Closed KikMyaz closed 1 year ago
Looks like your device's data partition is encrypted:
[ro.crypto.state]: [encrypted]
[ro.crypto.type]: [file]
On Android 11, if the device's data partition is encrypted, Secure Folder will fail to create since keymaster will refuse to generate the user key due to the trusted boot checks in the TA. It looks like it is the case as well on Android 10 by looking at your logs:
05-13 12:06:39.721 628 628 D vold : createUserKey(151)
05-13 12:06:39.721 628 628 D FsCrypt : fscrypt_vold_create_user_key for 151 serial 151
05-13 12:06:39.721 628 628 D FsCrypt : create_and_install_user_keys 151
05-13 12:06:39.721 628 628 E FsCrypt : Preparing: /keydata/misc/vold/user_keys/ce/151
05-13 12:06:39.724 628 628 E FsCrypt : Preparing: /keyrefuge/misc/vold/user_keys/ce/151
05-13 12:06:39.724 628 628 D FsCrypt : Skipping non-key ..
05-13 12:06:39.725 628 628 D FsCrypt : Skipping non-key .
05-13 12:06:39.725 628 628 D KeyStorage: Already exists, destroying: /keydata/misc/vold/user_keys/temp
05-13 12:06:39.725 628 628 D vold : /system/bin/secdiscard
05-13 12:06:39.725 628 628 D vold : --
05-13 12:06:39.725 628 628 D vold : /keydata/misc/vold/user_keys/temp/encrypted_key
05-13 12:06:39.725 628 628 D vold : /keydata/misc/vold/user_keys/temp/secdiscardable
05-13 12:06:39.744 628 628 D vold : /system/bin/rm
05-13 12:06:39.744 628 628 D vold : -rf
05-13 12:06:39.744 628 628 D vold : /keydata/misc/vold/user_keys/temp
05-13 12:06:39.755 628 628 D KeyStorage: Inside KeyStorage.isKnoxKeyPath() - key_path : /keydata/misc/vold/user_keys/ce/151/current
05-13 12:06:39.755 628 628 D KeyStorage: Inside KeyStorage.isKnoxKeyPath() - user_de_path_length : 32
05-13 12:06:39.755 628 628 D KeyStorage: Inside KeyStorage.isKnoxKeyPath() - user_ce_path_length : 32
05-13 12:06:39.755 628 628 D KeyStorage: Input path is for Knox user
05-13 12:06:39.756 628 628 E KeyStorage: storeKey /keydata/misc/vold/user_keys/temp
05-13 12:06:39.792 628 628 I vold : List of Keymaster HALs found:
05-13 12:06:39.792 628 628 I vold : Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: STRONGBOX HAL: android.hardware.keymaster@4.0::IKeymasterDevice/strongbox
05-13 12:06:39.792 628 628 I vold : Keymaster HAL #2: SKeymaster(Keymaster MDFPP) from SKeymaster team SecurityLevel: TRUSTED_ENVIRONMENT HAL: android.hardware.keymaster@4.0::IKeymasterDevice/default
05-13 12:06:39.792 628 628 I vold : Using SKeymaster(Keymaster MDFPP) from SKeymaster team for encryption. Security level: TRUSTED_ENVIRONMENT, HAL: android.hardware.keymaster@4.0::IKeymasterDevice/default
05-13 12:06:39.793 628 628 D KeyStorage: Knox protection required in generating keymaster key
05-13 12:06:39.793 628 628 D KeyStorage: Creating key that doesn't need auth token
05-13 12:06:39.793 704 704 W keymaster_tee: [WRN]start nwd_generate_key
05-13 12:06:39.796 704 704 D keymaster_swd: keymaster_swd [ERR] (tz_check_trust_boot_status:1148) TB is fail:0x1
05-13 12:06:39.796 704 704 D keymaster_swd: keymaster_swd [ERR] (tz_check_trust_boot_status:1159) WB is fail:0x1
05-13 12:06:39.796 704 704 D keymaster_swd: keymaster_swd [ERR] (km_check_trustboot_for_knox:411) tz_check_trust_boot_status fail
05-13 12:06:39.796 704 704 W keymaster_tee: [WRN]Cmd 2, err -45
05-13 12:06:39.796 704 704 W keymaster_tee: [WRN]nwd_generate_key ret -45
05-13 12:06:39.796 628 628 E vold : generate_key failed, code -45
05-13 12:06:39.796 628 628 E KeyStorage: generateKeymasterKey failed
05-13 12:06:39.797 1044 2368 E StorageManagerService:
05-13 12:06:39.797 1044 2368 E StorageManagerService: android.os.ServiceSpecificException: (code 0)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at android.os.Parcel.createException(Parcel.java:2102)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at android.os.Parcel.readException(Parcel.java:2056)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at android.os.Parcel.readException(Parcel.java:2004)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at android.os.IVold$Stub$Proxy.createUserKey(IVold.java:3323)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at com.android.server.StorageManagerService.createUserKey(StorageManagerService.java:4049)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at android.os.storage.StorageManager.createUserKey(StorageManager.java:1515)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at com.android.server.pm.UserManagerService.createUserInternalUnchecked(UserManagerService.java:3347)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at com.android.server.pm.UserManagerService.createUserInternal(UserManagerService.java:3150)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at com.android.server.pm.UserManagerService.createProfileForUser(UserManagerService.java:3089)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at android.os.IUserManager$Stub.onTransact(IUserManager.java:637)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at android.os.Binder.execTransactInternal(Binder.java:1056)
05-13 12:06:39.797 1044 2368 E StorageManagerService: at android.os.Binder.execTransact(Binder.java:1029)
I haven't been able to check it in my legacy device I used for testing (Galaxy S8+) since data encryption was disabled in my end. Unfortunately there's no workaround on this since the checks are in the TZ-side of things, the only way is to disable data encryption in your device by removing the crypto flags in the fstab files (more info in the AOSP documentation). I'll make sure the data crypto warning in the app is shown on all the Android versions below 12 rathen than only on Android 11.
Thank you so much for the incredibly fast response!
I'm going to try removing "fileencryption=ice,quota,reservedsize=128M" and report back
Thank you so much for the incredibly fast response!
I'm going to try removing "fileencryption=ice,quota,reservedsize=128M" and report back
Remove only "fileencryption=ice" and "inlinecrypt" in the "/data" entry of your "fstab.qcom" file in vendor, the other flags aren't crypto related.
Oh dear good point! For some reason /system/vendor/etc/fstab.qcom (symlinked to /vendor/etc/fstab.qcom) seems to restore itself automatically upon reboot :( Any ideas?
I can confirm Secure Folder works fine on my Galaxy S8+ with full stock firmware and data crypto in place:
The difference is this device has FDE and not FBE:
[ro.crypto.state]: [encrypted]
[ro.crypto.type]: [block]
Oh dear good point! For some reason /system/vendor/etc/fstab.qcom (symlinked to /vendor/etc/fstab.qcom) seems to restore itself automatically upon reboot :( Any ideas?
Edit "/vendor/etc/fstab.qcom" directly, the "/system/vendor" folder is a symlink to the actual "/vendor" partition. Try also using a different app, I personally use MiXplorer. Please note disabling data crypto will require a factory data reset to remove FBE and being able to boot in the OS again, if you're interested in testing this out make sure to backup all your data/files before proceeding.
https://docs.samsungknox.com/admin/knox-platform-for-enterprise/kbas/kba-360039577713.htm
I can confirm Secure Folder works fine on my Galaxy S8+ with full stock firmware and data crypto in place:
![]()
The difference is this device has FDE and not FBE:
[ro.crypto.state]: [encrypted] [ro.crypto.type]: [block]
Ah interesting https://docs.samsungknox.com/admin/knox-platform-for-enterprise/kbas/kba-360039577713.htm - is there any way to disable FBE? (I also have TWRP if it's helpful)
Ah interesting https://docs.samsungknox.com/admin/knox-platform-for-enterprise/kbas/kba-360039577713.htm - is there any way to disable FBE? (I also have TWRP if it's helpful)
Your device should be "old enough" to support @corsicanu's multidisabler TWRP flashable zip (https://github.com/corsicanu/multidisabler-samsung/releases/latest), avoid using it in newer devices with dynamic partitions since it will not work.
Commit 2002afe41ecfa301b37c39630538b7728045ae58 pushed, the crypto warning will now be shown on Android 11 and lower and only on FBE devices, will keep this issue open anyway and see if we can circumvent this in the future.
Thanks! Just disabled FBE, but for some reason the issue persists.
[ro.crypto.state]: [unsupported]
Any pointers?
Thanks! Just disabled FBE, but for some reason the issue persists.
[ro.crypto.state]: [unsupported]
Did you reboot your phone after installing the KnoxPatch app and enabling the module in LSPosed? I still see the keymaster error but this time it is caused by SdpManagerService:
05-13 14:34:49.427 685 685 D keymaster_swd: keymaster_swd [ERR] (tz_check_trust_boot_status:1148) TB is fail:0x1
05-13 14:34:49.427 685 685 D keymaster_swd: keymaster_swd [ERR] (tz_check_trust_boot_status:1159) WB is fail:0x1
05-13 14:34:49.427 685 685 D keymaster_swd: keymaster_swd [ERR] (km_check_trustboot_for_knox:411) tz_check_trust_boot_status fail
05-13 14:34:49.427 685 685 W keymaster_tee: [WRN]Cmd 4, err -45
05-13 14:34:49.427 685 685 W keymaster_tee: [WRN]nwd_import_key ret -45
05-13 14:34:49.427 1113 17054 I keymaster_worker: importKey failed
05-13 14:34:49.427 1113 17054 E keymaster_worker: importKey() : Failed to import knox key (-45) : Not support fallback
05-13 14:34:49.428 1050 2270 W System.err: java.security.KeyStoreException: Failed to import secret key. Keystore error code: -45
05-13 14:34:49.428 1050 2270 W System.err: at android.security.keystore.AndroidKeyStoreSpi.setSecretKeyEntry(AndroidKeyStoreSpi.java:882)
05-13 14:34:49.428 1050 2270 W System.err: at android.security.keystore.AndroidKeyStoreSpi.engineSetEntry(AndroidKeyStoreSpi.java:1218)
05-13 14:34:49.428 1050 2270 W System.err: at java.security.KeyStore.setEntry(KeyStore.java:1658)
05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.locksettings.SyntheticPasswordCrypto.installKnoxKey(SyntheticPasswordCrypto.java:447)
05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.locksettings.SyntheticPasswordCrypto.installKnoxKey(SyntheticPasswordCrypto.java:418)
05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.SdpManagerService$LocalService.isKnoxKeyInstallable(SdpManagerService.java:7617)
05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.lambda$checkIntegrity$1(UserManagerService.java:686)
05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.-$$Lambda$UserManagerService$Vi1he31l1YntzoW2DphYBuoO19s.apply(Unknown Source:2)
05-13 14:34:49.428 1050 2270 W System.err: at java.util.Optional.map(Optional.java:211)
05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.checkIntegrity(UserManagerService.java:685)
05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.createUserInternalUnchecked(UserManagerService.java:3327)
05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.createUserInternal(UserManagerService.java:3150)
05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.createProfileForUser(UserManagerService.java:3089)
05-13 14:34:49.428 1050 2270 W System.err: at android.os.IUserManager$Stub.onTransact(IUserManager.java:637)
05-13 14:34:49.428 1050 2270 W System.err: at android.os.Binder.execTransactInternal(Binder.java:1056)
05-13 14:34:49.428 1050 2270 W System.err: at android.os.Binder.execTransact(Binder.java:1029)
Might download your device firmware to see if something else needs to be patched.
