[Guide] [XT16XX] [Solve] Moto G4/Plus IMEI=0 issue

Search This thread

WolfMagic

New member
Jun 21, 2009
2
1
Hi! Thanks a lot for your post. You save my Moto g4 after flash stock ROM.
The only difference that I found is that the IMEI file are owned by system instead of number. Anyway I perform a chown and now emei is ok and registration to network works.

Thanks a lot!!!!
Emmanuele
 
  • Like
Reactions: Tetcare99

Tetcare99

Senior Member
Jan 15, 2019
60
10
Hi! Thanks a lot for your post. You save my Moto g4 after flash stock ROM.
The only difference that I found is that the IMEI file are owned by system instead of number. Anyway I perform a chown and now emei is ok and registration to network works.

Thanks a lot!!!!
Emmanuele
How do you bro... After Oreo update my imei numbers gone
I did tried using some softwares it's should be required ports like diagnostic mode ect but my PC doesn't recognized any mode it's shows just charging point . I did install Qualcomm drivers and Motorola drivers but still not recognized ... Please help me

Note: recently I did recovered my phone after hardbricked
Give me Any valuable suggestions
:crying::crying::crying:
 

Tetcare99

Senior Member
Jan 15, 2019
60
10
I tried fastboot getvar imei
It's shows imei numbers
How to restore imei numbers
Note: phone not rooted
And aslo I tried fastboot bootloader bootloader. I'm going
Fastboot erase modemst1
Fastboot erase modemst2
But not respond as usual same problem.
Do I will try to root ? Recently recovered my phone from hardbricked
Please give me best solution:crying:
 

HeethJain21

Senior Member
Mar 10, 2015
457
206
Mumbai
I tried fastboot getvar imei
It's shows imei numbers
How to restore imei numbers
Note: phone not rooted
And aslo I tried fastboot bootloader bootloader. I'm going
Fastboot erase modemst1
Fastboot erase modemst2
But not respond as usual same problem.
Do I will try to root ? Recently recovered my phone from hardbricked
Please give me best solution:crying:

The first two lines mentioned in "Red" states that simple flashing Stock Oreo via fastboot will fix IMEI
 

Tetcare99

Senior Member
Jan 15, 2019
60
10
Important:
Now since Official Oreo is out, you can simply update to Official Oreo via fastboot and your IMEI will be restored.
This method will not work if you have restored other device's persist from some Youtube video or some Internet guide.
Read post #3 if you have restored some other persist and do not have a backup of your original persist.

Hello everyone, this is a guide for solving the problem for IMEI = 0 on Moto G4/Plus which is caused after flashing stock ROM.
I got this problem last week and was constantly researching for the solution to this problem for the past 5 days and finally, I was able to get my IMEI back on my Moto G4 Plus (XT1643).

Note: I will be using stock firmware and stock ROM interchangeably in this thread as a lot of people consider it the same so don't get confused since I am by no means referring to the /firmware partition.

There are two common and major problems which occur while flashing custom/stock ROMs:
1. IMEI = Unknown and Baseband = Unknown
2. IMEI = 0

1st Problem:
Reason: You flashed the firmware/stock ROM which wasn't meant for your device.
Solution: Flash the firmware which is made for your device like XT1621 or XT1643, etc.

2nd Problem:
This is a major problem and there are two reasons for this:
1. Mess up your persist partition.
2. fastboot erase all command.

If your problem is caused by the first reason, it might be possible to fix it.
However, if the problem is caused by the second reason, I'm sorry I don't know if a solution to this problem exists.

Firstly you need to check if your device still has IMEI intact or not. For that use the following command through fastboot in the bootloader mode:

If the command returns an IMEI, it means that the IMEI is not completely lost and it can be recovered.

However, if the command returns IMEI as 0, then there are two reasons:
1. Either you flashed the bootloader that wasn't meant for your device. This can be solved by flashing the correct bootloader which is made for your device again by the command:

2. If you have flashed the correct bootloader that is meant for your device and facing this issue, I'm sorry I don't think there is a solution to this problem. This problem is either caused by fastboot erase all command (which erases everything like IMEI from the device's motherboard or the place where IMEI is permanently stored) or some hardware issue.

Here is a little explanation:

Device specific or device unique IDs are stored in a separate place in the device like the motherboard or some other place which I am unaware of.
When EFS partition is created, it picks up the IMEI from that unique place in the device like the motherboard (or some other place which I am unaware of) where the IMEI is stored.

On every reboot, EFS partition is checked and if it does not exists, the Android system by default creates it.
When we flash stock ROM, we use the following commands:

These commands wipe the EFS partition and on rebooting, EFS partition is recreated.
But, in some cases, the EFS partition is not able to regenerate IMEI or the Android system is unable to recreate it and so we are left with IMEI = 0.

Here is a detailed explanation regarding this issue:

4) Explanation

4a) What happened to persist.

To understand what happened, you need to know a few things about filesystem permissions in Linux. Files and folders have user and group ownership, and permissions. Examples of owners are the system, root, user, etc. Examples of permissions are read access, write access, execute access. The permissions are applied at three levels 1) the user, 2) the group, 3) everyone else.

@rachitrawat's investigation into the failures showed that the issue was relating to the persist partition, specifically some files dhob.bin etc that are under the rfs sub folder in this partition. Under stock, these files/folders are owned by a user called rfs, and have group ownership under a group also called rfs. Additionally, the permissions on these files/folders are limited - only the rfs user can read/write/execute these files. Other users, groups, or everyone else, cannot access the files.

There was a change in the Oreo roms. If you flash and boot into an Oreo rom, and you look at the permissions/ownership, you will see that a user and group oem_2951 owns the rfs folder, and a group oem_2952 owns the hlos_rfs folder. Now this is a different name, but on its own, a different name does not mean different ownership.

In Linux, all users and groups are assigned an ID, i.e. a number. So something happened in lineage that changed the user IDs that are applied to the rfs folder.

