1

How can you access the KNOX counter programmatically from the android SDK?

I would like my app to check the value to try and ascertain if it is running on a samsung phone that has been rooted.

Cœur
  • 37,241
  • 25
  • 195
  • 267
bph
  • 10,728
  • 15
  • 60
  • 135
  • Possible duplicate of http://stackoverflow.com/questions/27291676/root-detection-methodology-in-android-which-cannot-be-bypassed – JimmyB Nov 27 '15 at 11:02
  • 1
    Did you check out Samsung's SDK? -> https://seap.samsung.com/developer/sdk/knox-standard-android – JimmyB Nov 27 '15 at 11:05
  • Not sure its a duplicate, this is a much more specific samsung knox question. thanks very much for the link - looks like the answer will be in there somewhere - if i find it i'll post it back – bph Nov 27 '15 at 11:11
  • maybe only knox premium and knox customisation products give access to the SDK? not myKNOX? i.e. you have to pay for it? – bph Nov 27 '15 at 15:25
  • Don't know. I haven't clicked the "Enroll to download" button :) - Although it says "SEAP is for B2B Developers and Partners, providing **free**, quick and easy access to the tools [...]" – JimmyB Nov 27 '15 at 16:28

1 Answers1

1

I just decompiled KNOX Status. It looks like all the app is doing is getting the system property ro.boot.warranty_bit. I'm not sure if this still works and I don't have a Samsung at the moment to test.

In terminal run:

adb shell getprop ro.boot.warranty_bit

If the result is 0, then the warranty should be valid. You can use this class to get the system property in an Android app.

Community
  • 1
  • 1
Jared Rummler
  • 37,824
  • 19
  • 133
  • 148
  • wow! good thinking.. i'm surprised they use that approach though (i.e. running a shell tool via exec) as opposed to using a samsung knox SDK method (I haven't read the SDK yet though) – bph Nov 27 '15 at 11:20
  • 1
    i wonder where getprop resides on the android os, maybe /usr/bin or somesuch, I'll have to try and find it. I guess you could overwrite it with an alias that returns 0 for an arg of ro.boot.warranty_bit therefore effectively bypassing this check. but i guess the location of getprop will be a root folder, so maybe not possible on a knox phone? – bph Nov 27 '15 at 15:39
  • Maybe you could retrieve the value using android.os.SystemProperties class? – bph Nov 27 '15 at 15:55
  • "I just decompiled ..." - IANAL, but I bet you just violated the app's license terms. And by publishing that "illegal" piece of code here you might become subject to serious legal trouble. – JimmyB Nov 27 '15 at 16:36
  • @HannoBinder, don't make assumptions on what is illegal. Did you know Google has an open source decompiler, [enjarify](https://github.com/google/enjarify). Any code on SO is CC unless otherwise specified. Many people are violating those terms and don't know it. I also decompiled Facebook to get [this answer](http://stackoverflow.com/a/24547437/1048340). Decompiling an APK is not illegal. – Jared Rummler Nov 27 '15 at 20:28
  • @bph, `android.os.SystemProperties` is hidden but you can use [this class](http://stackoverflow.com/a/28402378/1048340) to get the system property. – Jared Rummler Nov 27 '15 at 20:29
  • @JaredRummler Haven't checked that specific app, but most closed source software explicitly prohibits reverse engineering and the like in its license terms. And publishing someone else's code (on SO or anywhere) without his consent certainly does not make that code legally open source, CC, or whatever. – JimmyB Nov 28 '15 at 12:16
  • Might be worth a read: https://www.eff.org/de/issues/coders/reverse-engineering-faq and http://copyrightuser.org/topics/research-and-private-studies/ – JimmyB Nov 28 '15 at 12:17
  • @HannoBinder I wasn't suggesting that it was now CC. I removed the code from the answer for you. The code couldn't be used in a project anyway. – Jared Rummler Nov 28 '15 at 20:56
  • I thought it was standard practice to obfuscate apps prior to deploying them, proguard or equivalent. I take it KNOX Status hasn't done this then? I appreciate your efforts Jared but don't want you to get in any trouble. – bph Nov 30 '15 at 11:36
  • 1
    @bph Proguard is standard and it would have made it harder to find out how the app was working. I have no worry whatsoever about any legal issues. You could probably Google the system property name and find it used in other projects. – Jared Rummler Nov 30 '15 at 11:49
  • The ro.boot.warranty_bit in build.prop is probably modified by the boot loader setting the actual hardware warranty bit. Otherwise, it would be trivial to set it back in software, which we know is impossible. – user1118764 Nov 08 '16 at 09:07