Thanks! Just disabled FBE, but for some reason the issue persists.
[ro.crypto.state]: [unsupported]
Did you reboot your phone after installing the KnoxPatch app and enabling the module in LSPosed? I still see the keymaster error but this time it is caused by SdpManagerService:
05-13 14:34:49.427 685 685 D keymaster_swd: keymaster_swd [ERR] (tz_check_trust_boot_status:1148) TB is fail:0x1 05-13 14:34:49.427 685 685 D keymaster_swd: keymaster_swd [ERR] (tz_check_trust_boot_status:1159) WB is fail:0x1 05-13 14:34:49.427 685 685 D keymaster_swd: keymaster_swd [ERR] (km_check_trustboot_for_knox:411) tz_check_trust_boot_status fail 05-13 14:34:49.427 685 685 W keymaster_tee: [WRN]Cmd 4, err -45 05-13 14:34:49.427 685 685 W keymaster_tee: [WRN]nwd_import_key ret -45 05-13 14:34:49.427 1113 17054 I keymaster_worker: importKey failed 05-13 14:34:49.427 1113 17054 E keymaster_worker: importKey() : Failed to import knox key (-45) : Not support fallback 05-13 14:34:49.428 1050 2270 W System.err: java.security.KeyStoreException: Failed to import secret key. Keystore error code: -45 05-13 14:34:49.428 1050 2270 W System.err: at android.security.keystore.AndroidKeyStoreSpi.setSecretKeyEntry(AndroidKeyStoreSpi.java:882) 05-13 14:34:49.428 1050 2270 W System.err: at android.security.keystore.AndroidKeyStoreSpi.engineSetEntry(AndroidKeyStoreSpi.java:1218) 05-13 14:34:49.428 1050 2270 W System.err: at java.security.KeyStore.setEntry(KeyStore.java:1658) 05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.locksettings.SyntheticPasswordCrypto.installKnoxKey(SyntheticPasswordCrypto.java:447) 05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.locksettings.SyntheticPasswordCrypto.installKnoxKey(SyntheticPasswordCrypto.java:418) 05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.SdpManagerService$LocalService.isKnoxKeyInstallable(SdpManagerService.java:7617) 05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.lambda$checkIntegrity$1(UserManagerService.java:686) 05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.-$$Lambda$UserManagerService$Vi1he31l1YntzoW2DphYBuoO19s.apply(Unknown Source:2) 05-13 14:34:49.428 1050 2270 W System.err: at java.util.Optional.map(Optional.java:211) 05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.checkIntegrity(UserManagerService.java:685) 05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.createUserInternalUnchecked(UserManagerService.java:3327) 05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.createUserInternal(UserManagerService.java:3150) 05-13 14:34:49.428 1050 2270 W System.err: at com.android.server.pm.UserManagerService.createProfileForUser(UserManagerService.java:3089) 05-13 14:34:49.428 1050 2270 W System.err: at android.os.IUserManager$Stub.onTransact(IUserManager.java:637) 05-13 14:34:49.428 1050 2270 W System.err: at android.os.Binder.execTransactInternal(Binder.java:1056) 05-13 14:34:49.428 1050 2270 W System.err: at android.os.Binder.execTransact(Binder.java:1029)
Might download your device firmware to see if something else needs to be patched.
I have just rebooted again two more times but the issue remains. Activating Secure Folder in Settings still says "Couldn't create Secure Folder".
Any way I can help? It's the official firmware (G9700TGY4DTL2)
Seems like an additional patch is required in your end, I'll send you a test apk asap.
