FORUMS
Remove All Ads from XDA

[GUIDE][17.06.2019] RMM/KG bypass - Root/Install TWRP on Exynos Samsung after 2018

1,815 posts
Thanks Meter: 9,774
 
By corsicanu, Recognized Developer on 10th February 2018, 02:30 PM
Post Reply Email Thread
30th May 2019, 09:40 AM |#621  
Er. Aditya's Avatar
Senior Member
Flag BraveFort
Thanks Meter: 6,178
 
Donate to Me
More
Quote:
Originally Posted by spawnlives

Wasn't sure about your phone model had to Google search it. As far as I know the kg state was only introduced since Pie and as far as I know there is no way to bypass kg state being pre-normal except wait unless you downgrade to oreo. From what I've noticed some models and maybe regions are harder than others.
For my S8 on pie it was easy for me. I flashed pie had rmm and kg state prenormal state with no oem unlock option. Used a variation on date method to get oem unlock. Kg state had changed to normal or is some cases disappeared ( I usually do it a few times from start ) and just left me with rmm state pre-normal. In this state I could flash twrp then root. The only thing I did use was a different no - verity zip as version 6 didn't seem to work for me.
When I did this I only used Wi-Fi connection, no sim card.

One question though you said you still had kg state being pre-normal when you flashed oreo are you sure you are on Oreo if so try flashing oldest version that your bootloader allows.

thankyou first for providing a much detailed answer , yes sir thats what is bothering me
1. i have OEM unlock shown and it says my device is unlocked
2. my odin mode shows kg state prenormal
3. yes sar i am on oreo

you think i should try some other base rather then latest oreo ? and moreover i cannot even flash twrp so i can move forward
il try without sim card too
thanks again sar
 
 
30th May 2019, 12:07 PM |#622  
Senior Member
Flag Brisbane
Thanks Meter: 243
 
More
Quote:
Originally Posted by Er. Aditya

thankyou first for providing a much detailed answer , yes sir thats what is bothering me
1. i have OEM unlock shown and it says my device is unlocked
2. my odin mode shows kg state prenormal
3. yes sar i am on oreo

you think i should try some other base rather then latest oreo ? and moreover i cannot even flash twrp so i can move forward
il try without sim card too
thanks again sar


Since not knowing to much about your model M20 ( and assuming I've looked up the right model ) it's the same method for twrp,root etc as for any samsung device. I could be wrong but it's also a new release model. A quick look on updato only show's firmware for Oreo 8.1 ( no pie or early Android versions) . The earliest was Jan 19. The all have boot loader version 1 so you should have no trouble flashing earliest firmware version ( assuming you are on bl 1 ). Maybe even try a different region. I would also do a clean install as well.
No guarantees that it will work, if it is a new model the kg state may have been introduce since the start.
The Following User Says Thank You to spawnlives For This Useful Post: [ View ] Gift spawnlives Ad-Free
30th May 2019, 06:04 PM |#623  
Er. Aditya's Avatar
Senior Member
Flag BraveFort
Thanks Meter: 6,178
 
Donate to Me
More
Quote:
Originally Posted by spawnlives

Since not knowing to much about your model M20 ( and assuming I've looked up the right model ) it's the same method for twrp,root etc as for any samsung device. I could be wrong but it's also a new release model. A quick look on updato only show's firmware for Oreo 8.1 ( no pie or early Android versions) . The earliest was Jan 19. The all have boot loader version 1 so you should have no trouble flashing earliest firmware version ( assuming you are on bl 1 ). Maybe even try a different region. I would also do a clean install as well.
No guarantees that it will work, if it is a new model the kg state may have been introduce since the start.

thanks again bro here's what i have allready done

Pie update came via ota , odin firmware is still not released

i have flashed 8.1 ( rolled back from 9 )
then tried to root but i cant kg state shows peranormal
i cannot flash anything no twrp or anything
30th May 2019, 09:17 PM |#624  
Senior Member
Flag Brisbane
Thanks Meter: 243
 
More
Quote:
Originally Posted by Er. Aditya

thanks again bro here's what i have allready done

Pie update came via ota , odin firmware is still not released

i have flashed 8.1 ( rolled back from 9 )
then tried to root but i cant kg state shows peranormal
i cannot flash anything no twrp or anything

I'm having a similar issue with an S9 but due.to other commitments haven't had time to play with it yet. I have seen a.few threads about some methods to fix this issue. These seem a bit hit and miss as it works for some but not others and have yet to try them myself.

