KnoxGuard Removal (KG State) - Samsung Galaxy Tab S6 Lite Questions & Answers

I've been messing around with this device & accidentally managed to remove KnoxGuard by downgrading from A11 (KG State: Prenormal) to stock A10 ROM. It has been running 'permanemtly' without both KnoxGuard app & KG State in Download Mode until I remove MDM through TWRP. Now, I'm able to run without MDM but KG State now exist in download mode. I also can't remove KnoxGuard app like previous else it'll get blocked.
Is there anything that I should know? Could somebody guide me to proper or better way of KnoxGuard removal?
By the way, the above is not about bypassing where Knox/MDM revert upon FOTA or Factory Reset. I'm concerned about a 'permanent' way without using those 3rd party tools.
Thanks!

Also I'm looking for it

I had figured it out. Basically, it involved downgrade/upgrade & Nandroid Erase & Re-Format. This will 'confuse' the device & boot with the ability to remove Knox Guard. Worst mine's on MDM. Successfully, did this on 7 same devices and 5 Tab A7.
By the way, this method also works on Tab A7. Try it at https://forum.xda-developers.com/t/s6-lite-malfunctioned-and-now-does-nothing.4367041/#post-86051457

Related

how to add security lock code into recovery /bootloader

Unlocking the bootloader and/or the recovery is very popular discussion across many devices. But doing so exposes a very obvious and inevitable issue with security!
An unlocked recovery means that no matter how secure you make your android lock screen, someone can easily reset phone to restore the phone to a fully functional (and lockless/insecure) state and the worst part, they don't have to erase your data(meaning they can access all your personal files and folders)!
It is almost hilarious! In fact if the phone supports insertion of external SD cards, you can even flash your own software into the phone and maybe bypass the lock screen without wiping any data.
For example: One possible loophole is using the 'Tasker' app which has a feature that can temporarily disable the keyguard. And the best part is that Tasker can be flashed using the recovery!
So is there any method by which I could add a security measure that prevents complete access to my recovery and/or boot loader that will make my phone less insecure?!
Sent from my GT-I9505 using Tapatalk 2
No don't think so, not that I know of

Locked phone using Android Device Manager. Forgot password without a way to unlock.

Device is a SM-N916S from Samsung (Galaxy Note 4 S-LTE Exynos 5433 ver.) for anyone that's wondering. It's current state : Completely stock with no root. USB debugging disabled. No Samsung Account linked to device. Can't change password through ADM. No more guesses left for the password anymore, any more will reset the phone.
So yeah. For the past few days I've been trying to bypass Android Device Manager's remote "Lock" feature that's meant to keep your data safe from thieves. As for why? Long story short : I tried to pull a prank on my brother by remotely locking his device through ADM. I have since forgotten the password (it was a random combination of letters and numbers that I thought I could remember, but obviously not.) and trying to set a new password through Android Device Manager just gives me the infamous "Since Google has verified that a screen lock is already set, the password you entered won't be needed." error message.
Now, if this was a phone that belonged to me, I would just install a custom recovery and remove the password with a password disable zip, but unfortunately, that is not an option here. I probably forgot to mention that I CANNOT void the warranty (as in trip the KNOX counter) under ANY circumstances and would very much like to avoid a factory reset. Am I out of luck here? Or is anyone here aware of a method that can be used to bypass the ADM lock / or a way to backup data with usb debugging disabled. Thanks.
use smart switch to go back to stock firmware
SrikarPrayaga said:
use smart switch to go back to stock firmware
Click to expand...
Click to collapse
Hi, could you explain what you mean by this? Does smart switch work even when the phone is locked? And what would going back to stock firmware do? Thanks.

[A3 2016] Recover data from FRP Lock bootloop?

No idea what possessed me to do it (it was late), I unchecked "OEM Unlock", and bricked my phone.
(Android 5.1.1, stock recovery, rooted)
It's stuck in a bootloop with the red message "Custom binary blocked by FRP lock."
I've read many other posts stating that flashing stock firmware will unbrick the phone. That's great, the hardware can be saved. But I need the data; contacts, txts, photos.
What are my options?
Is there any way around FRP lock? I understand tit's intended as a security feature, and basically only happens when people do idiot stuff like unchecking OEM Unlock. So I doubt many devs/hackers have put much focus on developing workarounds.
Theoretically, Samsung may have the capacity to unlock the FRP lock. Is this a thing? Does anyone know anything about sending it to a Samsung tech center? Probably they would have difficulty guaranteeing the phone sender should have rightful access to the phone, so perhaps they provide no pathway?
@ashyx, I've read your posts, you're frankly a wizard. Any thoughts? Thanks
Frustrated with myself,
- Scott
ScottHW said:
No idea what possessed me to do it (it was late), I unchecked "OEM Unlock", and bricked my phone.
(Android 5.1.1, stock recovery, rooted)
It's stuck in a bootloop with the red message "Custom binary blocked by FRP lock."
I've read many other posts stating that flashing stock firmware will unbrick the phone. That's great, the hardware can be saved. But I need the data; contacts, txts, photos.
What are my options?
Is there any way around FRP lock? I understand tit's intended as a security feature, and basically only happens when people do idiot stuff like unchecking OEM Unlock. So I doubt many devs/hackers have put much focus on developing workarounds.
Theoretically, Samsung may have the capacity to unlock the FRP lock. Is this a thing? Does anyone know anything about sending it to a Samsung tech center? Probably they would have difficulty guaranteeing the phone sender should have rightful access to the phone, so perhaps they provide no pathway?
@ashyx, I've read your posts, you're frankly a wizard. Any thoughts? Thanks
Frustrated with myself,
- Scott
Click to expand...
Click to collapse
As advised flash the stock firmware. DATA won't be affected.
ashyx said:
As advised flash the stock firmware. DATA won't be affected.
Click to expand...
Click to collapse
Really? Many posts I've seen have noted that "all user data will be deleted".
Do I just use ODIN, and flash AP? No app, or user data will be erased, or formatted like that?
A few mention "Initializing with Smart Switch"; I haven't done that before. Is that different than flashing firmware?
ScottHW said:
Really? Many posts I've seen have noted that "all user data will be deleted".
Do I just use ODIN, and flash AP? No app, or user data will be erased, or formatted like that?
A few mention "Initializing with Smart Switch"; I haven't done that before. Is that different than flashing firmware?
Click to expand...
Click to collapse
Searching for that question directly, it seems like flashing a ROM (e.g. stock firmware) will not directly erase user data; downloads, photos in DCIM, etc.
But, sounds like any user-installed apps will be erased (so any internally stored data would be lost).
And, data stored in system apps would be lost, too; e.g. tabs that were open in Chrome.
There's no way around the FRP lock, eh?
Here is Samsung's statement about FRP (Factory Reset Protection)
It describes the Google account "protection" features, but doesn't really describe how FRP lock leads to bootloops.
https://www.samsung.com/us/support/frp/
Factory Reset Protection (FRP) Feature
What is Device Protection, or Factory Reset Protection (FRP)?
Android™ devices provide built-in security features you can use to protect your device and information, including screen locks and data encryption. Data protection, or Factory Reset Protection (FRP), is a security feature on Android devices with Lollipop 5.1 and higher.
FRP is automatically activated when you set up a Google™ Account on your device. Once FRP is activated, it prevents use of a device after a factory data reset, until you log in using a Google username and password previously set up on the device.
How does FRP work?
When you perform a Factory Data Reset, all settings are returned to the factory default settings. All data is erased, including files and downloaded apps.
If you have a Google Account set up on the device, FRP is active. This means that after the reset, you'll be required to log in to the Google Account using the username and password. If you have multiple Google Accounts set up on the device, you can log in using any of the accounts.
If an unauthorized person tries to reset the device by another method, the device would still require log-in using the Google username and password. This means that if your device is lost or stolen, another person would not be able to reset it and use it.
What do I need to know about FRP?
If you want to reset your device to factory defaults, make sure you know your Google Account and password, because you'll need to log in at the end of the reset.
If you want to reset your device to factory defaults, but don't remember your Google username and/or password, you can do one of these:
Check your device’s Account settings for your account name, and reset your password via the device or at www.google.com.
It can take 24 hours for the password reset to sync with all devices registered to the account.
Remove the account before you reset the device.
If you already reset your device, but don't remember your Google username and/or password, the device can't be used. In that case, you can do one of these:
If you know your Google username but can't remember the password, you can reset your password on the device, or at www.google.com. It can take up to 24 hours for a new password to sync with all registered devices. After 24 hours, you can try logging in to your phone with the new password.
If you have multiple Google Accounts, and you can't remember which Google Account you set up on your device, visit https://www.google.com/android/devicemanager.
Log in with your Google username and password and check the list of devices registered to the account. If you don't see the device listed on the account, it means the device is registered to a different account. Use the same process to check for devices linked to your other Google Accounts. When you find the registered account, use it to log in to your device.
If you can't remember any of your Google Account information, you can send your device, along with proof of purchase, to an authorized Samsung Service Center. Samsung has special tools to reset the phone to factory defaults with no protection enabled.
Click to expand...
Click to collapse
Looking for a Samsung Authorized Support Center, apparently there are ZERO listed around Omaha, NE.
http://support-us.samsung.com/cyber/locator/asc_locator.jsp
There must be ASC's somewhere; I'm hesitant to mail the phone away because I think the tech will just wipe it. The whole point is to maintain the data :-/
What do I need to flash to remove "Custom binary" ?
Will flashing the bootloader back to stock unlock the FRP lock?
That's BL throuh ODIN, right?
Do I have to flash AP ?
Won't that remove all user apps and their data, and any user data associated with system apps?
ScottHW said:
What do I need to flash to remove "Custom binary" ?
Will flashing the bootloader back to stock unlock the FRP lock?
That's BL throuh ODIN, right?
Do I have to flash AP ?
Won't that remove all user apps and their data, and any user data associated with system apps?
Click to expand...
Click to collapse
Not being funny, but you're panicking over nothing. I can pretty much guarantee you will NOT lose any data, apps or settings. The DATA partion is untouched by stock firmware.
Just flash the whole stock firmware(not repair firmware) and you'll be fine.
If you're super paranoid about losing data then just flash the AP part.
ashyx said:
Not being funny, but you're panicking over nothing. I can pretty much guarantee you will NOT lose any data, apps or settings. The DATA partion is untouched by stock firmware.
Just flash the whole stock firmware(not repair firmware) and you'll be fine.
If you're super paranoid about losing data then just flash the AP part.
Click to expand...
Click to collapse
Thanks for the reassurance. I am pretty paranoid, because I feel like such an ass for making such a dumb mistake.
Will I lose:
Contacts?
Text messages??
Chrome Bookmarks???
My numerous open Chrome tabs?!?!
I'm just trying to understand what's happening, know what I'm doing.
Because I was clearly stupid enough to uncheck OEM Unlock. (WTF was I thinking?!)
ScottHW said:
Thanks for the reassurance. I am pretty paranoid, because I feel like such an ass for making such a dumb mistake.
Will I lose:
Contacts?
Text messages??
Chrome Bookmarks???
My numerous open Chrome tabs?!?!
I'm just trying to understand what's happening, know what I'm doing.
Because I was clearly stupid enough to uncheck OEM Unlock. (WTF was I thinking?!)
Click to expand...
Click to collapse
It will be exactly as it was before. Nothing will change.
There are only 2 binaries that need flashing, boot and recovery, however unless you are flashing the exact firmware you had previously you may get compatibility issues, so it's best to just flash the whole firmware.
ashyx said:
It will be exactly as it was before. Nothing will change.
There are only 2 binaries that need flashing, boot and recovery, however unless you are flashing the exact firmware you had previously you may get compatibility issues, so it's best to just flash the whole firmware.
Click to expand...
Click to collapse
Thanks for the more specific information.
I've never found any discussions about how to solve the frp lock bootloop, with the intention of preserving user data.
If you will indulge me a bit more, I'd like to learn, test, and then share this for others.
Do you know exactly Custom binary blocked by FRP lock ""security" works?
Where is the flag that gets tripped?
In order to solve this bootloop, technically just Boot loader and Recovery need to be flashed (the exact versions must be used, or comparability issues can occur).
Bootloader should be simple enough: BL is one of the specific upload choices in Odin.
Recovery is a .bin that's contained with the AP.tar, correct?
Is it possible to specifically flash only the Recovery?
(I am reading other posts and pages as I write this, sorry if some of these points and questions seem "obvious"; I'm still learning. Aren't we all )
This thread is particularly detailed re: ODIN flashing, although it is from 2013, and for a specific device
https://forum.xda-developers.com/showthread.php?t=2154762
ScottHW said:
Thanks for the more specific information.
I've never found any discussions about how to solve the frp lock bootloop, with the intention of preserving user data.
If you will indulge me a bit more, I'd like to learn, test, and then share this for others.
Do you know exactly Custom binary blocked by FRP lock ""security" works?
Where is the flag that gets tripped?
In order to solve this bootloop, technically just Boot loader and Recovery need to be flashed (the exact versions must be used, or comparability issues can occur).
Bootloader should be simple enough: BL is one of the specific upload choices in Odin.
Recovery is a .bin that's contained with the AP.tar, correct?
Is it possible to specifically flash only the Recovery?
(I am reading other posts and pages as I write this, sorry if some of these points and questions seem "obvious"; I'm still learning. Aren't we all )
This thread is particularly detailed re: ODIN flashing, although it is from 2013, and for a specific device
https://forum.xda-developers.com/showthread.php?t=2154762
Click to expand...
Click to collapse
No, I didn't mention the bootloader, that is a different part of the firmware. The boot and recovery images have a .img extension and should be flashed under AP.
It is the bootloader that detects non official firmware and trips the FRP flag. If it's disabled in settings via OEM UNLOCK the bootloader ignores it and allows the device to boot.
n00b mistake
ashyx said:
No, I didn't mention the bootloader, that is a different part of the firmware. The boot and recovery images have a .img extension and should be flashed under AP.
It is the bootloader that detects non official firmware and trips the FRP flag. If it's disabled in settings via OEM UNLOCK the bootloader ignores it and allows the device to boot.
Click to expand...
Click to collapse
Sh!t, sorry, boot.ing /= bootloader. Rookie mistake. #StillLearning
OK, so boot.img and recovery.img should both be contained within the AP component of stock firmware.
I can just flash those two, can't I?
ashyx said:
No, I didn't mention the bootloader, that is a different part of the firmware. The boot and recovery images have a .img extension and should be flashed under AP.
It is the bootloader that detects non official firmware and trips the FRP flag. If it's disabled in settings via OEM UNLOCK the bootloader ignores it and allows the device to boot.
Click to expand...
Click to collapse
Is there any non-GUI way to toggle the OEM UNLOCK?
Bootloader? Download mode? Recovery? Fastboot? ADB?
I assume not, since that might be a "security" risk. And also, if there were, problems like this would have solutions posted mentioning how to do that.
Sh!!!!!!!t... I was thinking I would have screenshots of the exact build that's loaded on my phone. That way I can find the right stock firmware.
Seems those screenshots are still in the phone, didn't get moved to external memory
All I know for sure is it's Andorid 5.1.1, but that probably isn't specific enough to get the exact right boot and recovery images.
I intend to flash the boot.img and recovery.img to my phone. Hopefully, this will avoid any data loss, while clearing the FRP lock bootloop.
I got the stock firmware for Android 5.1.1 for my Galaxy A3 (2016) (SM-A310M) here:
https://www.sammobile.com/firmwares/galaxy-a3-/SM-A310M/TTT/download/A310MUBU2APE2/73991/
This set of instructions says to extract the .img file(s) to flash, then just .tar them up using 7zip, and flash it as AP in ODIN.
http://howto.highonandroid.com/sams...extract-stock-recovery-from-samsung-firmware/
But... this one says to use Unified Android Toolkit, option ‘8’ (Create an Odin flashable tar), and then flash with ODIN.
https://skipsoft.net/flashing-a-single-partition-i-e-system/
Fortunately, I have a Galaxy A3 (2017) (SM-A320Y), which I was just about to upgrade to for my daily driver. It's blank, running Android 7.0, so it means I can test this process, see if data is preserved, with almost no risk to actual data. Got that firmware here:
https://www.sammobile.com/firmwares/SM-A320Y/COO/download/A320YDXU1BQH2/189605/
Ironically... I don't yet have a great method to intentionally trip the FRP lock bootloop
I think rooting and then unchecking OEM Unlock should do it (that's what wrecked my A310M)
FRP lock - Usb does not recognize
Hi, Everyone!
Sorry my english.
My problem is the same as yours.
however, after this frp lock message appeared, my phone goes into download mode, but the pc does not recognize any more. what can i do to get flash from the rom stock and solve the frp lock problem.
Help me, please!
Thank you all
ScottHW said:
No idea what possessed me to do it (it was late), I unchecked "OEM Unlock", and bricked my phone.
(Android 5.1.1, stock recovery, rooted)
It's stuck in a bootloop with the red message "Custom binary blocked by FRP lock."
I've read many other posts stating that flashing stock firmware will unbrick the phone. That's great, the hardware can be saved. But I need the data; contacts, txts, photos.
What are my options?
Is there any way around FRP lock? I understand tit's intended as a security feature, and basically only happens when people do idiot stuff like unchecking OEM Unlock. So I doubt many devs/hackers have put much focus on developing workarounds.
Theoretically, Samsung may have the capacity to unlock the FRP lock. Is this a thing? Does anyone know anything about sending it to a Samsung tech center? Probably they would have difficulty guaranteeing the phone sender should have rightful access to the phone, so perhaps they provide no pathway?
@ashyx, I've read your posts, you're frankly a wizard. Any thoughts? Thanks
Frustrated with myself,
- Scott
Click to expand...
Click to collapse
FRP Custom binary Lock
ashyx said:
It will be exactly as it was before. Nothing will change.
There are only 2 binaries that need flashing, boot and recovery, however unless you are flashing the exact firmware you had previously you may get compatibility issues, so it's best to just flash the whole firmware.
Click to expand...
Click to collapse
Could you help me to get access to my data? I'm running port of S8 on my S7 and got bootloop. Someone told me that even if I'll flash AP only I might lose my data because of difference in the way the memory is formatted.
Blackion said:
Could you help me to get access to my data? I'm running port of S8 on my S7 and got bootloop. Someone told me that even if I'll flash AP only I might lose my data because of difference in the way the memory is formatted.
Click to expand...
Click to collapse
If they're both stock based firmware then you can just flash the stock S7 firmware. Data should remain untouched.
Hi
I am just stuck with the same problem. I have downloaded the latest Stock ROM. But unsure which options to select in ODIN and what files to select.
I presume only select AP. Also, hope I will not lose any data.
Please help me out.