@KikMyaz give a try to this apk when possible. https://github.com/BlackMesa123/KnoxPatch/actions/runs/4967531570
Thank you! I have just installed the latest artifact but I am still getting the same issue. Here are the logs,
Sorry for the late reply. I've been talking with some devs and it looks like this was a common issue for S10 devices due to something in vold/epm related to Knox (either SDP or DDAR). They've sent me the necessary files to replace, would be great if you could test those yourself (make a backup of your system partition first, then replace the files with the one attached here)
Thank you! I have just installed the latest artifact but I am still getting the same issue. Here are the logs,
Sorry for the late reply. I've been talking with some devs and it looks like this was a common issue for S10 devices due to something in vold/epm related to Knox (either SDP or DDAR). They've sent me the necessary files to replace, would be great if you could test those yourself (make a backup of your system partition first, then replace the files with the one attached here)
Thank you for the reply! Just tried it out but it looks like it doesn't boot after replacing the files under /system (and setting permissions). It gets stuck on the device model splash screen for like 3 mins during boot, finally reaches the "SAMSUNG" splash screen, but as soon as what I'm assuming is the lockscreen loads the device restarts.
I just booted into twrp and mounted system to double check I have replaced the files, here is the output
beyond0qlte:/ # ls -al /system/bin/vold
-rwxr-xr-x 1 root shell 1255328 2023-05-15 12:26 /system/bin/vold
beyond0qlte:/ # ls -al /system/lib/libepm.so
-rw-r--r-- 1 root root 207900 2023-05-15 12:26 /system/lib/libepm.so
beyond0qlte:/ # ls -al /system/lib64/libepm.so
-rw-r--r-- 1 root root 244352 2023-05-15 12:26 /system/lib64/libepm.so
I just booted into twrp and mounted system to double check I have replaced the files
Did you set the correct secontext for the vold file with chcon u:object_r:vold_exec:s0 /system/bin/vold
? Use ls -lZ
to print it.
I just booted into twrp and mounted system to double check I have replaced the files
Did you set the correct secontext for the vold file with
chcon u:object_r:vold_exec:s0 /system/bin/vold
? Usels -lZ
to print it.
Oh dear I forgot! Thanks so much - secure folder working perfectly now!
Thank you for testing out, I'll see if I can figure out a way to implement this fix in the Enhancer module. You think you can test it once it is ready?
Yeah absolutely I'd be more than happy to help!
Thank you very much for fixing the issue (a flashable zip might also be nice if we're not going to be replacing the files back)
Yeah absolutely I'd be more than happy to help!
Can you check if the stock /system/bin/vold
file works fine? I want to know if only the libepm
files are required to fix SF.
Can you check if the stock
/system/bin/vold
file works fine? I want to know if only thelibepm
files are required to fix SF.
Just tested different combinations of the exec and dylibs - here's my preliminary conclusion:
Okay just double checked again - all 3 files are required for working secure folder :/
Here's a quick script to help with testing
adb push ./vold /tmp/; adb shell mkdir -p /sdcard/vold/bin /sdcard/vold/lib /sdcard/vold/lib64 cp --preserve=all /system/bin/vold /sdcard/vold/bin/vold cp --preserve=all /system/lib/libepm.so /sdcard/vold/lib/libepm.so cp --preserve=all /system/lib64/libepm.so /sdcard/vold/lib64/libepm.so cp /tmp/vold/bin/vold /system/bin/vold cp /tmp/vold/lib/libepm.so /system/lib/libepm.so cp /tmp/vold/lib64/libepm.so /system/lib64/libepm.so
Can you check what happens with the original KnoxPatch v0.5.1 module and the vold/libepm files that fixes Secure Folder? Want to see if they do not require the additional patch I added in the module to fix your issue.
