• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[GUIDE] How to root without tripping knox - Kitkat and Lollipop, Locked bootloader

Search This thread

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,087
9,907
I take no responsibility for what happens to your device if you follow this guide. Rooting or modifying carries risks, however I have tested this procedure many times with 100% success on my SM-t805. It should work for any device, but I can't confirm, so feedback please if it works for your device.

1. Firstly you need to downgrade your device to a XXU1ANF8 or earlier firmware suitable for your particular model. This is available at http://samsung-updates.com/ or you can use this one XSG-T805XXU1ANF8-20140625 which is for the T805 model only.

https://www.androidfilehost.com/?fid=23501681358555496 T800 only


Download and then install the firmware on your device with ODIN.
If you are still on Kitkat then there is no need to wipe the data partition. However if you are running Lollipop after successful installation you will need to boot into recovery POWER + HOME + VOL UP then select WIPE DATA/RESET -
YOU WILL LOSE ALL YOUR USER DATA SO BACK UP ANYTHING YOU NEED TO THE SD CARD FIRST!

NOTE: IF THE INSTALL FAILS AT HIDDEN.IMG OR CACHE.IMG SIMPLY BOOT INTO RECOVERY AFTERWARDS AND WIPE CACHE THEN CARRY ON WITH THE REST OF THE PROCEDURE.

2. Once booted into Android, set up your wifi and google account and skip everything else (this wont be needed if you didn't wipe the data partition)

3. Next we need to install a Few apps, so go ahead and install these apps from Play Store:

System app remover(root)
Root Validator
Terminal Emulator For Android
KINGROOT 4.1

Kingroot updates and earlier versions if posted version doesn't work:

http://androidxda.com/download-kingroot-application

Kingroot 4.5 (latest version)

We also need to download the package from this LINK

4. Using the built in File Manager extract the zip package to your internal SD card. Once extracted, inside the extracted folder is another folder called MRW.

THIS FOLDER NEEDS TO BE MOVED TO THE ROOT OF YOUR INTERNAL SD CARD OR THIS WON'T WORK.

5. Next go to Settings set your display timeout to 10 mins.
Now Run KINGROOT then wait for it to do it's thing. If it reboots part way through the process then after rebooting unlock your device, but don't touch anything for a couple of mins. The app should restart and continue. If you are successful you can move to the next step. If not, exit the app and run it again, it may take several attempts before you eventually achieve root.

6. After success uninstall the KINGROOT app (NOT KINGUSER) (not required with v4.5) and the other blue app with Chinese writing.
Now reboot - DO NOT RUN THE KINGUSER APP

7. Let your device fully boot then run the Terminal Emulator and wait for the command prompt
NOTE: IF AT ANY POINT YOU SEE A POP UP BOX WITH CHINESE WRITING ASKING YOU TO UPDATE THE KINGUSER APP SELECT CANCEL.
Now type or copy and paste the following command into the Terminal window:

su

It will ask for root permission, so select ALLOW.

Without closing the terminal emulator window, hit the HOME button and run the SYSTEM APP REMOVER app. (The app is red and simply called UNINSTALL)
The app will ask for root permission, hit ALLOW.
Look for the KINGUSER app then select it and uninstall it. Exit from the app.
Re-open the terminal emulator window and type the following:

sh /sdcard/mrw/root.sh

This will run a script, you will see a bunch of warnings, just ignore them .At then end of the script the SUPERSU app will run.

8. Hit CONTINUE then NORMAL.
Next you may see another message that 'Samsung knox has been detected'. When you see this message select CANCEL.
Once completed you should see a message saying that installation has been successful. Hit OK.
If you see the message again 'Samsung knox has been detected' select CANCEL then exit the SUPERSU app.

9 . Now check with ROOT VALIDATOR that you have root and everything looks ok.

DO NOT REBOOT.

The root is only temporary, if you reboot you will lose root.

10. The next step is to install our ROM of choice with Flashfire.
For more info on FLASHFIRE see here: http://forum.xda-developers.com/general/paid-software/flashfire-t3075433


11. Run FLASHFIRE and grant it root.

12. Agree to the disclaimer and then hit the Red circle with a white +.
Next select 'Flash firmware package' and then navigate to the firmware you want to install (in this case the stock tar package) and select it.
Wait until it finishes scanning the archive.
Next you will see the list of partitions to be flashed, all that is really required is BOOT, RECOVERY and SYSTEM. You can flash the others if you wish.
When you're happy hit the TICK and then you will see a list of what will be flashed. If you tap any one of them you will be able to change the options. Tap the REBOOT option then select DOWNLOAD from the list. This is so we can boot into download mode after the flashing process to flash the Lollipop BOOTLOADER. If not upgrading to lollipop just select REBOOT
I'd advise to leave the rest as is and then hit FLASH

NOW WATCH CHAINFIRES MAGIC!

13. After reboot it should boot directly into DOWNLOAD mode or REBOOT if not updating to Lollipop.
If updating to Lollipop we need to flash a Lollipop BOOTLOADER. I have provided a link below for the T800 and T805. If you have a T700/705/T807/T707 or if the ones provided don't work then you will have to extract it from the Lollipop stock ROM and then TAR it up.

T800XXU1BOCC_BOOTLOADER.tar

T805XXU1BOCC_BOOTLOADER.tar

Latest T800 boot loader thanks DUHasian skillz.

T800XXU1BOE3 bootloader

Flash the BOOTLOADER with ODIN.

If successful then after reboot you should have a rooted version of Lollipop or whatever rom you decided to install and an untripped Knox counter(hopefully)

Good luck and please give feed back. :)

If you wish you can give feedback to Chainfire at the link posted at the beginning of this post.

NOTE: If you wish to change roms or update and wish to keep root you will have to use the same procedure with Flashfire.

Also note that if you flash a custom KERNEL or BOOTLOADER then it may trip KNOX. Custom ROMs with stock KERNEL and BOOTLOADER should be OK(but don't hold me to that)


CREDITS TO CHAINFIRE FOR FLASHFIRE AND SUPERSU, KINGTEAM FOR ROOT AND WOLFDROID FOR THE KINGROOT REMOVAL SCRIPT.
 
Last edited:

3DSammy

Senior Member
May 5, 2011
1,252
617
Toronto
Just so that I understand the limits of this method I need to ask. Is this method specific to achieve rooted (SuperSU) Lollipop 5.0.2 without tripping Knox or can further changes be made? For example:
1) Remove system apps (removing bloat).
2) Adding system apps such as Viper4Android, busybox, which must be installed in /system/priv-app
3) The Lollipop/Samsung compatible XPosed framework and modules
4) Installing a Tab S model compatible recovery (e.g. TWRP) as I would really like nandroid backups.

I only ask as in the Tab S Kingroot thread there was a post which mentioning that despite Kingroot having successfully achieved root without tripping Knox if you messed with the /system partition files there was the possibility of tripping Knox.

The comment in step 12 "... then navigate to the firmware you want to install ..." suggests that you could install one of the model compatible custom ROMs (e.g. CM). Is that a correct assumption or right now are you restricted to Lollipop stock? Some of those ROMs are from Lollipop 5.1.1 AOSP source (e.g. CM 12.1) which may be going too far with this method and still not trip Knox.

One last question, if I did implemented this could I go back to a pure unrooted stock kitkat/lollipop using Odin or Flashfire without tripping Knox? Odin would be fine.

I greatly appreciate the effort and quality of your post. I had hoped that a "Knox off" SuperSU lollipop root would be found for my month old Tab S 10.5 as I'm used to the low risk flashing on the Nexus devices and have had a mean itch to root without obvious risk to my warranty.

Thanks again
 
Last edited:
  • Like
Reactions: Morrisme and ashyx

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,087
9,907
This method can be used to root any Rom.
Once you have root you can practically do what you please.
As for tripping Knox if you mess with the system partition, that's the whole point of root it already messes with the system partition. It shouldn't trip Knox, but never say never.
Just ensure once you have root you remove everything Knox related.
I can't confirm if a custom Rom will trip Knox, but as already stated as long as the bootloader and kernel are stock I believe it won't trip Knox.
Custom recovery may trip Knox.

You can go back to stock any time you wish.
 
Last edited:

3DSammy

Senior Member
May 5, 2011
1,252
617
Toronto
ashyx, as I'm a Linux user its taken me a while to set up a Windows machine but I finally have KIES working and Odin recognizing my Tab S. Now I'm doing my "read your how-to OP twice and root once" prework, but I'm left with a bit of confusion. In my case I am already on Lollipop 5.0.2 so have downloaded stock 4.4.2. When I read steps 12 and 13 I became a bit confused.

What I want is to be rooted (SuperSu) on stock lollipop (T800XXU1BOE2) so I'm assuming that in step 12 I will be using Flashfire to flash boot, recovery and system from the Samsung stock 5.0.2 lollipop firmware file. My confusion comes in step 13 as it seems redundant to flash the lollipop bootloader I just flashed in step 12. Is step 13's flashing the bootloader redundant if you flashed it in step 12?

I apologize if this is a noob question but I just want to get things right and avoid a bricked device especially when the bootloader is involved. At this point I'm only looking to remove bloat and add specific apps that require root so rooted stock is good enough but I'll be in position to try a custom ROM if I feel the need.

Thanks again
 

shayind4

Senior Member
Mar 24, 2008
540
97
London
ashyx, as I'm a Linux user its taken me a while to set up a Windows machine but I finally have KIES working and Odin recognizing my Tab S. Now I'm doing my "read your how-to OP twice and root once" prework, but I'm left with a bit of confusion. In my case I am already on Lollipop 5.0.2 so have downloaded stock 4.4.2. When I read steps 12 and 13 I became a bit confused.

What I want is to be rooted (SuperSu) on stock lollipop (T800XXU1BOE2) so I'm assuming that in step 12 I will be using Flashfire to flash boot, recovery and system from the Samsung stock 5.0.2 lollipop firmware file. My confusion comes in step 13 as it seems redundant to flash the lollipop bootloader I just flashed in step 12. Is step 13's flashing the bootloader redundant if you flashed it in step 12?

I apologize if this is a noob question but I just want to get things right and avoid a bricked device especially when the bootloader is involved. At this point I'm only looking to remove bloat and add specific apps that require root so rooted stock is good enough but I'll be in position to try a custom ROM if I feel the need.

Thanks again

Good question. DO NOT flash bootloader in step 12 (newer bootloader) as Knox is likely to be tripped when you flash the 4.4.2 bootloader via odin in step 13. That was the instruction in Mobile odin (which could not flash bootloader). Flashing bootloader in step 12 is redundant.

shayind4
 
  • Like
Reactions: 3DSammy

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,087
9,907
Good question. DO NOT flash bootloader in step 12 (newer bootloader) as Knox is likely to be tripped when you flash the 4.4.2 bootloader via odin in step 13. That was the instruction in Mobile odin (which could not flash bootloader). Flashing bootloader in step 12 is redundant.

shayind4

Firstly, nowhere does it state to flash the kitkat bootloader on a lollipop Rom in step 12 or 13.
By step 13 you should be running a lollipop Rom.
Secondly Knox should not trip when flashing a stock bootloader. The bootloader can be flashed independently in Odin.
Lastly Flashfire does NOT flash bootloaders.
If you don't flash the bootloader your Rom won't boot.

I suggest you digest the guide again. :rolleyes:
 
Last edited:
  • Like
Reactions: 3DSammy

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,087
9,907
In my case I am already on Lollipop 5.0.2 so have downloaded stock 4.4.2. When I read steps 12 and 13 I became a bit confused.

What I want is to be rooted (SuperSu) on stock lollipop (T800XXU1BOE2) so I'm assuming that in step 12 I will be using Flashfire to flash boot, recovery and system from the Samsung stock 5.0.2 lollipop firmware file. My confusion comes in step 13 as it seems redundant to flash the lollipop bootloader I just flashed in step 12. Is step 13's flashing the bootloader redundant if you flashed it in step 12?
It doesn't state to flash the boot loader in step 12? :what:
Your boot loader will be replaced when you downgrade to kitkat via Odin.
You need to reflash the lollipop boot loader after using Flashfire to install your Lollipop Rom or it won't boot.
 
  • Like
Reactions: 3DSammy

Paddiii

Member
Mar 22, 2011
44
3
Do i need to use a prerooted rom with flashfire, to maintain root, or can i just flash any original samsung room even if its not prerooted?
 

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,087
9,907
Do i need to use a prerooted rom with flashfire, to maintain root, or can i just flash any original samsung room even if its not prerooted?
No, this is the whole point of the post. Flashfire will root for you.
 
Last edited:

bibihub

Senior Member
Oct 12, 2012
111
22
Sorry for being so long to give the feedback I promised.
I have one thing to say: thank you ! Your method works perfectly ! I am now running stock samsung lollipop on my T800 with knox untripped (0x0).

Little thing: your 4.4 file for the T800 isn't working (something wrong when flashing for the Hidden img). I took the same file but in XEF (I'm in France).

I just have a few questions now that could help other users:
-You say you are not sure about flashing another rom as long as it is with stock kernel and bootloader. But on a scale from 0 to 10 how sure are you about it working ? (I know you don't have any responsability in what happens, I just want a piece of advice).
- If for any reason I want to go back to stock, I just need to reflash the firmware with Odin ?
-Can I uninstall apps like the knox related ones without any risk about tripping knox ? (I think it is okay) (Edit: Ok I did it and knox not tripped. I used this tool http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294 that is very convenient for that purpose )

Again thank you for this tutorial !
 
Last edited:
  • Like
Reactions: ashyx

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,087
9,907
Sorry for being so long to give the feedback I promised.
I have one thing to say: thank you ! Your method works perfectly ! I am now running stock samsung lollipop on my T800 with knox untripped (0x0).

Little thing: your 4.4 file for the T800 isn't working (something wrong when flashing for the Hidden img). I took the same file but in XEF (I'm in France).

I just have a few questions now that could help other users:
-You say you are not sure about flashing another rom as long as it is with stock kernel and bootloader. But on a scale from 0 to 10 how sure are you about it working ? (I know you don't have any responsability in what happens, I just want a piece of advice).
- If for any reason I want to go back to stock, I just need to reflash the firmware with Odin ?
-Can I uninstall apps like the knox related ones without any risk about tripping knox ? (I think it is okay) (Edit: Ok I did it and knox not tripped. I used this tool http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294 that is very convenient for that purpose )

Again thank you for this tutorial !

The hidden.img failure is because its carrier/region related.For some it will flash ok, for others it will fail. It isn't actually required at all. Even if it fails to flash the rest of the Rom will.
All that needs to be done after that failure is to wipe cache in recovery.

As regards flashing custom roms. Remember your Rom is already custom as you have modified it.
I would say a good chance custom stock roms won't trip Knox as long as it's build properties reflect its a stock Rom.
However something like Cyanogen probably would trip Knox as its not based on stock.
I won't say this is for sure, but I think it's the general consensus.
 
  • Like
Reactions: 3DSammy and bibihub

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,087
9,907
Over one thousand views and literally only one person has bothered posting feed back. :confused:
 

3DSammy

Senior Member
May 5, 2011
1,252
617
Toronto
Over one thousand views and literally only one person has bothered posting feed back. :confused:

OK now two. I successfully applied your instructions yesterday. I really appreciate your guide.

What I did, differently is flashed with Odin using a Virtualbox Windows guest VM from my Ubuntu 14.04 host PC. It took a few days of false starts to get that working. Here is a "[How-To] Linux, Virtualbox and ODIN for your Samsung device", that I just posted to help others who do not have access to Windows machines.

Of the whole procedure the scariest moment was after flashing 4.4.2 stock with Odin over my devices 5.0.2 install. The reboot was too fast for me to get into recovery to wipe user data. I could not power off the SM-T800 and holding POWER + VOL DOWN just rebooted where it would hang displaying "SAMSUNG".

Booting into recovery ( POWER + VOL UP + HOME) had no effect what so ever. Finally I found that if I was fast enough I could reboot (POWER + VOL DOWN) and as soon as the screen went blank hold down the "POWER + VOL UP + HOME" buttons, then the tablet booted into recovery where wiping user data worked as described in your guide.

After completing your guide I am on stock Android 5.0.2 with Knox 0x0000.
My root apps so far:
  • Busybox
  • Titanium backup
  • GMD Gestures.
  • ES File Explorer with RW access to all partitions
  • System Uninstall Pro
  • Universal init.d
See Update below: "Unfortunately so far Viper4Android is not working as I cannot get SELinux permissive enabled either by the SELinux app or an init.d shell script using the "setenforce 0" command. From what I've read that is due to the Samsung stock bootloader."
V4A now works, see: "[HOW-TO] Installing Viper4Android (V4A) Audio on a Lollipop Tab S"

I took the high road and only froze the following KNOX related apps using titanium backup:
  • com.sec.enterprise.knox.attestation
  • KLMS Agent
  • KNOX
  • KNOX
  • KNOX II
  • KNOX SetUpWizardClient
So far I debloated 117Mgs of other apps using System Uninstall Pro. I bought the pro version of Flashfire just to show respect for Chainfire's development efforts. I have not tried to see if Flashfire's backups can be successfully restored yet.

Thanks again for your guide.:good:
 
Last edited:

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,087
9,907
Thanks for the feedback, it's constructive and encouraging for others to know It's successful.

For future reference you can disable auto reboot in Odin then manually reboot with POWER + VOL DOWN + HOME then as soon as it restarts switch to VOL UP while continuing to hold the other buttons.
The above procedure can be used at any point and will restart the device and get you into recovery every time.
 
Last edited:
  • Like
Reactions: bibihub and 3DSammy

vancities

Member
Jun 17, 2015
7
0
just registered to suport OP, it works

I thought I did not need to run the su script as I could use kinguser w/o problems. But the flashfire is not compatible with other kinguser. Hope chainfire could remove this restriction. Maybe there is another way to flash rom or other mobile odin alternatives.

The OP could add a link about how to use odin for newbies like me. The odin 3.10 have different wording than previous version.

One more thing to mention is that the kingroot will work if you downgrade. I was in kitkat XXU1ANFB which is only one version up. The kingroot failed 20 times. XXU1ANF8 only takes 3 times to work.

After debloating in lolipop, the system is not smoother than before. The display has less contrast and dimer than kitkat. I did not wipe data/cache so my setting stays the same.
I rooted only for better battery performance as charging will take 10+ hours and could not hold charge at use with power cord plugged. It seems that the performance is not improved for this device after debloating.
 
Last edited:

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,087
9,907
I thought I did not need to run the su script as I could use kinguser w/o problems. But the fireflash is not compatible with other root authorization app. Hope chainfire could remove this restriction. Maybe there is another way to flash rom or other mobile odin alternatives.

The OP could add a link about how to use odin for newbies like me. The odin 3.10 have different wording than previous version.

One more thing to mention is that the kingroot will work if you downgrade. I was in kitkat XXU1ANFB which is only one version up. The kingroot failed 20 times. XXU1ANF8 only takes 3 times to work.

After debloating in lolipop, the system is not smoother than before. The display has less contrast and dimer than kitkat. I did not wipe data/cache so my setting stays the same.
I rooted only for better battery performance as charging will take 10+ hours and could not hold charge at use with power cord plugged. It seems that the performance is not improved for this device after debloating.
I'm not quite sure what you're saying, but I think youre saying you had success?
Regarding Odin, it is not the intention of this post to spoon feed every single step, some knowledge is expected prior to following this guide. Anything relating to the actual process in this guide is explained in detail. Any other information you would ever require is already posted on XDA.
 
Last edited:
  • Like
Reactions: 3DSammy

vancities

Member
Jun 17, 2015
7
0
I'm not quite sure what you're saying, but I think youre saying you had success?
Regarding Odin, it is not the intention of this post to spoon feed every single step, some knowledge is expected prior to following this guide. Anything relating to the actual process in this guide is explained in detail. Any other information you would ever require is already posted on XDA.


I had success. What I mean is the step 6 7 8 9 are not necessary if flashfire could work with kinguser.
Also kingroot only works on XXU1ANF8 and maybe lower. I mentioned this because in other thread about kingroot, someone got success but most did not.
 

djoutlaw32

Member
Jul 4, 2009
18
0
So my feedback . everything was great , was a little confused about Odin at first but like you said everything can be found on xda. Need to be on the most recent Odin which I believe is 3.10. Kingroot took forever to root but I believe it has something to do with connectivity to the servers. So my tab s is rooted no Knox counter. I'm hoping the custom tw rom doesn't revert all the hard work ? thanks again op.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 39
    I take no responsibility for what happens to your device if you follow this guide. Rooting or modifying carries risks, however I have tested this procedure many times with 100% success on my SM-t805. It should work for any device, but I can't confirm, so feedback please if it works for your device.

    1. Firstly you need to downgrade your device to a XXU1ANF8 or earlier firmware suitable for your particular model. This is available at http://samsung-updates.com/ or you can use this one XSG-T805XXU1ANF8-20140625 which is for the T805 model only.

    https://www.androidfilehost.com/?fid=23501681358555496 T800 only


    Download and then install the firmware on your device with ODIN.
    If you are still on Kitkat then there is no need to wipe the data partition. However if you are running Lollipop after successful installation you will need to boot into recovery POWER + HOME + VOL UP then select WIPE DATA/RESET -
    YOU WILL LOSE ALL YOUR USER DATA SO BACK UP ANYTHING YOU NEED TO THE SD CARD FIRST!

    NOTE: IF THE INSTALL FAILS AT HIDDEN.IMG OR CACHE.IMG SIMPLY BOOT INTO RECOVERY AFTERWARDS AND WIPE CACHE THEN CARRY ON WITH THE REST OF THE PROCEDURE.

    2. Once booted into Android, set up your wifi and google account and skip everything else (this wont be needed if you didn't wipe the data partition)

    3. Next we need to install a Few apps, so go ahead and install these apps from Play Store:

    System app remover(root)
    Root Validator
    Terminal Emulator For Android
    KINGROOT 4.1

    Kingroot updates and earlier versions if posted version doesn't work:

    http://androidxda.com/download-kingroot-application

    Kingroot 4.5 (latest version)

    We also need to download the package from this LINK

    4. Using the built in File Manager extract the zip package to your internal SD card. Once extracted, inside the extracted folder is another folder called MRW.

    THIS FOLDER NEEDS TO BE MOVED TO THE ROOT OF YOUR INTERNAL SD CARD OR THIS WON'T WORK.

    5. Next go to Settings set your display timeout to 10 mins.
    Now Run KINGROOT then wait for it to do it's thing. If it reboots part way through the process then after rebooting unlock your device, but don't touch anything for a couple of mins. The app should restart and continue. If you are successful you can move to the next step. If not, exit the app and run it again, it may take several attempts before you eventually achieve root.

    6. After success uninstall the KINGROOT app (NOT KINGUSER) (not required with v4.5) and the other blue app with Chinese writing.
    Now reboot - DO NOT RUN THE KINGUSER APP

    7. Let your device fully boot then run the Terminal Emulator and wait for the command prompt
    NOTE: IF AT ANY POINT YOU SEE A POP UP BOX WITH CHINESE WRITING ASKING YOU TO UPDATE THE KINGUSER APP SELECT CANCEL.
    Now type or copy and paste the following command into the Terminal window:

    su

    It will ask for root permission, so select ALLOW.

    Without closing the terminal emulator window, hit the HOME button and run the SYSTEM APP REMOVER app. (The app is red and simply called UNINSTALL)
    The app will ask for root permission, hit ALLOW.
    Look for the KINGUSER app then select it and uninstall it. Exit from the app.
    Re-open the terminal emulator window and type the following:

    sh /sdcard/mrw/root.sh

    This will run a script, you will see a bunch of warnings, just ignore them .At then end of the script the SUPERSU app will run.

    8. Hit CONTINUE then NORMAL.
    Next you may see another message that 'Samsung knox has been detected'. When you see this message select CANCEL.
    Once completed you should see a message saying that installation has been successful. Hit OK.
    If you see the message again 'Samsung knox has been detected' select CANCEL then exit the SUPERSU app.

    9 . Now check with ROOT VALIDATOR that you have root and everything looks ok.

    DO NOT REBOOT.

    The root is only temporary, if you reboot you will lose root.

    10. The next step is to install our ROM of choice with Flashfire.
    For more info on FLASHFIRE see here: http://forum.xda-developers.com/general/paid-software/flashfire-t3075433


    11. Run FLASHFIRE and grant it root.

    12. Agree to the disclaimer and then hit the Red circle with a white +.
    Next select 'Flash firmware package' and then navigate to the firmware you want to install (in this case the stock tar package) and select it.
    Wait until it finishes scanning the archive.
    Next you will see the list of partitions to be flashed, all that is really required is BOOT, RECOVERY and SYSTEM. You can flash the others if you wish.
    When you're happy hit the TICK and then you will see a list of what will be flashed. If you tap any one of them you will be able to change the options. Tap the REBOOT option then select DOWNLOAD from the list. This is so we can boot into download mode after the flashing process to flash the Lollipop BOOTLOADER. If not upgrading to lollipop just select REBOOT
    I'd advise to leave the rest as is and then hit FLASH

    NOW WATCH CHAINFIRES MAGIC!

    13. After reboot it should boot directly into DOWNLOAD mode or REBOOT if not updating to Lollipop.
    If updating to Lollipop we need to flash a Lollipop BOOTLOADER. I have provided a link below for the T800 and T805. If you have a T700/705/T807/T707 or if the ones provided don't work then you will have to extract it from the Lollipop stock ROM and then TAR it up.

    T800XXU1BOCC_BOOTLOADER.tar

    T805XXU1BOCC_BOOTLOADER.tar

    Latest T800 boot loader thanks DUHasian skillz.

    T800XXU1BOE3 bootloader

    Flash the BOOTLOADER with ODIN.

    If successful then after reboot you should have a rooted version of Lollipop or whatever rom you decided to install and an untripped Knox counter(hopefully)

    Good luck and please give feed back. :)

    If you wish you can give feedback to Chainfire at the link posted at the beginning of this post.

    NOTE: If you wish to change roms or update and wish to keep root you will have to use the same procedure with Flashfire.

    Also note that if you flash a custom KERNEL or BOOTLOADER then it may trip KNOX. Custom ROMs with stock KERNEL and BOOTLOADER should be OK(but don't hold me to that)


    CREDITS TO CHAINFIRE FOR FLASHFIRE AND SUPERSU, KINGTEAM FOR ROOT AND WOLFDROID FOR THE KINGROOT REMOVAL SCRIPT.
    3
    Success! I installed IronROM 2.1 together with the stock T800 kernel using this method. The whole process only took about 15 minutes or so, practice clearly makes perfect. ;)

    Knox is still at 0x0000. I've got an OTA notice that IronROM 2.2 is available, I guess I'll see if it includes a new kernel before I install it. Thanks!

    Don't ota, it will install a custom kernel!
    Congrats on the install. Remember thanks is only a thumb away. ;)
    3
    This method can be used to root any Rom.
    Once you have root you can practically do what you please.
    As for tripping Knox if you mess with the system partition, that's the whole point of root it already messes with the system partition. It shouldn't trip Knox, but never say never.
    Just ensure once you have root you remove everything Knox related.
    I can't confirm if a custom Rom will trip Knox, but as already stated as long as the bootloader and kernel are stock I believe it won't trip Knox.
    Custom recovery may trip Knox.

    You can go back to stock any time you wish.
    2
    Just so that I understand the limits of this method I need to ask. Is this method specific to achieve rooted (SuperSU) Lollipop 5.0.2 without tripping Knox or can further changes be made? For example:
    1) Remove system apps (removing bloat).
    2) Adding system apps such as Viper4Android, busybox, which must be installed in /system/priv-app
    3) The Lollipop/Samsung compatible XPosed framework and modules
    4) Installing a Tab S model compatible recovery (e.g. TWRP) as I would really like nandroid backups.

    I only ask as in the Tab S Kingroot thread there was a post which mentioning that despite Kingroot having successfully achieved root without tripping Knox if you messed with the /system partition files there was the possibility of tripping Knox.

    The comment in step 12 "... then navigate to the firmware you want to install ..." suggests that you could install one of the model compatible custom ROMs (e.g. CM). Is that a correct assumption or right now are you restricted to Lollipop stock? Some of those ROMs are from Lollipop 5.1.1 AOSP source (e.g. CM 12.1) which may be going too far with this method and still not trip Knox.

    One last question, if I did implemented this could I go back to a pure unrooted stock kitkat/lollipop using Odin or Flashfire without tripping Knox? Odin would be fine.

    I greatly appreciate the effort and quality of your post. I had hoped that a "Knox off" SuperSU lollipop root would be found for my month old Tab S 10.5 as I'm used to the low risk flashing on the Nexus devices and have had a mean itch to root without obvious risk to my warranty.

    Thanks again
    2
    Sorry for being so long to give the feedback I promised.
    I have one thing to say: thank you ! Your method works perfectly ! I am now running stock samsung lollipop on my T800 with knox untripped (0x0).

    Little thing: your 4.4 file for the T800 isn't working (something wrong when flashing for the Hidden img). I took the same file but in XEF (I'm in France).

    I just have a few questions now that could help other users:
    -You say you are not sure about flashing another rom as long as it is with stock kernel and bootloader. But on a scale from 0 to 10 how sure are you about it working ? (I know you don't have any responsability in what happens, I just want a piece of advice).
    - If for any reason I want to go back to stock, I just need to reflash the firmware with Odin ?
    -Can I uninstall apps like the knox related ones without any risk about tripping knox ? (I think it is okay) (Edit: Ok I did it and knox not tripped. I used this tool http://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294 that is very convenient for that purpose )

    Again thank you for this tutorial !

    The hidden.img failure is because its carrier/region related.For some it will flash ok, for others it will fail. It isn't actually required at all. Even if it fails to flash the rest of the Rom will.
    All that needs to be done after that failure is to wipe cache in recovery.

    As regards flashing custom roms. Remember your Rom is already custom as you have modified it.
    I would say a good chance custom stock roms won't trip Knox as long as it's build properties reflect its a stock Rom.
    However something like Cyanogen probably would trip Knox as its not based on stock.
    I won't say this is for sure, but I think it's the general consensus.