Some things to try though:

1. Revert back to earlier version of oreo, change the date back at least 7 days ( make sure date sticks ) then do software update ( update if there is one ). Then try OEM unlock and check.for.kg state.
2. When unlocking oem depending on model it may ask to factory reset phone hit yes then when phone starts to reboot go straight into download mode ( not system ). If it doesn't ask for reset then reboot from that screen straight into download mode.
3. You could.try a PC program called Chimera. Unfortunately this is a paid program.

https://chimeratool.com/en

4. Try the method in this thread

https://forum.xda-developers.com/gal...oneui-t3911862

These are just some methods and as I've said can be hit and miss for some people and I haven't tried them myself.

If still no luck you may have to play the waiting game for kg state to change from pre-normal to checking.
The Following User Says Thank You to spawnlives For This Useful Post: [ View ] Gift spawnlives Ad-Free
12th June 2019, 08:16 PM |#625  
Junior Member
Thanks Meter: 0
 
More
Not working on A6
Hello,
I recently bought a Samsung A6 ( SM-A600FZKNXEF). Before beginning to use it, I tried to install TWRP for backup ( not interested to root it for the moment). I followed the procedure but unfortunately, it did not work for me. After I installed TWRP and fix for RMM, the phone was rebooting indefinitely. Luckily, I was able to flash an official ROM.

Did someone already face this issue?
13th June 2019, 01:38 AM |#626  
SnowFuhrer's Avatar
Senior Member
Flag Spirit River
Thanks Meter: 392
 
More
Quote:
Originally Posted by alpesmaritimes2009

Hello,
I recently bought a Samsung A6 ( SM-A600FZKNXEF). Before beginning to use it, I tried to install TWRP for backup ( not interested to root it for the moment). I followed the procedure but unfortunately, it did not work for me. After I installed TWRP and fix for RMM, the phone was rebooting indefinitely. Luckily, I was able to flash an official ROM.

Did someone already face this issue?

Did you format data?
17th June 2019, 06:37 PM |#627  
corsicanu's Avatar
OP Recognized Developer
Flag București
Thanks Meter: 9,774
 
Donate to Me
More
And here it is, the long waited update of RMM bypass zip.
First of all i need to mention few things:

  • This only applies after you unlocked your phone and installed TWRP successfully (check first post for more details about that)
  • This patch is compatible with both Oreo and Pie
  • This patch is compatible only with exynos Samsung devices
  • This patch is needed only on exynos Samsung devices manufactured after 2017
  • This patch comes with absolutely no warranty, you may get locked back anytime without any notice, don't try to blame me or other people involved in this for your failure.

So as i said in my previous pie post, things have changed a bit with Pie and old patch didn't work anymore. After some time i discovered a bypass for the new KG/Payment lock thing, which i included in my roms/kernels with the purpose of mass testing the behaviour, which proven to be good.
For those who want to know exactly what's going on and what's behind the patch:
Most of the RMM code moved to KnoxGuard app, vaultkeeper turned from a binary service a fully functional service based on libs and integrated in the services.jar.
After some digging i found out that services.jar loads libvkjni.so, which loads libvkmanager.so/libvkservice.so, which eventually trigger KnoxGuard.apk to do it's thing inside the running rom.
So basically deleting libvkjni.so, libvkmanager.so/libvkservice.so and KnoxGuard.apk/Rlc.apk will disable the service.
Optional (requires decrypted csc), you can check in the csc files for

Code:
<CscFeature_Knox_SupportKnoxGuard>TRUE</CscFeature_Knox_SupportKnoxGuard>
make sure you set it to
Code:
<CscFeature_Knox_SupportKnoxGuard>FALSE</CscFeature_Knox_SupportKnoxGuard>
Here's what logs say about this: (you can see in red the important things)

Code:
W system_server: Lcom/android/server/VaultKeeperService; failed initialization: java.lang.UnsatisfiedLinkError: Library vkjni not found; tried [/system/lib64/libvkjni.so, /system/vendor/lib64/libvkjni.so]
W system_server:   at void java.lang.Runtime.loadLibrary0(java.lang.ClassLoader, java.lang.String) (Runtime.java:1040)
W system_server:   at void java.lang.System.loadLibrary(java.lang.String) (System.java:1669)
W system_server:   at void com.android.server.VaultKeeperService.<clinit>() (VaultKeeperService.java:69)
W system_server:   at void com.android.server.SystemServer.startOtherServices() (SystemServer.java:-1)
W system_server:   at void com.android.server.SystemServer.run() (SystemServer.java:-1)
W system_server:   at void com.android.server.SystemServer.main(java.lang.String[]) (SystemServer.java:-1)
W system_server:   at java.lang.Object java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (Method.java:-2)
W system_server:   at void com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run() (RuntimeInit.java:493)
W system_server:   at void com.android.internal.os.ZygoteInit.main(java.lang.String[]) (ZygoteInit.java:944)
W system_server: 
W System.err: java.lang.UnsatisfiedLinkError: Library vkjni not found; tried [/system/lib64/libvkjni.so, /system/vendor/lib64/libvkjni.so]
W System.err:   at java.lang.Runtime.loadLibrary0(Runtime.java:1040)
W System.err:   at java.lang.System.loadLibrary(System.java:1669)
W System.err:   at com.android.server.VaultKeeperService.<clinit>(VaultKeeperService.java:69)
W System.err:   at com.android.server.SystemServer.startOtherServices(Unknown Source:819)
W System.err:   at com.android.server.SystemServer.run(Unknown Source:273)
W System.err:   at com.android.server.SystemServer.main(Unknown Source:5)
W System.err:   at java.lang.reflect.Method.invoke(Native Method)
W System.err:   at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
W System.err:   at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:944)
E SystemServer: Failed to add VaultKeeper Service.
And a bit after this comes the nice part:
Code:
I SystemServer: StartKnoxGuard
E VaultKeeperManager: VaultKeeperService is null
E VaultKeeperManager: Unauthorized Pkg. Manager can't be provided.
D KG.Utils: getRlcState.
I KgvManager: query(void)
E KgvManager: [-5]Error from VaultKeeper Manager is null object
E KG.Utils: KnoxGuardVaultManager not supported (KnoxGuardVaultException)
I KG.IntegrityUtil: setInitialState
E KG.IntegrityUtil: Client Notfound : android.content.pm.PackageManager$NameNotFoundException: com.samsung.android.kgclient
As a basic check one of my testers was locked on his S8+ running stock rom. He downgraded the bootloader and modem to Oreo, flashed TWRP, deleted libvkjni.so, libvkmanager.so/libvkservice.so and KnoxGuard.apk/Rlc.apk, flashed Pie bootloader and modem and booted up with no lock and no more red text "Only official released binaries are allowed to be flashed".

How long this will last? Well, Samsung can always turn it into a mandatory thing or even fully change the way this works, making our phones get stuck in bootloop, nobody can tell, but for now let's enjoy it while it lasts.
As further instructions, for safety reasons make sure you flash this bypass zip after flashing any Samsung based rom (Touchwiz/OneUI), it may take a while until all devs integrate it in their roms.

Last but not least, make sure you understand the following:
  • This only applies after you unlocked your phone and installed TWRP successfully (check first post for more details about that)
  • This patch is compatible with both Oreo and Pie
  • This patch is compatible only with exynos Samsung devices
  • This patch is needed only on exynos Samsung devices manufactured after 2017
  • This patch comes with absolutely no warranty, you may get locked back anytime without any notice, don't try to blame me or other people involved in this for your failure.

If you are going to include any part of this in your work, make sure you give proper credits. Thank you
Special thanks goes to @BlackMesa123 for initial work, @_alexndr for script improvements, @ananjaser1211 for further testing and supporting all my things all the time, all my testers/users that got dragged into this without even knowing, and of course people who already kanged the patch from my kernel zip (if i didn't say anything doesn't mean i didn't saw it ).
You can find KG/RMM Bypass zip attached to this post.
All the best!
Attached Files
File Type: zip RMM_Bypass_v3_corsicanu.zip - [Click for QR Code] (6.2 KB, 19944 views)
The Following 45 Users Say Thank You to corsicanu For This Useful Post: [ View ]
17th June 2019, 10:49 PM |#628  
kapmino269's Avatar
Senior Member
Flag Menufia / Cairo
Thanks Meter: 112
 
Donate to Me
More
Quote:
Originally Posted by corsicanu

And here it is, the long waited update of RMM bypass zip.
First of all i need to mention few things:
This only applies after you unlocked your phone and installed TWRP successfully (check first post for more details about that)
This patch is compatible with both Oreo and Pie
This patch is compatible only with exynos Samsung devices
This patch is needed only on exynos Samsung devices manufactured after 2017
This patch comes with absolutely no warranty, you may get locked back anytime without any notice, don't try to blame me or other people involved in this for your failure.

So as i said in my previous pie post, things have changed a bit with Pie and old patch didn't work anymore. After some time i discovered a bypass for the new KG/Payment lock thing, which i included in my roms/kernels with the purpose of mass testing the behaviour, which proven to be good.
For those who want to know exactly what's going on and what's behind the patch:

Most of the RMM code moved to KnoxGuard app, vaultkeeper turned from a binary service a fully functional service based on libs and integrated in the services.jar.
After some digging i found out that services.jar loads libvkjni.so, which loads libvkmanager.so/libvkservice.so, which eventually trigger KnoxGuard.apk to do it's thing inside the running rom.
So basically deleting libvkjni.so, libvkmanager.so/libvkservice.so and KnoxGuard.apk/Rlc.apk will disable the service.
Optional (requires decrypted csc), you can check in the csc files for

make sure you set it to

Here's what logs say about this: (you can see in red the important things)


And a bit after this comes the nice part:

As a basic check one of my testers was locked on his S8+ running stock rom. He downgraded the bootloader and modem to Oreo, flashed TWRP, deleted libvkjni.so, libvkmanager.so/libvkservice.so and KnoxGuard.apk/Rlc.apk, flashed Pie bootloader and modem and booted up with no lock and no more red text "Only official released binaries are allowed to be flashed".

How long this will last? Well, Samsung can always turn it into a mandatory thing or even fully change the way this works, making our phones get stuck in bootloop, nobody can tell, but for now let's enjoy it while it lasts.
As further instructions, for safety reasons make sure you flash this bypass zip after flashing any Samsung based rom (Touchwiz/OneUI), it may take a while until all devs integrate it in their roms.
Last but not least, make sure you understand the following:
This only applies after you unlocked your phone and installed TWRP successfully (check first post for more details about that)
This patch is compatible with both Oreo and Pie
This patch is compatible only with exynos Samsung devices
This patch is needed only on exynos Samsung devices manufactured after 2017
This patch comes with absolutely no warranty, you may get locked back anytime without any notice, don't try to blame me or other people involved in this for your failure.

