[GUIDE][17.06.2019] RMM/KG bypass - Root/Install TWRP on Exynos Samsung after 2018

Search This thread

corsicanu

Recognized Developer
UPDATE 17.06.2019 - NEW RMM/KG bypass patch

UPDATE 23.02.2019 - Pie and more


Please take some time and read carefully the whole post. I am not and i won`t be responsable for anything.

Disclaimer
I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed.
Please do some research if you have any concerns about this guide!
YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
Flashing any custom binary will trigger knox and you may lose your warranty. Make sure you know what you do to your device.

Introduction
December 2017 update (for some even older) brought us a different lock, that creates panic among users as usual. As described here by my friend @BlackMesa123, this is not a lock to developement, rather an advanced lock for theft or scams. This has a bypass too, specially when you`re the owner of the device.

How it works
This lock is in bootloader, but the trigger to it is inside the system, it`s hard to reproduce, but usually happens when you plug another country sim than your firmware country, because changing the country might not seem as a traveling guy and more like a thief. If you are on stock rom all this time, you might not feel the change, as the device reboots and wipes data, but it will eventually boot. The nice thing comes if you already have custom binary installed (rooted kernel or twrp), as you can`t boot anymore because bootloader is preventing you to boot on custom binaries and alter the system.

Devices confirmed to have the lock:
  • Any other Samsung device manufactured after 2017
  • Samsung Galaxy S9 & S9+ - SM-G960F & SM-G965F
  • Samsung Galaxy Note 8 - SM-N950F
  • Samsung Galaxy S8 & S8+ - SM-G950F & SM-G955F
  • Samsung Galaxy A8 & A8+(2018) - SM-A530F & SM-A730F
  • Samsung Galaxy A Series (2017) - SM-A320F/FL, SM-A520F & SM-A720F
  • Samsung Galaxy Note FE - N935F

How to know if you are locked
There are 3 things at this chapter:
1. "Only official released binaries are allowed to be flashed" message shows up and now you know for sure you got locked outside your phone
2. Missing OEM unlock toggle in developer settings, if your device has FRP
3. "RMM state = Prenormal" in download mode

How to unlock
1. As i personally did, and other users reported, if you face any of the things above, flash latest full stock fw of your country with Odin, boot up, don`t reboot, don`t unplug the sim and don`t disconnect the network connection for 7 full days (168h). It seems that after 7 days of uptime, RMM state resets and you can flash TWRP again without issues. You can see uptime in settings/about device/status.
2. Some users reported this guide was working in first Oreo fw releases, can't guarantee it still works.

How to avoid getting locked again
Unfortunately bootloader can`t be reverted to older revisions, so we need to live with this. My friend @BlackMesa123 made some investigation and found out how to disable this lock. After waiting those 7 days, go to settings/developer option and enable OEM unlock. In order to never get locked again, flash TWRP for your device (install instructions below), boot into TWRP (do not boot into rom yet as you might get locked again), download and flash his fix from here (don`t forget to thank him too for his findings).
You can keep this zip near and flash it after flashing any custom rom, to be sure you don`t get locked again. The zip contains an universal script that disables the services responsable. Can be flashed on any device, if the device has the lock, won`t get locked again, if not, nothing will happend. I like to say "better safe than sorry".

How to safely install TWRP
Considering you are already unlocked (waited those 7 days), follow the next steps carefully:
  1. Make sure you downloaded latest Odin, samsung usb drivers installed, latest RMM-State_Bypass fix (download links are in #2 post) and latest TWRP available for your device
  2. Put RMM-State_Bypass.zip in external sdcard
  3. Go to settings/Developer options and enable OEM unlock (If you don't see developer settings, go into Settings/About phone/Software info and tap "Build number" 10 times to show Developer options menu)
  4. Reboot the phone into download mode and connect the usb cable
  5. Open Odin, go into options and untick Auto-reboot and put the TWRP tar file in AP tab of odin, hit Start and wait
  6. When Odin shows "PASS", take your device in hands, disconnect the usb cable and press simultaneously the "Power" + "Vol. Down" + "Vol. Up" buttons until the downoad mode disappears
  7. At the precise moment the screen becomes black, immediately release the "Vol.Down" button and press the "Vol. Up" + "Power" buttons during 10 to 15sec to forcefully enter TWRP
    ***Don't boot into rom because it will lock your device again!!!!
  8. Once the custom recovery booted, swipe to "Allow modification" and flash RMM-State_Bypass.zip as normal zip
Now you can reboot into rom and hopefully never get locked again.
If any of above steps fail, redo from step 1, more carefully this time.


How to safely root
Considering you already unlocked (waited those 7 days) and you have TWRP installed, follow the next steps carefully:
  1. Download root zip and no-verity-opt-encrypt-6.0 (download links are in #2 post) and drop the zips into external sdcard
  2. Boot into TWRP and swipe "Allow modifications"
  3. Go into Wipe menu and select "Format data" - note that this will erase all your data including internal storage
  4. Reboot recovery, swipe to "Allow modification" and flash RMM-State_Bypass.zip
  5. Flash no-verity-opt-encrypt-6.0 zip downloaded at step #1 to disable data partition encryption
  6. Flash root zip downloaded at step #1
  7. Reboot the phone into system
  8. After booting up in setting wizard make sure to uncheck diagnostic data
If any of above steps fail, redo from step 1, more carefully this time.


You can read more about it here here, here, here, here or here.

Credits
@BlackMesa123
@RicePlay33
@Yahia Angelo
@TaifAljaloo
@ananjaser1211
 
Last edited:

corsicanu

Recognized Developer
Useful links

FAQ
Q: TWRP can't mount data partition, what to do?
A: Make sure you formatted data partition.

Q: Phone is not booting even after 20 minutes?
A: Try to reboot. If still not booting, make sure you formatted data partition.

Q: How to format data partition?
A:
ymlnQUE.jpg


Q: Why do i need to format data partition?
A: Because old rom encrypted your data partition and new rom can't decrypt and use that content / root needs access to data partition to place misc files / phone not booting after flashing root until data partition gets formatted.

Q: Why not formatting data at twrp install?
A: Phone will boot even if data is encrypted if you don't root. Also system partition is not encrypted meaning you can flash RMM-State_Bypass anyway.
 
Last edited:

corsicanu

Recognized Developer
It says any Samsung is why I asked, lol

Sent from my SM-G892A using Tapatalk
My bad, edited the title.
i dont recall ever seeing vaultkeeper prop value on SD variants.. im on p2xl now and also dont see it so might be specific to exynos chipsets? only time will tell (pun intended)
Vaultkeeper prop is tied to vaultkeeper service, that indeed seems to be samsung exynos related service.
Anyway US Samsung variants are very well known for bootloader lock, so even if you had this, bootloader won't let you flash anything.
Regards.

Sent from my SM-A530F using Tapatalk
 

partcyborg

Recognized Developer
Jun 23, 2017
2,548
2,288
OnePlus 9 Pro


?? this write up is for unlocked F variants.. not usa locked SD variants


Yea, this is the new thing that made everyone panic thinking oreo was blocking comsy flashing a bit ago (lol). Idk if usa sds have this on oreo or not as i havent looked.

Thanks OP for calling out non-us snapdragon in the subject, that will definitely lead to less misunderstanding and privmsgs to me ?️




PS
That last comment was not directed at you @progro420, it sounds like it was not clear at all at first the scope of this thing so im glad you brought it to my attention)
 

haniasita

New member
Jun 13, 2017
4
1
Hello there, first time posting here. I'm facing issues with checking whether or not my device is locked, because none of the signs you've listed are telling me anything.

Here's what I did in order :

1. I first checked if the OEM unlock button was present - and it was, so I promptly enabled it.
2. I went into download mode and checked for the RMM state. This is the odd part : There is no RMM entry in the top left in download mode (See attached picture). As you can see by the Knox trip, the picture was taken after my original attempt, but the first time around the information was the exact same.
d6WVz52.jpg

3 : Seeing no issues, I went ahead and flashed TWRP, which actually worked without any errors - Odin did display "PASS".
4. I rebooted into TWRP, flashed the RMM bypass, and rebooted to ROM.

At this point, my A8 refused to boot and was stuck in a bootloop, so I flashed back the original firmware and now it's working again, although without root or TWRP.
I still see no signs of any sort of lock on the device. If I wanted to flash TWRP again it would likely do so without any issues, but being afraid of just causing another bootloop, I'd rather report about this before trying anything else. Should I just try again?

RESOLVED : I fixed it by very carefully following the following post : https://forum.xda-developers.com/ga.../twrp-3-2-1-1-a8-sm-a530f-02-02-2018-t3744169

It appears some devices, like mine, do not have RMM protection at all. If this is the case for you and you're experiencing the same issues I'm facing, follow the guide above and make sure to do it all very neatly and carefully. Once done, your device will be wiped clean, but rooted.
 
Last edited:

mchlbenner

Senior Member
Jul 1, 2008
3,381
841
You can charge the phone that is fine no reboots during the 168 hour that renable oem so can enable oem unlock.


I sharing what work for me you did put it in the right sim 1 right.
This what I did .
When I got phone I did not put sim card in until I had root and everything done.
1) in stall Odin.
2)flash twrp
3)unplug phone boot into twrp by holding power and volume up and down when download mode disappears hold power and volume up you will boot into twrp.
Swipe to allow modifications then swipe to reformat.
4)go to sdcard you put in and install mesas custom kernel v1.
5) install no verity no encrypt ashy.zip.
6) install supsu if you want root.
Know to explain the was accidentally not planned.
Follow this you get TWRP and root.

Sent from my SM-A730F using xda premium
 

PIRATA!

Senior Member
Dec 6, 2010
2,719
176
....

How to unlock
As i personally did, and other users reported, if you face any of the things above, flash latest full stock fw of your country with Odin, boot up, don`t reboot, don`t unplug the sim and don`t disconnect the network connection for 7 full days (168h). It seems that after 7 days of uptime, RMM state resets and you can flash TWRP again without issues. You can see uptime in settings/about device/status.
.....

Is this lock reset again if script is uninstalled and stock rom flashed again?

Is there any chance that on NON-USA devices like A8 2018 can be installed TWRP and be able to revert back to stock without losing warranty in case of Samsung assistance??

Thanks!

Sent from my SM-G950F using Tapatalk
 

SuperiorLouis

New member
May 31, 2018
2
0
What happens if you accidentally disconnected your phone from the network connection? Can you reconnect and wait for the remaining time or do you have to flash the stock firmware again and wait for another 7 full days? Thank you :)
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 33
    UPDATE 17.06.2019 - NEW RMM/KG bypass patch

    UPDATE 23.02.2019 - Pie and more


    Please take some time and read carefully the whole post. I am not and i won`t be responsable for anything.

    Disclaimer
    I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed.
    Please do some research if you have any concerns about this guide!
    YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
    Flashing any custom binary will trigger knox and you may lose your warranty. Make sure you know what you do to your device.

    Introduction
    December 2017 update (for some even older) brought us a different lock, that creates panic among users as usual. As described here by my friend @BlackMesa123, this is not a lock to developement, rather an advanced lock for theft or scams. This has a bypass too, specially when you`re the owner of the device.

    How it works
    This lock is in bootloader, but the trigger to it is inside the system, it`s hard to reproduce, but usually happens when you plug another country sim than your firmware country, because changing the country might not seem as a traveling guy and more like a thief. If you are on stock rom all this time, you might not feel the change, as the device reboots and wipes data, but it will eventually boot. The nice thing comes if you already have custom binary installed (rooted kernel or twrp), as you can`t boot anymore because bootloader is preventing you to boot on custom binaries and alter the system.

    Devices confirmed to have the lock:
    • Any other Samsung device manufactured after 2017
    • Samsung Galaxy S9 & S9+ - SM-G960F & SM-G965F
    • Samsung Galaxy Note 8 - SM-N950F
    • Samsung Galaxy S8 & S8+ - SM-G950F & SM-G955F
    • Samsung Galaxy A8 & A8+(2018) - SM-A530F & SM-A730F
    • Samsung Galaxy A Series (2017) - SM-A320F/FL, SM-A520F & SM-A720F
    • Samsung Galaxy Note FE - N935F

    How to know if you are locked
    There are 3 things at this chapter:
    1. "Only official released binaries are allowed to be flashed" message shows up and now you know for sure you got locked outside your phone
    2. Missing OEM unlock toggle in developer settings, if your device has FRP
    3. "RMM state = Prenormal" in download mode

    How to unlock
    1. As i personally did, and other users reported, if you face any of the things above, flash latest full stock fw of your country with Odin, boot up, don`t reboot, don`t unplug the sim and don`t disconnect the network connection for 7 full days (168h). It seems that after 7 days of uptime, RMM state resets and you can flash TWRP again without issues. You can see uptime in settings/about device/status.
    2. Some users reported this guide was working in first Oreo fw releases, can't guarantee it still works.

