Smartphone OEMs typically want to keep their devices as secure as possible. This is especially true with Samsung as they want to maintain their presence in the enterprise market. So they have a security layer in place and I’m going to show you how to see if you’ve tripped the Galaxy Note 9 Knox counter.
The more secure a smartphone is the more confident a consumer is to put their important data on it. This runs through the entire smartphone market from the everyday average consumer all the way up to the board members of a Fortune 500 company. Privacy, especially in America, is something that a lot of people value so if their smartphone isn’t secure then their data is at risk.
If someone feels their data is at risk then that means they won’t take that certain photograph, or won’t send that certain message. All in fear that anyone could have access to that data. This person could be a hacker or your typical spy agency flunky. So it is in a company’s best interest to make sure their smartphone is as secure as possible.
What is Samsung Galaxy Note 9 Knox?
Most smartphone companies out there don’t have their own brand for the security layers they put into their software. Hell, most even don’t add any additional layers because Google does so much work to keep Android as secure as possible anyway. Anything added on top of that is mostly for the sake of the consumer as it gives them additional confidence.
In any case, Samsung Knox is the company’s enterprise mobile security solution that comes pre-installed on most (if not all) of the smartphones they sell. To be honest, I haven’t ever purchased a $50 to $100 Samsung smartphone to check. It’s difficult enough to buy the popular ones as I am spending my own money to obtain these devices for tutorials.
However, I could see them forgoing Knox on the low-end devices due to cost and resources. In any case, Samsung’s Galaxy Note 9 Knox consists of a number of security features that include both hardware and software. An example of its software is a feature called Knox Workspace which lets the user immediately switch between personal and work mode without having to reboot the smartphone.
On the other hand, the Galaxy Note 9 Knox security layer also has hardware features as well. These hardware components are built into the device as it is manufactured and consists of ARM’s TrustZone and a bootloader ROM. If certain features of the smartphone have been tampered with it triggers an “e-fuse” which is known as the Knox counter.
So let me show you how to check if Knox has been triggered on your Galaxy Note 9.
How to See if the Samsung Galaxy Note 9 Knox Counter is Tripped
- Download and install an app from the Play Store called Phone INFO ★Samsung★
I just search for the terms “samsung info” (without quotes) and it’s usually right at the top
- Once installed, go ahead and open it up
The first tab is labeled General, and this is where you’ll see the information for Knox
- Look for the Knox Warranty Void section which is toward the bottom
If it reads 0x0 then the Galaxy Note 9 Knox counter has not been tripped. However, if it reads 0x1 then that means the e-fuse has been blown and the phone has been tampered with
Depending on what you do with your phone, the outcome of the Knox counter could be meaningless. If you are just an average Joe who uses their phone for normal, everyday things then you don’t have to worry about anything. You’re likely not going to be targeted by a hacker, and even then, Android still has enough protection built in that your data is still protected.
What Trips the Galaxy Note 9 Knox Counter?
Samsung has set up Knox in a way so that it is quick to tell when or if the Knox counter has been tripped. The main goal of Knox is to keep the platform secure so when it detects certain things have been changed, then it blows the e-fuse. The most common example of this happening is when anything on the Android system partition gets changed.
The system partition is big though and it holds a lot of data. Thankfully, someone can’t just snatch your phone and make these types of changes. Most (if not every) Android phone sold today has a bootloader that is locked when you buy it brand new. A locked bootloader is a security layer that prevents you from making these changes to the Android system partition.
However, there are a lot of cool things that we can install and tinker with when we unlock the bootloader. I recently did a tutorial showing how to unlock the bootloader of the Galaxy Note 9. Now, I should say that the simple act of unlocking the bootloader doesn’t make any changes to the Android system. Therefore this means that if you just unlock the bootloader then the Galaxy Note 9 Knox Counter isn’t tripped.
The thing is, we can’t install things like a custom recovery or gain root access to the Galaxy Note 9 without unlocking the bootloader. And it’s these types of changes that trip the Knox Counter. It’s these types of changes that make it so that you actually lose access to certain software features. Yea, as sad as it is, you will lose access to certain software features if you trip Knox.
What Do You Lose if the Knox Counter is Tripped?
I have yet to find an official list of features that are lost when you trip the Knox Counter. Naturally, though, it’s all things that you would consider security related. For example, Samsung Pay holds a lot of sensitive financial data and Samsung wants to keep this as secure as possible. So, it makes sense that Samsung Pay is no longer usable if Knox has been tripped.
As you can see from the image above, there’s a feature in Samsung Experience called Secure Folder. This is a feature that lets you put certain files (images, movies, apps, games) that are only accessible if you are able to verify that you own the device (PIN, pattern, password, etc.). So this is one of those features that Samsung relies on Knox to determine if the phone has been tampered with.
This means that if you have installed TWRP, gained root access, or make any other changes to the smartphone that would trip the Galaxy Note 9 Knox Counter then you’ll get that error when you try to create one. There’s also that Knox Workspace application (and all of the other enterprise related features) that I mentioned earlier as well. So if the smartphone sees that the e-fuse has been triggered then it won’t let you use the feature.
Another popular feature that people end up missing out on is the suite of features that come with Samsung Health. At least in the United States, health records are kept very confidential. This means that only certain people are allowed to access them so again, this information is meant to be kept as secure as possible so those features get disabled a well.
I wish I had a full list of the features that are lost when this happens but I am unable to find anything official. If you know of one, or if I find one in the near future, then I will be sure to update this article to include those other features that you end up losing out on. It’s a shame that things have to be this way but it’s one of the reasons why so many major companies trust giving their employees Samsung devices.
Can’t You Just Reset Knox with a Factory Reset?
I wish you could, but sadly that isn’t possible. You may have noticed me using the term “e-fuse” in this tutorial a few times. I also told you that Samsung Knox is a combination of both software and hardware related features. We’ve covered most of the software stuff but this is where the hardware part comes into play. Not only does it leverage ARM’s TrustZone and a bootloader ROM but it also has an e-fuse.
Once that e-fuse is triggered on the Galaxy Note 9 then there’s no turning back. All of the software features mentioned above are all reliant on whether that has been tripped or not. Older versions of Knox could have its e-fuse reset by flashing a custom firmware but that is no longer possible. You could perform a factory reset or manually flash a fresh install of Android using Odin and the Galaxy Note 9 Knox Counter will still be tripped (you can see it in the video above).
Most checks of this e-fuse are done via software so if there is an exploit that comes around then it is possible to trick the software checks into thinking everything is good. These exploits are few and far between and most are released for free on XDA so don’t get fooled into some pay service that promises you it can reset it for you.
Be Careful Buying a Used Galaxy Note 9
This is why buying used Samsung phones can be a risky endeavor. Some shady seller on eBay or Craigslist could lie and say everything is fine. I will recommend that you check to see if the Knox counter has been tripped if you’re buying a used Galaxy Note 9. The tutorial I showed above is for those who already have the device in their hand and they can easily download the app from the Play Store.
There’s another way to check though, and it doesn’t require you to have the phone set up or anything. If the features that Knox disables are important to you then boot the Galaxy Note 9 into Download Mode before you give the seller your money. The same information about 0x0 or 0x1 is listed in Download Mode and it can be easily accessed pretty easy at a remote location.
