The latest firmwares that are now coming out from Samsung always have included the locked KNOX Bootloader inside them.

Unlike in the old firmwares, if you happen to flash a custom rom while while you are with a KNOX secured bootloader, your KNOX security flag turns to 0x1 and there is no going back as for now there is no method available to undo this and possibly might never be.

Luckaly there is another way around. You can actually make it so that the new bootloader is not included in the new firmware that you are going to be flashing. Thanks to a member called SilviuMik from xda-developers forums for testing and sharing this information, we can easily remove the bootloader files from the new firmware.

For more information about Samsung KNOX, you can check out this post.


This guide is considered to be dangerous. Be very careful what you delete and how you pack the firmware file. S4MiniArchive will not be responsible for any damages caused to your device. Do this at your own risk!

Now before you begin, you need to make sure that you don't already have the KNOX bootloader. A way to test this would be to head into Download mode and see if you have anything that states "KNOX". If you don't, you're all good. If you already have KNOX warranty, you will be stuck with the KNOX flag and you may just ignore this post as you cannot remove it.

Now for this you would need to be in a Linux environment such as for example Ubuntu, Linux Mint, etc. You can either dual-boot a Linux distro with your Windows OS or you can try using VirtualBox/VMWare. This can also be done with Windows, but instructions on that will be posted a little later on this post, so keep an eye on it.

Removing KNOX Bootloader from new firmware:

Step 1:
Get your desired firmware from Once the file has been downloaded, extract the zip file and you should normally see the two files SS_DL.dll and the firmware .tar.md5 file.

Step 2:
Move these two files to your Desktop inside a folder for example named "firmware".

Step 3:
Open up the Terminal (a shortcut would be to press CTRL + ALT + T) and begin to type in the following commands by order
cd Desktop
cd firmware
rm -rf SS_DL.dll
tar -xvf your-firmware-file-name.tar.md5
Be patient while it extracts the files, the file that will take the longest would be system.img.ext4. After the files have been extracted, it's time to remove the bootloader files, type in the following commands:
rm -rf aboot.mbn
rm -rf sbl1.mbn
rm -rf sbl2.mbn
rm -rf sbl3.mbn
rm -rf your-firmware-file-name.tar.md5
Step 4:
Once we have deleted the files, it is now time to pack it and later on md5 it. So type in the following command. It's quite a long command (seperate the files with spaces, this is one full command not two seperate ones):
tar -H ustar -c rpm.mbn tz.mbn boot.img recovery.img system.img.ext4 NON-HLOS.bin cache.img.ext4 hidden.img.ext4 > your-firmware-file-name.tar
Now you have just packed the files into the .tar file. Finally, it's time to md5 it and have it ready for flashing.

Step 5:
Type in the following two commands in order:
md5sum -t your-firmware-file-name.tar >> your-firmware-file-name.tar
mv your-firmware-file-name.tar your-firmware-file-name.tar.md5
That's it. Run Odin, place the file in the PDA field, wait for the md5 check to complete and begin the flashing.

Video instructions (for Linux):

Source: xda-developers thread


Post a Comment