If you are going to include any part of this in your work, make sure you give proper credits. Thank you
Special thanks goes to @BlackMesa123 for initial work, @_alexndr for script improvements, @ananjaser1211 for further testing and supporting all my things all the time, all my testers/users that got dragged into this without even knowing, and of course people who already kanged the patch from my kernel zip (if i didn't say anything doesn't mean i didn't saw it ).
You can find KG/RMM Bypass zip attached to this post.
All the best!

All is ok sir .

Thanks Sir .


But there are lockscreen and samsung account issues .


We also tried our way with J4+ and J6+ .

https://forum.xda-developers.com/gal...-2019-t3929112

The same with J6+ .

But in vain the same results (2 issues) .



Please , sir fix that .

This issue with 4-5 or more than that with Pie samsung device
(J4,J6,J4+,J6+,A6,A6+,A7)


Kernel source for SM-J415F :



https://github.com/Kopra159/Kopra159...l_J4_Plus_PIE-

[ADDED]
ABOUT LOCKSCREEN ISSUE : -

AT /data/system
I saw that locksettings.db was written in it but when I see *.key
I saw that ALL THIER contents are NULL .

https://forum.xda-developers.com/sho...6&postcount=35

I think , this is the issue which make this error .

So when user enter his passwd (ANY TYPE) ,
OUTPUT WILL BE : INCORRECT PASSWORD .
SO OF COURSE , FACELOCK AND FINGERPRINT WON'T WORK .

HOW to solve that ?? AND WHERE IS THE ERROR ??
And very Thanks for All efforts .
The Following 2 Users Say Thank You to kapmino269 For This Useful Post: [ View ] Gift kapmino269 Ad-Free
18th June 2019, 03:31 AM |#629  
ananjaser1211's Avatar
Recognized Developer / Recognized Contributor
Flag Dubai
Thanks Meter: 14,392
 
Donate to Me
More
Quote:
Originally Posted by kapmino269

ABOUT LOCKSCREEN ISSUE : -

AT /data/system
I saw that locksettings.db was written in it but when I see *.key
I saw that ALL THIER contents are NULL .

https://forum.xda-developers.com/sho...6&postcount=35

I think , this is the issue which make this error .

So when user enter his passwd (ANY TYPE) ,
OUTPUT WILL BE : INCORRECT PASSWORD .
SO OF COURSE , FACELOCK AND FINGERPRINT WON'T WORK .

HOW to solve that ?? AND WHERE IS THE ERROR ??
And very Thanks for All efforts .

This is a keystore issue usually, are you on Pie bootloader ? and does it happen "after" you root only ?
18th June 2019, 06:03 AM |#630  
Quote:
Originally Posted by ananjaser1211

This is a keystore issue usually, are you on Pie bootloader ? and does it happen "after" you root only ?

i also have A6+ and have this lockscreen issue. and yes, on pie bl and thats happen after root. do you have solution regarding this?
i will do some experiment this week end, lockscreen and fp setting on oreo already backed up and flash later on pie and/or maybe flash oreo bl.
18th June 2019, 07:46 AM |#631  
kapmino269's Avatar
Senior Member
Flag Menufia / Cairo
Thanks Meter: 112
 
Donate to Me
More
Quote:
Originally Posted by ananjaser1211

This is a keystore issue usually, are you on Pie bootloader ? and does it happen "after" you root only ?

This issue happened when flashing any unofficiall binary .

As I tested to flash Twrp only and reboot to system (root won't work)

The same issue .

So the cause isn't the root, it is before it .

---------- Post added at 07:46 AM ---------- Previous post was at 07:42 AM ----------

Quote:
Originally Posted by an-_-dro

i also have A6+ and have this lockscreen issue. and yes, on pie bl and thats happen after root. do you have solution regarding this?
i will do some experiment this week end, lockscreen and fp setting on oreo already backed up and flash later on pie and/or maybe flash oreo bl.

Don't flash stock recovery after flashing twrp .

Your device will be damaged .(hardware: battery with me and ..)

Because stuck on rebooting and U can't to go to any mode .

Take care .
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes