Related
I can't read french, but the translation site seems to indicate that this hexedit will permanently unlock any phone. My Captivate nv_data.bin matches perfectly.
I just can't translate all the comments and i really want to read what everyone is saying.
Any french speakers out there?
http://forum.frandroid.com/forum/viewtopic.php?id=26052
Thanks to zzyxy for posting this in another thread.
EDIT - changed title and found English Post on XDA.
http://forum.xda-developers.com/showpost.php?p=8182729&postcount=107
Translated by google chrome
Here is how to unlock a phone that has missed its flash Froyo JPC (request for unlock code and displays the correct imei)
New semi automated method available here: http://forum.frandroid.com/forum/viewtopic.php?id=27019
Beware if the imei is not good before you start, it will not be at the end.
This method can also be used to modify the Product Code for those interested
All that was done on'm Android 2.1 since Froyo modifies the files to his liking (I advise to do New JM1, it works very well).
Thank you for everything you read, do not fly the tutorial is very important !!!!! I could not be responsible for those who are mishandling
Before anything else, save the file efs /, we will play with:
http://forum.frandroid.com/forum/viewtopic.php?id=25668
Need to be root, busybox, android sdk available here:
http://developer.android.com/sdk/index.html
(In windows) we decompress the ZIP, it renames the file "android-sdk-windows" to "android" short and placed in c: \ (the name and location to the sdk is placed are important to commands typed by hand later)
Extracting a nv_data.bin:
Plug the phone in usb mode enabled USB debugging
Start => Run => cmd (a DOS window will open)
Tapper to space by:
cd ..
cd ..
cd android
cd tools
adb pull / efs / nv_data.bin
Close the DOS window
The file will appear in the nv_data.bin réperoire c: \ android \ tools.
Edit the file with a hex editor nv_data.bin (EditHexa available in my example here: ... http://www.logitheque.com/logiciels/win a_9903.htm):
188 021 offset (page 3137) to "XEF" (ca will recognize the phone as "naked") (thus change the product code)
Offset 18146E (page 3,083) to "00000000" (ac will put the network unlock code 00000000)
We backup ^ ^
Then we go back in adb ^ ^
Start => Run => cmd (a DOS window will open)
Tapper and point in space by:
cd ..
cd ..
cd android
cd tools
adb shell mkdir / sdcard / efs "
adb push nv_data.bin / sdcard / efs
adb shell
su
mv / efs / .nv_data.bak / efs / .nv_data.bakk
mv / efs/.nv_data.bak.md5 / efs/.nv_data.bakk.md5
rm / efs / nv_data.bin
rm / efs/nv_data.bin.md5
rm / efs/.nv2.bak
rm / efs/.nv2.bak.md5
cp busybox / sdcard / efs / nv_data.bin / efs / nv_data.bin
chmod 755 / efs / nv_data.bin
chown radio.radio / efs / nv_data.bin
If he ever put the radio user does not exist, try "chown 1001:1001 / efs / nv_data.bin" instead and yes for some it is still not the same ....( thank you Froyo JPC / JPH )
There may be errors on. Nv2.bak and md5 (they do not exist at all)
I renamed the. Bak. BAKK to set aside the time everything is finished, they will be erased later.
do: ctrl + c
unplug the phone, remove the battery without turning the phone 30 seconds.
restart (on or before this point we must put the sim)
The network will unlock code: 00000000, it will the code is good but not unlock it anyway. If its not working properly and restart the phone again.
once functional, * # 06 # displays the correct imei
After there are bugs that require reflashing, reflash in New JM1 via Odin with re-partition active (I did not test other firmwares)
Must rooter again (the busybox normally installs with the root) ... and yes again ^ ^
reboot (so the normally nv_data.bin.md5 must have recreated)
Creating the. Bak
plug the phone into USB debugging mode enabled
We return under adb ^ ^
Start => Run => cmd (a DOS window will open)
Tapper and point in space by:
cd ..
cd ..
cd android
cd tools
adb shell
su
rm / efs / .nv_data.bakk
rm / efs/.nv_data.bakk.md5
busybox cp / efs / nv_data.bin / efs / .nv_data.bak
busybox cp / efs/nv_data.bin.md5 / efs/.nv_data.bak.md5
chown radio.radio / efs / .nv_data.bak
chown radio.radio / efs/.nv_data.bak.md5
Ctrl + c
Unplug your phone
and it finally finished your phone is unlocked and working again all operators ... remember to save them now ^ ^
A big thank you to Rickou who brought me on a platter chown radio.radio Chaineau who was missing.
And has Reve40 with whom I studied nv_data.
And Hideki Jis26 who tested the method before it is online.
A remark Hideki:
hideki wrote:
Otherwise I just add details about my case.
So personally I stopped before the stage flashing in JM1 because I had no problem and my bak files were recreated itself at startup.
I tried the following reredémarrer my imei and no problems still, no application code. And like bin files are recreated at each boot from bak, I concluded that my bak was so good .
What greatly simplify the procedure .
This was not the case for me and therefore Jis26 peus be that after the Roma moved to the base, we could have some small variations, I can not say more.
Last edited by helroz (25-09-2010 1:50:37 p.m.)
Thanks for the translation but I found something even better then machine gobbly gook ,
I just found the original post by Helroz - in english on XDA if anyone wants:
http://forum.xda-developers.com/showpost.php?p=8182729&postcount=107
"This method work for galaxy s with damaged nv_data caused by froyo JPC (good imei but unlock code required)
this method is to recreate a new unlock code and allow the phone to unlock with new unlock code
I post this on frandroid with pictures and link for software:
h***://forum.frandroid.com/forum/viewtopic.php?id=26052"
So has anyone tried this method? Is changing the country code "XEF" necessary for unlock? Is that just for changing the product code?
michael.seltzer said:
So has anyone tried this method? Is changing the country code "XEF" necessary for unlock? Is that just for changing the product code?
Click to expand...
Click to collapse
I have yet to try it, but changing the country code is only necessary if you flashed a different international firmware and it changed that.
Ya i flashed to cognition 2.2 so it shouldn't be an issue right?
michael.seltzer said:
Ya i flashed to cognition 2.2 so it shouldn't be an issue right?
Click to expand...
Click to collapse
Not the country code, since you flashed an AT&T build.
when performing the busybox line, I get
cp: write error: No space left on device
Why? I have plently of room on my phone, what is the problem here?
No one has any idea?
Vae Hostilis said:
when performing the busybox line, I get
cp: write error: No space left on device
Why? I have plently of room on my phone, what is the problem here?
Click to expand...
Click to collapse
I ran into this, and i have an answer... took me bit to discover it...
The /efs partition is only about 6MB in size - the nv_data.bin is 2mb. There is a hidden backup file and another file as well that are also about 2mb.
ls -l -a (you can't do ls -la as in linux or unix) will show you hidden files and sizes.
So you probably tried to backup your nv_data.bin in the /efs folder, and then copying a new one over and you ran out of space. Delete the nv_data.bin after you back it up to your SD card, then copy the changed one over.
alphadog00 said:
I ran into this, and i have an answer... took me bit to discover it...
The /efs partition is only about 6MB in size - the nv_data.bin is 2mb. There is a hidden backup file and another file as well that are also about 2mb.
ls -l -a (you can't do ls -la as in linux or unix) will show you hidden files and sizes.
So you probably tried to backup your nv_data.bin in the /efs folder, and then copying a new one over and you ran out of space. Delete the nv_data.bin after you back it up to your SD card, then copy the changed one over.
Click to expand...
Click to collapse
Tried deleting the file in the efs folder, then just copying the file over using root file manager and it still says I don't have enough room. after deleting the file, I have 1.91mb free in that folder. is there anything in there I can toss?
And what does busybox have to do with transfering the file? as in why do i have to include busybox when typing in the command on adb?
Edit: here is the list of files in there in case I have some unnecessary ones.
.android (folder)
---empty
.imei (size: 15)
.nv_data.bakk (2097152)
.nv_data.bakk.md5 (32)
.nv_state (1)
imei (folder)
---bt.text (23)
---mps_code.dat (3)
nv.log (96)
after listing these off, I notice there is a serious math problem here..... how do i have 4.01 mb (according to root file manager) filled?
Vae Hostilis said:
Tried deleting the file in the efs folder, then just copying the file over using root file manager and it still says I don't have enough room. after deleting the file, I have 1.91mb free in that folder. is there anything in there I can toss?
And what does busybox have to do with transfering the file? as in why do i have to include busybox when typing in the command on adb?
Edit: here is the list of files in there in case I have some unnecessary ones.
.android (folder)
---empty
.imei (size: 15)
.nv_data.bakk (2097152)
.nv_data.bakk.md5 (32)
.nv_state (1)
imei (folder)
---bt.text (23)
---mps_code.dat (3)
nv.log (96)
after listing these off, I notice there is a serious math problem here..... how do i have 4.01 mb (according to root file manager) filled?
Click to expand...
Click to collapse
I did all this via ADB shell and i didnt use the busybox command; but i don't see your original nv_dat.bin - that is 2MB. You can delete the bakk file - that was made by some script - i have never seen the OS add 2 K's.
If you want to keep something move it to SD card and then delete from /efs. I know it is the nv_data.bin and .nv_data.bin that are 2MB files - they take up the room in the partition.
Unless you use a terminal and type in the commands - it is hard to tell what the file manager may still be hiding. I haven't used root file manager.
alphadog00 said:
I did all this via ADB shell and i didnt use the busybox command; but i don't see your original nv_dat.bin - that is 2MB. You can delete the bakk file - that was made by some script - i have never seen the OS add 2 K's.
If you want to keep something move it to SD card and then delete from /efs. I know it is the nv_data.bin and .nv_data.bin that are 2MB files - they take up the room in the partition.
Unless you use a terminal and type in the commands - it is hard to tell what the file manager may still be hiding. I haven't used root file manager.
Click to expand...
Click to collapse
I have the .nv_data.bak, the .nv2.bak, and the nv_data.bin in the sdcard folder. I believe the instructions told us to move those out of the efs folder and rename the copies (left in the efs folder) to .bakk instead of .bak, as they were the ones that would be deleted later.
All the files you see, are all the files in there, looking through ADB and the Root File manager app w/ hidden files shown. and the file sizes are not adding up to the total 4 it says I have in there, but I will try deleting the .bakk file and see what happens.
The nv_data.bin is the important one.
With what you listed, you should have about 4mb free, not 4 mb used. If you are in ADB shell you also have the df and du commands to show you how much of the /efs partition is used.
lol. it tells me 4.01mb is used.... sigh.....
Edit: just wiped my phone for the hell of it to see if it fixed anything. All the files are back, safe and sound, and the MATH ADDS UP (Yeay!). I'll try one more time before I give up.
Edit 2: just ordered a replacement device from at&t. I'll just run the Generate Code program on that, hopefully. Thank you for your help!!
So has anyone actually tried this? Does it actually work?
Sent from my SAMSUNG-SGH-I897 using XDA App
How did you get att to replace it?
michael.seltzer said:
So has anyone actually tried this? Does it actually work?
Sent from my SAMSUNG-SGH-I897 using XDA App
Click to expand...
Click to collapse
It does work. As long as your IMEI is good. (*#06#). Take a good unlocked nv_data.bin - put your IMEI and unlock/unfreeze codes in it; in the right places. Move it your phone and reboot.
so if i just follow the guide exactly i'll be good? Is there a chance that my phone might not boot up? For some reason my phone can't get into download or recovery mode so i don't want to be stuck.
michael.seltzer said:
so if i just follow the guide exactly i'll be good? Is there a chance that my phone might not boot up? For some reason my phone can't get into download or recovery mode so i don't want to be stuck.
Click to expand...
Click to collapse
with a bad nv_data.bin - it should still boot -but I can't guarantee it. Never tried.
Hacking system files, there is always the chance the phone won't boot. AT&T did it with OTA upgrade.... How bad do you need to unlock your phone -that is the question you need to ask yourself.
Hi Member :fingers-crossed:
Again, the wave of lost of imei seen coming back.
there are still have alot of SL lost the imei and baseband.
Tried hard to find away to repair it, but since....that's not way without the back up still....
At the mean time wait for the beta of CM10.1 or maybe CM10.2, i go back to GB again. Yeah.. it is boring.. so i playing with EFS partition again.
HAH. this time, i get a new info...it is been along time trying to find our what is BML3 about and what is the relationship with STL3, our EFS partition.
i get to know that from I9000 thread, that seen BML3 is about the "mother" of STL3. (sorry for the bad english, i'm not cursing)
why i said that ? cause i do a test on it.
My Test on BML3
1. dd out the BML3 partition. i read the image using Hex Editor, i found the word of nv_data.bin and nv.log inside it.
2. (do not know why i did this), than i dd back the image into the BML3 partition. than my STL3 corrupted, or it can said as it is gone from partition list.
3. so, it cant be mount by the phone.
4. so, you have not imei and baseband
So, if you still haven't doing any flashing of the STL3 or EFS folder from the blank tar templet using odin or any why to put the image in, it is still have possibility that the nv_data.bin or .nv_data.bak still usable. so dd it out and keep safe.
Still remember? i have backup my stl3 partition, so i flash back it using Heimdall-frontend. (Odin not able to flash the dd image, you have to tar it in linux into Odin flash able.)
why i using flashing instead of dd it back, cause i tried, but it fail, cause the STL3 is not mounted.
So, i suspect the lost of imei is not STL3 or EFS folder corrupted, it is the BML3 some how lost link or bad block.
I attach my generic imei of the BML3 and STL3 image
you can try as below method.
AGAIN....STANDARD DISCLAIMER....
Code:
** YOU HAVE TO KNOW WHAT YOU ARE DOING.
** THERE ARE RISK TO YOUR PHONE WHAT EVER YOU TRYING TO FLASH WHAT EVER IN IT.
** IF YOUR POINTING THE FINGER AT ME BECAUSE YOU CHOOSE TO DO IT
** I WILL LOLLLLLLLLLLLLLLLL AT YOU
OK, the instruction
Code:
i'm using Ubuntu as OS and Heimdall and Heimdall-Frontend to flash.
install Heimdall command, and install Heimdall-Frontend for the UI
Download the attachment, and rename it.
1. in adb shell, dd out the BML3 and STL3 for backup
Code:
dd if=/dev/block/bml3 of=/sdcard/bml3.img
dd if=/dev/blcok/stl3 of=/sdcard/stl3.img
2. using my copy of BML3.img, dd it back
Code:
dd if=/sdcard/bml3.img of=/dev/block/bml3
than reboot
3. after the reboot, reboot into download mode, flashing my STL3.img using heimdall-frontend
a. open terminal, key heimdall-frontend
b. in the UI, go to Utilities tab, click Detact Device, makesure the device is detacted.
c. go to Flash tab, in pit, put in the Pit File, untick the repartition
d. Partition, click add than at the Partition Detail, Partition name, choose EFS
e. in File, put in the STL3.img file
f. than Start, wait few min, the phone will reboot it self.
4. after that, you will get generic imei.(atleast i get it)
So now, tried to flash you own STL3 image from just now you dd out.
if you are lucky, you will get back the imei, and if you are very lucky, you will have my imei.(but i think the possibility is very low)
Have fun tying..
~~Old Post~~
CORRECTION
Actually the EFS Pro work great for the Restoring the EFS image, :good:
it is just the stl3 or efs partition did not mounted so the app show error
the correct step to use EFS Pro as follow
1. flash to stock with RFS file system.
2. flash CF-ROOT kernel to root the phone (optional, due to odin flash not need rooted)
3. flash the efs.tar to mount back efs folder
You get back the efs partitional and generic imei
Ahh.. by the way, after flashing the efs.tar, the bluethoot and wifi mac will changed follow the original phone which output the efs.rfs
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi Guys, today I was so boring, so I get my phone efs partition corrupted. YES, I corrupted it purposely.
few item need to prepare
1. your efs backup (nv_data.bak or original nv_data.bin)
2. odin 1.85 only, odin 3.04 got problem
3. stock Froyo and Gb
4. CF-root kernel (i use Bam kernel, thanks to XDA_BAM)
5. efs.tar download herethanks to celica7
6. EFS Pro
Of Couse I have the efs backup.
That’s how I corrupted. I mean the efs folder...
* Flash a stock firmware with EFS clear tick! (Odin 1.85) DXKE1 * everything goes normally.
* Still I having the IMEI. Due to the backup still there
* So, continue to screw it up, flash to GB 2.3.4 DXKP9 and root it with Bam kernel 14fix. Use RE to delete all efs file.
* Still get the generic imei
* still not enough corrupted, continue to screw it, flash again stock firmware dxkp9 with efs clear, but generic imei still there
* flash again bam kernel to root.
* Than do dd if=/sdcard/efs_backup.img of=/dev/block/stl3 to restore the backup efs image.
* Still get the generic imei
* try corrupt it with EFS Pro (sorry dude), just due to the tool having function of format efs folder. But it format efs fail
* chown the efs folder to root, and reboot
* still the system changes it back to radio. (ogh, so hard to corrupt it)
* ok, flash back to stock froyo, and see.
* All right, now I have blank imei or unknown imei
* due to lazy to fine root procedure for Froyo base, I continue to flash GB
* Odin flash pass, but phone boot into 3e recovery and show;
E: failed to mount /efs (invalid argument)
E: check_selective_file:Can't mount /efs
Multi-csc applied failed (NICE:victory:!!)
OK, now time to restore imei :fingers-crossed:
* flash bam kernel to root.
* after flash bam kernel, imei show 004999010640000, it supposed to show unknown imei, due to efs partition is not mounted.
* who care. continue to restore imei using EFS Pro (failed)
* try restore imei with backup img by EFS Pro (FAILED!!):crying:
* NOW, try others method from XDA
* flash efs.tar with ODIN to get back efs mounted
* delete every in the efs folder.(the generic imei file)
* copy your nv_data.bak to efs folder and rename to nv_data.bin
* chmod 700 nv_data.bin
* chown radio nv_data.bin
* chgrp radio nv_data.bin
* reboot
* Guess what next ? I get the imei back
Really nice tutorial buddy But most of the people are not able to restore IMEI because they dont have IMEI backup. I am really looking for such a tutorial where IMEI can be restored without IMEI backup.
its a useful experiment and can help many of us
nice guide
vishal24387 said:
Really nice tutorial buddy But most of the people are not able to restore IMEI because they dont have IMEI backup. I am really looking for such a tutorial where IMEI can be restored without IMEI backup.
Click to expand...
Click to collapse
Yeah it need backup to restore.
But some members did have initially but srew it more worst than lost the last chance to restore.
Most of tham is flashing failed. So the nv_data.bak is still safe. However cant mount stl3, so restoring failed. No even efs pro can restored when stl3 cant mount.
So flashing efs.tar on odin pda is the most imp step. Afthe mounted the efs folder than you have alot of way to restore.
Sent from my GT-I9003 using Tapatalk 2
good guide, very useful to others but to me no luck my IMEI and Baseband is till unknown. im hoping i can borrow nandroid backup for i9003 so i can restore it and repair the IMEI using z3x box
arjun08 said:
good guide, very useful to others but to me no luck my IMEI and Baseband is till unknown. im hoping i can borrow nandroid backup for i9003 so i can restore it and repair the IMEI using z3x box
Click to expand...
Click to collapse
@arjun08
what is the condition of your nv_data.bak or nv_data.bin? is it still the original ?
if yes, im sure this way can help. did you try ?
chongns said:
@arjun08
what is the condition of your nv_data.bak or nv_data.bin? is it still the original ?
if yes, im sure this way can help. did you try ?
Click to expand...
Click to collapse
.nv_core.bak 10/12/2012
.nv_core.bak.md5 10/12/2012
.nv_data.bak 10/12/2012
.nv_data.bak.md5 10/12/2012
.nv_state 11/27/2010
the phone lost its IMEI in november 2012 the .nv files was dated in october 2012 i don't know if it is the original files.
what is the nv_data.bin date?
try below cmd in adb and post the screen out put
adb shell
su
df
to see is your efs folder mounted
edit: something happening on 27/Nov, cause your nv_state changed.
it is very high change to get back imei. backup all those file incase you need to try and error.
you need to do is mount back your efs folder using efs.tar flash unsing odin 1.85
1. flash back to stock file system, just the pit and xxkpe
2. root it with cf-root kernel
3. flash efs.tar
4. install what ever root file manager.
5. check efs folder owner and group, should be radio system in GB stock
6. delete all file in efs folder (including nv_data.bak)
7. copy and rename nv_data.bak (from your backup) to nv_data.bin and set owner and group to radio radio in efs folder
8. set permission to rwx------
9. reboot
Sent from my Galaxy Nexus using Tapatalk 2
chongns said:
what is the nv_data.bin date?
try below cmd in adb and post the screen out put
adb shell
su
df
to see is your efs folder mounted
edit: something happening on 27/Nov, cause your nv_state changed.
it is very high change to get back imei. backup all those file incase you need to try and error.
you need to do is mount back your efs folder using efs.tar flash unsing odin 1.85
1. flash back to stock file system, just the pit and xxkpe
2. root it with cf-root kernel
3. flash efs.tar
4. install what ever root file manager.
5. check efs folder owner and group, should be radio system in GB stock
6. delete all file in efs folder (including nv_data.bak)
7. copy and rename nv_data.bak (from your backup) to nv_data.bin and set owner and group to radio radio in efs folder
8. set permission to rwx------
9. reboot
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
nv_data.bin 10/12/2012
done steps 1-4
confusing im not a pro in this kind of thing,i didn't understand 5, 7 and 8
5. how should i check efs folder owner and group
7. how should i do this, set owner and group to radio radio in efs folder
8. set permission to rwx------ how to change this.. for now i saw rwxrwx--x in efs
arjun08 said:
nv_data.bin 10/12/2012
done steps 1-4
confusing im not a pro in this kind of thing,i didn't understand 5, 7 and 8
5. how should i check efs folder owner and group
7. how should i do this, set owner and group to radio radio in efs folder
8. set permission to rwx------ how to change this.. for now i saw rwxrwx--x in efs
Click to expand...
Click to collapse
you have done step 1 to 4 , did you backup the old nv_data.bak and nv_data.bin
ok, if you have backup the old efs file before you flash efs.tar, than
you can use the terminal type
ls -l
than,
assuming you have root your phone (if not flash cf-root first)
use root explorer to delete all the file in efs folder
copy the original nv_data.bak (the bak file before you flash efs.tar) into the folder and rename it to nv_data.bin
in terminal type below command
su
cd efs
ls -l
chmod 700 nv_data.bin
chown radio nv_data.bin
chgrp radio nv_data.bin
reboot
chongns said:
you have done step 1 to 4 , did you backup the old nv_data.bak and nv_data.bin
ok, if you have backup the old efs file before you flash efs.tar, than
you can use the terminal type
ls -l
than,
assuming you have root your phone (if not flash cf-root first)
use root explorer to delete all the file in efs folder
copy the original nv_data.bak (the bak file before you flash efs.tar) into the folder and rename it to nv_data.bin
in terminal type below command
su
cd efs
ls -l
chmod 700 nv_data.bin
chown radio nv_data.bin
chgrp radio nv_data.bin
reboot
Click to expand...
Click to collapse
im almost done but when i type this
chgrp radio nv_data.bin ------ chgrp: not found
this is the only error i got
try type
chown 1001:radio nv_data.bin
or
chown radio.radio nv_data.bin
Sent from my GT-I9003 using Tapatalk 2
done all, no luck didnt get my IMEI back
i wonder if i put other efs backup from other person the same phone i9003 will that works?
if he or she willing to share with you
Sent from my GT-I9003 using Tapatalk 2
I really dont get it. Err!
Sent from my GT-I9003 using xda premium
Under03Ground said:
I really dont get it. Err!
Sent from my GT-I9003 using xda premium
Click to expand...
Click to collapse
@Under03
check you efs partition in mounted, do the below step in adb shell.
df >/sdcard/df.txt
ls -a -l efs >/sdcard.efs.txt
mount >/sdcard/mount.txt
cat /proc/partitions >/sdcard/cat.txt
noted:
df to show you mounted partition
ls to list out the efs file (including the hidden file)
mount to show all the mount point
cat is to show all the partition list. (efs partition is stl3)
the > text file, it out the result of the command to text file so you can forward it to me to have alook.
attach or forward me the text in reply.
could anyone help me out. my imei n baseband show unknown . i have a very old efs back up taken from efs pro which is nearly 1 gb.i tried restoring it but of no use help me guyzzz.....:crying:
sebastiand95 said:
could anyone help me out. my imei n baseband show unknown . i have a very old efs back up taken from efs pro which is nearly 1 gb.i tried restoring it but of no use help me guyzzz.....:crying:
Click to expand...
Click to collapse
Efs backup size is 6mb. You maybe have wrong backup
Sent from my Galaxy Nexus using Tapatalk 2
chongns said:
Efs backup size is 6mb. You maybe have wrong backup
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
but it is under the name efs backup
@ chongns
Hey buddy I think you were working on creating IMEI using some genuine IMEI. Any progress related to it??
This script creates backup of partitions related to IMEI number. If you have not unlocked your boot-loader then you do not have to worry, you're safe. But read this in case you root someday!
DISCLAIMER:
I am not responsible for any damage caused to your device in any manner, you should be careful while doing anything. Before you proceed please read everything.
DESCRIPTION
The IMEI number is like an identifier to your cellphone for network operators. The phones will not be able to communicate in case IMEI is lost. The IMEI number is generally stored in PDS partition of the EMMC but the Moto g is an exception, there is no physical EFS partition so NV-Items are inaccessible for manipulation which means backing up PDS partition only will not make any sense.
The EFS is created on the fly: the modem reads HOB and DHOB partitions and after manipulations it creates a EFS file-system which is isolated from rest of the system. The modem finds the baseband, MEID, IMEI etc. and reports it to the OS.
The DHOB partition is encrypted and the key used is a PBKFD2 derived key for which the details like passkey, salt and iterations are unknown. HOB partition is XML-formatted and contains encrypted base64 text items. The secret is yet to be discovered.
Reference
http://forum.xda-developers.com/moto-g/help/info-moto-g-imei0-t2925970/post62064474#post62064474
http://forum.xda-developers.com/showthread.php?t=2640677
What does the script do?
This script simply creates the dumps of HOB, DHOB, FSC and PDS partition.
REQUIREMENTS:
A rooted phone is bare minimum and rest depends upon the method you choose. Download the archive one is for Linux and other is for Windows.
Choose any one.
FROM PHONE:-
1. Download and install any “Terminal Emulator” application from App store.
2. Type su and press enter to have superuser privileges.
3. Run these commands one-by-one.
HTML:
su
mkdir /sdcard0/imei_backup
dd if=/dev/block/platform/msm_sdcc.1/by-name/hob" of=/sdcard0/imei_backup/hob.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/dhob" of=/sdcard0/imei_backup/dhob.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/fsc" of=/sdcard0/imei_backup/fsc.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/pds" of=/sdcard0/imei_backup/pds.img
4. Copy imei_backup from the top folder of internal storage or SD-card.
FROM PC:-
1. Enable ROOT for both apps and adb from developer options.
2. Open cmd or terminal hange current location to folder imei_linux or imei_windows extracted from archive.
3. Run the below commands from cmd or terminal.
Windows
Make sure you have Motorola drivers installed (Motorola device manager).
HTML:
imei_backup.bat
Linux
Superuser privileges are necessary.
HTML:
sudo bash imei_backup.sh
or
su -C 'bash imei_backup.sh'
4. Once finished save imei_backup folder to someplace safe. The folder sits in the same folder the commands are run and in phone's internal storage or SD card.
FOR RESTORATION
1. Copy imei_backup folder to /sdcard (both internal or SD-Card in case you are not sure)
2. Open terminal emulator on phone and run these commands, all of them do not miss any. Run all of them twice to be sure.
HTML:
dd if=/sdcard0/imei_backup/hob.img of=/dev/block/platform/msm_sdcc.1/by-name/hob"
dd if=/sdcard0/imei_backup/dhob.img of=/dev/block/platform/msm_sdcc.1/by-name/dhob"
dd if=/sdcard0/imei_backup/fsc.img of=/dev/block/platform/msm_sdcc.1/by-name/fsc"
dd if=/sdcard0/imei_backup/pds.img of=/dev/block/platform/msm_sdcc.1/by-name/pds"
4. Reboot your phone.
How to keep IMEI safe:
1. Do not use incompatible Roms or firmware.
2. Never run these commands.
Don't even try, I have screwed my phone already. Misspelled for safety.
HTML:
Fast-boot erasee all (Don't)
Fast-boot erasee recovery (Don't)
Fast-boot erasee HOB (Don't)
Fast-boot erasee DHOB (Don't)[/COLOR]
Fast-boot erasee earth (Please Don't)
Run any of these commands and your phone turn into a tablet forever.
3. Create backup of the partitions i mentioned using one of the methods.
FAQS:-
Does it work on Dual-Sim or CDMA ?
Yes, it works. It just creates partition dumps, nothing more nothing less. It should work on Moto G (1st and 2nd gen) all variants and Moto E (1st and 2nd).
Is it safe to share my imei_backup folder if anyone asks?
Yes, the content is encrypted and there is no chance of manipulation of IMEI, the NV-ITEMS are written after verification. No two phones can have same IMEI. If it was possible then I wouldn't be so mad or worried or you would not be reading this. The best he could achieve is base-band change and signal but IMEI stays zero. No Cheating!
I have PDS partition backup, why should I care about this?
The PDS partition alone is no good for recovery, there are other partitions which help phone get a working cellular and valid IMEI number, those partition are HOB and DHOB. You can create backup through terminal emulator.
Why should I believe you?
I am a victim and did research on this for like 30 days. I do have a clear idea of what the problem really is. Please refer to mentioned threads for more information.
I have lost my IMEI because of “fast-boot erase all” command, can I get my IMEI back?
