[PRERLS-REF] Root, BL, Kernel, Recovery

Search This thread

Chainfire

Moderator Emeritus / Senior Recognized Developer
Oct 2, 2007
11,443
87,753
www.chainfire.eu
This thread is left here only for historical purposes ! Now that the device has been released, easier and better methods have been developed to gain root, like CF-Root.

.
.
.
.
.

Check your device model ! Settings -> About device -> Model number. This stuff is made for the GT-I9300, if your model number has a suffix, it may not work, or if it is a totally different model, it will not work (may even brick) !

Ladies and gentlemen, we have root on the SGS3 (!)

This will all be common knowledge in the near future, but here's some info I though various devs, chefs, and users will be dying to know!

Unfortunately, I am not able to share the "insecure" kernel with you at the moment, because of fears it is traceable to the leaker (this is said to be the last traceable firmware revision).

Update: The kernel is linked at the bottom of the post.

Update: The easiest way for rooting is now CF-Root

This root is, as expected, trivial. It was a simple matter of repacking the stock kernel, with a modified adbd binary that thinks ro.secure=0 (even if ro.secure=1). This gives access to all adb root commands (see screenshots). Then SuperSU was installed manually.

Kernel

The modification was trivial, because this time around, Samsung is using the standard boot.img format, instead of the zImage format used for SGS1, SGS2, SGNote, etc, that is much harder to repackage.

This is also why I don't feel particularly bad about not giving you the insecure kernel - any serious dev on this board can do the same thing in 10 minutes.

Recovery

The recovery partition is also being used this time around. And thus we can flash recoveries separately from the kernel.

Bootloaders

There was no warning triangle at boot-up after flashing the modified kernel, but download mode did show a custom kernel flash counter which increased. Whether or not flashing a custom recovery also triggers this counter is as of yet unknown. Both flashing kernel and/or flashing recovery will trigger the flash counter!

Final note

This was all tested on a current (release candidate) SGS3 firmware. There may be a newer firmware on true retail/production devices. Though some things may change, it is unlikely to change much. Let's hope nothing :)

Also, Triangle Away did not work. They have hidden the boot partitions again as on the latest SGNote firmwares.

(No, I don't have an SGS3 yet, everything was done remotely)

Now, everybody say thanks to Samsung! I don't always agree with them, but so far they have been the first and IMHO still are the only high-end Android OEM who aren't complete douchebags in the unlock department!

Download

The instructions below assume some basic knowledge about Samsung devices. This is not a noob-proof guide.

Here's the "insecure" kernel, based on XX NEE ALE8 firmware:

CF-Insecure-SGS3_XX_NEE_ALE8-v1.2.zip

- Extract the linked file (you will get a .tar file)
- Use the ODIN version attached below to that .tar file to your SGS3 as "PDA"

Going from insecure to full root

After having flashed the insecure kernel, boot your phone, and make sure USB debugging is enabled.

Your device is now insecure, so you can use the adb root commands. This does not allow your on-device apps to get superuser access, though. For that, you need to install SuperSU:

Download and extract the sgs3-root-install.zip file, containing SuperSU v0.89. Make sure adb is running correctly, then just double click install.bat (this will reboot your phone).
 

Attachments

  • root.png
    root.png
    28 KB · Views: 24,714
  • remount.png
    remount.png
    23 KB · Views: 24,164
  • Odin3-v1.85.zip
    198.4 KB · Views: 50,891
Last edited:
S

samit.mahap

Guest
Ladies and gentlemen, we have root on the SGS3 (!)


(No, I don't have an SGS3 yet, everything was done remotely)

bravo my friend:) i hope the candle wasnt the inspiration or errr turpitude:D dayyyyymn:D.....nough said....thanks for leading the way;)
 
Last edited:

ogdobber

Inactive Recognized Developer
Nov 4, 2008
3,256
1,827
thats great. i hope they don't 180 on the boot.img format.
 

E:V:A

Inactive Recognized Developer
Dec 6, 2011
1,449
2,218
-∇ϕ
I'd be very reserved with yelling "Tjohoo" at this point. Things can change a lot between a developer version (which I assume is the one on Chainfire's hands) and a fully commercial shipper version. Let's just hope Samsung stay cool, and don't cause us more trouble than necessary, like has happened with the HTC One X...
 

dstruct2k

Senior Member
Jan 31, 2008
1,253
937
Winnipeg
Google Pixel 4
Grats on the fast work man, and even more impressive is that it was done remotely on Windows 8! I've heard a lot of people having issues just getting ADB to work on Windows 8, and yet you managed to root a device for the first time ever using it without even physically having the device!

You truly are an inspiration to this community. :)

---------- Post added at 02:06 PM ---------- Previous post was at 02:05 PM ----------

I'd be very reserved with yelling "Tjohoo" at this point. Things can change a lot between a developer version (which I assume is the one on Chainfire's hands) and a fully commercial shipper version. Let's just hope Samsung stay cool, and don't cause us more trouble than necessary, like has happened with the HTC One X...
He doesn't have any device in his hands, that's what makes this even more impressive!
 
  • Like
Reactions: mikeybaby72

Top Liked Posts

  • There are no posts matching your filters.
  • 322
    This thread is left here only for historical purposes ! Now that the device has been released, easier and better methods have been developed to gain root, like CF-Root.

    .
    .
    .
    .
    .

    Check your device model ! Settings -> About device -> Model number. This stuff is made for the GT-I9300, if your model number has a suffix, it may not work, or if it is a totally different model, it will not work (may even brick) !

    Ladies and gentlemen, we have root on the SGS3 (!)

    This will all be common knowledge in the near future, but here's some info I though various devs, chefs, and users will be dying to know!

    Unfortunately, I am not able to share the "insecure" kernel with you at the moment, because of fears it is traceable to the leaker (this is said to be the last traceable firmware revision).

    Update: The kernel is linked at the bottom of the post.

    Update: The easiest way for rooting is now CF-Root

    This root is, as expected, trivial. It was a simple matter of repacking the stock kernel, with a modified adbd binary that thinks ro.secure=0 (even if ro.secure=1). This gives access to all adb root commands (see screenshots). Then SuperSU was installed manually.

    Kernel

    The modification was trivial, because this time around, Samsung is using the standard boot.img format, instead of the zImage format used for SGS1, SGS2, SGNote, etc, that is much harder to repackage.

    This is also why I don't feel particularly bad about not giving you the insecure kernel - any serious dev on this board can do the same thing in 10 minutes.

    Recovery

    The recovery partition is also being used this time around. And thus we can flash recoveries separately from the kernel.

    Bootloaders

    There was no warning triangle at boot-up after flashing the modified kernel, but download mode did show a custom kernel flash counter which increased. Whether or not flashing a custom recovery also triggers this counter is as of yet unknown. Both flashing kernel and/or flashing recovery will trigger the flash counter!

    Final note

    This was all tested on a current (release candidate) SGS3 firmware. There may be a newer firmware on true retail/production devices. Though some things may change, it is unlikely to change much. Let's hope nothing :)

    Also, Triangle Away did not work. They have hidden the boot partitions again as on the latest SGNote firmwares.

    (No, I don't have an SGS3 yet, everything was done remotely)

    Now, everybody say thanks to Samsung! I don't always agree with them, but so far they have been the first and IMHO still are the only high-end Android OEM who aren't complete douchebags in the unlock department!

    Download

    The instructions below assume some basic knowledge about Samsung devices. This is not a noob-proof guide.

    Here's the "insecure" kernel, based on XX NEE ALE8 firmware:

    CF-Insecure-SGS3_XX_NEE_ALE8-v1.2.zip

    - Extract the linked file (you will get a .tar file)
    - Use the ODIN version attached below to that .tar file to your SGS3 as "PDA"

    Going from insecure to full root

    After having flashed the insecure kernel, boot your phone, and make sure USB debugging is enabled.

    Your device is now insecure, so you can use the adb root commands. This does not allow your on-device apps to get superuser access, though. For that, you need to install SuperSU:

    Download and extract the sgs3-root-install.zip file, containing SuperSU v0.89. Make sure adb is running correctly, then just double click install.bat (this will reboot your phone).
    16
    Insecure kernel has been posted :)

    EDIT: Guide has also been posted
    6
    In the opening post it says use ADB to push SU, will this be relevant once all the Custom ROMS and Recovery become Available with (hopefully) the corresponding CF-Root kernels a la SGS2 by our resident geniuses?
    Also just to be 100% this is a permanent ROOT?

    Nah, this is just the difficult way because ... its easy to make. I don't have a device :)

    The "usual" way to root a device with separate kernel/recovery is to flash a recovery, then flash root through recovery. But there's no rules... it's pretty much whatever you want.

    Some people will say through recovery is the only "proper" way, I say "bla" to those people. There are like 10 ways to do this.
    6
    Only extracted zimage with odin? Think MobileOdin isnt working yet because you have no device, right...

    ... tapat*lked

    Right... but Mobile Odin will show up soon :)
    5
    So is the GSIII bootloader unlocked from factory or did it require a bootloader unlock?

    As with the SGS1, SGS2, and SGNote, it was never locked to begin with.