SimonGleinert
Dauer-User
- 464
Folge dem Video um zu sehen, wie unsere Website als Web-App auf dem Startbildschirm installiert werden kann.
Anmerkung: Diese Funktion erfordert derzeit den Zugriff auf die Seite über den integrierten Safari-Browser.
bitstopfen schrieb:die Ausgabe basiert auf Software, du hättest dir den Namen nicht geben sollen, davon verstehst du zuwenig...
thehacker911 schrieb:Die bringt doch nix. Samsung sieht es trotzdem.
LORD HELMI schrieb:Welches Recht erlaubt es Dir andere User so zu beleidigen. Kennst du thehacker911 persönlich?
Hier wäre mal eine Entschuldigung angebracht.
Naja was soll man auch hier anderes erwarten. Jeder der sich so äußert wie du denkt er ist der Allwissende.
Sry für OT
BrunoWestone schrieb:Hi guys, here is a copy of my conclusions i'm writing in another thread.
I'm going to post them here as well, it might help someone .
Hi guys.
I don't know if this helps or not but here are some of my conclusions on the subject:
I have a Jtag Box (Riff Box) and i tested several different things on several S4 With Knox 0x0 and 0x1.
1st Conclusion - Clone or Change the Boolean to 0x0 its not possible since the phone will put counter back to 0x1 again in the first full boot
2nd conclusion - There is a 3rd bootloader (kind of a bootloader) on this new firmware (latest 4.2.2 and on) that creates a secure container using the trust zone, and sandbox security keys and checksums communicating with the PBL (Primary bootloader) and SBL1 (Secondary Bootloader).
3rd conclusion - This container is created not on the first boot after the upgrade (as some say) but in the firmware upgrading process.
4th conclusion - The 3rd Bootloader is not read or write permitted not even with Jtag (At least i didn't found it after 3 full dumps in different phones)
5th conclusion - Once you upgrade to knox secure bootloader you can't downgrade to a un-knoxed bootloader because the security checksum between the 3 bootloader will fail and odin won't flash.
6th conclusion - This is far away the most advanced and secure operating system ever made by Men, but it as is faults. Last week the world found a huge bug in the knox containers that allows data to be exchanged from insecure boot mode to secured sandbox in knox app
The theory :
The only way to reset knox counter is to "convince" the phone bootloader that it still's in 4.2.2 un-knoxed bootloader and flash a 4.3 knox firmware. This way, all the secure containers in trust zone and boot loaders checksums will be recreated, flags inclusive.
I tried unsuccessfully "kill" a knoxed bootloader with Jtag and recover it in a 4.2.2 un-knoxed one but Jtag won't write the new bootloader 'cause apparently this specific address (Bootloader address) is write protected .
I hope this helps anyone, i'm done with this. I'm not a bootloader specialist and i'm pretty sure someone will find the way to reset this.
For now still Samsung 1 - 0 Rest of the World
I'm giving up on this but since i have a Jtag and 198 voided S4 in my office, i'll be available for testing anything on those.
Good luck researchers,
By the way, if it helps click thanks
Quelle: RIFF JTAG - Samsung S3, S4 KNOX Downgrade warning and repair instructions ! ! !As many of You already know, the KNOX enabled firmware brings many new features, some of them giving headaches to users and repair shops.
Most important for us are the following:
- Downgrade is not possible anymore
- Warranty void status (0x1)
To prevent any possible problems, always create backup using RIFF Box and it's DCC TAB functions.
For bot S3 and S4 models, 128MB from ROM1 is enough.
- Select ROM1
- Set address to 0x0000 0000 0000
- Set data length to 128MB from drop down list
- Click "Read Memory" and "Save" once it's finished.
Remember that restoring backup will not set back warranty void status to 0x0, if it's already triggered !
In case that You do not have backup, please follow these instructions:
- Determine latest version available for Your model, and download firmware (zip or md5 file)
- Extract firmware using 7zip
- Launch JTAG Manager and start eMMC plugin
- Click "Load layout from device" and wait for partitions list to be loaded
- Inject SBL1 (if exist), SBL2, SBL3, RPM, TZ and ABOOT files into corresponding partitions
- Select injected partitions by double click
- Click "Flash Selected"
This will restore phone bootloader and allow You to start phone in download mode.
In case that You can not find latest firmware, but You have working donor phone with required version, simply write 128MB backup to ROM1, or write above listed partitions using eMMC plugin.
This manual applies to following Samsung Galaxy S3 and S4 models, based on QUALCOMM chipsets:
- SCH-R530
- SCH-I535
- SCH-i535v
- SPH-L710
- SGH-i747
- SGH-i747M
- SC-06D
- SC-03E
- SGH-T999
- SGH-T999L
- SHV-E210K
- SHV-E210L
- SHV-E210S
- GT-i9505
- SGH-i337
- SGH-i337M
- SGH-m919
- SCH-i545
- SPH-L720
- SCH-R970
- SCH-R970x
- SC-04E