I know that many people are having this problem and I hope we can find a solution here together.
I've already tried many things to restore my IMEI, a little background:
- Lost my IMEI when I flashed stock rom to unroot the phone.
- Tried flashing different firmwares (LATAM, RETBR, I think they are the same).
- I don't have an EFS Backup.
When I dial *#06#* my IMEI is shown as "0", when I use "mfastboot getvar all" or "mfastboot getvar imei" I can still see my correct IMEI (as shown on the phone box).
On CQATest the only error that I can see is right on the IMEI tab:
Phone ICCID Compare with SIM ICCID: ERROR
Anyone can suggest something that might correct this problem? I don't think anything could make it worse and I'm willing to try everything...
EDIT: Obviously, I can't connect to my mobile network.
This is why I didn't even unlock mine so far.seems many have had this issue
I've seen some people saying that this can occur after flashing fsg and modem plus erasing modemst1 and modemst2.
If I knew that before I could have flashed the stock rom without touching on this images, I don't think it would make any difference.
rfameli said:
I've seen some people saying that this can occur after flashing fsg and modem plus erasing modemst1 and modemst2.
If I knew that before I could have flashed the stock rom without touching on this images, I don't think it would make any difference.
Click to expand...
Click to collapse
From my past moto experience always avoid flashing bootloaders & modems, system files can be flashed without any issues in most circumstances. The only change would be if there's a major update that requires bootloaders and modem images.
As a rule, wait before flashing firmware on a moto phone, I've witnessed people hard bricking their devices flashing bootloaders, downgrading from a updated bootloader is playing with fire in my past experience.
Sent from my XT1635-02 using XDA-Developers Legacy app
flashallthetime said:
From my past moto experience always avoid flashing bootloaders & modems, system files can be flashed without any issues in most circumstances. The only change would be if there's a major update that requires bootloaders and modem images.
As a rule, wait before flashing firmware on a moto phone, I've witnessed people hard bricking their devices flashing bootloaders, downgrading from a updated bootloader is playing with fire in my past experience.
Sent from my XT1635-02 using XDA-Developers Legacy app
Click to expand...
Click to collapse
I've flashed the entire room including the bootloader and modems more than a hundred times (no joke here) trying to fix my problem, only to realize I had lost my IMEI.
What make me think that I can still recover my lost IMEI is that on the fastboot if I write "mfastboot getvar imei" it's still there with the same number that came on the box.
rfameli said:
I've flashed the entire room including the bootloader and modems more than a hundred times (no joke here) trying to fix my problem, only to realize I had lost my IMEI.
What make me think that I can still recover my lost IMEI is that on the fastboot if I write "mfastboot getvar imei" it's still there with the same number that came on the box.
Click to expand...
Click to collapse
Obviously something went wrong, my past experience with flashing the full firmware package you are playing with fire.
Sent from my XT1635-02 using XDA-Developers Legacy app
Did you fix it?
IMEI 0
My phone also stucked at imei 0, wat to do is there any solution
Solution for IMEI 0 caused by broken efs partition is easy: Restore your backup of efs partition.
For the case not the efs partition is damaged but the reading process does not get the efs contents right, do a backup of current efs before any further action if there is any small chance the contents is not damaged.
If you don't have a backup of efs and it is still empty/broken after flashing a standard stock rom, you can contact Lenovo for help. May get expensive, they usually replace the mainboard. They should have the possibility to generate a new key for the efs partition, but my guess is that they are afraid doing so may harm security of that key. It probably is cheaper to replace the mainboard than buying a new device, but not by much. You may consider using the device with IMEI 0 as mediaplayer/small tablet without mobile functionality, and buy a new one.
Are you aware of any change you did to the efs partition?
My imei is 0 but still i can connect to mobile data. Hmmm i dont know what is happening here
Same problem here!
Any solution?
I think without the EFS Backup the only way to restore is send to authorized assitance to change the mother board. Sorry for bad news
I have been doing some research lately and discovered some interesting things that may help you in a way or another, the imei value state is written at efs partition, value which can be located from RV_NV_Manager tool (this one is part from QPST suite from Qualcomm), since this tool is known for having the IMEI changing property, i can't post the link, but Google maybe is a good place to start looking for it.
Here are the steps you can do to recover your imei:
-Write down your imei.
-Start some computer with internet, using windows.
-Find, download and install QPST and Qualcomm HS-USB Drivers.
-Once installed, you must turn off your phone and restart it in the bootloader
-Select QCOM tab and select, then wait until it boots completely, then plug your phone at your computer, some drivers must be starting to install, let it finish (it isn't necessary to reboot after this).
-Open QPST Configuration and go to Ports > Add new port...
-Open Device Manager and look for Qualcomm COM ports connected, then in QPST Ports screen write the COMXX in both fields and close, you should see a connected unknown phone and some ? At some fields, that's just normal.
-Open RV_NV_Manager without closing QPST Configuration, some downloading bar should appear with a screen, just let it finish, and then head down to line number 5xx, it says some IMEI_NV or something like that, if you press 9 text fields in boxes should appear at right hand, select hex values at some checkbox there.
-Look to where you written the imei and now it's the tricky part:
Your imei looks like 874356324678338 (just an example), then you must split them by pairs in this way:
x8 | 74 | 35 | 63 | 24 | 67 | 83 | 38 (since imei has 15 numbers, the first one will go alone with an unknown value)
Then just switch numbers by pairs:
8x | 47 | 53 | 36 | 42 | 76 | 38 | 83
Then start filling the boxes in this way:
1st.- 8 (always)
Then put the numbers in pairs in order and replace the 'x' with an 'a':
2nd.- 8a
3rd.- 47
4th.- 53
And so on...
I hope this can help you, let me know if you recover your imei.
xaskasdf said:
I have been doing some research lately and discovered some interesting things that may help you in a way or another, the imei value state is written at efs partition, value which can be located from RV_NV_Manager tool (this one is part from QPST suite from Qualcomm), since this tool is known for having the IMEI changing property, i can't post the link, but Google maybe is a good place to start looking for it.
Here are the steps you can do to recover your imei:
-Write down your imei.
-Start some computer with internet, using windows.
-Find, download and install QPST and Qualcomm HS-USB Drivers.
-Once installed, you must turn off your phone and restart it in the bootloader
-Select QCOM tab and select, then wait until it boots completely, then plug your phone at your computer, some drivers must be starting to install, let it finish (it isn't necessary to reboot after this).
-Open QPST Configuration and go to Ports > Add new port...
-Open Device Manager and look for Qualcomm COM ports connected, then in QPST Ports screen write the COMXX in both fields and close, you should see a connected unknown phone and some ? At some fields, that's just normal.
-Open RV_NV_Manager without closing QPST Configuration, some downloading bar should appear with a screen, just let it finish, and then head down to line number 5xx, it says some IMEI_NV or something like that, if you press 9 text fields in boxes should appear at right hand, select hex values at some checkbox there.
-Look to where you written the imei and now it's the tricky part:
Your imei looks like 874356324678338 (just an example), then you must split them by pairs in this way:
x8 | 74 | 35 | 63 | 24 | 67 | 83 | 38 (since imei has 15 numbers, the first one will go alone with an unknown value)
Then just switch numbers by pairs:
8x | 47 | 53 | 36 | 42 | 76 | 38 | 83
Then start filling the boxes in this way:
1st.- 8 (always)
Then put the numbers in pairs in order and replace the 'x' with an 'a':
2nd.- 8a
3rd.- 47
4th.- 53
And so on...
I hope this can help you, let me know if you recover your imei.
Click to expand...
Click to collapse
I have only RF NV [Items only] and COM3 and COM 5 is connected. I select port 5 and read all items but I can't find NV_IMEI only under "read supported RF NV Items" at Number 550 is a NV_UE_IMEI_I ... but is this the right?
Have Moto Z
Related
I hope someone can help me. I tried almost everything. My wave just won't boot normally. It all started when I tried to downgrade from Bada 2.0 (S8500XPKH3) to 1.2 (S8500XXJL2) and got a security port error while flashing (used Multiloader 5.65). My wave wouldn't boot up so I got someone to repair it with JTAG. Good thing it was revived. It can now go to download mode, however, i tried flashing almost all firmware versions (Bada 1.0, 1.2, 2.0) in different regions from samfirmware but to no avail.
I browsed through the forums hoping I can get an answer but I didn't see any similar case. I'm sure I'm doing the flashing right 'coz I get "All files complete." when flashing is done. Only that, every firmware that I try, it just stays in the logo screen when it starts up.
I'm looking forward for any response.
Best regards.
I guessed you have done all well. But still try this process:
1. Download a fresh, full and original firmware for your region from samMobile.com
(The firmware version does not matter, but it has to be full and for your region).
2. Make sure your battery is fully charged
3. Remove SIM and memory card from phone.
4. Ensure that all kies drivers are successfully installed.
5. Use multiLoader v5.65
6. Cross-check that your USB plug is not damaged (if possible use another one)
7. When flashing, make sure you tick the FULL DOWNLOAD option in multiLoader.
Try the above and report back. Best of luck.
yeah you should tick boot change and full download for a complete fresh installation
Good thing it was revived
Click to expand...
Click to collapse
Depend on how it was repaired via JTAG...
Maybe NV items are overwritten... this could be bad.
It is not the best idea to use Fullflash from others...
I have RIFF Box experiences...
Best Regards
P.S.:
Try to flash some Rsrc2_S8500(Mid).rc2
Maybe Bluescreen tell you what is missing...
adfree said:
Depend on how it was repaired via JTAG...
Maybe NV items are overwritten... this could be bad.
It is not the best idea to use Fullflash from others...
I have RIFF Box experiences...
Best Regards
P.S.:
Try to flash some Rsrc2_S8500(Mid).rc2
Maybe Bluescreen tell you what is missing...
Click to expand...
Click to collapse
Thanks for the tips guys. I tried the routine checking. I've also tried different a different pc. Same thing.
I'm more inclined to this adfree. NV items might be corrupted. I just know the basics of flashing.I tried several Rsrc2_s8500 (Mid) and yes I got a blue screen with details. I don't know how to interpret it myself but I remember there was IMEI not active. Will post the details later. Hope you or someone can share your thoughts.
Best regards.
I tried S8500XPKH3 again with Rsrc2_S8500(Mid).rc2 and I got this from Multiloader 5.65:
Download Start Ch[0]
BootLoader 1703.9KB OK[0.7s]
Dbl 281.5KB OK[0.8s]
Wait reset !!
Amss 12740.3KB OK[5.0s]
Apps 26214.4KB OK[12.3s]
Rsrc1 37748.7KB OK[14.4s]
Rsrc2 2884.3KB OK[1.3s]
FFS 49217.5KB OK[111.8s]
CSC 36085.8KB OK[106.0s]
SHPAPP 203259.9KB OK[368.3s]
All files complete[638.0s]
Phone reboots and comes up with blue screen:
S/W version: S8500+XP+KH3
Modem: Q6270B-KPRBL-1.5.45t
SHP: VPP R5 2.1.1
Build Host: S1-AGENT08
Build At: 2011/08/16 20:56:16
Aoo Debug Level: 0
ASSERTION_ASSERT: 0 failed. (file SysSecureBoot.c, line 4193) BoAn4193
<Call stack information>
PC = 4000C8D3 OemDumpRegister
LR = 4000C8D7 OemDumpRegister
<Mocha Task Call stack>
_SysAssertReport
__SysSecBootReadNetLockInfoFromFile
ALL HW Information:
HW VERSION: S8500_rev07
IMEI VERSION: Not Active
RF CAL DATE: Not Active
Bad Block Information:
nNumBMPs: 0
nAge: 0
Run Time Bad Block Occurred:
Init BMPs - 2, Current BMPs = 0
Nucleus Task Information:
Running Task name - Mocha Slices = 0000001E Wait = 00000000
Signal = 00000000 Priority = 0
I've been working on this for a week now but no matter what firmware I flash, i can't get my wave to boot normally
Try qualcomm tools to activate imei
ask Adfree or use google to find the qualcomm tools program and then make your imei active using your pc.
what region was your 8500 originally?
remember that different region firmware use different boot files.
Try to use the boot files that was on your wave originally.
For some reason, it's showing "IMEI not active" when I get the blue screen after flashing with Rsrc2_S8500(Mid).rc2.
I read adfree's qualcomm tools guide and it was more on editing the product code. And, i can't access the configuration mode/hidden menu since I can't boot the phone normally.
IMEI is NV item 550 and ...
But it is secured by...
I have never tried on S8500...
Lost IMEI is enough evidence, that NV items are corrupt/missing/damaged...
I'll try to analyze your Error message...
.. will report later.
Best Regards
Edit 1...
SysSecureBoot
SysSecBootReadNetLockInfoFromFile
Click to expand...
Click to collapse
Maybe also Netlock? So maybe without IMEI Security check failes...
I think the guy who tried to resurrect my phone was using JTAG Medusa. Is there any possibility something went wrong during the process? I was just happy that the phone can go on download mode but didn't expect that whichever firmware I try, phone is just stuck on logo.
With regard to the IMEI, should i recover it, will it have a good chance to fix the problem? Can i use qualcomm tools even if the phone can only run on download mode?
if use medusa make this erase full flash after that write full from support stop writ flash in 6% in flash procedure after this flash full flash all files with boot after this pach wit z3x pachv2.Repair imei and al by ok
tested with s8500 whoo come in donload mode with 3 butons vol - lock and power
in first when try flash bada 1.0 soft after ffs write in screen see missing fota 2.0 please instal instal bada 1.2 after this
@OP:
Your SysSec data, which is closely related to NvData, has been damaged, probably by JTAG ovewrite. These data are encrypted by device-unique key.
It is possible to repair it without JTAG, through modified FOTA. But I don't think I'm the one to try this. Last time I played with that data I damaged my BL3. :\
Thanks for those who provided their insights. I kind of gave up last week and had to bring my phone to the service center. Fortunately or not, the tech had to replace the motherboard which cost around 170 USD including the "repair fee". My phone's back with a new motherboard and ready for some risky flashing again. Hehe.
Anyway, thanks again guys. Good day to y'all!
full erase flash only 6% from full after thath full flash with orginal flasher now read wit rj45 cable with z3x nvm from phone in 550 string see if imei is 359321654 need write 8a31391256 and write in phone now imei ok or select in z3x i 5500 put orginal imei and sn repair all come good and working
after all ok read full again from phone search s8500 and see you detail if need edit as your orginal string
ЄЇ~GT-S8500............їµ±№....................................TMU.....2010-06-01....АМАз±Х..................S8500BOJE7_TMOJE7...564C......9750......86210000114318......KAC007021M(S8500)...-
During my plays with RIFF JTAG and few stupid experiments with full erase I'm now facing same problem...
Strange, but this happens with my own JTAG dump...
Will see how long I need to repair this...
Best Regards
It seems no good idea to be. To erase whole NAND via JTAG...
Anyway... long time and luck... I was able to bypass Boot Cycle and then to Restore NV items via QPST...
Maybe 1 part of solution is, to use Firmware BOJE7 with Bootloader XXJEE...
Then maybe your handset start...
Now you can access menu to change to Qualcomm Diag Port for restoring NV items...
Best Regards
I have the Tmobile Galaxy Note 2 SGH-T889 ( stock rom and rooted ) My original phone has water damage and not working, I bought a main-board on ebay but the IMEI got blacklisted and I didn't know until I replaced the board.
I want to replace the IMEI from the water damage phone into my repaired phone.
I made a backup the file or NV data using the software " NV-items_reader_writer tool " program
I edit the IMEI number in the line 00550 in the backup that I got from the "NV reader/writer tool"
Than I write back my NV data with the new IMEI number back on the phone using ( EFS/QSP/Nv-items_reader_writer), the program says the writing was successful, but the IMEI doesn't change after I reboot the phone...
Why this is happening ? Is there another secret EFS folder in the phone that keeps writing back the old IMEI into the board..
Is there another safe EFS folder located were the phone keeps geting information to rewrite the old number back in the phone..
Or there is something missing that I don't know ,.. why the "NV-items_reader_writer tool" can not save the new NV data in the phone.
Could you help me, please? The old phone cost me about 600$ and I drooped in the rain water , than I bought a new board that cost me over 100$ .. and now Im stock with a pice of junk .. Please help me...
Best regards,
Cesar
=======
Those are the steps I made during the attempt of fixing the IMEI :
1= Download NV-Items_Reader_Writer_Tool.zip and extract the zip PC
2= Installed SAMSUNG DRIVERS on your computer.
3= Enable USB DEBUGGING on your phone.
4=Dial *#7284# on your phone’s dialer.
5= Select Qualcomm USB Settings and then check RNDIS + DM + MODEM and press OK button. (( Im supposed to check RMNET + DM+ MODEM, but I dont have that option in my model of phone))
6=Now connect your phone to computer using USB cable and then launch NV-items_reader_writer.exe as administrator.
7= Save a backup of the file in my PC and open it with NotePad text editor.
8=Go to the line 00550 and edit the IMEI number and replace with the good number from the water damage phone.
9=Separate your IMEI number into blocks of two digits, leaving the first digit alone. Suppose your phone’s IMEI is35516705558781901, separate it like this: 3 55 16 70 55 58 78 19 01
Now add “A” after the first digit, and reverse the sequence of the two numbers in each block of 2 digits. Add 08 in the beginning of the IMEI. Here is an example: 08 3A 55 61 07 55 85 87 91 10
Having done this, replace the first nine values in the NV block with the converted IMEI.
Click on Write button on the NV-items_reader_writer tool.
When it’s done, Im supposed to disconnect device and reboot it.
My new phone’s IMEI should be there. BUT IS NOT.. It keeps showing the old IMEI number that I dont need.. !!
Please Help Me..
So I hope this thread isn't too useless. I've been researching how to restore my imei after losing 4g signal when my phone randomly (just sitting there on the desk, not touching it), decided to get stuck in a reboot loop.
Here's my specs:
Network: AT&T
ROM: CyanogenMod 11-20141112-SNAPSHOT-M12-d2lte
Modem: UCUEMJB
Recovery: ClockworkMod 6.0.4.3
Device Model: SAMSUNG-SGH-I747
Product Code: Not Active
PDA Version:
Baseband Version: I747UCUEMJB
CSC Version:
Kernel Release: 3.4.104-cyanogenmod-g9f57632
Kernel Version: #1 SMP PREEMPT Tue Nov 11 22:15:56 PST 2014
ROM Build: d2uc-user 4.3 JSS15J I747UCUEMJB release-keys
Android Version: 4.4.4
BusyBox Version: 1.22.1
SU Binary Version: 2.40:SUPERSU
So here's what I've learned. My IMEI was lost due to a weird Samsung backup procedure that backed up my /efs folder with essentially a blank copy of important information. I have my IMEI, but writing it to the phone is very difficult. From this tutorial I learned to download QPST, and somewhere else I heard about EFS Professional.
So I tried to use EFS Professional first, and have been able to connect my phone (Had to install adb first via the official android sdk). I was able to make a backup of my efs folder. I was also able to change the usb settings to DIAG + MODEM + ADB. Then I launched the Qualcomm NV Tools. From there, by unchecking "Send SPC" and "Read Phone" I was able to connect to the phone, but any other button I pressed didn't accomplish anything except disconnecting the phone again.
This is when I turned to QPST. I knew from EFS Professional which COM port my phone was using each time, and I added the COM ports to the QPST Configuration program for listening. But my phone was never listed as available in the ports tab, nor was it listed in my device manager under COM ports. I tried using the RF NV Item Manager anyway, entering in my IMEI "backwards" with an 8 in the first line and an "a" after the first real number in my IMEI, but my phone was never really connected, so of course nothing happened.
I learned this was probably because I have no IOTHiddenMenu / Qualcomm USB Settings Menu / whatever you want to call it with USSD codes, because I'm using an AOSP ROM (Cyanogenmod). This thread and this thread were useless in enabling DIAG mode, because of broken links and scripts that no longer work on newer versions of CM.
