Go Back   Android Forums > Android Phones > Samsung Galaxy S4 > (International) Galaxy S4 - All Things Root

Get excited for the Samsung Galaxy S5! Find everything you need and discuss it in our Galaxy S5 Forum!

Like Tree42Likes

test: Reply
 
LinkBack Thread Tools
Old September 8th, 2013, 02:08 AM   #1 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default Knox Security & locked bootloader on new firmwares

Last updated: 21 MAR:2014


#1.0. Samsung have released the latest Galaxy S4 stock firmwares, including Android 4.2.2, MGG onwards, see #1.8, for the International, and all future firmwares such as Android 4.3 and KitKat with locked bootloaders and Knox security flag which are a prerequisite for installing the optional, full, Knox Security app. The actual Knox app is downloaded from the Play Store via an icon on the phone, if required.

It is being rolled out across the board to all the latest devices, branded and unbranded, with the exception of the GT-i9505G, Google Play Edition with stock Android firmware. It also comes installed on the latest Galaxy Note 3 and is being rolled out in new firmware updates for the Galaxy S3 and Note 2 as well as some tablets.

Their reasoning behind this is to prevent devices with sensitive data (corporate, defence, government, etc: ) from having their data compromised, hence the Knox security. This is to comply with the ever growing security demands from these organisations IT departments for secure BYOD's, (Bring Your Own Device), and is not dissimilar from the Blackberry and Apple security protocols. This means that the latest Samsung devices are now deemed acceptable for use where security is important and increases Samsung's market potential.

Samsung have further announced the Knox 2.0 mobile security platform that will come pre-loaded on the Galaxy S5 and will be introduced to older devices running KitKat

#1.1. This obviously has implications for rooting and flashing custom ROM's if your workplace demands a secure Knox device. Unfortunately, once the bootloader is locked, reverting to an earlier firmware or nandroid backup is not possible and will not unlock it or remove or reset the Knox flag and can render it unusable with loss of Wi-Fi and/or sound and may require a repair to get it working again in some cases.

#1.2. Flashing the latest Samsung stock Android firmwares will overwrite your system files and kernel as well as locking the bootloader, if not already locked. If you are flashing this to an already rooted phone, it will un-root you and, currently, there is no way to re-root and flash a custom recovery or ROM without tripping the Knox flag and rendering it unusable as a BYOD for organisations that require an untouched Knox flag for security. It also means that if you have apps that rely on root, such as SuperSU, you will not be able to uninstall them. Therefore, if you are going to install a stock Samsung, Knox enabled firmware to a rooted phone, you should first fully un-root and uninstall any root associated apps prior to updating.

#1.3. In short... if you are on Knox Firmware then you are currently screwed for custom ROM's and recoveries as the Knox flag will be tripped and your device will no longer be Knox secure as a BYOD if your workplace requires it. Also, there is no possibility of going back to a pre Knox/unlocked bootloader firmware or nandroid backup as this will trip the Knox flag also.

#1.4. If you are on Knox enabled firmware and wish to view your Knox counter status, go into Download Mode and the Knox flag is shown in the list at the top left of the screen. If, "KNOX WARRANTY VOID:", is showing as 0x0 then you have not tripped the Knox flag. If it is showing as 0x1, your Knox flag is permanently blown and your phone is no longer suitable for Knox security purposes.

#1.5 There is a ray of hope for those who wish to update to Android 4.3 and are rooted in that dev's for the International phones have released custom firmwares for Android 4.3 & 4.4.2 that do not already have the locked bootloader and Knox Security. However, these are only available to those that do not already have Knox firmware installed and will not comply with the Knox security protocols if your place of work requires them.

#1.6. CF-Auto-Root by chainfire and Root de la Vega claims that they can root Knox enabled devices but do not mention custom recovery or custom ROM flashing. Use at your own risk. There are also reorts that Voodoo's, OTA RootKeeper, has kept root on phones that are rooted and have updated OTA. Although it is not supporting 4.3 officially and may not work on the new 4.4, KitKat, release. Potentially leaving you with a rooted phone that you, "may", not be able to update without blowing the Knox flag.

#1.7. The following article by Galen Gruman in Info World, lifts the lid on the new Knox security feature and goes into a lot more detail regarding its future use, (oh yes, there's more to come), on phones and tablets and why some carriers may not even implement it fully... The truth about Samsung Knox for Android security
The higher-level security technology for select Android devices isn't really available yet, despite the hype


#1.8. Samsung releases are categorised as follows:-

M = year = 2013 (13th letter of alphabet)

E = Month of year (May in this case, 5th letter of the alphabet)

A = Release of that month (10th for, "A", as they start 1-9 first, before letters)

Therefore, MEA is pre MGG, (2013, July, 16th release), and is before Knox. Only stock Samsung firmwares MGG onwards, (with the exception of MH1), have Knox.

To locate your firmware version... type *#1234# into the dial pad and look at the last 3 letters/numbers of AP:

#1.9. Here are some useful links to explain Knox...

What is Samsung Knox?
(Comes with a short, simple, self explanatory video)

Samsung Knox User Manual/Guide

#1.10. There appears to be some confusion as to whether tripping the Knox flag to 0x1 does in fact void your warranty as there are conflicting reports and statements regarding this, as discussed in this xda forum thread...

Let's find out if KNOX flag 0:1 does void the phone's warranty or not

It would seem that some posters in various locations have received warranty repairs even though their Knox flags were 0x1.

#1.11. Finally, Samsung have issued the following statement that seems to indicate that Knox will not be used when considering warranty repairs and that they are maintaining the old status quo of, "Don't ask... don't tell", when it comes to rooting whereby a device on stock firmware and a reset Samsung, hidden, flash counter, (separate from the Knox flag), are OK, a warranty repair is considered.

About rooting Samsung KNOX-enabled devices and the KNOX warranty void bit

#1.12. There is a bounty being offered for any developer who can successfully reset a tripped Knox flag to 0x0, see #1.4. See thread, here. This currently stands at... US$3,173.
lgrider323 likes this.

__________________
Did you know that hitting the Thanks button is quicker than typing it and the Search button is your friend.

Dummies Guides Rooting Galaxy S4 * Know Your S4 * Update Problems * Knox Security * Bloatware * GPS
ironass is online now  
Last edited by ironass; March 21st, 2014 at 02:42 AM. Reason: Amended info after Samsung statement
Reply With Quote
The Following 11 Users Say Thank You to ironass For This Useful Post:
dynomot (September 8th, 2013), El Presidente (October 12th, 2013), ghanson (February 14th, 2014), lotus49 (October 11th, 2013), Marknderm (March 9th, 2014), Raptor_Jesus (October 3rd, 2013), Rudedawg (September 9th, 2013), Seinen (November 18th, 2013), silentwitness (October 3rd, 2013), sntaylor (September 15th, 2013), The_Chief (November 24th, 2013)
sponsored links
Old September 8th, 2013, 03:18 AM   #2 (permalink)
Senior Member
 
Sydney99's Avatar
 
Join Date: Jul 2011
Location: UK
Posts: 1,569
 
Device(s): Galaxy S4: ECHOE KitKat + Philz + ML6 modem
Carrier: Vodafone

Thanks: 453
Thanked 414 Times in 303 Posts
Default

Quote:
Originally Posted by ironass View Post
Samsung, in their infinite wisdom, have released the latest Galaxy S4 stock firmwares, MGG, MH5 and MH8 and all future firmwares I am given to understand, with locked bootloaders!

Their reasoning, I believe, behind this is plug security exploits such as the Master Key ones.

This obviously has implications for flashing custom ROM's which require an unlocked bootloader.

Even as I type, dev's are working on unlocking the bootloader, notably chainfire, and hopefully it will not be too long before this happens.

Until such time as a stable workaround is available the best advice is to avoid flashing any stock firmware or ROM's with a locked bootloader. DjeMBeY, for instance, has withdrawn his stock, rooted, MGG firmware because of this.

I am sure that someone like Hawker can give a better, more detailed, updated, explanation regarding the situation... providing we can sober him up!
That sucks
Sydney99 is offline  
Reply With Quote
Old September 8th, 2013, 03:33 AM   #3 (permalink)
Member
 
Join Date: Feb 2012
Posts: 100
 
Device(s):
Carrier: Not Provided

Thanks: 9
Thanked 2 Times in 2 Posts
Default

Could this have caused my issue?

I updated the latest Vodafone update yesterday and my S4 (I9505)has no recovery mode - I see the android logo and 'no command' below it and I can't get it to connect to odin anymore.

I am royally boned. Can someone please help me? I just want to get MEA firmware back on there and root again. Reason is the phone is really slow to start up and wifi no longer works since the bastard update. Have a thread already so sorry for repeating but I am really stressed out!!

Cheers!!
Kasser is offline  
Reply With Quote
Old September 8th, 2013, 03:39 AM   #4 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default

Have you checked to see if you are running one of the firmwares mentioned?
ironass is online now  
Reply With Quote
Old September 8th, 2013, 03:48 AM   #5 (permalink)
Member
 
Join Date: Feb 2012
Posts: 100
 
Device(s):
Carrier: Not Provided

Thanks: 9
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by ironass View Post
Have you checked to see if you are running one of the firmwares mentioned?
Hi Yes, the update was MGG I think.....

Some details in case helpful:

Baseband version I9505XXUBMEA
Kernal verion 3.4.0-1220369se.infra@SEP-138#1
Build JDQ39.I9505XXUDMGG

Any help would be greatly appreciated. It is due to go back to VF Tuesday, but since it was rooted they may not honour the warranty. I did use triangle away to reset the counter when it was rooted so maybe I will get away with it....but not sure...
Kasser is offline  
Reply With Quote
Old September 8th, 2013, 04:10 AM   #6 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default

Quote:
Originally Posted by Kasser View Post
Hi Yes, the update was MGG I think.....

Some details in case helpful:

Baseband version I9505XXUBMEA
Kernal verion 3.4.0-1220369se.infra@SEP-138#1
Build JDQ39.I9505XXUDMGG

Any help would be greatly appreciated. It is due to go back to VF Tuesday, but since it was rooted they may not honour the warranty. I did use triangle away to reset the counter when it was rooted so maybe I will get away with it....but not sure...
You will need to flash the stock, MGG, firmware via Odin to get rid of root and custom recovery, if you have those, as you are returning it.
ironass is online now  
Reply With Quote
Old September 8th, 2013, 04:30 AM   #7 (permalink)
Member
 
Join Date: Feb 2012
Posts: 100
 
Device(s):
Carrier: Not Provided

Thanks: 9
Thanked 2 Times in 2 Posts
Default

Thanks Ironass - I am trying to find the firmware online, but not having much luck. I have tried using the sammobile site, but the download of the software fails half way.

Also, Odin3 will not connect to my phone anymore. I've been trying for the last 2 hours and also re-downloaded the usb drivers but still no luck. Could this be because I have the 'no command' error in recovery mode?

I will keep trying but looks like I have a very expensive paperweight at the moment.
Kasser is offline  
Reply With Quote
Old September 8th, 2013, 04:42 AM   #8 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default

Quote:
Originally Posted by Kasser View Post
Thanks Ironass - I am trying to find the firmware online, but not having much luck. I have tried using the sammobile site, but the download of the software fails half way.
Try...

Samsung Updates Latest Firmware - LIVE!

Your region, (CSC), code for Vodafone UK is VOD.

Quote:
Also, Odin3 will not connect to my phone anymore. I've been trying for the last 2 hours and also re-downloaded the usb drivers but still no luck. Could this be because I have the 'no command' error in recovery mode?
You will need PC Odin to flash I'm afraid. Try searching for the older, v1.87, Odin and see if that helps.

Quote:
I will keep trying but looks like I have a very expensive paperweight at the moment.
If you do manage to flash the stock firmware, you may find that your problems are resolved... unrooted.... but resolved.
dynomot likes this.
ironass is online now  
Reply With Quote
The Following User Says Thank You to ironass For This Useful Post:
Kasser (September 8th, 2013)
Old September 8th, 2013, 06:05 AM   #9 (permalink)
Member
 
Join Date: Feb 2012
Posts: 100
 
Device(s):
Carrier: Not Provided

Thanks: 9
Thanked 2 Times in 2 Posts
Default

Thanks for helping but no luck getting odin and phone to connect. Have tried 5 different versions of odin but nothing.

Will just send this back and fingers crossed they fix it. Otherwise, I will just go back to my S2 and lick my wounds.

EDIT: Managed to get it to connect. I flashed MGG and still have wifi issue - just won't toggle to on position. Am I ok sending this back or do I need to hide the fact I used odin just now?
Kasser is offline  
Last edited by Kasser; September 8th, 2013 at 07:06 AM.
Reply With Quote
Old September 8th, 2013, 07:08 AM   #10 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

Time to buy Chainfire a beer methinks.

chainfire[dev~blog] - Home

Samsung, what were you thinking !
dynomot is offline  
Reply With Quote
The Following 2 Users Say Thank You to dynomot For This Useful Post:
ironass (September 9th, 2013), Rudedawg (September 9th, 2013)
sponsored links
Old September 8th, 2013, 08:07 AM   #11 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

Quote:
Originally Posted by Kasser View Post
Thanks for helping but no luck getting odin and phone to connect. Have tried 5 different versions of odin but nothing.

Will just send this back and fingers crossed they fix it. Otherwise, I will just go back to my S2 and lick my wounds.

EDIT: Managed to get it to connect. I flashed MGG and still have wifi issue - just won't toggle to on position. Am I ok sending this back or do I need to hide the fact I used odin just now?
MODS I HOPE THIS IS OK. IF NOT I APOLOGISE.

I'm uploading original I9505XXUBMEA_I9505VFGBMF2_CNX.zip stock Vodafone, firmware for you, and a working copy of Odin. I see that you look as though you know what your doing. I'll PM you when it's ready.
dynomot is offline  
Reply With Quote
The Following User Says Thank You to dynomot For This Useful Post:
Kasser (September 13th, 2013)
Old September 10th, 2013, 04:36 AM   #12 (permalink)
Senior Member
 
Hawker's Avatar
 
Join Date: Aug 2011
Location: UK
Posts: 3,749
 
Device(s): GT-I9505 Firmware: Danvdh GE 4.4.2 Kernel: KT BL: MGA GSM: XXUFNC9 LTE: XXUBMH1
Carrier: EE UK (4G)

Thanks: 536
Thanked 1,712 Times in 1,049 Posts
Default

It's all linked to Google buttoning down on Android security, and not Samsung in particular.
Personally I fear for where all this may be leading to.
I wouldn't be surprised if soon we see the elimination of all apps that require root access from the Play Store.

Anyway on a lighter note, DjeMBeY has released Deodexed SuperSlim KNOX FREE MH8 - CWM, but rather irritatingly, Samsung have released ZHUDMH6 firmware which has a higher changelist (1371094)
__________________
Device: Samsung GT-I9505 ROM: Danvdh GE 4.4.2 Kernel: KT GSM: XXUFNC9 LTE: XXUBMH1 B/L: MGA

My Scripts
My Web Site
Hawker is online now  
Last edited by Hawker; September 10th, 2013 at 04:39 AM.
Reply With Quote
The Following 4 Users Say Thank You to Hawker For This Useful Post:
dynomot (September 10th, 2013), EarlyMon (September 10th, 2013), ironass (September 10th, 2013), Sydney99 (September 10th, 2013)
Old September 10th, 2013, 04:37 AM   #13 (permalink)
Senior Member
 
Sydney99's Avatar
 
Join Date: Jul 2011
Location: UK
Posts: 1,569
 
Device(s): Galaxy S4: ECHOE KitKat + Philz + ML6 modem
Carrier: Vodafone

Thanks: 453
Thanked 414 Times in 303 Posts
Default

Quote:
Originally Posted by Hawker View Post
It's all linked to Google buttoning down on Android security, and not Samsung.
Personally I fear for where all this may be leading to.
I wouldn't be surprised if soon we see the elimination of all apps on the Play Store that require root access.

Anyway on a lighter note, DjeMBeY has released Deodexed SuperSlim KNOX FREE MH8 - CWM, but rather irritatingly, Samsung have released ZHUDMH6 firmware which has a higher changelist (1371094)

What's Knox free
Sydney99 is offline  
Reply With Quote
Old September 10th, 2013, 04:40 AM   #14 (permalink)
Senior Member
 
Hawker's Avatar
 
Join Date: Aug 2011
Location: UK
Posts: 3,749
 
Device(s): GT-I9505 Firmware: Danvdh GE 4.4.2 Kernel: KT BL: MGA GSM: XXUFNC9 LTE: XXUBMH1
Carrier: EE UK (4G)

Thanks: 536
Thanked 1,712 Times in 1,049 Posts
Default

Quote:
Originally Posted by Sydney99 View Post
What's Knox free
Knox is this extra embedded security system that is causing much of the problems on rooted devices since the release of MGG.
Hawker is online now  
Reply With Quote
The Following 3 Users Say Thank You to Hawker For This Useful Post:
dynomot (September 10th, 2013), EarlyMon (September 10th, 2013), Sydney99 (September 10th, 2013)
Old September 10th, 2013, 06:08 AM   #15 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default

Quote:
Originally Posted by Hawker View Post
Personally I fear for where all this may be leading to.
I wouldn't be surprised if soon we see the elimination of all apps that require root access from the Play Store.
It's being so cheerful that keeps the old Welsh shepherd going...

Wur Doomed, Entombed & Marooned... - YouTube


(Unfortunately, I fear he may be right! )


On a brighter note SYD... the DjeMBeY, CWM, MH8 ROM seems fine... SYD... also the MGG 3Minit framework is working with it... SYD. If you wanted to give that combo a try and report back, then Hawker and I are here for technical support... SYD!
dynomot likes this.
ironass is online now  
Reply With Quote
Old September 10th, 2013, 06:34 AM   #16 (permalink)
Senior Member
 
Hawker's Avatar
 
Join Date: Aug 2011
Location: UK
Posts: 3,749
 
Device(s): GT-I9505 Firmware: Danvdh GE 4.4.2 Kernel: KT BL: MGA GSM: XXUFNC9 LTE: XXUBMH1
Carrier: EE UK (4G)

Thanks: 536
Thanked 1,712 Times in 1,049 Posts
Default

SYD. As GB firmware was mostly K??, JB being L?? and M??, perhaps when Android Mango Chutney Popadom is issued we will eventually be on SYD.

Now thats one firmware I'm going to avoid like the plague!
ironass and dynomot like this.
Hawker is online now  
Reply With Quote
Old September 10th, 2013, 07:37 AM   #17 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

So long as the workaround, well, works, on this new MH8 version of DjeMBeY's ROM and newer future releases, and we can extract our PAID FOR (are you listening Google/Samsung?) apps apks we should have no fear.

Let us hack/flash and modify our (yes Google, ours not yours) phones to our hearts content. Now where is Syd, our resident test piolet?
dynomot is offline  
Reply With Quote
Old September 10th, 2013, 08:12 AM   #18 (permalink)
Moderator
 
jhawkkw's Avatar
 
Join Date: Jul 2011
Location: Rochester, NY
Posts: 9,372
 
Device(s): Nexus 5, HP 14 Chomebook, Google Glass, LTE Nexus 7(2013), Logitech Revue, Chromecast
Carrier: T-Mobile USA

Thanks: 2,726
Thanked 5,840 Times in 3,298 Posts
jhawkkw
Default

Quote:
Originally Posted by dynomot View Post
So long as the workaround, well, works, on this new MH8 version of DjeMBeY's ROM and newer future releases, and we can extract our PAID FOR (are you listening Google/Samsung?) apps apks we should have no fear.

Let us hack/flash and modify our (yes Google, ours not yours) phones to our hearts content. Now where is Syd, our resident test piolet?
Quote:
Originally Posted by Hawker View Post
It's all linked to Google buttoning down on Android security, and not Samsung in particular.
Personally I fear for where all this may be leading to.
I wouldn't be surprised if soon we see the elimination of all apps that require root access from the Play Store.
Google might be trying to remove root obtained through exploits because they are a greater security risk than just obtaining root itself, but they're not the ones locking up your devices. Last time I checked, every Nexus device's bootloader can be unlocked with a simple "fastboot oem unlock" command, and the Google Play Edition of this S4 has an unlocked bootloader out of the box. On those devices, you can still unlock, root, flash recovery, roms, and kernels without the need for exploits. In other words, Samsung did this to you, not Google.
EarlyMon likes this.
__________________
Site Rules/Guidelines / Meet the Team
If something needs attention, Report it .
If someone helped you, hit to show it.

Current Devices: Nexus 5, HP 14 Chromebook (Data Enabled), Google Glass, (2013) LTE Nexus 7, Logitech Revue, Chromecast
Retired: Samsung Fascinate, Droid Charge, Galaxy Nexus, (2012) WiFi Nexus 7, Asus TF700, Nexus 4
jhawkkw is online now  
Reply With Quote
The Following User Says Thank You to jhawkkw For This Useful Post:
Raptor_Jesus (October 3rd, 2013)
Old September 10th, 2013, 08:53 AM   #19 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

Quote:
Originally Posted by jhawkkw View Post
Google might be trying to remove root obtained through exploits because they are a greater security risk than just obtaining root itself, but they're not the ones locking up your devices. Last time I checked, every Nexus device's bootloader can be unlocked with a simple "fastboot oem unlock" command, and the Google Play Edition of this S4 has an unlocked bootloader out of the box. On those devices, you can still unlock, root, flash recovery, roms, and kernels without the need for exploits. In other words, Samsung did this to you, not Google.
Are you sure jhawkkw? Our boot loaders were unlocked, it's just these new firmwares that have it from what I can gather. I'm not saying your wrong, but it would be nice to know who to grumble at before firing off an email to a CEO.
dynomot is offline  
Reply With Quote
Old September 10th, 2013, 09:01 AM   #20 (permalink)
Moderator
 
jhawkkw's Avatar
 
Join Date: Jul 2011
Location: Rochester, NY
Posts: 9,372
 
Device(s): Nexus 5, HP 14 Chomebook, Google Glass, LTE Nexus 7(2013), Logitech Revue, Chromecast
Carrier: T-Mobile USA

Thanks: 2,726
Thanked 5,840 Times in 3,298 Posts
jhawkkw
Default

Quote:
Originally Posted by dynomot View Post
Are you sure jhawkkw? Our boot loaders were unlocked, it's just these new firmwares that have it from what I can gather. I'm not saying your wrong, but it would be nice to know who to grumble at before firing off an email to a CEO.
For the most part, I only own Nexus devices. I've owned 3 of them and am on the verge of buying the new LTE Nexus 7 to make it my fourth. This wouldn't be the first device ever that came unlocked and was later locked. Samsung has begun to make a push to be seen as a corporate option and that requires tight security. That's why software like Knox is on the device.
jhawkkw is online now  
Reply With Quote
sponsored links
Old September 10th, 2013, 09:16 AM   #21 (permalink)
Senior Member
 
Hawker's Avatar
 
Join Date: Aug 2011
Location: UK
Posts: 3,749
 
Device(s): GT-I9505 Firmware: Danvdh GE 4.4.2 Kernel: KT BL: MGA GSM: XXUFNC9 LTE: XXUBMH1
Carrier: EE UK (4G)

Thanks: 536
Thanked 1,712 Times in 1,049 Posts
Default

Knox is certainly to be blamed on Samsung (hence the sec in the file name below), but its a worrying trend nonetheless.

For those rooted users amongst us who are MGG+ original firmware, there are a couple of things you can try to get rid of the Knox annoying messages:

in an adb shell, type pm disable com.sec.knox.seandroid
or perhaps try and freeze Knox apps in TB

Personally, I'm staying on MGA for a while until this calms down a little.
Hawker is online now  
Last edited by Hawker; September 10th, 2013 at 09:18 AM.
Reply With Quote
The Following User Says Thank You to Hawker For This Useful Post:
EarlyMon (September 10th, 2013)
Old September 10th, 2013, 09:31 AM   #22 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default

Quote:
Originally Posted by Hawker View Post
Personally, I'm staying on MGA for a while until this calms down a little.
Probably just as well as, at the moment, MGG and above = a one way trip to locked bootloader land with no return.
ironass is online now  
Reply With Quote
Old September 10th, 2013, 10:10 AM   #23 (permalink)
Senior Member
 
Sydney99's Avatar
 
Join Date: Jul 2011
Location: UK
Posts: 1,569
 
Device(s): Galaxy S4: ECHOE KitKat + Philz + ML6 modem
Carrier: Vodafone

Thanks: 453
Thanked 414 Times in 303 Posts
Default

Just got in, you're not all trying to goad me into giving it a go are you.....that's cruel....
Sydney99 is offline  
Reply With Quote
Old September 10th, 2013, 10:23 AM   #24 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 44,035
 
Device(s): LTEvo, 3vo, and Shift
Carrier: Sprint

Thanks: 41,696
Thanked 54,830 Times in 21,866 Posts
Default

Quote:
Originally Posted by dynomot View Post
Are you sure jhawkkw? Our boot loaders were unlocked, it's just these new firmwares that have it from what I can gather. I'm not saying your wrong, but it would be nice to know who to grumble at before firing off an email to a CEO.
I'm absolutely sure - this lays at Samsung and not Google.

Google is only responsible for Android and only for Nexus devices at this level.

Samsung phones run TouchWiz, an Android variation based on the Android Open Source Project (AOSP).

Anything hardware-specific to a given device comes from the device manufacturer - device drivers, the kernel, and the bootloader - along with security and update policies.

Your gripe is with Samsung.

Promise.
__________________
|

Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.

Links: Site Rules / Guidelines -and- Zero Tolerance Policy (All Members Read)


For right-on help, the Thanks button is on the right of the post.
For anything out in left field, the /!\ report button is to the left.

Remember, it's our forums and we're all in this together - so let's keep it cool!

Shoot the breeze at the best new gun forum!
EarlyMon is offline  
Reply With Quote
The Following 2 Users Say Thank You to EarlyMon For This Useful Post:
dynomot (September 10th, 2013), jhawkkw (September 10th, 2013)
Old September 10th, 2013, 11:25 AM   #25 (permalink)
Senior Member
 
Sydney99's Avatar
 
Join Date: Jul 2011
Location: UK
Posts: 1,569
 
Device(s): Galaxy S4: ECHOE KitKat + Philz + ML6 modem
Carrier: Vodafone

Thanks: 453
Thanked 414 Times in 303 Posts
Default

Quote:
Originally Posted by EarlyMon View Post
I'm absolutely sure - this lays at Samsung and not Google.

Google is only responsible for Android and only for Nexus devices at this level.

Samsung phones run TouchWiz, an Android variation based on the Android Open Source Project (AOSP).

Anything hardware-specific to a given device comes from the device manufacturer - device drivers, the kernel, and the bootloader - along with security and update policies.

Your gripe is with Samsung.

Promise.

Well that's more encouraging news
Sydney99 is offline  
Reply With Quote
Old September 10th, 2013, 11:54 AM   #26 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

Thanks EarlyMon.

Syd I think it is good news. Maybe Samsung have rushed out so many similar firmwares, seemingly different for different regions only, that they've tacked on this Knox to patch the security holes and they are going to patch it properly later. The only thing that concerns me is the patch is floating around Google anyway, why does the bootloader need to be locked?

The good news is it is Samsung, the patch is out there and we've already got a rooted ROM minus Knox.
dynomot is offline  
Reply With Quote
Old September 10th, 2013, 12:07 PM   #27 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

Quote:
Originally Posted by Sydney99 View Post
Just got in, you're not all trying to goad me into giving it a go are you.....that's cruel....
Well Syd, Ironass is sticking, that should sound alarm bells. I am too, perfectly happy with MH1 at the moment. Should 4.3 pop up however with a locked bootloader without a hack that has been tried and tested I could be sorely tempted to risk it should a work around be announced, no matter how dodgy. Personally I'm sure Chainfire is on it as we wait.

Stay with what you have, I wouldn't want you to suffer bootloader lock with no way out.
dynomot is offline  
Reply With Quote
Old September 10th, 2013, 12:40 PM   #28 (permalink)
Premium Member
 
sntaylor's Avatar
 
Join Date: Jan 2012
Location: Ayrshire, scotland
Posts: 1,477
 
Device(s): S2 Rooted, Nexus 7 (Shared So Stock) Galaxy W(Fiancees)
Carrier: Not Provided

Thanks: 479
Thanked 360 Times in 280 Posts
Default

Knox isn't a new feature in the current updates, just the way it's been updated itself and implemented(I'm guessing anyway, but I know it is a feature that was already there for the s4 at some point!) And as early suggests, it's Def an issue with Samsung rather than Google, though I'm not entirely sure if the Knox feature does have anything to do with the master keys etc? I'm sure someone else can bring us up to confirmed speed on this :-)

Personally I'm quite happy with the cm10.2 based pro bam, I'll have no issues with locked bootloaders etc :-) the only thing I kinda miss, and even then it's not a massive miss, is the Samsung camera app, otherwise the phone is running smoother and nicer than it had been with any mga Rom I tried :-(
sntaylor is offline  
Reply With Quote
The Following User Says Thank You to sntaylor For This Useful Post:
EarlyMon (September 10th, 2013)
Old September 10th, 2013, 01:33 PM   #29 (permalink)
Senior Member
 
Sydney99's Avatar
 
Join Date: Jul 2011
Location: UK
Posts: 1,569
 
Device(s): Galaxy S4: ECHOE KitKat + Philz + ML6 modem
Carrier: Vodafone

Thanks: 453
Thanked 414 Times in 303 Posts
Default

Quote:
Originally Posted by dynomot View Post
Well Syd, Ironass is sticking, that should sound alarm bells. I am too, perfectly happy with MH1 at the moment. Should 4.3 pop up however with a locked bootloader without a hack that has been tried and tested I could be sorely tempted to risk it should a work around be announced, no matter how dodgy. Personally I'm sure Chainfire is on it as we wait.

Stay with what you have, I wouldn't want you to suffer bootloader lock with no way out.

Absolutely dyno. On mh1 I'm well into second day of battery with 41% left, all working smooth. No point changing unless New features come along.

Even I ain't that dum.
dynomot likes this.
Sydney99 is offline  
Reply With Quote
Old September 14th, 2013, 08:46 AM   #30 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default

Quote:
Originally Posted by Sydney99 View Post
Even I ain't that dum.
TIP: Don't ask for a show of hands Syd!


I have virtually re-written post #1 of this thread to update it with the latest information available as regards the new stock Samsung firmwares for the i9505 and other S4 models.

It is not just the locked bootloader causing the problems for dev's and us flashers but also the new, embedded, Knox Security that has been added to please corporate and government institutions.


TIP: 2 The term, "efuse", in post #1 is pronounced... EFF-You's
EarlyMon likes this.
ironass is online now  
Last edited by ironass; September 14th, 2013 at 10:57 AM. Reason: more sarcasm added
Reply With Quote
The Following 5 Users Say Thank You to ironass For This Useful Post:
dynomot (September 15th, 2013), EarlyMon (September 14th, 2013), Raptor_Jesus (October 3rd, 2013), sntaylor (September 15th, 2013), Sydney99 (September 14th, 2013)
sponsored links
Old September 16th, 2013, 04:44 AM   #31 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default

Have updated post #1, yet again, with more information gleaned from posters over the weekend, #1.3, who had tried to root the new firmwares. Have also included advice on what to do under such circumstances and have indexed the post for easy reference.

My advice is to check the firmware details of anyone posting unusual problems on this forum in case they have tried to root any of the latest firmwares.
ironass is online now  
Last edited by ironass; September 16th, 2013 at 04:56 AM.
Reply With Quote
The Following 3 Users Say Thank You to ironass For This Useful Post:
dynomot (September 16th, 2013), EarlyMon (September 16th, 2013), Sydney99 (September 16th, 2013)
Old September 16th, 2013, 05:04 AM   #32 (permalink)
Senior Member
 
Sydney99's Avatar
 
Join Date: Jul 2011
Location: UK
Posts: 1,569
 
Device(s): Galaxy S4: ECHOE KitKat + Philz + ML6 modem
Carrier: Vodafone

Thanks: 453
Thanked 414 Times in 303 Posts
Default

Should have got the HTC one after all!
Sydney99 is offline  
Reply With Quote
Old September 16th, 2013, 05:17 AM   #33 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

Quote:
Originally Posted by Sydney99 View Post
Should have got the HTC one after all!
SYD ! Wash your mouth out with soap and water !
ironass likes this.
dynomot is offline  
Reply With Quote
Old September 16th, 2013, 09:50 AM   #34 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default

Quote:
Originally Posted by Sydney99 View Post
Should have got the HTC one after all!
Syd! An hour on the Naughty Step for you and don't move until I tell you!

Actually, I think that we will be seeing more of this security situation from other handset manufacturers who are keen to get their handsets accepted by government and large corporations, who demand enhanced security for BYOD.


Have added yet another paragraph, #1.4, to the rapidly growing post #1. This concerns reports that I have been reading on other forums that those who have upgraded to the latest bootlocked and Knox security firmwares, even though they are not rooted, have been experiencing problems with some of the Play Store apps that are possibly being treated as security breaches by Knox.


FYI: Knox requires a locked bootloader to operate.

It is named after the United States bullion depository, often referred to as Fort Knox, in Kentucky, which featured in the James Bond film, Goldfinger, starring Sean Connery.
ironass is online now  
Reply With Quote
The Following User Says Thank You to ironass For This Useful Post:
Raptor_Jesus (October 3rd, 2013)
Old September 16th, 2013, 10:51 AM   #35 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

I saw the post about Whatsapp in the general SGS4 forum and thought about asking what firmware they were running, as I did wonder.

I think if Knox requires a locked bootloader to work, both are here to stay. I don't require Knox - my device is my own. Would it be too much for Samsung to provide two versions of the same update, one with Knox and the locked bootloader and one without. Only those admin privileges should be able to update via OTA or Kies, and have a choice which version they install.
sntaylor likes this.
dynomot is offline  
Reply With Quote
Old September 18th, 2013, 12:29 PM   #36 (permalink)
Senior Member
 
lotus49's Avatar
 
Join Date: May 2011
Location: Yorkshire
Gender: Male
Posts: 1,330
 
Device(s): Samsung Galaxy S4, Motorola Xoom (wi-fi), Samsung Galaxy Note 10.1 2014
Carrier: Three

Thanks: 67
Thanked 193 Times in 162 Posts
Default

Quote:
Originally Posted by Sydney99 View Post
Should have got the HTC one after all!
This will only affect people who install or have their phone provided with a ROM that includes a locked bootloader.

I can see why Samsung did this as it provides a rock solid way for a ROM to check that it is running on a device that has not been tampered with.

It is not a good thing for those of us who like to install 3rd party ROMs but want to have the possibility to return the device to factory condition but, let's face it, we are a tiny minority.
lotus49 is offline  
Reply With Quote
Old September 18th, 2013, 01:09 PM   #37 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

Quote:
Originally Posted by lotus49 View Post
It is not a good thing for those of us who like to install 3rd party ROMs but want to have the possibility to return the device to factory condition but, let's face it, we are a tiny minority.
While this is undoubtedly true, I think you miss two points. One Android is meant to be Google's (not Samsung's) "Open Source" operating system. Now how open is "Open" is open to debate, but you get my point.

Second, and more importantly, given that we who flash and tinker with our devices are a tiny proportion of Android users, we still paid our hard earned cash on the device of our choice. A new firmware has decreased it a usability for us. Are we entitled to compensation?


Personally I find the excuse of warranty voiding simply by rooting as disgusting. It is a cop out, and here in the UK at least very dubious legally. I can't imagine Hewlett Packard (for instance) voiding a hardware warranty just because I installed Linux on my lap top.

I bought an Android smartphone not an Apple one, and while I can see the appeal of a device that works well, I want to escape the lovely walled garden and explore on my own.
Straydog likes this.
dynomot is offline  
Last edited by dynomot; September 18th, 2013 at 01:11 PM. Reason: Typos
Reply With Quote
The Following User Says Thank You to dynomot For This Useful Post:
Sydney99 (September 18th, 2013)
Old September 18th, 2013, 03:39 PM   #38 (permalink)
Senior Member
 
lotus49's Avatar
 
Join Date: May 2011
Location: Yorkshire
Gender: Male
Posts: 1,330
 
Device(s): Samsung Galaxy S4, Motorola Xoom (wi-fi), Samsung Galaxy Note 10.1 2014
Carrier: Three

Thanks: 67
Thanked 193 Times in 162 Posts
Default

Quote:
Originally Posted by dynomot View Post
While this is undoubtedly true, I think you miss two points. One Android is meant to be Google's (not Samsung's) "Open Source" operating system. Now how open is "Open" is open to debate, but you get my point.
The issue here isn't to do with the licensing of the code though is it?

Quote:
Originally Posted by dynomot View Post
A new firmware has decreased it a usability for us. Are we entitled to compensation?
Only if you install it. If you don't, you are no worse off than when you bought your phone. Having said that, if I were just about to buy an S4, this would definitely put me off. I am disappointed that Samsung has chosen to do this but it will only affect my future purchasing decisions. I am very happy with my S4 regardless of what Samsung now decides to do.

Quote:
Originally Posted by dynomot View Post
Personally I find the excuse of warranty voiding simply by rooting as disgusting. It is a cop out, and here in the UK at least very dubious legally.
I'm completely with you here and I do not believe that this would stand up in court.

I have to say that I do think this is actually quite a clever security control that will appeal to businesses and I think Samsung's decision is probably a commercially sensible one for them.
lotus49 is offline  
Reply With Quote
Old September 18th, 2013, 04:06 PM   #39 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

I agree it is clever, no arguments there. It's also more than a little underhanded. Millions of Android owning people will have updated by now OTA, some with more nous with Kies, and no doubt found things a little better, smoother and maybe less buggy. In short they'll be happy in their ignorance. And why not? They on the surface have lost nothing and gained something, all the time not realising they now have a device crippled from it's former state. How many of those that do flash and root have kept their devices "stock", just for a while and only found out that last OTA update has cut their rooting dreams at the knees. Melodramatic? Perhaps, but I am angered by Samsung.

I see where your coming from with the licensing of the code. Your right that is not the issue. I concede that.

I just despair, I'm not naive enough to believe Samsung won't follow the bottom line. If Knox makes them the darling of the corporate world giving needed security to BYOD. They need and should go after this lucrative market. I wish they'd actually told us first though, locking their damn bootloaders.


Sorry , rant over.
dynomot is offline  
Reply With Quote
Old September 19th, 2013, 12:48 AM   #40 (permalink)
Senior Member
 
Sydney99's Avatar
 
Join Date: Jul 2011
Location: UK
Posts: 1,569
 
Device(s): Galaxy S4: ECHOE KitKat + Philz + ML6 modem
Carrier: Vodafone

Thanks: 453
Thanked 414 Times in 303 Posts
Default

Might as well call it an iGalaxy...
Sydney99 is offline  
Reply With Quote
sponsored links
Old September 19th, 2013, 03:38 AM   #41 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

Quote:
Originally Posted by Sydney99 View Post
Might as well call it an iGalaxy...
Now your goading me Syd

I know someone who is a network engineer. He installs a companies network in a new office, trouble shots and moves on. He loves Apple, but not in a blind way. He loves how everything Apple "just works", the inherent problems of getting say a BlackBerry to talk to a IBM server and on to a Windows terminal are just not there. He loves the "Walled Garden", where once he hated the "closedness" of them.

I feel this is the way it is all heading, where money is to be had "openness" and the like can go hang. The internet is in continuous danger of being chopped up by the ISPs who would love to be able to supply access with "options" like cable TV. There's not much we can really do except rant, and wring our collective hands. Just be aware of it, and don't walk into a future ignorant. Knowledge is power.
dynomot is offline  
Reply With Quote
Old September 25th, 2013, 11:14 AM   #42 (permalink)
Senior Member
 
Sydney99's Avatar
 
Join Date: Jul 2011
Location: UK
Posts: 1,569
 
Device(s): Galaxy S4: ECHOE KitKat + Philz + ML6 modem
Carrier: Vodafone

Thanks: 453
Thanked 414 Times in 303 Posts
Default

Right, so this Knox and bootloader bollocks. As I see it, now that you can root a Knox firmware, there are 2 issues from flashing
1. Once you flash, there's no going back....
2. It voids warranty

So, for the first point, generally it's unusual to want to use old versions unless you find a gem. For the second, we all live with this possibility anyway when we start rooting or phones.

So really, is this not a lot of hot air and panic....or am I missing something.......again!
Sydney99 is offline  
Reply With Quote
The Following User Says Thank You to Sydney99 For This Useful Post:
ironass (September 25th, 2013)
Old September 25th, 2013, 12:07 PM   #43 (permalink)
Senior Member
Thread Author (OP)
 
ironass's Avatar
 
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,009
 
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,613 Times in 2,395 Posts
Default

Quote:
Originally Posted by Sydney99 View Post
Right, so this Knox and bootloader bollocks. As I see it, now that you can root a Knox firmware, there are 2 issues from flashing
1. Once you flash, there's no going back....
2. It voids warranty

So, for the first point, generally it's unusual to want to use old versions unless you find a gem. For the second, we all live with this possibility anyway when we start rooting or phones.

So really, is this not a lot of hot air and panic....or am I missing something.......again!
1. Definitely, no turning back to pre Knox firmware but as you say Syd, how many of us ever want or need to go back?

2. In the absence of an official statement from Samsung can I amend that to say that... in theory it could be used to void warranty.

The reason I say this is that DjeMBeY maintains that there are legitimate, unrooted, reasons that could increase the Knox counter. So, let us say for instance that a warranty repair was needed and TriangleAway had been used to reset the Samsung binary counter and a stock firmware was flashed then it could quite easily have been an error installing a stock firmware via KIES and there will be no other supporting evidence to prove otherwise... i.e. the Samsung binary counter.

I can understand why Samsung had to do this and why other manufacturers will almost certainly have to follow suit. Grudgingly, I have to say that Samsung made a darned good job of it and one that will reassure the IT departments of those who require this sort of security on a device to allow its use.

Since the latest releases of firmware for the S4 all seem to be based on MGA/MH1 with just the addition of the new security features, I can see no reason to shift from my present ROM as there is no advantage. However, with the imminent release of Android 4.3 and the enhancements that this brings, I shall be updating.
sntaylor likes this.
ironass is online now  
Reply With Quote
The Following User Says Thank You to ironass For This Useful Post:
Sydney99 (September 25th, 2013)
Old September 25th, 2013, 02:15 PM   #44 (permalink)
Premium Member
 
sntaylor's Avatar
 
Join Date: Jan 2012
Location: Ayrshire, scotland
Posts: 1,477
 
Device(s): S2 Rooted, Nexus 7 (Shared So Stock) Galaxy W(Fiancees)
Carrier: Not Provided

Thanks: 479
Thanked 360 Times in 280 Posts
Default

Where I see issues will be if Google or Samsung release a version that's buggy and many people don't like, such as ics on the s2, I'm sure I'm not alone in remembering the complaints from it and the number of people enquiring about rooting just to go back to gingerbread(personally I never had any issues with ics but that's just me :-P)

Obviously for the masses, Knox ain't really an issue either way, but for those that need it it's great and those in our camp, it's a pain in the ass!
sntaylor is offline  
Reply With Quote
Old September 25th, 2013, 11:58 PM   #45 (permalink)
Senior Member
 
Shotgun84's Avatar
 
Join Date: May 2011
Location: Cambridgeshire, England
Posts: 5,243
 
Device(s): Galaxy S4 GT-I9505 ROM: WanamLite, Kernel: KT-SGS4
Carrier: 3UK

Thanks: 1,612
Thanked 3,034 Times in 1,814 Posts
Default

Yeah I'm not really seeing the problem if you're already rooted. All you have to do is flash one of the numerous ROM's which doesn't contain the new bootloader or Knox and you're on the latest firmware with the possibility of returning to your old. I'm actually quite surprised that DjeMBeY keeps including the bootloader. Although he knows more than me so I'm sure he has his reasons. I can see how it may be a problem if you aren't already rooted but are planning to though.
Shotgun84 is offline  
Reply With Quote
Old September 26th, 2013, 09:13 AM   #46 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

This would be all fine and dandy, save for the elephant in the room, and I may be trying to compare apples with oranges. (can I squeeze in any more metaphors in that sentence?) But doesn't flashing make Knox physically "break" something, telling Samsung we have flashed? Leaving aside the BYOD corporate world where it a a fine, and to be applauded security measure, isn't it a bit "big brother". If I wanted to I could go out buy a Windows PC and install Linux. A year later, if I wanted to I could remove Linux, reinstall Windows and sell it as what it is a Windows laptop. No one would need to know and know one would be affected. Now say I flash my phone, Knox comes in and later I flash an ordinary stock firmware to sell it, I actually sell it broken. It can't be used as a BYOD by it's new owner and Samsung won't honour (illegally in the UK in my understanding anyway) a my warranty. This us what sticks in my craw. I guess I will have to accept it, doesn't make me happy though.
dynomot is offline  
Reply With Quote
The Following User Says Thank You to dynomot For This Useful Post:
Sydney99 (September 26th, 2013)
Old September 26th, 2013, 10:00 AM   #47 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 44,035
 
Device(s): LTEvo, 3vo, and Shift
Carrier: Sprint

Thanks: 41,696
Thanked 54,830 Times in 21,866 Posts
Default

Remember, Samsung is not only after the corporate market - they're going after the military.

Here's a cached copy (links or it didn't happen), hopefully viewable despite the Java script session id -

http://webcache.googleusercontent.com/search?q=cacheiudUlSMhFAJ:web.nvd.nist.gov/view/ncp/repository/checklistDetail%3Bjsessionid%3D772B386CFD308946899 ADDFA8FF7076E%3Fid%3D458+&cd=6&hl=en&ct=clnk&gl=us

I personally think that influenced the bootloader decision.
EarlyMon is offline  
Reply With Quote
The Following User Says Thank You to EarlyMon For This Useful Post:
Raptor_Jesus (October 3rd, 2013)
Old September 26th, 2013, 11:22 AM   #48 (permalink)
Premium Member
 
sntaylor's Avatar
 
Join Date: Jan 2012
Location: Ayrshire, scotland
Posts: 1,477
 
Device(s): S2 Rooted, Nexus 7 (Shared So Stock) Galaxy W(Fiancees)
Carrier: Not Provided

Thanks: 479
Thanked 360 Times in 280 Posts
Default

Quote:
Originally Posted by EarlyMon View Post
Remember, Samsung is not only after the corporate market - they're going after the military.

Here's a cached copy (links or it didn't happen), hopefully viewable despite the Java script session id -

National Vulnerability Database (NVD) National Checklist Program Checklist Detail for Samsung Knox Android 1.0 STIG Version 1

I personally think that influenced the bootloader decision.
Sorry early but link doesn't seem to wanna work for me using chrome at least :-(and although I'm only replying now,I actually tried it about five mins after you posted it....

Google
404. Thatís an error.

The requested URL /search?q=cache%3Cimg%20src=%22http://www.androidforums.com/images/smilies/redface.gif%22%20border=%220%22%20alt=%22%22%20tit le=%22Embarrassment%22%20class=%22inlineimg%22%20/%3EiudUlSMhFAJ:web.nvd.nist.gov/view/ncp/repository/checklistDetail%3Bjsessionid%3D772B386CFD308946899 ADDFA8FF7076E%3Fid%3D458+&cd=6&hl=en&ct=clnk&gl=us was not found on this server. Thatís all we know.
sntaylor is offline  
Reply With Quote
The Following User Says Thank You to sntaylor For This Useful Post:
EarlyMon (September 26th, 2013)
Old September 26th, 2013, 11:33 AM   #49 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 44,035
 
Device(s): LTEvo, 3vo, and Shift
Carrier: Sprint

Thanks: 41,696
Thanked 54,830 Times in 21,866 Posts
Default

Google: nist Samsung knox

See the link at web.nvd.nist.gov as well as some others that may be interesting.

Sorry about the Java script session.
ironass likes this.
EarlyMon is offline  
Reply With Quote
The Following 5 Users Say Thank You to EarlyMon For This Useful Post:
dynomot (September 26th, 2013), ironass (September 26th, 2013), Raptor_Jesus (October 3rd, 2013), sntaylor (September 26th, 2013), Sydney99 (September 26th, 2013)
Old September 26th, 2013, 03:01 PM   #50 (permalink)
Senior Member
 
dynomot's Avatar
 
Join Date: Dec 2011
Location: Sheffield U.K
Gender: Male
Posts: 1,059
 
Device(s): SGSII (GT-i9100)-SOLD SGSIII(GT-i9300)-SOLD SGS4 (GT-i9505)-SOLD
Carrier: Vodafone UK

Thanks: 314
Thanked 340 Times in 263 Posts
Default

Fascinating, Knox appears to be the dogs danglies when it comes to security on Android devices. For phones with Knox up and running from a server they have a white list of applications that are allowed. Applications can have their permissions recindered remotely and basically Knox has the US military's approval. All good stuff for Samsung.
dynomot is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Phones > Samsung Galaxy S4 > (International) Galaxy S4 - All Things Root
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 07:56 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.