Repair imei on new qualcomm devices.

[LoneWolf37]

How to repair/change imei on new type qualcomm devices ?
i have some pantech , alcatel , lenovo etc.. brands devices.
can we do something within qpst ?and how to open diag port on that devices ?

note : i have a lot of pcs lenovo k910 (Qualcomm Snapdragon 800 MSM8274 v1) for repair imei , if anybody have a any tool feel free to contact me

[Dooha_Bd]

Quote:

Originally Posted by LoneWolf37

How to repair/change imei on new type qualcomm devices ?
i have some pantech , alcatel , lenovo etc.. brands devices.
can we do something within qpst ?and how to open diag port on that devices ?

note : i have a lot of pcs lenovo k910 (Qualcomm Snapdragon 800 MSM8274 v1) for repair imei , if anybody have a any tool feel free to contact me

you have to write QCN file aslike NV file.

[armany99]

That's right and the boot after the root is easy
But still there is something we need to know about this files !!

[LoneWolf37]

bro i accepted ur friendship wants from skype , still waiting or pm me please.i will try.

also everyone can be try that :

1st , enable diagnostic port by model (search google etc..)
2nd , read nvm from qpst.
3rd edit nvm imei then upload back.but that option cant be possible on nvm secured phones.i m researching now

[tvdmd75]

@omarb1989

I have Q-smart s20 chip Qualcomm and lost Imei,flash some Rom but stiil null Imei, i don't know how to repair it.
Can you send me tool for repair, my yahoo = nick forum, thanks.

[Decker82]

The same topic question. Does anyone have any info about Qualcomm CEFS? I mean modemst1, modemst2, fsg with following signatures inside - IMGEFS1X, IMGEFS2Y. Is any way to decrypt it? May be some tools or direction how to start dig (reverse) decryption proc? Any advices, hints, examples?

[stanner_austin]

Quote:

Originally Posted by Decker82

The same topic question. Does anyone have any info about Qualcomm CEFS? I mean modemst1, modemst2, fsg with following signatures inside - IMGEFS1X, IMGEFS2Y. Is any way to decrypt it? May be some tools or direction how to start dig (reverse) decryption proc? Any advices, hints, examples?

Hello
No details so far public or private. only vendors know.
There was one info but as qualcomm always send copy right latter to remove it.

But there is way to dump CEFS raw format with qpst and command bug.
qpst method is on google already.

Regards,
Chevli

[dest]

Quote:

Originally Posted by stanner_austin

Hello
No details so far public or private. only vendors know.
There was one info but as qualcomm always send copy right latter to remove it.

But there is way to dump CEFS raw format with qpst and command bug.
qpst method is on google already.

Regards,
Chevli

You have this info? or a cached version of the page?

[ecs87]

I shouldn't post this and make it public (so that qualcomm can patch it...) but to repair the IMEI you must first clear the EFS partitions. This doesn't mean the /efs folder. I mean the EFS data partitions which are modemst1, modemst2, and FSG. On most GSM phones this is mmcblk0p12, mmcblk0p13, and mmcblk0p18. They can be wrote to if can adb shell into your phone using root. Use the dd if command to pull one of the partitions to your computer, take note of the exact byte size, make a new hex file that size. It'll be full of zeros, that's fine. Send it to the phone. Write this zeroed out file to the three EFS data partitions with the dd if command through adb shell. Reboot the phone. Your IMEI (and network) are gone. At this point the protection is removed and the IMEI can be wrote to (either through the diag port or through AT commands over the modem/UART).

I hope you took a NV backup of your phone (minus nv item 550) to restore the network after the IMEI repair ;-)

Yes, this is exactly how all box companies are doing this for Samsung and LG (some of them clear the efs through download mode. I prefer to run a batch file through adb; although root is necessary for the adb method).

[Alan_B]

Quote:

Originally Posted by ecs87

I shouldn't post this and make it public (so that qualcomm can patch it...) but to repair the IMEI you must first clear the EFS partitions. This doesn't mean the /efs folder. I mean the EFS data partitions which are modemst1, modemst2, and FSG. On most GSM phones this is mmcblk0p12, mmcblk0p13, and mmcblk0p18. They can be wrote to if can adb shell into your phone using root. Use the dd if command to pull one of the partitions to your computer, take note of the exact byte size, make a new hex file that size. It'll be full of zeros, that's fine. Send it to the phone. Write this zeroed out file to the three EFS data partitions with the dd if command through adb shell. Reboot the phone. Your IMEI (and network) are gone. At this point the protection is removed and the IMEI can be wrote to (either through the diag port or through AT commands over the modem/UART).

I hope you took a NV backup of your phone (minus nv item 550) to restore the network after the IMEI repair ;-)

Yes, this is exactly how all box companies are doing this for Samsung and LG (some of them clear the efs through download mode. I prefer to run a batch file through adb; although root is necessary for the adb method).

Doing this cancels the check msl?

[LoneWolf37]

Quote:

Originally Posted by ecs87

I shouldn't post this and make it public (so that qualcomm can patch it...) but to repair the IMEI you must first clear the EFS partitions. This doesn't mean the /efs folder. I mean the EFS data partitions which are modemst1, modemst2, and FSG. On most GSM phones this is mmcblk0p12, mmcblk0p13, and mmcblk0p18. They can be wrote to if can adb shell into your phone using root. Use the dd if command to pull one of the partitions to your computer, take note of the exact byte size, make a new hex file that size. It'll be full of zeros, that's fine. Send it to the phone. Write this zeroed out file to the three EFS data partitions with the dd if command through adb shell. Reboot the phone. Your IMEI (and network) are gone. At this point the protection is removed and the IMEI can be wrote to (either through the diag port or through AT commands over the modem/UART).

I hope you took a NV backup of your phone (minus nv item 550) to restore the network after the IMEI repair ;-)

Yes, this is exactly how all box companies are doing this for Samsung and LG (some of them clear the efs through download mode. I prefer to run a batch file through adb; although root is necessary for the adb method).

Bro thanks ; those informations are great for beginner of programmers.well , if we clear that 3 partitions , network Will come after process to new type imei cert phones ?(like note 3 n900x series ,s5 etc..)

[ecs87]

You must make a QCN backup (or more commonly referred to as a nv item backup) of the phone BEFORE resetting the EFS. If you dont, you risk having no network after the IMEI repair.

[matholameu]

Quote:

Originally Posted by ecs87

I shouldn't post this and make it public (so that qualcomm can patch it...) but to repair the IMEI you must first clear the EFS partitions. This doesn't mean the /efs folder. I mean the EFS data partitions which are modemst1, modemst2, and FSG. On most GSM phones this is mmcblk0p12, mmcblk0p13, and mmcblk0p18. They can be wrote to if can adb shell into your phone using root. Use the dd if command to pull one of the partitions to your computer, take note of the exact byte size, make a new hex file that size. It'll be full of zeros, that's fine. Send it to the phone. Write this zeroed out file to the three EFS data partitions with the dd if command through adb shell. Reboot the phone. Your IMEI (and network) are gone. At this point the protection is removed and the IMEI can be wrote to (either through the diag port or through AT commands over the modem/UART).

I hope you took a NV backup of your phone (minus nv item 550) to restore the network after the IMEI repair ;-)

Yes, this is exactly how all box companies are doing this for Samsung and LG (some of them clear the efs through download mode. I prefer to run a batch file through adb; although root is necessary for the adb method).

Trying to do this on an SGH-I717. Attempted to message ECS but PM is disabled. Could anyone please elaborate a little bit on this process for me? I've been grinding away trying to get my phone working for months and would really appreciate any help.

[matholameu]

Well I figured it out. Atleast as much as I need.
If your phone is anything like my Samsung Note SGH-I717 you can access service mode with a code and then wipe all 3 efs partitions directly from the phone.
Good luck folks! Hope your adventure ends the same as mine.

[hellothere777]

Quote:

Originally Posted by ecs87

I shouldn't post this and make it public (so that qualcomm can patch it...) but to repair the IMEI you must first clear the EFS partitions. This doesn't mean the /efs folder. I mean the EFS data partitions which are modemst1, modemst2, and FSG. On most GSM phones this is mmcblk0p12, mmcblk0p13, and mmcblk0p18. They can be wrote to if can adb shell into your phone using root. Use the dd if command to pull one of the partitions to your computer, take note of the exact byte size, make a new hex file that size. It'll be full of zeros, that's fine. Send it to the phone. Write this zeroed out file to the three EFS data partitions with the dd if command through adb shell. Reboot the phone. Your IMEI (and network) are gone. At this point the protection is removed and the IMEI can be wrote to (either through the diag port or through AT commands over the modem/UART).

I hope you took a NV backup of your phone (minus nv item 550) to restore the network after the IMEI repair ;-)

Yes, this is exactly how all box companies are doing this for Samsung and LG (some of them clear the efs through download mode. I prefer to run a batch file through adb; although root is necessary for the adb method).

I understand how to wipe efs folder via adb but cannot figure out how to do it through download mode. I know this is how spt and bst are doing it. I can flash the nvrebuild1.bin and nvrebuild2.bin with no problems, But when I try to flash the fsg.bin I always get the "Secure Check Fail : apnonhlos" message on the phone when I flash it via odin. Do you have any ideas?