LS970 EFS Backup/Restore/Repair
Every rooted Optimus G user should backup their EFS partitions!
Thanks goes to interloper, toastcfh and everyone in #lg-optimus-g that helped out.
PM me if interested in my Sprint LGOG LS970 EFS repair service.
1. Flashable EFS for backing up your EFS partitions and packing them into a new flashable .zip.
2. Commands for backing up/restoring EFS manually with terminal or ADB.
3. Flashable "ZERO EFS" with guide for repairing your EFS. This EFS needs to be reprogrammed but could be used in a "worst case" scenario where you didn't backup your EFS and the phone cannot be replaced by any LG/Sprint warranty.
Backup script/commands also work on the ATT/Telus variants. ZERO EFS zip is ONLY for Sprint LS970 users. ATT/Telus users, if you would like a ZERO EFS, please send me your efsbackup.tar in a private message. It is not suggested to publicly post your EFS file.
You never know when your NV/EFS/PRL/RADIO may stop working. Restoring your WORKING EFS may save the day. A few users in the #lg-optimus-g IRC channel have run into issues and found their phone unusable, myself included. A few users who flashed the test/Korean JB builds found 3g not working.. or calls/text not working. Some users ran into radio issues after PRL writing failures. My own issues was a missing ICCID which resulted in no 4G. Data wipes, reactivations, ##786# resets were not helping. All of the above issues could have been fixed if an EFS backup was made while the phone was still in working order.
m9kefs1 seems to be radio related
m9kefs2 contains your unique phone identifiers: MEID, IMEI, phone number, MSL, data profiles etc
m9kefs3 seems to be blank 00s
Backing up EFS
It's easiest to run the Optimus_G_Create_Flashable_EFS.zip attached to this thread. Run in recovery. Optimus_G_Create_Flashable_EFS.zip creates a flashable zip backup of your EFS in /sdcard/EFS_Backup/(instead of just a .tar).
If you don't like convenience this can also be done manually with adb or terminal with the commands below.. root required.
Restoring EFSCode:su dd if=/dev/block/platform/msm_sdcc.1/by-name/m9kefs1 of=/sdcard/m9kefs1.img dd if=/dev/block/platform/msm_sdcc.1/by-name/m9kefs2 of=/sdcard/m9kefs2.img dd if=/dev/block/platform/msm_sdcc.1/by-name/m9kefs3 of=/sdcard/m9kefs3.img
To restore your original EFS just boot into recovery and flash the efsbackupflash.zip in your /sdcard/EFS_Backup folder.
If you don't like convenience this can also be done manually with adb or terminal with the commands below. Adjust the "dd if=/sdcard/" command depending on where your backup EFS .img files are located.
Code:su dd if=/sdcard/m9kefs1.img of=/dev/block/platform/msm_sdcc.1/by-name/m9kefs1 dd if=/sdcard/m9kefs2.img of=/dev/block/platform/msm_sdcc.1/by-name/m9kefs2 dd if=/sdcard/m9kefs3.img of=/dev/block/platform/msm_sdcc.1/by-name/m9kefs3
YOUR EFS IS *NOT* BROKEN IF YOU FLASHED AN AOSP ROM AND NO LONGER HAVE SIGNAL BUT STILL HAVE YOUR MEID AND PRL SAYS "40000"...
GO BACK INTO AOSP ROM > SETTINGS > MORE... > MOBILE NETWORK SETTINGS > CDMA SUBSCRIPTION > SET TO "NV"
YOU SHOULD NOW HAVE A SIGNAL AGAIN... NO EFS REPAIR NEEDED!!
If you have a messed up PRL/Radio/EFS(no signal.. calls/text doesn't work.. no PRL showing.. no 3G) then you should first confirm there are no outages in your area. After confirming no outages you may want to try a factory data reset(settings > backup & reset) or perform a ##786# reset(MSL required). If you are feeling daring you could even try a lgnpst reset which involves installing lgnpst(automated install on IRC suggested) and flashing a stock .tot to your phone while it's in download mode(power off phone > plug phone into USB cable/computer > vol up + vol down + power buttons). If none of the previous suggestions work you could see if Sprint/LG will warranty repair your device.
If NOTHING ABOVE works your final option is to flash a new EFS. Technically you could possibly look through each and every NV item with QXDM and see what's incorrect but that may take forever... so I have included a flashable zip at the bottom of this thread which flashes a fresh LS970 EFS to your device. This EFS is clear of all personal data and any previous phone identifiers. Below are directions on how to reprogram your EFS to the Sprint network after flashing the LS970_ZERO_EFS.zip. I'd rate this as medium-hard difficulty for those that are unfamiliar with how (Sprint)CDMA phones are programmed. For those that have flashed a phone in the past, this ZERO EFS zip just made your day even easier.
The ZERO EFS has a zero'd out SPC/MSL, zero'd out IMEI/MEID, zero'd out MDN/MSID and all data profiles emptied.
NV item 114(NV_FACTORY_INFO_I) has been "anonymized" and no longer identifies to anyones real account.
In recovery, flash LS970_ZERO_EFS.zip then wipe data/cache(factory wipe in TWRP). LS970_ZERO_EFS.zip backs up your current EFS partitions to /sdcard/EFS_Backup and then replaces your EFS with the ZERO EFS.
You will have to manually program your phone to get it working again.
READ EVERYTHING BELOW IF YOU DON'T KNOW WHAT YOU'RE DOING.
After flashing LS970_ZERO_EFS.zip:
For talk/text working - use DFS(www.cdmatool.com) or other known working CDMA tools.
a1. Set LS970 into diag mode.. open the dialer and hit ##3424# . Also make sure phone is set to "Charge only"
b1. Connect phone to DFS and set correct COM port. Use the diag port NOT the serial port.
c1. In DFS send SPC(MSL) to phone using "SPC" button(under the green ports button, top left). SPC = 000000.
d1. On Programming > General tab... Write desired IMEI with DFS. Hit "status" button to make sure it stuck. IMEI = MEID + 1 extra digit.
e1. After writing IMEI.. write the matching MEID. Hit "status" button to make sure it stuck.
f1. On your phone, open dialer and hit ##000000# and program in your MDN/MSID. Hit done. Phone will reboot.
Talk/text will now work!
For 1X/3G working - use DFS
a2. Connect phone to DFS and send SPC using above methods.
b2. In DFS, open the Programming > Data tab and hit the read button.
c2. Set the UID under HDR AN LONG to your MEID@hcm.sprintpcs.com
d2. Set the Pwd to your 32-char hex password, no spaces between hex bytes. Make sure box is checked next to Pwd!!
e2. In DFS go to the Programming > Mobile IP tab. Hit the blue "Read" button in the lower left.
f2. Set the username(NAI) to the same username you just wrote in step c2... MEID@hcm.sprintpcs.com
g. Set the AAA Shared Secret password. The same 32-char password used in step d. Make sure box is CHECKED for AAA!!!
h. Set the HA Shared Secret password to: secret . Yes, the word secret. MAke sure the box is UNCHECKED for HA!!!
i. Hit the red "Write Current Profile Settings" button.
j. Back on your phone, open the dialer and press ##3282# and click "Data Profile" then "edit". Enter 000000 for code.
k. Once inside Data Profile menu, set up your Sprint username and password(AAA password).
firstname.lastname@example.org and the AAA password is a 6-char password.
l. Once data profile is written back out of the menu and the phone should reboot.
1X/3G will now work!! [as long as ALL usernames and passwords were written correctly with the 100% correct info!!!]
1. If a ##786# reset is ever done, the 1X/3G data passwords will be wiped and have to be rewritten.
2. Dialer code 3845#*970# > Data -LG menu has a PPP setting. Never set this to Sprint... always leave on "Undetermined"
3. You shouldn't have to do anything for 4G to work.
Now you may say "yeah, that's great... but I don't know my MEID, IMEI, MDN, MSID, 32-char AAA password, Data Profile username... now what?"
IMEI - Hopefully your phone isn't TOO messed up and you can still view your IMEI via Settings > About Phone > Phone Identity.
If you can't read it, call Sprint and ask them for it, mention your phone acting up or blah blah. The IMEI is your MEID + 1 extra digit.
MEID - MEID is on your LG OG box. You can also see this by viewing the current phone on your plan using Sprint.com
You want to use the MEID HEX not MEID DEC. If you can only find the DEC you can use online converters to convert MEID DEC to HEX.
MDN - MDN is your phone number. You should know this.
MSID - MSID is sometimes the same as your phone number, but sometimes not. You can view this info in Settings > About Phone > Phone Identity
You can call Sprint to get this info if you can't view it on your phone.
Data Profile username/password - You can get this info by calling Sprint. You may be able to view the username with ##3282# > Data Profile > View
32-char AAA Password - If you are unable to acquire your 32-char AAA password(NV item 466 and 1192), ask Sprint. You may have to speak to some form of advanced tech support.