If you look at the ownership of persist files/folders within TWRP, you will see that a STOCK PERSIST has the owner of the rfs folder as rfs_old. Similarly in TWRP, a LINEAGE PERSIST has the owner of the rfs folder as rfs. So TWRP is seeing owners differently again to stock and Lineage. Trying to run the above commands in TWRP will not fix the issue, as it will use ID 2951 for the user rfs, but we need it to be 3012 in stock (which TWRP sees as rfs_old).

In addition to the rfs folder, there is also another folder that is impacted - hlos_rfs. Its user owner is rfs, but its group owner if rfs_shared. A stock rfs_shared is shown as rfs_shared_o in TWRP. It appears that this folder is not as important in getting the IMEI back, but I have included the commands to restore ownership, to ensure there are no future errors.

4b) What happened to IMEI.

Despite the issue above, many people who flashed Oreo roms would have had no problems (other than I guess, bugs in the roms themselves). The change of ownership of the rfs folder didn't change the actual file content, so essentially all is intact. In fact, I verified that my dhob.bin and other files had the same md5sum in stock and lineage persist.

The issue of the IMEI changing to zero has only happened when people have flashed Stock roms. All of the guides that I have seen, have included the following commands (and equivalent commands have been included in the TWRP flashable stock builds as well):


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Solution:

I have made a youtube video for this which just shows how to fix the issue and does not goes into explanation of the problem as well as the solution. Here is the link: Moto G4/G4 Plus IMEI=0 fix

Pre-requisites:
You must be on Stock Nougat 7.0
You must be rooted (install Elemental-X kernel first and then flash Magisk otherwise you will have boot issues)
You must be on your own persist
Terminal app or adb drivers in PC/Laptop


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 1: Check if there is a problem with persist

Note: The below commands are to be typed in a terminal app or adb shell.
Q) How to type in adb shell?
A) Open command prompt in the folder where you have adb and fastboot installed and type:


So lets start now!


This command it to get root access for the terminal/shell. Grant the root access and you will see that the $ symbol is replaced with # symbol which means that root access has been granted.


If your presist has some problem, then you can see the following as the output.

You can see system instead of these red number if you flash Soak Test before flashing Stock ROM, so no worries, as the process will remain the same.

As it can be seen in the red part, the owner of rfs folder is a number (2951) which means that the system is unable to identify its real owner.
Also the owner of hlos_rfs folder is a number too (2952) which also means that the system is unable to identity its real owner.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 2: Check for the key persist files

If you run the above command, you will see something similar to this:

Note: The key files here are dhob.bin, shob.bin, id_00 and id_01.
Your IMEI is stored in id_00 (first IMEI) and id_01 (second IMEI)
dhob.bin and shob.bin are responsible to create the EFS partition.

Note: If you do not have dhob.bin.bak, you will still be able to get your IMEI back (tested and confirmed working on Moto G4 Plus(athene)), however if you have some other device like Moto G5 Plus(potter) or Moto G5s Plus(sanders), you cannot get your IMEI back with this method however trying won't hurt.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step 3: Fix the your persist

For this step, there is also a TWRP flashable zip file which will fix the persist. So for those who do not want to type the commands manually, you can simply flash the zip file (Tested and working).
Downloads:
Link: https://www.androidfilehost.com/?fid=11410963190603873125
md5: 5aac75092fc84f46dd5c6bd443df0748

These commands will restore the owners of rfs and hlos_rfs folder back to their respective original owners (rfs and rfs_shared):


Alternatively, you can also type:


You will see no output on typing the first command, however, you may or may not see any output after typing the second command (there was an output shown on my device but not on the other tested devices). I'm sorry I don't have that output stored, if someone who can see it, please repond so the thread can be updated.

3012 is infact the id for rfs folder and 3013 is the id for hlos_rfs folder so instead of typing their names, you can also type their ids.

Now, to check if the owners of rfs and hlos_rfs have been set back to their original ones, type this command:

If everything went fine, you should be able to see the following output:
The below output will be seen on a perfectly fine persist as well

As you can see here that the owner of rfs folder is rfs folder and the owner of hlos_rfs folder is rfs_shared folder, the problem has been resovled.

Reboot your device and the problem should be fixed and you will be able (hopefully) to get your IMEI back by either typing *#06# in phone dialer or in Settings>About Phone>Status>IMEI Information.
On rebooting, the system will check for the EFS folder and since it didn't exist earlier, it will be recreated by the system and therefore you will get your IMEI back.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

A huge thanx to NZedPred, rachitrawat, for doing in depth research in this problem and coming up with a solultion.
Also, I would like to thank Tyrantre who did a lot of research for this problem and has posted the workaround which was tried here in this thread here: Diag Mode with G4 for QPSD? which finally lead me to NZedPred's below thread as I could understand what was the problem due to which IMEI was set to 0 and why Diag mode wouldn't work.

Note: This thread was made with the help of the following guide which is confirmed to be working on Moto G5 Plus (potter) Fix Persist, resolve IMEI=0, Volte, 4G, Explanation, Requirements.

Note: This guide is made for G4/Plus and I have hardly done anything to fix this problem apart from making this thread, so all credits go to the respective owners who did research in this problem. This guide should work on other Motorola devices too as we aren't focusing on device-specific fixes that will only work on Moto G4 Plus.

Refer post #2 for fixing other issues faced after recovering IMEI.
Bro ..I did tried this
Here the results
athene_f:/ $ su
athene_f:/ # chown-R rfs:rfs/persist/rfs
/system/bin/sh: chown-R: not found
127|athene_f:/ # chown -R rfs:rfs_shared/persist/hlos_rfs
See chown --help
chown: Need 2 arguments
1|athene_f:/ # chown -R 3012:3012/persist/rfs
See chown --help
chown: Need 2 arguments
1|athene_f:/ # chown -R 3012:3012 /persist/hlos_rfs
athene_f:/ # chown -R 3012:3012 /persist/rfs
athene_f:/ # chown -R 3012:3012 /persist/hlos_rfs
athene_f:/ # is -i /persist
/system/bin/sh: is: not found
127|athene_f:/ # is -1 /persist
/system/bin/sh: is: not found
127|athene_f:/ # is -I/persist
/system/bin/sh: is: not found
127|athene_f:/ # is -l/persist
/system/bin/sh: is: not found
127|athene_f:/ # Is-l/persist
/system/bin/sh: Is-l/persist: not found
127|athene_f:/ # is-l /persist
/system/bin/sh: is-l: not found
127|athene_f:/ # chown -R 3012:3012 /persist/rfs
athene_f:/ # chown -R 3012:3013 /persist/hlos_rfs
athene_f:/ # is-1 /persist
/system/bin/sh: is-1: not found
127|athene_f:/ # is -l /persist
/system/bin/sh: is: not found
127|athene_f:/ # is-I/persist
/system/bin/sh: is-I/persist: not found
127|athene_f:/ #

---------- Post added at 05:02 AM ---------- Previous post was at 05:01 AM ----------

Bro ..I did tried this
Here the results
athene_f:/ $ su
athene_f:/ # chown-R rfs:rfs/persist/rfs
/system/bin/sh: chown-R: not found
127|athene_f:/ # chown -R rfs:rfs_shared/persist/hlos_rfs
See chown --help
chown: Need 2 arguments
1|athene_f:/ # chown -R 3012:3012/persist/rfs
See chown --help
chown: Need 2 arguments
1|athene_f:/ # chown -R 3012:3012 /persist/hlos_rfs
athene_f:/ # chown -R 3012:3012 /persist/rfs
athene_f:/ # chown -R 3012:3012 /persist/hlos_rfs
athene_f:/ # is -i /persist
/system/bin/sh: is: not found
127|athene_f:/ # is -1 /persist
/system/bin/sh: is: not found
127|athene_f:/ # is -I/persist
/system/bin/sh: is: not found
127|athene_f:/ # is -l/persist
/system/bin/sh: is: not found
127|athene_f:/ # Is-l/persist
/system/bin/sh: Is-l/persist: not found
127|athene_f:/ # is-l /persist
/system/bin/sh: is-l: not found
127|athene_f:/ # chown -R 3012:3012 /persist/rfs
athene_f:/ # chown -R 3012:3013 /persist/hlos_rfs
athene_f:/ # is-1 /persist
/system/bin/sh: is-1: not found
127|athene_f:/ # is -l /persist
/system/bin/sh: is: not found
127|athene_f:/ # is-I/persist
/system/bin/sh: is-I/persist: not found
127|athene_f:/ #
Already phone rooted and I did flash persist file using twrp
 

echo92

Senior Member
Jan 1, 2017
3,732
1,989
Plymouth
Bro ..I did tried this
Here the results
athene_f:/ $ su
athene_f:/ # chown-R rfs:rfs/persist/rfs
/system/bin/sh: chown-R: not found
127|athene_f:/ # chown -R rfs:rfs_shared/persist/hlos_rfs
See chown --help
chown: Need 2 arguments
1|athene_f:/ # chown -R 3012:3012/persist/rfs
See chown --help
chown: Need 2 arguments
1|athene_f:/ # chown -R 3012:3012 /persist/hlos_rfs
athene_f:/ # chown -R 3012:3012 /persist/rfs
athene_f:/ # chown -R 3012:3012 /persist/hlos_rfs
athene_f:/ # is -i /persist
/system/bin/sh: is: not found
127|athene_f:/ # is -1 /persist
/system/bin/sh: is: not found
127|athene_f:/ # is -I/persist
/system/bin/sh: is: not found
127|athene_f:/ # is -l/persist
/system/bin/sh: is: not found
127|athene_f:/ # Is-l/persist
/system/bin/sh: Is-l/persist: not found
127|athene_f:/ # is-l /persist
/system/bin/sh: is-l: not found
127|athene_f:/ # chown -R 3012:3012 /persist/rfs
athene_f:/ # chown -R 3012:3013 /persist/hlos_rfs
athene_f:/ # is-1 /persist
/system/bin/sh: is-1: not found
127|athene_f:/ # is -l /persist
/system/bin/sh: is: not found
127|athene_f:/ # is-I/persist
/system/bin/sh: is-I/persist: not found
127|athene_f:/ #

---------- Post added at 05:02 AM ---------- Previous post was at 05:01 AM ----------


Already phone rooted and I did flash persist file using twrp

1) please edit your post to remove the quoted post, it makes it difficult to read your post otherwise.

For the ls -l command, you're missing spaces between the -l and persist . The command should be ls -l persist (ls and -l are lower case l, not i)

What are the results of the commands from step 1 and 2?
 

HenrySoto

Member
Jun 21, 2019
24
0
maracaibo
Tomorrow I'll Flash a stock 8.1 rom with a stock kernel, I'm with arrow 9 OS, i already do a efs backup vía twrp, if i only install zips vía twrp (wipe cache, dalvin, system, data) had a chance to get IMEI 0 ?????
 

SayanChakroborty

Senior Member
Mar 7, 2016
55
30
Kolkata
Nope

Tomorrow I'll Flash a stock 8.1 rom with a stock kernel, I'm with arrow 9 OS, i already do a efs backup vía twrp, if i only install zips vía twrp (wipe cache, dalvin, system, data) had a chance to get IMEI 0 ?????

My guess is if you flash stock 8.1 via twrp nothing unusual is gonna happen, but you should still backup all partitions as mentioned in this thread just to be safe.:good:
 

echo92

Senior Member
Jan 1, 2017
3,732
1,989
Plymouth
Only backup efs folder vía twrp, need to back yo another one? :eek:

It's good practice to have a backup before switching firmwares, so you can revert back if anything goes wrong.

Usually, you'll want to back up system, boot, data, (efs if you want). Then keep that back up off your device, like on a SD card, as the flash to official 8.1 will wipe your data.
 

Lathulerie12

New member
Jul 25, 2019
1
0
I followed all the steps and my device continues IMEI 0.

I have XT1621.

My persist have no
Code:
[COLOR="red"]/persist/rfs/msm/mpss/datablock/id_00
/persist/rfs/msm/mpss/datablock/id_01[/COLOR]
/persist/rfs/msm/mpss/server_check.txt
/persist/rfs/msm/mpss/dhob.bin
/persist/rfs/msm/mpss/shob.bin
[COLOR="Red"]/persist/rfs/msm/mpss/dhob.bin.ba[/COLOR]k

Please Help.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 21
    Important:
    Now since Official Oreo is out, you can simply update to Official Oreo via fastboot and your IMEI will be restored.
    This method will not work if you have restored other device's persist from some Youtube video or some Internet guide.
    Read post #3 if you have restored some other persist and do not have a backup of your original persist.


    For those who can't read this much, here is a better guide for you:

    Hello everyone, this is a guide for solving the problem for IMEI = 0 on Moto G4/Plus which is caused after flashing stock ROM.
    I got this problem last week and was constantly researching for the solution to this problem for the past 5 days and finally, I was able to get my IMEI back on my Moto G4 Plus (XT1643).

    Note: I will be using stock firmware and stock ROM interchangeably in this thread as a lot of people consider it the same so don't get confused since I am by no means referring to the /firmware partition.

    There are two common and major problems which occur while flashing custom/stock ROMs:
    1. IMEI = Unknown and Baseband = Unknown
    2. IMEI = 0

    1st Problem:
    Reason: You flashed the firmware/stock ROM which wasn't meant for your device.
    Solution: Flash the firmware which is made for your device like XT1621 or XT1643, etc.

    2nd Problem:
    This is a major problem and there are two reasons for this:
    1. Mess up your persist partition.
    2. fastboot erase all command.

    If your problem is caused by the first reason, it might be possible to fix it.
    However, if the problem is caused by the second reason, I'm sorry I don't know if a solution to this problem exists.

    Firstly you need to check if your device still has IMEI intact or not. For that use the following command through fastboot in the bootloader mode:
    Code:
    fastboot getvar imei
    If the command returns an IMEI, it means that the IMEI is not completely lost and it can be recovered.

    However, if the command returns IMEI as 0, then there are two reasons:
    1. Either you flashed the bootloader that wasn't meant for your device. This can be solved by flashing the correct bootloader which is made for your device again by the command:
    Code:
    fastboot flash bootloader bootloader.img
    2. If you have flashed the correct bootloader that is meant for your device and facing this issue, I'm sorry I don't think there is a solution to this problem. This problem is either caused by fastboot erase all command (which erases everything like IMEI from the device's motherboard or the place where IMEI is permanently stored) or some hardware issue.

    Here is a little explanation:

    Device specific or device unique IDs are stored in a separate place in the device like the motherboard or some other place which I am unaware of.
    When EFS partition is created, it picks up the IMEI from that unique place in the device like the motherboard (or some other place which I am unaware of) where the IMEI is stored.

    On every reboot, EFS partition is checked and if it does not exists, the Android system by default creates it.
    When we flash stock ROM, we use the following commands:
    Code:
    fastboot erase modemst1
    fastboot erase modemst2
    These commands wipe the EFS partition and on rebooting, EFS partition is recreated.
    But, in some cases, the EFS partition is not able to regenerate IMEI or the Android system is unable to recreate it and so we are left with IMEI = 0.

    Here is a detailed explanation regarding this issue:
    4) Explanation

    4a) What happened to persist.

    To understand what happened, you need to know a few things about filesystem permissions in Linux. Files and folders have user and group ownership, and permissions. Examples of owners are the system, root, user, etc. Examples of permissions are read access, write access, execute access. The permissions are applied at three levels 1) the user, 2) the group, 3) everyone else.

    @rachitrawat's investigation into the failures showed that the issue was relating to the persist partition, specifically some files dhob.bin etc that are under the rfs sub folder in this partition. Under stock, these files/folders are owned by a user called rfs, and have group ownership under a group also called rfs. Additionally, the permissions on these files/folders are limited - only the rfs user can read/write/execute these files. Other users, groups, or everyone else, cannot access the files.

    There was a change in the Oreo roms. If you flash and boot into an Oreo rom, and you look at the permissions/ownership, you will see that a user and group oem_2951 owns the rfs folder, and a group oem_2952 owns the hlos_rfs folder. Now this is a different name, but on its own, a different name does not mean different ownership.

    In Linux, all users and groups are assigned an ID, i.e. a number. So something happened in lineage that changed the user IDs that are applied to the rfs folder.

    If you look at the ownership of persist files/folders within TWRP, you will see that a STOCK PERSIST has the owner of the rfs folder as rfs_old. Similarly in TWRP, a LINEAGE PERSIST has the owner of the rfs folder as rfs. So TWRP is seeing owners differently again to stock and Lineage. Trying to run the above commands in TWRP will not fix the issue, as it will use ID 2951 for the user rfs, but we need it to be 3012 in stock (which TWRP sees as rfs_old).

    In addition to the rfs folder, there is also another folder that is impacted - hlos_rfs. Its user owner is rfs, but its group owner if rfs_shared. A stock rfs_shared is shown as rfs_shared_o in TWRP. It appears that this folder is not as important in getting the IMEI back, but I have included the commands to restore ownership, to ensure there are no future errors.

    4b) What happened to IMEI.

    Despite the issue above, many people who flashed Oreo roms would have had no problems (other than I guess, bugs in the roms themselves). The change of ownership of the rfs folder didn't change the actual file content, so essentially all is intact. In fact, I verified that my dhob.bin and other files had the same md5sum in stock and lineage persist.

    The issue of the IMEI changing to zero has only happened when people have flashed Stock roms. All of the guides that I have seen, have included the following commands (and equivalent commands have been included in the TWRP flashable stock builds as well):
    Code:
    fastboot erase modemst1
    fastboot erase modemst2

    The partitions modemst1 and modemst2 are your EFS. Normally, if your persist is pure stock, if either is erased, the modem re-creates them. But, referring to the above about permissions, if the rfs user (which is presumably used by the modem) cannot access the files (because the owner of the files is someone else, and the permissions on the files mean that only the owner can access them), then the modem cannot recreate the EFS, and the IMEI is left as zero.