How to backup stock firmware & recovery?

Hi, recently I accidentally bricked my Galaxy Tab A 10.1 with Spen (SM-P580) by accidentally disabling "OEM Unlock" in the developer settings while I had TWRP and a custom ROM installed. I was only able to get into download mode due to the factory reset protection lock, so I tried downloading the stock firmware online and then flashing it to bring the device back to fully stock firmware so I could get past the lock and not have a brick. Unfortunately, when I flashed the firmware, despite it seemingly being for my specific device (and matching my build number), I was no longer able to boot the device at all. It would turn on and would seem to immediately lose power, charging would turn on the flash and cause it to heat up, and no amount of charging would fix the issue. It was completely bricked and there was no way for me to go back into download mode to try flashing again or try flashing a different firmware. Thankfully, I contacted Samsung and because it's still under warranty they were nice enough to fix it for free, and did so by completely replacing the motherboard according to the repair slip, which is not something I would have been able to do.
My question is: How do I make a full backup of the stock firmware and recovery so if this somehow ever happens again where the FRP lock kills my device, I can reflash in download mode the original firmware that I know is 100% going to work with it and is correct? I don't want to gamble with potentially using the wrong firmware again, seeing as that gamble killed the thing.
The Model is SM-P580NZKAXAR. Based on the last part (XAR) and the fact that other non-sammobile sites listed the US wifi only firmware as XAR, I assumed "Cellular south (XAR)" was the correct firmware I needed which was obviously incorrect as it completely bricked the device. For this reason, I'm wondering if there's a way with software on windows or something to completely backup the existing stock firmware before I do anything, because I doubt Samsung would be so nice a second time, and I'd really rather not go through all this again. Obviously these websites get the original firmware that's flashable via download mode somehow, so I'd like to know how or if that's possible. Also before I went and downloaded the firmware I checked the Samsung desktop app that allows you to fix firmware issues but it said my device wasn't supported so it wasn't much help. I'd like to avoid installing any custom recoveries ahead of time as if something gets messed up there will be no way for me to actually boot into recovery as far as I'm aware, and the FRP lock will block me from reflashing the custom recovery or anything else that isn't stock. It goes without saying that if this is possible I'd like to do it without installing a custom recovery or rooting as I'd like to have a proper fully stock backup that isn't going to trip the FRP lock.
Also the way I accidentally disabled OEM Unlock was I simply toggled the developer options off and then back on in a slimmed down version of the stock rom, but in doing so it also reset the OEM unlock setting and I completely forgot to make sure it was still enabled. Next thing I know I go to reboot (was trying to figure out an issue with a usb device) and then the thing was FRP locked. Needless to say, it was something extremely simple and easy to do by accident. I also just checked the device and the build number matches the firmware that I downloaded, so I don't know if it was mislabeled or what but something was not correct.

Security Query in case of theft

I want to know that if my Mi A1 is unrooted with no recovery installed, bootloader unlocked and start up pin applied What are the chances that someone(thief) can reinstall rom on it and use it again. I am curious as to whether Android can be as theft proof as apple.?
Extract user data - no, reflash rom and start using the phone - yes (FRP bypass or EDL flash).
_mysiak_ said:
Extract user data - no, reflash rom and start using the phone - yes (FRP bypass or EDL flash).
Click to expand...
Click to collapse
Regarding EDL Flash I read this recent article (https://www.xda-developers.com/xiaomi-anti-rollback-protection-brick-phone/) and it mentions that only authorized service centres has EDL access. Read and share your opinion.
I think FRP bypass may be difficult if the security patch level is latest .
A query although I had reset my A1 several times by going in settings but didn't received the FRP message on Restart. Is it normal
pkrajpur said:
Regarding EDL Flash I read this recent article (https://www.xda-developers.com/xiaomi-anti-rollback-protection-brick-phone/) and it mentions that only authorized service centres has EDL access. Read and share your opinion.
I think FRP bypass may be difficult if the security patch level is latest .
A query although I had reset my A1 several times by going in settings but didn't received the FRP message on Restart. Is it normal
Click to expand...
Click to collapse
EDL mode has been locked for MIUI devices, but Android One can be flashed at home without major issues.
FRP protection is triggered when you perform factory reset from recovery. If you do it from settings, it is assumed that you are the owner of the device. With the existing implementation of FRP, I would not rely on its safety.
It seems that you are not worried about your data safety, so wondering why does it bother you if a thief can use the phone or not..? You have to buy a new one anyway..
_mysiak_ said:
EDL mode has been locked for MIUI devices, but Android One can be flashed at home without major issues.
FRP protection is triggered when you perform factory reset from recovery. If you do it from settings, it is assumed that you are the owner of the device. With the existing implementation of FRP, I would not rely on its safety.
It seems that you are not worried about your data safety, so wondering why does it bother you if a thief can use the phone or not..? You have to buy a new one anyway..
Click to expand...
Click to collapse
Just Curious. Thanks BTW :good:

Categories

Resources