Samsung Galaxy S III (SGH-i747) Complete CM10 Update Guide
2012-11-28 14:11My employer graced me with an awesome new flagship Android handset, the AT&T variant (SGH-i747 / d2att
) of Samsung’s Galaxy S III. The hardware is powerful and sleek, but I find Samsung’s Touchwiz UI skin less usable and much less attractive than Google’s AOSP UI. Luckily, there are many AOSP-derived versions of Android available. Let’s switch to one!
In celebration of the stable release of Cyanogenmod 10.0, a popular AOSP-based third-party version of Android, here’s a complete guide to take an unmodified i747 to CM10 without tripping the device’s internal flash counter.
Preparation
Install the Android SDK on your computer. This guide assumes you have the platform-tools
directory in your PATH
environment variable, such as PATH=$PATH:/Applications/android-sdk-macosx/platform-tools
. You will use adb
, the Android Debug Bridge, to control and communicate with your handset from your computer over USB.
Enable USB debugging on your handset in System Settings under the Developer Options section. Connect the device to your computer, and you should be able to see your device listed in adb devices
.
NVRAM backup
Before continuing, trigger your device’s built-in method to back up the IMEI and carrier identification data stored in NVRAM. This will copy the contents of the modemst1
(mmcblk0p12
) partition to fsg
(mmcblk0p21
) and the contents of modemst2
(mmcblk0p13
) to backup
(mmcblk0p20
). The data in these partitions identifies your device to its mobile network for data service and can be lost as one result of a bad flash.
Your device will reboot and display two lines of small blue text momentarily as the backup commenses. The process takes no more than a few seconds. Should you ever need to restore, adb reboot nvrestore
. Do not attempt an nvrestore
if you haven’t performed your own nvbackup
or you will find your IMEI overwritten with the all-zeros factory backup.
Obtain root
Most other SGS3 root guides involve flashing a modified OS image with Samsung’s ODIN flasher. Running ODIN was a fantastic frustration on my Macbook, so I prefer this debugfs method originally covered on XDA-Developers. This exploit works by symbolically linking the /system
partition’s block device to a temporary location and editing the filesystem with the debugfs ext filesystem debugger to inject the su binary into that otherwise-protected partition.
Download the archive, extract it, then use adb
to move the debugfs
and su
binaries to the /data/local/
directory on your device.
Open a shell on your device. Commands executed inside the adb shell
run on your handset.
Inspect the available block devices to make sure we’re operating on the correct partitions. system
should mount from mmcblk0p14
and recovery
from mmcblk0p18
.
Rename the original tmp
directory, then link /system
’s block device there and exit your adb shell.
Reboot the device.
Grab another shell on the freshly-booted device. Make the debugfs
binary executable, then use it to edit the block device you just linked to tmp
.
At the debugfs:
prompt, enter the xbin
directory, remove the dummy su
binary, inject the new su
, make it executable, and set its ownership to 0:0.
Note: expect a “File not found by ext2_lookup while trying to resolve filename” error when removing the dummy su. Just continue.
With that done, remove the block device symlink, restore the original tmp
, and reboot the device.
Grab a shell on the rebooted device and run the su binary we injected.
You should get a root user shell. Run id
to check.
Are you uid=0
/ gid=0
? Success!
Update su
Install Superuser from the Play Store and use it to update the copy of su
we just injected.
Custom Recovery
“Recovery” in the Android world refers to a bootable partition separate from the main OS providing functionality such as backups and backup restoration, installing system updates, and wiping user data. Replacing Samsung’s recovery with a third-party version allows you to install update archives not signed by the manufacturer, including Cyanogenmod.
Download the latest d2att
version of TWRP and push it to your device with adb
.
Copy the custom recovery image over the recovery
partition’s block device with dd
, then reboot to your new recovery. Exercise caution with dd
, and double-check your command before accidentally overwriting an incorrect partition.
Reboot to your newly-installed recovery.
Create a complete (OS, apps, user data) backup of your stock Samsung firmware in recovery by tapping “Backup”, and swiping to start. This backup contains the entire Android operating system, all installed applications, and all user data. You can restore this backup at any time if you find yourself dissatisfied with CM10.
Return to the main menu of TWRP and touch “Reboot” then “System” to exit recovery and boot Android.
Note: You may see ClockworkMod Recovery (CWM) mentioned elsewhere around the web. CWM is another extremely popular third-party recovery for Android devices and is functionally equivalent to TWRP.
User data backup
With superuser access you can now install TitaniumBackup and use it to back up your applications and settings individually for later restoration in CM.
Back up (“App+Data”) any application you want to save along with “Accounts” (your Google account information), saved Wi-Fi passwords, SMS/call history, and anything else that catches your eye. The paid version of the application, pictured here, supports batch backup.
:files:
Fetch the newest stable release of Cyanogenmod for d2att. That’s 10.0 at the time of this writing, cm-10.0.0-d2att.zip
. This is the base Android operating system.
Grab the newest Google Apps (“gapps”) package matching your Android version. CM10 is based on Android 4.1, “Jelly Bean”, so download the latest jb
gapps package compatible with that version. At the time of this writing it’s gapps-jb-20121011-signed.zip
. This contains the Play Store, Google accounts support, and other proprietary Google applications not included in Cyanogenmod.
Note: Check the release notes for the gapps package you’re downloading. Versions build for Android 4.2.x or newer will break the Android 4.1.2-based CM10 in catastrophic ways.
Download TitaniumBackup_latest.apk from the Titanium Backup site. You’ll side-load this to restore your Google account information in CM, since you can’t install TB from the Play Store without a logged-in Google account.
Optionally, download any additional flashable zips you want to include. I use the KT747 kernel and the flashable version of the excellent Cerberus mobile device management package.
Push these files to your device in an accessible location.
Erase and Flash
Reboot to recovery using the SDK.
adb reboot recovery
Clear out the remnants of the stock OS by tapping Wipe -> Factory Reset. This will erase the /data
and cache partitions containing your user data and installed applications. Be sure not to erase your internal faux-SD storage or your external SD cards if you have one.
Once erased, tap “Install” at the main menu and browse to the update archives you pushed in the previous step. Flash CM itself first, then gapps, then any extras.
Restore
Reboot to your freshly-flashed CM. The Android first-run wizard will prompt for your Google account credentials. Hit “Skip” if you wish to restore your accounts through Titanium Backup.
Enable side-loading of APKs in System Settings under Security, then open CM’s included File Manager and browse to your TitaniumBackup APK. Install it, then open the application and use it to restore Accounts, applications, and anything else you backed up from the stock OS.
Miscellany
The only bit of functionality I missed from Touchwiz is Smart Stay, a feature that keeps the screen on if it detects a face with the front-facing camera. You can duplicate this functionality on AOSP by installing ISeeYou or SmartStay EX.
Conclusion
That’s it! You’re done! You may now enjoy the best of the excellent Samsung hardware, the beautiful AOSP Android interface, and the enhancements of Cyanogenmod 10.