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​

    Solution:

    I have made a youtube video for this which just shows how to fix the issue and does not goes into explanation of the problem as well as the solution. Here is the link: Moto G4/G4 Plus IMEI=0 fix


    Pre-requisites:
    • You must be on Stock Nougat 7.0
    • You must be rooted (install Elemental-X kernel first and then flash Magisk otherwise you will have boot issues)
    • You must be on your own persist
    • Terminal app or adb drivers in PC/Laptop

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​

    Step 1: Check if there is a problem with persist

    Note: The below commands are to be typed in a terminal app or adb shell.
    Q) How to type in adb shell?
    A) Open command prompt in the folder where you have adb and fastboot installed and type:

    Code:
    adb shell

    So lets start now!

    Code:
    su
    This command it to get root access for the terminal/shell. Grant the root access and you will see that the $ symbol is replaced with # symbol which means that root access has been granted.

    Code:
    ls -l /persist
    If your presist has some problem, then you can see the following as the output.
    Code:
    athene_f:/ # ls -l /persist
    total 176
    drwxrwx--- 2 system    system    4096 2018-10-21 07:40 alarm
    drwxr-xr-x 2 mot_pwric mot_pwric 4096 1969-12-31 19:02 batt_health
    drwxrwx--- 2 bluetooth bluetooth 4096 2017-01-12 03:35 bluetooth
    drwxr-xr-x 2 mot_tcmd  bluetooth 4096 1969-12-31 19:02 bt
    drwxr-xr-x 4 mot_tcmd  mot_tcmd  4096 1969-12-31 19:02 camera
    drwxr-xr-x 2 root      root      4096 2016-07-31 00:43 coresight
    drwx------ 5 system    system    4096 2017-01-12 05:21 data
    drwxrwx--- 2 system    graphics  4096 1969-12-31 19:02 display
    drwxrwx--- 2 system    system    4096 1969-12-31 19:02 drm
    drwxr-xr-x 4 mot_tcmd  mot_tcmd  4096 1970-01-01 06:48 factory
    [COLOR="red"]drwxrwx--- 3 2951      2952      4096 1969-12-31 19:02 hlos_rfs[/COLOR]
    drwx------ 2 root      root      4096 1969-12-31 19:00 lost+found
    drwxrwx--- 2 radio     radio     4096 2016-08-04 20:26 mdm
    drwxrwx--- 3 system    system    4096 2017-11-09 16:30 misc
    drwxrwx--- 2 system    system    4096 1970-02-11 17:39 properties
    drwxr-xr-x 8 mot_tcmd  mot_tcmd  4096 1969-12-31 19:02 public
    [COLOR="red"]drwx------ 6 2951      2951      4096 1969-12-31 19:02 rfs[/COLOR]
    drwxrws--- 2 mot_tpapi mot_tpapi 4096 2016-11-17 16:38 security
    drwxrwxr-x 2 system    system    4096 2016-07-31 00:43 sensors
    drwxrwx--- 2 system    system    4096 2018-09-10 18:13 time
    drwxr-xr-x 2 mot_tcmd  mot_tcmd  4096 1969-12-31 19:02 wifi
    drwxrwxr-x 2 mot_drm   mot_drm   4096 1969-12-31 19:02 wmdrm
    athene_f:/ #
    You can see system instead of these red number if you flash Soak Test before flashing Stock ROM, so no worries, as the process will remain the same.

    As it can be seen in the red part, the owner of rfs folder is a number (2951) which means that the system is unable to identify its real owner.
    Also the owner of hlos_rfs folder is a number too (2952) which also means that the system is unable to identity its real owner.

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​

    Step 2: Check for the key persist files
    Code:
    find /persist -type f
    If you run the above command, you will see something similar to this:
    Code:
    athene_f:/ # find /persist -type f
    /persist/coresight/qdss.agent.sh
    /persist/coresight/qdss.config.sh
    /persist/coresight/qdss.functions.sh
    /persist/sensors/sensors_settings
    /persist/data/sfs/6lgxCka66cxdsueYeHhCqx+j1DI_
    /persist/data/sfs/VsxbuQew8Rbt0TRZjDAX8S9tV+M_
    /persist/data/sfs/KfLHQpS5zKuygZcMelQOTtWzBvw_
    /persist/data/sfs/R9+zCYj56-AHybZuQCWLm2H46E4_
    /persist/data/sfs/NjJIuGH0j7kE08PFwp1yw+BminY_
    /persist/data/sfs/7pU6SoXdsBUbDsxRiZOHNIjPVtw_
    /persist/data/sfs/yLawqeQeY8AQGJmo46PVJbfYVxY_
    /persist/data/tz/tz_counter
    /persist/data/tz/tz_counter.bak
    /persist/data/app_g/wv_usage
    /persist/camera/focus/offset_cal
    /persist/camera/ledcal/rear
    /persist/factory/audio/temp
    /persist/factory/audio/cnt
    /persist/factory/audio/acc
    /persist/factory/audio/f0
    /persist/factory/audio/ref_diff
    /persist/factory/fti
    /persist/public/hiddenmenu/data/mobile_data_rx
    /persist/public/hiddenmenu/data/mobile_data_tx
    /persist/public/hiddenmenu/data/wifi_data_rx
    /persist/public/hiddenmenu/data/wifi_data_tx
    /persist/public/hiddenmenu/data/factoryreset_time
    /persist/public/hiddenmenu/data/activation_date
    /persist/public/hiddenmenu/life_calls
    /persist/public/hiddenmenu/life_timer
    /persist/security/18.bin
    /persist/mdm/oma_dm_update
    /persist/.bt_nv.bin
    /persist/rfs/shared/server_info.txt
    /persist/rfs/msm/mpss/datablock/id_00
    /persist/rfs/msm/mpss/datablock/id_01
    /persist/rfs/msm/mpss/server_check.txt
    [COLOR="Red"]/persist/rfs/msm/mpss/dhob.bin
    /persist/rfs/msm/mpss/shob.bin[/COLOR]
    [COLOR="Green"]/persist/rfs/msm/mpss/dhob.bin.bak[/COLOR]
    /persist/rfs/msm/adsp/server_check.txt
    /persist/bluetooth/.bt_nv.bin
    /persist/time/ats_1
    /persist/time/ats_2
    /persist/time/ats_12
    /persist/time/ats_13
    /persist/time/ats_15
    /persist/time/ats_16
    /persist/.twrps
    athene_f:/ #
    Note: The key files here are dhob.bin, shob.bin, id_00 and id_01.
    Your IMEI is stored in id_00 (first IMEI) and id_01 (second IMEI)
    dhob.bin and shob.bin are responsible to create the EFS partition.


    Note: If you do not have dhob.bin.bak, you will still be able to get your IMEI back (tested and confirmed working on Moto G4 Plus(athene)), however if you have some other device like Moto G5 Plus(potter) or Moto G5s Plus(sanders), you cannot get your IMEI back with this method however trying won't hurt.

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​

    Step 3: Fix the your persist

    For this step, there is also a TWRP flashable zip file which will fix the persist. So for those who do not want to type the commands manually, you can simply flash the zip file (Tested and working).
    Downloads:
    Link: https://www.androidfilehost.com/?fid=11410963190603873125
    md5: 5aac75092fc84f46dd5c6bd443df0748


    These commands will restore the owners of rfs and hlos_rfs folder back to their respective original owners (rfs and rfs_shared):
    Code:
    chown -R rfs:rfs /persist/rfs
    chown -R rfs:rfs_shared /persist/hlos_rfs

    Alternatively, you can also type:
    Code:
    chown -R 3012:3012 /persist/rfs
    chown -R 3012:3013 /persist/hlos_rfs

    You will see no output on typing the first command, however, you may or may not see any output after typing the second command (there was an output shown on my device but not on the other tested devices). I'm sorry I don't have that output stored, if someone who can see it, please repond so the thread can be updated.

    3012 is infact the id for rfs folder and 3013 is the id for hlos_rfs folder so instead of typing their names, you can also type their ids.

    Now, to check if the owners of rfs and hlos_rfs have been set back to their original ones, type this command:
    Code:
    ls -l /persist
    If everything went fine, you should be able to see the following output:
    The below output will be seen on a perfectly fine persist as well
    Code:
    athene_f:/ # ls -l /persist
    total 176
    drwxrwx--- 2 system    system     4096 2018-10-21 07:40 alarm
    drwxr-xr-x 2 mot_pwric mot_pwric  4096 1969-12-31 19:02 batt_health
    drwxrwx--- 2 bluetooth bluetooth  4096 2017-01-12 03:35 bluetooth
    drwxr-xr-x 2 mot_tcmd  bluetooth  4096 1969-12-31 19:02 bt
    drwxr-xr-x 4 mot_tcmd  mot_tcmd   4096 1969-12-31 19:02 camera
    drwxr-xr-x 2 root      root       4096 2016-07-31 00:43 coresight
    drwx------ 5 system    system     4096 2017-01-12 05:21 data
    drwxrwx--- 2 system    graphics   4096 1969-12-31 19:02 display
    drwxrwx--- 2 system    system     4096 1969-12-31 19:02 drm
    drwxr-xr-x 4 mot_tcmd  mot_tcmd   4096 1970-01-01 06:48 factory
    [COLOR="red"]drwxrwx--- 3 rfs       rfs_shared 4096 1969-12-31 19:02 hlos_rfs[/COLOR]
    drwx------ 2 root      root       4096 1969-12-31 19:00 lost+found
    drwxrwx--- 2 radio     radio      4096 2016-08-04 20:26 mdm
    drwxrwx--- 3 system    system     4096 2017-11-09 16:30 misc
    drwxrwx--- 2 system    system     4096 1970-02-11 17:39 properties
    drwxr-xr-x 8 mot_tcmd  mot_tcmd   4096 1969-12-31 19:02 public
    [COLOR="red"]drwx------ 6 rfs       rfs        4096 1969-12-31 19:02 rfs[/COLOR]
    drwxrws--- 2 mot_tpapi mot_tpapi  4096 2016-11-17 16:38 security
    drwxrwxr-x 2 system    system     4096 2016-07-31 00:43 sensors
    drwxrwx--- 2 system    system     4096 2018-09-10 18:13 time
    drwxr-xr-x 2 mot_tcmd  mot_tcmd   4096 1969-12-31 19:02 wifi
    drwxrwxr-x 2 mot_drm   mot_drm    4096 1969-12-31 19:02 wmdrm
    athene_f:/ #
    As you can see here that the owner of rfs folder is rfs folder and the owner of hlos_rfs folder is rfs_shared folder, the problem has been resovled.

    Reboot your device and the problem should be fixed and you will be able (hopefully) to get your IMEI back by either typing *#06# in phone dialer or in Settings>About Phone>Status>IMEI Information.
    On rebooting, the system will check for the EFS folder and since it didn't exist earlier, it will be recreated by the system and therefore you will get your IMEI back.

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------​

    A huge thanx to NZedPred, rachitrawat, for doing in depth research in this problem and coming up with a solultion.
    Also, I would like to thank Tyrantre who did a lot of research for this problem and has posted the workaround which was tried here in this thread here: Diag Mode with G4 for QPSD? which finally lead me to NZedPred's below thread as I could understand what was the problem due to which IMEI was set to 0 and why Diag mode wouldn't work.


    Note: This thread was made with the help of the following guide which is confirmed to be working on Moto G5 Plus (potter) Fix Persist, resolve IMEI=0, Volte, 4G, Explanation, Requirements.

    Note: This guide is made for G4/Plus and I have hardly done anything to fix this problem apart from making this thread, so all credits go to the respective owners who did research in this problem. This guide should work on other Motorola devices too as we aren't focusing on device-specific fixes that will only work on Moto G4 Plus.

    Refer post #2 for fixing other issues faced after recovering IMEI.
    7
    Some Common Issues:

    Here are the issues observed after recovering IMEI:
    • Sim card detected but no network
    • Baseband version changed
    • Volte not working

    If you have any one of the above-mentioned problems, there is a specific thread made for those problems. Refer to this thread: [Guide] [XT16XX] [Solve] G4+ Baseband/Network/Volte issue, Lost 1 IMEI & fingerprint
    Please discuss any issues related to the above-mentioned problems in the above-provided thread (link).

    If you have any other issues apart from the issues mentioned above, discuss them here.

    --------------------------------------------------------------------------​

    Complete Backup Zip/Script (All partitions):

    Now since you have faced this issue, make sure to take a complete backup of all the partitions so that if you ever face an issue like this in future, you will always have your partitions with you to restore your device.

    Here is the link to the thread to take complete backup of all partitions: [Guide] [XT16XX] Moto G4/Plus Complete Partition Backup/Restore Zip/Script

    The above thread can backup/restore using TWRP flashable zip files for convenience.
    4
    There are a few youtube videos and internet guides which tells you to restore somebody else's persist file. That persist file is same in the Youtube video as well as those Internet guide (I have checked them).

    Persist is unique to each and every device and using somebody else's persist on your device will never work.

    IMEI is stored in /persist/rfs/msm/mpss/datablock directory where there are two files named as id_00 and id_01.
    id_00 contains your 1st IMEI and id_01 contains your second IMEI.

    The persist (from those guide and youtube videos) lacks id_00 and id_01 and since you restored that persist, you have those files missing as well. Those files are unique to every device anyways so if you try to restore a persist which has those files, it won't work too as your device's IMEI is different altogether.

    The only possible fix that comes to my mind is by manually editing the persist file.

    On comparing both the files in a hex editor, it is found that both of them are completely same except from memory address/location 00000028 to 000000C7.
    This makes me think that IMEI is stored between those memory locations.
    Furthermore, the first 14 digits of IMEI are stored from 00000028 to 0000002F in a different manner.
    This is how it is stored,

    Lets take a sample random IMEI: 3 12 34 56 78 90 12 34
    This will be stored as following: 3A 21 43 65 87 09 21 03

    Code:
     3A [COLOR="Black"]21[/COLOR] [COLOR="DarkRed"]43[/COLOR] [COLOR="Red"]65[/COLOR] [COLOR="Magenta"]87[/COLOR] [COLOR="Sienna"]09[/COLOR] [COLOR="DarkOrange"]21[/COLOR] [COLOR="DarkOliveGreen"]03[/COLOR]
      3 [COLOR="black"]12[/COLOR] [COLOR="darkred"]34[/COLOR] [COLOR="red"]56[/COLOR] [COLOR="magenta"]78[/COLOR] [COLOR="sienna"]90[/COLOR] [COLOR="darkorange"]12[/COLOR] [COLOR="darkolivegreen"]34[/COLOR]
    The first set of hex numbers is what is stored in id_00 and id_01
    The second set of hex numbers is what the actual IMEI is.

    As you can clearly notice the difference via colors that the digits are getting flipped. The persist is storing the last digit 4 in some different way.

    Why is there a letter A in the start just after 3, I found that it means that the last digit of IMEI stored in persist is 0. And that makes sense to as when you flip the last two digits i.e 03, you indeed get 30 which indicates the last digit is 0.

    I don't think I need to mention this, but if you have a dual sim device, the first thirteen digits of IMEI are same and only the last two digits are different.

    Now, this makes me conclude that the last digit of actual IMEI is stored in some way in the rest of the id_00 and id_01. And since most of the content in both the files are same, we just have to compare the part which is different as that part has that last digit of the two IMEIs stored.

    I can't upload the contents of my IMEI for obvious reasons. If we are able to find the pattern in which the last digit is stored inside those files, then I think we can edit them and it should solve the problem for those people. Of course, editing and putting on somebody else's IMEI in those files wouldn't work either as we have already tried replacing the entire id_00 and id_01 (infact entire working persist) but the IMEI still remains 0.

    Perhaps there is someplace (not talking about fastboot imei) where IMEI is stored as well, and while generation of EFS, that place and the persist are checked together and if the IMEIs in both the places match, you get your IMEI and if not, then it knows that IMEI has tampered and hence it doesn't work.

    This might be too dangerous as people could edit their IMEI and put on somebody else's IMEI and can create problems, but as I mentioned above, it doesn't work as you will need to have your own IMEI in persist.


    Update: Thanx to @NZedPred for correcting me. Even on deleting id_00 and id_01, and then eraseing EFS, we still get our IMEI.
    I also tried changing the first digit of dhob.bin file while keeping id_00 and if_01 intact and then erased EFS, but didn't get my IMEI.
    So, dhob.bin is the one which is responsible for IMEI creation and I am not able to understand anything inside dhob.bin.

    I am sorry, but I was already trying beyond my capabilities earlier by using many internet sources as reference and it was just by chance that I stumbled upon id_00 and id_01. I am going to stop here for now, as this stuff goes beyond my current capabilities. If I ever get to know anything, I will update it here so that if anybody else would like to continue, they could do it.

    I am sorry I tag you here, @echo92, @strongst, @NZedPred, @rachitrawat. This is what I was able to find out. I request you to read this post, and please help if you can. Thank You.
    2
    If you run the ls -l /persist command on android P ROM (which is causing this IMEI issue), this is the output you get:
    Code:
    athene:/ # ls -l /persist
    total 88
    drwxrwx--- 2 system           system            4096 1970-01-10 08:37 alarm
    drwxr-xr-x 2 vendor_mot_pwric vendor_mot_pwric  4096 1970-01-01 01:01 batt_health
    drwxrwx--- 2 bluetooth        bluetooth         4096 2018-03-29 00:04 bluetooth
    drwxr-xr-x 2 vendor_mot_tcmd  bluetooth         4096 1970-01-01 01:01 bt
    drwxr-xr-x 4 vendor_mot_tcmd  vendor_mot_tcmd   4096 2018-03-29 00:04 camera
    drwxr-xr-x 2 root             root              4096 2018-03-29 00:04 coresight
    drwx------ 5 system           system            4096 2018-03-29 00:04 data
    drwxrwx--- 2 system           graphics          4096 1970-01-01 01:01 display
    drwxrwx--- 2 system           system            4096 1970-01-01 01:01 drm
    drwxr-xr-x 4 vendor_mot_tcmd  vendor_mot_tcmd   4096 2018-03-29 00:04 factory
    [COLOR="red"]drwxrwx--- 3 vendor_rfs       vendor_rfs_shared 4096 2018-03-29 00:04 hlos_rfs[/COLOR]
    drwxrwx--- 2 root             root              4096 2018-03-29 00:04 lost+found
    drwxrwx--- 2 radio            radio             4096 2018-03-29 00:04 mdm
    drwxrwx--- 3 system           system            4096 2018-03-29 00:04 misc
    drwxrwx--- 2 system           system            4096 1970-05-31 18:25 properties
    drwxr-xr-x 8 vendor_mot_tcmd  vendor_mot_tcmd   4096 2018-03-29 00:04 public
    [COLOR="Red"]drwx------ 6 vendor_rfs       vendor_rfs        4096 2018-03-29 00:04 rfs[/COLOR]
    drwxrws--- 2 vendor_mot_tpapi vendor_mot_tpapi  4096 2018-03-29 00:04 security
    drwxrwxr-x 2 system           system            4096 2018-03-29 00:04 sensors
    drwxrwx--- 2 system           system            4096 2018-03-29 00:04 time
    drwxr-xr-x 2 vendor_mot_tcmd  vendor_mot_tcmd   4096 1970-01-01 01:01 wifi
    drwxrwxr-x 2 vendor_mot_drm   vendor_mot_drm    4096 1970-01-01 01:01 wmdrm
    Notice how, android Pie is using vendor suffix prefix.
    One fix that was thought was to fix the owners in android Pie ROM itself before flashing Stock ROM, but on rebooting, the owners were changed back to vendor_rfs and vendor_rfs_shared.

    Also, if you flash an Oreo ROM after flashing Pie ROM (which broke IMEI), this is the output you get:
    Code:
    athene_f:/ # ls -l /persist
    total 176
    drwxrwx--- 2 system    system     4096 2018-10-21 07:40 alarm
    drwxr-xr-x 2 mot_pwric mot_pwric  4096 1969-12-31 19:02 batt_health
    drwxrwx--- 2 bluetooth bluetooth  4096 2017-01-12 03:35 bluetooth
    drwxr-xr-x 2 mot_tcmd  bluetooth  4096 1969-12-31 19:02 bt
    drwxr-xr-x 4 mot_tcmd  mot_tcmd   4096 1969-12-31 19:02 camera
    drwxr-xr-x 2 root      root       4096 2016-07-31 00:43 coresight
    drwx------ 5 system    system     4096 2017-01-12 05:21 data
    drwxrwx--- 2 system    graphics   4096 1969-12-31 19:02 display
    drwxrwx--- 2 system    system     4096 1969-12-31 19:02 drm
    drwxr-xr-x 4 mot_tcmd  mot_tcmd   4096 1970-01-01 06:48 factory
    [COLOR="red"]drwxrwx--- 3 root      root       4096 2018-03-29 00:04 hlos_rfs[/COLOR]
    drwx------ 2 root      root       4096 1969-12-31 19:00 lost+found
    drwxrwx--- 2 radio     radio      4096 2016-08-04 20:26 mdm
    drwxrwx--- 3 system    system     4096 2017-11-09 16:30 misc
    drwxrwx--- 2 system    system     4096 1970-02-11 17:39 properties
    drwxr-xr-x 8 mot_tcmd  mot_tcmd   4096 1969-12-31 19:02 public
    [COLOR="red"]drwx------ 6 root      root       4096 2018-03-29 00:04 rfs[/COLOR]
    drwxrws--- 2 mot_tpapi mot_tpapi  4096 2016-11-17 16:38 security
    drwxrwxr-x 2 system    system     4096 2016-07-31 00:43 sensors
    drwxrwx--- 2 system    system     4096 2018-09-10 18:13 time
    drwxr-xr-x 2 mot_tcmd  mot_tcmd   4096 1969-12-31 19:02 wifi
    drwxrwxr-x 2 mot_drm   mot_drm    4096 1969-12-31 19:02 wmdrm
    athene_f:/ #

    Here are some of the points that can throw some light on the topic:

    Hey all,
    After spending hours on the IMEI 0 problem, here are my findings:

    1. IMEI is stored in nv 550 variable in QCN. However, this variable is write protected. This means all IMEI write programs such as QCOM Write IMEI tool will fail.
    2. Interestingly, only IMEI 1 is stored in the nv. IMEI 2 is derived by performing some fixed hex arithmetic on IMEI 1.
    3. IMEI also seems encrypted since the nv 550 in QCN never has a correct hex notation of IMEI. For example, Only half of the IMEI is correct.
    4. Any attempt to restore the QCN backup of someone else will successfully write all nv variables except nv 550. Means you cannot rewrite your factory IMEI.
    5. The above is true even if you hexedit the QCN with your own IMEI. NV 550 is write protected.
    6. modemst1 and modemst2 are sort of some baseband cache which are created by radio/bootloader using fsg. fsg seems to be some sort of backup partition for modemst.
    7. After downgrading and erasing modemst1-2, these modemst are not recreated successfully by the modem. The nv 550 variable goes missing.
    8. My guess is that modem has some checksum mechanism wherein if any discrepancy is found, the modemst cache recreation fails. Not sure.
    9. Our IMEI is most likely intact somewhere (not talking about fastboot IMEI). Just not interpreted properly.
    10. People who restored their efs after IMEI 0 are essentially restoring working cached modemst1-2. However, if fastboot erase modemst is done, it'll likely result in IMEI 0 again because modem cannot recreate modemst correctly.
    2
    @Heeth21,

    THanks for the quick response. Please find the attached output files in text and screenshot for baseband..

    The files seems proper.
    Type these commands again and attach the output. A screenshot would help a lot.
    Code:
    su
    chown -R rfs:rfs /persist/rfs
    chown -R rfs:rfs_shared /persist/hlos_rfs
    ls -l /persist
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone