Recently, there were a plenty of cases with imei changed to zero. In this sub-forum, there were already three cases (), and in our local ex-USSR community there were a lot more of them. The problem comes up in an absolutely random way. In my case, it started when I tried 'format sd-card' function, built into the MIUI rom. But if you look through, you'll find that other cases have nothing in common. So, the conclusion is that there is a bug in Huawei internal firmware, that leads to nulling the IMEI. Further comes the problem workout:
in our community (4pda.ru) we've found an app (it's attached), that is able to back-up and restore IMEI. we've revealed, that the code for IMEI back-up is
dd if=/dev/block/mmcblk0p5 of=/sdcard/imeibackup/5.img
dd if=/dev/block/mmcblk0p10 of=/sdcard/imeibackup/10.img
dd if=/dev/block/mmcblk0p11 of=/sdcard/imeibackup/11.img
It reads all data from mmcblk0pXX partitions and writes it into XX.img files (images) in the imeibackup folder, stored on the sd-card. The main idea of how to restore our broken IMEI's is:
1. create the backup of IMEI using this app;
2. replace our current IMEI with our actual IMEI in theese *.img files (images);
3. restore IMEI using this app;
The idea is perfect and is easy-to-guess, but non of theese images contain IMEI in raw. Probably, they are crypted, and with no key to encrypt them, we would not be able to replace current IMEI with actual IMEI.
I will be happy to be wrong and if anyone of you could help to find the IMEI string in theese images (all info is in attach).
But there is also another way. Android SDK contains android.telephony.TelephonyManager.getDeviceId() function that returns an IMEI of the current phone. The idea is to find the body of the function (Android OS source is free-to-download, isn't it?) (it might be decrypting those partitions for further IMEI fetching) and using it, understand how to turn our IMEI into factory condition.
There might be a problem if this function only makes a RemoteProcedureCall to the phone firmware and the phone firmware actually decrypts those partitions and fetches an IMEI. In this case, we'll need some reverce-ingeneering: we'll need to write a core module, that will set hooks on the open/read_file/partition functions of our mmcblk0pXX partitions, open the stack, make a backtrace and a dump of the functions that called for them.
actually, my programming skills are too poor both for the first easy way (find the getDeviceId() function body) and surely, for reverce-ingeneering. Thar's why, there is a request for the xda-developers community:
If you are a Java programmer, could you please help us to find the android.telephony.TelephonyManager.getDeviceId() function body? If yes, could you please explain us its algorithm in a common language? We will be glad for any help.
for moderators: yes, i've already read all the cautions about the responsibility of IMEI change (in any purpose), thank you.