My next plan is to change ROMs to a TouchWiz ROM, but I haven't found a good one yet, especially considering I've upgraded my bootloader and I know that if I flash a ROM with a downgraded bootloader, I'll definitely brick my phone. So is there a ROM I can use with an upgraded bootloader that won't brick my phone and will allow me to enter DIAG mode so that I can connect to QPST via a COM Port, use the RF NV Item Manager, and put in my old IMEI? Or am I just going about this all wrong?
You do have to be on a TW ROM with a stock dialer for ussd codes to work. Based on everything you posted you should be on the mjb boot loader, but confirm that first. Enter this into a terminal or adb shell:
Code:
getprop ro.bootloader
If you are on an mjb bootloader, then this ROM should work for you http://forum.xda-developers.com/showpost.php?p=47816011&postcount=18. It's a rooted deknoxed at&t stock mjb.
Good luck.
---------- Post added at 12:04 PM ---------- Previous post was at 11:57 AM ----------
You probably already discovered this in your research, but just in case. When you get your imei problem solved, before flashing something other than a TW ROM, enter this in a terminal or adb shell:
Code:
su
reboot nvbackup
That will fix Samsung's whoops and give you a working efs backup partition instead of a blank one.
Thanks! I'll try this and get back.
alexalexalex09 said:
Thanks! I'll try this and get back.
Click to expand...
Click to collapse
You were right about the bootloader - when I looked up the ro.bootloader property, it spit back what I thought was my modem identifier, I747UCUEMJB - so yes, MJB. I'll get a chance to flash the new ROM tomorrow or the next day and see how it goes.
So, two steps forward and three steps back. I did install the new ROM. Initially, it appeared to work, because I was able to dial *#7284# to access the service mode menu and change UART to MODEM, and then dial *#0808# to access the USB Settings menu and change that to RMNET+DM+MODEM. After that, the phone showed up under COM5 in the Device Manager. I opened up QPST Configuration and added COM5 (labelled it "COM5") under ports. However, the phone never showed up (Phone column read "No Phone").
I then tried EFS Professional, but it was unable to detect the phone. I opened up the command line and tried an adb shell, but it didn't connect. Of course, the phone was in RMNET+DM+MODEM mode, not and ADB mode. I then went back into USB settings, changed it to DM+MODEM+ADB, and reconnected the phone. The phone wasn't detected by the computer, and hasn't been since.
I've restarted the phone and the computer multiple times (Windows 7 32 bit), uninstalled the phone drivers, reinstalled them in two different versions, uninstalled and reinstalled QPST (removing the relevant registry entries in between installs), and went through a number of combinations of settings on the phone. I tried with UART set to MODEM and PDA, with USB settings set to DM+MODEM+ADB, RMNET+DM+MODEM, MTP, and MTP+ADB. I made sure superuser was installed correctly and that developer mode was enabled. I still have not gotten the phone to charge in that USB port or show up in Device Manager in any way, even though the USB port on the computer still functions (can access flash drives from it). I plan to do some more googling and troubleshooting about this, but I haven't had the time to yet. On Wednesday I'll hopefully have a minute to try using my work laptop to access the phone. I think once I get the phone to be recognized via USB again I'll be able to have QPST Configuration recognize it, then I'll be able to use that RF NV Item Manager to enter in the new IMEI.
Also, in potentially unrelated news, my install of Titanium Backup is unable to recognize any apps I backed up, even ones that have been previously restored. It sees them in the backup folder (backup folder location says this folder contains 52 backups), but no apps wee listed in the backup/restore tab. Maybe this has something to do with the mount namespace separation setting in SuperSU? I'll test that later.
Some newer ROMs will install but not give you cell service without the newest bootloader and modem.
Try flashing the last release of CM11. I would not touch the bootloader, modem, or EFS folder until you try an older ROM.
audit13 said:
Some newer ROMs will install but not give you cell service without the newest bootloader and modem.
Try flashing the last release of CM11. I would not touch the bootloader, modem, or EFS folder until you try an older ROM.
Click to expand...
Click to collapse
Thanks for chiming in, but I don't understand how this applies. I was on CM11 when my IMEI was removed. When you lose your IMEI, the main symptom is that you can't connect to 4g anymore, and you're stuck on EDGE, which is what happened in my case. I can in fact make calls and send texts, and even load web pages without wifi. It's just slow and prone to call dropping.
As for your advice to install an older ROM, I just flashed a stock ROM, the one linked above. It didn't cause my current lack of USB connection, because I had a USB connection for a while until I changed the UART and USB settings.
I definitely will not touch the bootloader - I've been warned about the dangers of downgrading from an MJB bootloader. I'm not sure what you mean by not touching the modem, but I'm going to assume it's as scary/difficult as the bootloader, so I'll be sure to stay away from changing that too.
As far as not touching the EFS folder, as far as I see it, that's my only way out of this hole, because my end goal is to replace the IMEI that I randomly lost last week, and that's part of the EFS folder in some way that hasn't been explained to me (although I know it has to do with NV settings, maybe some file called nvdata.bin that I've never found, or the /EFS/IMEI folder?). So I think I have to ignore that bit of advice, unless you can give me a good reason to change my goal in all this.
alexalexalex09 said:
As far as not touching the EFS folder, as far as I see it, that's my only way out of this hole, because my end goal is to replace the IMEI that I randomly lost last week, and that's part of the EFS folder in some way that hasn't been explained to me (although I know it has to do with NV settings, maybe some file called nvdata.bin that I've never found, or the /EFS/IMEI folder?). So I think I have to ignore that bit of advice, unless you can give me a good reason to change my goal in all this.
Click to expand...
Click to collapse
I should note that I took a look at my EFS folder while writing this last post, and it's completely empty now. So that's fun.
I suggested flashing back to an older ROM because you made some changes since your original post.
I suggested not touching the bootloader, modem, and EFS because flashing an incompatible bootloader/modem combination can hard brick the phone.
Since your bootloader and modem match, I'm out of suggestions other than perhaps visiting a repair shop to have it fixed.
audit13 said:
I suggested flashing back to an older ROM because you made some changes since your original post.
I suggested not touching the bootloader, modem, and EFS because flashing an incompatible bootloader/modem combination can hard brick the phone.
Since your bootloader and modem match, I'm out of suggestions other than perhaps visiting a repair shop to have it fixed.
Click to expand...
Click to collapse
Thanks for the clarifications. I did visit a shop to see if they could fix it, and all I got were blank stares and people who don't want to deal with IMEI repairs. So back to my own attempts! I realized a couple days ago that my problem in connecting to the computer is that I've developed a crack on my phone's USB port. Also, I think my home desktop's messed up. So with a nice, sturdy cable I installed all the necessary program on my work laptop (Samsung Drivers, ADB, ES Professional, and QPST just for fun). I tried ES Professional first and by using the Qualcomm NV tools I was able to restore my IMEI! I rebooted the phone and now by dialing *#06# I see my IMEI followed by "/ 17".
So now onto the next problem: Still no 4g signal. Under Connections > More Networks > Mobile Networks, there are some errors. I only have one APN, named "ATT Phone" with an APN of "phone" and an MMSC of mmsc.mobile.att.net, and under network operator it simply says "Default Setup". Some research later, I realized this is a common problem, and I guess it has to do with my NV Data being messed up. Obviously, item 550 (0x226) is correct, which I was able to verify using a program called NV-items-reader-writer, but something else is screwed up. Peoplearmy has released a tool that can restore a backup up QCN file, which of course I don't have, so I'm in the process of seeking help from a generous soul who has an app that might help me. Apparently I could also use someone else's NV Items backup, replacing their IMEI with my own. But, I don't have one, so I'm stuck waiting on someone to be nice to me
I did try the method posted here: http://forum.xda-developers.com/showthread.php?t=1808408&page=16
But it didn't work. This thread and this thread and this thread were helpful to me for research.
alexalexalex09 said:
Thanks for the clarifications. I did visit a shop to see if they could fix it, and all I got were blank stares and people who don't want to deal with IMEI repairs. So back to my own attempts! I realized a couple days ago that my problem in connecting to the computer is that I've developed a crack on my phone's USB port. Also, I think my home desktop's messed up. So with a nice, sturdy cable I installed all the necessary program on my work laptop (Samsung Drivers, ADB, ES Professional, and QPST just for fun). I tried ES Professional first and by using the Qualcomm NV tools I was able to restore my IMEI! I rebooted the phone and now by dialing *#06# I see my IMEI followed by "/ 17".
So now onto the next problem: Still no 4g signal. Under Connections > More Networks > Mobile Networks, there are some errors. I only have one APN, named "ATT Phone" with an APN of "phone" and an MMSC of mmsc.mobile.att.net, and under network operator it simply says "Default Setup". Some research later, I realized this is a common problem, and I guess it has to do with my NV Data being messed up. Obviously, item 550 (0x226) is correct, which I was able to verify using a program called NV-items-reader-writer, but something else is screwed up. Peoplearmy has released a tool that can restore a backup up QCN file, which of course I don't have, so I'm in the process of seeking help from a generous soul who has an app that might help me. Apparently I could also use someone else's NV Items backup, replacing their IMEI with my own. But, I don't have one, so I'm stuck waiting on someone to be nice to me
I did try the method posted here: http://forum.xda-developers.com/showthread.php?t=1808408&page=16
But it didn't work. This thread and this thread and this thread were helpful to me for research.
Click to expand...
Click to collapse
I got it! Problem solved!!
So what I realized after going back over those research threads quickly was that I was using Peoplearmy's QCN generator incorrectly. Here's how I fixed it.
1. Opened QPST, followed directions here to connect my phone and start up QPST Software Download.
2. Having already injected my IMEI, I used the backup tab to make a backup.
3. I opened Peoplearmy's SG3QCNGenerator and imported the QCN file that QPST just created. I left "inject IMEI" unchecked, since I already had my original IMEI. I clicked Save As to set the directory and name of the new file, and clicked the Verify IMEI button that appeared to verify that it was correct.
This was the step I had missed - because I never had a valid QCN file to import, I never was able to create a new QCN file. My error in thinking was that, since my current QCN file was obviously messed up, I couldn't use it to make a new QCN file, but that's the whole point of this software.
4. Once I had the new QCN file, I went back to QPST's Software Download program and used the Restore tab. The QCN file generated by Peoplearmy's tool didn't match my model number, but I approved it anyway. It restored the QCN file correctly, but it had an error when it tried to reset the phone.
5. I rebooted the phone manually, and I now have 4G signal!
So, to summarize the difficulties I had:
1. I didn't make an nvbackup before I flashed CM a year ago, and it didn't hurt me until now.
2. I lost my IMEI and couldn't restore it because 1) I was on CM, which stopped me from putting my phone in DM + MODEM + ADB mode and 2) The computer/cable I was using to work on my phone, for whatever reason, were being stupid.
3. I didn't understand that in order to fix my phone I needed to restore my IMEI and repair my nv items (.qcn file)
4. I didn't realize that I could use Peoplearmy's tool to take a messed up nv items qcn file, fix it, and restore it to my phone.
All the tools I ended up needing: Samsung Drivers, ADB, ES Professional, QPST, and Peoplearmy's SG3 Data Restorer. Hope this helps someone else out there.
:good: thanks for posting fix.
"all i can really do , is stay out of my own way and let the will of heaven be done"
Great job. Thanks for posting your solution back here so others can find it.
Is there any possibility to change imei on Redmi Note 8 Pro. I already've rooted and twrp'd it.
Surely there's a way, but should you actually do it? Of course not.
Why not? There are good reasons to do it!
zardoz77 said:
Is there any possibility to change imei on Redmi Note 8 Pro. I already've rooted and twrp'd it.
Click to expand...
Click to collapse
Yes, you can and it's very easy.
This tutorial shows how to change the IMEI with and without root: naijaknowhow.net/how-to-change-imei-of-all-mtk-android-devices/
Since it's MTK sure there is a lot of ways to do it but are you sure?
Changing IMEI is illegal in most countries / will break your ability to call, sending / receiving SMSs.
Except if yours was null/invalid (multiple zeros) and you want to change it back.
@saurik
Doesn't work, very old tools, not that easy like you guys write.
zardoz77 said:
@saurik
Doesn't work, very old tools, not that easy like you guys write.
Click to expand...
Click to collapse
Have you tried maui meta?
Version 10.1816.0.1 just says boot, phone turned off, nothing happens anymore. I boot manually nothing happens in the tool
1920 the same and I got connection with the Redmi via W10, I can for example upload files onto Redmi
This is the right tool. I just rewrote my IMEIs with it. Make sure you have device drivers installed or it will fail to connect.
Palcorix said:
Have you tried maui meta?
Click to expand...
Click to collapse
zardoz77 said:
Version 10.1816.0.1 just says boot, phone turned off, nothing happens anymore. I boot manually nothing happens in the tool
1920 the same and I got connection with the Redmi via W10, I can for example upload files onto Redmi
Click to expand...
Click to collapse
Did it boot to meta mode?
Have you followed instructions? It is nearly the same in every video for IMEI changing.
On the Redmi Note 8 Pro, If you ever lose your IMEI and have a full TWRP backup, restore the following partitions:
- nvcfg
- nvdata
- nvram
- persist
- protect_f
- protect_s
Most notable protect_f and protect_s. This apparently contains modem files. Restoring the others fixed an issue where it didn't ask for MIUI account login after factory reset.
m1906g7g this is my device, maybe I need other drivers? I tried so many. For example "mt67xx USB Vcom" and others.
Doesnt work, of course with Win10 I had to disable "check driver signature". I disabled, that is ok now, but still, which drivers do I need? I use Modem Meta 1920 and it always stands on "Boot..."
CANNOT FIND THE PRELOADER/BROM COM PORT to boot ...pls check USB Driver Version...
When I put preloader USB Driver in Device-Manager, then it says error 10
zardoz77 said:
m1906g7g this is my device, maybe I need other drivers? I tried so many. For example "mt67xx USB Vcom" and others.
Doesnt work, of course with Win10 I had to disable "check driver signature". I disabled, that is ok now, but still, which drivers do I need? I use Modem Meta 1920 and it always stands on "Boot..."
CANNOT FIND THE PRELOADER/BROM COM PORT to boot ...pls check USB Driver Version...
When I put preloader USB Driver in Device-Manager, then it says error 10
Click to expand...
Click to collapse
VCOM MTK drivers i believe
Edit: this one https://androidmtk.com/download-mtk-usb-all-drivers
DUT IN META MODE! it goes to 19% at least....
XTM_Miracle Thunder 2.82, did something "done" but nothing happened, same IMEI
Just curious? What would be the benefit if any to changing your IMEI?
Not seeing a point to it. I had an old Lenovo K3 note an from time to time my IMEI would dissapear an I had a devil of a time getting SMS or calling to work when it did.
Luckily some kid on YouTube invented a software that replaced the default IMEI. An only then the cell worked.
So if removing it causes that many issues then why change it?
hello
yes there is a way.
first of all you have box like UMT Pro.
then you can. its complicated but you can
and you have to flash ENG firameware.
zardoz77 said:
Is there any possibility to change imei on Redmi Note 8 Pro. I already've rooted and twrp'd it.
Click to expand...
Click to collapse
Did you mess up the imei files or is it a blocked (reported stolen) phone? Discussing imei changing is not appreciated and most times even not allowed to discuss on XDA.
gee2012 said:
Did you mess up the imei files or is it a blocked (reported stolen) phone? Discussing imei changing is not appreciated and most times even not allowed to discuss on XDA.
Click to expand...
Click to collapse
in Türkiye goverment doesn't allow phones that brought from abroad. you have to pay lots of taxes. almost as much as phone price. thats why people trying to change imei.
I have Xiaomi Redmi Note 8 PRO GLOBAL bootloader unlocked, TWRP installed, Android 9 , MIUI 11, ADB and Fastboot see the phone and allow access, I need change IMEI, Modem META 10.1952 see the phone VCOM allow access to phone, IMEI data read from phone and Update parameter tool allow data read from phone and store. But when I have changed data serial and imei and write to phone back Modem META indicate upload compleate OK. But after reboot in phone when I turn it ON stay the original parameter phone not changed parameter.
what do you thinking about whay to change IMEI and Serial
I have a redmi note 8 pro, hacking * # * # 4636 # * # * for reasons it does not support the vodafone italia "volte". i disabled dsds now i no longer have access to sim 2 or imei of sim 2 has also disappeared and there is no way to restore it in the menu. can you help me? i have imei 2 written in the package. Thank you PS miui 12.04.0 eeu no root!
Hi there
I bought a Mi locked Xiaomi Redmi 8 pro from a legal source (can explain and proof via pm if you want,).
I was aware that its locked but I like the challenge
Till now I was able to flash official stock Rom with Sp Flash and also to format the partition with the Mi account authentication files. After that I am able to go through the setup but the moment I connect it to the internet, it will lock again, After you skip the w-lan connection setup the setup will somewhen give out something like "you did not set up a google account, so you have to do the setup again" - so no way so far to start without connecting to internet, no chance to get root access..
Tried this without any internet connection or sim card inserted.
Next thing I thought about was to install a custom Rom with Sp Flash, but could not find a Rom with scatter file yet. No clue if that would help either to avoid the Mi Account request.
I was also thinking to install TRWP to make flashing and so on a bit easier. Can't unlock bootloader, nor root the phone and I am pretty much a noob. Is it even possible (maybe with Bluestacks and Sp Flash ? Yet I wasn't even able to read out the IMEI ...
Would be happy for any help or even solutions. I'd be fine if it would run on somewhat working Linux or custom rom. Keen to try whats possible
Thanks in advance for youre help.
Thought to myself it might be possible to flash a Chinese Rom (without Gapps) and setup without internet connection just to get root access
M1k3.7 said:
Thought to myself it might be possible to flash a Chinese Rom (without Gapps) and setup without internet connection just to get root access
Click to expand...
Click to collapse
It appears I'm talking to myself here ;D
I managed to flash the Chinese stock ROM on the phone. Was same as flashing the global one. After the flash it started up but prompted the same screen where it says the device is Mi account locked. At least i guess it said the same as it was in Chinese
I have to do what i did before - format the partition with the Mi Account on the phone with Sp Flash.
Unfortunately for some reason Sp Flash doesn't want to work anymore. It gives out an error code which apparently says that the USB output power is too low, although i haven't connected the phone nor anything else via USB on the laptop... . Downloaded Sp Flash again, tried the scatter file from the global version, different download manager files and authentication files from different sources.
Every time i get the same error message within a couple seconds after i press "start" after i copy in the start partition and length of the authentication files . Did look up if its the same partition in the Chinese ROM scatter file and it is. Did also try to connect the phone within the time but doesn't work either.
Yeah, that's it for today. Surely a problem with Sp Flash or Windows or the hardware around and not with the phone. Might try it with the other Linux laptop I have but I'm not really good with Linux.
I'm on it and I think if i could just delete the Mi Account partition once more, I could root the phone and install TWRP bootloader to make it a bit easier.
Yeah !
I did use a different windows laptop. Installed Sp Flash, downloaded the Chinese Stock Rom again, libusb devel driver, Python, ...
It worked ! I was able to format the partition wit the Mi Authentication code and setup the phone. As the Chinese Version comes without Gapps (but with english language package) I was able to finish the setup.
Opened developer options, USB debugging mode on, Bootloader unlocked (that's what it says in the settings, buy it's not) ! Way to go
In fact I could install a VPN App via USB right know and trick the Mi Account verification. Could install Gapps (no, I tried and could not) and that's it if the phone is not Google locked as well.
But I will try to install TWRP and a custom ROM first as I don't like bloatware. Still got no answer if custom Rom's do come with Mi Account request
Any help would still be well appreciated
Hi again in my "only me" thread
Had no luck so far to unlock the bootloader. Did install a VPN via usb to use the imternet. Works fine.
Tried to install Google Apps Installer from the Chinese App Store. Hangs on 3% without message.
Right now I'm downloading an older Chinese Stock Rom and will try to downgrade the phone with it. Might help or not, who knows
Would be interesting if it's Google locked as well.
Anyway, I'm not giving up yet. If I'm not able to bring it further, I will use the phone like it is with drony anyway. Won't resell it.
I'll keep trying
M1k3.7 said:
Hi again in my "only me" thread
Had no luck so far to unlock the bootloader. Did install a VPN via usb to use the imternet. Works fine.
Tried to install Google Apps Installer from the Chinese App Store. Hangs on 3% without message.
Right know I'm downloading an older Chinese Stock Rom and will try to downgrade the phone with it. Might help or not, who knows
Would be interesting if it's Google locked as well.
Anyway, I'm not giving up yet. If I'm not able to bring it further, I will use the phone like it is with drony anyway. Won't resell it.
I'll keep trying
Click to expand...
Click to collapse
Update:
After downloading the older Stock Rom (from 2019) I chose the scatter file and connected the phone via bypass tool as usual. Sp Flash won't find the phone ...
Did install the phone with USB devel driver to another USB Port, bypass works --> SP Flash still won't find it.
It seems SP Flash saves Scatter (or ROM) files somehow linked to the driver. When I loaded the old scatter file, SP Flash could find the Phone again. That was probably the problem on the other Laptop too.
I do have a third laptop (kids in school and "bring you're own device ) but that's the Linux one. I also have a Windows PC ...
That would allow me to do the same procedure with two other Rom's, I guess
Don't really wanna try that as it's most likely one or two nasty rules in the windows registry. Again, I'd really appreciate help
That means I will try to solve the problem with what I have now. The working Phone with latest Chinese Stock Rom and Drony but without Gapps.
Will try to block the connection to Mi Cloud and updates on my wifi router.
This should allow me to install a gloabl Stock Rom again which comes with Google Apps. If the device is no Google locked, I could have at least a working phone with Drony always on
Success !
I was able to block the Mi Account checkups in the router and flash my phone back to the newest global Rom !
First i added Url Filters in my Router. I checked the blocked URL's in the Drony App on my Chinese Rom phone. My Router blocks the following Url's:
find.api.micloud.xiaomi.net
data.mistat.xiaomi.com
update.miui.com
i.mi.com
After that i tried to flash the latest Global Stock Rom from the official Xiaomi page and failed first. Got the same error message as i got when i wanted to flash the older Chinese Rom. I figured out that you have to deactivate "Tracing" in the Sp Flash Settings.
It would be probably enough to delete every saved folder in the log file path which is "C:\ProgramData\SP_FT_Logs". ProgramData is hidden, so i choose to try just deactivate tracing at all and it worked for me.
After the flash I had still a couple Chinese and other (Drony, Miracle, UC Browcer, ... ) apps with setings installed. Somehow it saved the Apps and Settings. Most of the Chinese apps where gone though and i was able to go through the Setup with giving it a Gmail account and so on. Google Apps working fine.
After couple minutes I got a message that an android app doesnt work. Couldn't stop it.
At this point I did a "random" factory reset --> with no sim card (mobile data) installed.
This deleted all settings and again, the setup worked just fine.
Right after the Setup i installed the Drony App again and blocked the necessary Apps. Use YouTube or Google to find the right Drony Settings. When Drony is running you can insert you're SIM card and use mobile data
Thats it so far. I have a phone with up to date Firmware but disabled firmware updates, can install practically every App from Google App Store and connect to the Internet with Drony App in between. Activated Developer Mode and USB Debugging (nor necessary).
In fact, with mobile Data off and connected to my home Wifi i could use the phone without VPN App (Drony}.
-------------+++++++++------------
What would I try if I would buy another phone like this ?
I'm just a random guy who bought a locked phone. If you try any of the following on your phone I do not take any responsibility !
1) block the URL's which you can find above
2) https://forum.xda-developers.com/t/...d-flash-in-edl-with-no-auth-for-free.4229679/
At point 9 it says: "Connect powered off phone with volume- button to boot in EDL mode"
You are probably not even able to power off youre phone and you DO NOT need to open your phone to disconnect the battery.
When the phone is on (your'e phone is locked screen or so), press and hold the power button and volume up button, until the phone shuts off. At this very second let the power button go and just keep the volume up button pressed and connect the USB C cable to your phone . That's it.
The libusb filter driver window should find the mtk device. Klick on it quickly and install. It should prompt driver successful installed. No problem if you're not fast enough. Just try again. Even if your device disappears from the list meanwhile - it is installed after this message.
Keep the buttons and the procedure in mind as you will need it later on when you do the bootloader bypass itself with the bypass.bat. Try it again and again till it says "driver installed" when it comes to the "how to install" message at #10 --- and the "protection disabled" at "how to bypass" #3 part.
------------------------------------------------------------
Furthermore you probably don't need to flash (Sp Flash -> download) your device at all. It might be enough if you choose the scatter file of your downloaded Rom , the mtk all in one Download agent and the auth_sv5.auth authentication file.
Then go to "Format" in Sp Flash Tool. Tick "manual format flash" and give begin address
0xe188000 and format length 0x4678000 . After this your phone will boot into setup mode.
DO NOT DO THIS IF YOU ARE NOT SURE YOU HAVE THE RIGHT PHONE, SCATTER FILE, STOCK ROM AND THE RIGHT FIRMWARE ON YOUR PHONE !
The phone is working fine so far. I still want to unlock the bootloader and finally install TWRP and a custom ROM.
Can't say when this will happen, as it's my daughter's phone now
I might also try to deactivate or manipulate the apps which took up the IMEI on the MI account servers. Given that I have developer settings and USB debugging activated I can practically delete or change every single file on the phone but the bootloader.
Maybe I can get rid of the Drony App this way.
It's fun to read your journal.
But unfortunately, unlocking bootloader needs to bind your phone to a mi account. And you have an account lock problem. I guess it won't happen until you solve that.
There is mi account unblocking service out there if you will to spare bucks, but I haven't tried any of it, and as promoting such service is against xda rule, I can't tell you any name here.
Personally, I will keep my hands away from something with account problem. My best experience is buying a bricked phones (redmi note 5 pro, redmi note 8 pro).
kekesed97 said:
It's fun to read your journal.
But unfortunately, unlocking bootloader needs to bind your phone to a mi account. And you have an account lock problem. I guess it won't happen until you solve that.
There is mi account unblocking service out there if you will to spare bucks, but I haven't tried any of it, and as promoting such service is against xda rule, I can't tell you any name here.
Personally, I will keep my hands away from something with account problem. My best experience is buying a bricked phones (redmi note 5 pro, redmi note 8 pro).
Click to expand...
Click to collapse
Thank you for you're reply.
When I bought the phone I actually wasn't aware that the bootloader could be locked. As I said I've not much of an idea and thought I could at least flash a custom ROM on that phone. I know nothing and knew even less a couple weeks ago
I'm aware that there are unlocking services you can pay for. Did not really look into that yet.
I have still a couple options. The guy I bought the phone from does know the name and email of the other guy who but in the mi Account in the first place. That guy is willing to remove the Mi lock if I'd bring the phone to him. He's rather far away though and a flight-ticket is not really worth it
The other option is to pay for it - as you said - but I doubt there is a store nearby me and I don't want to pay a random online based service from I-don't-know-where as the phone works fine like it is now and my daughter is happy.
Another option would probably be to buy another phone with broken screen (but not locked) or so or maybe just the motherboard. I'm not sure though if it's enough to exchange the motherboard or not
Or I could just leave it for now and wait if someone programs a working bootloader key generator or unlocking tool for the phone. That's maybe already out somewhere or it will be next week or in 5 years - who knows
If nothing works, it's fine too as long as it runs like it does now with the VPN.
M1k3.7 said:
Thank you for you're reply.
When I bought the phone I actually wasn't aware that the bootloader could be locked. As I said I've not much of an idea and thought I could at least flash a custom ROM on that phone. I know nothing and knew even less a couple weeks ago
I'm aware that there are unlocking services you can pay for. Did not really look into that yet.
I have still a couple options. The guy I bought the phone from does know the name and email of the other guy who but in the mi Account in the first place. That guy is willing to remove the Mi lock if I'd bring the phone to him. He's rather far away though and a flight-ticket is not really worth it
The other option is to pay for it - as you said - but I doubt there is a store nearby me and I don't want to pay a random online based service from I-don't-know-where as the phone works fine like it is now and my daughter is happy.
Another option would probably be to buy another phone with broken screen (but not locked) or so or maybe just the motherboard. I'm not sure though if it's enough to exchange the motherboard or not
Or I could just leave it for now and wait if someone programs a working bootloader key generator or unlocking tool for the phone. That's maybe already out somewhere or it will be next week or in 5 years - who knows
If nothing works, it's fine too as long as it runs like it does now with the VPN.
Click to expand...
Click to collapse
You can ask him to unregister your phone from his account. It's the best bet.
Wait, I will test it to my old redmi note 5.
Just tested with my redmi note 5 pro. Apparently you can unlock it if you have access to your mi account. I'm sure you don't have google frp lock there so I logged out from my google account before testing.
How did I do that?
1. I did a backup on /data partition using OrangeFox
2. I erased my google account and leaving mi account intact
3. I did a factory reset by le old 3 wipe (data, cache, dalvik-cache), leaving emulated storage intact
4. I rebooted my phone
5. Upon welcome screen, I connected to mobile data and welcomed by "Login to your MI account" screen. I connect to a wifi network here
6. I went to i.mi.com, and login to my account.
7. I clicked on "Find device", and deactivated find device there
8. I clicked on my profile logo -> Devices and storage
9. I clicked on my test device
10. I clicked on "Erase device" and agreed to the next dialog box
11. My device was removed from my account
12. I restarted my device and that annoying lockout screen is gone
13. I skipped everything on welcome screen and checked wether my files are intact or not. It is
14. Test finished. Now restoring my old data
Hello
The seccfg partition unlocks the device.
You must initially unlock the bootloader through the MiUnlock application, then recover (save) the seccfg partition (which contains the bootloader unlock information). But, it is easier to get rid of the requirement of the MiUnlock app.
1) Recover your "seccfg" partition:
* the phone in normal mode =
- We launch the command prompt and we write
adb shell
ls -al /dev/block/by-name
or
adb shell
ls -al /dev/block/platform/bootdevice/by-name
- Output (looking for "seccfg") =
lrwxrwxrwx 1 root root 16 2021-03-06 23:25 seccfg -> /dev/block/sdc13
- We get "seccfg" on the internal memory =
dd if =/dev/block/sdc13 of =/sdcard/Partition_seccfg
(I named "Partition_seccfg", but you give the name you want)
- You save "Partition_seccfg" on your PC
* We can recover the "seccfg" partition by SPFlashTool
- Edit your "MT6785_Android_scatter.txt" from a stock ROM (with Notepad or other)
- We are looking for "seccfg" =
partition_index: SYS14
partition_name: seccfg
file_name: NONE
is_download: false
type: NORMAL_ROM
linear_start_addr: 0x13800000
physical_start_addr: 0x13800000
partition_size: 0x800000
- We turn off the phone
- we switch to EDL mode with the python script "bypass_utility-v.1.4.2" (see on the web for installation and other information, among other things to unbrick the phone)
- we do a "readback of the" seccfg "partition with SPFlashTool using linear_start_addr: 0x13800000 and partition_size: 0x800000 (check the location on the PC, where the "seccfg" partition will be saved with the name you have chosen)
2) Modify your "seccfg" partition:
* We edit the "seccfg" partition with a hexadecimal editor (Notepad or other)
- Total size 000000000 to 007ffff0 (000000040 to 007ffff0 : zero bytes = 00)
- Address 000000000 to 00000003f, we find :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 02 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 3d aa 79 3b
0000020 to 000002f
eb b0 56 bd 53 48 d3 6e 7d 54 a0 41 0c 2d 1a 90
0000030 to 000003f
58 1a 9c 5f ab 90 cc 0f 5c 11 63 a2 00 00 00 00
(The bootloader is locked!)
- We modify with our hexadecimal editor (Address 000000000 to 000000030) :
0000000 to 000000f
4d 4d 4d 4d 04 00 00 00 3c 00 00 00 03 00 00 00
0000010 to 000001f
00 00 00 00 00 00 00 00 45 45 45 45 57 b3 59 5d
0000020 to 000002f
9e bc 3d 02 33 91 84 9a 42 59 54 8e 07 aa 0f 34
0000030 to 000003f
f1 bb 1e 47 ea 8e cf 76 fb de 79 7b 00 00 00 00
(The bootloader is unlocked!)
- We save our changes
3) Write your "seccfg" partition on the phone:
* We flash the "seccfg" partition
- fastboot flash seccfg "path on your PC"\"name of your saved seccfg partition" (E:\MyFolder\Partition_seccfg for example), in fastboot mode,
- SPFlashTool using EDL mode with the python script "bypass_utility-v.1.4.2 "and by flashing your rom by not checking that the partition "seccfg",
- in adb mode, with the opposite operation, after having copied your partion "seccfg" on the internal memory of the telephone (name "Partition_seccfg" that I gave and that you choose) :
adb shell dd if=/sdcard/Partition_seccfg of=/dev/block/sdc13
- We restart the phone and the bootloader is unlocked without intervention from Xiaomi or other!
4) Warning :
Once all this information is published, subsequent MIUI updates may destroy our efforts by scheduling the bootloader release in a more complicated way!
If I manage to re-enable telephony after changing the IMEIs and serial number of the phone, I will let you know. If anyone knows how to reactivate telephony after making these changes, let us know.
Hi. See you soon.