FORUMS
Remove All Ads from XDA

Imei nulled [problem workout]

10 posts
Thanks Meter: 15
 
By turbo.exe, Junior Member on 30th October 2011, 12:14 AM
Post Reply Email Thread
Hi there!

Recently, there were a plenty of cases with imei changed to zero. In this sub-forum, there were already three cases ([1][2][3]), and in our local ex-USSR community there were a lot more of them. The problem comes up in an absolutely random way. In my case, it started when I tried 'format sd-card' function, built into the MIUI rom. But if you look through, you'll find that other cases have nothing in common. So, the conclusion is that there is a bug in Huawei internal firmware, that leads to nulling the IMEI. Further comes the problem workout:

in our community (4pda.ru) we've found an app (it's attached), that is able to back-up and restore IMEI. we've revealed, that the code for IMEI back-up is
dd if=/dev/block/mmcblk0p5 of=/sdcard/imeibackup/5.img
dd if=/dev/block/mmcblk0p10 of=/sdcard/imeibackup/10.img
dd if=/dev/block/mmcblk0p11 of=/sdcard/imeibackup/11.img
It reads all data from mmcblk0pXX partitions and writes it into XX.img files (images) in the imeibackup folder, stored on the sd-card. The main idea of how to restore our broken IMEI's is:
1. create the backup of IMEI using this app;
2. replace our current IMEI with our actual IMEI in theese *.img files (images);
3. restore IMEI using this app;
The idea is perfect and is easy-to-guess, but non of theese images contain IMEI in raw. Probably, they are crypted, and with no key to encrypt them, we would not be able to replace current IMEI with actual IMEI.
I will be happy to be wrong and if anyone of you could help to find the IMEI string in theese images (all info is in attach).

But there is also another way. Android SDK contains android.telephony.TelephonyManager.getDeviceId() function that returns an IMEI of the current phone. The idea is to find the body of the function (Android OS source is free-to-download, isn't it?) (it might be decrypting those partitions for further IMEI fetching) and using it, understand how to turn our IMEI into factory condition.
There might be a problem if this function only makes a RemoteProcedureCall to the phone firmware and the phone firmware actually decrypts those partitions and fetches an IMEI. In this case, we'll need some reverce-ingeneering: we'll need to write a core module, that will set hooks on the open/read_file/partition functions of our mmcblk0pXX partitions, open the stack, make a backtrace and a dump of the functions that called for them.

actually, my programming skills are too poor both for the first easy way (find the getDeviceId() function body) and surely, for reverce-ingeneering. Thar's why, there is a request for the xda-developers community:

If you are a Java programmer, could you please help us to find the android.telephony.TelephonyManager.getDeviceId() function body? If yes, could you please explain us its algorithm in a common language? We will be glad for any help.

for moderators: yes, i've already read all the cautions about the responsibility of IMEI change (in any purpose), thank you.
Attached Files
File Type: rar imeibackup.rar - [Click for QR Code] (6.09 MB, 5044 views)
File Type: apk ToolBox5iromV1.0.4.2.apk - [Click for QR Code] (95.9 KB, 5659 views)
The Following 8 Users Say Thank You to turbo.exe For This Useful Post: [ View ] Gift turbo.exe Ad-Free
 
 
30th October 2011, 12:57 PM |#2  
Senior Member
Flag Kerava
Thanks Meter: 610
 
Donate to Me
More
Sounds cool. Sadly im not a developer so i can't help. If you get this working, it could save so many devices. Mine lost imei and bricked, but this would have solveed the imei problem. Good luck, hopefully you'll get it working!
31st October 2011, 01:07 AM |#3  
Senior Member
Thanks Meter: 18
 
More
Since this require dev attention, maybe u should PM stockwell/dzo/genokolar.. Or just post this in the dev section.. Its great to have one thing less to worry about when flashing phone..
31st October 2011, 01:48 AM |#4  
Retired Recognized Developer
Flag Brisbane
Thanks Meter: 597
 
Donate to Me
More
I don't think it would be as easy as just hexediting the IMEI into the relevant location in the image (or at least, I hope it isn't). Remember that the IMEI is used to uniquely identify phones on the cell network so that it can be blocked if the phone is reported as stolen. For this reason it's not supposed to be easy to change, and it's illegal in some places to do it.

I know that this would be intended to be used to restore the IMEI, but it could just as easily be used to change the IMEI for stolen phones.

Forcing the response from the Java call won't do anything - it would only be used to show the number in android, and not by the hardware.

Send your phone back under warranty.
The Following 2 Users Say Thank You to stockwell For This Useful Post: [ View ] Gift stockwell Ad-Free
31st October 2011, 01:21 PM |#5  
freeko2's Avatar
Member
Thanks Meter: 9
 
More
Quote:
Originally Posted by stockwell

I don't think it would be as easy as just hexediting the IMEI into the relevant location in the image (or at least, I hope it isn't). Remember that the IMEI is used to uniquely identify phones on the cell network so that it can be blocked if the phone is reported as stolen. For this reason it's not supposed to be easy to change, and it's illegal in some places to do it.

I know that this would be intended to be used to restore the IMEI, but it could just as easily be used to change the IMEI for stolen phones.

Forcing the response from the Java call won't do anything - it would only be used to show the number in android, and not by the hardware.

Send your phone back under warranty.

But in my case I want to restore it not change it.. so its my right. And because some may miss use it I will not reveal how.

Sent from my u8800 using xda premium
31st October 2011, 03:05 PM |#6  
Junior Member
Flag moscow
Thanks Meter: 1
 
More
Quote:
Originally Posted by stockwell

Send your phone back under warranty.


We do not mind to send the warranty, but it will not take as imei = 0
31st October 2011, 05:00 PM |#7  
turbo.exe's Avatar
OP Junior Member
Flag Minsk
Thanks Meter: 15
 
More
Quote:
Originally Posted by stockwell

Send your phone back under warranty.

Of course, it would be the simpliest way to solve the problem, but in any warranty there is a clause that warranty becomes invalid if IMEI has been changed We would not mind the problem and would just send our phones to warranty, but... it has become invalid, so now we need to have our IMEIs restored...
Quote:
Originally Posted by stockwell

Forcing the response from the Java call won't do anything

You've missunderstood me. The idea is to reveal an IMEI decryption algorythm by looking through the getDeviceId() functions body. I expect to see there something like this (func names are not real):
Code:
function getDeviceId()
{
	$imei = fread(0x12345678); //some code to reveal where IMEI is stored
	$imei_num = decrypt_sha1($imei, $key_to_decrypt); //some code to reveal the decryption key and method
	return $imei_num;
}
Something like this may help us to write some other code to restore our broken IMEIs and warrantys, for example:
Code:
function restoreDeviceId($imei_to_restore)
{
	$imei_encrypted = encrypt_sha1($imei_to_restore, $key_to_decrypt); //here we use an encryption key we discovered in prev. step
	if(fwrite(0x12345678, $imei_encrypted)) return true; //here we use the mem adress we discovered in prev. step
	return false;
}
Of course, I don't expect this to be that easy as in examples above, but I'm ready to digg

PS: i've just sent an email to the Huawei support with problem description. hope, they can help...
1st November 2011, 05:32 PM |#8  
krish_nank's Avatar
Senior Member
Flag Karnataka
Thanks Meter: 59
 
More
Kindly let me know if they reply positive ,need to restore mine too.....
21st November 2011, 02:40 PM |#9  
Senior Member
Thanks Meter: 139
 
More
Hello ppl...

I have the same problem, IMEI = 0.

I'm pretty sure that the IMEI was not in any way changed, since I can register on my network.... and supposedely that is not possible with an IMEI nulled.

By the way, I was with CM7 and also formated the SD Card within android system, guessing that could be the reason for that.


Related or not, I started having troubles with non working wifi and SD Card with 2.3 based roms... with original roms or FLB (2.2.2) system works fine.


It would be very helpfull to some of us if one of the Devs could take a look at this problem.

Thank you all!
26th November 2011, 10:22 PM |#10  
Senior Member
Thanks Meter: 139
 
More
stockwell, genokolar, dzo...

Can you help us ?!?!?! PLEEEEEAAAASSSSEEEEEEEEEEEEEEE

I miss my 2.3 roms
28th November 2011, 02:38 PM |#11  
Junior Member
Thanks Meter: 0
 
More
My X5 also had nulled IMEI.
Also it had WI-FI MAC address changed to new value and SD-card problems (unknown hardware on my PC and recognized as CD-drive).

Service center guy said that it all hardware issues and main-board to be replaced. So it's covered by warranty (despite the fact that I admitted that I had rooted the phone and had installed custom ROM).

Today a was notified that the phone was fixed. I'll get it back tomorrow.

I'm from ex-USSR too (Moscow).
Post Reply Subscribe to Thread

Tags
imei, nulled

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes