Note3Recover
Since I had to recover a
Samsung Note 3, all the steps mostly lean towards Samsung phones.
Scenario
- Password forgotten! (you may think that this cannot happen to you, but it surely can! :-) )
- Android Device Manager password reset doesn't work (and it didn't BTW! at least I could give this a try as WiFi was on)
- Phone not registered with Samsung Recovery (good tha they have an alternate to ADM!, unlike ADM, you need to explicitly register your device - the one I was handling wasn't registered)
- Un-rooted phone, with stock Android recovery
- USB debugging disabled!
For the impatient
TL;DR summary
- Install Samsung CDC drivers
- Get the right device code (this one is
ha3g
)
- Get the right custom recovery image (TWRP or CWM)
- Use a firmware flashing utility which works for you (Odin or Heimdall)
- Flash the recovery image.
- Boot into recovery mode, and delete the password files.
Thats it!
Details
But,... the
devil is in the details!
USB drivers
Get the
Samsung CDC drivers and make sure you OS detects the phone.
(If you are on Windows 10, and want to connect with
ADB - Samsung doesnt have ADB drivers for Windows 10!)
Device Code Name
Now, this is one confusing thing! all the custom ROMs refer/name their images by phone's
code.
The Samsung Note 3, for e.g. has multiple versions - the
Sprint,
Verizon and
International. At first glance it might seem like
"Ah! I bought it in India, and its not tied to any carrier, it must be international",... sorry! not that simple - you should know the correct CPU and Model (In this case the version is
ha3g
and the CPU is called
Exynos though its not mentioned
anywhere on the box or manuals! the model is
N900
- this is easy should show up when the phone starts up)
Firmware Flash utility
2 choices here:
- Heimdall (FOSS, available on Github. Binaries packages for both Windows and Linux available)
- Odin (Leaked [from Samsung] Windows application)
Tryst with Heimdall
Since I have a love for
FOSS, I was hell-bent to get Heimdall to work, and it had a cool command-line! I downloaded and built the
latest version from source! (on Ubuntu
14.04
). But, it didn't work! I could not figure out what the problem was! Tried Windows binaries too, and with USB
2.0
and
3.0
port (with
3.0
port it would'nt even detect the phone!)
(the good part of trying Heimdall: I got to know a little bit about
partitions and PIT [Partition Information Table])
A note on USB versions: If you do not know how to recognize the ports: peep into the USB socket, BLUE means 3.0
and YELLOW is 2.0
.
Odin, finally
Odin is supposedly too picky: picky about the port, the cable etc.
From what I read, if in case the phone is not detected on one port, try changing to another port and try using a different cable (in my case I had the original USB cable that came with the phone, and it was a USB3.0 - it got recognized instantly)
Odin's messages and the UI aren't too friendly either!
Custom recovery image
Here, again there are quite a few choices:
- ClockWorkMod (CWM) - Development Ceased
- Team Win Recovery Project (TWRP) New and cool
- CyanogenMod Recovery (CR)
I could not find the CWM image for
ha3g
(though I could not find one for
hltexx
- not Exynos!).
CR is still new!
Initially, tried with whichever version of TWRP image that I could get, but Odin wouldn't flash it!
It would give this error message:
NAND Write Start!!
FAIL!
At first I thought it had something to do with the NAND flash storage! but after a lot more research found that it could be due to the type of image being written. I had to do 2 things to be able to successfully flash:
- Get the latest TWRP (
2.8.6.0
recovery image, bundled as a .tar
)
- Extract the
.img
from the .tar
and convert it to a .tar.md5
(I found a script on XDA forums which did this)
And, finally Odin could flash the image to mobile!
You should put the mobile to Download Mode to write to flash, and that is achieved by pressing down Volume-Down, Home and Power keys together on Samsung
Recovery mode
You need to know how to get to recovery mode first, press down:
Volume-Up +
Home +
Power keys and hold till logo flashes (do not confuse with
Download-mode!)
The catch here is: though we flashed the TWRP recovery, the phone tries to be smart and replace with stock recovery if you let it reboot by itself! The remedy is to boot into TWRP
immediately after the flash! i.e., once flashed do not let it restart normally (un-check
Auto-Reboot in Odin)
Ah, TWRP!
Now, this is cool! if you ever have seen the default Android recovery and then compare with TWRP!, its like comparing age old
feature phones to the moden day touch phone!
TWRP has touch interface and neat buttons, you can pretty much do away without reading any manuals - thanks to the neat, and simplified UI.
Play safe
First thing I did after I could get to TWRP was to insert a microSD card, and take a backup of data, so that I could continue my RnD (it takes a
NANDroid backup, which it can restore).
Recover/Remove?
I tried to pull out the
locksettings.db
and run some SQLite SQL queries to get the MD5 encoded password, and
salt. At this stage, I didn't want to go any further. So, I came back to TWRP and deleted the 2 key files
/data/system/password.key
and
/data/system/gesture.key
(though I knew it was
password-locked and not gesture locked).
On reboot - No password! :)
Nothing lost - all contacts and data intact.
Thanks
- To this post for motivation! (so many Samsung service centers told me that its not possible, and that factory-reset [with data loss] is the only option!)
- To this guy for the script
- For many other detailed posts, step-wise procedures and YouTube videos which Android lovers have patiently put together.
- And, of course to TWRP! I donated
$15
towards the development (~1K
/-)