|
Welcome to the GSM-Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. Only registered members may post questions, contact other members or search our database of over 8 million posts. Registration is fast, simple and absolutely free so please - Click to REGISTER! If you have any problems with the registration process or your account login, please contact contact us . |
|
Register | FAQ | Donate | Forum Rules | Root any Device | ★iPhone Unlock★ | ★ Direct Codes ★ | Direct Unlock Source |
| LinkBack | Thread Tools | Display Modes |
11-30-2017, 09:45 | #16 (permalink) | |
Product Supporter Join Date: May 2013 Location: IN THIS WORLD ,LB,RO,
Posts: 2,650
Member: 1933823 Status: Offline Thanks Meter: 1,273 | Quote:
Sent from my Le X829 using Tapatalk | |
12-04-2017, 03:27 | #18 (permalink) |
Insane Poster Join Date: Mar 2006
Posts: 68
Member: 241107 Status: Offline Thanks Meter: 5 | did you try to use pit file with full firmware flash? i just did an note 5 that had a lock like this. i had to find the persist and pit file and full firmware. so if you have full firmware make sure you have the pit file for it. |
02-05-2018, 16:03 | #26 (permalink) |
Junior Member Join Date: Feb 2018
Posts: 12
Member: 2807768 Status: Offline Thanks Meter: 31 | Some time ago I helped a friend, who got swindled on eBay with an RMM locked phone and the seller was not responding. Please note that this fix is "partial" and the tutorial is from my memory so I may be forgetting some details. Therefore, do this at your own risk, you have been warned The phone was a Galaxy S8+ (SM-G955F) from Telcel Mexico with G955FXXU1AQH3 firmware, it had "FRP Lock" set to "Off" and "OEM Lock" set to "On". Phone could only be flashed with stock or combination firmware and could not be rooted as custom binaries were blocked. I flashed stock firmware from several regions but every time the phone got locked in 10 seconds after reaching the welcome screen. I observed that the phone was locked using an RMM (Remote Mobile Manager) account, because of pending installment balance. If I had the RMM account details tied to this phone, I could go to rmm.samsung.com and unlock it. Since the seller never provided that, I thought of blocking the software that was triggering the lock. In my research, I found that the lock was being triggered by RLC.apk which is located at "/system/priv-app/Rlc/Rlc.apk" in stock firmwares. I followed the steps below to bypass the lock (your situation might be a bit different from mine so follow the below steps at your own risk): 1. Install combination firmware (I used FA70_G955FXXU1AQD1). Once the phone boots up in factory firmware, you will notice that the "USB Debugging" is On but "OEM Unlock" option is missing. Don't worry, we will fix that later. 2. Install RLC.apk v1.1.15 from PC (adb install Rlc.apk) 3. Install Ice Box v3.1.9.1 from PC (adb install com.catchingnow.icebox-3.1.9.1-G-varies-sdk21-vc593.apk) 4. Since we do not have Root permission, set Ice Box as a Device Administrator from PC (adb shell dpm set-device-owner com.catchingnow.icebox/.receiver.DPMReceiver) 5. Restart the phone 6. Open up Ice Box, continue as Device Admin and in the APPS section, "Freeze" the RLC package (Title: Notification, Description: com.samsung.android.rlc). You may need to enable the "Include Hidden" option in Ice Box from the top right corner. 7. Now that RLC is frozen, install stock firmware with "HOME_CSC" so that the two apps we installed do not get erased. I used "AP_G955FXXU1AQH3", "BL_G955FXXU1AQH3", "CP_G955FXXU1AQH3" and "HOME_CSC_OWA_G955FOWA1AQH3" from the Telcel firmware. 8. We are done, remember to keep RLC package frozen. After step 7, I changed the language to English from Settings and also disabled OEM Lock from "Developer Options". A few observations at this point: 1. The phone is still RMM locked, we have only suppressed the SEM_LOGISTICS PIN Code prompt. You can see "RMM State: Locked" in download mode. Also, if you go to Settings->About Phone->Status, you will notice "Installment payments" section marked as "Outstanding". 2. It is said that "RMM State: Prenormal" automatically goes away if you keep the phone up for 168 hours without rebooting. I do NOT know, if "RMM State: Locked" goes away automatically or not, but I doubt it. 3. Since the RMM state is locked, custom binaries still cannot be flashed for rooting. 4. For TWRP, I got error "custom binary(RECOVERY) Blocked due to remaining installment balance" 5. For Root kernel, I got "custom binary(BOOT) Blocked due to remaining installment balance" 6. Secure Folder could not be setup. I kept getting a KNOX related error but do not remember its text now. 7. I tried to backup the PERSISTENT partition but got Permission Denied error because I did not have root. 8. The command "dd if=/dev/block/platform/11120000.ufs/by-name/PERSISTENT of=/sdcard/PERSISTENT.img" failed. 9. The command "dd if=/dev/block/sda13 of=/sdcard/PERSISTENT.img" failed. 10. I tried to format the PERSISTENT partition but got Permission Denied error because I did not have root. 11. The command "dd if=/dev/zero of=/dev/block/platform/11120000.ufs/by-name/PERSISTENT" failed. 12. The command "dd if=/dev/zero of=/dev/block/sda13" failed. 13. KNOX was not tripped so phone warranty was not void. The phone had become largely usable so I gave up at this point. If you make more progress, don't forget to share with the community. I'm not an Android Developer and also do not have access to any Flasher Boxes. It took me quite a while to figure this out and to write this tutorial, so do give me credit if I have helped you. Good luck. |
The Following 29 Users Say Thank You to lordofthepings For This Useful Post: |
02-10-2018, 05:21 | #30 (permalink) | |
No Life Poster Join Date: Nov 2004 Location: USA
Posts: 1,207
Member: 92260 Status: Offline Thanks Meter: 843 | RMM lock + MDM security Quote:
First, thanks for the info... a while ago I did a writeup about the new RMM security, and after reading your info it seems that RMM has two uses, first as a stock system protection, and second in conjunction with MDM security policy (as in your case). The one I'm more familiar with is stock system protection when OEM-Unlock is not enabled, it prevents flashing of any custom binaries including eng-boot etc. A possible solution to disable the RMM lock against future updates (only if it's NOT already tripped) can be found here: https://forum.xda-developers.com/sho...5&postcount=22 When combined with MDM, it makes the situation even worse, since it restricts both custom binary flashing and also the ability to enable OEM-Unlock. It's a nasty bugger for sure. Supposedly the RMM lock (without MDM) expires after 7 days of the phone being turned ON and never turned off, basically a 7 day phone jail before being able to flash custom binary again. Boooo!! For now it seems to affect higher end devices starting with the January 2018 updates, but one should be weary with any device going forward. A sign of RMM is the presence of the folder /system/priv-app/RLC. Fun times ahead guys, especially for those who are carelessly just flash away without disabling RMM first. So, who's ready to go to a 7-day JAIL?! lol Last edited by BillA; 02-10-2018 at 05:29. | |
The Following 2 Users Say Thank You to BillA For This Useful Post: |
Bookmarks |
| |
|