• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[GUIDE][17.06.2019] RMM/KG bypass - Root/Install TWRP on Exynos Samsung after 2018

Search This thread

Lucaserf

New member
Jun 10, 2021
3
0
So, if I don't have any simcard from the country of origin (In my case, Portugal), can I still use this method of flashing the Portugal's ROM and waiting 7 days ? I'm using a J4+ (SM-J415FN)
 

spawnlives

Senior Member
Jan 27, 2018
1,047
396
Samsung Galaxy S8
Samsung Galaxy S9
So, if I don't have any simcard from the country of origin (In my case, Portugal), can I still use this method of flashing the Portugal's ROM and waiting 7 days ? I'm using a J4+ (SM-J415FN)
I don't have a J4+ model so may not be of much help.
Flashing ROM's from different countries/carriers is ok as long it the same model number, the method for twrp/root is the same.
If you don't have a sim card then use wi-fi. The so called 7 waiting days requires a connection to the internet.
If you have oem unlocked and kg state and/or rmm state in checking/normal ( or disappeared ) mode then you should be right to install twrp, root, custom rom's etc.
 

Lucaserf

New member
Jun 10, 2021
3
0
I don't have a J4+ model so may not be of much help.
Flashing ROM's from different countries/carriers is ok as long it the same model number, the method for twrp/root is the same.
If you don't have a sim card then use wi-fi. The so called 7 waiting days requires a connection to the internet.
If you have oem unlocked and kg state and/or rmm state in checking/normal ( or disappeared ) mode then you should be right to install twrp, root, custom rom's etc.
Ayy, thanks for the answer.
 

UnChatCalot

New member
Jul 31, 2021
1
0
UPDATE 17.06.2019 - NEW RMM/KG bypass patch

UPDATE 23.02.2019 - Pie and more


Please take some time and read carefully the whole post. I am not and i won`t be responsable for anything.

Disclaimer

I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed.
Please do some research if you have any concerns about this guide!
YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
Flashing any custom binary will trigger knox and you may lose your warranty. Make sure you know what you do to your device.

Introduction
December 2017 update (for some even older) brought us a different lock, that creates panic among users as usual. As described here by my friend @BlackMesa123, this is not a lock to developement, rather an advanced lock for theft or scams. This has a bypass too, specially when you`re the owner of the device.

How it works
This lock is in bootloader, but the trigger to it is inside the system, it`s hard to reproduce, but usually happens when you plug another country sim than your firmware country, because changing the country might not seem as a traveling guy and more like a thief. If you are on stock rom all this time, you might not feel the change, as the device reboots and wipes data, but it will eventually boot. The nice thing comes if you already have custom binary installed (rooted kernel or twrp), as you can`t boot anymore because bootloader is preventing you to boot on custom binaries and alter the system.

Devices confirmed to have the lock:
  • Any other Samsung device manufactured after 2017
  • Samsung Galaxy S9 & S9+ - SM-G960F & SM-G965F
  • Samsung Galaxy Note 8 - SM-N950F
  • Samsung Galaxy S8 & S8+ - SM-G950F & SM-G955F
  • Samsung Galaxy A8 & A8+(2018) - SM-A530F & SM-A730F
  • Samsung Galaxy A Series (2017) - SM-A320F/FL, SM-A520F & SM-A720F
  • Samsung Galaxy Note FE - N935F

How to know if you are locked
There are 3 things at this chapter:
1. "Only official released binaries are allowed to be flashed" message shows up and now you know for sure you got locked outside your phone
2. Missing OEM unlock toggle in developer settings, if your device has FRP
3. "RMM state = Prenormal" in download mode

How to unlock
1. As i personally did, and other users reported, if you face any of the things above, flash latest full stock fw of your country with Odin, boot up, don`t reboot, don`t unplug the sim and don`t disconnect the network connection for 7 full days (168h). It seems that after 7 days of uptime, RMM state resets and you can flash TWRP again without issues. You can see uptime in settings/about device/status.
2. Some users reported this guide was working in first Oreo fw releases, can't guarantee it still works.

How to avoid getting locked again
Unfortunately bootloader can`t be reverted to older revisions, so we need to live with this. My friend @BlackMesa123 made some investigation and found out how to disable this lock. After waiting those 7 days, go to settings/developer option and enable OEM unlock. In order to never get locked again, flash TWRP for your device (install instructions below), boot into TWRP (do not boot into rom yet as you might get locked again), download and flash his fix from here (don`t forget to thank him too for his findings).
You can keep this zip near and flash it after flashing any custom rom, to be sure you don`t get locked again. The zip contains an universal script that disables the services responsable. Can be flashed on any device, if the device has the lock, won`t get locked again, if not, nothing will happend. I like to say "better safe than sorry".

How to safely install TWRP
Considering you are already unlocked (waited those 7 days), follow the next steps carefully:
  1. Make sure you downloaded latest Odin, samsung usb drivers installed, latest RMM-State_Bypass fix (download links are in #2 post) and latest TWRP available for your device
  2. Put RMM-State_Bypass.zip in external sdcard
  3. Go to settings/Developer options and enable OEM unlock (If you don't see developer settings, go into Settings/About phone/Software info and tap "Build number" 10 times to show Developer options menu)
  4. Reboot the phone into download mode and connect the usb cable
  5. Open Odin, go into options and untick Auto-reboot and put the TWRP tar file in AP tab of odin, hit Start and wait
  6. When Odin shows "PASS", take your device in hands, disconnect the usb cable and press simultaneously the "Home" + "Vol. Down" + "Power" buttons until the downoad mode disappears
  7. At the precise moment the screen becomes black, immediately release the "Vol.Down" button and press the "Home" + "Vol. Up" + "Power" buttons during 10 to 15sec to forcefully enter TWRP
    ***Don't boot into rom because it will lock your device again!!!!
  8. Once the custom recovery booted, swipe to "Allow modification" and flash RMM-State_Bypass.zip as normal zip
Now you can reboot into rom and hopefully never get locked again.
If any of above steps fail, redo from step 1, more carefully this time.


How to safely root
Considering you already unlocked (waited those 7 days) and you have TWRP installed, follow the next steps carefully:
  1. Download root zip and no-verity-opt-encrypt-6.0 (download links are in #2 post) and drop the zips into external sdcard
  2. Boot into TWRP and swipe "Allow modifications"
  3. Go into Wipe menu and select "Format data" - note that this will erase all your data including internal storage
  4. Reboot recovery, swipe to "Allow modification" and flash RMM-State_Bypass.zip
  5. Flash no-verity-opt-encrypt-6.0 zip downloaded at step #1 to disable data partition encryption
  6. Flash root zip downloaded at step #1
  7. Reboot the phone into system
  8. After booting up in setting wizard make sure to uncheck diagnostic data
If any of above steps fail, redo from step 1, more carefully this time.


You can read more about it here here, here, here, here or here.

Credits
@BlackMesa123
@RicePlay33
@Yahia Angelo
@TaifAljaloo
@ananjaser1211
 

fgoraz

New member
Aug 8, 2021
1
0
UPDATE 17.06.2019 - NEW RMM/KG bypass patch

UPDATE 23.02.2019 - Pie and more


Please take some time and read carefully the whole post. I am not and i won`t be responsable for anything.

Disclaimer

I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed.
Please do some research if you have any concerns about this guide!
YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
Flashing any custom binary will trigger knox and you may lose your warranty. Make sure you know what you do to your device.

Introduction
December 2017 update (for some even older) brought us a different lock, that creates panic among users as usual. As described here by my friend @BlackMesa123, this is not a lock to developement, rather an advanced lock for theft or scams. This has a bypass too, specially when you`re the owner of the device.

How it works
This lock is in bootloader, but the trigger to it is inside the system, it`s hard to reproduce, but usually happens when you plug another country sim than your firmware country, because changing the country might not seem as a traveling guy and more like a thief. If you are on stock rom all this time, you might not feel the change, as the device reboots and wipes data, but it will eventually boot. The nice thing comes if you already have custom binary installed (rooted kernel or twrp), as you can`t boot anymore because bootloader is preventing you to boot on custom binaries and alter the system.

Devices confirmed to have the lock:
  • Any other Samsung device manufactured after 2017
  • Samsung Galaxy S9 & S9+ - SM-G960F & SM-G965F
  • Samsung Galaxy Note 8 - SM-N950F
  • Samsung Galaxy S8 & S8+ - SM-G950F & SM-G955F
  • Samsung Galaxy A8 & A8+(2018) - SM-A530F & SM-A730F
  • Samsung Galaxy A Series (2017) - SM-A320F/FL, SM-A520F & SM-A720F
  • Samsung Galaxy Note FE - N935F

How to know if you are locked
There are 3 things at this chapter:
1. "Only official released binaries are allowed to be flashed" message shows up and now you know for sure you got locked outside your phone
2. Missing OEM unlock toggle in developer settings, if your device has FRP
3. "RMM state = Prenormal" in download mode

How to unlock
1. As i personally did, and other users reported, if you face any of the things above, flash latest full stock fw of your country with Odin, boot up, don`t reboot, don`t unplug the sim and don`t disconnect the network connection for 7 full days (168h). It seems that after 7 days of uptime, RMM state resets and you can flash TWRP again without issues. You can see uptime in settings/about device/status.
2. Some users reported this guide was working in first Oreo fw releases, can't guarantee it still works.

How to avoid getting locked again
Unfortunately bootloader can`t be reverted to older revisions, so we need to live with this. My friend @BlackMesa123 made some investigation and found out how to disable this lock. After waiting those 7 days, go to settings/developer option and enable OEM unlock. In order to never get locked again, flash TWRP for your device (install instructions below), boot into TWRP (do not boot into rom yet as you might get locked again), download and flash his fix from here (don`t forget to thank him too for his findings).
You can keep this zip near and flash it after flashing any custom rom, to be sure you don`t get locked again. The zip contains an universal script that disables the services responsable. Can be flashed on any device, if the device has the lock, won`t get locked again, if not, nothing will happend. I like to say "better safe than sorry".

How to safely install TWRP
Considering you are already unlocked (waited those 7 days), follow the next steps carefully:
  1. Make sure you downloaded latest Odin, samsung usb drivers installed, latest RMM-State_Bypass fix (download links are in #2 post) and latest TWRP available for your device
  2. Put RMM-State_Bypass.zip in external sdcard
  3. Go to settings/Developer options and enable OEM unlock (If you don't see developer settings, go into Settings/About phone/Software info and tap "Build number" 10 times to show Developer options menu)
  4. Reboot the phone into download mode and connect the usb cable
  5. Open Odin, go into options and untick Auto-reboot and put the TWRP tar file in AP tab of odin, hit Start and wait
  6. When Odin shows "PASS", take your device in hands, disconnect the usb cable and press simultaneously the "Home" + "Vol. Down" + "Power" buttons until the downoad mode disappears
  7. At the precise moment the screen becomes black, immediately release the "Vol.Down" button and press the "Home" + "Vol. Up" + "Power" buttons during 10 to 15sec to forcefully enter TWRP
    ***Don't boot into rom because it will lock your device again!!!!
  8. Once the custom recovery booted, swipe to "Allow modification" and flash RMM-State_Bypass.zip as normal zip
Now you can reboot into rom and hopefully never get locked again.
If any of above steps fail, redo from step 1, more carefully this time.


How to safely root
Considering you already unlocked (waited those 7 days) and you have TWRP installed, follow the next steps carefully:
  1. Download root zip and no-verity-opt-encrypt-6.0 (download links are in #2 post) and drop the zips into external sdcard
  2. Boot into TWRP and swipe "Allow modifications"
  3. Go into Wipe menu and select "Format data" - note that this will erase all your data including internal storage
  4. Reboot recovery, swipe to "Allow modification" and flash RMM-State_Bypass.zip
  5. Flash no-verity-opt-encrypt-6.0 zip downloaded at step #1 to disable data partition encryption
  6. Flash root zip downloaded at step #1
  7. Reboot the phone into system
  8. After booting up in setting wizard make sure to uncheck diagnostic data
If any of above steps fail, redo from step 1, more carefully this time.


You can read more about it here here, here, here, here or here.

Credits
@BlackMesa123
@RicePlay33
@Yahia Angelo
@TaifAljaloo
@ananjaser1211
Awesome! Thank you for the best team ever.
I finally root properly my device galaxy J701F/DS JVELTE
 

MDP43140

New member
Aug 13, 2021
2
0
Indonesia
mdp43140.github.io
UPDATE 17.06.2019 - NEW RMM/KG bypass patch

UPDATE 23.02.2019 - Pie and more


Please take some time and read carefully the whole post. I am not and i won`t be responsable for anything.

Disclaimer

I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed.
Please do some research if you have any concerns about this guide!
YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
Flashing any custom binary will trigger knox and you may lose your warranty. Make sure you know what you do to your device.

Introduction
December 2017 update (for some even older) brought us a different lock, that creates panic among users as usual. As described here by my friend @BlackMesa123, this is not a lock to developement, rather an advanced lock for theft or scams. This has a bypass too, specially when you`re the owner of the device.

