you

Ultimate Guide: Qualcomm Snapdragon imei and Baseband Repair / Fix – Part 2

Ultimate Guide: Qualcomm Snapdragon imei and Baseband Repair / Fix – Part 2

adb shell

su

setprop sys.usb.config diag,adb

You must be rooted to give these commands as you may guess. What’s it for? The latest command will open your phone’s Qualcomm Diag Port to work with. There may be some exceptions of course in which it won’t work, let me know if this happens in the comments.

Remember our example phone in Part 1 was Xiaomi Mi5, you can either use this command or depending on which rom you are you can use the dial pad combination too, *#*#7177171#*#*. This info is valid for all Xiaomi Qualcomm’s not just Mi5. In Part 2 i will use a Mi5 S  to work with,  all Snapdragon 820 and 821 chipsets are the same when it comes to partition table, the video will be ready on my Youtube Channel soon. I will give info about older chipsets too. By the way, I’m sorry that this guide took some time to finish, but better than none right? Plus you will get the world’s largest QCN archive soon.

Do you also want to share your videos on YouTube and become famous? Well, don’t worry! You can simply go here to create videos with better.

So we all know what’s a Qcn backup now. It’s a backup of modem-related partitions in the Qualcomm structure. Which also includes modem baseband info + imei info. Having this backup, we can edit “imei” line (or lines; some phone models have 1 line, dual sim models have 2 lines obviously and all LG 1 sim models have 3 lines of imei info).  But before that, we will see how we can restore/upload the modified Qcn backup to the phone. If your imei became “0” somehow, you can edit an other Qcn taken from same model and restore your imei (+baseband) by uploading that Qcn to your phone, no need for any other steps. BUT if you messed up your baseband (=invalid imei), you need to get rid of the write protection before. For this we are going to “empty/zero” necessary modem partitions = to delete the old/wrong values. After that we will be able to upload any Qcn  we want, without any problems and errors. That is the answer why some readers having difficulties to restore Qcn’s to their phones. To do that, our phones must be rooted, because these are deep stuff now and we need to be very careful in every step. Saying it again, VERY CAREFULLY ! If you delete a wrong partition without checking it twice, you may end up with hard bricked phone in your hands. For many Chinese brands that won’t be a problem because they have their rescue roms, you can read those unbrick guides in my “UNBRICK” section, but for LG, HTC and some other known makers, you won’t have any PC based method to fix them, so VERY CAREFULLY !.

adb shell

su

ls -al /dev/block/platform/soc/624000.ufshc/by-name (this is for new Snapdragon 820 series, it’s just ls/list command with right parameters. If this command won’t list your partition table by name just go back till /platform and see what your partition tables continues with)

parts

This is the inside of your Snapdragon 820/821 based Xiaomi. Only 3 part form here matters for us, modemst1, modemst2 and fsg, those the partititions hosting your baseband and imei info (not all Snapdragons, but most Chinese made Qualcomms). Please keep in mind, this is very important, numbers are variable depending on the phone model, so names are important for us, not numbers, don’t try these numbers on a phone other then Mi 5 series, just list your parititon table and look for modemst1, modemst2 and fsg. Let’s zero/emty these 3 partitions :

dd if=/dev/zero of=/dev/block/sdf3

dd if=/dev/zero of=/dev/block/sdf5

dd if=/dev/zero of=/dev/block/sde28

reboot

Your phone will boot with an “invalid” imei, this means all the info is deleted. No need to worry as long as you have your QCN backup somewhere safe. Speaking of, its time to edit our QCN backup, let’s say our friend’s QCN backup with our imei number so we can fix our baseband including the right imei number.

088a

Search for the line starting with “088a“, IF your imei is starting with number “8”. The number before “A” is always your first imei number and thats what matters for us. If your imei number is starting with “3” for example, CTRL + F and find the line starting with “083a” (hex values only, untick “find text” if you are using same hex editor).

change_imei

Prepare “imei converter” program that you have download before and put your desired imei number in it, click “convert imei” and you will get the right format that you need to put in your hex editor. Rest is easy just carefully change the line right after “08xA” including your first number with “x”.

2nd_imei

Do the same for your second imei number hitting “F3” and finding the right line starting with “08xA“.

save

After you finished editing “SAVE AS” your QCN ! Don’t save it on the original backup, if you have done something wrong editing your original QCN file then you may corrupt it and there is no way to return and edit it again. So this is very important “save as” your new QCN with any name ending with “.qcn“.

restore

You may guess the rest, remember we backed up our QCN in our Part 1 ? Now we will just do the same choosing “Restore” from “Software Download” opiton in QPST, with our new edited QCN file of course.

complete

After you see “Memory Restore Completed” just reboot your manualy or with the “adb reboot” command from cmd.

You can use this method for almost every Chinese Qualcomm ( OnePlus owners sorry you can’t edit imei number, it’s encrypted ) + LG phones.

Your baseband including your imei number in it is fixed now, you are wellcome 🙂 See you in the next guide.

PS : Changing the imei number of your phone is ILLEGAL, do this steps to fix your lost original imei number or/and to fix your baseband ONLY !.

Ultimate Guide : Qualcomm Snapdragon imei and Baseband Repair / Fix – Part 1

Copyright © 2016 by androidbrick.com. All rights reserved.

5 1 vote
Article Rating
Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

231 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Adnan Shabir
11 months ago

Hello. I love the way you have explained everything. I got Motorola g9 plus, everything went good, untill i backed up the qcn

After i tried to restore the file, it says connection fail, while everything was just like same backup, same cable, drivers etc.

Again i restored the old faulty modemst1 and 2,
Can you help me to get it done with my correct imei

King Sami
Reply to  Ustabas Osman
11 months ago

any possible way to recover? after erasing it does not connect. shows no esn no. while in device manager it shows connected device at com 2 port

King Sami
Reply to  Ustabas Osman
11 months ago

i have backup. but with the current imei it does not pick signal from any network. any other way to write imei for moto, if you know please guide

Abdul Hannan
2 years ago

Mi 9T Pro [Raphael]
Bootloader Unlocked
OEM Unlocked
Android 10 MIUI 12.0.6
Done Everything But Old IMEI is Still There.

I:\Mobile Soft\Installed Mobile Softwares\android>adb shell
adb server version (32) doesn’t match this client (41); killing…
* daemon started successfully
raphael:/ $ su
raphael:/ # ls -l /dev/block/bootdevice/by-name/
total 0
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 abl -> /dev/block/sde35
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 ablbak -> /dev/block/sde36
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 aop -> /dev/block/sde15
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 aopbak -> /dev/block/sde16
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 apdp -> /dev/block/sde8
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk01 -> /dev/block/sda4
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk02 -> /dev/block/sda5
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk03 -> /dev/block/sda6
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk04 -> /dev/block/sda7
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk05 -> /dev/block/sda10
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk06 -> /dev/block/sda13
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk07 -> /dev/block/sda15
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk08 -> /dev/block/sda20
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk09 -> /dev/block/sda22
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk31 -> /dev/block/sdd1
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk32 -> /dev/block/sdd3
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk33 -> /dev/block/sdd5
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk41 -> /dev/block/sde5
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk42 -> /dev/block/sde12
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk43 -> /dev/block/sde23
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk44 -> /dev/block/sde29
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk45 -> /dev/block/sde39
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bk47 -> /dev/block/sde50
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk51 -> /dev/block/sdf2
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 bk52 -> /dev/block/sdf3
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 bluetooth -> /dev/block/sde26
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 boot -> /dev/block/sde49
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 cache -> /dev/block/sda29
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 catecontentfv -> /dev/block/sde28
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 catefv -> /dev/block/sde18
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 cateloader -> /dev/block/sde31
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 cdt -> /dev/block/sdd2
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 cmnlib -> /dev/block/sde19
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 cmnlib64 -> /dev/block/sde21
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 cmnlib64bak -> /dev/block/sde22
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 cmnlibbak -> /dev/block/sde20
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 core_nhlos -> /dev/block/sde51
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 cust -> /dev/block/sda30
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 dbg -> /dev/block/sda3
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 ddr -> /dev/block/sdd4
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 devcfg -> /dev/block/sde13
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 devcfgbak -> /dev/block/sde14
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 devinfo -> /dev/block/sda17
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 dip -> /dev/block/sde27
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 dsp -> /dev/block/sde48
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 dtbo -> /dev/block/sde45
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 frp -> /dev/block/sda9
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 fsc -> /dev/block/sdf1
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 fsg -> /dev/block/sde40
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 gsort -> /dev/block/sde44
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 hyp -> /dev/block/sde42
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 hypbak -> /dev/block/sde43
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 ifaa -> /dev/block/sde46
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 imagefv -> /dev/block/sdf4
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 keymaster -> /dev/block/sde24
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 keymasterbak -> /dev/block/sde25
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 keystore -> /dev/block/sda8
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 limits -> /dev/block/sde4
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 logdump -> /dev/block/sda25
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 logfs -> /dev/block/sda14
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 logo -> /dev/block/sde47
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 metadata -> /dev/block/sda19
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 minidump -> /dev/block/sda26
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 misc -> /dev/block/sda11
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 modem -> /dev/block/sde52
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 modemst1 -> /dev/block/sdf5
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 modemst2 -> /dev/block/sdf6
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 msadp -> /dev/block/sde9
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 multiimgoem -> /dev/block/sde1
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 multiimgqti -> /dev/block/sde2
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 oem_misc1 -> /dev/block/sda18
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 oops -> /dev/block/sda16
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 persist -> /dev/block/sda23
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 persistbak -> /dev/block/sda24
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 qupfw -> /dev/block/sde6
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 qupfwbak -> /dev/block/sde7
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 rawdump -> /dev/block/sda27
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 recovery -> /dev/block/sda28
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 secdata -> /dev/block/sde3
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 splash -> /dev/block/sda21
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 spunvm -> /dev/block/sde41
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 ssd -> /dev/block/sda2
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 storsec -> /dev/block/sde11
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 switch -> /dev/block/sda1
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 system -> /dev/block/sde54
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 toolsfv -> /dev/block/sde34
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 tz -> /dev/block/sde37
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 tzbak -> /dev/block/sde38
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 uefisecapp -> /dev/block/sde32
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 uefisecappbak -> /dev/block/sde33
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 uefivarstore -> /dev/block/sde17
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 userdata -> /dev/block/sda31
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 vbmeta -> /dev/block/sde10
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 vendor -> /dev/block/sde53
lrwxrwxrwx 1 root root 16 1970-05-18 01:37 vm-data -> /dev/block/sda12
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 xbl -> /dev/block/sdb2
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 xbl_config -> /dev/block/sdb1
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 xbl_configbak -> /dev/block/sdc1
lrwxrwxrwx 1 root root 15 1970-05-18 01:37 xblbak -> /dev/block/sdc2
raphael:/ # dd if=/dev/zero of=/dev/block/mmcblk0p46
dd: /dev/block/mmcblk0p46: write error: No space left on device
1|raphael:/ # dd if=/dev/zero of=/dev/block/mmcblk0p47
dd: /dev/block/mmcblk0p47: write error: No space left on device
1|raphael:/ # dd if=/dev/zero of=/dev/block/mmcblk0p45
dd: /dev/block/mmcblk0p45: write error: No space left on device
1|raphael:/ # dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst1
dd: /dev/block/bootdevice/by-name/modemst1: write error: No space left on device
1|raphael:/ # dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst2
dd: /dev/block/bootdevice/by-name/modemst2: write error: No space left on device
1|raphael:/ # dd if=/dev/zero of=/dev/block/bootdevice/by-name/fsg
dd: /dev/block/bootdevice/by-name/fsg: write error: No space left on device
1|raphael:/ # dd if=/dev/zero of=/dev/block/bootdevice/by-name/fsc
dd: /dev/block/bootdevice/by-name/fsc: write error: No space left on device
1|raphael:/ # dd if=/dev/zero of=/dev/block/bootdevice/by-name/fsc

Mohamed Sobhy
4 years ago

Hi bro thanks alot for this awesome guide, i was able to restore imei successfuly
1- imei was null so i made it 0 by dd zero command
2- edited imei and put it in .xqcn file
3- Restored it and reboot
4-Now i have my imei back.
Everything goes well but the problem is when i reboot my phone it’s gone again
(When i check it it still there but imei sv become unknown) and i have to repeat all the process again. what might cause this problem?
Please i need help.
my device: Redmi 5 plus MEG7

Mohamed Sobhy
Reply to  Ustabas Osman
4 years ago

I’m already on eu rom 9.10.10
Should i install official miui?

Ниязи Гасымов
5 years ago

Hello dear. I have Xiaomi Redmi 7. I do everything according to the instructions as you explained.
dd if=/dev/zero of=/dev/block/mmcblk0p36
dd if=/dev/zero of=/dev/block/mmcblk0p37
dd if=/dev/zero of=/dev/block/mmcblk0p32
By this commands i have erased modemst1, modemst2 and Fsg partitions. It is ok, Now Imei show -0
After i restoring by Qpst programm redmi 7 qcn file , so when i push to restart the phone goes into recovery and show message “nv data corrupted”
By twrp terminal i erasing partitions again by commanders zero and the phone boot normally , but imei show Null again. what am i doing wrong ?((

Fernan Orjuela Carvajal
5 years ago

Hi, I tried exact steps with a Xiaomi Redmi note 5 (MIUI 10, Android9, rooted and Unlock) but do not seem works for me.
In the first attemp my phone bricks and I have to recover with XioamiFlash.
In second attemp first, I backed the NVRAM, second, I delete modems and fsg, then, I edited the backup with the exact steps, and finnaly, I recovered the modified backup. Result: The phone have the same IMEIs. Do you have any Idea?

Fernan Orjuela Carvajal
Reply to  Ustabas Osman
5 years ago

How to connect COM port from TWRP? I have tried with command “su” and “setprop sys.usb.config diag,adb” in TWRP Console Shell but do not run…
In “su” command I receive “command not found”
My phone is rooted, I don´t know what happend.
Any idea?

javad esmaeelpour
5 years ago

hi. I did exactly as you said and everything went well. but at the end when I rebooted my device the IMEI was still the same as before. my device is mi 5. what can I do?

javad esmaeelpour
Reply to  Ustabas Osman
5 years ago

Tnx for your swift response. So for new xiaomi devices that can’t be downgraded there is no possibility to repair imei?

javad esmaeelpour
Reply to  Ustabas Osman
5 years ago

You are the best. I’ll try that ASAP.

ilhan Harbili
5 years ago

oneplus 6t için yöntem var mı? cihazı rootladım, qcn yedeği tamam.fakat partionları sileceğim göremiyorum.

ilhan Harbili
Reply to  Ustabas Osman
5 years ago

Mail gönderdim. Bilgileri verirseniz size getireyim cihazı.
Teşekkürler

Krzysiek Boberek
5 years ago

Unfortunately, in my MI 6 nothing has changed.
After:
dd if = / dev / zero of = / dev / block / sdf (x)
dd if = / dev / zero of = / dev / block / sdf (x)
dd if = / dev / zero of = / dev / block / sde (xx)
and reboot
IMEIs are still unchanged and the next steps do not change anything.
Before this phone was repaired in the service. Service changed something on the board and I have uploaded the original drive. I wanted to upload TWRP and ROM Xiaomi Poland. I probably deleted too much and now I have other IMEIs than on the box and problems with network coverage and data transfer. I want to keep the Xiaomi Poland ROM, TWRP and have my original IMEI numbers.

burak ergar
5 years ago

Pocopohone için de bu uygulama ise yararmi

burak ergar
Reply to  Ustabas Osman
5 years ago

beklenen den uzun surucek sanirim

Роман Вобликов
6 years ago

[spoiler]adb>adb shell
tissot_sprout:/ $ su
tissot_sprout:/ # ls -al /dev/block/platform/soc/7824900.sdhci/by-name
total 0
drwxr-xr-x 2 root root 1020 1970-01-06 04:37 .
drwxr-xr-x 4 root root 1100 1970-01-06 04:37 ..
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 DDR -> /dev/block/mmcblk0p16
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 aboot -> /dev/block/mmcblk0p20
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 abootbak -> /dev/block/mmcblk0p21
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 apdp -> /dev/block/mmcblk0p45
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 boot_a -> /dev/block/mmcblk0p22
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 boot_b -> /dev/block/mmcblk0p23
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 cmnlib -> /dev/block/mmcblk0p39
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 cmnlib64 -> /dev/block/mmcblk0p41
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 cmnlib64bak -> /dev/block/mmcblk0p42
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 cmnlibbak -> /dev/block/mmcblk0p40
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 config -> /dev/block/mmcblk0p30
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 devcfg -> /dev/block/mmcblk0p11
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 devcfgbak -> /dev/block/mmcblk0p12
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 devinfo -> /dev/block/mmcblk0p24
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 dip -> /dev/block/mmcblk0p33
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 dpo -> /dev/block/mmcblk0p47
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 dsp -> /dev/block/mmcblk0p13
lrwxrwxrwx 1 root root 20 1970-01-06 04:37 fsc -> /dev/block/mmcblk0p3
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 fsg -> /dev/block/mmcblk0p17
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 keymaster -> /dev/block/mmcblk0p43
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 keymasterbak -> /dev/block/mmcblk0p44
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 keystore -> /dev/block/mmcblk0p29
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 limits -> /dev/block/mmcblk0p31
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 lksecapp -> /dev/block/mmcblk0p37
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 lksecappbak -> /dev/block/mmcblk0p38
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 logdump -> /dev/block/mmcblk0p48
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 mcfg -> /dev/block/mmcblk0p36
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 mdtp -> /dev/block/mmcblk0p34
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 misc -> /dev/block/mmcblk0p28
lrwxrwxrwx 1 root root 20 1970-01-06 04:37 modem_a -> /dev/block/mmcblk0p1
lrwxrwxrwx 1 root root 20 1970-01-06 04:37 modem_b -> /dev/block/mmcblk0p2
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 modemst1 -> /dev/block/mmcblk0p14
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 modemst2 -> /dev/block/mmcblk0p15
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 mota -> /dev/block/mmcblk0p32
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 msadp -> /dev/block/mmcblk0p46
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 persist -> /dev/block/mmcblk0p27
lrwxrwxrwx 1 root root 20 1970-01-06 04:37 rpm -> /dev/block/mmcblk0p7
lrwxrwxrwx 1 root root 20 1970-01-06 04:37 rpmbak -> /dev/block/mmcblk0p8
lrwxrwxrwx 1 root root 20 1970-01-06 04:37 sbl1 -> /dev/block/mmcblk0p5
lrwxrwxrwx 1 root root 20 1970-01-06 04:37 sbl1bak -> /dev/block/mmcblk0p6
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 sec -> /dev/block/mmcblk0p18
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 splash -> /dev/block/mmcblk0p19
lrwxrwxrwx 1 root root 20 1970-01-06 04:37 ssd -> /dev/block/mmcblk0p4
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 syscfg -> /dev/block/mmcblk0p35
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 system_a -> /dev/block/mmcblk0p25
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 system_b -> /dev/block/mmcblk0p26
lrwxrwxrwx 1 root root 20 1970-01-06 04:37 tz -> /dev/block/mmcblk0p9
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 tzbak -> /dev/block/mmcblk0p10
lrwxrwxrwx 1 root root 21 1970-01-06 04:37 userdata -> /dev/block/mmcblk0p49[spoiler]

[spoiler]tissot_sprout:/ # dd if=/dev/zero of=/dev/block/dev/block/mmcblk0p14
dd: /dev/block/dev/block/mmcblk0p14: No such file or directory [spoiler]
please tell me what I’m doing wrong?

Роман Вобликов
6 years ago

привет!!!!!!! помоги пожалуйста я не понимаю что не так!

[spoiler title=”C:\Tools>adb shell
adb server is out of date. killing…
* daemon started successfully *
tissot_sprout:/ $ su
su
tissot_sprout:/ # ls -al/dev/block/platform/soc/7824900.cdhci/by-name
ls -al/dev/block/platform/soc/7824900.cdhci/by-name
usage: ls –color[=auto] [-ACFHLRSZacdfhiklmnpqrstux1] [directory…]

list files

what to show:
-a all files including .hidden -c use ctime for timestamps
-d directory, not contents -i inode number
-k block sizes in kilobytes -p put a ‘/’ after dir names
-q unprintable chars as ‘?’ -s size (in blocks)
-u use access time for timestamps -A list all files but . and ..
-H follow command line symlinks -L follow symlinks
-R recursively list files in subdirs -F append /dir *exe @sym |FIFO
-Z security context

output formats:
-1 list one file per line -C columns (sorted vertically)
-g like -l but no owner -h human readable sizes
-l long (show full details) -m comma separated
-n like -l but numeric uid/gid -o like -l but no group
-x columns (horizontal sort)

sorting (default is alphabetical):
-f unsorted -r reverse -t timestamp -S size
–color device=yellow symlink=turquoise/red dir=blue socket=purple
files: exe=green suid=red suidfile=redback stickydir=greenback
=auto means detect if output is a tty.

ls: Unknown option /dev/block/platform/soc/7824900.cdhci/by-name
1|tissot_sprout:/ # ls -al /dev/block/platform/soc/624000.ufshc/by-name
ls -al /dev/block/platform/soc/624000.ufshc/by-name
ls: /dev/block/platform/soc/624000.ufshc/by-name: No such file or directory “]

не получается! что я не так делаю?

Артем «ArtemKa» Артемыч
6 years ago

Hello. Who can throw me a your QCN backup please. Phone MEIZU M6 note 3\32. I really need it.

Cihan Isik
6 years ago

Merhaba, tutorial icin cok sagol.

Redmi Note 5 Pro’da nedense IMEI bir türlü degismiyor. 3 bölmeyi sifirladiktan sonra reboot ediyorum, IMEI hala ayni orada duruyor, yani kendiliginden silmeden önceki forma dönüyor. Acaba Xiaomi de artik bir türlü koruma mi koydu? Bootloader acik bu arada.

Cihan Isik
Reply to  Ustabas Osman
6 years ago

Evet, ben de sonunda basardim. Neden öyle oldu anlamadim ama recovery’de iken 3 bölmeyi sifirlayinca oldu 🙂

Mehmet Akyol
Reply to  Cihan Isik
5 years ago

Cihan bey bendede aynı şey oluyor. Nasıl yaptınız acıklarmısınız?

Murch
6 years ago

Hi there,
Thanks for the tutorial. I’ve HTC Sensation (rooted, s-off, bootloader unlocked, stock kernel).
Unortunately I’m stuck at not being able to enable diag mode / open qualcomm ports on my phone.
I’ve tried with the adb shell command but after hitting enter nothing happens (the device it’s listed if I enter adb devices).
Could you please help me out?

Thanks a lot

em hashmii
6 years ago

866408027xxxxxx
866408027xxxxxx
plz add this imei..Redmi 5 plus

Electro FAN
6 years ago

Hi, can you help me please?
I have Samsung sm-j510fn, MSM8916, TWRP 3.1.1, root, stock OS. Trying to change imei’s on it.
First problem: I can’t wipe current imei’s. dd says “no space left on device”
Here are my commands:
root@j5xnlte:/ # dd if=/dev/zero of=/dev/block/mmcblk0p14
dd: /dev/block/mmcblk0p14: No space left on device
6145+0 records in
6144+0 records out
3145728 bytes transferred in 0.548 secs (5740379 bytes/sec)
1|root@j5xnlte:/ # dd if=/dev/zero of=/dev/block/mmcblk0p15
dd: /dev/block/mmcblk0p15: No space left on device
6145+0 records in
6144+0 records out
3145728 bytes transferred in 0.553 secs (5688477 bytes/sec)
1|root@j5xnlte:/ # dd if=/dev/zero of=/dev/block/mmcblk0p9
dd: /dev/block/mmcblk0p9: No space left on device
6145+0 records in
6144+0 records out
3145728 bytes transferred in 0.213 secs (14768676 bytes/sec)

