Recently, Samsung announced that her all new devices will get an Android 4.3 update that includes KNOX Security system. According to Samsung, these devices will get the update:
- Samsung Galaxy S3
- Samsyng Galaxy Note II
- Samsung Galaxy S4
- Samsung Galaxy Note 3 (already has KNOX Security system)
Most of the users don’t root their devices and use it normally and for them KNOX Security system is a great option.
But what happanes if we want to root our device?
Now the problem begins.
Normal(unrooted and so..) devices are flaged as KNOX Void Warranty 0x0 right from the factory.
When we flash items which weren’t signed by Samsung, it flags your device as KNOX Void Warranty 0x1.
According to Chainfire, KNOX status is indeed an eFuse. This means that even JTAG can not reset the KNOX status back to 0x0.
Some facts about KNOX status:
- It isn’t possible to downgrade to KNOX-disabled firmwares/bootloaders (An attempt sets 0x1) (even though some people state, downgrade is possible when omitting the bootloader file in a firmware package). By downgrading from KNOX-enabled to KNOX-disabled firmware, your devices will be locked to installation of newer firmwares.
Let’s focus on that fact. As we mentioned above, Devices like S4, S3 and Note II which came without KNOX will get the KNOX system.For example, S4 I9505 got about a month ago 4.2.2 update that includes KNOX-enabled system(MH1). If you try to downgrade to KNOX-disabled system(MGA for example) your device will be flaged as KNOX Void Warranty 0x1 and will get a special lock – you won’t be able to update to any KNOX-enabled firmware even by ODIN. Samsung’s 4.3 update is KNOX-enabled, so if you tried to downgrade to KNOX-disabled firmware(for example MH8->MGA), you won’t be able to install 4.3 update.
This problem is only for devices which didn’t come with KNOX-enabled system from the factory(S4, S3 and Note 2)
Jeffery Butler confirmed this information:
FYI…Samsung told me that Knox warranty becomes 0x1(void) when the device with secured bootloader attempts to have non-secured bootloader. MH1 is the very first binary with secured bootloader. If MH1 is attempted to be downgraded to lower version(i.e. MGD) which has non-secured bootloader, then Knox warranty becomes void forever, and this means that the device can be used only for non-Knox device(no container can be created).
If you try to downgrade to KNOX-disabled firmware, you can’t install any new firmaware(that includes KNOX-enabled system) and use your device only with the old firmwares.
- Even if you flash a KNOX-enabled firmware via odin (e.g. the latest fw) knox will be set to 0x1.
- Flashing unsigned or modified images via odin will set knox to 0x1.
According to these two, flashing root/kernel/recovery/latest firmware by samsung/etc. will set KNOX status to 0x1.
- Samsung stated, resetting the flag is impossible.
Chainfire confirmed that it is impossible to reset the flag.
- KNOX is mandatory and can not be completely removed.
In custom roms we can remove KNOX apps, but the status remains 0x1.
- Warranty Void is not a counter, it is a flag (0,1). We have never seen 0x2 or so.
- Mirroring all partitions from a clean 0x0-Device to a 0x1-Device via JTAG produces an unfunctional device (reversible by restoring the 0x1 partitions on the phone).
Using JTAG or other repair tools to reset the flag is impossible.
- KNOX bootloader verifies signatures of kernels and recoveries. No custom ones possible without voiding the knox warranty.
Again, if we flash kernel/recovery/etc. we will void the warranty.
This si how 0x1 looks like:
I guess you are asking yourself now, what the hell 0x1 means?
If your device is flageed as 0x1. you should forget about your warranty.
Chainfire and other people confirmed that your can’t use your warranty:
Worse than that, I’ve also been hearing that service center instructions are indeed that devices with this status tripped will not receive any warranty repairs. (Of course, the action they take may still depend on the service center). Their excuse is that the hardware is damaged by the owner. Seems Samsung is catching up in scumbaggery to HTC, who years ago attributed my HTC Diamond’s screen damage (digitizer detached) to the installation of HSPL 🙂
To anyone in the know it is obvious that this doesn’t really fly, and the eFuse blowing (is this the hardware damage?) is intentionally done by the bootloader when unsigned software is loaded.
If you want to read the whole Chainfire’s statement, click here.
What is eFUSE? it’s a technology that allows reprogramming a read-only memory chip in real-time, even though such chips come with hard-coded code that cannot be generally changed after manufacturing.
When flashing unofficial software on the device, the status of the system and KNOX is switched to CUSTOM while increasing a binary flash counter, which helps Samsung find out whether the device has been tampered with. However, while Chainfire’s TriangleAway app has let users switch the status back to official and reset the flash counter until now, the KNOX status is based on eFUSE – basically, once you flash custom kernels or root the Note 3, the KNOX code gets rewritten, and this constitutes hardware damage.
Well, all I can say is think twice before you play with your Samsung device. If you don’t care about warranty, and you like custom roms and cool stuff just be aware of this information and continue with what you are doing.
321,364 total views, 131 views today