Wednesday, July 11, 2012

CM9 Notes for Sprint SGS3

This page contains the current development status of CM9 for Sprint SGS3.  Follow us on Google+ for latest development news about this phone.

  qbking77's review of CM9 nightly build July 11th, 2012
Known Bugs in CM9 Nightly Builds
  • Asks you to Activate at first boot when you don't need it.  If you do Activate, it gets stuck.  Skip it.
  • Phone app crashes during first boot.
  • Camera crashes often.
  • Signal strength reporting is broken.
  • MMS receive is broken.
  • Charging light does not behave as expected.
  • Data does not work during phone calls.
  • Camera can sometimes get stuck on after the app has closed/crashed, draining the battery until you reboot.
  • LTE is not supported.
  • <other things are broken, we just haven't written it here yet>
Dual Boot
Currently the safest method to play with CM9 on your Sprint SGS3 is with dualboot CM9-on-EMMC, which allows you to temporarily boot into CM9 while keeping your phone's standard ROM intact.  Later when CM9 becomes more dependable, you may wish to switch to CM9 as your phone's standard ROM.
Google Wallet's NFC Secure Element has the potential to become permanently damaged if you switch ROM's or reset data without first instructing the Google Wallet app to reset itself.  Prior to installing CM9, you should run the Google Wallet app in Samsung's ROM.  Hit the Menu button > Settings > Reset Google Wallet.
Install Guide
If you wish to install CM9 onto your Sprint SGS3 as your standard ROM, follow these below steps.
  1. Download the following .zip files and put them into the internal storage of the phone.  Samsung's ROM calls it /sdcard.
    • Download the latest Sprint SGS3 nightly build from
    • Optionally download the latest gapps.
  2. Install CWM for SGS3 LTE variants.
  3. Power Off.
  4. Boot into CWM Recovery
    • Power on, immediately hold Volume Up, Home and Power buttons. Let go when you see tiny blue text near the top of the screen.
  5. Optional: Create a Backup.
  6. Wipe Data/Factory Reset.
  7. install zip from sdcard > choose zip from internal sdcard >
    • Flash the CM9 .zip
    • Optionally flash the gapps .zip

Dualboot CM9 on SGS3 LTE (Sprint, T-Mobile, AT&T)

This method CM9-on-EMMC allows you to run CM9 on your SGS3 LTE while leaving the stock ROM and kernel intact.  The alternate ROM is stored in /sdcard/multiboot/CM9 of the "internal sdcard" storage.  Booting the alternate ROM is temporary.  Reboot the phone to return to the standard ROM.

Supported Phones
Currently only Sprint SGS3 CM9 nightly builds contain the requisite kexec kernel support. Other SGS3 LTE variants can be easily supported later when they gain kernel support.

  • Install CWM SGS3 LTE.  You must have version 5+ for kexec support.
  • Download the following files and put them in the internal storage, Samsung's ROM calls it /sdcard
      • Mirror [1] [2]
      • md5sum cd6bdf2e37299641d81aa135dc58814c
      • Check this page periodically for updates as we plan on improving this toolkit in the future.  TODO list:
        • Automate internal sdcard bind mounting/unmounting.
    • CM9 nightly build from
      • Sprint SGS3 is d2spr.
      • See the known bugs here.
    • gapps
  • Your SGS3's internal storage must have at least 1GB available.
Important Warnings!!!
  • Do Not Install Google Wallet: Google Wallet's NFC Secure Element has the potential to become permanently damaged if you switch ROM's or reset data without first instructing the Google Wallet app to reset itself.  In order to avoid errors and the potential for permanent phone damage, we recommend not installing Google Wallet within CM9-on-EMMC.
  • Do Not Install ROM Manager: It can cause unexpected problems if you attempt to use the ROM Manager app to flash any .zip from CM9-on-EMMC.

Install CM9-on-EMMC
  • Boot into CWM Recovery (TeamEpic's v5+)
  • install zip from sdcard > choose zip from internal sdcard >
    • Flash
    • This will create and format empty disk images in /sdcard/multiboot/CM9/
  • choose zip from internal sdcard > multiboot > CM9 >
    • Flash
    • This reboots into the red colored FakeCWM.
  • choose zip from internal sdcard >
    • Flash
    • This makes the internal sdcard available in FakeCWM.
  • choose zip from internal sdcard >
    • Flash the CM9 nightly build .zip.
    • Optionally flash gapps.
Upgrade CM9-on-EMMC
  • Boot into CWM Recovery v5+.
  • Flash multiboot/CM9/ to reboot into Red FakeCWM.
  • Flash CM9 update zip.
  • Flash multiboot/CM9/ in order to reboot into CM9.
How to Boot CM9-on-EMMC
  • From either CWM v5 or FakeCWM, choose zip from internal sdcard > multiboot > CM9 >
    • Flash
How to Reboot into Standard ROM
  • From CM9, if you Reboot or Power off, the next time your phone boots it goes straight into CWM.
    • Choose "reboot system now" and will reboot into the standard ROM.

Sunday, July 8, 2012

Kexec, and a Proof-of-Concept Source-Built Kernel for the Verizon SGS3

Here at Team Epic, we're excited that five US carriers are releasing nearly-identical models of the Samsung Galaxy S III.  Although we're focused on the Sprint model, such similarity across devices allows us to share code and ideas with development teams that focus on the SGS3 for other carriers.

Thus, we were disappointed to learn that the Verizon SGS3 model ships with a "locked" bootloader, that refuses to boot custom kernels.  We frown upon this situation, as such restrictions limit users' capability to make the best of devices they own.

However, it's been recently discovered that the Verizon SGS3 is capable of booting custom recoveries.  Also recently, we've finished porting kexec hardboot—a method of booting kernels through recovery without needing to flash them to the device—to the Sprint SGS3, a feature that would also enable Verizon SGS3 users to make use of custom kernels despite the locked bootloader.

And so, we now announce a proof-of-concept source-built kernel for the Verizon SGS3, complete with kexec hardboot support.  This kernel serves a few purposes:
  1. To be included in custom recovery images, as it proves the capability of booting-via-kexec custom kernels from recovery.
  2. To serve as a proof-of-concept boot kernel, to demonstrate that custom kernels are capable of running on the Verizon SGS3 in its present form.
  3. Allow a convenient method to multiboot into alternate ROM's.  For example, after CM9 for SGS3 LTE becomes available, bbelos will have a toolkit for you to install CM9-on-EMMC.  This allows for rapid, temporary use of alternate ROM's without any changing anything about your phone's standard ROM.
We hope that our kexec port, as demonstrated by our proof-of-concept kernel, proves useful to Verizon SGS3 developers and users.  However, beware that by virtue of the device shipping with a (partially) locked bootloader, a subsequent OTA update may remove the Verizon SGS3's ability to use the kexec hardboot approach in the future.  Thus, we warn Verizon SGS3 users to not apply any over-the-air (OTA) update, until it is first confirmed that custom recovery booting remains intact.

To Try Our Proof-of-Concept Kernel

WARNING: This is a proof-of-concept kernel intended for developers and experienced testers.  It offers no new features in addition to the stock kernel.  While we don't expect these kernel images to cause touble, improper installation of these kernel images may cause irreparable harm.  Use at your own risk.

1. Download the recovery.img (MD5: f1c01ad20e02751a73188f173eb412ca), which combines our source-based kernel with our previously released CWM v4.

2. Flash the recovery.img following these instructions, that is:
adb push recovery.img /sdcard/
adb shell
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p18 bs=256k

3. Download these additional files:
  • boot.img (MD5: 30f89f6a6816c13bac2a39b419288d94), which combines our source-based kernel with the stock LF2 initrd.
  • (MD5: 84a3f98c194f6dedc583dbc75ccc34c2) or (MD5: 88904d7e69d455ff88756b4d1ad79aac), which are applied in recovery to kexec (boot) the custom boot.img.

4. Place boot.img either on the internal SD card (the /sdcard/ folder), or on the external SD card (the /mnt/extSdCard/ folder).

The boot.img kernel boots directly out of one of these folders, it will not (and should not) be flashed to the device.

5.  If you're using the internal SD card, place in /sdcard/ as well.  If you're using the external SD card, place in /mnt/extSdCard/.

6. Reboot into recovery.

7. If using the internal SD card, select "choose zip from internal sdcard", then "".  Alternatively, if using the external SD card, select "choose zip from sdcard", then "".

At this point, the device should reboot "in the middle" of applying the update, temporarily booting boot.img.  If the update "completes" and returns to the CWM menu, kexec has failed.  Please check the locations of boot.img, and or

8.  Once booted, the custom kernel can be confirmed by checking "Kernel version" in "Settings", "About device".  It should report:
ic382@ganon #1
SMP PREEMPT Sun Jul 8 04:27:58 EDT

9. To reboot into the stock kernel, select "Restart" from the Power menu, which will actually reboot into CWM recovery.  Press the Power button to select "reboot system now" and leave recovery.

Known Issues

At preset, reboot behavior while running kexec'd kernels is unusual.  Selecting "Restart" from the Power menu reboots into recovery automatically.  If the device is powered off, it may reboot into recovery on the next power on.  LPM (battery charging) mode may also not work immediately after powering off from a kexec'd kernel.

We are presently working to address these reboot issues in our SGS3 kexec port.  The problems are temporary, and resolve the next time the stock kernel is booted.  Should at any time the device appears frozen and unresponsive, holding the Power button for 5-10 seconds should force a reboot.  Alternatively, try holding Volume-up, Home, and Power to reboot into recovery.

Finally, at present, kexec hardboot is capable of booting source-based kernels only, as patches to the Linux decompressor are required to pass the appropriate boot options to the kexec'd kernel.

Kernel Sources

As of writing, Samsung has yet to release the official Verizon SGS3 (SCH-I535) kernel sources.  Our proof-of-concept kernel is built from the Sprint SGS3 (SPH-L710) source tree using the included m2_vzw_defconfig.

Our kexec hardboot port and additional examples are available on GitHub:
Finally, for those interested: technical details of the kexec hardboot approach.  This was originally written for the Epic 4G, but the description applies to all devices kexec hardboot has been ported to.

If you appreciate our work, please consider supporting Team Epic with a tiny contribution!

Thursday, July 5, 2012

Sprint SGS3 CM9 Status & Development Plan

Follow us on Google+ or Facebook for the latest development news!  Join us in IRC Chat on Freenode channel #gs3-sprint.

Current Status Updated: 7/8/2012
  • 7/8/2012: kexec for SGS3 LTE variants and a proof-of-concept kexec-based method to bypass Verizon's boot loader lock and allow modified kernels is on this page.  Awesome work, mkasick!
  • 7/5/2012: CWM Install and Root .zip are both demonstrated in QBKing77's video here.
  • 7/3/2012: Root from Recovery .zip version 5 has been released.  v5 cleans all previous root methods that conflict with the cleanest root method provided in this tool.  If you already have working root with version 4, you do not need to upgrade.
  • 6/30/2012: Sprint SGS3 received the LF9 OTA update from Sprint today.  If you used our previous root method, applying this OTA update works.  After applying the update, you need to flash the latest version of our Root .zip in order to retain custom recovery and root status.  You may also want to upgrade to CWM for SGS3 LTE variants version 4 as it contains an important fix for backups.
    • Reportedly LF9 fixes the Google Wallet not Certified issue.
    • If you deleted things from stock Samsung ROM, OTA will fail.  You need to restore the stock system image and stock kernel in order for OTA to succeed. 
  • 6/29/2012: Sprint SGS3 Stock Restore allows you to restore your rooted stock ROM to a "Normal" unmodified state. 
  • 6/29/2012: bbelos and warren updated the Temporary-CM9-on-EMMC plan written below.  kexec is getting closer to working.  As soon as kexec is working, we'll be able to implement this plan to make CM9 development and testing safer and faster.
  • 6/28/2012: noobnl fixed a few problems in the SGS3 CDMA RIL (provisioning, hang up, crashes).  There still remain other major issues (source-built audio, signal strength, mms) that need to be fixed before CM9 is ready for public testing.
  • 6/27/2012: CWM recovery for all SGS3 variants has been updated to v2 (6/29/2012 now v3).  It can now access/write to external sdcards during CWM recovery and enables key repeat..
  • 6/24/2012: Unroot from Recovery removes root from SGS3.
  • 6/23/2012: Root from Recovery allows you to root Samsung's stock ROM by flashing a .zip in CWM.  Tested on SGS3.
  • 6/23/2012: noobnl fixed 3G.  Audio built from source is still busted.  bbelos is beginning work on kexec this weekend.
  • 6/22/2012: noobnl's CWM recovery for all SGS LTE variants is here.
  • 6/21/2012: The 16GB version of the phones arrived for noobnl and bbelos while the 32GB's were delayed to maybe next week.  Apparently the kernel source provided by Samsung is broken.  They continue work on it.
  • 6/20/2012: CM9 reportedly is booting on the GSM variant of SGS3 LTE.  Currently audio is completely busted and there are numerous other problems.  Our Sprint variant may have additional challenges for CDMA support.  We will learn more soon... when we actually have the phones!
ETA: Sometime before entropy death of the Universe.  (No promises.  Don't ask.)

Team Epic's Rough Plan
  • Implement CWM and TWRP recovery for Sprint SGS3.
  • Figure out differences between Sprint and GSM variants and merge changes into CM9.
  • If we can, help fix the common SGS3 LTE features like audio.
  • Implement kexec for the SGS3 LTE kernel.  Kexec makes testing new kernels safer and faster, thus hastening all future development.  It also enables the following development tools and utilities.
Temporary CM9-on-EMMC
  • In the early days of CM9 development, this will allow users to use Samsung's ROM for a known good stable phone.  They can reboot into CM9 and back into Samsung ROM in order to easily compare ROM behavior.  This aids in CM9 development and testing.
  • CM9-on-EMMC uses loopback mounts to boot an alternate Android operating system from an alternate kernel booted via kexec.
    • /data/media/multiboot/CM9/system.ext4.img -> /system
    • /data/media/multiboot/CM9/data.ext4.img -> /data
    • /data/media/multiboot/CM9/cache.ext4.img -> /cache
  • The drawback of this approach is you are unable to mount the underlying storage as USB Mass Storage.  For this reason, loopback mounted Android ROM's are best for for only temporary testing purposes.
  • Actual implementation is more complicated due to "internal sdcard" not having its own storage, but it actually lives in /data/media as part of the ext4 /data filesystem.  Thus bbelos and warren came up with this plan.
    • During temp ROM boot, mount the block device that is normally data as /internalmmc.
    • Then loopback mount /internalmmc/media/multiboot/CM9/data.ext4.img as /data
    • mkdir /data/media; chown/chmod
    • mount --bind /internalmmc/media/ /data/media
      • This makes "internal sdcard" accessible to the temp ROM.
  • We plan on implementing a fakeflash emmc CWM recovery as a convenience utility.  It is the same thing as standard CWM, except mount points are changed to the above loopback devices.  Rather than explain it further, it can be used in this way.
    • Boot CWM.  Flash
    • Title and colors are different, to remind you this is a different CWM.  Formatting, mounting filesystems, or flashing any .zip here manipulates the loopback devices instead of the phone's standard partitions.
    • Use this fake recovery in order to flash new CM9 .zip test builds or to manually manipulate the CM9 filesystem if you are unable to boot.
  • Fake CWM Details
    • Override the update-binary used to flash the .zip.  Instead of flashing the kernel to the phone, it rewrites /data/media/multiboot/CM9/zImage.  update-binary would need to unpack zImage from the boot.img, and strip out the initramfs.  Temp ROM kernels use a replacement initramfs.cpio.gz loaded by kexec.
    • Remove Nandroid Backup/Restore.  Why?
      • CM9 really doesn't need it much at all.
      • Users can more intuitively make copies of multiboot/CM9/*.img if they want backups.
      • Backups made by fakeflash CWM would be visible to real CWM, and the user can screw up their phone if they restore it by accident.
    • The override update-binary must also delete the ROM Manager apk.  Why?
      • Reboot into CWM to flash a .zip would work, but would seriously mess up the phone!
      • For this reason the user MUST manually CWM then fakeflash CWM if they want to manipulate CM9.
  • Installer Plan 
    • It creates /data/media/multiboot/CM9/*.ext4.img /data/media/multiboot/CM9/ kexec launcher, and a CWM fakeflash .zip described above.
    • /data/media/multiboot/CM9/*.ext4.img are empty, ext4 formatted images.  You use the CWM fakeflash to install CM9 from a standard CM9 .zip.  This way the is tiny, and we don't have to update it.
    Temporary SamsungROM-on-EMMC
    • After CM9 becomes usable as a daily driver ROM, we can reverse it and make it possible to temporarily boot Samsung's ROM from loopback images stored on EMMC.  Like the Epic and E4GT, this approach remains useful for a few purposes.
      • Update PRL/Profile on CM9 phone without flashing back to stock.
      • Sprint Activation
      • Dial Codes, Diagnostic Mode
      • Possibly needed to recalibrate sensors (like Epic) or fix GPS (like E4GT)
      • Boot SamsungROM to compare behavior with CM9, aid in CM9 development.