    How to avoid getting locked again
    Unfortunately bootloader can`t be reverted to older revisions, so we need to live with this. My friend @BlackMesa123 made some investigation and found out how to disable this lock. After waiting those 7 days, go to settings/developer option and enable OEM unlock. In order to never get locked again, flash TWRP for your device (install instructions below), boot into TWRP (do not boot into rom yet as you might get locked again), download and flash his fix from here (don`t forget to thank him too for his findings).
    You can keep this zip near and flash it after flashing any custom rom, to be sure you don`t get locked again. The zip contains an universal script that disables the services responsable. Can be flashed on any device, if the device has the lock, won`t get locked again, if not, nothing will happend. I like to say "better safe than sorry".

    How to safely install TWRP
    Considering you are already unlocked (waited those 7 days), follow the next steps carefully:
    1. Make sure you downloaded latest Odin, samsung usb drivers installed, latest RMM-State_Bypass fix (download links are in #2 post) and latest TWRP available for your device
    2. Put RMM-State_Bypass.zip in external sdcard
    3. Go to settings/Developer options and enable OEM unlock (If you don't see developer settings, go into Settings/About phone/Software info and tap "Build number" 10 times to show Developer options menu)
    4. Reboot the phone into download mode and connect the usb cable
    5. Open Odin, go into options and untick Auto-reboot and put the TWRP tar file in AP tab of odin, hit Start and wait
    6. When Odin shows "PASS", take your device in hands, disconnect the usb cable and press simultaneously the "Power" + "Vol. Down" + "Vol. Up" buttons until the downoad mode disappears
    7. At the precise moment the screen becomes black, immediately release the "Vol.Down" button and press the "Vol. Up" + "Power" buttons during 10 to 15sec to forcefully enter TWRP
      ***Don't boot into rom because it will lock your device again!!!!
    8. Once the custom recovery booted, swipe to "Allow modification" and flash RMM-State_Bypass.zip as normal zip
    Now you can reboot into rom and hopefully never get locked again.
    If any of above steps fail, redo from step 1, more carefully this time.


    How to safely root
    Considering you already unlocked (waited those 7 days) and you have TWRP installed, follow the next steps carefully:
    1. Download root zip and no-verity-opt-encrypt-6.0 (download links are in #2 post) and drop the zips into external sdcard
    2. Boot into TWRP and swipe "Allow modifications"
    3. Go into Wipe menu and select "Format data" - note that this will erase all your data including internal storage
    4. Reboot recovery, swipe to "Allow modification" and flash RMM-State_Bypass.zip
    5. Flash no-verity-opt-encrypt-6.0 zip downloaded at step #1 to disable data partition encryption
    6. Flash root zip downloaded at step #1
    7. Reboot the phone into system
    8. After booting up in setting wizard make sure to uncheck diagnostic data
    If any of above steps fail, redo from step 1, more carefully this time.


    You can read more about it here here, here, here, here or here.

    Credits
    @BlackMesa123
    @RicePlay33
    @Yahia Angelo
    @TaifAljaloo
    @ananjaser1211
    11
    Useful links

    FAQ
    Q: TWRP can't mount data partition, what to do?
    A: Make sure you formatted data partition.

    Q: Phone is not booting even after 20 minutes?
    A: Try to reboot. If still not booting, make sure you formatted data partition.

    Q: How to format data partition?
    A:
    ymlnQUE.jpg


    Q: Why do i need to format data partition?
    A: Because old rom encrypted your data partition and new rom can't decrypt and use that content / root needs access to data partition to place misc files / phone not booting after flashing root until data partition gets formatted.

    Q: Why not formatting data at twrp install?
    A: Phone will boot even if data is encrypted if you don't root. Also system partition is not encrypted meaning you can flash RMM-State_Bypass anyway.
    6
    Reserved for later use [emoji16]
    2
    2
    It says any Samsung is why I asked, lol

    Sent from my SM-G892A using Tapatalk
    My bad, edited the title.
    i dont recall ever seeing vaultkeeper prop value on SD variants.. im on p2xl now and also dont see it so might be specific to exynos chipsets? only time will tell (pun intended)
    Vaultkeeper prop is tied to vaultkeeper service, that indeed seems to be samsung exynos related service.
    Anyway US Samsung variants are very well known for bootloader lock, so even if you had this, bootloader won't let you flash anything.
    Regards.

    Sent from my SM-A530F using Tapatalk