Secure Folder with tripped Knox Android Q - Samsung Galaxy Note 9 Questions & Answers

Secure folder is working after updating to android 10 with tripped Knox
S health and Samsung pass aren't working unfortunately
Can anyone confirm?​

AbdullahT3rx said:
Secure folder is working after updating to android 10 with tripped Knox
S health and Samsung pass aren't working unfortunately
Can anyone confirm?​
Click to expand...
Click to collapse
I dont think you can update to official android 10 beta if you have root or knox 0x1....even if update secure folder will not work

Jovan1997 said:
I dont think you can update to official android 10 beta if you have root or knox 0x1....even if update secure folder will not work
Click to expand...
Click to collapse
I didn't say I'm rooted,
Yes I rooted before but I'm running stock android.
I updated to android Q using update.zip file
And I can confirm that secure folder is actually working with tripped Knox.

This sounds like good news!

pichai said:
This sounds like good news!
Click to expand...
Click to collapse
I hope someone will figure out why this worked and maybe do a topic on how to get it to work again after stable Android Q releases.
I can't get my hopes up but I also want Samsung Pass to work.

Alpha, and beta releases are signed by test-keys, which is actually public, means anyone can sign apks & push them to system, basically, you can fool samsung apps so they think your device is still with knox 0x0, which will get them to work fine.
In release keys, manufacture signs their APKs with set of keys they only have access to, which will be hard to fool.

Related

SuperSU and SafetyNet / Android Pay

This is the place to discuss anything and everything related to SuperSU and SafetyNet / Android Pay.
To clarify, I am not currently actively doing any development on having SuperSU pass SafetyNet detection, or having Android Pay work; the same way I put no effort into beating other root detection methods such as various enterprise security tools.
In case any SuperSU-rooted device passes SafetyNet, that is a bug in SafetyNet, not a feature of SuperSU.
While I may not agree with Google's stance, I'm not about to go messing with payment systems. Is it possible though? Probably yes.
This thread has been created because you guys simply cannot stop talking about this, so these posts can now go here, where I don't ever have to see them.
Will v2.50 cause Android Pay not to work in 6.0? If so, I am guessing there is no way around it?
0.0 said:
Will v2.50 cause Android Pay not to work in 6.0? If so, I am guessing there is no way around it?
Click to expand...
Click to collapse
Root is a no no with android pay and I think custom ROMs are also out at the moment
Sent from my A0001 using Tapatalk
Pure Drive GT said:
Hey, thanks for your continued support for root on Android, was just wondering, is google making it harder to achieve decent root privileges, as in they don't want rooted devices or are they just unrelatedly changing up things which forces you guys to adapt?
On another note, is there any progress on root without the modded boot? This is by no means an ETA, just wanted to know if you think it's possible or the situation looks rather dire.
Thanks again for your many efforts!
Click to expand...
Click to collapse
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
mdamaged said:
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
Click to expand...
Click to collapse
Many banking and financial apps restrict access on rooted devices; it's not just Google.
It makes sense in some ways: root access allows running things in the background to either circumvent, monitor, or interrupt program transactions. They're being paranoid, and I don't blame them.
I don't like the Google Pay concept (or Apple's either); like every other encryption or security system, it's destined to eventually be hacked.
mdamaged said:
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
Click to expand...
Click to collapse
Yep, I was able to add my debit card but not credit.
VZW LG G4
mdamaged said:
Well, just look at Android Pay, it will not allow one to add a credit card if it detects the device is rooted. So yeah, Google definitely wants to stop root, or at least make sure there is a strong dissuasion towards same. It's not a bad thing persae, as Google is just making the devices more secure for the masses. We 'power users' are lucky to have those such as Chainfire working so hard to get us what they can.
Click to expand...
Click to collapse
http://www.androidpolice.com/2015/0...hy-android-pay-doesnt-support-rooted-devices/
shaggyskunk said:
Yet the Note 5 has been rooted for at least a couple of weeks
Click to expand...
Click to collapse
On Lollipop... And you also have to unlock your bootloader to do that, right? If yes, then you will trip the KNOX, and that mean you will loose some of your device functionality (Samsung Pay for example), without option to take it back. On the Nexus on the other hand, when you want to use Android Pay on Nexus, you can restore your phone to completely stock condition, without any trace of previously used root.
Also, all of this is completely irrelevant to carried device users, since they have a locked bootloaders.
Srandista said:
On Lollipop... And you also have to unlock your bootloader to do that, right? If yes, then you will trip the KNOX, and that mean you will loose some of your device functionality (Samsung Pay for example), without option to take it back. On the Nexus on the other hand, when you want to use Android Pay on Nexus, you can restore your phone to completely stock condition, without any trace of previously used root.
Also, all of this is completely irrelevant to carried device users, since they have a locked bootloaders.
Click to expand...
Click to collapse
I believe that it's only at&t and Verizon that locks the bootloader - And none in Canada and many other Countries.
Sent From my SM-N910W8 Running SlimRemix V5.1
Had an interesting event, on 2.52.
I unchecked "Enable Superuser" in Settings, to attempt to use Android Pay (Android Pay still wouldn't work). Then, when I rechecked "Enable Superuser", the re-installation of the binary failed, and I was prompted to reboot to try again. However, then I got a boot loop (never even got the opportunity to enter my encryption code). The only way I was able to boot was to re-flash the modified boot.img and re-install SuperSU from the zip (no idea whether both steps were necessary).
I have a Marshmallow Nexus 6, encrypted. For what it's worth, I was previously rooted on 5.1.1, and, after updating to 6.0 and until I re-rooted, I always got a "Your device is corrupt" message on startup, despite being all stock.
NYZack said:
Had an interesting event, on 2.52.
I unchecked "Enable Superuser" in Settings, to attempt to use Android Pay (Android Pay still wouldn't work). Then, when I rechecked "Enable Superuser", the re-installation of the binary failed, and I was prompted to reboot to try again. However, then I got a boot loop (never even got the opportunity to enter my encryption code). The only way I was able to boot was to re-flash the modified boot.img and re-install SuperSU from the zip (no idea whether both steps were necessary).
I have a Marshmallow Nexus 6, encrypted. For what it's worth, I was previously rooted on 5.1.1, and, after updating to 6.0 and until I re-rooted, I always got a "Your device is corrupt" message on startup, despite being all stock.
Click to expand...
Click to collapse
Root doesn't have to be enabled for pay to fail. Any time the system partition is modified pay will not work. There was an xda news article on it. A quick Google search involving Android pay and root should find it.
Lrs121 said:
Root doesn't have to be enabled for pay to fail. Any time the system partition is modified pay will not work. There was an xda news article on it. A quick Google search involving Android pay and root should find it.
Click to expand...
Click to collapse
I also found that having an unlocked bootloader will stop Pay working. When MM released I decided to go fully back to stock but kept the bootloader unlocked so I could flash MM. Pay still failed, so I've given up and gone rooted again.
Sent from my Nexus 6 using Tapatalk
Ch3vr0n said:
@Chainfire if you actually are able to pull off fully working stable root WITHOUT modifying the /system does that mean you MIGHT have opened the door into having root AND still being able to get OTA's?
Click to expand...
Click to collapse
osm0sis said:
Yup, all you'd need to do is reflash stock kernel to pass the boot partition EMMC check, or, we could automate restoring the previous stock kernel, flashing the OTA and then injecting the new stock kernel with root after flashing (à la AnyKernel2 or MultiROM). So many exciting possibilities there where custom recoveries are concerned.
Click to expand...
Click to collapse
Chainfire said:
Honestly it's not so different from using FlashFire to flash re-flash system, then OTA, then re-root. But it is easier, yes.
Click to expand...
Click to collapse
This is indeed exciting. However, I noticed that @Chainfire posted this downside on Google+ :
Andrew Morykin 12:24
This should retain Android Pay, right?
Click to expand...
Click to collapse
Chainfire 12:58
+Andrew Morykin if it does, then it's by accident and not by design, and Android Pay will be updated to block it.
Click to expand...
Click to collapse
https://plus.google.com/+Chainfire/posts/aJbqUZ8PEP4
also, I was confused by this:
Chainfire said:
- I have not tested with encrypted devices
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=63197935
Aren't
Nexus 6P / angler
angler-mdb08k-boot-systemless.zip
Click to expand...
Click to collapse
and
Nexus 5X / bullhead
bullhead-mdb08i-boot-systemless.zip
Click to expand...
Click to collapse
encrypted out of the box?
dabotsonline said:
This is indeed exciting. However, I noticed that @Chainfire posted this downside on Google+ :
Click to expand...
Click to collapse
How is that a downside?
It's exactly the same with every other form of root you will ever see. They don't want to support Android Pay (and some other stuff) on rooted devices. If we find a root that allows it, they will update their system to detect and block it. That cat and mouse game will not end as long as Google doesn't want Android Pay on rooted devices.
Maybe someone will make apps/modules that help circumvent this, but it certainly will not be me.
also, I was confused by this:
Aren't
Nexus 6P / angler
and
Nexus 5X / bullhead
encrypted out of the box?
Click to expand...
Click to collapse
Still can't test what I don't have.
russlowe73 said:
Factory images
Click to expand...
Click to collapse
So basically I have to go back to 100% stock using ADB, and then flash the new SuperSU stuff with any custom ROM? If so, what are the benefits of this other than getting Android Pay while rooted?
I'm not sure if anyone has specifically mentioned this, but Android Pay still works with this form of root on the Nexus 6!!
efrant said:
Starting with Android 5.0, OTA updates are now block-based rather than file-based, so any modification to the system partition will cause the OTA to fail, even mounting the system partition as r/w.
Click to expand...
Click to collapse
Just to add to this, it's a whole-partition /system patch OTA if the device launched with Lollipop or later, anything that launched with KitKat is still receiving the old file-based patch OTAs. Modifying Settings.apk would likely trip either method for a lot of OTAs though, since it's a pretty central component.
galaxyuserx said:
I use Galaxy s6 G9200 HK with Kernel compiled by me, but i have problem with root 5.1.1 and i think in future too 6.0
These root method is integrated in kernel source or i can integrate with those "boot.img systemless" my selfcompiled kernel?(repack boot.img with kernel compiled by me)
Is possible to work this new root method to android 5.1.1?
I have problem with gain root when i use kernel compiled by me ( STOCK kernel have too this problem BOOTLOOPs and FREEZEs on boot system) and i don't know how slove it :/
I found on chineese forums root integrated in boot.img it working good and isn't comunicat "KERNEL is not SEandroid enforced" but when i try integrate my kernel with this boot.img error with boot system :/
Click to expand...
Click to collapse
Yup, it's all ramdisk changes so should be workable on any version of Android. Chainfire left instructions outlining the ramdisk changes in the WIP thread if you want to give it a try.
phishfi said:
I'm not sure if anyone has specifically mentioned this, but Android Pay still works with this form of on the Nexus 6!!
Click to expand...
Click to collapse
Yup, seems to be the case with most banking and root-detecting apps... for now.
Can someone with the non-system SU use this app: https://play.google.com/store/apps/details?id=com.cigital.safetynetplayground and post the results?
This app is supposed to do the SafetyNet checks cleanly, the same way Android Pay does them.
Would be interesting to see if it succeeds on devices with this new supersu version.
secguy said:
Can someone with the non-system SU use this app: https://play.google.com/store/apps/details?id=com.cigital.safetynetplayground and post the results?
This app is supposed to do the SafetyNet checks cleanly, the same way Android Pay does them.
Would be interesting to see if it succeeds on devices with this new supersu version.
Click to expand...
Click to collapse
Just ran it and it passed.
Went ahead and installed su on a stock nexus 5, so far working well, android pay does not work but that was me being stupid and changing the host file and dpi before setting it up
I do notice a little input lag after this, not enough to even make me consider removing root, but it is noticeable, anybody else with this?

Note 8 trip knox

I just brought an Galaxy note 8 N950F/DS yesterday. After I reboot the device, it shows a lock image. I can factory reset nornally, enter to the bootloader, and the knox trip to 0x1. I dont know the figure lock when I reboot the device mention what ?
Another question is that can I start to root my device and start to use SS Pay ? Because My knox is 0x1 already so I think I can root it to install some xposed module and use magic tricks to use SS Pay.
Thank you so much.
Samsung pay, as far as I know, will not work on rooted devices
Sorry bud but Samsung pay (and secure folder) depends on knox flag being 0x0.
Once it's at 0x1 there is no going back!
But you can use google pay with magisk hide root.
BluePhnx said:
Sorry bud but Samsung pay (and secure folder) depends on knox flag being 0x0.
Once it's at 0x1 there is no going back!
But you can use google pay with magisk hide root.
Click to expand...
Click to collapse
Yes, I know it, and i don't know I can root it or not ? And what is the lock image mean after I reboot th3 device.
winol said:
Samsung pay, as far as I know, will not work on rooted devices
Click to expand...
Click to collapse
I read in hmthe xda said that I still use the ss pay with rooted devices if I use magic or SU hide to hide root under the ss pay.
nguyen.hoangtrankhoi said:
I read in hmthe xda said that I still use the ss pay with rooted devices if I use magic or SU hide to hide root under the ss pay.
Click to expand...
Click to collapse
Nope. Samsung Pay doesn't check for root or even an unlocked bootloader (which is what that lock icon on startup indicates). You could re-lock the bootloader and flash a complete stock rom and Samsung Pay will not work due to Knox being tripped.
There is no way to reset the Knox counter back to 0x0, which means there's no way to get Samsung Pay working on your device. Android Pay, yes - Samsung Pay, no.
Sent from my SM-N950W using Tapatalk
Devhux said:
Nope. Samsung Pay doesn't check for root or even an unlocked bootloader (which is what that lock icon on startup indicates). You could re-lock the bootloader and flash a complete stock rom and Samsung Pay will not work due to Knox being tripped.
There is no way to reset the Knox counter back to 0x0, which means there's no way to get Samsung Pay working on your device. Android Pay, yes - Samsung Pay, no.
Sent from my SM-N950W using Tapatalk
Click to expand...
Click to collapse
I read it on this post : https://forum.xda-developers.com/galaxy-note-8/how-to/guide-how-to-root-note8-efs-backup-t3677038
And it is said that I still use the Samsung Pay and Secure Folder.
- As of now you will lose Samsung Pay and Secure folder forever if you root once, even unrooting won't help. (hope in future we can get it working on tripped knox device). Also you may not able to run some banking apps, but for that there are some workaround like Magisk Hide or SU hide, google it.
Click to expand...
Click to collapse
I don't know if it is still work or not. I need to wait 7 days to unlock the OEM for test. Hope it can work
And about the Lock Icon after I reboot it, I think the reason is I set the secure unlock ( require the PIN code after reboot device ) so the Icon appears. I remove that option and the Lock Icon is gone. I don't know it is the reason or not ? Some people said I unlock bootloader and that icon appears.
The workaround is for banking apps - note it says you will lose Samsung Pay and secure folder FOREVER. Magisk or SU Hide cannot hide Knox, and as it says, even if you aren't rooted you won't get Samsung Pay back. It's been this way since Samsung Pay was released, so don't expect a workaround for that anytime soon (if ever).
As of now you will lose Samsung Pay and Secure folder forever if you root once, even unrooting won't help.
Click to expand...
Click to collapse
As for the lock icon, I misunderstood. If the bootloader is unlocked I believe you'll see a small white lock under the "Samsung Galaxy Note 8" logo on startup. If you enter a pattern / PIN before seeing an unlock icon, then yes, that is indeed secure startup.
Sent from my SM-N950W using Tapatalk
Devhux said:
The workaround is for banking apps - note it says you will lose Samsung Pay and secure folder FOREVER. Magisk or SU Hide cannot hide Knox, and as it says, even if you aren't rooted you won't get Samsung Pay back. It's been this way since Samsung Pay was released, so don't expect a workaround for that anytime soon (if ever).
As for the lock icon, I misunderstood. If the bootloader is unlocked I believe you'll see a small white lock under the "Samsung Galaxy Note 8" logo on startup. If you enter a pattern / PIN before seeing an unlock icon, then yes, that is indeed secure startup.
Sent from my SM-N950W using Tapatalk
Click to expand...
Click to collapse
Great, thanks for your information. Thank you Devhux

S9/S9+ To Note 8 Secure Folder With Fingerprint+ Option

There's a feature within Secure Folder on the Galaxy S9 devices called Fingerprint+ and this feature allows the user to unlock their device directly into Secure Folder. I've previously posted a question in the S9/S9+ Forum: https://forum.xda-developers.com/galaxy-s9-plus/help/s9-s9-secure-folder-fingerprint-option-t3806846
Has anyone been able to port this app from the S9 and has been able to use it on the Note 8?
Below is what the feature looks like and a video on how to access it.
https://www.youtube.com/watch?v=geLWAZxviKg
This would be a nice feature.
I doubt even trying to port it would mean much. Since porting it would mean to incorporate into a custom ROM and being able to flash custom ROMs means custom recovery, which means Knox gets tripped, which means Secure Folder won't even work in the first place.
This feature has already been available on the stock OS straight off the bat.
iceepyon said:
This feature has already been available on the stock OS straight off the bat.
Click to expand...
Click to collapse
Not really. No option to unlock straight into secure folder.
drmilosh said:
Not really. No option to unlock straight into secure folder.
Click to expand...
Click to collapse
I can unlock the Secure Folder on my N950N using either my Iris, Fingerprint or a password and I am using the Stock Samsung Oreo 8.0.0 OS.
iceepyon said:
I can unlock the Secure Folder on my N950N using either my Iris, Fingerprint or a password and I am using the Stock Samsung Oreo 8.0.0 OS.
Click to expand...
Click to collapse
This is true. I dont want to sound hostile, but have you read what this thread is about?
You can use the sec folder with either iris, fingerprints etc but there is no option to unlock the phone directly from the lockscreen to secure folder with custom fingerprints.
Maybe there will be in a future update, since its not possible to port this in a custom rom (root breaks knox, knox breaks secure folder).

Is rooting with Magisk possible?

Hey im new to Samsung phones and got an S10+ preordered. Will I be able to flash TWRP and Magisk the day I get it or will it take some time? Also is there anything special about rooting Samsung phones?
Thank you for your answers!
I would not expect for immediately. Devs need to reverse engineer/hack their way around the firmware locks to attain root and keep the device bootable. Once they do that, the devices are ours. though I cannot imagine it would be too different from the 9 series with flash counters and such not.
Edit: Typos.
F0rbidN said:
Hey im new to Samsung phones and got an S10+ preordered. Will I be able to flash TWRP and Magisk the day I get it or will it take some time? Also is there anything special about rooting Samsung phones?
Thank you for your answers!
Click to expand...
Click to collapse
If it's the US snapdragon I highly doubt it but with exynos most likely and it will trip knox just like the Note 9.
Misterxtc said:
If it's the US snapdragon I highly doubt it but with exynos most likely and it will trip knox just like the Note 9.
Click to expand...
Click to collapse
I will get the exynos version. What are the disadvantages of triggering knox? Thank you for letting me know.
zerolock said:
I would not expect for immediately. Devs need to reverse engineer/hack their way around the firmware locks to attain root and keep the device bootable. Once they do that, the devices are ours. though I cannot imagine it would be too different from the 9 series with flash counters and such not.
Edit: Typos.
Click to expand...
Click to collapse
Will I have to do a factory reset in order to root my device?
F0rbidN said:
I will get the exynos version. What are the disadvantages of triggering knox? Thank you for letting me know.
Click to expand...
Click to collapse
You will loose Samsung Pay, secure folders and banking apps probably won't work. There is more but that's all that comes to mind right now. Uninstalling root and flashing everything to stock won't fix the lost apps either, it's permanent. I think it will reset your phone too.
Root
Banking apps will work once able to flash Magisk, simply using a system-less root method will allow for work arounds such as Magisk hide etc. which will definitely allow for such apps to work. Exactly as has been seen for the past few generations of devices using Magisk! Anyway... on another note, yes bootloader will very likely be unlockable on Exynos variants allowing for TWRP and custom rom installation but highly unlikely on Snapdragon variants.
Misterxtc said:
You will loose Samsung Pay, secure folders and banking apps probably won't work. There is more but that's all that comes to mind right now. Uninstalling root and flashing everything to stock won't fix the lost apps either, it's permanent. I think it will reset your phone too.
Click to expand...
Click to collapse
Are you sure about permanent block ?!
A0_o said:
Are you sure about permanent block ?!
Click to expand...
Click to collapse
Yes because the past root methods trip knox and blow a efuse witch is not reversible. Unless a different root method is discovered this phone will be no different. As the post says above there are some workarounds but that is not a guarantee. Some apps can not be fooled.
Misterxtc said:
Yes because the past root methods trip knox and blow a efuse witch is not reversible. Unless a different root method is discovered this phone will be no different. As the post says above there are some workarounds but that is not a guarantee. Some apps can not be fooled.
Click to expand...
Click to collapse
i have read about some way to root without trip kNox but you have to dont use magisk or xposed just you got an access to system files.
Wish SuperUser root XDA god 'Chainfire' hadn't retired!
A0_o said:
i have read about some way to root without trip kNox but you have to dont use magisk or xposed just you got an access to system files.
Click to expand...
Click to collapse
Are you talking about sig. spoofing like Firegapps and stuff?
I'm waiting for anyone who has enough guts to try, all I really want is v4a.
This is the last galaxy I buy I think, prolly go one plus next time. But yea this is a waiting game. I'm waiting for someone to bribe the dev's to prenstall v4a for us in an ota update. Hey be a great April fools joke ....heh

Secure Folder Not Starting

Hi, on android 13 no root, secure folder won't start at all eve after giving all permission manually to the app, clear data and cache, same thing, any ideas !
Have you rooted in the past? Does Samsung Pass work?
ShaDisNX255 said:
Have you rooted in the past? Does Samsung Pass work?
Click to expand...
Click to collapse
yes i was rooted before (on android 12) but i flashed a new firmware manualy odin. but now, not rooted, but bootloader unlocked. and yes samsung pass works
Pro Cal said:
yes i was rooted before (on android 12) but i flashed a new firmware manualy odin. but now, not rooted, but bootloader unlocked. and yes samsung pass works
Click to expand...
Click to collapse
Having rooted once in the past is enough to invalidate Secure Folder forever even if you go back to stock
ShaDisNX255 said:
Having rooted once in the past is enough to invalidate Secure Folder forever even if you go back to stock
Click to expand...
Click to collapse
i don't think that it applys coz even on Android 12 i was rooted, when back on stock it was working fine. that why i find it wierd. now the security patch is updated i cannot go back to android 12
Pro Cal said:
i don't think that it applys coz even on Android 12 i was rooted, when back on stock it was working fine. that why i find it wierd. now the security patch is updated i cannot go back to android 12
Click to expand...
Click to collapse
It still apply.
Knox is trip no matter what if you root your phone and Secure Folder need Knox.
Lock your bootloader and check if it works

Categories

Resources