If I root my tab s8+ and then wipe the OneUI from twrp and flash android 12L firmware from Google will it work and will the tablet boot up? Also what effect does rooting have on Knox does it disables it completely or there is just a failsafe which tells samsung i attempted to root my device but the Knox keeps on functioning?
I might try this when my warranty is finished.
I am attempting to get rid of GOS since Samsung has so heavily throttled the performance of Tab s8 series and the lack of optimized apps is even more frustrating. I bought Samsung rather than apple cause of the more open and accessible ecosystem but I think IOS is much better for it's app optimization and smoothness, I used my friends Ipad air and the applications are so smooth compared to on my tab s8+.
Rooting requires bootloader unlock and unlocking the bootloader triggers KNOX chip permanently. So apps like Samsung pass, secret folder and such also becomes permanently disabled since they require a working knox chip to work. Since they use knox chip to encrypt it's data and then stores key securitly in knox chip. So no-one can get key and decrypt the data if the device is hacked or similar.
Jake.S said:
Rooting requires bootloader unlock and unlocking the bootloader triggers KNOX chip permanently. So apps like Samsung pass, secret folder and such also becomes permanently disabled since they require a working knox chip to work. Since they use knox chip to encrypt it's data and then stores key securitly in knox chip. So no-one can get key and decrypt the data if the device is hacked or similar.
Click to expand...
Click to collapse
Well I have read several reports of Knox getting hacked or samsung getting hacked and Knox user data getting released. It's not a military grade security solution I don't use secure folder, as it has deleted the data of it's users or lost it after some time without any reason.
If I flash 12L on this tablet shouldn't it work since the hardware is there albeit I will lose some good functionality like samsung dex and the OneUI user interface but I can revert back by flashing samsung firmware. I want to get the max performance as possible without kernels from this device and GOS is completely baked deep in OneUI, stock android can atleast allow normal performance from this tablet.
I have a mobile with sdm 845 and I can play games on 60 fps constant on that but on this tablet it goes from 60 to 45 and is extremely unstable lot of spikes and frame drops, even though it has a much stronger processor and GPU and they are not throttling but idling about 35-40 °C. Initially disabling gos (AllianceShieldX) allowed for constant 85-90 fps on this tablet but now on OneUI 4.1.1 even after clearing data and disabling it does not do so, anything, AllianceshieldX knox license is currently banned by samsung they are looking for a workaround so I can try that as well on this new Android version when that is available.
HARNATH said:
Well I have read several reports of Knox getting hacked or samsung getting hacked and Knox user data getting released. It's not a military grade security solution I don't use secure folder, as it has deleted the data of it's users or lost it after some time without any reason.
If I flash 12L on this tablet shouldn't it work since the hardware is there albeit I will lose some good functionality like samsung dex and the OneUI user interface but I can revert back by flashing samsung firmware. I want to get the max performance as possible without kernels from this device and GOS is completely baked deep in OneUI, stock android can atleast allow normal performance from this tablet.
I have a mobile with sdm 845 and I can play games on 60 fps constant on that but on this tablet it goes from 60 to 45 and is extremely unstable lot of spikes and frame drops, even though it has a much stronger processor and GPU and they are not throttling but idling about 35-40 °C. Initially disabling gos (AllianceShieldX) allowed for constant 85-90 fps on this tablet but now on OneUI 4.1.1 even after clearing data and disabling it does not do so, anything, AllianceshieldX knox license is currently banned by samsung they are looking for a workaround so I can try that as well on this new Android version when that is available.
Click to expand...
Click to collapse
That hack was hacking Samsungs servers containing customers data. Not data from mobile phones or tablets. Since KNOX stores locally and does not communicate with Samsung servers or so. So that data is unaffected by the hack that happened to Samsung in USA.
Also only data samsung has got is name, street, email and so on that kind of data was hacked from samsung servers.
Related
Apparently the ONLY version of Android that is vulnerable to Heartbleed is 4.1.1. I ran a check on my phone, and sure enough I'm running that version, and heartbeats are definitely enabled. I used the Lookout security app to verify this. Is there a way I can patch my system myself and somehow disable the heartbeats feature without having to wait another 3 years for Motorola to come out with a fix? My phone is rooted, but something tells me that OpenSSL probably needs to be essentially recompiled with a flag set to disable heartbeats?
I was hoping there would be a quick config file for OpenSSL that can be modified, but I'm not usually lucky. Based on everything I've seen thus far, a recompile with a flag set is the only way to fix this. Figured i'd give it a shot and ask on here.
I've been thinking about the same thing.
If memory was encrypted that could solve all or part of the problem.
If the Chrome https browser cache were turned off, which I think requires an APK edit there would not be any clear text data in the browser cache.
What do you think?
dosmac said:
Apparently the ONLY version of Android that is vulnerable to Heartbleed is 4.1.1. I ran a check on my phone, and sure enough I'm running that version, and heartbeats are definitely enabled. I used the Lookout security app to verify this. Is there a way I can patch my system myself and somehow disable the heartbeats feature without having to wait another 3 years for Motorola to come out with a fix? My phone is rooted, but something tells me that OpenSSL probably needs to be essentially recompiled with a flag set to disable heartbeats?
I was hoping there would be a quick config file for OpenSSL that can be modified, but I'm not usually lucky. Based on everything I've seen thus far, a recompile with a flag set is the only way to fix this. Figured i'd give it a shot and ask on here.
Click to expand...
Click to collapse
Yep, 4.1.1 is vulnerable to this. 4.1.2 has the no heartbeat fix added in and 4.1.1 took the update that was bugged. That said, we DO have TWO 4.1.2 Stock roms, Mexican Retail and Bell are both 4.1.2 and should have that fix -- needs confirmation. Our Stock ICS roms are all from before this bug was added in and are safe. In reality, only stock, locked AT&T Atrix HD's are vulnerable to this since all the other roms* have this fix.
Normally I'd say something around the lines of give me a few days and I'll look into this more, but I've been busy lately, and when I'm not busy I'm either tired or sore; did some heavy lifting a few weeks ago and my back is still sore from that day.
*Our 4.1.2 roms are untested, but 4.1.2 AOSP has the fix so our 4.1.2 stocks should too
I was just thinking that ther eis no such thing as security. Security is achieved by being harder to exploit than the other computers. Even 3-DES can be cracked with enough computing power.
So encrypting memory and stopping https caching would close two big holes. I'm now wondering what holes would remain to be exploited by the heartbeat exploit on a 4.1.1 device if this were done?
stevep2007 said:
I was just thinking that ther eis no such thing as security. Security is achieved by being harder to exploit than the other computers. Even 3-DES can be cracked with enough computing power.
So encrypting memory and stopping https caching would close two big holes. I'm now wondering what holes would remain to be exploited by the heartbeat exploit on a 4.1.1 device if this were done?
Click to expand...
Click to collapse
If I was on a stock phone running 4.1.1 and I was that worried about heartbleed, I'd unlock the bootloader and install Bell or Mex Retail because both are 4.1.2. I might even be possible to just swap the exploited binaries with the ones in our 4.1.2 roms, that's something someone else worried about this can do. Hell, it might even be possible to run the 4.1.2 roms with safestrap and the AT&T kernel...again, that's a someone else thing...I have no intention of dicking with SSR.
Think about Wifi being hacked....when it first came out a crappy password like 12345678 was good enough because computing power wasn't that good for consumers yet; nowadays, a basic gaming laptop can check 500,000 wpa2 passwords a second, a decent desktop with multiple GPU's can do over a million a second. All wpa2 hacking is sniffing out the verification md5*, then the tools generate passwords and their md5 and compare it against the sniffed out one, eventually you'll find one that matches, especially so if the password sucks. If you know how certain telecoms set up their wifi passwords, you can shorten the amount of time taken by limiting to the characters they use -- for example, AT&T U-Verse** uses 10 digit numeric passwords, so all you'd have to do is limit the tools to use numbers and start with 10 digits....hint: there are only 1 million codes if you use 10 numbers only....10 to the power of 10 and all....
That isn't a wifi hacking tutorial, just an example of how overtime good security unchanged becomes very bad security and how eventually an exploit will be found and security compromised, like how wpa2 for a split second sends out a the verification md5 unencrypted.
*not sure if WPA2 uses md5, but most of us know what md5's are
**last time I read about that service that's what I saw...and I read that a few months ago
I am no expert but I used to read a lot into resetting/unlocking low-level BIOS passwords/locks/trackers on high security enterprise laptops.
The method was to replace, jump or flash EEPROM chips on the motherboard, sometimes using wires soldered onto specific pins with a flashing device/computer on the other end.
The hardest ones required specific software (probably leaked from the manufacturer) for flashing a modified BIOS binary file to reset locks, or replacing EEPROM chips that matched the unique ID of the rest of the hardware.
If Samsung implements KNOX by using/modifying the hardware on the phones, then a similar hardware level solution might exist.
There's a good chance I am wrong, since the older phones that didn't have Knox got Knox using a software update, but in either case, I think it's going to require a leak from a Samsung insider.
Even then, there's a strong chance Samsung will release an update to disable the leak since the purpose of Knox seems to be to reduce warranty claims and the enterprise customers are just an excuse.
Ultimately, that's bye bye to Samsung for taking this route unless they ALLOW a solution.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Hate to reply to myself but for anyone passing by:
I've realised after reading the Galaxy Note 3 forums, it turns out that Knox IS actually implemented and tripped by hardware, the Qualcomm CPU in particular which has eFuses (that Qualcomm call qFuses) that burn out irreversibly when they are tripped. So resetting the counter is pretty much impossible.
This thread is where the main Knox action is going on in the Note 3 Forums, where a bounty is offered to anyone who can find a solution:
http://forum.xda-developers.com/showthread.php?t=2486346
It seems so far that a method to flash recoveries/kernels/roms without tripping the Knox counter is the best possible option.
If you google for hacking the latest devices, you will find a large number of posts of advertisements for Cellebrite (a well-known security research organization) to provide physical extraction of IOS and android devices, including the S9/S9+. You will also discover additional commentary on the latest pursuits in forensics, some claiming the ability to root Samsung devices without tripping the Samsung Knox fuse bit, or other claims with successful attacks against Samsung and its group of Knox enabled phones. Lots of discussion about loading alternative bootloaders, and even some claiming to get past the encryption. Perhaps someone can provide a simple response...
Is there a known attack to gain access to encrypted data on a Samsung S9, S9+, or note 9 device? Particularly, can knox containers be extracted/decrypted with forensics tools and/or physical access attacks?
I think this is particularly interesting since Apple has updated IOS 12 with something that makes it more difficult (I'll wait before saying impossible) for tools/labs used by law enforcement agencies to gain access to their devices... I've always held that the Samsung devices with all their government usage and certifications got a lot more attention with making sure this was not possible... And the record seems to indicate that...
Thanks for any response/contribution to the discussion.
Simple response: We don't know because if they do have a way to break the encryption, they wouldn't want Samsung or anyone else to be aware.
I suspect enabling the login before Android boots fully would help but my guess is that there is likely someone out there capable of breaking all of the encryption.
I was running a U1 XAA build of Android 10 2.0 with the
June 1 Security patch that I'd downloaded and flashed
from Sammobile.
Awhile ago I downloaded and flashed the U1 XAA 2.1 update from the same place and noticed that there
are a number of apps I can no longer deny Wifi Control
access to under the Apps Special access area:
DeviceTest
DeviceKeystring
FACM
Gear VR Service
Voice wake-up
being 5 out of the 12 I cant deny access to.
Also I am no longer able to disable Google Play Services
whereas before in 2.0 I could. I'm not even allowed to forcestop Play Services now! Its not just these two changes, there are other things I used to be able to disable but now can't. And I have *two* 'SmartThings'
apps, one is version 10.0.37.0 and the other is version
1.7.50-21 (the-21 is just how its listed.)
I know this all sounds somewhat tame and trivial but I would like to know if this is all normal and can be confirmed by anyone else.
Anyone
-----------------
**Update**
Okay, just wanted to post some info on some sort of resolution to the above, mostly for those who make honest and earnest pleas for help and ask really pertinent questions but are ignored by the knowledgable (or criminal)
peruser.
In short, I was hacked. It doesn't come as a surprise (has happened *many* times with my N9. It *does* make me wonder about that supposed military-grade Knox security)
How do you know if you're hacked?? I just used the Running Services lister under Development Tools. Look
for services that shouldn't be running as often as they do
(Last hack they had Samsung Push which is for delivering notifications related to Samsung apps?? running something as a Service (not sure what it was but as soon as I stopped it, it popped right back up) or things you never use or have deactivated showing up in the cache (ESPECIALLY Aircommand!! Disable this as a Trusted Agent immediately! And keep an eye on it, and always keep the Air Remote feature OFF).
Also, the Google Play Store app. When I flashed the July 2020 Security update I noticed the Play Store was still at the May 2020 version update. I didn't think much of it at the time, but after having to Factory Reset I noticed it now read July 1 2020. So I guess the 'worms' have the May version hacked. Sucks that villany loves working for free breaking stuff, but in order to build something up and protect it, it takes toil and coercion.
Finally (Not sure if this is actually a sign of malware or hacking, but the only reference I could find relating to it
was from a guy who was truly beleaguered by hackers)
theres a User Certificate under Biometrics & Security / Other
Security settings / User Certificates that reads as
'FindMyMobile' and purports to being necessary for VPN security and other applications. Well, I had Find My Mobile
deactivated and uninstalled via ADB and it still showed back up after being deleted numerous times and my VPN seems to work without it. It might be for the Note 9's
built-in Knox android VPN strengthening parameters, but I couldn't find nfo online about it anywhere except in the case I mentioned which seems very odd. Qualifying proof of its malicious intent for me?: After factory resetting it hasn't shown back up.
I dont think my N9 is cleaned or I should say I'll never trust a smart phone fully again, not until the outdated and hacked 40 year old SS7 protocol that runs all cellular communications is updated, not until something more reliably secure than 'somewhat' obsfucatingly complex baseband processors are present in phones and maybe something akin to a hardware firewall in the soc that can interpret and filter non-carrier invalid commands (prob only need to update that damn SS7 protocol!) I'd also love it if Google/Alphabet would dump Android and start over with a new updated mobile OS with security at the forefront (Think, updates delivered via 'Middleware', roms bought initially directly from the manufacturer that can be crytographically flashed up to three times with signed updates with each update burned and locked into the rom via fuses. Each factory reset brings you back to your last update. The roms are only updatable if a hardware dip switch is tripped which moves actual physical leads in the soc which powers the ability to flash this chip. And maybe screw AOSP, I wonder if all this open sourceness has actually given the malware creators more knowledge to
finess the software and the hardware. The so-called white-hat 'Ethical Hackers' (LOL! HOW can breaking into someone's personal space without permission outside of national defense be considered ethical?!? All hackers are criminals. If you want to be considered a 'good' hacker (*snort*) bring to light the measly exploits and software, the slime who make and distribute the same and tell how to protect against them and detect them and disable them. Criminals giving webinars and seminars about how to circumvent protections for devices that billions of people rely on for living should be outlawed FULL-STOP-PERIOD I'd rather have one slime who knows how to get into a system than having that slime be allowed to freely distribute the software and knowledge so that millions of other definately less conscionable scum can make use of his knowledge.)
hackers only care about making their fame and fortune by
beinging to light obscure and unknown exploits that no one has ever used or are likely to use than going after to exoloits that *are* in use and *do* affect those in the here and now. It must give some sense of ease not to be in contention with real criminality and the fear of any reprisals from the 'less-ethically saturated' in the tech community.
Just wanted to get that out somewhere. I know its pointless and no-one will listen. Look at what Edward Snowden sacrificed for people who were/are unworthy of *any* sacrifice by betraying everything bit by bit, battle by battle until it must one day be reclaimed (if it can be) via costly confrontation, disruption and perhaps irrevocable critical loss.
Okay, END RANT. Yeah, a slow day, corona cloud and all.
But seriuosly the Feds need to check all this electronic criminality, its gotten waaay out of hand. TO FEDS: Less hunting terrorists, MORE hunting electronic predators and anarchists!
Hi, @tamdwin,
Even though you believe your phone may have been hacked, DeviceKeystring, DeviceTest, EmergencyManagerService, FACM, IMS Service, IOTHiddenMenu, Samsung MirrorLink 1.1, Settings, Setup Wizard, Wi-Fi Direct & WlanTest are enabled on my Note9 with One UI 2.1, Security patch: 1 July 2020 (w/out Google Play Services/Google Play Store, Bixby, GearVR, DeX...only have Google Services Framework installed).
After downloading the 1 July 2020 Security update, I noticed that these services could no longer be turned off for wi-fi control.
Wish I never downloaded the update for the fancy camera features, lol.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
Some of the settings, such as disabling "Find My Mobile" from running in the background, reset/enable after you restart the phone.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
But will it blend!
https://www.youtube.com/watch?v=FN9mktgYZJ8
I am worried about these things, so I am looking at developing my own custom ROM.
Sorry for my English I Am brazillian
@P00r ROFL! The Samsung S4 Active shake looks delicious! Thank you for sharing the vid!
silvaBR said:
I am worried about these things, so I am looking at developing my own custom ROM.
Click to expand...
Click to collapse
That sounds like an excellent plan!
I recently had a mint Samsung Galaxy Note 9 SM-N960U with Knox Mobile Enrollment already setup on the device. I used a remote service to remove the Knox Security, during the remote service, the technician used the combination file, he extracted the combination to be seeing all the files and he took the file devcfg.mbn and flashed it on the phone with Odin, then the phone shutted off and refused to boot again, completely dead, i say it again was completely dead.
So i found on the internet that Samsung is advancing is security and so the process to remove Knox is used with a connection to the CPU of the device and use the CPU for calculating the bypass of that security. So Samsung in the development of the security of Knox implanted the same security then the one the Government uses which consist about hacker which use the calculation of the processor to hack the system or a security system files, if it happen then the processor is automatically destroyed remotely by the network and the Cyber Police receive a red flag concerning that processor, with location of the event and they receive the auto-logs of the device which is on the network a virtual copy of your real devices, and then they can confirm that the CPU destruction was required because it was giving a danger for their content.
Because the CPU is hacking the Security Knox, then their development reached to be the same method then the Government. Who didn't heard that the FBI, CIA, NSA had the possibility to destroy any laptop or computer immediately when a hack is detected, This is in place in case of hacker using the 32bits or 64bits of the processor to process some exploits or hacks directly to Network.
I let you know that Samsung Corp. made about 53 Trillions of Sales in 2019 and in that amount 17 Trillions was pure profit for Samsung. Corp. so for them to reach the norm of the security on the market of phone and tablet have made them spending a lot of billions into their security and of their network. I believe they can put a 300 billions really easy into the development of a security that businesses and corporations are using, Knox is Samsung brand (if i don't do mistake, at least it used by Samsung i'm sure).I believe in this security to be coming pretty soon as Samsung is pushing to implant that to his new Knox Security and to the Firmware Root Security also. Does It mean that using a box (Z3X, Octoplus, Miracle Thunder) and to run the process normal of FRP reset will destroy the motherboard now, because these box they connect directly to CPU, chips and they uses them to remove the locks and to reset the security of the devices.
I ask you if the things is possible do Samsung coded in their security that the CPU is auto-destroyed and if not do a J-Tag will be bringing back the Motherboard alive, i had not even the time to use it it been destroyed in about an hour and not even by me. But i'm not mad against the company i used they paid me a motherboard refurbished for the Galaxy Note 9 value of 139$.
Anyway let me know folks.
GSM SylVaincouver
Web: www(dot)gsmsylvaincouver(dot)com