Using ADB in Recovery Mode

I don’t have a specific use case for this, but I thought I’d experiment and see just how this can be done.  I’ve recently changed over to encryption on my smartphone, because it came to my attention that it’s possible to use the Android debugger to get access to an Android device’s flash even if you don’t have the unlock pin.  This of course requires physical access to the phone.

This procedure illustrates why it’s a damned good idea to encrypt your phone.

Step 1 – Install ADB

Go to this link and download the Android SDK and install it.  Install to the default location.  Since there’s a good chance you don’t have a 64-bit JDK installed too, go to this link and download the latest JDK for Windows x64.  Install that too.

You’ll probably also have to create a JAVA_HOME environment variable.  That’s described in the first link.

Step 2 – Install SDK Packages

Run Android Studio as Administrator.  Click Configure.  Click SDK Manager.  Click “Deselect All” then “Select Updates”.  Now, tick “Android SDK Platform-tools” under Tools, and “Google USB Driver” under Extras.  Click Install and follow the wizard.  Close the SDK Manager when done.

Close Android Studio.

Step 3 – Connect your device to ADB

Power off the phone, plug it into your computer and power it up in Recovery mode with (this is for a Samsung Galaxy S3) holding down the power button, volume up and menu at the same time.  Let go of the power button when the screen comes on.

If you don’t have a recovery installed, you’ll have to boot into the bootloader (same buttons as above just use volume down instead), and then use Fastboot to install a custom recovery (like CWM or TWRP).

Once in Recovery, go to Device Manager on your PC, and change the driver for the phone.  I used the SAMSUNG Android ADB Interface driver.

Then, fire up a command prompt in Administrator mode, go to “C:\Program Files (x86)\Android\android-studio\sdk\platform-tools” and run “adb shell”

You’re now in a basic recovery shell on the phone.  From here, you can now do pretty well whatever you want – read data, copy stuff off the phone, rewrite the recovery, change the unlock PIN, whatever.

Have fun.  Use your newfound powers for good, not evil.

Latest CM Nightly with the i9305T

Went and installed the latest nightly for my i9305T.  What I didn’t notice was the nightly is for CyanogenMod 10.2, which is based on Android 4.3 .  Since the version of Google Apps I had installed was for Android 4.2, it went badly.

Anyway, after a lot of sweating, I got the phone all back and running again with no lost data.  The take-home there is, if you install the recent nightlies (eg ) where they are CM 10.2, you have to also install the latest Google Apps (eg ) as well.

The ‘right’ way to do this now would be to download the CM package and the GApps packages, put them on your external SD card, then boot into ClockworkMod, and install the CM zip, then the GApps zip.  Reboot the phone and you should be golden.

Take a backup first using ClockworkMod.

Installing a CyanogenMod ROM onto a GT-i9305

DANGER!  Installing a custom recovery and firmware can void your warranty, and in some rare circumstances render your phone irrevocably bricked (broken).  Be aware of what you’re doing when you do this, and be aware of the consequences of installing third-party firmware.  I can’t be held responsible if your phone is bricked, buggy, or anything bad happens as a result of doing this.  

Notably, any firmware intended for the GT-i9305 will work with a GT-i9305T.  They’re the same phone, although the radio firmware likely differs.  We won’t be messing with radio firmware though.

Getting a custom firmware onto a GT-i9305 comes in a couple of steps;

  • Install a custom recovery.  We’ll use ClockworkMod for this.
  • Take a nandroid backup of the phone using CWM (pre-rooting).
  • Root the phone so that we have superuser access and can install TitaniumBackup
  • Then, we’ll root the phone, which lets you have superuser access.
  • Take backups of everything with TitaniumBackup.
  • Back up the IMEI / NVRAM data (the i9305 stores IMEI data on flash, so it’s possible for a bad firmware flash to wipe your IMEI, which is really really bad).
  • Reboot into CWM and flash the CyanogenMod 10.1 build ZIP.
  • Factory reset the phone.
  • Set it back up again.

Now, a couple of things we need to get out of the way;

Recovery Boot Modes

In order to boot to ClockworkMod Recovery mode, turn off the phone, and hold volume UP + Home + Power.  When you see the Samsung splash screen, let go of the power button, but keep holding down the other two until you see CWM’s boot screen.

In order to boot to Download Mode (used with ODIN), turn off the phone, and hold volume DOWN + Home + Power.  When you see the Samsung splash screen, let go of the power button, but keep holding the other two until you see the big Android warning.  Follow the prompts.

Host OS Choice

I did all this on a Windows 7 x64 box.  You can theoretically do this with Linux, but I haven’t tried.  Your mileage may vary with other OSes.

Let’s get cracking!

Continue reading “Installing a CyanogenMod ROM onto a GT-i9305”

CyanogenMod 10.1 for the GT-i9305 from source

Bit the bullet, and built my own CyanogenMod 10.1 for my GT-i9305T phone from source.  Works great, and that means I now have Android 4.2.2 on it!

Following is a quick piece on how to build your own CM 10.1 from source for the i9305.

First, some info, then we’ll get into it;

Reference Links

Machine Prep

I used an Ubuntu 12.10 x64 virtual machine running under VMware Workstation.  Give the machine a pretty fair amount of CPU and RAM (I went 4Gb ram and 4 vCPU since I have a quad-core box).  Build times are heavily limited by CPU.

You will also need a significant amount of disk space.  The built source tree takes up about 35Gb, so go with a 50Gb VM and you should have enough.

Once done, update the machine entirely, then from a Terminal prompt, run this to download pre-requisites;

  sudo apt-get install git-core gnupg flex bison gperf build-essential \
      zip curl libc6-dev libncurses5-dev:i386 x11proto-core-dev \
      libx11-dev:i386 libreadline6-dev:i386 libgl1-mesa-glx:i386 \
      libgl1-mesa-dev g++-multilib mingw32 openjdk-6-jdk tofrodos \
      python-markdown libxml2-utils schedtool pngcrush xsltproc zlib1g-dev:i386
  sudo ln -s /usr/lib/i386-linux-gnu/mesa/ /usr/lib/i386-linux-gnu/

Repository Synchronization

Download the repo tool and set it up;

    mkdir ~/bin
    cd ~/bin
    curl > ~/bin/repo
    chmod a+x ~/bin/repo

Create source repo for CyanogenMod and then synchronize;

    mkdir ~/cm10.1
    cd ~/cm10.1
    repo init -u git:// -b cm-10.1
    repo sync

Create the file ~/cm10.1/.repo/local_manifests/i9305.xml with this text;

        <project name="CyanogenMod/android_device_samsung_i9305" path="device/samsung/i9305" remote="github" revision="cm-10.1"/>
        <project name="CyanogenMod/android_device_samsung_smdk4412-common" path="device/samsung/smdk4412-common" remote="github" revision="cm-10.1"/>
        <project name="CyanogenMod/android_kernel_samsung_smdk4412" path="kernel/samsung/smdk4412" remote="github" revision="cm-10.1"/>
        <project name="CyanogenMod/android_hardware_samsung" path="hardware/samsung" remote="github" revision="cm-10.1"/>

Resync the repository to grab the latest sources etc for the i9305;

    repo sync

Note!  This will take a LONG time, and will download a lot of stuff!

At this point you will have an assembled source tree.  Now we need to set up the JDK and Android SDKs before we can build;

Configure Java JDK

It’s possible to build CM with OpenJDK, but it’s recommended that you build with the Sun Java 1.6 JDK instead.  So we’ll discuss how to do that.  NOTE – Doing this will change your default Java version to the Sun one instead of OpenJDK!

Download the latest Sun Java 1.6 JDK x64 ( jdk-6u43-linux-x64.bin ) and install;

    cd ~/Downloads
    chmod +x jdk-6u43-linux-x64.bin
    sudo mv jdk1.6.0_43 /usr/lib/jvm/jdk-6u43-linux-x64.bin

Configure Java alternatives;

    sudo update-alternatives --install /usr/bin/javac javac /usr/lib/jvm/jdk-6u43-linux-x64.bin/bin/javac 1
    sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk-6u43-linux-x64.bin/bin/java 1
    sudo update-alternatives --install /usr/bin/javaws javaws /usr/lib/jvm/jdk-6u43-linux-x64.bin/bin/javaws 1
    sudo update-alternatives --install /usr/bin/javadoc javadoc /usr/lib/jvm/jdk-6u43-linux-x64.bin/bin/javadoc 1
    sudo update-alternatives --install /usr/bin/javah javah /usr/lib/jvm/jdk-6u43-linux-x64.bin/bin/javah 1
    sudo update-alternatives --install /usr/bin/javap javap /usr/lib/jvm/jdk-6u43-linux-x64.bin/bin/javap 1
    sudo update-alternatives --install /usr/bin/jar jar /usr/lib/jvm/jdk-6u43-linux-x64.bin/bin/jar 1

Set the default Java version for your system to that JDK

    sudo update-alternatives --config javac
    sudo update-alternatives --config java
    sudo update-alternatives --config javaws
    sudo update-alternatives --config javadoc
    sudo update-alternatives --config javah
    sudo update-alternatives --config javap
    sudo update-alternatives --config jar

Run ‘java -version’ and check that the version matches what you installed.

Check that all the alternatives symlinks point to the JDK you installed;

    ls -la /etc/alternatives/java* && ls -la /etc/alternatives/jar

Extract proprietary files

Note, your phone will already have to be rooted in order to be able to do this.  This will extract the necessary vendor-specific proprietary files you will need to be able to build a working firmware.  If your phone isn’t rooted, root it now.

Download the Android SDK ( android-sdk_r21.1-linux.tgz ) and install;

    cd ~/Downloads
    mkdir ~/android
    tar -zxvf android-sdk_r21.1-linux.tgz
    mv android-sdk-linux ~/android/sdk

Run the Android SDK Tools with ‘android’, then select both of these components and install them;

+ Android SDK Tools
+ Android SDK Platform-tools
+ Android 4.2.2 (API 17)
– Deselect ‘Intel x86 Atom System Image’
– Deselect ‘MIPS System Image’

Let it download.  This will probably take a while.

Enable USB Debugging mode on your phone, then plug it in. In order to enable this, go to Settings -> About Phone, then tap the Build number field seven times.  This will enable Developer Options.  In Settings, go to Developer Options, and turn on USB Debugging mode.

Now, collect the proprietary files from the phone.

    cd ~/cm10.1
    . build/
    cd ~/cm10.1/device/samsung/i9305

It may be necessary to manually copy out ‘/sbin/cbd’ from your phone.  You can do this by SSH’ing out of your phone by running a terminal emulator (rooted!) on the phone and then running ssh into your Ubuntu VM.  After that’s all done, you can turn USB Debugging back off again.

Now fetch any prebuilts required for CM-10.1;


At this point, you have a completed and ready source tree, and can now build your rom.

Building the ROM

Rebuild like this (you do this the first time, and also do these steps subsequent times you want to update your build);

    cd ~/cm10.1
    repo sync
    . build/
    brunch i9305

At the end, you should find a built ZIP file in ~/cm10.1/out/target/product/i9305 .

What now?

Next up, you’re going to have to get that onto your phone.  I’ll write up soon about how to install ClockworkMod and get that newly compiled ROM into your phone.

Status Update – and Google Nexus 7

Haven’t been doing too much on the electronics front lately, hence the lack of posts.  I did go and pick myself up a $12 cable tester and associated punchdown tools (Krone and 110/88).  I discovered that some of the ethernet ports in my house were nonfunctional, so with those tools in hand I was able to fix them all up.  Annoyingly, the wall sockets require a 110 tool, but the main patch panel is Krone.  Most of the failures appear to be related to the conductors being nicked when installed or excessive strain during installation pulling them loose from the punchdown terminal.  Aggravating, but at least the cabling in the wall is fine.

I’m in the process of trying to source an Ecobee smart thermostat in Australia, and associated interface relays to let me control a 240v thermostat device using it.  However, it’s proving very difficult to get an electrician to even return a call.  When/if I can get someone to actually respond to me, I’ll post up about the Ecobee.

Lastly, on Friday I went and picked myself up a Google Nexus 7 tablet.  I’ve been using a Kindle 4 e-reader for some time, but I wanted something that can do more.  I didn’t want to get an iPad due to the size (it’s too big to effectively hold in one hand while reading on the bus), and it turns out that the iPad Mini is probably vaporware.  So, the Google Nexus 7 gets rave reviews as the best of the bunch, and it’s sporting Android 4.1.1 .  So I went out and got one.

Anyway, so far I’ve been very impressed.  Smooth, similar size to the Kindle 4, and battery life is OK (still haven’t fully tested that).  Bluetooth internet tethering to my iPhone 3GS works perfectly, and WiFi works with my work’s Enterprise-WPA2 setup.

That said, I still firmly believe that the Kindle 4 (the e-Ink display versions) are better pure book readers.  The e-Ink display is very comfortable for reading text on, and the battery life is nothing short of incredible (we’re talking weeks here on one charge, and I read for ~2 hours a day or more).  But it doesn’t support Enterprise-WPA2 for wireless, and its pretty much balls for doing anything else.

Hence the Nexus.  I often find myself wanting to do some web browsing or access some email, and the iPhone is a bit annoying for that sort of thing.  The Nexus fits the bill.