Skip to content

How to change the IMEI on Android devices

Every cellular operating phone has a so called 'International Mobile Station Equipment Identity' (short IMEI) number, which is considered to be a unique identifier of every phone (although, in practice, it may not be completely unique in some networks for various reasons...). Providers of GSM networks may use this number to identify stolen cellphones and deny access to such blacklisted phones to make theft less profitable. Therefore, products and "services" to change the IMEI of most types of feature and smart phones are being offered in grey markets.

Disclaimer: The following post is intended for research and development purposes:

Do NOT change the IMEI of a mobile device that has been stolen. There are other ways of tracking such devices, and changing the IMEI does not make their use any safer, but can negatively influence the stability of mobile phone networks. Changing the IMEI as a temporary measure is a tool for development (e.g. testing of Android apps that use the IMEI as an identifier, fuzzing such use, or provoking error cases in software). Before using the phone normally again, the IMEI should be changed back to the original. Therefore, copy the original IMEI before changing it. Any experiments with modified IMEI are best done with disabled GSM/UMTS/LTE support (i.e. "airplane mode"), although the use of WLAN or other network connections is not restricted. Mobile network operators monitor their networks and you may be held accountable for creating network problems with modified IMEIs.

If something went wrong it could potentially damage your phone! We are not responsibility for any damage

Prerequisites

  • Android device with fastboot (Samsung devices typically do not implement this mode in the standard bootloader, but most other manufacturers support it)
  • rooted device
  • bootloader unlocked
  • fastboot utility installed on host computer
  • adb installed on host computer (not needed, but recommended)

Access fastboot

This can be done either via button combination which differs from device to device or the easy method over adb command

adb reboot fastboot

Set new IMEI

fastboot oem writeimei 123456789012347

Check IMEI

Verify that the IMEI has changed successfully run:

fastboot getvar imei

which should show the actual IMEI of the device.

Reboot

fastboot reboot

Reboot device and enter `*#06#`` into the dialer. Be aware, if the entered IMEI is not valid, it will not be shown on the device. Here is a short overview about the IMEI structure:

A B
AA: Type Allocation Code (TAC), first two digits are the reporting body identifier
BBBBBB: Remainder of the TAC (FAC), manufacturer & phone type
CCCCCC: Serial number of model (SNR)
D: Luhn check digit (CD)

Bash script for change IMEI (use it on your own risk)

#!/bin/bash
# https://web.archive.org/web/20230406080823/https://usmile.at/blog/how-to-change-imei-on-android-devices
# Script to change the IMEI of an Android device using fastboot
# Usage: change_imei [imei|'rand']

# Check if the correct number of parameters is passed to the script
if [[ $# -ne 1 ]]; then
  echo "Usage: $0 [imei|'rand']"
  exit 1
fi

imei=$1

# Generate a random IMEI number if 'rand' is passed as a parameter
if [[ $imei == 'rand' ]]; then
  # Start with the first two digits of a valid IMEI range
  imei="35"
  range=10
  for i in {0..11}; do
    r=$RANDOM
    let "r %= $range"
    imei="$imei$r"
  done

  # Calculate Luhn check digit
  a=$((${imei:0:1} + ${imei:2:1} + ${imei:4:1} + ${imei:6:1} + ${imei:8:1} + ${imei:10:1} + ${imei:12:1}))
  b="$((${imei:1:1}*2))$((${imei:3:1}*2))$((${imei:5:1}*2))$((${imei:7:1}*2))$((${imei:9:1}*2))$((${imei:11:1}*2))$((${imei:13:1}*2))"
  c=0

  for (( i=0; i<${#b}; i++ )); do
    c=$(($c + ${b:$i:1}))
  done

  d=$(($a + $c))
  luhn=$((10-$(($d % 10))))
  if [[ "$luhn" -eq 10 ]]; then luhn=0; fi

  # Append the Luhn digit to the IMEI
  imei="$imei$luhn"

else
  # Validate IMEI length
  if [[ ${#imei} -ne 15 ]]; then
    echo "Error: IMEI must be exactly 15 digits"
    exit 1
  fi
fi

# Reboot the device into bootloader mode
echo "Rebooting into bootloader..."
adb reboot bootloader &>/dev/null
sleep 3

# Ensure the device is in fastboot mode
fastboot getvar imei &>/dev/null
if [[ $? -ne 0 ]]; then
  echo "Error: Device not in fastboot mode or fastboot not recognized."
  exit 1
fi

# Get the old IMEI
old_imei=$(fastboot getvar imei 2>&1 | sed -n 1p | awk '{print $2}')

# Write the new IMEI
echo "Writing new IMEI: $imei"
fastboot oem writeimei $imei &>/dev/null

# Verify the new IMEI
new_imei=$(fastboot getvar imei 2>&1 | sed -n 1p | awk '{print $2}')

# Reboot the device
echo "Rebooting the device..."
fastboot reboot &>/dev/null

# Check if the new IMEI matches the intended IMEI
if [[ $imei == $new_imei ]]; then
  echo -e "Old IMEI: $old_imei\nNew IMEI: $imei"
else
  echo -e "Error: Something went wrong\nActual IMEI: $new_imei"
fi

I do not give any warranty of functionality of this code - maybe you need to adapt some of the code to work correct under other devices as well. If you want to support a 17 digit long IMEI you can drop the luhn check digit and add two additional digits which stands for software version.