FOR EDUCATIONAL PURPOSE ONLY, CHANGING IMEI IS ILLEGAL IN MOST COUNTRIES, MAKE SURE YOU CONVINCE YOUR ACTIONS BEFORE DOING THIS.
I DON'T RESPONSIBLE IF YOUR DEVICE IS BROKEN OR THE IMEI IS NOT CHANGED CAUSED BY YOU DIDN'T FOLLOW THE STEPS CAREFULLY OR HAVING A DIFFERENT EFS PARTITION SCHEME.
This guide was tested on Google Pixel 3, different device may also have a different EFS partition scheme, please make sure you adjust it with this guide. Other Google Pixel devices may use this guide without adjusting.
- Unlocked bootloader
- Magisk (rooted)
- Your device's TWRP image
- Android ADB & fastboot drivers
- Qualcomm HS-USB Diagnostics driver
- Android platform tools (ADB & fastboot)
- QFIL
- QCN IMEI Writer
You can also go to this Google Drive folder to get most of the prerequisites.
- Make sure the drivers are installed correctly.
- Make sure the Android platform tools (ADB & fastboot) path is set on the environment variables, guide here.
This is IMPORTANT since the partition stores your original IMEI and if you don't backup it you will lose your original IMEI FOREVER!
- Boot into TWRP from fastboot mode.
fastboot boot <your_device's_twrp_image.img>
- Execute this commands on Command Prompt, this will backup your EFS partition to the current working directory:
adb pull /dev/block/bootdevice/by-name/modemst1
adb pull /dev/block/bootdevice/by-name/modemst2
adb pull /dev/block/bootdevice/by-name/fsg
adb pull /dev/block/bootdevice/by-name/fsc
We will use this file to modify the original IMEI to the preferred one. This step can be skipped if you already have a QCN file as long as it comes from the same device.
- Reboot your device normally.
- Execute this commands on Command Prompt, this will open adb shell with superuser privilege. Make sure you grant the access after executing the command once:
adb shell
su
- After that then execute this commands, this will enable diagnostic mode:
resetprop ro.bootmode usbradio
resetprop ro.build.type userdebug
setprop sys.usb.config diag,diag_mdm,adb
- Change your USB mode to anything else to reload your USB mode.
- Open QFIL then click
Select Port ...to select your device's COM port. - Go to Tools > QCN Backup Restore and click
Browse ...to save your original QCN file. - Click
Backup QCNto proceed, wait until it finishes.
Once the EFS and QCN are backed up, we need to reset the EFS partition. Why? because the IMEI needs to be empty in order to successfully change the IMEI. The modified IMEI won't take effect if you don't reset the EFS partition first.
- Boot into TWRP from fastboot mode, just like the step 1 from section A.
- Execute this commands on Command Prompt, this will resets your EFS partition:
adb shell
dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst1
dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst2
dd if=/dev/zero of=/dev/block/bootdevice/by-name/fsg
dd if=/dev/zero of=/dev/block/bootdevice/by-name/fsc
reboot
Once it reboots normally the signal will be lost (no service). Don't panic, this is intentional as the IMEI is already empty. When you dial
*#06#, your IMEI is usually now starts with 004xxxx.
We will change the IMEI that inside the QCN file that we have backed up before or the one that you already have.
- Enable the diagnostic mode just like the step 1-4 from section B.
- Open QCN IMEI Tool.
- Click
Load QCNthen browse the QCN file that we have backed up before or the one that you already have.
As you can see the first two fields contains the IMEI inside the QCN file, if your device is single sim then only the first field will show up.
- Paste your preferred IMEI to the third field, if your device is dual sim then also paste to the fourth field.
- Click
Replace and export QCNto save the modified QCN file.
The final step, we need to "flash" the modified QCN file.
- Enable the diagnostic mode (if you haven't) just like the step 1-4 from section section B.
- Open QFIL then click
Select Port ...to select your device's COM port. - Go to Tools > QCN Backup Restore and click
Browse ...to your modified QCN file. - Click
Restore QCNto proceed, wait until it finishes. - Reboot your device normally.
- Done! You will now see the IMEI changed with your preferred IMEI.
- Boot into TWRP from fastboot mode, just like the step 1 from section A.
- Make sure the EFS partition files are on the same folder with the Command Prompt.
- Execute this commands on Command Prompt, this will restore your EFS partition:
adb push modemst1 /tmp
adb push modemst2 /tmp
adb push fsg /tmp
adb push fsc /tmp
adb shell
dd if=/tmp/modemst1 of=/dev/block/bootdevice/by-name/modemst1
dd if=/tmp/modemst2 of=/dev/block/bootdevice/by-name/modemst2
dd if=/tmp/fsg of=/dev/block/bootdevice/by-name/fsg
dd if=/tmp/fsc of=/dev/block/bootdevice/by-name/fsc
- Reboot your device normally.
- Done! Your device's IMEI is now restored to the original state.
- Factory resetting or adding e-sim will cause the IMEI will go back empty again.
- You need to restore the QCN again if the IMEI is empty caused by above.
Everything seems to work but I don't think resetting the efs partition is working I run dd cmd and then when I reboot it is populated again with my devices original imei
Edit: I know it's meant to regenerate but it doesn't seem to be resetting anything as imei does not change