Database Info

[Q] Stuck in splash screen but CAN access recovery

SL 101 with cwm. on ICS.
I have tried over and over and many different ways to figure this out.... here is what's happening.
"power on" is stuck in splash screen and WILL NOT recognize on my PC as a device or in ADB
"power + vol down" grants me recovery mode which WILL recognize.
SD card will not mount to device. (i purchased brand new)
Cannot seem to push any files to internal storage... this is what my CMD looks like.
---------------------------------------
adb devices =
list of devices attached
0123456789abcdef recovery
C:\Users\me\Desktop\Android>adb push C:\Users\me\Desktop\US_epad-user-9.2.1.27.1.zip /sdcard/Download/
---------------------------------------
When I hit enter it does nothing but go to the space below and won't let me type anything.
I have tried PERI which didn't work because when it starts rebooting my device it just boots to the splash screen where it won't recognize on my PC
PLEASE any help I'm ripping my hair out here!

I have got the same problem, which is mentioned here: http://forum.xda-developers.com/showthread.php?t=2244728
Now I am trying to discover which of the mounting points are internal sdcard and data, so I would be able to format them and I hope that this will fix my problem.
You are also unlucky because Slider and TF101G versions of the tablet doesn't support NVflash: http://forum.xda-developers.com/showthread.php?t=1688447
They support but ASUS hasn't provided developers with the keys: http://androidroot.mobi/technical/tf-secure-boot-key/
Sincerely,
Žiga

ZigaG said:
I have got the same problem, which is mentioned here: http://forum.xda-developers.com/showthread.php?t=2244728
Now I am trying to discover which of the mounting points are internal sdcard and data, so I would be able to format them and I hope that this will fix my problem.
But since you have got the TF101 version (not G or slider) of the tablet, you can try to use NVflash: http://forum.xda-developers.com/showthread.php?t=1688447
Sincerely,
Žiga
Click to expand...
Click to collapse
I do have the slider and would prefer to find help pertaining to that but it seems there are way more guides on the TF101 not SL101
It specifically says you cannot use the NVflash for sl101....

Sorry, I misread it. I fixed my post.

ZigaG said:
I have got the same problem, which is mentioned here: http://forum.xda-developers.com/showthread.php?t=2244728
Now I am trying to discover which of the mounting points are internal sdcard and data, so I would be able to format them and I hope that this will fix my problem.
You are also unlucky because Slider and TF101G versions of the tablet doesn't support NVflash: http://forum.xda-developers.com/showthread.php?t=1688447
They support but ASUS hasn't provided developers with the keys: http://androidroot.mobi/technical/tf-secure-boot-key/
Sincerely,
Žiga
Click to expand...
Click to collapse
So does that mean I'm stuck until something comes out? Or is there an alternative route.

chchas said:
So does that mean I'm stuck until something comes out? Or is there an alternative route.
Click to expand...
Click to collapse
You can check the file /proc/mtd and /proc/mounts and upload it here, so I can see if we are dealing with the same problem. You can try to mount external sdcard.
While in ADB use:
Code:
adb pull /proc/mtd backup/
adb pull /proc/mounts backup/
This will copy this 2 files to folder backup.
Žiga

ZigaG said:
You can check the file /proc/mtd and /proc/mounts and upload it here, so I can see if we are dealing with the same problem. You can try to mount external sdcard.
While in ADB use:
Code:
adb pull /proc/mtd backup/
adb pull /proc/mounts backup/
This will copy this 2 files to folder backup.
Žiga
Click to expand...
Click to collapse
remote object '/proc/mtd' does not exist
remote object '/proc/mounts' not a file or directory

chchas said:
remote object '/proc/mtd' does not exist
remote object '/proc/mounts' not a file or directory
Click to expand...
Click to collapse
Strange!? What is outputted if you write:
Code:
adb shell ls

ZigaG said:
Strange!? What is outputted if you write:
Code:
adb shell ls
Click to expand...
Click to collapse
cache ---- init.rc ---- sys
data ---- proc ---- system
default.prop ---- res ---- tmp
dev ---- root --- ueventd.goldfish.rc
etc --- sbin --- ueventd.rc
fstab.ventana --- sdcard--- ueventd.ventana.rc
init --- staging---

chchas said:
cache ---- init.rc ---- sys
data ---- proc ---- system
default.prop ---- res ---- tmp
dev ---- root --- ueventd.goldfish.rc
etc --- sbin --- ueventd.rc
fstab.ventana --- sdcard--- ueventd.ventana.rc
init --- staging---
Click to expand...
Click to collapse
OK, do you have busybox installed?
Can you post files: (-> adb pull... or you can insert external SDCARD and copy the files on it)
- /etc/fstab? -> here is written which partition is mounted as sdcard, system, data...
- /proc/partitions -> here are listed all the partitions that you have on the tablet.
Sincerely,
Žiga

ZigaG said:
OK, do you have busybox installed?
Can you post files: (-> adb pull... or you can insert external SDCARD and copy the files there)
- /etc/fstab? -> here is writted which partition is mounted as sdcard, system, data...
- /proc/partitions -> here are listed all the partitions that you have on tablet
Sincerely,
Žiga
Click to expand...
Click to collapse
I do not have busy box. and cannot install any new apps on tablet as far as I know... unless downloading on my computer will send it to my tablet? still wouldn't be able to open anything.
I'm a little confused about
Can you post files: (-> adb pull... or you can insert external SDCARD and copy the files there)
-/etc/fstab -> here is writted which partition is mounted as sdcard, system, data...
- /proc/partitions -> here are listed all the partitions that you have on tablet
should i write in cmd adb pull /etc/fstab/ ?
Sorry I feel like i need someone to hold my hand while i do this. I am so frustrated with the millions of different ways I've tried but it seems I have a very unique problem that doesn't have many helps vids/threads out there.

chchas said:
I do not have busy box. and cannot install any new apps on tablet as far as I know... unless downloading on my computer will send it to my tablet? still wouldn't be able to open anything.
I'm a little confused about
Can you post files: (-> adb pull... or you can insert external SDCARD and copy the files there)
-/etc/fstab -> here is writted which partition is mounted as sdcard, system, data...
- /proc/partitions -> here are listed all the partitions that you have on tablet
should i write in cmd adb pull /etc/fstab/ ?
Sorry
Click to expand...
Click to collapse
You can try, but without / at the end of fstab since fstab is not directory but file.
Code:
PULL usage: adb pull "file on tablet" "copy to remote machine"
adb pull /etc/fstab backup/fstab
adb pull /proc/partitions backup/partitions
If this doesn't work, you can insert micro SD in tablet and use adb shell to write linux commands.
Sincerely,
Žiga

ZigaG said:
You can try, but without / at the end of fstab since fstab is not directory but file.
Code:
PULL usage: adb pull "file on tablet" "copy to remote machine"
adb pull /etc/fstab backup/fstab
adb pull /proc/partitions backup/partitions
If this doesn't work, you can insert micro SD in tablet and use adb shell to write linux commands.
Sincerely,
Žiga
Click to expand...
Click to collapse
fstab gave me
17 kb/s <108 bytes in 0.006s>
proc/partitions
60 kb/s <374 bytes in 0.006s>
not sure where i'll need to go to figure out which linux commands would need to be done...

chchas said:
fstab gave me
17 kb/s <108 bytes in 0.006s>
proc/partitions
60 kb/s <374 bytes in 0.006s>
not sure where i'll need to go to figure out which linux commands would need to be done...
Click to expand...
Click to collapse
OK, I see. This is only time needed for transfer.
Go to your folder, where you have got adb.exe (you can search with windows). There is created new folder backup, where you can find fstab and partitions. Upload the files or open them with notepad++ or regular notepad and paste the content of files here (it is the best to use #-tag in the editor of the post so the code is easier to read.)
Sincerely,
Žiga

ZigaG said:
OK, I see. This is only time needed for transfer.
Go to your folder, where you have got adb.exe (you can search with windows). There is created new folder backup, where you can find fstab and partitions. Upload the files or open them with notepad++ or regular notepad and paste the content of files here (it is the best to use #-tag in the editor of the post so the code is easier to read.)
Sincerely,
Žiga
Click to expand...
Click to collapse
fstab -
#-tag /dev/block/mmcblk0p2 /cache ext4 rw
/dev/block/mmcblk0p7 /data ext4 rw
/dev/block/mmcblk0p1 /system ext4 rw
partitions
#-tag major minor #blocks name
179 0 15097856 mmcblk0
179 1 524288 mmcblk0p1
179 2 542208 mmcblk0p2
179 3 2048 mmcblk0p3
179 4 542208 mmcblk0p4
179 5 5120 mmcblk0p5
179 6 512 mmcblk0p6
179 7 13457920 mmcblk0p7
179 8 15558144 mmcblk1
179 9 15554048 mmcblk1p1

chchas said:
fstab -
#-tag /dev/block/mmcblk0p2 /cache ext4 rw
/dev/block/mmcblk0p7 /data ext4 rw
/dev/block/mmcblk0p1 /system ext4 rw
partitions
#-tag major minor #blocks name
179 0 15097856 mmcblk0
179 1 524288 mmcblk0p1
179 2 542208 mmcblk0p2
179 3 2048 mmcblk0p3
179 4 542208 mmcblk0p4
179 5 5120 mmcblk0p5
179 6 512 mmcblk0p6
179 7 13457920 mmcblk0p7
179 8 15558144 mmcblk1
179 9 15554048 mmcblk1p1
Click to expand...
Click to collapse
OK thank you, I will analyse and compare the files with mine and from other TF's. But so far, I discovered, that TF's don't have special partition for data as on other Android devices and this probably causes problem.
For posting code, you can use [ CODE ] You write here code [ /CODE ] - write CODE in brackets without spaces. In post editor there is a sign # for indicating code.
You can try mounting /dev/block/mmcblk0p7 to a folder:
Code:
adb shell
mkdir NEW
mount /dev/block/mmcblk0p7 NEW
It probably won't work and this will indicate, that we are issuing the same problem.
Sincerely,
Žiga

ZigaG said:
OK thank you, I will analyse and compare the files with mine and from other TF's. But so far, I discovered, that TF's don't have special partition for data as on other Android devices and this probably causes problem.
For posting code, you can use [ CODE ] You write here code [ /CODE ] - write CODE in brackets without spaces. In post editor there is a sign # for indicating code.
You can try mounting /dev/block/mmcblk0p7 to a folder:
Code:
adb shell
mkdir NEW
mount /dev/block/mmcblk0p7 NEW
It probably won't work and this will indicate, that we are issuing the same problem.
Sincerely,
Žiga
Click to expand...
Click to collapse
Code:
adb shell mount/dev/block/mmcblk0p7
/sbin/sh: adb not found

chchas said:
Code:
adb shell mount/dev/block/mmcblk0p7
/sbin/sh: adb not found
Click to expand...
Click to collapse
Use commands as I wrote them:
This will connect to your tablet and access tablet's terminal commands
Code:
adb shell
You need to create new folder to which you will mount partition
Code:
mkdir /NEW
Now you only need to mount the partition
Code:
mount /dev/block/mmcblk0p7 /NEW
Did you have external sdcard attached, when you uploaded file partitions?

ZigaG said:
Use commands as I wrote them:
This will connect to your tablet and access tablet's terminal commands
Code:
adb shell
You need to create new folder to which you will mount partition
Code:
mkdir /NEW
Now you only need to mount the partition
Code:
mount /dev/block/mmcblk0p7 /NEW
Did you have external sdcard attached, when you uploaded file partitions?
Click to expand...
Click to collapse
I don't remember partitioning the SD card. I did not have an SD card when I rooted.
I followed the code lines and it only came back as ~ #

chchas try this http://forum.xda-developers.com/showthread.php?t=2244728.
If you have any questions feel free to ask.
Have a nice day,
Žiga

Create Odin flashable rom on Tab 2

I'm working on customizing my rooted tab 2 and then exporting to an Odin flashable ROM (following instructions from (http://forums.androidcentral.com/dr...create-custom-odin-images-backup-restore.html)
The reason for this, rather than using CWM to more easily make a backup, is that I need to flash my customizations onto a BUNCH of tablets, and don't want to go through the process of unlocking the bootloader and installing CWM for each of them.
What I'm wondering is this:
Which partitions should I be copying to build an Odin flashable rom. The instructions I linked say that I need zImage, factoryfs.rfs and recovery.bin - which I'm hoping is the case.
I'm not sure which partitions correspond to the necessary files for creating the flashable ROM. Any ideas?
Here are my partitions by name:
1|[email protected]:/ # ls -al /dev/block/platform/msm_sdcc.1/by-name
lrwxrwxrwx root root 1970-11-16 22:48 aboot -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 1970-11-16 22:48 backup -> /dev/block/mmcblk0p20
lrwxrwxrwx root root 1970-11-16 22:48 boot -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 1970-11-16 22:48 cache -> /dev/block/mmcblk0p17
lrwxrwxrwx root root 1970-11-16 22:48 efs -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 1970-11-16 22:48 fota -> /dev/block/mmcblk0p19
lrwxrwxrwx root root 1970-11-16 22:48 fsg -> /dev/block/mmcblk0p21
lrwxrwxrwx root root 1970-11-16 22:48 grow -> /dev/block/mmcblk0p23
lrwxrwxrwx root root 1970-11-16 22:48 modem -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 1970-11-16 22:48 modemst1 -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 1970-11-16 22:48 modemst2 -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 1970-11-16 22:48 pad -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 1970-11-16 22:48 param -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 1970-11-16 22:48 persist -> /dev/block/mmcblk0p16
lrwxrwxrwx root root 1970-11-16 22:48 recovery -> /dev/block/mmcblk0p18
lrwxrwxrwx root root 1970-11-16 22:48 rpm -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 1970-11-16 22:48 sbl1 -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 1970-11-16 22:48 sbl2 -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 1970-11-16 22:48 sbl3 -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 1970-11-16 22:48 ssd -> /dev/block/mmcblk0p22
lrwxrwxrwx root root 1970-11-16 22:48 system -> /dev/block/mmcblk0p14
lrwxrwxrwx root root 1970-11-16 22:48 tz -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 1970-11-16 22:48 userdata -> /dev/block/mmcblk0p15
Thanks again for the great thread!

I'm not sure what you're following.
But in my limited experience all you will ever need is a system.img, boot.img and a cache.img to tell the recovery to wipe the data. And a recovery.img is optional. The zImage is the kernel and it is in the boot.img.
Also wrong section.

... and crossposting http://forum.xda-developers.com/showpost.php?p=48143832&postcount=177

Luigi2012SM64DS said:
I'm not sure what you're following.
But in my limited experience all you will ever need is a system.img, boot.img and a cache.img to tell the recovery to wipe the data. And a recovery.img is optional. The zImage is the kernel and it is in the boot.img.
Also wrong section.
Click to expand...
Click to collapse
Cool, thanks for the help. Which section would be better to post this in?
so I pull
boot (/dev/block/mmcblk0p7) to zImage
and
system (/dev/block/mmcblk0p14) to factoryfs.rfs
The instructions I linked to say that cache is optional if I don't want to pull personal data, so I might omit that.
If I don't pull the recovery.img, how does that impact the next tablet I install this on? Does it mean a factory wipe would reset it to its previous image, or is that unrelated.
Thanks again for the help - sorry for the cross-post, I'm pretty new to this entire thing.

Android-Andi said:
... and crossposting http://forum.xda-developers.com/showpost.php?p=48143832&postcount=177
Click to expand...
Click to collapse
Should I delete that one? I figured it was relevant to that thread / people who were interested in rooting that tab, but I guess not posting twice supersedes that. Thanks.

evrkusd said:
Cool, thanks for the help. Which section would be better to post this in?
so I pull
boot (/dev/block/mmcblk0p7) to zImage
and
system (/dev/block/mmcblk0p14) to factoryfs.rfs
The instructions I linked to say that cache is optional if I don't want to pull personal data, so I might omit that.
If I don't pull the recovery.img, how does that impact the next tablet I install this on? Does it mean a factory wipe would reset it to its previous image, or is that unrelated.
Thanks again for the help - sorry for the cross-post, I'm pretty new to this entire thing.
Click to expand...
Click to collapse
The thread has already moved from development to Q and A.
And no, i'm still not understanding. you should pull /system and make it into a system.img
And for the boot.img, I am not really sure how you can pull that from that tab. But I think you can just get a stock kernel boot.img from any ol' stock rom.

Luigi2012SM64DS said:
The thread has already moved from development to Q and A.
And no, i'm still not understanding. you should pull /system and make it into a system.img
And for the boot.img, I am not really sure how you can pull that from that tab. But I think you can just get a stock kernel boot.img from any ol' stock rom.
Click to expand...
Click to collapse
Hm ok. I guess other threads are pointing me to think that I need more than just a system.img.
See here:
http://forum.xda-developers.com/showthread.php?t=960946
or the original link I posted.
If all I need is system (/dev/block/mmcblk0p14) dumped to system.img, that would be easier, but I'm not sure that's all I need. If so, I guess I could pull system.img and tar it and try it out..
Thanks for the advice

evrkusd said:
Hm ok. I guess other threads are pointing me to think that I need more than just a system.img.
See here:
http://forum.xda-developers.com/showthread.php?t=960946
or the original link I posted.
If all I need is system (/dev/block/mmcblk0p14) dumped to system.img, that would be easier, but I'm not sure that's all I need. If so, I guess I could pull system.img and tar it and try it out..
Thanks for the advice
Click to expand...
Click to collapse
That guide is not for tab 2.
You only need a modem.bin if you have the P3100 the gsm tab and not the wifi only.
The zImage is the same as boot.img
The cache is only needed as, again, you need to make it so the data will be wiped to avoid bootloops if coming from custom roms.
And the system is the rom so you will obviously need that.

Luigi2012SM64DS said:
That guide is not for tab 2.
You only need a modem.bin if you have the P3100 the gsm tab and not the wifi only.
The zImage is the same as boot.img
The cache is only needed as, again, you need to make it so the data will be wiped to avoid bootloops if coming from custom roms.
And the system is the rom so you will obviously need that.
Click to expand...
Click to collapse
Ok, thanks. The tab 2 I'm using is the Verizon SCH-I705, btw, so should I include modem.img? It seems like I could just leave the existing modem partition on the device, since I don't want to make any changes there.
Here's my current setup
/boot send to boot.img
dd if=/dev/block/mmcblk0p7 of=/sdcard/boot.img bs=4096
/system send to system.img
dd if=/dev/block/mmcblk0p14 of=/sdcard/system.img bs=4096
/recovery send to recovery.img
dd if=/dev/block/mmcblk0p18 of=/sdcard/recovery.img bs=4096
/cache send to cache.img
dd if=/dev/block/mmcblk0p17 of=/sdcard/cache.img bs=4096
Then I'll roll all 4 of them into a tar package with:
tar -H ustar -c system.img cache.img boot.img recovery.img > package.tar
md5sum -t package.tar >> package.tar
mv package.tar package.tar.md5
and flash via Odin
Does it sound like that will work?
Thanks again for the help

evrkusd said:
Ok, thanks. The tab 2 I'm using is the Verizon SCH-I705, btw, so should I include modem.img? It seems like I could just leave the existing modem partition on the device, since I don't want to make any changes there.
Here's my current setup
/boot send to boot.img
dd if=/dev/block/mmcblk0p7 of=/sdcard/boot.img bs=4096
/system send to system.img
dd if=/dev/block/mmcblk0p14 of=/sdcard/system.img bs=4096
/recovery send to recovery.img
dd if=/dev/block/mmcblk0p18 of=/sdcard/recovery.img bs=4096
/cache send to cache.img
dd if=/dev/block/mmcblk0p17 of=/sdcard/cache.img bs=4096
Then I'll roll all 4 of them into a tar package with:
tar -H ustar -c system.img cache.img boot.img recovery.img > package.tar
md5sum -t package.tar >> package.tar
mv package.tar package.tar.md5
and flash via Odin
Does it sound like that will work?
Thanks again for the help
Click to expand...
Click to collapse
Oh the verizon tab.
Yes you should have the modem.
Don't take the cache from the /cache partition you should make a cache.img from scratch.

Luigi2012SM64DS said:
Oh the verizon tab.
Yes you should have the modem.
Don't take the cache from the /cache partition you should make a cache.img from scratch.
Click to expand...
Click to collapse
Ok, thanks. Am I right in thinking that if the tab already has a working modem (since verizon is working on it), do I need to flash modem.img if I haven't made any changes on the new version?
Also, not sure how to make a cache.img from scratch. I've searched for similar terms on xda and haven't come up with anything.
Thanks again.

[Q] Allwinner A20 - Stuck in recovery reboot loop

I bought an Android head unit (from a Chinese seller) for my car which I've been trying to port TWRP recovery to. I got no source code whatsoever with the board, so all the reverse engineering that I've done so far is just my own black box (rather grey I guess) experimenting.
The board luckily runs an engineering build of AOSP 4.4.2, so I've locally set up trees to build AOSP as well as OmniROM and have been building binaries from the tree and side-loading using adb to test things out.
Also I have a full firmware flash setup on my SD card, so if I break anything, I can easily go back to where I was before by just booting with the SD card, and this has been a God-send.
Before trying the full TWRP, I wanted to try to play with the stock recovery first to ensure I can reboot between the main image and recovery easily, which is where I seem to have stumbled upon an issue.
Now to the actual issue I'm facing:
If I issue an 'adb reboot recovery' command, libcutils.so seems to write "boot-recovery" string into the /misc partition which seems to trick the bootloader to boot into recovery. The stock recovery that came with the board just reboots immediately after few seconds and goes back into booting Android again.
I hacked the recovery rootfs not to start the recovery service, which seems to stop the reboot, but now my board is stuck in a recovery-boot-loop. In other words, if I issue a reboot command from the adb within recovery, the board reboots but again into recovery.
I've also tried using dd to wipe out the "misc" partition and reboot, but somehow the boot loader boots the board back into the same recovery, and I see the "boot-recovery" string in the /misc partition again. How did this string get back here ?
I've tried to understand the Allwinner boot process and this seems to be the sequence:
BROM -> boot0 -> boot1 -> boot.axf -> uboot -> Android Kernel
I've looked at the contents of my nanda partition which has the bootloader on a vfat partition, and I found only few files in there, which I'm not sure but did not look like they stored any information on which partition to boot.
I also looked at the env partition (nandb), this seems to be just a list of environment variables for u-boot. Although it contains the commands for booting the main image and the recovery, I did not find any setting which controlled which boot command is to be executed at any given point.
So, any one have any clue whatsoever on how boot.axf decides whether to boot the main image or recovery ?
Thanks!
UPDATE:
Here is the partition table info:
~ # ls -l /dev/block/by-name/
lrwxrwxrwx root root 2000-01-01 00:00 UDISK -> /dev/block/nandi
lrwxrwxrwx root root 2000-01-01 00:00 boot -> /dev/block/nandc
lrwxrwxrwx root root 2000-01-01 00:00 bootloader -> /dev/block/nanda
lrwxrwxrwx root root 2000-01-01 00:00 cache -> /dev/block/nandg
lrwxrwxrwx root root 2000-01-01 00:00 env -> /dev/block/nandb
lrwxrwxrwx root root 2000-01-01 00:00 misc -> /dev/block/nande
lrwxrwxrwx root root 2000-01-01 00:00 persist -> /dev/block/nandh
lrwxrwxrwx root root 2000-01-01 00:00 recovery -> /dev/block/nandf
lrwxrwxrwx root root 2000-01-01 00:00 system -> /dev/block/nandd

I guess the A20 is not famous enough yet.. not even one response
looking for a head unit for my highlander and saw a unit that comes with A20
they say it is faster that the A9 s in the market I am not sure about that as its dual core 1ghz and I have seen many dual core A9 1.6ghz
is there anythread on the A20?
any luck with your setting?

[ROOT] [REF] LG K7 install SuperSU without Kingroot (lgms330 and lgk330)

***It worked for me, but I make no guarantee of invariable results. I therefore, claim no responsibility and offer no warranty. If it does brick your phone, please pm me with the subject "SuperSU without Kingroot" so we can figure out where we went wrong.***
MetroPCS (lgms330) and the T-Mobile (lgk330) models.​
The TWRP method: It's easier than the old method in post 3 which did mess up a couple of peoples phones for some reason. The method in post 3 is still relevant for those who don't want to use TWRP for whatever reason.
You will need:
computer, usb cord, and *adb/fastboot installed
*A note to those who don't know what adb or fastboot is:
There are plenty of tutorials out there explaining how to install and use adb and fastboot.
If you are unfamiliar with these tools you may want to check out this forum.
Part 1: enable developer mode / unlock boot loader
Developer options
On your phone, open settings do the following
Enable Developer mode
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Enable oem unlock (LG was nice enough to enable us to unlock our bootloader from the "developer options")
Enable adb debug
Plug your phone into your computer and run
Code:
adb devices
you will be prompted to Allow USB debugging?
​
Part 2: installing the Team Win Recovery Project.
I can confirm that the following technique works for the T-Mobile k330 too.
Abridged quoted instructions from this thread / partial copy from post #42 Senior Member: starkly_raving
Prerequisites:
1. unlocked bootloader
2. knowledge of fastboot commands.
First, connect your phone to the computer and run
Code:
adb reboot bootloader
Next, if you want to test but not replace your recovery
Code:
fastboot boot Twrp_m1_v2.img
Instead, if you want to replace your recovery partition with TWRP
Code:
fastboot flash recovery twrp-image-3.img
DOWNLOADS:
New forum has a version of TWRP with a button combination to boot into recovery.
Beta1:
twrp-image-3.img I hope you don't mind me mirroring [MENTION=805681]reemobeens19
Part 3: Installing SuperSu, Xposed framework, and Xposed installer
At the time of this writing these are the latest versions:
Xposed framework: sdk22/arm/xposed-v86-sdk22-arm.zip
Xposed installer: XposedInstaller_3.0-alpha4.apk
SuperSU: Version 2.76
Xposed uninstaller <- You need to flash this in order to completely uninstall the Xposed framework if you don't want it anymore or you want to upgrade with a newer version.
On our phone booting into TWRP can be done with the physical button combinations. If you don't feel like doing finger gymnastics you can use
Code:
adb reboot recovery
Tap install, choose the zip file(s) you downloaded, and the rest is fairly self explanatory.
If I made any errors or omissions feel free to mention it. I really hope this helps.

Xposed Follow up
Now that you have the Xposed Framework installed, you need to install the "Xposed installer" app in order to use it.
You need to go into settings -> security -> and check the box that says "Unknown sources"
If you have downloaded the XposedInstaller_3.0_alpha4.apk onto you phone, then you can use the "File Manager" app already installed on the phone; navigate to the XposedInstaller_3.0_alpha4.apk (probably in your "Download" folder); and tap on it. It will ask if you want to install it so tap install.
Xposed installer needs root access so grant it when prompted. The first time I ran the actual app it threw an error message. Either restart your phone or restart the app (I cannot remember which I did) then it should work.

OBSOLETE
Here are the old instructions for postarity. It worked for quite a few people
***I have followed this exact procedure with a 100% success rate in linux; however, I make no guarantee invariable results. I therefore, claim no responsibility and offer no warranty. If it does brick your phone, please pm me with the subject "SuperSU without Kingroot" so we can figure out where we went wrong.***​
These custom system images come with SuperSu and the appropriate Xposed framework (sdk22/arm/xposed-v86-sdk22-arm.zip) baked right in.
So many people have bricked their LG K7's trying to replace kingroot with the superb SuperSu by chainfire. I have seen many that have bricked their phones trying to flash the latest Xposed framework as well. This method will hopefully be easy enough to deter people relying on kingroot all together. (Feel free to leave feedback in the comments if there is a step that need further elaboration or isn't working)
This tutorial will work for both the MetroPCS (lgms330) and the T-Mobile (lgk330) models.​***This will wipe your device***
​You will need:
computer, usb cord, *adb/fastboot installed, the appropriate system image, and serious patience.
MetroPCS Download:
ms330_root_system.img
T-Mobile Download:
k330_root_system.img
*A note to those who don't know what adb or fastboot is:
There are plenty of tutorials out there explaining how to install and use adb and fastboot.
If you are unfamiliar with these tools you may want to check out this forum.
Developer options
On your phone, open settings do the following
Enable Developer mode
Enable oem unlock (LG was nice enough to enable us to unlock our bootloader from the "developer options")
Enable adb debug
Plug your phone into your computer and run
Code:
adb devices
you will be prompted to Allow USB debugging?
​
Someone who is proficient in Windows please verify that fastboot "sees" the device. I was having trouble getting my Windows 7 64bit machine to recognize it. It worked every time in linux though. Thanks.
ADB/Fastboot commnads
On the computer (in windows you may have to replace adb with adb.exe and fastboot with fastboot.exe)
Code:
adb reboot bootloader
Code:
fastboot oem unlock
Don’t worry about the message it returns:
Code:
FAILED (remote: Already unlocked)
or
Code:
OKAY [ 0.040s]
Let's be OCD and make certain the bootloader is unlock.
Code:
fastboot getvar unlocked
The result should be
Code:
unlocked: yes
finished. total time: 0.001s
Get ready to wait a loooooong time. Flash the correct system image for your device carrier.
DON’T PANIC!!! When you run the fastboot command to flash the system image, it will return something like “Invalid sparse file format at header magi” and hangs for what seems like an eternity. This is normal. The next message it returns is “erasing 'system'...” and then you wait another eternity for the system to be overwritten. Mine took over 6 minutes to complete.
MetroPCS
Code:
fastboot flash system ms330_root_system.img
T-Mobile
Code:
fastboot flash system k330_root_system.img
​
Wait forever for it to get to the “Android is starting…” screen by running
Code:
fastboot reboot
I have no problem with kingroot as a concept. I just want to help people avoid bricking their phones.

It says cannot load 'ms330_root_system.img'
When I did the fastboot getvar unlocked it showed, "unlocked: yes; finished total time 0.000"

IEatFood said:
It says cannot load 'ms330_root_system.img'
When I did the fastboot getvar unlocked it showed, "unlocked: yes; finished total time 0.000"
Click to expand...
Click to collapse
I assume you are on the step where you issue the fastboot command to flash the system image. I'm guessing you don't have the system image in the same directory as you are executing the fastboot command. i.e. If you downloaded the 'ms330_root_system.img' into your Downloads folder you need to change into that directory in the command prompt
Windows cmd
Code:
C:\Windows\system32>
C:\Windows\system32> cd C:\Users\IEatFood\Downloads
C:\Users\IEatFood\Downloads> fastboot flash system ms330_root_system.img
Alternitavly, you could copy/paste the 'ms330_root_system.img' into the same directory as the fastboot.exe
Linux terminal
Code:
~/ $
~/ $ cd Downloads/
~/Downloads $ fastboot flash system ms330_root_system.img

ledzepman71 said:
I assume you are on the step where you issue the fastboot command to flash the system image. I'm guessing you don't have the system image in the same directory as you are executing the fastboot command. i.e. If you downloaded the 'ms330_root_system.img' into your Downloads folder you need to change into that directory in the command prompt
Windows cmd
Code:
C:\Windows\system32>
C:\Windows\system32> cd C:\Users\IEatFood\Downloads
C:\Users\IEatFood\Downloads> fastboot flash system ms330_root_system.img
Alternitavly, you could copy/paste the 'ms330_root_system.img' into the same directory as the fastboot.exe
Linux terminal
Code:
~/ $
~/ $ cd Downloads/
~/Downloads $ fastboot flash system ms330_root_system.img
Click to expand...
Click to collapse
Alright, 'I got the invalid sparse file format at header magi'
finished. total time: 0.002s
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot flash system ms330_root
_system.img
target reported max download size of 268435456 bytes
Invalid sparse file format at header magi
erasing 'system'...
OKAY [ 0.034s]
sending sparse 'system' 1/9 (257070 KB)...
OKAY [ 8.874s]
writing 'system' 1/9...
FAILED (remote: size too large)
finished. total time: 8.915s

Now it bricked my phone.
It keeps loading Bootloader STATE: Bootloader Unlock!!

IEatFood said:
Now it bricked my phone.
It keeps loading Bootloader STATE: Bootloader Unlock!!
Click to expand...
Click to collapse
My phone is doing the exact same thing after following the tutorial

CompFreak89 said:
My phone is doing the exact same thing after following the tutorial
Click to expand...
Click to collapse
Did it run successfully? If so sometimes you have to do the factory restet. Power off. Hold Vol down and power button. When the screen comes on keep holding down the vol down button let go of the power button and then push the power button again.
If it didn't run successfully please pm be with all the details including your phone model and all the output from the command line. Don't worry we'll get you squared away.

I updated the op to use an easier more standard way with TWRP.

tried it!
can't get past the step where you fastboot it, it get's stuck on the LG logo with small letters at the top
any ideas why?
I am on K330 by the way

To everyone. Please do research before flashing anything. Somebody had an lg Stylo tot. Trying to pass it off as a MS330! Wrong. Please research.
https://www.facebook.com/Czarsuperstar/

azureee said:
can't get past the step where you fastboot it, it get's stuck on the LG logo with small letters at the top
any ideas why?
I am on K330 by the way
Click to expand...
Click to collapse
If your problem hasn't been resolved, can you please describe in further detail what happened. Were you using the obsolete instructions in post 3? Were you on the step where you reboot into the bootloader? If you're really stuck please feel free to pm me.

[email protected] said:
To everyone. Please do research before flashing anything. Somebody had an lg Stylo tot. Trying to pass it off as a MS330! Wrong. Please research.
https://www.facebook.com/Czarsuperstar/
Click to expand...
Click to collapse
Hello, I appreciate your concern. On the topic of research, I was once told "a week in the lab can save you an hour in the library." I absolutely agree and would also encourage everyone to look deeper before plunging in head first.
If you are doubting the authenticity of my efforts and files allow me to elaborate on my method. As you will see, all the files were pulled directly off my personal phone and are not second hand impostors.
First, I looked up the partition table in adb using
Code:
ls -al /dev/block/platform/*/by-name
which output:
Code:
lrwxrwxrwx root root 1970-01-10 18:59 DDR -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 1970-01-10 18:59 aboot -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 1970-01-10 18:59 abootbak -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 1970-01-10 18:59 boot -> /dev/block/mmcblk0p33
lrwxrwxrwx root root 1970-01-10 18:59 cache -> /dev/block/mmcblk0p38
lrwxrwxrwx root root 1970-01-10 18:59 config -> /dev/block/mmcblk0p21
lrwxrwxrwx root root 1970-01-10 18:59 devinfo -> /dev/block/mmcblk0p20
lrwxrwxrwx root root 1970-01-10 18:59 drm -> /dev/block/mmcblk0p28
lrwxrwxrwx root root 1970-01-10 18:59 eksst -> /dev/block/mmcblk0p19
lrwxrwxrwx root root 1970-01-10 18:59 encrypt -> /dev/block/mmcblk0p18
lrwxrwxrwx root root 1970-01-10 18:59 factory -> /dev/block/mmcblk0p35
lrwxrwxrwx root root 1970-01-10 18:59 fota -> /dev/block/mmcblk0p23
lrwxrwxrwx root root 1970-01-10 18:59 fsc -> /dev/block/mmcblk0p15
lrwxrwxrwx root root 1970-01-10 18:59 fsg -> /dev/block/mmcblk0p14
lrwxrwxrwx root root 1970-01-10 18:59 grow -> /dev/block/mmcblk0p40
lrwxrwxrwx root root 1970-01-10 18:59 keystore -> /dev/block/mmcblk0p17
lrwxrwxrwx root root 1970-01-10 18:59 laf -> /dev/block/mmcblk0p32
lrwxrwxrwx root root 1970-01-10 18:59 misc -> /dev/block/mmcblk0p30
lrwxrwxrwx root root 1970-01-10 18:59 modem -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 1970-01-10 18:59 modemst1 -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 1970-01-10 18:59 modemst2 -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 1970-01-10 18:59 mpt -> /dev/block/mmcblk0p36
lrwxrwxrwx root root 1970-01-10 18:59 persist -> /dev/block/mmcblk0p31
lrwxrwxrwx root root 1970-01-10 18:59 raw_resources -> /dev/block/mmcblk0p26
lrwxrwxrwx root root 1970-01-10 18:59 raw_resourcesbak -> /dev/block/mmcblk0p27
lrwxrwxrwx root root 1970-01-10 18:59 rct -> /dev/block/mmcblk0p24
lrwxrwxrwx root root 1970-01-10 18:59 recovery -> /dev/block/mmcblk0p34
lrwxrwxrwx root root 1970-01-10 18:59 rpm -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 1970-01-10 18:59 rpmbak -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 1970-01-10 18:59 sbl1 -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 1970-01-10 18:59 sbl1bak -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 1970-01-10 18:59 sec -> /dev/block/mmcblk0p16
lrwxrwxrwx root root 1970-01-10 18:59 sns -> /dev/block/mmcblk0p29
lrwxrwxrwx root root 1970-01-10 18:59 spare1 -> /dev/block/mmcblk0p22
lrwxrwxrwx root root 1970-01-10 18:59 spare2 -> /dev/block/mmcblk0p25
lrwxrwxrwx root root 1970-01-10 18:59 ssd -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 1970-01-10 18:59 system -> /dev/block/mmcblk0p37
lrwxrwxrwx root root 1970-01-10 18:59 tz -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 1970-01-10 18:59 tzbak -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 1970-01-10 18:59 userdata -> /dev/block/mmcblk0p39
As you can see, "/dev/block/mmcblk0p37" is the block device for the system partition. From there you simply duplicate the data into a raw image by doing
Code:
dd if=/dev/block/mmcblk0p37 bs=2048 of=/storage/external_SD/system.img
To elaborate on what the command does, the input file is the system block mmcblk0p37 and the output file is created as "system.img" on the external sd card. From the man page, "bs=BYTES read and write up to BYTES bytes at a time." So it just means that the dd operation can read and write up to 2048 bytes at a time.
This process was simply repeated using a stock k330, rooted k330, stock ms330, and rooted ms330. After all the raw images were created I systematically flashed them to my personal phone using the instructions verbatim from my op to ensure that they indeed work.
I hope explaining my process sheds further light on the matter. If you want to investigate further on your own you can mount the raw image in linux. Assuming that the system.img file is in your home directory and you have the directory /mnt/tmp , simply run as root
Code:
mount -o ro ~/system.img /mnt/tmp
and you will then be able to see the contents of the image (build prop, preinstalled apps, and the like) in the /mnt/tmp folder.
If you have any further comments or questions I will happily oblige.
The whole point of my effort was to aid people in rooting there phones while mitigating the risk of bricking. I want to make the process as bullet proof as possible so all feedback is welcome. This includes testimonials from those whom this process worked. I guess the next step would be to post the TWRP backup zips to further automate of the process.

unbrick method
@azureee, I am so happy to hear that you found a solution to your problem. Thank you for sharing that link as well. I am sure it will help many people here. If you need any further explanation on installing xposed I would be happy to help.

Please update this forum to have lg-k7 tag and to have newest twrp with button combo. That way this will be on the LG K7 forum and have best TWRP. Also "fastboot boot" is only way it works, flashing will get overwritten by system. And then when you want to get to recovery it will factory reset phone. You can flash after you root.

Billybobjoe13245 said:
Please update this forum to have lg-k7 tag and to have newest twrp with button combo. That way this will be on the LG K7 forum and have best TWRP. Also "fastboot boot" is only way it works, flashing will get overwritten by system. And then when you want to get to recovery it will factory reset phone. You can flash after you root.
Click to expand...
Click to collapse
Thank you for the heads up about TWRP. I keep trying to add that tag, but it refuses to stick.
Edit: I had to delete the tag that wasn't showing up and readd it.

ledzepman71 said:
I updated the op to use an easier more standard way with TWRP.
Click to expand...
Click to collapse
Hi, thank you for the tutorial.
I do have a noob question: After unlocking the bootloader, flashing twrp and flashing supersu from within twrp will the phone be rooted? No need to install Kingroot or similar?
Thanks!

101...
saphta said:
Hi, thank you for the tutorial.
noob question: After unlocking the bootloader, flashing twrp and flashing supersu from within twrp will the phone be rooted?
Click to expand...
Click to collapse
Just go to the Play Store and download a "Root Checker" to get your answer...
Time To Learn How To Run With The *Big Dogs* if you are going to Root..

RaiderWill said:
Just go to the Play Store and download a "Root Checker" to get your answer...
Time To Learn How To Run With The *Big Dogs* if you are going to Root..
Click to expand...
Click to collapse
Thanks! I'll do that!

[Guide] [XT16XX] [Solve] Moto G4/Plus IMEI=0 issue

Important:
Now since Official Oreo is out, you can simply update to Official Oreo via fastboot and your IMEI will be restored.
This method will not work if you have restored other device's persist from some Youtube video or some Internet guide.
Read post #3 if you have restored some other persist and do not have a backup of your original persist.
For those who can't read this much, here is a better guide for you:
Hello everyone, this is a guide for solving the problem for IMEI = 0 on Moto G4/Plus which is caused after flashing stock ROM.
I got this problem last week and was constantly researching for the solution to this problem for the past 5 days and finally, I was able to get my IMEI back on my Moto G4 Plus (XT1643).
Note: I will be using stock firmware and stock ROM interchangeably in this thread as a lot of people consider it the same so don't get confused since I am by no means referring to the /firmware partition.
There are two common and major problems which occur while flashing custom/stock ROMs:
1. IMEI = Unknown and Baseband = Unknown
2. IMEI = 0
1st Problem:
Reason: You flashed the firmware/stock ROM which wasn't meant for your device.
Solution: Flash the firmware which is made for your device like XT1621 or XT1643, etc.
2nd Problem:
This is a major problem and there are two reasons for this:
1. Mess up your persist partition.
2. fastboot erase all command.
If your problem is caused by the first reason, it might be possible to fix it.
However, if the problem is caused by the second reason, I'm sorry I don't know if a solution to this problem exists.
Firstly you need to check if your device still has IMEI intact or not. For that use the following command through fastboot in the bootloader mode:
Code:
fastboot getvar imei
If the command returns an IMEI, it means that the IMEI is not completely lost and it can be recovered.
However, if the command returns IMEI as 0, then there are two reasons:
1. Either you flashed the bootloader that wasn't meant for your device. This can be solved by flashing the correct bootloader which is made for your device again by the command:
Code:
fastboot flash bootloader bootloader.img
2. If you have flashed the correct bootloader that is meant for your device and facing this issue, I'm sorry I don't think there is a solution to this problem. This problem is either caused by fastboot erase all command (which erases everything like IMEI from the device's motherboard or the place where IMEI is permanently stored) or some hardware issue.
Here is a little explanation:
Device specific or device unique IDs are stored in a separate place in the device like the motherboard or some other place which I am unaware of.
When EFS partition is created, it picks up the IMEI from that unique place in the device like the motherboard (or some other place which I am unaware of) where the IMEI is stored.
On every reboot, EFS partition is checked and if it does not exists, the Android system by default creates it.
When we flash stock ROM, we use the following commands:
Code:
fastboot erase modemst1
fastboot erase modemst2
These commands wipe the EFS partition and on rebooting, EFS partition is recreated.
But, in some cases, the EFS partition is not able to regenerate IMEI or the Android system is unable to recreate it and so we are left with IMEI = 0.
Here is a detailed explanation regarding this issue:
NZedPred said:
4) Explanation
4a) What happened to persist.
To understand what happened, you need to know a few things about filesystem permissions in Linux. Files and folders have user and group ownership, and permissions. Examples of owners are the system, root, user, etc. Examples of permissions are read access, write access, execute access. The permissions are applied at three levels 1) the user, 2) the group, 3) everyone else.
@rachitrawat's investigation into the failures showed that the issue was relating to the persist partition, specifically some files dhob.bin etc that are under the rfs sub folder in this partition. Under stock, these files/folders are owned by a user called rfs, and have group ownership under a group also called rfs. Additionally, the permissions on these files/folders are limited - only the rfs user can read/write/execute these files. Other users, groups, or everyone else, cannot access the files.
There was a change in the Oreo roms. If you flash and boot into an Oreo rom, and you look at the permissions/ownership, you will see that a user and group oem_2951 owns the rfs folder, and a group oem_2952 owns the hlos_rfs folder. Now this is a different name, but on its own, a different name does not mean different ownership.
In Linux, all users and groups are assigned an ID, i.e. a number. So something happened in lineage that changed the user IDs that are applied to the rfs folder.
If you look at the ownership of persist files/folders within TWRP, you will see that a STOCK PERSIST has the owner of the rfs folder as rfs_old. Similarly in TWRP, a LINEAGE PERSIST has the owner of the rfs folder as rfs. So TWRP is seeing owners differently again to stock and Lineage. Trying to run the above commands in TWRP will not fix the issue, as it will use ID 2951 for the user rfs, but we need it to be 3012 in stock (which TWRP sees as rfs_old).
In addition to the rfs folder, there is also another folder that is impacted - hlos_rfs. Its user owner is rfs, but its group owner if rfs_shared. A stock rfs_shared is shown as rfs_shared_o in TWRP. It appears that this folder is not as important in getting the IMEI back, but I have included the commands to restore ownership, to ensure there are no future errors.
4b) What happened to IMEI.
Despite the issue above, many people who flashed Oreo roms would have had no problems (other than I guess, bugs in the roms themselves). The change of ownership of the rfs folder didn't change the actual file content, so essentially all is intact. In fact, I verified that my dhob.bin and other files had the same md5sum in stock and lineage persist.
The issue of the IMEI changing to zero has only happened when people have flashed Stock roms. All of the guides that I have seen, have included the following commands (and equivalent commands have been included in the TWRP flashable stock builds as well):
Code:
fastboot erase modemst1
fastboot erase modemst2
The partitions modemst1 and modemst2 are your EFS. Normally, if your persist is pure stock, if either is erased, the modem re-creates them. But, referring to the above about permissions, if the rfs user (which is presumably used by the modem) cannot access the files (because the owner of the files is someone else, and the permissions on the files mean that only the owner can access them), then the modem cannot recreate the EFS, and the IMEI is left as zero.
Click to expand...
Click to collapse
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​
Solution:
I have made a youtube video for this which just shows how to fix the issue and does not goes into explanation of the problem as well as the solution. Here is the link: Moto G4/G4 Plus IMEI=0 fix
Pre-requisites:
You must be on Stock Nougat 7.0
You must be rooted (install Elemental-X kernel first and then flash Magisk otherwise you will have boot issues)
You must be on your own persist
Terminal app or adb drivers in PC/Laptop
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​
Step 1: Check if there is a problem with persist
Note: The below commands are to be typed in a terminal app or adb shell.
Q) How to type in adb shell?
A) Open command prompt in the folder where you have adb and fastboot installed and type:
Code:
adb shell
So lets start now!
Code:
su
This command it to get root access for the terminal/shell. Grant the root access and you will see that the $ symbol is replaced with # symbol which means that root access has been granted.
Code:
ls -l /persist
If your presist has some problem, then you can see the following as the output.
Code:
athene_f:/ # ls -l /persist
total 176
drwxrwx--- 2 system system 4096 2018-10-21 07:40 alarm
drwxr-xr-x 2 mot_pwric mot_pwric 4096 1969-12-31 19:02 batt_health
drwxrwx--- 2 bluetooth bluetooth 4096 2017-01-12 03:35 bluetooth
drwxr-xr-x 2 mot_tcmd bluetooth 4096 1969-12-31 19:02 bt
drwxr-xr-x 4 mot_tcmd mot_tcmd 4096 1969-12-31 19:02 camera
drwxr-xr-x 2 root root 4096 2016-07-31 00:43 coresight
drwx------ 5 system system 4096 2017-01-12 05:21 data
drwxrwx--- 2 system graphics 4096 1969-12-31 19:02 display
drwxrwx--- 2 system system 4096 1969-12-31 19:02 drm
drwxr-xr-x 4 mot_tcmd mot_tcmd 4096 1970-01-01 06:48 factory
[COLOR="red"]drwxrwx--- 3 2951 2952 4096 1969-12-31 19:02 hlos_rfs[/COLOR]
drwx------ 2 root root 4096 1969-12-31 19:00 lost+found
drwxrwx--- 2 radio radio 4096 2016-08-04 20:26 mdm
drwxrwx--- 3 system system 4096 2017-11-09 16:30 misc
drwxrwx--- 2 system system 4096 1970-02-11 17:39 properties
drwxr-xr-x 8 mot_tcmd mot_tcmd 4096 1969-12-31 19:02 public
[COLOR="red"]drwx------ 6 2951 2951 4096 1969-12-31 19:02 rfs[/COLOR]
drwxrws--- 2 mot_tpapi mot_tpapi 4096 2016-11-17 16:38 security
drwxrwxr-x 2 system system 4096 2016-07-31 00:43 sensors
drwxrwx--- 2 system system 4096 2018-09-10 18:13 time
drwxr-xr-x 2 mot_tcmd mot_tcmd 4096 1969-12-31 19:02 wifi
drwxrwxr-x 2 mot_drm mot_drm 4096 1969-12-31 19:02 wmdrm
athene_f:/ #
You can see system instead of these red number if you flash Soak Test before flashing Stock ROM, so no worries, as the process will remain the same.
As it can be seen in the red part, the owner of rfs folder is a number (2951) which means that the system is unable to identify its real owner.
Also the owner of hlos_rfs folder is a number too (2952) which also means that the system is unable to identity its real owner.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​
Step 2: Check for the key persist files
Code:
find /persist -type f
If you run the above command, you will see something similar to this:
Code:
athene_f:/ # find /persist -type f
/persist/coresight/qdss.agent.sh
/persist/coresight/qdss.config.sh
/persist/coresight/qdss.functions.sh
/persist/sensors/sensors_settings
/persist/data/sfs/6lgxCka66cxdsueYeHhCqx+j1DI_
/persist/data/sfs/VsxbuQew8Rbt0TRZjDAX8S9tV+M_
/persist/data/sfs/KfLHQpS5zKuygZcMelQOTtWzBvw_
/persist/data/sfs/R9+zCYj56-AHybZuQCWLm2H46E4_
/persist/data/sfs/NjJIuGH0j7kE08PFwp1yw+BminY_
/persist/data/sfs/7pU6SoXdsBUbDsxRiZOHNIjPVtw_
/persist/data/sfs/yLawqeQeY8AQGJmo46PVJbfYVxY_
/persist/data/tz/tz_counter
/persist/data/tz/tz_counter.bak
/persist/data/app_g/wv_usage
/persist/camera/focus/offset_cal
/persist/camera/ledcal/rear
/persist/factory/audio/temp
/persist/factory/audio/cnt
/persist/factory/audio/acc
/persist/factory/audio/f0
/persist/factory/audio/ref_diff
/persist/factory/fti
/persist/public/hiddenmenu/data/mobile_data_rx
/persist/public/hiddenmenu/data/mobile_data_tx
/persist/public/hiddenmenu/data/wifi_data_rx
/persist/public/hiddenmenu/data/wifi_data_tx
/persist/public/hiddenmenu/data/factoryreset_time
/persist/public/hiddenmenu/data/activation_date
/persist/public/hiddenmenu/life_calls
/persist/public/hiddenmenu/life_timer
/persist/security/18.bin
/persist/mdm/oma_dm_update
/persist/.bt_nv.bin
/persist/rfs/shared/server_info.txt
/persist/rfs/msm/mpss/datablock/id_00
/persist/rfs/msm/mpss/datablock/id_01
/persist/rfs/msm/mpss/server_check.txt
[COLOR="Red"]/persist/rfs/msm/mpss/dhob.bin
/persist/rfs/msm/mpss/shob.bin[/COLOR]
[COLOR="Green"]/persist/rfs/msm/mpss/dhob.bin.bak[/COLOR]
/persist/rfs/msm/adsp/server_check.txt
/persist/bluetooth/.bt_nv.bin
/persist/time/ats_1
/persist/time/ats_2
/persist/time/ats_12
/persist/time/ats_13
/persist/time/ats_15
/persist/time/ats_16
/persist/.twrps
athene_f:/ #
Note: The key files here are dhob.bin, shob.bin, id_00 and id_01.
Your IMEI is stored in id_00 (first IMEI) and id_01 (second IMEI)
dhob.bin and shob.bin are responsible to create the EFS partition.
Note: If you do not have dhob.bin.bak, you will still be able to get your IMEI back (tested and confirmed working on Moto G4 Plus(athene)), however if you have some other device like Moto G5 Plus(potter) or Moto G5s Plus(sanders), you cannot get your IMEI back with this method however trying won't hurt.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​
Step 3: Fix the your persist
For this step, there is also a TWRP flashable zip file which will fix the persist. So for those who do not want to type the commands manually, you can simply flash the zip file (Tested and working).
Downloads:
Link: https://www.androidfilehost.com/?fid=11410963190603873125
md5: 5aac75092fc84f46dd5c6bd443df0748
These commands will restore the owners of rfs and hlos_rfs folder back to their respective original owners (rfs and rfs_shared):
Code:
chown -R rfs:rfs /persist/rfs
chown -R rfs:rfs_shared /persist/hlos_rfs
Alternatively, you can also type:
Code:
chown -R 3012:3012 /persist/rfs
chown -R 3012:3013 /persist/hlos_rfs
You will see no output on typing the first command, however, you may or may not see any output after typing the second command (there was an output shown on my device but not on the other tested devices). I'm sorry I don't have that output stored, if someone who can see it, please repond so the thread can be updated.
3012 is infact the id for rfs folder and 3013 is the id for hlos_rfs folder so instead of typing their names, you can also type their ids.
Now, to check if the owners of rfs and hlos_rfs have been set back to their original ones, type this command:
Code:
ls -l /persist
If everything went fine, you should be able to see the following output:
The below output will be seen on a perfectly fine persist as well
Code:
athene_f:/ # ls -l /persist
total 176
drwxrwx--- 2 system system 4096 2018-10-21 07:40 alarm
drwxr-xr-x 2 mot_pwric mot_pwric 4096 1969-12-31 19:02 batt_health
drwxrwx--- 2 bluetooth bluetooth 4096 2017-01-12 03:35 bluetooth
drwxr-xr-x 2 mot_tcmd bluetooth 4096 1969-12-31 19:02 bt
drwxr-xr-x 4 mot_tcmd mot_tcmd 4096 1969-12-31 19:02 camera
drwxr-xr-x 2 root root 4096 2016-07-31 00:43 coresight
drwx------ 5 system system 4096 2017-01-12 05:21 data
drwxrwx--- 2 system graphics 4096 1969-12-31 19:02 display
drwxrwx--- 2 system system 4096 1969-12-31 19:02 drm
drwxr-xr-x 4 mot_tcmd mot_tcmd 4096 1970-01-01 06:48 factory
[COLOR="red"]drwxrwx--- 3 rfs rfs_shared 4096 1969-12-31 19:02 hlos_rfs[/COLOR]
drwx------ 2 root root 4096 1969-12-31 19:00 lost+found
drwxrwx--- 2 radio radio 4096 2016-08-04 20:26 mdm
drwxrwx--- 3 system system 4096 2017-11-09 16:30 misc
drwxrwx--- 2 system system 4096 1970-02-11 17:39 properties
drwxr-xr-x 8 mot_tcmd mot_tcmd 4096 1969-12-31 19:02 public
[COLOR="red"]drwx------ 6 rfs rfs 4096 1969-12-31 19:02 rfs[/COLOR]
drwxrws--- 2 mot_tpapi mot_tpapi 4096 2016-11-17 16:38 security
drwxrwxr-x 2 system system 4096 2016-07-31 00:43 sensors
drwxrwx--- 2 system system 4096 2018-09-10 18:13 time
drwxr-xr-x 2 mot_tcmd mot_tcmd 4096 1969-12-31 19:02 wifi
drwxrwxr-x 2 mot_drm mot_drm 4096 1969-12-31 19:02 wmdrm
athene_f:/ #
As you can see here that the owner of rfs folder is rfs folder and the owner of hlos_rfs folder is rfs_shared folder, the problem has been resovled.
Reboot your device and the problem should be fixed and you will be able (hopefully) to get your IMEI back by either typing *#06# in phone dialer or in Settings>About Phone>Status>IMEI Information.
On rebooting, the system will check for the EFS folder and since it didn't exist earlier, it will be recreated by the system and therefore you will get your IMEI back.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​
A huge thanx to NZedPred, rachitrawat, for doing in depth research in this problem and coming up with a solultion.
Also, I would like to thank Tyrantre who did a lot of research for this problem and has posted the workaround which was tried here in this thread here: Diag Mode with G4 for QPSD? which finally lead me to NZedPred's below thread as I could understand what was the problem due to which IMEI was set to 0 and why Diag mode wouldn't work.
Note: This thread was made with the help of the following guide which is confirmed to be working on Moto G5 Plus (potter) Fix Persist, resolve IMEI=0, Volte, 4G, Explanation, Requirements.
Note: This guide is made for G4/Plus and I have hardly done anything to fix this problem apart from making this thread, so all credits go to the respective owners who did research in this problem. This guide should work on other Motorola devices too as we aren't focusing on device-specific fixes that will only work on Moto G4 Plus.
Refer post #2 for fixing other issues faced after recovering IMEI.

Some Common Issues:
Here are the issues observed after recovering IMEI:
Sim card detected but no network
Baseband version changed
Volte not working
If you have any one of the above-mentioned problems, there is a specific thread made for those problems. Refer to this thread: [Guide] [XT16XX] [Solve] G4+ Baseband/Network/Volte issue, Lost 1 IMEI & fingerprint
Please discuss any issues related to the above-mentioned problems in the above-provided thread (link).
If you have any other issues apart from the issues mentioned above, discuss them here.
--------------------------------------------------------------------------​
Complete Backup Zip/Script (All partitions):
Now since you have faced this issue, make sure to take a complete backup of all the partitions so that if you ever face an issue like this in future, you will always have your partitions with you to restore your device.
Here is the link to the thread to take complete backup of all partitions: [Guide] [XT16XX] Moto G4/Plus Complete Partition Backup/Restore Zip/Script
The above thread can backup/restore using TWRP flashable zip files for convenience.

There are a few youtube videos and internet guides which tells you to restore somebody else's persist file. That persist file is same in the Youtube video as well as those Internet guide (I have checked them).
Persist is unique to each and every device and using somebody else's persist on your device will never work.
IMEI is stored in /persist/rfs/msm/mpss/datablock directory where there are two files named as id_00 and id_01.
id_00 contains your 1st IMEI and id_01 contains your second IMEI.
The persist (from those guide and youtube videos) lacks id_00 and id_01 and since you restored that persist, you have those files missing as well. Those files are unique to every device anyways so if you try to restore a persist which has those files, it won't work too as your device's IMEI is different altogether.
The only possible fix that comes to my mind is by manually editing the persist file.
On comparing both the files in a hex editor, it is found that both of them are completely same except from memory address/location 00000028 to 000000C7.
This makes me think that IMEI is stored between those memory locations.
Furthermore, the first 14 digits of IMEI are stored from 00000028 to 0000002F in a different manner.
This is how it is stored,
Lets take a sample random IMEI: 3 12 34 56 78 90 12 34
This will be stored as following: 3A 21 43 65 87 09 21 03
Code:
3A [COLOR="Black"]21[/COLOR] [COLOR="DarkRed"]43[/COLOR] [COLOR="Red"]65[/COLOR] [COLOR="Magenta"]87[/COLOR] [COLOR="Sienna"]09[/COLOR] [COLOR="DarkOrange"]21[/COLOR] [COLOR="DarkOliveGreen"]03[/COLOR]
3 [COLOR="black"]12[/COLOR] [COLOR="darkred"]34[/COLOR] [COLOR="red"]56[/COLOR] [COLOR="magenta"]78[/COLOR] [COLOR="sienna"]90[/COLOR] [COLOR="darkorange"]12[/COLOR] [COLOR="darkolivegreen"]34[/COLOR]
The first set of hex numbers is what is stored in id_00 and id_01
The second set of hex numbers is what the actual IMEI is.
As you can clearly notice the difference via colors that the digits are getting flipped. The persist is storing the last digit 4 in some different way.
Why is there a letter A in the start just after 3, I found that it means that the last digit of IMEI stored in persist is 0. And that makes sense to as when you flip the last two digits i.e 03, you indeed get 30 which indicates the last digit is 0.
I don't think I need to mention this, but if you have a dual sim device, the first thirteen digits of IMEI are same and only the last two digits are different.
Now, this makes me conclude that the last digit of actual IMEI is stored in some way in the rest of the id_00 and id_01. And since most of the content in both the files are same, we just have to compare the part which is different as that part has that last digit of the two IMEIs stored.
I can't upload the contents of my IMEI for obvious reasons. If we are able to find the pattern in which the last digit is stored inside those files, then I think we can edit them and it should solve the problem for those people. Of course, editing and putting on somebody else's IMEI in those files wouldn't work either as we have already tried replacing the entire id_00 and id_01 (infact entire working persist) but the IMEI still remains 0.
Perhaps there is someplace (not talking about fastboot imei) where IMEI is stored as well, and while generation of EFS, that place and the persist are checked together and if the IMEIs in both the places match, you get your IMEI and if not, then it knows that IMEI has tampered and hence it doesn't work.
This might be too dangerous as people could edit their IMEI and put on somebody else's IMEI and can create problems, but as I mentioned above, it doesn't work as you will need to have your own IMEI in persist.
Update: Thanx to @NZedPred for correcting me. Even on deleting id_00 and id_01, and then eraseing EFS, we still get our IMEI.
I also tried changing the first digit of dhob.bin file while keeping id_00 and if_01 intact and then erased EFS, but didn't get my IMEI.
So, dhob.bin is the one which is responsible for IMEI creation and I am not able to understand anything inside dhob.bin.
I am sorry, but I was already trying beyond my capabilities earlier by using many internet sources as reference and it was just by chance that I stumbled upon id_00 and id_01. I am going to stop here for now, as this stuff goes beyond my current capabilities. If I ever get to know anything, I will update it here so that if anybody else would like to continue, they could do it.
I am sorry I tag you here, @echo92, @strongst, @NZedPred, @rachitrawat. This is what I was able to find out. I request you to read this post, and please help if you can. Thank You.

If you run the ls -l /persist command on android P ROM (which is causing this IMEI issue), this is the output you get:
Code:
athene:/ # ls -l /persist
total 88
drwxrwx--- 2 system system 4096 1970-01-10 08:37 alarm
drwxr-xr-x 2 vendor_mot_pwric vendor_mot_pwric 4096 1970-01-01 01:01 batt_health
drwxrwx--- 2 bluetooth bluetooth 4096 2018-03-29 00:04 bluetooth
drwxr-xr-x 2 vendor_mot_tcmd bluetooth 4096 1970-01-01 01:01 bt
drwxr-xr-x 4 vendor_mot_tcmd vendor_mot_tcmd 4096 2018-03-29 00:04 camera
drwxr-xr-x 2 root root 4096 2018-03-29 00:04 coresight
drwx------ 5 system system 4096 2018-03-29 00:04 data
drwxrwx--- 2 system graphics 4096 1970-01-01 01:01 display
drwxrwx--- 2 system system 4096 1970-01-01 01:01 drm
drwxr-xr-x 4 vendor_mot_tcmd vendor_mot_tcmd 4096 2018-03-29 00:04 factory
[COLOR="red"]drwxrwx--- 3 vendor_rfs vendor_rfs_shared 4096 2018-03-29 00:04 hlos_rfs[/COLOR]
drwxrwx--- 2 root root 4096 2018-03-29 00:04 lost+found
drwxrwx--- 2 radio radio 4096 2018-03-29 00:04 mdm
drwxrwx--- 3 system system 4096 2018-03-29 00:04 misc
drwxrwx--- 2 system system 4096 1970-05-31 18:25 properties
drwxr-xr-x 8 vendor_mot_tcmd vendor_mot_tcmd 4096 2018-03-29 00:04 public
[COLOR="Red"]drwx------ 6 vendor_rfs vendor_rfs 4096 2018-03-29 00:04 rfs[/COLOR]
drwxrws--- 2 vendor_mot_tpapi vendor_mot_tpapi 4096 2018-03-29 00:04 security
drwxrwxr-x 2 system system 4096 2018-03-29 00:04 sensors
drwxrwx--- 2 system system 4096 2018-03-29 00:04 time
drwxr-xr-x 2 vendor_mot_tcmd vendor_mot_tcmd 4096 1970-01-01 01:01 wifi
drwxrwxr-x 2 vendor_mot_drm vendor_mot_drm 4096 1970-01-01 01:01 wmdrm
Notice how, android Pie is using vendor suffix prefix.
One fix that was thought was to fix the owners in android Pie ROM itself before flashing Stock ROM, but on rebooting, the owners were changed back to vendor_rfs and vendor_rfs_shared.
Also, if you flash an Oreo ROM after flashing Pie ROM (which broke IMEI), this is the output you get:
Code:
athene_f:/ # ls -l /persist
total 176
drwxrwx--- 2 system system 4096 2018-10-21 07:40 alarm
drwxr-xr-x 2 mot_pwric mot_pwric 4096 1969-12-31 19:02 batt_health
drwxrwx--- 2 bluetooth bluetooth 4096 2017-01-12 03:35 bluetooth
drwxr-xr-x 2 mot_tcmd bluetooth 4096 1969-12-31 19:02 bt
drwxr-xr-x 4 mot_tcmd mot_tcmd 4096 1969-12-31 19:02 camera
drwxr-xr-x 2 root root 4096 2016-07-31 00:43 coresight
drwx------ 5 system system 4096 2017-01-12 05:21 data
drwxrwx--- 2 system graphics 4096 1969-12-31 19:02 display
drwxrwx--- 2 system system 4096 1969-12-31 19:02 drm
drwxr-xr-x 4 mot_tcmd mot_tcmd 4096 1970-01-01 06:48 factory
[COLOR="red"]drwxrwx--- 3 root root 4096 2018-03-29 00:04 hlos_rfs[/COLOR]
drwx------ 2 root root 4096 1969-12-31 19:00 lost+found
drwxrwx--- 2 radio radio 4096 2016-08-04 20:26 mdm
drwxrwx--- 3 system system 4096 2017-11-09 16:30 misc
drwxrwx--- 2 system system 4096 1970-02-11 17:39 properties
drwxr-xr-x 8 mot_tcmd mot_tcmd 4096 1969-12-31 19:02 public
[COLOR="red"]drwx------ 6 root root 4096 2018-03-29 00:04 rfs[/COLOR]
drwxrws--- 2 mot_tpapi mot_tpapi 4096 2016-11-17 16:38 security
drwxrwxr-x 2 system system 4096 2016-07-31 00:43 sensors
drwxrwx--- 2 system system 4096 2018-09-10 18:13 time
drwxr-xr-x 2 mot_tcmd mot_tcmd 4096 1969-12-31 19:02 wifi
drwxrwxr-x 2 mot_drm mot_drm 4096 1969-12-31 19:02 wmdrm
athene_f:/ #
Here are some of the points that can throw some light on the topic:
rachitrawat said:
Hey all,
After spending hours on the IMEI 0 problem, here are my findings:
1. IMEI is stored in nv 550 variable in QCN. However, this variable is write protected. This means all IMEI write programs such as QCOM Write IMEI tool will fail.
2. Interestingly, only IMEI 1 is stored in the nv. IMEI 2 is derived by performing some fixed hex arithmetic on IMEI 1.
3. IMEI also seems encrypted since the nv 550 in QCN never has a correct hex notation of IMEI. For example, Only half of the IMEI is correct.
4. Any attempt to restore the QCN backup of someone else will successfully write all nv variables except nv 550. Means you cannot rewrite your factory IMEI.
5. The above is true even if you hexedit the QCN with your own IMEI. NV 550 is write protected.
6. modemst1 and modemst2 are sort of some baseband cache which are created by radio/bootloader using fsg. fsg seems to be some sort of backup partition for modemst.
7. After downgrading and erasing modemst1-2, these modemst are not recreated successfully by the modem. The nv 550 variable goes missing.
8. My guess is that modem has some checksum mechanism wherein if any discrepancy is found, the modemst cache recreation fails. Not sure.
9. Our IMEI is most likely intact somewhere (not talking about fastboot IMEI). Just not interpreted properly.
10. People who restored their efs after IMEI 0 are essentially restoring working cached modemst1-2. However, if fastboot erase modemst is done, it'll likely result in IMEI 0 again because modem cannot recreate modemst correctly.
Click to expand...
Click to collapse

Thanks alot!!!
My friend was having the same problem, it worked for him??
Edit: Volte is still not working in the device...

@Heeth21,
I am facing this issue after moving to stock. Getting IMEI on "fastboot getvar imei", however unable to restore it. I followed all the instructions you had shared. Any help or further instruction in this regard would be helpful.
Thanks in advance.

checksamir said:
@Heeth21,
I am facing this issue after moving to stock. Getting IMEI on "fastboot getvar imei", however unable to restore it. I followed all the instructions you had shared. Any help or further instruction in this regard would be helpful.
Thanks in advance.
Click to expand...
Click to collapse
Can you post the output of this command in terminal?
Code:
su
ls -l /persist
Also of this command too:
Code:
su
find /persist -type f
If would be beneficial if you format it in code or you might just attach the output in a txt file.
Also can you tell me your baseband version. I think as far as I have observed, those who are getting this IMEI=0 issue, their basebands are ending with "u"

Heeth21 said:
Can you post the output of this command in terminal?
Code:
su
ls -l /persist
Also of this command too:
Code:
su
find /persist -type f
If would be beneficial if you format it in code or you might just attach the output in a txt file.
Also can you tell me your baseband version. I think as far as I have observed, those who are getting this IMEI=0 issue, their basebands are ending with "u"
Click to expand...
Click to collapse
@Heeth21,
THanks for the quick response. Please find the attached output files in text and screenshot for baseband..

checksamir said:
@Heeth21,
THanks for the quick response. Please find the attached output files in text and screenshot for baseband..
Click to expand...
Click to collapse
The files seems proper.
Type these commands again and attach the output. A screenshot would help a lot.
Code:
su
chown -R rfs:rfs /persist/rfs
chown -R rfs:rfs_shared /persist/hlos_rfs
ls -l /persist

Heeth21 said:
The files seems proper.
Type these commands again and attach the output. A screenshot would help a lot.
Code:
su
chown -R rfs:rfs /persist/rfs
chown -R rfs:rfs_shared /persist/hlos_rfs
ls -l /persist
Click to expand...
Click to collapse
I had to try it twice: after executing code /persists/rfs, some file or path or folder was missing and it started something which eventually closed before I could take a screenshot. Next time I tried, there was nothing as such. Second screenshot attached for reference.
Really appreciated your quick responses..

Heeth21 said:
The files seems proper.
Type these commands again and attach the output. A screenshot would help a lot.
Click to expand...
Click to collapse
Man! Thanks a ton! It worked like a charm... I'm back to stock with full functional VoLTE.. you're a genius.. I owe you a beer..!:good:

Nao deu certo comigo, me ajuda por favor.
Hello, I'm sorry for bad English, I'm Brazilian. I'm translating through google translator.
I am with the same problem of this post, after flashing the stock rom the imei got 0, I did the procedures of this post but it did not work with me, my imei appears correctly with the command (fastboot gevtar imei)
but in command: (ls -l / persist) does not appear the number 2951 or 2952, but the name rfs, as if everything was okay (but the imei continues 0)
and in the command: (find / persist -type f) the line does not appear (/persist/rfs/msm/mpss/dhob.bin.bak)
I finally executed the commands (chown -R rfs: rfs / persist / rfs and
chown -R rfs: rfs_shared / persist / hlos_rfs) and restarted the cell phone but the imei continued 0
the version of the base band is m8952_70030.25.03.62.02a
Is there any procedure I can try? I'll be very grateful.
---------- Post added at 01:53 AM ---------- Previous post was at 01:47 AM ----------
Hello, I'm sorry for bad English, I'm Brazilian. I'm translating through google translator.
I am with the same problem of this post, after flashing the stock rom the imei got 0, I did the procedures of this post but it did not work with me, my imei appears correctly with the command (fastboot gevtar imei)
but in command: (ls -l / persist) does not appear the number 2951 or 2952, but the name rfs, as if everything was okay (but the imei continues 0)
and in the command: (find / persist -type f) the line does not appear (/persist/rfs/msm/mpss/dhob.bin.bak)
I finally executed the commands (chown -R rfs: rfs / persist / rfs and
chown -R rfs: rfs_shared / persist / hlos_rfs) and restarted the cell phone but the imei continued 0
the version of the base band is m8952_70030.25.03.62.02a
I'll try to send prints.
Is there any procedure I can try? I'll be very grateful.

Oliver1995 said:
but in command: (ls -l / persist) does not appear the number 2951 or 2952, but the name rfs, as if everything was okay (but the imei continues 0)
and in the command: (find / persist -type f) the line does not appear (/persist/rfs/msm/mpss/dhob.bin.bak)
I finally executed the commands (chown -R rfs: rfs / persist / rfs and
chown -R rfs: rfs_shared / persist / hlos_rfs) and restarted the cell phone but the imei continued 0
Click to expand...
Click to collapse
The chown command won't do anything as the owners of the partitions are already rfs and rfs_shared.
Reflash stock rom again, and check if you get to see 2951 or 2952 on executing the command "ls -l /persist", and respond.
If you still don't get to see 2951 and 2952, then it seems you have tried doing some changes to your efs/persist partition by either restoring someone else's efs/persist or tried to edit yours.

what should I understand:It means that some custom roms erase imei while going back to stock,it can be recovered but volte cant
Is it right?

BogartX said:
what should I understand:It means that some custom roms erase imei while going back to stock,it can be recovered but volte cant
Is it right?
Click to expand...
Click to collapse
Partially right. Some custom ROMs do some changes with the EFS folder which is responsible for the recreation of IMEI. However, while flashing the Stock ROM, if you do not erase EFS partition, then you will retain your IMEI.
The commands which erase EFS partitions are:
Code:
fastboot erase modemst1
fastboot erase modemst2
The modemst1 and modemst2 are indeed the EFS partition itself. So just skip the above lines while flashing Stock ROM if the custom ROM is doing some changes with the EFS partition, and you will not lose your IMEI.
Volte can be recovered but there is a condition which should be satisfied. The baseband should remain as Indian. If it does, then you will be having Volte working and if it doesn't, you won't be having Volte running.
The only ROMs which are causing this issue on our device currently are Android Pie ROMs. I hope when Official Oreo is released for our device, the new blobs and modem will solve this issue. The developers have already checked if there is something in the ROMs which is causing this issue, and they found no problems at all. Same was the case with Oreo ROMs on Moto G5/Plus and Moto G5s/Plus

Heeth21 said:
The chown command won't do anything as the owners of the partitions are already rfs and rfs_shared.
Reflash stock rom again, and check if you get to see 2951 or 2952 on executing the command "ls -l /persist", and respond.
If you still don't get to see 2951 and 2952, then it seems you have tried doing some changes to your efs/persist partition by either restoring someone else's efs/persist or tried to edit yours.
Click to expand...
Click to collapse
yes actually I tried to restore the persistence of another person by a tutorial on youtube (I do not know if I can post the link here) and also did this tutorial to restore these files modem.img, fsg.img, hw.img: https://forum.xda-developers.com/moto-g4-plus/how-to/solve-moto-g4-plus-one-imei-fp-sensor-t3800410
already tried to reinstall the stock rom but does not appear the numbers 2951 or 2952
Do not have any solution for this?

This helped me alot,Thanks?
In my case both sim are working,with no volte
But jio 4g voice or dialer app with data on is not working

Yes I tried to restore the persist
the problem occurred after installing this rom 9.0 when I came back to the stock the imei was 0: https://forum.xda-developers.com/moto-g4-plus/development/rom-arrowos-9-x-t3859849

Oliver1995 said:
yes actually I tried to restore the persistence of another person by a tutorial on youtube (I do not know if I can post the link here) and also did this tutorial to restore these files modem.img, fsg.img, hw.img: https://forum.xda-developers.com/moto-g4-plus/how-to/solve-moto-g4-plus-one-imei-fp-sensor-t3800410
already tried to reinstall the stock rom but does not appear the numbers 2951 or 2952
Do not have any solution for this?
Click to expand...
Click to collapse
Restore your original persist back. I have seen that tutorial. This issue can only be solved if you are on your own persist as every device has its unique persist.
It doesn't matter if you tried restoring modem, hw, fsg files. Just make sure you are on your own persist.
If you haven't taken a backup of your original unmodified persist, then I'm sorry that is a completely different issue which I don't think there is a soluton to.

Pranavchorge said:
This helped me alot,Thanks
In my case both sim are working,with no volte
But jio 4g voice or dialer app with data on is not working
Click to expand...
Click to collapse
I was hoping if you could atatch your build.prop so that we can compare and check for Volte solution.
You need to grant permissions to Jio4GVoice, enable mobile data (wifi should be off), and dial via Jio4GVoice. Check if this works (it should), and then you will have an ongoing activity notification for Jio4GVoice app