Earlier this year, I got my hands on the T-Mobile 4G Sonic Hotspot and as always, had to tear it apart as soon as I got it. I never wrote about it because I didn’t find anything overly interesting, but now it’s the end of the year, and I need to clear some inventory from my brain. If anyone remembers my post on the (older) T-Mobile 4G Hotspot (sans “Sonic”), the main limitation of that device was that the processor is an obscure one that required some digging to get information on. Thankfully, the Sonic variety is much easier to break into. Continue reading
So, I have one of these MiFi clone from T-Mobile and want to unlock it to use on AT&T (I know that AT&T 4G/3G isn’t supported, but I thought maybe I could fix that later). The first thing I tried to do was contact T-Mobile, as they are usually very liberal concerning unlock codes. However, this time, T-Mobile (or, as they claim, the manufacture) isn’t so generous. So I’ve decided to take it upon myself to do it. I will write down the entire procedure here as a case study on how to “reverse engineer” a new device. However, in no way do I consider myself an expert, so feel free to bash me in the comments on what I did wrong. Also, I have decided against releasing any binaries or patches because phone unlocking is a grey area (although it is legal here), but if you read along you should be able to repeat what I did, even though I will also try to generalize. Continue reading
Well, the secret is out. I refreshed my iPhone’s Cydia to find somebody selling “free T-Mobile Internet access”. I knew immediately what the method was, as I’ve been using it for almost a year now. Since it’s now public, and T-Mobile will close the hole anyways, I might as well help you save your money from these crappy “services”.
So what’s the “bug” that allows free internet? It seems like the stupidest thing in the world, and I’m almost certain that some technician left it in on purpose. Basically, any URL with the word “tmobile” is accessible without a data plan. (as long as your APN is set to epc.tmobile.net) So all you have to do is make a proxy site (aka PHProxy) with “tmobile” somewhere in the URL (tmobile.yoursite.com or freehost.com/tmobileproxy) and it would be accessible via your phone.
It gets better. As far as I know, the above is the only thing that’s “leaked”. Here’s some new information: the method above only allows web site browsing, there is a way to 1) not use a slow and unreliable proxy, and 2) work with all HTTP apps on the phone other then web browsers. If you append the string “?tmobile” at the end of the URL, it loads without fail. So just install a local proxy (like Privoxy, or a custom one) on your iPhone (or whatever smartphone) which adds “?tmobile” to the end of the URL (or “&tmobile” for pages with GET requests) and it will work.
If you don’t get a word I said, don’t worry. When I have time, I’ll post my custom proxy written in Python, or even post an iPhone Cydia package.
P.S: This method only works with HTTP requests (not HTTPS, or any other protocol). I have another, slower method of getting access to everything, but I’m not ready to reveal it yet.