@KikMyaz this CLI contains a test version of the KnoxPatch Enhancer Magisk module, it should fix Secure Folder in your end. https://github.com/BlackMesa123/KnoxPatch/actions/runs/5002208767
Can you check what happens with the original KnoxPatch v0.5.1 module and the vold/libepm files that fixes Secure Folder? Want to see if they do not require the additional patch I added in the module to fix your issue.
Sure thing! The original KnoxPatch v0.5.1 module does not seem to work with stock vold files nor with modded ones. Only the latest build (artifact) works and it only works when used with the modded vold files.
@KikMyaz this CLI contains a test version of the KnoxPatch Enhancer Magisk module, it should fix Secure Folder in your end. https://github.com/BlackMesa123/KnoxPatch/actions/runs/5002208767
Thanks! Yep the new Enhacer module works and replaces all files correctly (at least on my end) 👍
Thanks! Yep the new Enhacer module works and replaces all files correctly (at least on my end) +1
Great to know! A new official release of the app is on the way. Thank you a lot for your time and patience, will rename this issue and probably open another one for the non-working SF with FBE since this was specific to your device.
No, unfortunately enabling back data encryption will bring back the keymaster verify error in https://github.com/BlackMesa123/KnoxPatch/issues/23#issuecomment-1546627709.
Ah I forgot! Yeah that makes sense - thanks so much!
@KikMyaz Can you please test this Enhancer zip? I made a mistake while writing the script and the files weren't extracted correctly😅 https://github.com/BlackMesa123/KnoxPatch/actions/runs/5003577005
Hmmm idk what changed but that may or may not have broken it neutral_face work profile's not activating after flashing that magisk module, but manually replacing the vold files does work (also the previous one might have been broken too since I just clocked I had prevented those files from being overwritten)
Any logs I could look at? Consider the module contains the same vold/libepm I sent you for testing, so strange...
Sure! I'm like 99% sure installing the module broke my work profile (not entirely sure if having it already enabled makes a difference) but here are the logs - I'm guessing the files aren't being replaced properly for some reason?
Do you still have the log files by any chance? I wasn't able to download them since I was AFK.
Gonna assume it's because keymaster isn't working as it should in your end:
05-17 20:01:00.479 689 689 W keymaster_tee: [WRN]begin req PARAMS: A32 B32 P1
05-17 20:01:00.484 689 689 D keymaster_swd: keymaster_swd [ERR] (tz_check_oem:62) Device is compromized: fuse loc=5,status=0,sw_fuse_blown=1
05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [ERR] (km_check_key_os_version_patchlevels:194) key_os_version(160100) > _os_version(100000)
05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [ERR] (swd_key_deserialize_ekey:466) km_check_key_os_version_patchlevels failed
05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [ERR] (km_deserialize_key:276) Failed to deserialize key
05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [ERR] (swd_begin:417) Failed with error: 4294967
05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [WRN] (swd_run_cb:249) swd_begin() returns -33
05-17 20:01:00.485 689 689 W keymaster_tee: [WRN]Cmd 8, err -33
Looks like you did downgrade your device or did something that is making the os version/security patches check to fail.
Interesting! Would running a custom kernel trigger that? (for testing purposes I integrated a custom kernel in boot.img and flashed that) But curiously secure folder works if I replaced the files myself instead of using magisk
Yes, make sure your boot.img has the correct OS_VERSION and OS_PATCH_LEVEL value.
Here are the logs LSPosed_2023-05-17T20_35_55.261.zip
I do still see the "km_check_key_os_version_patchlevels failed" error in logs, wonder what could be causing it. Regarding Secure Folder, could Magisk not be able to bind mount the new vold binary in time? I need to check this.
Could the error be due to the modded system partition from manually replacing the void files?
At the moment it's modded system partition, stock kernel + with magisk flashed into boot partition and recovery partition, and a lightly modified product (CSC) partition. Would any of these trigger that error?
Also I do think it may be due to magisk coming up too late in the boot process
I doubt so, OS_VERSION and OS_PATCH_LEVEL are either read from the kernel image or from the system props, so your issue is probably there.
I might need to find another way to replace the vold binary in system if a Magisk module isn't enough. A good news is I might have found a way to fix Secure Folder on legacy FBE devices, though this also requires a custom vold binary🥲 (https://github.com/BlackMesa123/KnoxPatch/issues/26#issuecomment-1552882223)
05-17 20:01:00.479 689 689 W keymaster_tee: [WRN]begin req PARAMS: A32 B32 P1 05-17 20:01:00.484 689 689 D keymaster_swd: keymaster_swd [ERR] (tz_check_oem:62) Device is compromized: fuse loc=5,status=0,sw_fuse_blown=1 05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [ERR] (km_check_key_os_version_patchlevels:194) key_os_version(160100) > _os_version(100000) 05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [ERR] (swd_key_deserialize_ekey:466) km_check_key_os_version_patchlevels failed 05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [ERR] (km_deserialize_key:276) Failed to deserialize key 05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [ERR] (swd_begin:417) Failed with error: 4294967 05-17 20:01:00.485 689 689 D keymaster_swd: keymaster_swd [WRN] (swd_run_cb:249) swd_begin() returns -33 05-17 20:01:00.485 689 689 W keymaster_tee: [WRN]Cmd 8, err -33
Apologies! Just clocked the keystore issue was my fault leaving incorrect header magic in custom boot image.
RE: https://github.com/BlackMesa123/KnoxPatch/issues/26
On a completely unrelated note, if you would like to downgrade with higher bootloader rev, this slightly dodgy method may work (provided you have snapdragon). It's just hex patching on the firmware and some people have reported success.
On a completely unrelated note, if you would like to downgrade with higher bootloader rev, this slightly dodgy method may work (provided you have snapdragon). It's just hex patching on the firmware and some people have reported success.
Yes, curiously I discovered this some days before that thread was created... 🤔
This is the Samsung signature scheme you can find in their binaries:
- SignerRevision (16 bytes)
- QuickBuildId (16 bytes)
- VersionName (32 bytes)
- BuildTime (16 bytes)
- ModelName (32 bytes)
- SystemRPValue (16 bytes)
- KernelRPValue (16 bytes)
- BuildVariant (4 bytes)
- KillSwitchMagic (4 bytes)
- FactoryBuild (4 bytes)
- BinaryName (16 bytes)
- Reserved (84 bytes)
The values the bootloader checks are "SystemRPValue" and "KernelRPValue", not the "VersionName". The best thing to do is to zero out the signature in the binary you want to flash. Avoid BL and CP binaries since messing with those could lead to an hard brick, modify and flash only AP and CSC binaries. This should work on all the Samsung devices regardless from the SoC.
Hi - sorry for having to necro this thread! I have just got some time to properly test this out repeatedly by starting out completely fresh with stock Android 10 rom.
Just wanted to report the latest enhancer module 0.3-fix from releases still doesn't seem to work properly after flashing with Magisk. I can confirm it was only until after I replaced the vold files individually in TWRP that it finally starts working. Not entirely sure if this is because the Magisk module is coming up too late during boot.
Hi - sorry for having to necro this thread! I have just got some time to properly test this out repeatedly by starting out completely fresh with stock Android 10 rom.
Just wanted to report the latest enhancer module 0.3-fix from releases still doesn't seem to work properly after flashing with Magisk. I can confirm it was only until after I replaced the vold files individually in TWRP that it finally starts working. Not entirely sure if this is because the Magisk module is coming up too late during boot.
Yes that's the reason, vold is a critical system service and Magisk seems to not be able to replace it. I've also tried Magisk Delta early mount feature but the result is the same.
Issue resolved in #26 . Thank you for the help!
Hi, I am using LSPosed with Zygisk on Android 10. KnoxPatch does not seem to be injecting into the correct modules - would you please look into this?
Please find attached the logs.