Sorry! But there is no working solution at the moment. All you can do right now is either buy a new motherboard or a spare phone to do work. The cure has not been found till now and hopes are really low unless some guy with good cryptography knowledge comes to rescue. So far i only know the problem
Very useful, thanks. Just want to add my experience - actually I did run "fast-boot erasee recovery" once in the past and did lost IMEI, but it was possible to recover it in an easy way. But those other commands seem to be really catastrophic indeed (though I haven´t tried them )
Here´s the original story: http://forum.xda-developers.com/showthread.php?p=52648789
drfr said:
Very useful, thanks. Just want to add my experience - actually I did run "fast-boot erasee recovery" once in the past and did lost IMEI, but it was possible to recover it in an easy way. But those other commands seem to be really catastrophic indeed (though I haven´t tried them )
Here´s the original story: http://forum.xda-developers.com/showthread.php?p=52648789
Click to expand...
Click to collapse
It is always better to be safe than sorry. The thing is if you lose hob and dhob partitions, you are doomed. I am glad to know that your phone is intact.
Script works well - thanks for this.
Well I'm here to ask something related to the problems issued in this thread.
I got a XT1032 with IMEI fully written but, for some reasons I still don't know, the damn phone does not "read" the signal. The bars just stay empty and nothing, not even a full original firmware restore, seems to help.
Now I wonder if the problem is in a non-working modem partition, but I'd see that problem solved when I fully flashed the stock FW.
Is there any solution? I also tried to flash all the european (I'm italian) basebands known to mankind and nothing happens.
Dionysus2389 said:
Well I'm here to ask something related to the problems issued in this thread.
I got a XT1032 with IMEI fully written but, for some reasons I still don't know, the damn phone does not "read" the signal. The bars just stay empty and nothing, not even a full original firmware restore, seems to help.
Now I wonder if the problem is in a non-working modem partition, but I'd see that problem solved when I fully flashed the stock FW.
Is there any solution? I also tried to flash all the european (I'm italian) basebands known to mankind and nothing happens.
Click to expand...
Click to collapse
When you dial *#06# do you see your IMEI number?
PuLKit4xd said:
When you dial *#06# do you see your IMEI number?
Click to expand...
Click to collapse
Yep, the IMEI is there as it is in the phone info. That's why I can't figure out what the heck is wrong with it. I also tried to flash any baseband and still no signal.
Dionysus2389 said:
Well I'm here to ask something related to the problems issued in this thread.
I got a XT1032 with IMEI fully written but, for some reasons I still don't know, the damn phone does not "read" the signal. The bars just stay empty and nothing, not even a full original firmware restore, seems to help.
Now I wonder if the problem is in a non-working modem partition, but I'd see that problem solved when I fully flashed the stock FW.
Is there any solution? I also tried to flash all the european (I'm italian) basebands known to mankind and nothing happens.
Click to expand...
Click to collapse
PuLKit4xd said:
When you dial *#06# do you see your IMEI number?
Click to expand...
Click to collapse
Dionysus2389 said:
Yep, the IMEI is there as it is in the phone info. That's why I can't figure out what the heck is wrong with it. I also tried to flash any baseband and still no signal.
Click to expand...
Click to collapse
Aaaaan then I managed to fix everything. Simply, kitkat european firmwares have some issues with basebands, so I wipe everything and flash via mfastboot the 5.0.2 brazillian stock firmware. Everything is flawless now!
Hi all, thanks for this huge piece of info, very usefull, but i need from you if you have the backup of the files for XT1540 (moto g3 4g).
Cheers
PuLKit4xd said:
This script creates backup of partitions related to IMEI number. If you have not unlocked your boot-loader then you do not have to worry, you're safe. But read this in case you root someday!
DISCLAIMER:
I am not responsible for any damage caused to your device in any manner, you should be careful while doing anything. Before you proceed please read everything.
DESCRIPTION
The IMEI number is like an identifier to your cellphone for network operators. The phones will not be able to communicate in case IMEI is lost. The IMEI number is generally stored in PDS partition of the EMMC but the Moto g is an exception, there is no physical EFS partition so NV-Items are inaccessible for manipulation which means backing up PDS partition only will not make any sense.
The EFS is created on the fly: the modem reads HOB and DHOB partitions and after manipulations it creates a EFS file-system which is isolated from rest of the system. The modem finds the baseband, MEID, IMEI etc. and reports it to the OS.
The DHOB partition is encrypted and the key used is a PBKFD2 derived key for which the details like passkey, salt and iterations are unknown. HOB partition is XML-formatted and contains encrypted base64 text items. The secret is yet to be discovered.
Reference
http://forum.xda-developers.com/moto-g/help/info-moto-g-imei0-t2925970/post62064474#post62064474
http://forum.xda-developers.com/showthread.php?t=2640677
What does the script do?
This script simply creates the dumps of HOB, DHOB, FSC and PDS partition.
REQUIREMENTS:
A rooted phone is bare minimum and rest depends upon the method you choose. Download the archive one is for Linux and other is for Windows.
Choose any one.
FROM PHONE:-
1. Download and install any “Terminal Emulator” application from App store.
2. Type su and press enter to have superuser privileges.
3. Run these commands one-by-one.
HTML:
su
mkdir /sdcard0/imei_backup
dd if=/dev/block/platform/msm_sdcc.1/by-name/hob" of=/sdcard0/imei_backup/hob.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/dhob" of=/sdcard0/imei_backup/dhob.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/fsc" of=/sdcard0/imei_backup/fsc.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/pds" of=/sdcard0/imei_backup/pds.img
4. Copy imei_backup from the top folder of internal storage or SD-card.
FROM PC:-
1. Enable ROOT for both apps and adb from developer options.
2. Open cmd or terminal hange current location to folder imei_linux or imei_windows extracted from archive.
3. Run the below commands from cmd or terminal.
Windows
Make sure you have Motorola drivers installed (Motorola device manager).
HTML:
imei_backup.bat
Linux
Superuser privileges are necessary.
HTML:
sudo bash imei_backup.sh
or
su -C 'bash imei_backup.sh'
4. Once finished save imei_backup folder to someplace safe. The folder sits in the same folder the commands are run and in phone's internal storage or SD card.
FOR RESTORATION
1. Copy imei_backup folder to /sdcard (both internal or SD-Card in case you are not sure)
2. Open terminal emulator on phone and run these commands, all of them do not miss any. Run all of them twice to be sure.
HTML:
dd if=/sdcard0/imei_backup/hob.img of=/dev/block/platform/msm_sdcc.1/by-name/hob"
dd if=/sdcard0/imei_backup/dhob.img of=/dev/block/platform/msm_sdcc.1/by-name/dhob"
dd if=/sdcard0/imei_backup/fsc.img of=/dev/block/platform/msm_sdcc.1/by-name/fsc"
dd if=/sdcard0/imei_backup/pds.img of=/dev/block/platform/msm_sdcc.1/by-name/pds"
4. Reboot your phone.
How to keep IMEI safe:
1. Do not use incompatible Roms or firmware.
2. Never run these commands.
Don't even try, I have screwed my phone already. Misspelled for safety.
HTML:
Fast-boot erasee all (Don't)
Fast-boot erasee recovery (Don't)
Fast-boot erasee HOB (Don't)
Fast-boot erasee DHOB (Don't)[/COLOR]
Fast-boot erasee earth (Please Don't)
Run any of these commands and your phone turn into a tablet forever.
3. Create backup of the partitions i mentioned using one of the methods.
FAQS:-
Does it work on Dual-Sim or CDMA ?
Yes, it works. It just creates partition dumps, nothing more nothing less. It should work on Moto G (1st and 2nd gen) all variants and Moto E (1st and 2nd).
Is it safe to share my imei_backup folder if anyone asks?
Yes, the content is encrypted and there is no chance of manipulation of IMEI, the NV-ITEMS are written after verification. No two phones can have same IMEI. If it was possible then I wouldn't be so mad or worried or you would not be reading this. The best he could achieve is base-band change and signal but IMEI stays zero. No Cheating!
I have PDS partition backup, why should I care about this?
The PDS partition alone is no good for recovery, there are other partitions which help phone get a working cellular and valid IMEI number, those partition are HOB and DHOB. You can create backup through terminal emulator.
Why should I believe you?
I am a victim and did research on this for like 30 days. I do have a clear idea of what the problem really is. Please refer to mentioned threads for more information.
I have lost my IMEI because of “fast-boot erase all” command, can I get my IMEI back?
Sorry! But there is no working solution at the moment. All you can do right now is either buy a new motherboard or a spare phone to do work. The cure has not been found till now and hopes are really low unless some guy with good cryptography knowledge comes to rescue. So far i only know the problem
Click to expand...
Click to collapse
Need help!!
It does not work for me. whenever any command with /sdcard is written, it replies "/sdcard/hob.img :File or directory not found."
Please help.
Thanks in advance : )
Hello,
I am trying to recover from a softbrick issue. I have a BLU Studio C 5+5 LTE and therefore can't use TWRP or CWM (At least that is my assumption, maybe someone knows different). Before getting into the softbrick state I took 3 different types of backups in the hopes that one of them could be used in case it was needed. (like this)
Type 1 - I did an ADB shell backup from a completely stock device (unrooted) I used this command-
adb backup -apk -all -f fullbackup.adb
For this method I followed this guide here-
https://linuxiswonderful.wordpress.com/2015/04/04/full-backup-of-nonrooted-android/
Type 2 - I used Titanium backup and performed a complete system and application backup
Type 3 - I rooted the phone and backed up all partitions using dd after reviewing the partition layout of the device. For example, to backup the system partition I did the following at an ADB shell-
dd if=/dev/block/mmcblk0p21 of=/storage/sdcard1/firmware-img/system.img
I believe the last operation I tried before softbricking was installing the Xposed framework module for my device (running Lollipop 5.1.1).
I am able to still communicate to my device using ADB and I can get an ADB shell. or enter fastboot mode My device presently shows the manufacturer's logo when booting and gets no further.
To recover from this issue I think I have two basic options
#1 restore from backup
#2 locate the problem that is causing the system to hang at startup in the first place
At the end of the day I am trying to find the simplest, quickest method to get back up and running. Both methods are acceptable to me. I am not worried about losing any data.
My challenge/sticking point is how to turn my backups into a usable format to get me back on track or understand the boot process enough to get out of the boot loop.
The first thing I tried was mounting my raw image files created from the dd process. I followed this guide-
https://samindaw.wordpress.com/2012/03/21/mounting-a-file-as-a-file-system-in-linux/
I ran these commands-
#losetup /dev/loop0 /path/to/my/system.img
# mkfs -t ext3 -m 1 -v /dev/loop0
# mount -t ext3 /dev/loop0 /mnt
# cd /mnt
# ls
The various image files I created all seemed to mount "ok" OK meaning that the loopback mount process worked but it appears there is nothing but a lost+found folder in the mounted image. (I'm not sure why that is.)
I am still researching methods to turn my other backups into something usable for recovery purposes.
For using the adb backup file I created, this is what my understanding is-
Adb backup uses a type of compression (don’t remember what kind). I would need to uncompress the file first. After uncompressing and being able to view the file contents I would think I should be able to put together a flashable zip file of some sort.
I think the process for Titanium backup would generally be the same- uncompress/convert file format, create/assemble a flashable zip file
The last thought I had was trying to get the system to boot. To do so, I need to better understand the boot process. I am familiar with how Linux boots as I am a Sys Admin. I know Android is similar but just different enough to make me research this further. I can pull dmesg log for anyone if that will help. I was also seeing where you could use the logcat command. (That is new to me as it seems more Android specific and not used in Linux that I know of)
If there is any other info you need to see, please let me know. I made a lot of notes about the system architecture, partition layout, etc.
Many thanks in advance for your help!
XDA Visitor said:
Hello,
I am trying to recover from a softbrick issue. I have a BLU Studio C 5+5 LTE and therefore can't use TWRP or CWM (At least that is my assumption, maybe someone knows different). Before getting into the softbrick state I took 3 different types of backups in the hopes that one of them could be used in case it was needed. (like this)
Type 1 - I did an ADB shell backup from a completely stock device (unrooted) I used this command-
adb backup -apk -all -f fullbackup.adb
For this method I followed this guide here-
https://linuxiswonderful.wordpress.com/2015/04/04/full-backup-of-nonrooted-android/
Type 2 - I used Titanium backup and performed a complete system and application backup
Type 3 - I rooted the phone and backed up all partitions using dd after reviewing the partition layout of the device. For example, to backup the system partition I did the following at an ADB shell-
dd if=/dev/block/mmcblk0p21 of=/storage/sdcard1/firmware-img/system.img
I believe the last operation I tried before softbricking was installing the Xposed framework module for my device (running Lollipop 5.1.1).
I am able to still communicate to my device using ADB and I can get an ADB shell. or enter fastboot mode My device presently shows the manufacturer's logo when booting and gets no further.
To recover from this issue I think I have two basic options
#1 restore from backup
#2 locate the problem that is causing the system to hang at startup in the first place
At the end of the day I am trying to find the simplest, quickest method to get back up and running. Both methods are acceptable to me. I am not worried about losing any data.
My challenge/sticking point is how to turn my backups into a usable format to get me back on track or understand the boot process enough to get out of the boot loop.
The first thing I tried was mounting my raw image files created from the dd process. I followed this guide-
https://samindaw.wordpress.com/2012/03/21/mounting-a-file-as-a-file-system-in-linux/
I ran these commands-
#losetup /dev/loop0 /path/to/my/system.img
# mkfs -t ext3 -m 1 -v /dev/loop0
# mount -t ext3 /dev/loop0 /mnt
# cd /mnt
# ls
The various image files I created all seemed to mount "ok" OK meaning that the loopback mount process worked but it appears there is nothing but a lost+found folder in the mounted image. (I'm not sure why that is.)
I am still researching methods to turn my other backups into something usable for recovery purposes.
For using the adb backup file I created, this is what my understanding is-
Adb backup uses a type of compression (don’t remember what kind). I would need to uncompress the file first. After uncompressing and being able to view the file contents I would think I should be able to put together a flashable zip file of some sort.
I think the process for Titanium backup would generally be the same- uncompress/convert file format, create/assemble a flashable zip file
The last thought I had was trying to get the system to boot. To do so, I need to better understand the boot process. I am familiar with how Linux boots as I am a Sys Admin. I know Android is similar but just different enough to make me research this further. I can pull dmesg log for anyone if that will help. I was also seeing where you could use the logcat command. (That is new to me as it seems more Android specific and not used in Linux that I know of)
If there is any other info you need to see, please let me know. I made a lot of notes about the system architecture, partition layout, etc.
Many thanks in advance for your help!
Click to expand...
Click to collapse
Greetings,
Thank you for using XDA Assist.
There are no specific forums for your device model on XDA. However, if you create an XDA account, you can ask your questions here:
Android Q&A, Help & Troubleshooting
You will receive expert advice there.
Good luck and welcome to XDA!
This works fine on my phone. If it doesn't work on yours, standard disclaimer applies about bricking, phone exploding, etc... that's all on you.
The problem has been that regardless of patches and regardless of methods to make the stock 8.1 data partition readable from TWRP, my phone won't do it. So as follows is how I've backup up and restored as an alternative. I don't know if this works well on Windows (Probably not) or MacOS (More likely it will), so its only tested on Linux.
Install adb on the computer
On the running phone, enable usb debugging.
Connect to the phone, allow the computer to access it.
Get a shell
Code:
adb shell
Enter as follows to find the block device where data is mounted
Code:
mount | grep /data | grep block
My output was this
Code:
/dev/block/mmcblk0p24 on /data type ext4 (rw,seclabel,nosuid,nodev,noatime,discard,journal_checksum,journal_async_commit,noauto_da_alloc,errors=panic,data=ordered
The first part, "/dev/block/mmcblk0p24" is what I was interested in. You can see it's mounted at /data
You're in fact looking for this specifically at the beginning "/dev/block/mmcblk0p24 on /data"
If you're confused or you have multiple mount-points or what not, or you don't understand, Stop Now, you're about to screw things up.
Copy the first part of what you have here, in my case "/dev/block/mmcblk0p24" (don't use quotes though)
Reboot into TWRP.
Make sure /data is not mounted in the TWRP menu. If it is, then no need to do this as you can back it up directly from TWRP anyway, and you don't nee this.
Backup will make an image of the entire partition, so it will be big. As follows to backup, change the /dev/block/xxxxxxx to what yours is, if it is differant. Replace xxxxxxx with what your output was, mine was mmcblk0p24 (this needs to be input correctly for backup and restore, this here is where you can screw your phone up)
Code:
adb shell 'dd if=/dev/block/xxxxxxx' > DataBackupName.img
(Above, you DO use the single quotes)
DataBackupName.img can be named whatever you want to call it.
This takes a long time, my phone writes 12 gigs or so.
The above command should exit telling you how much data was written. You don't want to have an incomplete backup because the usb cable wasn't great or the process spit the dummy for some reason.
To restore, cross your fingers (works fine on my PC)
Also from TWRP and also making sure data is not mounted:
Code:
adb push DataBackupName.img /dev/block/xxxxxxx
You need to have the correct text to replace the xxxxxx. Screwing this up is very high risk of bricking your phone.
Okay all that said, my assumption is that the initial dump won't work on Windows as it needs to direct the output to a file and I have a hunch that the syntax above for directing the output might be done differently. If someone knows how to do the backup on Windows, or can clarify if it works or not as is (after testing) I imagine that would be helpful for Windows users. Feedback in general is good for others, solutions to problems are great.
Additionally, when I was looking for this solution, the answers were a bit old and had to be mildly adapted, but there was a complaint back then that adb couldn't handle the restore. That hasn't been the case for me. A more recent adb binary might fix this if you happen to have this sort of problem.
A benefit of this method, is that if your system can mount an ext4 volume, you can also mount the image, so if you only want one file from a previous backup, or you want to remove a file from the image, or add one, that's all possible... with Linux (Linux geeks know who they are). Note that the image also contains the contents of what gets mounted at /storage/emulated/0
You can compress the image file when its done to reduce the size.