Skip to content

Instantly share code, notes, and snippets.

@UsamaKarim

UsamaKarim/guide-change-imei-snapdragon.md

Created January 25, 2024 14:36
Show Gist options
  • Save UsamaKarim/0bd157d3fc09a5aa2d6530e3b7c13cb4 to your computer and use it in GitHub Desktop.
Save UsamaKarim/0bd157d3fc09a5aa2d6530e3b7c13cb4 to your computer and use it in GitHub Desktop.
Download ZIP
[GUIDE] How to change IMEI on Snapdragon devices
Raw
guide-change-imei-snapdragon.md

[GUIDE] How to change IMEI on Snapdragon devices

FOR EDUCATIONAL PURPOSE ONLY, CHANGING IMEI IS ILLEGAL IN MOST COUNTRIES, MAKE SURE YOU CONVINCE YOUR ACTIONS BEFORE DOING THIS.

I DON'T RESPONSIBLE IF YOUR DEVICE IS BROKEN OR THE IMEI IS NOT CHANGED CAUSED BY YOU DIDN'T FOLLOW THE STEPS CAREFULLY OR HAVING A DIFFERENT EFS PARTITION SCHEME.

This guide was tested on Google Pixel 3, different device may also have a different EFS partition scheme, please make sure you adjust it with this guide. Other Google Pixel devices may use this guide without adjusting.

Prerequisites:

You can also go to this Google Drive folder to get most of the prerequisites.

Notes #1

  • Make sure the drivers are installed correctly.
  • Make sure the Android platform tools (ADB & fastboot) path is set on the environment variables, guide here.

A. Backup your EFS partition

This is IMPORTANT since the partition stores your original IMEI and if you don't backup it you will lose your original IMEI FOREVER!

  1. Boot into TWRP from fastboot mode.
fastboot boot <your_device's_twrp_image.img>
  1. Execute this commands on Command Prompt, this will backup your EFS partition to the current working directory:
adb pull /dev/block/bootdevice/by-name/modemst1
adb pull /dev/block/bootdevice/by-name/modemst2
adb pull /dev/block/bootdevice/by-name/fsg
adb pull /dev/block/bootdevice/by-name/fsc

B. Backup your QCN file

We will use this file to modify the original IMEI to the preferred one. This step can be skipped if you already have a QCN file as long as it comes from the same device.

  1. Reboot your device normally.
  2. Execute this commands on Command Prompt, this will open adb shell with superuser privilege. Make sure you grant the access after executing the command once:
adb shell
su
  1. After that then execute this commands, this will enable diagnostic mode:
resetprop ro.bootmode usbradio
resetprop ro.build.type userdebug
setprop sys.usb.config diag,diag_mdm,adb
  1. Change your USB mode to anything else to reload your USB mode.
  2. Open QFIL then click Select Port ... to select your device's COM port.
  3. Go to Tools > QCN Backup Restore and click Browse ... to save your original QCN file.
  4. Click Backup QCN to proceed, wait until it finishes.

C. Reset your EFS partition

Once the EFS and QCN are backed up, we need to reset the EFS partition. Why? because the IMEI needs to be empty in order to successfully change the IMEI. The modified IMEI won't take effect if you don't reset the EFS partition first.

  1. Boot into TWRP from fastboot mode, just like the step 1 from section A.
  2. Execute this commands on Command Prompt, this will resets your EFS partition:
adb shell
dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst1
dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst2
dd if=/dev/zero of=/dev/block/bootdevice/by-name/fsg
dd if=/dev/zero of=/dev/block/bootdevice/by-name/fsc
reboot

Once it reboots normally the signal will be lost (no service). Don't panic, this is intentional as the IMEI is already empty. When you dial *#06#, your IMEI is usually now starts with 004xxxx.

D. Modify the QCN file

We will change the IMEI that inside the QCN file that we have backed up before or the one that you already have.

  1. Enable the diagnostic mode just like the step 1-4 from section B.
  2. Open QCN IMEI Tool.
  3. Click Load QCN then browse the QCN file that we have backed up before or the one that you already have.

As you can see the first two fields contains the IMEI inside the QCN file, if your device is single sim then only the first field will show up.

  1. Paste your preferred IMEI to the third field, if your device is dual sim then also paste to the fourth field.
  2. Click Replace and export QCN to save the modified QCN file.

E. Restore the QCN file

The final step, we need to "flash" the modified QCN file.

  1. Enable the diagnostic mode (if you haven't) just like the step 1-4 from section section B.
  2. Open QFIL then click Select Port ... to select your device's COM port.
  3. Go to Tools > QCN Backup Restore and click Browse ... to your modified QCN file.
  4. Click Restore QCN to proceed, wait until it finishes.
  5. Reboot your device normally.
  6. Done! You will now see the IMEI changed with your preferred IMEI.

If you wish to restore the original IMEI, follow these steps

  1. Boot into TWRP from fastboot mode, just like the step 1 from section A.
  2. Make sure the EFS partition files are on the same folder with the Command Prompt.
  3. Execute this commands on Command Prompt, this will restore your EFS partition:
adb push modemst1 /tmp
adb push modemst2 /tmp
adb push fsg /tmp
adb push fsc /tmp
adb shell
dd if=/tmp/modemst1 of=/dev/block/bootdevice/by-name/modemst1
dd if=/tmp/modemst2 of=/dev/block/bootdevice/by-name/modemst2
dd if=/tmp/fsg of=/dev/block/bootdevice/by-name/fsg
dd if=/tmp/fsc of=/dev/block/bootdevice/by-name/fsc
  1. Reboot your device normally.
  2. Done! Your device's IMEI is now restored to the original state.

Notes #2

  • Factory resetting or adding e-sim will cause the IMEI will go back empty again.
  • You need to restore the QCN again if the IMEI is empty caused by above.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment