This is a short tutorial on how to change you mid on your htc one mini. Make sure your bootloader is unlocked you are rooted and have s-off with super cid! This is the config that is know working for the mod. After the change you can lock everything back up if you want.
1. Boot up your phone and connect to pc with usb debugging turned on.
2. Open up command prompt or terminal and "adb shell" and then type "su"
3. Dd if=/dev/block/mmcblk0p6 of=/sdcard/mid.img
4.exit shell
5.adb pull /sdcard/mid.img
6.open up mid.img in hex editor and search for this value 50 00 4f 00 35 00 38 you will see (in the text side of the editor) either p.o.5.8.2.2.0.0.0 or p.o.5.8.2.0.0.0.0 if it reads p.o.5.8.2.2.0.0.0 its an att model and you want to simply overwrite the last 2 with a 0. Use f3 or whatever button to find the value again and change that 2 to a 0 in all places in the file. 2 or 3 times if i remember correctly. (this does work and it is fully tested by me) make sure you have the editor overwriting not inserting!! And only change what ive told you!!
7.then save and push the file back to sdcard
8.run this command dd if=/sdcard/mid.img of=/dev/block/mmcblk0p6
9.adb reboot bootloader
10.finally fastboot getvar all....and youll see your mid has been successfully changed. Ota updates will now work on stock rom.
This script creates backup of partitions related to IMEI number. If you have not unlocked your boot-loader then you do not have to worry, you're safe. But read this in case you root someday!
DISCLAIMER:
I am not responsible for any damage caused to your device in any manner, you should be careful while doing anything. Before you proceed please read everything.
DESCRIPTION
The IMEI number is like an identifier to your cellphone for network operators. The phones will not be able to communicate in case IMEI is lost. The IMEI number is generally stored in PDS partition of the EMMC but the Moto g is an exception, there is no physical EFS partition so NV-Items are inaccessible for manipulation which means backing up PDS partition only will not make any sense.
The EFS is created on the fly: the modem reads HOB and DHOB partitions and after manipulations it creates a EFS file-system which is isolated from rest of the system. The modem finds the baseband, MEID, IMEI etc. and reports it to the OS.
The DHOB partition is encrypted and the key used is a PBKFD2 derived key for which the details like passkey, salt and iterations are unknown. HOB partition is XML-formatted and contains encrypted base64 text items. The secret is yet to be discovered.
Reference
http://forum.xda-developers.com/moto-g/help/info-moto-g-imei0-t2925970/post62064474#post62064474
http://forum.xda-developers.com/showthread.php?t=2640677
What does the script do?
This script simply creates the dumps of HOB, DHOB, FSC and PDS partition.
REQUIREMENTS:
A rooted phone is bare minimum and rest depends upon the method you choose. Download the archive one is for Linux and other is for Windows.
Choose any one.
FROM PHONE:-
1. Download and install any “Terminal Emulator” application from App store.
2. Type su and press enter to have superuser privileges.
3. Run these commands one-by-one.
HTML:
su
mkdir /sdcard0/imei_backup
dd if=/dev/block/platform/msm_sdcc.1/by-name/hob" of=/sdcard0/imei_backup/hob.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/dhob" of=/sdcard0/imei_backup/dhob.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/fsc" of=/sdcard0/imei_backup/fsc.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/pds" of=/sdcard0/imei_backup/pds.img
4. Copy imei_backup from the top folder of internal storage or SD-card.
FROM PC:-
1. Enable ROOT for both apps and adb from developer options.
2. Open cmd or terminal hange current location to folder imei_linux or imei_windows extracted from archive.
3. Run the below commands from cmd or terminal.
Windows
Make sure you have Motorola drivers installed (Motorola device manager).
HTML:
imei_backup.bat
Linux
Superuser privileges are necessary.
HTML:
sudo bash imei_backup.sh
or
su -C 'bash imei_backup.sh'
4. Once finished save imei_backup folder to someplace safe. The folder sits in the same folder the commands are run and in phone's internal storage or SD card.
FOR RESTORATION
1. Copy imei_backup folder to /sdcard (both internal or SD-Card in case you are not sure)
2. Open terminal emulator on phone and run these commands, all of them do not miss any. Run all of them twice to be sure.
HTML:
dd if=/sdcard0/imei_backup/hob.img of=/dev/block/platform/msm_sdcc.1/by-name/hob"
dd if=/sdcard0/imei_backup/dhob.img of=/dev/block/platform/msm_sdcc.1/by-name/dhob"
dd if=/sdcard0/imei_backup/fsc.img of=/dev/block/platform/msm_sdcc.1/by-name/fsc"
dd if=/sdcard0/imei_backup/pds.img of=/dev/block/platform/msm_sdcc.1/by-name/pds"
4. Reboot your phone.
How to keep IMEI safe:
1. Do not use incompatible Roms or firmware.
2. Never run these commands.
Don't even try, I have screwed my phone already. Misspelled for safety.
HTML:
Fast-boot erasee all (Don't)
Fast-boot erasee recovery (Don't)
Fast-boot erasee HOB (Don't)
Fast-boot erasee DHOB (Don't)[/COLOR]
Fast-boot erasee earth (Please Don't)
Run any of these commands and your phone turn into a tablet forever.
3. Create backup of the partitions i mentioned using one of the methods.
FAQS:-
Does it work on Dual-Sim or CDMA ?
Yes, it works. It just creates partition dumps, nothing more nothing less. It should work on Moto G (1st and 2nd gen) all variants and Moto E (1st and 2nd).
Is it safe to share my imei_backup folder if anyone asks?
Yes, the content is encrypted and there is no chance of manipulation of IMEI, the NV-ITEMS are written after verification. No two phones can have same IMEI. If it was possible then I wouldn't be so mad or worried or you would not be reading this. The best he could achieve is base-band change and signal but IMEI stays zero. No Cheating!
I have PDS partition backup, why should I care about this?
The PDS partition alone is no good for recovery, there are other partitions which help phone get a working cellular and valid IMEI number, those partition are HOB and DHOB. You can create backup through terminal emulator.
Why should I believe you?
I am a victim and did research on this for like 30 days. I do have a clear idea of what the problem really is. Please refer to mentioned threads for more information.
I have lost my IMEI because of “fast-boot erase all” command, can I get my IMEI back?
Sorry! But there is no working solution at the moment. All you can do right now is either buy a new motherboard or a spare phone to do work. The cure has not been found till now and hopes are really low unless some guy with good cryptography knowledge comes to rescue. So far i only know the problem
Very useful, thanks. Just want to add my experience - actually I did run "fast-boot erasee recovery" once in the past and did lost IMEI, but it was possible to recover it in an easy way. But those other commands seem to be really catastrophic indeed (though I haven´t tried them )
Here´s the original story: http://forum.xda-developers.com/showthread.php?p=52648789
drfr said:
Very useful, thanks. Just want to add my experience - actually I did run "fast-boot erasee recovery" once in the past and did lost IMEI, but it was possible to recover it in an easy way. But those other commands seem to be really catastrophic indeed (though I haven´t tried them )
Here´s the original story: http://forum.xda-developers.com/showthread.php?p=52648789
Click to expand...
Click to collapse
It is always better to be safe than sorry. The thing is if you lose hob and dhob partitions, you are doomed. I am glad to know that your phone is intact.
Script works well - thanks for this.
Well I'm here to ask something related to the problems issued in this thread.
I got a XT1032 with IMEI fully written but, for some reasons I still don't know, the damn phone does not "read" the signal. The bars just stay empty and nothing, not even a full original firmware restore, seems to help.
Now I wonder if the problem is in a non-working modem partition, but I'd see that problem solved when I fully flashed the stock FW.
Is there any solution? I also tried to flash all the european (I'm italian) basebands known to mankind and nothing happens.
Dionysus2389 said:
Well I'm here to ask something related to the problems issued in this thread.
I got a XT1032 with IMEI fully written but, for some reasons I still don't know, the damn phone does not "read" the signal. The bars just stay empty and nothing, not even a full original firmware restore, seems to help.
Now I wonder if the problem is in a non-working modem partition, but I'd see that problem solved when I fully flashed the stock FW.
Is there any solution? I also tried to flash all the european (I'm italian) basebands known to mankind and nothing happens.
Click to expand...
Click to collapse
When you dial *#06# do you see your IMEI number?
PuLKit4xd said:
When you dial *#06# do you see your IMEI number?
Click to expand...
Click to collapse
Yep, the IMEI is there as it is in the phone info. That's why I can't figure out what the heck is wrong with it. I also tried to flash any baseband and still no signal.
Dionysus2389 said:
Well I'm here to ask something related to the problems issued in this thread.
I got a XT1032 with IMEI fully written but, for some reasons I still don't know, the damn phone does not "read" the signal. The bars just stay empty and nothing, not even a full original firmware restore, seems to help.
Now I wonder if the problem is in a non-working modem partition, but I'd see that problem solved when I fully flashed the stock FW.
Is there any solution? I also tried to flash all the european (I'm italian) basebands known to mankind and nothing happens.
Click to expand...
Click to collapse
PuLKit4xd said:
When you dial *#06# do you see your IMEI number?
Click to expand...
Click to collapse
Dionysus2389 said:
Yep, the IMEI is there as it is in the phone info. That's why I can't figure out what the heck is wrong with it. I also tried to flash any baseband and still no signal.
Click to expand...
Click to collapse
Aaaaan then I managed to fix everything. Simply, kitkat european firmwares have some issues with basebands, so I wipe everything and flash via mfastboot the 5.0.2 brazillian stock firmware. Everything is flawless now!
Hi all, thanks for this huge piece of info, very usefull, but i need from you if you have the backup of the files for XT1540 (moto g3 4g).
Cheers
PuLKit4xd said:
This script creates backup of partitions related to IMEI number. If you have not unlocked your boot-loader then you do not have to worry, you're safe. But read this in case you root someday!
DISCLAIMER:
I am not responsible for any damage caused to your device in any manner, you should be careful while doing anything. Before you proceed please read everything.
DESCRIPTION
The IMEI number is like an identifier to your cellphone for network operators. The phones will not be able to communicate in case IMEI is lost. The IMEI number is generally stored in PDS partition of the EMMC but the Moto g is an exception, there is no physical EFS partition so NV-Items are inaccessible for manipulation which means backing up PDS partition only will not make any sense.
The EFS is created on the fly: the modem reads HOB and DHOB partitions and after manipulations it creates a EFS file-system which is isolated from rest of the system. The modem finds the baseband, MEID, IMEI etc. and reports it to the OS.
The DHOB partition is encrypted and the key used is a PBKFD2 derived key for which the details like passkey, salt and iterations are unknown. HOB partition is XML-formatted and contains encrypted base64 text items. The secret is yet to be discovered.
Reference
http://forum.xda-developers.com/moto-g/help/info-moto-g-imei0-t2925970/post62064474#post62064474
http://forum.xda-developers.com/showthread.php?t=2640677
What does the script do?
This script simply creates the dumps of HOB, DHOB, FSC and PDS partition.
REQUIREMENTS:
A rooted phone is bare minimum and rest depends upon the method you choose. Download the archive one is for Linux and other is for Windows.
Choose any one.
FROM PHONE:-
1. Download and install any “Terminal Emulator” application from App store.
2. Type su and press enter to have superuser privileges.
3. Run these commands one-by-one.
HTML:
su
mkdir /sdcard0/imei_backup
dd if=/dev/block/platform/msm_sdcc.1/by-name/hob" of=/sdcard0/imei_backup/hob.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/dhob" of=/sdcard0/imei_backup/dhob.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/fsc" of=/sdcard0/imei_backup/fsc.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/pds" of=/sdcard0/imei_backup/pds.img
4. Copy imei_backup from the top folder of internal storage or SD-card.
FROM PC:-
1. Enable ROOT for both apps and adb from developer options.
2. Open cmd or terminal hange current location to folder imei_linux or imei_windows extracted from archive.
3. Run the below commands from cmd or terminal.
Windows
Make sure you have Motorola drivers installed (Motorola device manager).
HTML:
imei_backup.bat
Linux
Superuser privileges are necessary.
HTML:
sudo bash imei_backup.sh
or
su -C 'bash imei_backup.sh'
4. Once finished save imei_backup folder to someplace safe. The folder sits in the same folder the commands are run and in phone's internal storage or SD card.
FOR RESTORATION
1. Copy imei_backup folder to /sdcard (both internal or SD-Card in case you are not sure)
2. Open terminal emulator on phone and run these commands, all of them do not miss any. Run all of them twice to be sure.
HTML:
dd if=/sdcard0/imei_backup/hob.img of=/dev/block/platform/msm_sdcc.1/by-name/hob"
dd if=/sdcard0/imei_backup/dhob.img of=/dev/block/platform/msm_sdcc.1/by-name/dhob"
dd if=/sdcard0/imei_backup/fsc.img of=/dev/block/platform/msm_sdcc.1/by-name/fsc"
dd if=/sdcard0/imei_backup/pds.img of=/dev/block/platform/msm_sdcc.1/by-name/pds"
4. Reboot your phone.
How to keep IMEI safe:
1. Do not use incompatible Roms or firmware.
2. Never run these commands.
Don't even try, I have screwed my phone already. Misspelled for safety.
HTML:
Fast-boot erasee all (Don't)
Fast-boot erasee recovery (Don't)
Fast-boot erasee HOB (Don't)
Fast-boot erasee DHOB (Don't)[/COLOR]
Fast-boot erasee earth (Please Don't)
Run any of these commands and your phone turn into a tablet forever.
3. Create backup of the partitions i mentioned using one of the methods.
FAQS:-
Does it work on Dual-Sim or CDMA ?
Yes, it works. It just creates partition dumps, nothing more nothing less. It should work on Moto G (1st and 2nd gen) all variants and Moto E (1st and 2nd).
Is it safe to share my imei_backup folder if anyone asks?
Yes, the content is encrypted and there is no chance of manipulation of IMEI, the NV-ITEMS are written after verification. No two phones can have same IMEI. If it was possible then I wouldn't be so mad or worried or you would not be reading this. The best he could achieve is base-band change and signal but IMEI stays zero. No Cheating!
I have PDS partition backup, why should I care about this?
The PDS partition alone is no good for recovery, there are other partitions which help phone get a working cellular and valid IMEI number, those partition are HOB and DHOB. You can create backup through terminal emulator.
Why should I believe you?
I am a victim and did research on this for like 30 days. I do have a clear idea of what the problem really is. Please refer to mentioned threads for more information.
I have lost my IMEI because of “fast-boot erase all” command, can I get my IMEI back?
Sorry! But there is no working solution at the moment. All you can do right now is either buy a new motherboard or a spare phone to do work. The cure has not been found till now and hopes are really low unless some guy with good cryptography knowledge comes to rescue. So far i only know the problem
Click to expand...
Click to collapse
Need help!!
It does not work for me. whenever any command with /sdcard is written, it replies "/sdcard/hob.img :File or directory not found."
Please help.
Thanks in advance : )
Hi! Sorry for my very bad English =) This thread is a solution, if you have IMEI unknown and all instructions NOT working - read/write error etc.
1. root device
2. download attach zip. It is contains 3 partitions - mmcblk 12,13 and 16.
3. copy three this files to your phone.
4. enable diag mode (com port in windows)
5. Run adb, type adb shell, type su
before Restoring we have to make sure that the efs partitions are cleared and dont have previous data so follow this codes before restoring
dd if=/dev/zero of=/dev/block/mmcblk0p12
dd if=/dev/zero of=/dev/block/mmcblk0p13
dd if=/dev/zero of=/dev/block/mmcblk0p16
reboot
Copy the Code
Use the below mentioned codes to restore
dd if=/sdcard/mmcblk0p12 of=/dev/block/mmcblk0p12
dd if=/sdcard/mmcblk0p13 of=/dev/block/mmcblk0p13
dd if=/sdcard/mmcblk0p16 of=/dev/block/mmcblk0p16
Copy the Code
Now Phone would reboot, Your Imei is Fixed (Restored) - imei null =)
6. in EFS Professional write your IMEI =)
7. reboot and enjoy your working phone =)
I need to change my imei and when I follow guides on the net I am stuck at deleting modemst1, modemst2 and fsg partitions. The purpose of that is to make the device let me write modified imei partitions later.
I am trying to delete the partitions by the following commands
adb shell
su
and after I am root
dd if=/dev/zero of=/dev/block/xxxxxxx where xxxxxxx is the partition I am trying to delete. However, I get
"No space left on device"
and the partitions remain intact.
fastboot erase does not work since the partitions are write-protected.
I am open to suggestions of other strategies to change intact IMEI number.
arjantin78 said:
I need to change my imei
Click to expand...
Click to collapse
I'm afraid I don't have a solution for you, but I'd like to warn you that changing the IMEI of a mobile device is illegal in many countries. I hope it's not in yours. Good luck!
Hello XDA Dev Community!! I`m with You since 2011 ! but never wrote.. So HELLO!
EDIT
I`m not sure why my Q was took out of the topic:
https://forum.xda-developers.com/t/...-a-decryptable-twrp-no-root-required.4086625/ - I won`t argue anyway my question is related to the guide - link above.
EDIT ENT
Just to check with community if all is ok
My phone is Pixel 2, stock Android 11, bootloader unlocked, rooted (Magisk).
Connected phone via usb, entered in CMD:
Code:
adb shell
su
dd if=/dev/block/sdf2 of=/storage/emulated/0/Download/modemst1.bin bs=2048
As I understand I changed location of the output file - if wrong - pls correct me.
In Solid Explorer those 2 files have like HH:MM in name in front of sdf2 and sdf3 and both weigh 0 B.
Output files landed in Download folder like this:
modemst1.bin 256.00 kB
modemst2.bin 1.50MB
Is that right?
Is there any way to open those bin files and check if they are correct?
adb shell info after dd comand looked ok for me:
Code:
128+0 records in
128+0 records out
Ok. iso asking I could check with internet.. so bin is like iso but older..
If I mount it or convert to iso and mount - is there a way to check if it`s backed up correctly? I know that 100% sure I will be after formatting EFS and trying to recover from created files BUT... maybe there is sth I can check before?