[dev][info] imei 0 - Moto G5 Plus Guides, News, & Discussion

[dev][info] imei 0 - Moto G5 Plus Guides, News, & Discussion

IMEI 0 after flashing stock firmware is due to modem not being able to recreate EFS (modemst1-2) since persist is compromised. Motorola has removed dedicated dhob & hob partitions (which used to store IMEI info in earlier moto g's) and moved them to persist. Pure persist backup is therefore NECESSARY before flashing anything. See here for persist backup instructions.
Note: persist is unique to device. Flashing someone else's persist will NOT restore your IMEI. Instead, it'll PERMANENTLY wipe dhob bin holding your IMEI.
Edit: Confirmed. Persist is unique to device. I restored my pure persist backup and got IMEI & VOLTE.
Please go through the entire thread carefully.
Edit: Problem is caused by incorrect user id for rfs. Can be fixed if you have your own persist. See here
hey,
As you all know, fastbooting stock 7.0 over custom 8.1 corrupts our QCN. However, if you first restore a twrp 7.0 system.img and boot.img, the problem doesn't occur.
Numerous guides exist on XDA but they are very bad hacky workarounds with no explanation given.
I'm making a non-hacky fix for imei0/volte/other baseband problems since it is unlikely that upcoming official 8.1 will fix the issue. Moto service center also doesn't know how to fix this.
To achieve this, I need some files from people with stock 7.0 (preferably indian variant) who satisfy the following criteria:
1. never flashed custom 8.1
or
2. successfully reverted to 7.0 from 8.1 without flashing any hacks from xda (i.e, restored twrp system/boot backup instead of fastbooting whole fw)
If everything goes through, I'll release a detailed guide for this.
I urge the volunteers to PM me asap. Note that root/unlock is not necessary for this.

wish i could help but my imei for the US variant is trashed, wish you the best of luck getting a correct fix for this because I think waiting on oreo is a bit optimistic. Thanks:good::good:

Totally stock locked bootloader, how can i help?

TL;DR: IMEI 0 is most likely a firmware bug. Our best hope is the upcoming oreo firmware.
Hey all,
After spending hours on the IMEI 0 problem, here are my findings:
1. IMEI is stored in nv 550 variable in QCN. However, this variable is write protected. This means all IMEI write programs such as QCOM Write IMEI tool will fail.
2. Interestingly, only IMEI 1 is stored in the nv. IMEI 2 is derived by performing some fixed hex arithmetic on IMEI 1.
3. IMEI also seems encrypted since the nv 550 in QCN never has a correct hex notation of IMEI. For example, Only half of the IMEI is correct.
4. Any attempt to restore the QCN backup of someone else will successfully write all nv variables except nv 550. Means you cannot rewrite your factory IMEI.
5. The above is true even if you hexedit the QCN with your own IMEI. NV 550 is write protected.
6. modemst1 and modemst2 are sort of some baseband cache which are created by radio/bootloader using fsg. fsg seems to be some sort of backup partition for modemst.
7. After downgrading and erasing modemst1-2, these modemst are not recreated successfully by the modem. The nv 550 variable goes missing.
8. My guess is that modem has some checksum mechanism wherein if any discrepancy is found, the modemst cache recreation fails. Not sure.
9. Our IMEI is most likely intact somewhere (not talking about fastboot IMEI). Just not interpreted properly.
10. People who restored their efs after IMEI 0 are essentially restoring working cached modemst1-2. However, if fastboot erase modemst is done, it'll likely result in IMEI 0 again because modem cannot recreate modemst correctly.

rachitrawat said:
TL;DR: IMEI 0 is most likely a firmware bug. Our best hope is the upcoming oreo firmware.
Hey all,
After spending hours on the IMEI 0 problem, here are my findings:
1. IMEI is stored in nv 550 variable in QCN. However, this variable is write protected. This means all IMEI write programs such as QCOM Write IMEI tool will fail.
2. Interestingly, only IMEI 1 is stored in the nv. IMEI 2 is derived by performing some fixed hex arithmetic on IMEI 1.
3. IMEI also seems encrypted since the nv 550 in QCN never has a correct hex notation of IMEI. For example, Only half of the IMEI is correct.
4. Any attempt to restore the QCN backup of someone else will successfully write all nv variables except nv 550. Means you cannot rewrite your factory IMEI.
5. The above is true even if you hexedit the QCN with your own IMEI. NV 550 is write protected.
6. modemst1 and modemst2 are sort of some baseband cache which are created by radio/bootloader using fsg. fsg seems to be some sort of backup partition for modemst.
7. After downgrading and erasing modemst1-2, these modemst are not recreated successfully by the modem. The nv 550 variable goes missing.
8. My guess is that modem has some checksum mechanism wherein if any discrepancy is found, the modemst cache recreation fails. Not sure.
9. Our IMEI is most likely intact somewhere (not talking about fastboot IMEI). Just not interpreted properly.
10. People who restored their efs after IMEI 0 are essentially restoring working cached modemst1-2. However, if fastboot erase modemst is done, it'll likely result in IMEI 0 again because modem cannot recreate modemst correctly.
Click to expand...
Click to collapse
Even though I'm sure it's not the news we all wanted to hear I still want to say thanks for spending the time to try and figure it out:good::good:
---------- Post added at 02:36 AM ---------- Previous post was at 02:31 AM ----------
Also I feel that you are correct about IMEI still being present somewhere just not being relayed correctly because if you select the barcode option in fastboot it will correctly display the imei number but once booted the imei is back to zero unless it's very possible the barcode images are just static images

Great work dev
Man you are doing an awesome work which is in need I have a motog5plus untouched stock (maybe some updates of stock) so i can obtain the required files needed for you to solve this
Just leave a reply @Sid_Karthik #telegram so that I can know how to obtain those files :good::good:

Some more update:
1. falcon had partitions dhob and hob which contained device specific information about the IMEI, ESN etc.
2. potter doesn't have these partitions. However, I've found some dhob & shob related binaries after mounting persist img.
3. persist acts as a bridge in properly interpreting device specific info like IMEI.
4. Most contents of persist including hob, shob are write protected.
4. Since modem updates nv items on the fly, you can get imei 0 after fiddling with persist.
5. A compromised persist can easily be detected by checksum mechanism.
6. Custom ROMs most likely fiddled with persist. After downgrade and erasing modemst1-2, the bridge broke and modem cannot initialize modemst1-2 properly. Thus, imei 0.

Yes i can confirm it .
I have a Moto g5 plus XT1686 which was on stock & is my daily driver. But as i completed one year with this device and lost my warranty I unlocked my bootloader flashed twrp recovery took a backup. Then installed an Oreo rom (android 8.1) . That rom had some serious volte issues. So i went back to stock through Twrp backup. As this is my daily driver i couldn't take any chances so i fastbooted flashed stock rom of January security patch & locked my bootloader. But during fastboot i didn't use earse modemst1, earse modemst2 commands. And every thing was fine, i didn't lost my imei or volte. Even i took March security patch & April security patch ota without any issues.
The only difference i saw in fastboot mode was when i fastbooted to stock (January security patch) my software status was unofficial. But with March security patch Ota it became official. But my baseband changed to 47e which was 47r on pure stock.

Abhineet m25 said:
Yes i can confirm it .
I have a Moto g5 plus XT1686 which was on stock & is my daily driver. But as i completed one year with this device and lost my warranty I unlocked my bootloader flashed twrp recovery took a backup. Then installed an Oreo rom (android 8.1) . That rom had some serious volte issues. So i went back to stock through Twrp backup. As this is my daily driver i couldn't take any chances so i fastbooted flashed stock rom of January security patch & locked my bootloader. But during fastboot i didn't use earse modemst1, earse modemst2 commands. And every thing was fine, i didn't lost my imei or volte. Even i took March security patch & April security patch ota without any issues.
The only difference i saw in fastboot mode was when i fastbooted to stock (January security patch) my software status was unofficial. But with March security patch Ota it became official. But my baseband changed to 47e which was 47r on pure stock.
Click to expand...
Click to collapse
So I guess that your stock backup had your IMEI and VoLTE intact. Interesting. If yours was an XT1687 I would ask if you could post that backup, sans account info and sensitive stuff.
Maybe a TWRP backup for every model of the phone could save everyone, as long as the backup was taken before flashing an 8.1 ROM.

Abhineet m25 said:
Yes i can confirm it .
I have a Moto g5 plus XT1686 which was on stock & is my daily driver. But as i completed one year with this device and lost my warranty I unlocked my bootloader flashed twrp recovery took a backup. Then installed an Oreo rom (android 8.1) . That rom had some serious volte issues. So i went back to stock through Twrp backup. As this is my daily driver i couldn't take any chances so i fastbooted flashed stock rom of January security patch & locked my bootloader. But during fastboot i didn't use earse modemst1, earse modemst2 commands. And every thing was fine, i didn't lost my imei or volte. Even i took March security patch & April security patch ota without any issues.
The only difference i saw in fastboot mode was when i fastbooted to stock (January security patch) my software status was unofficial. But with March security patch Ota it became official. But my baseband changed to 47e which was 47r on pure stock.
Click to expand...
Click to collapse
You saved yourself by not erasing working modemst cache.
However, if you erase it now, you'll likely get imei 0 since your persist is compromised by flashing custom ROM. Unless of course you took a pure persist dump before flashing anything.
My guess about the baseband letters:
R: persist ok, efs ok
e: persist not ok, efs ok
u: persist not ok, efs not ok
Jrhotrod said:
So I guess that your stock backup had your IMEI and VoLTE intact. Interesting. If yours was an XT1687 I would ask if you could post that backup, sans account info and sensitive stuff.
Maybe a TWRP backup for every model of the phone could save everyone, as long as the backup was taken before flashing an 8.1 ROM.
Click to expand...
Click to collapse
If you've erased your modemst and your persist is modified, his persist/efs backup won't restore your imei/volte. The modem has checksum mechanism to verify imei. So no cheating.

rachitrawat said:
You saved yourself by not erasing working modemst cache.
However, if you erase it now, you'll likely get imei 0 since your persist is compromised by flashing custom ROM. Unless of course you took a pure persist dump before flashing anything.
My guess about the baseband letters:
R: persist ok, efs ok
e: persist not ok, efs ok
u: persist not ok, efs not ok
If you've erased your modemst and your persist is modified, his persist/efs backup won't restore your imei/volte. The modem has checksum mechanism to verify imei. So no cheating.
Click to expand...
Click to collapse
Would it work for other ppl to use my presist image with them getting my imei...i have the single sim xt1687 abd have a backed up presist via twrp and also pulled the image via root and adb...was on stock January build when i backed.both up before flash aosp

Tech_Savvy said:
Would it work for other ppl to use my presist image with them getting my imei...i have the single sim xt1687 abd have a backed up presist via twrp and also pulled the image via root and adb...was on stock January build when i backed.both up before flash aosp
Click to expand...
Click to collapse
No. Persist is unique to each device.

I was on Lineage 15 when after trying to flash Magisk and DolbyAtmos my signal was gone. I have xt1686 which is dua sim and on both the sims there was no siggnal but the sims were detected. So i tried reflashing the Rom but it didnt help . I fasboot flashed stock with erase modem cmds and lost IMEI . Then I tried some work around ang got signal back on debloated ROM , but made a mistake by going back to stock again. Now I have tried every ROM but no signal in any. I had made a TWRP backup before installing 8.1 ROM so i have efs but even then I can only get my IMEI back but not the signal. Also when I try restoring the backup it says no OS , so there is something wrong with it.

Attention.
Before flashing anything, backup your unique persist and save it for your life.
How to backup::
1. Boot and not flash twrp
Code:
fastboot boot twrp.img
2. do
Code:
adb shell
dd if=/dev/block/mmcblk0p30 of=/sdcard/persist.img
When you revert to stock, restore persist.img:
Code:
adb shell
dd if=/sdcard/persist.img of=/dev/block/mmcblk0p30
Note: efs backup is not required at all.
Those who don't have their persist backup and have flashed custom are stuck with IMEI 0 forever. Including me.

rachitrawat said:
Attention.
Before flashing anything, backup your unique persist and save it for your life.
How to backup::
1. flash twrp
2. do
When you revert to stock, restore persist.img:
Note: efs backup is not required at all.
Those who don't have their persist backup and have flashed custom are stuck with IMEI 0 forever. Including me.
Click to expand...
Click to collapse
Forever ? Seriously bro? Nopes hopes even after Oreo?

Did some more digging.
1. IMEI is likely stored in /persist/rfs/msm/mpss/dhob.bin
You can't view this dir in root browser as it is locked. You need to mount it (linux in my case) and give admin permission.
dhob is encrypted by default. There is also a HMAC (keyed hash) to verify its integrity. So you can't use someone else's persist dump.
You can check your dhob log with this: (taken on LOS 15.1)
Code:
cat /data/vendor/tombstones/rfs/modem/dhob_report.txt
mot_d_hob_stg_ram.c, 547: initializing dynamic hob...
mot_d_hob_stg_ram.c, 570: Failed to read DHOB file, err = 3
mot_d_hob_stg_ram.c, 446: [COLOR="Red"]couldn't verify hmac[/COLOR]
mot_d_hob_stg_ram.c, 447: status = 2
mot_d_hob_stg_ram.c, 448: verified = 0
mot_d_hob_stg_ram.c, 618: dhob in trusted boot
mot_d_hob_crypto.c, 291: [COLOR="Red"]FATAL: decryption failed with st 20[/COLOR]
mot_d_hob_crypto.c, 292: in size = 16320
mot_d_hob_crypto.c, 293: dec size = 16320
mot_d_hob_stg_ram.c, 666: FATAL: blank dhob in trusted mode
mot_d_hob_stg_ram.c, 779: FATAL: dhob functionality blocked
mot_d_hob_stg_ram.c, 860: dHOB DB recover
mot_d_hob_stg_ram.c, 898: dHOB recover failed
mot_d_hob_stg_ram.c, 1250: comparing dynamic hob...
mot_d_hob_stg_ram.c, 1253: DHOB ops not allowed
mot_d_hob_stg_ram.c, 1081: refreshing dynamic hob...
mot_d_hob_stg_ram.c, 1085: dhob ops not allowed
2. To check hob's log (also related to imei):
Code:
cat /data/vendor/tombstones/rfs/modem/hob_report.txt
mot_s_hob_stg.c, 197: RFS read finished - in 1272 ms
mot_s_hob_stg.c, 326: ERR: Can't access HOB file, errno = 3
mot_s_hob_stg.c, 327: ERR: read -2025043604 bytes
mot_s_hob_amss.c, 825: s_hob_phase_check
mot_s_hob_amss.c, 590: ERR: HOB NV 540 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 1864 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 3691 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 5459 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 5461 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 5464 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 6683 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 6684 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 6735 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 6736 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 20309 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 20310 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 20825 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 20826 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 20883 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 20884 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 22982 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24226 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24228 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24230 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24233 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24250 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24252 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24255 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24256 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24964 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24965 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24966 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24967 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24972 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24973 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24974 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 24975 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 27779 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 27781 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 27783 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 27786 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 27812 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 28329 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 28333 inactive
mot_s_hob_amss.c, 590: ERR: HOB NV 28334 inactive
mot_s_hob_amss.c, 852: ERR: Found 41 NV items from HOB list that are not populated
Badshah deep said:
Forever ? Seriously bro? Nopes hopes even after Oreo?
Click to expand...
Click to collapse
Likely no if you have flashed someone else's persist.
Maybe yes if you have your own but flashed custom ROMs. Currently, modem fails to initialize efs even if you modify just 1 bit of persist because of hash check.

I flashed a Oreo ROM without doing backup, later I flashed stock ROM, and got IMEI 0. Now, after multiples trys I got my IMEI and signal back, with stock ROM (Deodexed zip).
Doing a backup of "persist" will help?

rachitrawat said:
Currently, modem fails to initialize efs even if you modify just 1 bit of persist because of hash check.
Click to expand...
Click to collapse
Ive noticed that twrp adds is configuration file ".twrps" in persist partition,that is ok?

caiquejd said:
I flashed a Oreo ROM without doing backup, later I flashed stock ROM, and got IMEI 0. Now, after multiples trys I got my IMEI and signal back, with stock ROM (Deodexed zip).
Doing a backup of "persist" will help?
Click to expand...
Click to collapse
Interesting. If you've intact persist, your device will not loose imei even after full fastboot factory flash.
attack11 said:
Ive noticed that twrp adds is configuration file ".twrps" in persist partition,that is ok?
Click to expand...
Click to collapse
Likely yes. But flashing custom ROM triggers hash mismatch for sure. When I took my persist backup (which I lost damn), I fastboot boot twrp and not flash. Before reverting to stock, I simply restored my persist. The baseband letter in stock changed to R from e and it'd detect imei even after fastboot erase modemsts.

rachitrawat said:
Interesting. If you've intact persist, your device will not loose imei even after full fastboot factory flash.
Likely yes. But flashing custom ROM triggers hash mismatch for sure. When I took my persist backup (which I lost damn), I fastboot boot twrp and not flash. Before reverting to stock, I simply restored my persist. The baseband letter in stock changed to R from e and it'd detect imei even after fastboot erase modemsts.
Click to expand...
Click to collapse
If I understand you correctly, people who do not have the original persist file have no chance to restore IMEI?

Related

[DEB USERS][Need Help]Nexus 7 4G shows IMEI "0"

Hello,
So continuing my experiments on the nexus 7 2013 (deb version), I have come to the point of IMEI being read as "0". :crying:
I have tried qualcomm NV tools, efs professional, qpst, factory reset, full wipe and then factory reset, custom roms, full wipe and then flash custom roms and the list goes on...
I understand that the entire re-writing process would have been much easier if I had a backup of all the partitions but unfortunately my system went kaput leading to massive data loss (including the backups).
So here I am seeking help from the community : : :
1. Any knowledge or methods to restore the IMEI number on a Qualcomm/Nexus/Asus device.
2. Backups of partitions - the DEB versions - the FSG, MODEMST1, MODEMST2
- For backup of the above partitions use the file attached in TWRP.
- It will create backups of the partitions in the location /sdcard/
I don't want to lose this device; it is out of warranty; still strong and does the job for me. The only issue right now for me is the connectivity (no signal because of "0" IMEI).
Please help.
Thankyou.

jared.leto said:
Backups of partitions the DEB versions (other than the radio, recovery, system partitions)
I don't want to lose this device; it is out of warranty; still strong and does the job for me. The only issue right now for me is the connectivity (no signal because of "0" IMEI).
Please help. Thankyou.
Click to expand...
Click to collapse
I prepared backup and restore scripts for the fsg partition with IMEI number. Perhaps a DEB user will donate fsg partition for you. You will need:
p8-backup.zip and p8-restore.zip from the above link
TWRP recovery
USB OTG adapter + a flash drive or OTG flash drive
Then do:
boot TWRP
connect OTG FAT32-formatted drive with the ZIPs
in TWRP "install" the backup ZIP
Your fsg partition will be compressed with gzip and saved on the flash drive. It then can be restored in TWRP.
Incidentally, all DEB users should do a backup of fsg anyway.

Did it. Attached.
HEX Editors show it's empty. I don't remember erasing the fsg partition but I guess that has happened.
Thanku for helping.
k23m said:
I prepared backup and restore scripts for the fsg partition with IMEI number. Perhaps a DEB user will donate fsg partition for you. You will need:
p8-backup.zip and p8-restore.zip from the above link
TWRP recovery
USB OTG adapter + a flash drive or OTG flash drive
Then do:
boot TWRP
connect OTG FAT32-formatted drive with the ZIPs
in TWRP "install" the backup ZIP
Your fsg partition will be compressed with gzip and saved on the flash drive. It then can be restored in TWRP.
Incidentally, all DEB users should do a backup of fsg anyway.
Click to expand...
Click to collapse

jared.leto said:
Did it. Attached.
HEX Editors show it's empty. I don't remember erasing the fsg partition but I guess that has happened.
Thanku for helping.
Click to expand...
Click to collapse
It is empty indeed. My FLO fsg has lots of stuff including IMEI-like strings. Just try my fsg, link in pm.

@k23m

Please help.

Hi, friend, did you restore your Deb IMEI?

I successfully clone IMEI, we need to copy/restore this partitions for this:
M9kefs1 (/dev/bl**ock/mmcblk0p5)
M9kefs2 (/dev/bl**ock/mmcblk0p6)
M9kefs3 (/dev/bl**ock/mmcblk0p7).