How it works
This lock is in bootloader, but the trigger to it is inside the system, it`s hard to reproduce, but usually happens when you plug another country sim than your firmware country, because changing the country might not seem as a traveling guy and more like a thief. If you are on stock rom all this time, you might not feel the change, as the device reboots and wipes data, but it will eventually boot. The nice thing comes if you already have custom binary installed (rooted kernel or twrp), as you can`t boot anymore because bootloader is preventing you to boot on custom binaries and alter the system.

Devices confirmed to have the lock:
  • Any other Samsung device manufactured after 2017
  • Samsung Galaxy S9 & S9+ - SM-G960F & SM-G965F
  • Samsung Galaxy Note 8 - SM-N950F
  • Samsung Galaxy S8 & S8+ - SM-G950F & SM-G955F
  • Samsung Galaxy A8 & A8+(2018) - SM-A530F & SM-A730F
  • Samsung Galaxy A Series (2017) - SM-A320F/FL, SM-A520F & SM-A720F
  • Samsung Galaxy Note FE - N935F

How to know if you are locked
There are 3 things at this chapter:
1. "Only official released binaries are allowed to be flashed" message shows up and now you know for sure you got locked outside your phone
2. Missing OEM unlock toggle in developer settings, if your device has FRP
3. "RMM state = Prenormal" in download mode

How to unlock
1. As i personally did, and other users reported, if you face any of the things above, flash latest full stock fw of your country with Odin, boot up, don`t reboot, don`t unplug the sim and don`t disconnect the network connection for 7 full days (168h). It seems that after 7 days of uptime, RMM state resets and you can flash TWRP again without issues. You can see uptime in settings/about device/status.
2. Some users reported this guide was working in first Oreo fw releases, can't guarantee it still works.

How to avoid getting locked again
Unfortunately bootloader can`t be reverted to older revisions, so we need to live with this. My friend @BlackMesa123 made some investigation and found out how to disable this lock. After waiting those 7 days, go to settings/developer option and enable OEM unlock. In order to never get locked again, flash TWRP for your device (install instructions below), boot into TWRP (do not boot into rom yet as you might get locked again), download and flash his fix from here (don`t forget to thank him too for his findings).
You can keep this zip near and flash it after flashing any custom rom, to be sure you don`t get locked again. The zip contains an universal script that disables the services responsable. Can be flashed on any device, if the device has the lock, won`t get locked again, if not, nothing will happend. I like to say "better safe than sorry".

How to safely install TWRP
Considering you are already unlocked (waited those 7 days), follow the next steps carefully:
  1. Make sure you downloaded latest Odin, samsung usb drivers installed, latest RMM-State_Bypass fix (download links are in #2 post) and latest TWRP available for your device
  2. Put RMM-State_Bypass.zip in external sdcard
  3. Go to settings/Developer options and enable OEM unlock (If you don't see developer settings, go into Settings/About phone/Software info and tap "Build number" 10 times to show Developer options menu)
  4. Reboot the phone into download mode and connect the usb cable
  5. Open Odin, go into options and untick Auto-reboot and put the TWRP tar file in AP tab of odin, hit Start and wait
  6. When Odin shows "PASS", take your device in hands, disconnect the usb cable and press simultaneously the "Home" + "Vol. Down" + "Power" buttons until the downoad mode disappears
  7. At the precise moment the screen becomes black, immediately release the "Vol.Down" button and press the "Home" + "Vol. Up" + "Power" buttons during 10 to 15sec to forcefully enter TWRP
    ***Don't boot into rom because it will lock your device again!!!!
  8. Once the custom recovery booted, swipe to "Allow modification" and flash RMM-State_Bypass.zip as normal zip
Now you can reboot into rom and hopefully never get locked again.
If any of above steps fail, redo from step 1, more carefully this time.


How to safely root
Considering you already unlocked (waited those 7 days) and you have TWRP installed, follow the next steps carefully:
  1. Download root zip and no-verity-opt-encrypt-6.0 (download links are in #2 post) and drop the zips into external sdcard
  2. Boot into TWRP and swipe "Allow modifications"
  3. Go into Wipe menu and select "Format data" - note that this will erase all your data including internal storage
  4. Reboot recovery, swipe to "Allow modification" and flash RMM-State_Bypass.zip
  5. Flash no-verity-opt-encrypt-6.0 zip downloaded at step #1 to disable data partition encryption
  6. Flash root zip downloaded at step #1
  7. Reboot the phone into system
  8. After booting up in setting wizard make sure to uncheck diagnostic data
If any of above steps fail, redo from step 1, more carefully this time.


You can read more about it here here, here, here, here or here.

Credits
@BlackMesa123
@RicePlay33
@Yahia Angelo
@TaifAljaloo
@ananjaser1211
so i want to ask. what happened if 168 hours passed but oem unlock is not enabled, but instead rebooting the phone, do i have to redo it again (oem unlock will be missing again)?
 

spawnlives

Senior Member
Jan 27, 2018
1,047
396
Samsung Galaxy S8
Samsung Galaxy S9
so i want to ask. what happened if 168 hours passed but oem unlock is not enabled, but instead rebooting the phone, do i have to redo it again (oem unlock will be missing again)?
If i read your question right the answer is no it won't.
If you have OEM unlock option in developers menu you can reboot your phone as many time as you like without enabling bootloader ( oem ) to unlocked state.
Generally once OEM unlock option is there it will stay there until you flash stock firmware again.
Check in download ( odin ) mode to check if RMM/KG state is normal/checking before you modify your phone.
 
  • Like
Reactions: MDP43140
R

ReduxRoot

Guest
I don't have a J4+ model so may not be of much help.
Flashing ROM's from different countries/carriers is ok as long it the same model number, the method for twrp/root is the same.
If you don't have a sim card then use wi-fi. The so called 7 waiting days requires a connection to the internet.
If you have oem unlocked and kg state and/or rmm state in checking/normal ( or disappeared ) mode then you should be right to install twrp, root, custom rom's etc.
I have a Samsung J600-FN and is on prenormal mode but i have OEM Unlock, can i try the 7 days trick with OEM unlock enabled?
Can i use my phone while doing this?
Is it working on Android 10?
Thanks in advance!
 

spawnlives

Senior Member
Jan 27, 2018
1,047
396
Samsung Galaxy S8
Samsung Galaxy S9
I have a Samsung J600-FN and is on prenormal mode but i have OEM Unlock, can i try the 7 days trick with OEM unlock enabled?
Can i use my phone while doing this?
Is it working on Android 10?
Thanks in advance!
The RMM and or KG state should change whether you have OEM lock in developers options or not. To change this state requires a connection to the internet and this state is governed by samsung on there servers.
Note: Having the OEM unlocked in developers section may not necessarily change the RMM/KG state automatically.
If the date method ( or variations of this method ) are not working then waiting the so called 7 days may work. This time period may also vary.
You can still use your phone normally ( leave OEM unlocked if you like ) and should still work on android 10.
 
  • Like
Reactions: ReduxRoot

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    I have a Samsung J600-FN and is on prenormal mode but i have OEM Unlock, can i try the 7 days trick with OEM unlock enabled?
    Can i use my phone while doing this?
    Is it working on Android 10?
    Thanks in advance!
    The RMM and or KG state should change whether you have OEM lock in developers options or not. To change this state requires a connection to the internet and this state is governed by samsung on there servers.
    Note: Having the OEM unlocked in developers section may not necessarily change the RMM/KG state automatically.
    If the date method ( or variations of this method ) are not working then waiting the so called 7 days may work. This time period may also vary.
    You can still use your phone normally ( leave OEM unlocked if you like ) and should still work on android 10.
  • 168
    UPDATE 17.06.2019 - NEW RMM/KG bypass patch

    UPDATE 23.02.2019 - Pie and more

    Please take some time and read carefully the whole post. I am not and i won`t be responsable for anything.

    Disclaimer
    I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed.
    Please do some research if you have any concerns about this guide!
    YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
    Flashing any custom binary will trigger knox and you may lose your warranty. Make sure you know what you do to your device.

    Introduction
    December 2017 update (for some even older) brought us a different lock, that creates panic among users as usual. As described here by my friend @BlackMesa123, this is not a lock to developement, rather an advanced lock for theft or scams. This has a bypass too, specially when you`re the owner of the device.

    How it works
    This lock is in bootloader, but the trigger to it is inside the system, it`s hard to reproduce, but usually happens when you plug another country sim than your firmware country, because changing the country might not seem as a traveling guy and more like a thief. If you are on stock rom all this time, you might not feel the change, as the device reboots and wipes data, but it will eventually boot. The nice thing comes if you already have custom binary installed (rooted kernel or twrp), as you can`t boot anymore because bootloader is preventing you to boot on custom binaries and alter the system.

    Devices confirmed to have the lock:
    • Any other Samsung device manufactured after 2017
    • Samsung Galaxy S9 & S9+ - SM-G960F & SM-G965F
    • Samsung Galaxy Note 8 - SM-N950F
    • Samsung Galaxy S8 & S8+ - SM-G950F & SM-G955F
    • Samsung Galaxy A8 & A8+(2018) - SM-A530F & SM-A730F
    • Samsung Galaxy A Series (2017) - SM-A320F/FL, SM-A520F & SM-A720F
    • Samsung Galaxy Note FE - N935F

    How to know if you are locked
    There are 3 things at this chapter:
    1. "Only official released binaries are allowed to be flashed" message shows up and now you know for sure you got locked outside your phone
    2. Missing OEM unlock toggle in developer settings, if your device has FRP
    3. "RMM state = Prenormal" in download mode

    How to unlock
    1. As i personally did, and other users reported, if you face any of the things above, flash latest full stock fw of your country with Odin, boot up, don`t reboot, don`t unplug the sim and don`t disconnect the network connection for 7 full days (168h). It seems that after 7 days of uptime, RMM state resets and you can flash TWRP again without issues. You can see uptime in settings/about device/status.
    2. Some users reported this guide was working in first Oreo fw releases, can't guarantee it still works.

    How to avoid getting locked again
    Unfortunately bootloader can`t be reverted to older revisions, so we need to live with this. My friend @BlackMesa123 made some investigation and found out how to disable this lock. After waiting those 7 days, go to settings/developer option and enable OEM unlock. In order to never get locked again, flash TWRP for your device (install instructions below), boot into TWRP (do not boot into rom yet as you might get locked again), download and flash his fix from here (don`t forget to thank him too for his findings).
    You can keep this zip near and flash it after flashing any custom rom, to be sure you don`t get locked again. The zip contains an universal script that disables the services responsable. Can be flashed on any device, if the device has the lock, won`t get locked again, if not, nothing will happend. I like to say "better safe than sorry".

    How to safely install TWRP
    Considering you are already unlocked (waited those 7 days), follow the next steps carefully:
    1. Make sure you downloaded latest Odin, samsung usb drivers installed, latest RMM-State_Bypass fix (download links are in #2 post) and latest TWRP available for your device
    2. Put RMM-State_Bypass.zip in external sdcard
    3. Go to settings/Developer options and enable OEM unlock (If you don't see developer settings, go into Settings/About phone/Software info and tap "Build number" 10 times to show Developer options menu)
    4. Reboot the phone into download mode and connect the usb cable
    5. Open Odin, go into options and untick Auto-reboot and put the TWRP tar file in AP tab of odin, hit Start and wait
    6. When Odin shows "PASS", take your device in hands, disconnect the usb cable and press simultaneously the "Home" + "Vol. Down" + "Power" buttons until the downoad mode disappears
    7. At the precise moment the screen becomes black, immediately release the "Vol.Down" button and press the "Home" + "Vol. Up" + "Power" buttons during 10 to 15sec to forcefully enter TWRP
      ***Don't boot into rom because it will lock your device again!!!!
    8. Once the custom recovery booted, swipe to "Allow modification" and flash RMM-State_Bypass.zip as normal zip
    Now you can reboot into rom and hopefully never get locked again.
    If any of above steps fail, redo from step 1, more carefully this time.


    How to safely root
    Considering you already unlocked (waited those 7 days) and you have TWRP installed, follow the next steps carefully:
    1. Download root zip and no-verity-opt-encrypt-6.0 (download links are in #2 post) and drop the zips into external sdcard
    2. Boot into TWRP and swipe "Allow modifications"
    3. Go into Wipe menu and select "Format data" - note that this will erase all your data including internal storage
    4. Reboot recovery, swipe to "Allow modification" and flash RMM-State_Bypass.zip
    5. Flash no-verity-opt-encrypt-6.0 zip downloaded at step #1 to disable data partition encryption
    6. Flash root zip downloaded at step #1
    7. Reboot the phone into system
    8. After booting up in setting wizard make sure to uncheck diagnostic data
    If any of above steps fail, redo from step 1, more carefully this time.


    You can read more about it here here, here, here, here or here.

    Credits
    @BlackMesa123
    @RicePlay33
    @Yahia Angelo
    @TaifAljaloo
    @ananjaser1211
    69
    Useful links

    FAQ
    Q: TWRP can't mount data partition, what to do?
    A: Make sure you formatted data partition.

    Q: Phone is not booting even after 20 minutes?
    A: Try to reboot. If still not booting, make sure you formatted data partition.

    Q: How to format data partition?
    A:
    ymlnQUE.jpg


    Q: Why do i need to format data partition?
    A: Because old rom encrypted your data partition and new rom can't decrypt and use that content / root needs access to data partition to place misc files / phone not booting after flashing root until data partition gets formatted.

    Q: Why not formatting data at twrp install?
    A: Phone will boot even if data is encrypted if you don't root. Also system partition is not encrypted meaning you can flash RMM-State_Bypass anyway.
    56
    And here it is, the long waited update of RMM bypass zip.
    First of all i need to mention few things:

    • This only applies after you unlocked your phone and installed TWRP successfully (check first post for more details about that)
    • This patch is compatible with both Oreo and Pie
    • This patch is compatible only with exynos Samsung devices
    • This patch is needed only on exynos Samsung devices manufactured after 2017
    • This patch comes with absolutely no warranty, you may get locked back anytime without any notice, don't try to blame me or other people involved in this for your failure.
    So as i said in my previous pie post, things have changed a bit with Pie and old patch didn't work anymore. After some time i discovered a bypass for the new KG/Payment lock thing, which i included in my roms/kernels with the purpose of mass testing the behaviour, which proven to be good.
    For those who want to know exactly what's going on and what's behind the patch:
    Most of the RMM code moved to KnoxGuard app, vaultkeeper turned from a binary service a fully functional service based on libs and integrated in the services.jar.
    After some digging i found out that services.jar loads libvkjni.so, which loads libvkmanager.so/libvkservice.so, which eventually trigger KnoxGuard.apk to do it's thing inside the running rom.
    So basically deleting libvkjni.so, libvkmanager.so/libvkservice.so and KnoxGuard.apk/Rlc.apk will disable the service.
    Optional (requires decrypted csc), you can check in the csc files for

    Code:
    <CscFeature_Knox_SupportKnoxGuard>[COLOR="Red"]TRUE[/COLOR]</CscFeature_Knox_SupportKnoxGuard>
    make sure you set it to
    Code:
    <CscFeature_Knox_SupportKnoxGuard>[COLOR="Red"]FALSE[/COLOR]</CscFeature_Knox_SupportKnoxGuard>
    Here's what logs say about this: (you can see in red the important things)

    Code:
    W system_server: Lcom/android/server/VaultKeeperService; failed initialization: java.lang.UnsatisfiedLinkError: [COLOR="Red"]Library vkjni not found[/COLOR]; tried [/system/lib64/libvkjni.so, /system/vendor/lib64/libvkjni.so]
    W system_server:   at void java.lang.Runtime.loadLibrary0(java.lang.ClassLoader, java.lang.String) (Runtime.java:1040)
    W system_server:   at void java.lang.System.loadLibrary(java.lang.String) (System.java:1669)
    W system_server:   at void com.android.server.VaultKeeperService.<clinit>() (VaultKeeperService.java:69)
    W system_server:   at void com.android.server.SystemServer.startOtherServices() (SystemServer.java:-1)
    W system_server:   at void com.android.server.SystemServer.run() (SystemServer.java:-1)
    W system_server:   at void com.android.server.SystemServer.main(java.lang.String[]) (SystemServer.java:-1)
    W system_server:   at java.lang.Object java.lang.reflect.Method.invoke(java.lang.Object, java.lang.Object[]) (Method.java:-2)
    W system_server:   at void com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run() (RuntimeInit.java:493)
    W system_server:   at void com.android.internal.os.ZygoteInit.main(java.lang.String[]) (ZygoteInit.java:944)
    W system_server: 
    W System.err: java.lang.UnsatisfiedLinkError: [COLOR="Red"]Library vkjni not found[/COLOR]; tried [/system/lib64/libvkjni.so, /system/vendor/lib64/libvkjni.so]
    W System.err:   at java.lang.Runtime.loadLibrary0(Runtime.java:1040)
    W System.err:   at java.lang.System.loadLibrary(System.java:1669)
    W System.err:   at com.android.server.VaultKeeperService.<clinit>(VaultKeeperService.java:69)
    W System.err:   at com.android.server.SystemServer.startOtherServices(Unknown Source:819)
    W System.err:   at com.android.server.SystemServer.run(Unknown Source:273)
    W System.err:   at com.android.server.SystemServer.main(Unknown Source:5)
    W System.err:   at java.lang.reflect.Method.invoke(Native Method)
    W System.err:   at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
    W System.err:   at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:944)
    E SystemServer: [COLOR="red"]Failed to add VaultKeeper Service[/COLOR].
    And a bit after this comes the nice part:
    Code:
    I SystemServer: StartKnoxGuard
    E VaultKeeperManager: VaultKeeperService is null
    E VaultKeeperManager: Unauthorized Pkg. Manager can't be provided.
    D KG.Utils: getRlcState.
    I KgvManager: query(void)
    E KgvManager: [-5]Error from VaultKeeper Manager is null object
    E KG.Utils: [COLOR="red"]KnoxGuardVaultManager not supported[/COLOR] (KnoxGuardVaultException)
    I KG.IntegrityUtil: setInitialState
    E KG.IntegrityUtil: Client Notfound : android.content.pm.PackageManager$NameNotFoundException: com.samsung.android.kgclient
    As a basic check one of my testers was locked on his S8+ running stock rom. He downgraded the bootloader and modem to Oreo, flashed TWRP, deleted libvkjni.so, libvkmanager.so/libvkservice.so and KnoxGuard.apk/Rlc.apk, flashed Pie bootloader and modem and booted up with no lock and no more red text "Only official released binaries are allowed to be flashed".

    How long this will last? Well, Samsung can always turn it into a mandatory thing or even fully change the way this works, making our phones get stuck in bootloop, nobody can tell, but for now let's enjoy it while it lasts.
    As further instructions, for safety reasons make sure you flash this bypass zip after flashing any Samsung based rom (Touchwiz/OneUI), it may take a while until all devs integrate it in their roms.

    Last but not least, make sure you understand the following:
    • This only applies after you unlocked your phone and installed TWRP successfully (check first post for more details about that)
    • This patch is compatible with both Oreo and Pie
    • This patch is compatible only with exynos Samsung devices
    • This patch is needed only on exynos Samsung devices manufactured after 2017
    • This patch comes with absolutely no warranty, you may get locked back anytime without any notice, don't try to blame me or other people involved in this for your failure.
    If you are going to include any part of this in your work, make sure you give proper credits. Thank you
    Special thanks goes to @BlackMesa123 for initial work, @_alexndr for script improvements, @ananjaser1211 for further testing and supporting all my things all the time, all my testers/users that got dragged into this without even knowing, and of course people who already kanged the patch from my kernel zip (if i didn't say anything doesn't mean i didn't saw it ;) ).
    You can find KG/RMM Bypass zip attached to this post.
    All the best!
    23
    As gathering some more feedback from users i will give an update to this thread hoping that i cover at least some of the problems that occured since the last update.

    1. Some users noticed me they can't make OEM toggle show even after waiting those 168h, for me last time i got locked on purpose i managed to make it show after 3 days (72h) without doing anything specific. For the moment my advice will be to flash oldest firmware available for your device that has same bootloader and modem revision as your current, and try again with date trick or with waiting 168h.
    You can find out what bl/modem rev you have by checking the current build number of your current rom. Let's take A520FXXU7CRL8 - in this build number 7 is the revision, leave other numbers and letters for some other time. To be able to flash older firmware it must be same revision, or odin will fail. Search on the firmware related websites for older fw of your phone/region that has that same revision. So for the device mentioned before A520FXXU7CRHA is the oldest fw that can be flashed.

    2. Pie is out. Funny that, but it also has new locks, new things, all still new to everyone, fixes not working yet and so on. Few people including me got locked on Pie and we found some workarounds to it to prevent data loss.
    First of all, old patch doesn't help anymore so flashing it will be pointless. The RMM v2 is called KG too (KnoxGuard) which also comes attached with the apk that throws you in "payment lock" if you delete it. You can see it in download mode as "KG state = prenormal" if you have the lock. Do note "KG state = checking" is harmless (phone is unlocked), that's how it is on most of the devices.
    My personal advice for this is to reflash Oreo bootloader and modem (which i did), ofc following the rules posted at 1), bootloader and modem being same revision as your current. Flashing oreo bootloader and modem will force the phone from RMM v2 to RMM v1, and since pie doesn`t have anymore files of RMM v1 inside, will simply get unlocked (for the moment). Now, this is not a permanent solution because things may change in pie and require updating of bootloader and modem.
    My friend @_alexndr details here an alternative way, as the oreo method, which concludes in flashing full pie firmware and wait to get unlocked by itself, either flash oreo, get ota update to pie and wait to get unlocked by itself.
    The real issue of this is that we couldn't find yet the secrets behind the new locks so, without a flashable patch to disable further locks, it can come in any custom roms, stock roms rooted etc.
    Stay safe!
    9
    Please take some time and read carefully the whole post. I am not and i won`t be responsable for anything.

    Awesome guide corsi this needs to get around.