[kwlug-disc] Android: rooting and carrier locking

Bob Jonkman bjonkman at sobac.com
Tue Jul 31 02:11:25 EDT 2012 

I rooted my phone, ie. I acquired access as the root user.  The only
thing that changed is that I can now access the complete filesystem and
memory.   So now I can add/delete/change any software, and change
permissions for existing software. By having access to the entire
filesystem I can replace the bootloader on the device. And by changing
the bootloader I can load any kernel software (still a Linux kernel in
my case), and all the associated software (Cyanogenmod instead of
Android, ADW launcher instead of the Android stock launcher (called,
apparently, "Launcher", "Launcher2" or "Trebuchet")[1]. 

EXCEPT that I still can't access the firmware that's burned into the GSM
radio, which is still highly proprietary and protected[2] (albeit with
decent set of APIs). IIRC, even the famously open OpenMoko phone had
proprietary GSM radio code in it. 

I'm speculating here, but there's probably a memory location in the GSM
radio's firmware or NVRAM that correlates a GSM radio's IMEI or IMSI to
a particular carrier's SID.   On a locked phone, if the SIM card doesn't
match, it won't connect to the carrier. "Unlocking the phone" means
replacing that correlation value with a generic "any carrier" code. 

Each combination of phone model and carrier could use its own unique
sequence of keypresses to perform the unlock.  I suspect that in
practice, a carrier has a standard set of codes to enter for most of its
phones. 

I once called my former carrier's tech support when I couldn't get a
signal, and the tech had me enter all kinds of keypresses to reset,
reconnect and re-initialize my phone.  There were some very interesting
prompts displayed.  Wish I had written it all down.

Wikipedia, which knows everything, tells me that Android phones can be
unlocked with bootloader software[3].  But my current carrier, Wind
Mobile, offers to unlock its own phones after I've been a customer for
three months, so I'm not about to risk bricking my phone by trying this
myself.

When I installed Cyanogenmod all the Wind Mobile branding disappeared,
so the branding wasn't tied to the SIM lock at all.  Of course, YMMV on
your phone.

And finally, Wind Mobile does run on the AWS frequencies.  All the
phones it carries are capable of 2G and 3G GSM as well (eg. Rogers). My
phone (LG P-999) also has WCDMA capability; I'm not sure if that means
it can work on CDMA networks as well (eg. Bell or Telus).  So, unlocking
my phone with AWS would still be useful, because I can then insert a
Rogers SIM and get wider coverage without roaming charges.  The AWS
frequencies would just be unused.

--Bob.


[1] https://identi.ca/conversation/95139835

[2] http://www.h-online.com/open/features/How-free-is-my-phone-1634071.html

[3] https://en.wikipedia.org/wiki/SIM_lock


Bob Jonkman <bjonkman at sobac.com>         http://sobac.com/sobac/
SOBAC Microcomputer Services              Phone: +1-519-669-0388
6 James Street, Elmira ON Canada  N3B 1L5  Cell: +1-519-635-9413
Software   ---   Office & Business Automation   ---   Consulting 

On 12-07-30 09:18 PM, unsolicited wrote:
> Let's take this a little further, and be a bit more generic.
>
> These are questions, not statements. I am certainly not an expert.
>
> Unlocking (sim) lock a phone is using a provided (subsidizing
> carrier?) code, following a manufacturer's procedure to access an
> internal utility, and entering that code there. There is some
> manufacturer's facility within a phone to detect the carrier (type?)
> of sim card present, and limit functionality AND the ability to use
> the phone with sim cards not from the subsidizing carrier's network.
> Unlocking a phone will permit use with other carriers, and probably
> unlock other restrictions, such as the ability to change the branding
> on a phone. e.g. Revert to a manufacturer's logo at startup instead of
> a carrier's. It's possible, perhaps even likely, that other functional
> limitations are in place, per carrier requirements, when the phone is
> locked. e.g. Perhaps (?) restrictions on wi-fi use.
>
> Rooting a phone would be enabling 'root' access / functionality into
> the phone - logging in as root instead of as user. Therefore providing
> access/permission to a greater level of things.
>
> This is different than replacing the internal OS, with, say, a new
> version of Android from git - where, I'm guessing, you're running the
> risk of not using an appropriate version and not having drivers for
> your particular device. e.g. Touchscreen, wi-fi, carrier? I'm thinking
> this would be much like OpenWRT where you want to make sure you have
> the right firmware for your device so it has the appropriate drivers
> already present. [And much like OpenWRT, if you botch it you get the
> right firmware down the next time and load it. i.e. Probably fairly
> hard to brick the phone.]
>
> Each of these 3 are independent of each other.
>
> Unlocking a phone would permit use on other carrier's, IF that carrier
> is using the same frequencies. e.g. At least at one time, Bell and
> Rogers used different frequencies, let alone CDMA / GSM, and Bell
> wasn't using SIM cards. Unlocking an AWS phone doesn't mean it would
> be useful in this area, as carriers don't use AWS frequencies in the
> K-W area. AFAIK. (This gets less absolute since most phones use
> multiple bands. And if you have an AWS carrier's SIM and pop it in
> when you're in Toronto, you're good to go. When you return to K-W pop
> in the other SIM, and get on with your day. Whether this is useful to
> you is an entirely different question.)
>
> Rooting a phone will let you???
>
> Replacing the OS would let you run a stock 'kernel' (Android, I
> presume) removing the cruft the carrier opted to have installed.
>
> In all of this, I'm guessing some level of firmware is never replaced,
> presumably the ability to operate on a network at all, bootloader /
> firmware replacement access, basic hardware functionality, etc.
>
> Have I got any of this correct?
>
>
> BTW ... this sort of thing extends to other devices as well. OpenWRT
> et al being an example, let alone I run Chdk on my Canon camera - at
> startup the camera loads firmware from the SD card (or, rather,
> overlays on top of it). http://chdk.wikia.com/wiki/CHDK
>
> On 07/30/2012 08:41 PM, Khalid Baheyeldin wrote:
>>
>>
>> On Mon, Jul 30, 2012 at 8:06 PM, Adam Glauser <adamglauser at gmail.com
>> <mailto:adamglauser at gmail.com>> wrote:
>>
>>     Hi all,
>>
>>     Despite all the chatter and the excellent presentation recently, I'm
>>     still unclear as to how rooting and carrier locks work together.
>>
>>
>> Two totally independent things.
>>
>> Carrier locking means that you can't do the following:
>>
>> - Switch carriers and use the same handset with the new carrier's SIM
>> car.
>>
>> - Travel abroad, and use the same handset with a local carrier for
>> cheaper local calls and data rates.
>>
>>     Is it possible to have a rooted device which is still locked to a
>>     carrier?
>>
>>
>> Yes.
>>
>>     If so, is unlocking as simple as rooting (supposing I pick an easily
>>     rootable and/or very popular device).
>>
>>
>> No relation of one to the other.
>>
>> Rooting allows you to run some class of apps that is not possible
>> otherwise. If you don't need one of those apps, then rooting is not a
>> necessity.
>>
>>     Are there any downsides to unlocking a phone?
>>
>>
>> No.
>> -- 
>> Khalid M. Baheyeldin
>> 2bits.com <http://2bits.com>, Inc.
>> http://2bits.com
>> Drupal optimization, development, customization and consulting.
>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> For every complex problem, there is an answer that is clear, simple, and
>> wrong." -- H.L. Mencken
>>
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20120731/75bc8273/attachment.sig>

More information about the kwlug-disc mailing list