You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: brands/samsung/README.md
+47-3Lines changed: 47 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,9 +9,53 @@ Until recently, international Samsung devices (e.g. ones sold in Europe or Asia)
9
9
10
10
Snapdragon phones prior to the S7/Note7 (2016) can be unlocked regardless of region, as long as it's not locked to a carrier like AT&T or Verizon. The Canadian S7 can also be unlocked as it uses an Exynos SoC, despite Canada normally being a Snapdragon region.
11
11
12
-
Be aware that unlocking a Samsung device will permanently trip Knox. As a result, many Knox-based features will be broken. This includes, but not limited to: Samsung Pay, Pass, Flow, Health, Secure Folder, Secure Wi-Fi, Smart View. Furthermore, tripping Knox may serve as grounds for voiding your warranty.
12
+
**Be aware that unlocking a Samsung device will permanently trip Knox.** As a result, many Knox-based features will be broken. This includes, but not limited to: Samsung Pay, Pass, Flow, Health, Secure Folder, Secure Wi-Fi, Smart View. Furthermore, tripping Knox may serve as grounds for voiding your warranty.
13
13
14
-
In the past, there have been hardware issues caused by unlocking the boatloader, but these have been fixed for some regions. See [here][1] and [here][2]. As of late 2023, Korean Galaxy Fold3 running OneUI 5 still got camera disabled after unlocking, while EU/CN variants had fixed the issue.
14
+
There have been hardware issues caused by unlocking the bootloader, but these have been fixed for some regions. See [here][1] and [here][2]. As of late 2023, Korean Galaxy Fold3 running OneUI 5 still got camera disabled after unlocking, while EU/CN variants had fixed the issue.
15
+
16
+
As of September 2025, Galaxy Z Fold 5 also has a camera issue after unlocking the bootloader. After analyzing it, we found out it is a "Security Mechanism" to prevent the user from "taking photos" once they unlock the bootloader by providing a "black screen" in the viewfinder. (Fixable by re-locking the bootloader)
17
+
18
+
---
19
+
20
+
As of September 2025, all budget phones that have **Helio G99**, **Dimensity 6100+**, and **Dimensity 6300** have **serious connectivity and unfixable bootloop issues** after unlocking the bootloader and flashing a custom binary which "trips Knox".
**If your device has Helio G99 or Dimensity 6100+/6300, you are a victim too!**
27
+
28
+
As a result, in the Helio G99 models, the `ril-daemon` will crash every 6 hours, leading to your SIM cards being disabled and showing a NULL IMEI in the settings (temporary). The only fix as of now is restarting the phone or using "third-party" Magisk modules to restart the `ril-daemon` every 6 hours. This is unfixable even after re-locking the bootloader.
29
+
30
+
In the Dimensity 6100+/6300 models, **you will completely lose 5G connectivity permanently**, and this is unfixable even after re-locking the bootloader. **The modem will crash when connecting to a 5G network**, leading to high battery drain and overheating. The only fix as of now is putting your device in 4G mode.
31
+
32
+
After intense analysis by ~5 experienced members of the Helio G99 and Dimensity 6100+/6300 community, we found why this happens. It looks like Samsung implemented checks at **both the modem firmware level and software level** to check for the value of the property `ro.vendor.boot.warranty_bit`. The software check uses a function called `DoOemSetwarrantyBit` in `/vendor/lib64/libsec-ril.so`.
33
+
34
+
**Why does a RIL-related HAL need to check "is Knox tripped?"**
35
+
36
+
After patching the necessary libs in the vendor, we thought it was over until we found out 5G still wasn't working and discovered that a similar but different function is baked into the modem firmware itself by analyzing the contents of the `md1img` partition. This firmware check differs from the libsec-ril's function and isn't patchable by a third party.
37
+
38
+
> The only fix is to be aware of this issue and not unlock the bootloader and trip Knox in the first place if you don't like these consequences. You have to sacrifice something to root these 2 device types.
39
+
40
+
**🔴 Regarding the unfixable bootloop issue**, it literally feels like a hard brick. The only thing that works is the display turning on. No matter what you do, even after flashing the stock ROM and re-locking the bootloader, this issue remains unfixable.
41
+
42
+
This was a serious issue in the initial firmware of the Dimensity 6100+ and 6300 devices and was **fixed by later firmware updates.**
43
+
44
+
If you want to unlock the bootloader, first update your phone to any firmware released with the 2025 January/April/July security patch.
45
+
46
+
**Symptoms:**
47
+
1. User can unlock the bootloader without any issues and the phone boots normally.
48
+
2. When they attempt to flash an unsigned binary (such as a custom kernel or Magisk-patched AP/boot image), the boot process instantly crashes after the splash screen (first Samsung Galaxy logo).
49
+
- What it looks like: A grey fuzzy screen with vertical blue/yellow lines appears when the crash occurs.
50
+
3. This issue is unfixable even after reverting the changes, and **you cannot access Android recovery - only download mode remains accessible.**
51
+
52
+
**There is nothing to worry about regarding this issue if your phone firmware is already updated.**
53
+
54
+
**Sources:**
55
+
- As the [writer of this section](https://github.com/ravindu644) of this documentation, I personally experienced this issue and lost $200. I have video proof but will not provide Telegram links here. You can find them in the Galaxy A16 Community if interested.
56
+
-[XDA Forum post regarding this exact issue](https://xdaforums.com/t/bootloop-without-access-to-recovery-need-insights-a156e-dsn.4707443/)
57
+
58
+
---
15
59
16
60
## SoC level exploits
17
61
One of the first things Samsung bootloaders do on phone bootup is check if the bootloader is unlocked, and if it is, and a bootloader unlock has not been authorized, the bootloader will automatically relock. This means SoC level exploits such as mtkclient or EDLUnlock will not work on Samsung devices, unless you reverse engineer, modify and re-flash Samsung's bootloader to stop the bootloader from re-locking.
@@ -27,7 +71,7 @@ Samsung's IMS service is not compatible with AOSP's, so VoLTE will not work on G
27
71
There is an [open source VoLTE service] developed by phh, but it's incomplete and not stable.
28
72
29
73
***
30
-
Additional info provided by [aries-ts-indo](https://github.com/aries-ts-indo) and [Ivy / Lost-Entrepreneur439](https://github.com/Lost-Entrepreneur439).<br/>
74
+
Additional info provided by [aries-ts-indo](https://github.com/aries-ts-indo), [ravindu644](https://github.com/ravindu644) and [Ivy / Lost-Entrepreneur439](https://github.com/Lost-Entrepreneur439).<br/>
31
75
Authored by [melontini](https://github.com/melontini).
0 commit comments