So my current imei’s won’t wipe. The block names are correct, given from the ls command.
Second problem: QPST can’t do restore original or edited QCN. I receive an error: “received an invalid command from the phone”. I’ve tried different QPST versions, on different PCs. But I can BACKUP QCNs with no problems, always.
I’ve already SOLVED the second problem using QFIL instead of QPST. So I can restore edited QCN now with no problems. But it is useless, due to not wiped blocks, imei’s stays the same.
I know you’re saying that instruction is only for chinese phones, no samsung, but hey! Actually there are only dd error problem. Maybe it is possible to fix?
I can provide additional info if you need. Do you have any ideas?

Electro FAN
Reply to  Ustabas Osman
6 years ago

Thanks for paying attention!
So I need Z3X box + samsung tool pro for this kind of work? Will it solve my case?

Quang Vũ
6 years ago

I have used twrp to reflash rom and could restore QCN. However, after finished, when I checked the phone using *#06#, the second MEID appeared (MEID1 and MEID2). MEID 2 is my original ID, MEID1 I guessed it belonged to the QCN file I downloaded. Also, the IMEI 1 is show 0, instead of what I modified. IMEI2 is ok.

Can I remove the wrong MEID and restore IMEI 1?

My phone is MI5s Capricorn.

Thank you

Quang Vũ
Reply to  Ustabas Osman
6 years ago

Can I change the MEID to the original one?

Quang Vũ
Reply to  Ustabas Osman
6 years ago

No, I use the QCN file downloaded from your website. I believe that MEID stored in QCN but don’t know how to change it.

Quang Vũ
Reply to  Ustabas Osman
6 years ago

My phone is working normally. But I just want to bring it back to original state in case I resell it.

One more question: I tried many times, but IMEI 1 is still 0, how can I solve the issue?

Quang Vũ
6 years ago

I finished all the steps before restore qcn file. However, when I was restoring, I received Error:

“Memory Restore Failed!”
“Received an invalid command from the phone”

Please help.
Thanks

Percibal Camelot
6 years ago

Hello my name is Felipe, your guide seems very useful unfortunately I tried to used for my XIAOMI MI6 and I think a ruined, I followed all the instructions to recover my IMAI making sure the correct partitions of modemst1, modemst2 and fsg. to erase from /dev/block but when I rebooted the phone I dont have WIFI, IMAI or a way to recognize SIM CARDS, is there any way to recover partitions as I dont have backup for that I only have backup for the QCN file as your the article said.

I hope it can be fixed.

Percibal Camelot
Reply to  Ustabas Osman
6 years ago

This is the problem:
http://en.miui.com/forum.php?mod=viewthread&tid=848213&mobile=2

Just with QCN file is possible to fix the EFS partition ?

Percibal Camelot
Reply to  Ustabas Osman
6 years ago

Ok that sounds great, unfortunately my phone is not allowing me now to connect through COM port to send QCN file using the QPST app. Is there any way to connect to the phone from fastboot or twrp ?

Percibal Camelot
Reply to  Ustabas Osman
6 years ago

But what about if there is not COM port, as I dont have interface to open it :(, is possible to do it in fast boot mode ?

Gee Zaz
6 years ago

hey bro! i followed your guide very well but seems like my IMEI won’t stick? I did it like 5x already my IMEI still the same? my phone is a asus zenfone 3 deluxe edition its a snapdragon 820. so yeah it won’t stick if i restore it? is it possible if you send me your qcn of the phone you used here? thanks in advance.

231
0
Would love your thoughts, please comment.x
()
x