TechnicsKuzya said:
I successfully clone IMEI, we need to copy/restore this partitions for this:
M9kefs1 (/dev/bl**ock/mmcblk0p5)
M9kefs2 (/dev/bl**ock/mmcblk0p6)
M9kefs3 (/dev/bl**ock/mmcblk0p7).
Click to expand...
Click to collapse
Thank you for this info. The attached script will backup m9kefs* partitions. In TWRP do 'install' and find the backup file in the root of internal storage - /sdcard/IMEI-backup.tgz
BTW, DEB users, please check this post.
.

imei 0
Hi, also such a problem, have imei 0 after marking up the memory. help fix, thanks

IMEI 0 - What happened to me, share yours and let's find a solution.

I decided to write a new topic on this matter because there are still a lot of people like me with this problem.
My IMEI is shown as 0.
I've bought my phone at FastShop a non-carrier retailer. It is a XT1635-02 RETBR Dual-Sim.
On the process of loosing my IMEI, I was trying to get rid of the root I've installed before. I flashed a Cyanogen, got some problems with mobile data and decided to flash back to stock. When flashing back to stock I wanted a clean install, so I erased everything (EFS partition and every other tickable option) with the Chinese TWRP, the process gave me an error but I think it corrupted the data on EFS. (On the process of trying to fix this I've learned a lot of things I didn't knew and now I realize the kind of mistake I made...)
On "fastboot getvar imei" I can see my correct IMEI.
But dialing *#*#4636#*#* on phone info my IMEI is 0, also on Config>About both IMEI shown 0.
I've tried flashing the full stock ROM many times, even tried flashing different ROMS like LATAM, IUSMXLA, and others. Now I'm with the correct ROM running (RETBR).
I know that there are many people suffering from the same problem anything that could fix that anyway I would try.

I think you lost your IMEI forever.
DO NOT USE Chinese TWRP.

So basically all these reports of people getting their imei being 0 is them actually just wiping efs out of carelessness, got it. Not to be a jack*** but seriously...I always double check what I'm erasing. There's no recoveries, you've erased a unique identifier to the hardware. The manufacturer doesn't keep track of this.

DroneDoom said:
So basically all these reports of people getting their imei being 0 is them actually just wiping efs out of carelessness, got it. Not to be a jack*** but seriously...I always double check what I'm erasing. There's no recoveries, you've erased a unique identifier to the hardware. The manufacturer doesn't keep track of this.
Click to expand...
Click to collapse
That's my impression. I haven't seen anyone report categorically that they lost imei but absolutely did not wipe efs.

I think that when a signed firmware be available to download and install, the MZP will be able to regenerate the IMEI. Snapdragon have the capabilities to do it, but with an untrusted firmware, must "hide" it.

It is easy to get the IMEI back. Just restore the backup you did before wipe. Noone except you has the data on efs partition.

tag68 said:
It is easy to get the IMEI back. Just restore the backup you did before wipe. Noone except you has the data on efs partition.
Click to expand...
Click to collapse
This would require that people don't jump the gun and flash/wipe before making a backup.
A problem that shouldn't exist, but does.

I think you're SOL, dude.

rfameli said:
I decided to write a new topic on this matter because there are still a lot of people like me with this problem.
My IMEI is shown as 0.
I've bought my phone at FastShop a non-carrier retailer. It is a XT1635-02 RETBR Dual-Sim.
On the process of loosing my IMEI, I was trying to get rid of the root I've installed before. I flashed a Cyanogen, got some problems with mobile data and decided to flash back to stock. When flashing back to stock I wanted a clean install, so I erased everything (EFS partition and every other tickable option) with the Chinese TWRP, the process gave me an error but I think it corrupted the data on EFS. (On the process of trying to fix this I've learned a lot of things I didn't knew and now I realize the kind of mistake I made...)
On "fastboot getvar imei" I can see my correct IMEI.
But dialing *#*#4636#*#* on phone info my IMEI is 0, also on Config>About both IMEI shown 0.
I've tried flashing the full stock ROM many times, even tried flashing different ROMS like LATAM, IUSMXLA, and others. Now I'm with the correct ROM running (RETBR).
I know that there are many people suffering from the same problem anything that could fix that anyway I would try.
Click to expand...
Click to collapse
DISCLAIMER
Do it at your own risk.
SUMMARY
1. Reflashed back to stock Marshmallow
2. Sideloaded Nougat OTA right after (that is before booting into the freshly restored system)
-----------------------------------------------------------------------------------------------------------------
My IMEI became zero after trying to implement on Lineage OS a dual SIM mod originally intended for the stock ROM. "fastboot getvar imei" also displayed my correct IMEI. I eventually solved the issue purely out of trial by flashing the full stock (Marshmallow), and the nougat OTA right after that, as follows:
fastboot getvar max-sparse-size
fastboot oem fb_mode_set
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase modemst1
fastboot erase modemst2
fastboot flash dsp adspso.bin
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk.0 (repeat up to 10)
fastboot flash oem oem.img
fastboot erase carrier
fastboot erase cache
fastboot erase userdata
fastboot erase DDR
fastboot oem fb_mode_clear
fastboot reboot recovery
*recovery > adb sideload*
adb sideload nougat_ota.zip
WARNING
For downgrading, skip:
********************************
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
*******************************************
Proceeding otherwise will brick the device.

Just to clarify, I didn't made any backup before wiping my EFS.
I'm not used to go wiping everything, but I've already used the wipe function of the TWRP ticking all buttons and nothing was messed up.
Later I found that the Chinese TWRP give us the option to wipe our EFS.
I'm not blaming anyone but myself, I'm not that careless most of the times, I didn't had much knowledge as I do have now after all I've read and tried.
I have seen trough last months many people with problems on their IMEI, some problems was solved (flashing the ROM again), but the ones that continues looking for a solution probably have the same backstory as me.

VR25 said:
DISCLAIMER
Do it at your own risk.
SUMMARY
1. Reflashed back to stock Marshmallow
2. Sideloaded Nougat OTA right after (that is before booting into the freshly restored system)
-----------------------------------------------------------------------------------------------------------------
My IMEI became zero after trying to implement on Lineage OS a dual SIM mod originally intended for the stock ROM. "fastboot getvar imei" also displayed my correct IMEI. I eventually solved the issue purely out of trial by flashing the full stock (Marshmallow), and the nougat OTA right after that, as follows:
fastboot getvar max-sparse-size
fastboot oem fb_mode_set
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase modemst1
fastboot erase modemst2
fastboot flash dsp adspso.bin
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk.0 (repeat up to 10)
fastboot flash oem oem.img
fastboot erase carrier
fastboot erase cache
fastboot erase userdata
fastboot erase DDR
fastboot oem fb_mode_clear
fastboot reboot recovery
*recovery > adb sideload*
adb sideload nougat_ota.zip
WARNING
For downgrading, skip:
********************************
fastboot flash partition gpt.bin
fastboot flash bootloader bootloader.img
*******************************************
Proceeding otherwise will brick the device.
Click to expand...
Click to collapse
I'll surely try that since you had the same problem and fixed, I have nothing to loose.
But I already flashed the stock ROM and updated to Nougat, but since I didn't actually sideloaded it I'll try again when I get home.

I m cool with it
as long as phone function is working
no data, coz data plan not activate

Welcome to the club. I wiped my /efs, lost my IMEI and had to pay £120 for a motherboard replacement. Now I've got a backup for my /efs partition, and never use the Chinese TWRP, but I learned an expensive lesson.

Really_Rekt said:
Welcome to the club. I wiped my /efs, lost my IMEI and had to pay £120 for a motherboard replacement. Now I've got a backup for my /efs partition, and never use the Chinese TWRP, but I learned an expensive lesson.
Click to expand...
Click to collapse
How did you back it up? With that chinese twrp?

yeah. that was the only time i used it.

I was running my phone as a gaming tablet since I've lost my IMEI, connecting only trough wi-fi. I was running android MM 6.0.1 with december patch.
I've tried flashing Stock ROM RETBR version MPSN24.104-44-7, but it was not allowing me to install the OTAs giving an error by the end of the procedure.
I cleaned the system again and flashed the Stock ROM RETBR version MPSN24.104-44-10 and was able to sideload all the OTAs without any error.
Now my MZP is on Nougat latest available version but my problem was no fixed as I tought.
I really don't think I or the other ones that lost their IMEI like me (wiping EFS without having a backup) will be able to restore our lost IMEI.
I'm giving one last try, I'll buy a SIM from a brazilian carrier that doesn't seems to block IMEI, I don't know if this only apply for blacklisted IMEI's, but I'll try it with my IMEI 0.
The said carrier is "Oi".

I think you can pay Lenovo to replace the motherboard. You're probably better off doing that IMO.

IncendiaryPyro said:
I think you can pay Lenovo to replace the motherboard. You're probably better off doing that IMO.
Click to expand...
Click to collapse
The only problem is that the replacement of the motherboard cost almost the same as a brand new phone here on Brazil.

I thought I'd bricked mine. Rooted, then attempted to reflash back to stock, and had IMEI 0. Flashed CM and still IMEI 0. Did not take a backup of anything because I've been rooting around inside Androids since 2009 and never managed to fully brick a device.
I got it back by following these instructions. It works. I'm using it right now. All may not be lost.
Critically: some things need fastboot, and some things need mfastboot. Also, the order of re-flashing matters. Read the thread.

NO signal, IMEI 0 after downgrade from 8.1 to 7.1

I restored my phone
from oreo 8.1 to 7.1
after restoring i lost my IMEI i.e 0 now, thats why my both sim has no signal now.
I'm from india & i downloaded RETAIL version to restore.
i read somewhere that skip flashing following files could prevent losing your IMEI but...
on the same time i was told this might HARDBRICK your phone.
fastboot flash NON-HLOS.bin modem (can skip this and thus would prevent loss of IMEI)
fastboot erase modemst1 (can skip this and thus would prevent loss of IMEI)
fastboot erase modemst2 (can skip this and thus would prevent loss of IMEI)
fastboot flash fsg fsg.mbn (can skip this and thus would prevent loss of IMEI)
fastboot erase userdata (can skip this and thus would prevent loss of your data (Internal storage)
fastboot reboot
so my question is,
Is it ok to skip the files mentioned in the recovery post?
below post contains the guide i used to downgrade.
https://forum.xda-developers.com/moto-z-play/how-to/guide-root-xposed-flashing-stock-rom-t3529637

The IMEI is still there but will only show if you go back to 8.x .
To reflash your phone look at
https://forum.xda-developers.com/mo...se-attempt-t3812530/post76991120#post76991120

REDMI NOTE 8 | unknown baseband

hi.
i create a qcn backup with Qfile . and then change imei & restored, then i see baseband is empty!
now my baseband is empty and i need to restore my backup qcn. when i want to restore QCN backup file , everthying in qfile is Ok but my phone bootloop for once and then going to Recovery (twrp).
and i had to restore efs in twrp to correction this problem! / i tried some version of qfile and qpst.
how can i repair my baseband?
_ other way like this : "fastboot erase modemst1 / fastboot erase modemst2 "
sometime work and fix baseband (just for once and after restart baseband is empty) & and sometime dont work,
please help me.

Where does bootloader store the state of locked/unlocked?

I noticed that bootloader doesn't depend on kernel commandline variables to learn the state of device. Even if you wipe /system and /boot partition, you can still go to bootloader mode (fastboot mode/ Download mode) and check the locked/unlocked state of the bootloader.
That means bootloader itself stores some flag about the state somewhere. Android documentation lacks details about this but Google did mention that bootloader changes ro.boot.verifiedbootstate to set the value of ro.boot.flash.locked where the value is "0" if it is unlocked.
Google also didn't mention what flags are set if the custom Root of Trust (custom AVB) is enforced. I'm looking for this answer too.
I read about EFUSEs which are array of EEPROM where a bit can be written only once. But they are used for rollback protection and keys revocation, not for storing bootloader status.
Where exactly do most android devices store their bootloader state?

Most expected could be fastboot after recieving authentic unlock token rewrite aboot and aboot_bak partitions and devcfg if exist with unlock patch.

Camlin3 said:
Most expected could be fastboot after recieving authentic unlock token rewrite aboot and aboot_bak partitions and devcfg if exist with unlock patch.
Click to expand...
Click to collapse
I've found that it is saved in devInfo partition. Some even save it in eFuse.

Develop Bugs

welcome