass, secret folder and such also becomes permanently disabled since they require a working knox chip to work. Since they use knox chip to encrypt it's data and then stores key securitly in knox chip. So no-one can get key and decrypt the data if the device is hacked or similar.
Jake.S said:
Rooting requires bootloader unlock and unlocking the bootloader triggers KNOX chip permanently. So apps like Samsung pass, secret folder and such also becomes permanently disabled since they require a working knox chip to work. Since they use knox chip to encrypt it's data and then stores key securitly in knox chip. So no-one can get key and decrypt the data if the device is hacked or similar.
Click to expand...
Click to collapse
Well I have read several reports of Knox getting hacked or samsung getting hacked and Knox user data getting released. It's not a military grade security solution I don't use secure folder, as it has deleted the data of it's users or lost it after some time without any reason.
If I flash 12L on this tablet shouldn't it work since the hardware is there albeit I will lose some good functionality like samsung dex and the OneUI user interface but I can revert back by flashing samsung firmware. I want to get the max performance as possible without kernels from this device and GOS is completely baked deep in OneUI, stock android can atleast allow normal performance from this tablet.
I have a mobile with sdm 845 and I can play games on 60 fps constant on that but on this tablet it goes from 60 to 45 and is extremely unstable lot of spikes and frame drops, even though it has a much stronger processor and GPU and they are not throttling but idling about 35-40 °C. Initially disabling gos (AllianceShieldX) allowed for constant 85-90 fps on this tablet but now on OneUI 4.1.1 even after clearing data and disabling it does not do so, anything, AllianceshieldX knox license is currently banned by samsung they are looking for a workaround so I can try that as well on this new Android version when that is available.
HARNATH said:
Well I have read several reports of Knox getting hacked or samsung getting hacked and Knox user data getting released. It's not a military grade security solution I don't use secure folder, as it has deleted the data of it's users or lost it after some time without any reason.
If I flash 12L on this tablet shouldn't it work since the hardware is there albeit I will lose some good functionality like samsung dex and the OneUI user interface but I can revert back by flashing samsung firmware. I want to get the max performance as possible without kernels from this device and GOS is completely baked deep in OneUI, stock android can atleast allow normal performance from this tablet.
I have a mobile with sdm 845 and I can play games on 60 fps constant on that but on this tablet it goes from 60 to 45 and is extremely unstable lot of spikes and frame drops, even though it has a much stronger processor and GPU and they are not throttling but idling about 35-40 °C. Initially disabling gos (AllianceShieldX) allowed for constant 85-90 fps on this tablet but now on OneUI 4.1.1 even after clearing data and disabling it does not do so, anything, AllianceshieldX knox license is currently banned by samsung they are looking for a workaround so I can try that as well on this new Android version when that is available.
Click to expand...
Click to collapse
That hack was hacking Samsungs servers containing customers data. Not data from mobile phones or tablets. Since KNOX stores locally and does not communicate with Samsung servers or so. So that data is unaffected by the hack that happened to Samsung in USA.
Also only data samsung has got is name, street, email and so on that kind of data was hacked from samsung servers.