Be aware that Android Verified Boot requires data (including those in internal storage) to be cleared after you unlocked bootloader and flash custom binaries. (“to protect user data, all state transitions wipe the data partitions and ask the user for confirmation before data is deleted.” – https://source.android.com/security/…/verified-boot)
It is normal to get prompts like “Integrity verification failed. You have to reset the device to factory settings.”
However, this will only happen when there is “state transition” so only when you switch from locked to unlocked or vice versa.
Since Android O, Samsung introduced a new security feature, Remote Mobile Manager (RMM) aka Remote Lock Control(RLC). This feature allows stronger theft protection but unfortunately, it also imposes a burden on users like you.
Samsung added a 7-day buffer period for enterprises or device owners to spot a missing/rogue device so they can use this feature to lock the device remotely.
In this 7-day (Prenormal) period, you can NOT flash any custom binaries including but not limited to this TWRP. OEM Unlock option won’t appear, either.
(You will meet “custom binary blocked due to remaining installment balance” or “custom binary not allowed” error when you try)
The 7-day timer will start/reset once you completed the setup wizard. After 7 days (168 hours), RLC service will send an inquiry to Samsung’s server. If your device is “clean”, the RMM state will become “Normal”.
Then you can enable “OEM Unlock” option and flash TWRP. Be careful, DO NOT reboot to a stock ROM before you flash patch in part 2 of this guide or you will have to go through another
Whether you have RMM problem or not depends on your model, region and/or carrier.
If you don’t have any wait period to enable OEM Unlock option, congratulations but please do NOT mislead other people.
NOT EVERYONE IS AS LUCKY AS YOU.
If you don’t have RMM problem when you get the device, it is unlikely that you will get any RMM problems later.
But note that this problem applies to MAJORITY of people.
Note that the special patch will freeze RMM, FRP and OEM lock state.
This is an anti-stupid measure to prevent careless users from enabling security measures which are not compatible with custom binaries.
HOW-TO FLASH TWRP
1. In your ROM, go to Settings -> About device. Tap 7 times on Build number to enable Developer options.
2. Go to Settings, remove all Samsung and Google accounts and if your device is registered to an enterprise, de-register it.
3. Go to Settings -> Developer options and enable OEM Unlock option.
Notice: This is “state transition” mentioned eailier.
NOTE: You will be asked to do a factory reset, that’s normal.
BUT DO NOT LET IT COMPLETE THE WHOLE RESET PROCESS.
You should take a look at the whole guide and be prepared to use reboots as chances to flash or reboot into TWRP.
4. Download and Install Samsung Mobile Phones Drivers.
– Option 1: Download and Install Smart Switch for PC.
– Option 2: Download and Install standalone driver package.
5. Download and extract Odin (Samsung’s Flash Tool) to your computer.
6. Download a .tar image of TWRP.
7. Reboot your device to download mode.
– Hold [VOLUME DOWN] + [BIXBY] + [POWER] for approx. 15 seconds.
– Read the warning carefully.
– If you agree, press [VOLUME UP] to get into Download mode. If you don’t agree, STOP.
8. Open Odin and place that TWRP tar file in the [AP] slot.
9. Connect your phone.
10. Hold [VOLUME UP] + [BIXBY] + [POWER] on your phone and then press start on Odin.
11. Wait for the phone to reboot. DO NOT release [VOLUME UP] + [BIXBY] + [POWER] or you may not reboot into TWRP.
HOW-TO INITIALIZE TWRP
1. If you completed Part 1 successfully, you should be in TWRP now. At this point, you will reach the screen asking you if you want to allow system modifications.
2. Select “Keep /system RO”.
3. Go to “Wipe” menu of TWRP and you will find “Format Data”. Press “Format Data” and type “yes” to continue.
4. Go to “Reboot” menu and Press “Recovery” to reboot TWRP.
5. Download the special dm-verity and force encryption disabler zip on your computer.
6. Transfer the zip to your phone.
– Option 1: MTP: Connect your phone with the computer and just copy the zip to internal storage. (similar to how you transfer files when in system.)
– Option 2: ADB: Connect your phone with computer and run command “adb push /path/to/zip /sdcard/”.
– Option 3: External SD: Copy the zip to an external SD and then insert the card to your phone.
7. Go to “Install” menu of TWRP and flash the zip.
TWRP is initialized and fully functional at this stage.
Now you may want to flash a root solution (Magisk, SuperSU, etc) or custom ROM but keep in mind that:
1. This thread does NOT provide technical support to any root solution or ROM unless the problem is DIRECTLY related to TWRP and there is no other solution without modifying TWRP itself.
Please contact developer of respective ROM or root solution for technical support.
2. Samsung implemented security measures such as “Real-time Kernel Protection (RKP)” and “RKP Control Flow Protection”. https://www.samsungknox.com/en/blog/…protection-rkp
Those security measures are intended to block control flows such as privilege escalation, memory kernel code modification, etc which are not authorized by Samsung.
If those are not disabled, processes (such as daemon of root solutions) that violated those security rules will fall into deadlock.
Deadlocked processes will then consume large amount of resources (leads to performance issues, battery drains) and eventually crash the system.
Technically it is possible to disable those security measures by hex editing stock kernel but just simply flash a custom kernel is better in my opinion.
TL;DR: Flash custom kernel before root or be screwed.
|Recovery Name||Team Win Recovery Project – TWRP|
|Download TWRP Recovery for Galaxy S9||Download TWRP Recovery for Galaxy S9|
|Download TWRP Recovery for Galaxy S9+||Download TWRP Recovery for Galaxy S9+|