I don't know of any carriers that actually check the IMEI anyway. if you call into customer service to swap phones they'll ask you for it, but the only number that matters is your SIM number. the IMEI is irrelevant and you can just swap phones indefinitely with no effect whatsoever
11-14-2020, 05:51 PM
(This post was last modified: 11-14-2020, 05:56 PM by evilbunny.)
(11-14-2020, 05:32 PM)hiimtye Wrote: I don't know of any carriers that actually check the IMEI anyway. if you call into customer service to swap phones they'll ask you for it, but the only number that matters is your SIM number. the IMEI is irrelevant and you can just swap phones indefinitely with no effect whatsoever
In Australia you can black list an IMEI with all 3 carriers from working if your phone is stolen, in the US Verizon restricts sim activation with a white list, any not on the list don't work.
More can be found in this thread
(11-14-2020, 05:51 PM)evilbunny Wrote: (11-14-2020, 05:32 PM)hiimtye Wrote: I don't know of any carriers that actually check the IMEI anyway. if you call into customer service to swap phones they'll ask you for it, but the only number that matters is your SIM number. the IMEI is irrelevant and you can just swap phones indefinitely with no effect whatsoever
In Australia you can black list an IMEI with all 3 carriers from working if your phone is stolen, in the US Verizon restricts sim activation with a white list, any not on the list don't work.
More can be found in this thread this is true, you can blacklist the IMEI, and if added to the blacklist it will be refused service, but you would need to blacklist it.
apparently some companies will blacklist for non-payment, but idk I've no firsthand knowledge of it.
at any rate, if you're not blacklisted, the IMEI is irrelevant still. you don't have to call in a new IMEI, nor will your account info register any IMEI change unless you explicitly contact your carrier to do so.
(11-13-2020, 10:27 PM)JuniperFury Wrote: (11-11-2020, 06:29 PM)wibble Wrote: Unfortunately there is no such device, and there won't be so long as radio devices require regulatory approval. Read the 4G standard docs - see
https://www.3gpp.org/specifications/ - from what I remember location awareness is part of the specification. Many (most?) jurisdictions now require location for emergency calls, and network operators find it useful for a number of reasons, including selling it to 3rd parties even when they've promised they won't.
Thank you for the standard docs. I'll dive into them.
So most mobile network modems are blackboxes? Is there any way to reverse engineer them or hobble together my own 3G modem for private use?
I saw an unrelated project that might be useful: https://www.forbes.com/sites/thomasbrews...gray-jeep/
It's using a "a software-defined radio (SDR)" for MITM attacks. Is it possible to use such a modem just for calling and not spying on other phones? I'm not aware of a legal one that isn't a black box - between corporate intellectual property policies and regulatory dislike for unlicensed people being able to change transmit characteristics it's an uphill battle. It's a similar situation for WiFi chipsets - most of them have an embedded processor with closed firmware too, and sometimes they have security issues. The FCC were sufficiently worried about the possibility of OpenWRT users using bands or transmit powers not allowed in their country that they considered mandating firmware signing for wifi access points. Wider awareness of SDR is probably a nightmare scenario for them.
It may be possible with SDR - I'm not sure what the current state of projects like OpenBTS is - but outside controlled environments it will be illegal in most jurisdictions, and impractical for a mobile phone - have a look at the size and power consumption of the transmit-capable SDR stuff.
(11-15-2020, 08:21 AM)wibble Wrote: (11-13-2020, 10:27 PM)JuniperFury Wrote: So most mobile network modems are blackboxes? Is there any way to reverse engineer them or hobble together my own 3G modem for private use?
I saw an unrelated project that might be useful: https://www.forbes.com/sites/thomasbrews...gray-jeep/
It's using a "a software-defined radio (SDR)" for MITM attacks. Is it possible to use such a modem just for calling and not spying on other phones? I'm not aware of a legal one that isn't a black box - between corporate intellectual property policies and regulatory dislike for unlicensed people being able to change transmit characteristics it's an uphill battle. It's a similar situation for WiFi chipsets - most of them have an embedded processor with closed firmware too, and sometimes they have security issues. The FCC were sufficiently worried about the possibility of OpenWRT users using bands or transmit powers not allowed in their country that they considered mandating firmware signing for wifi access points. Wider awareness of SDR is probably a nightmare scenario for them.
It may be possible with SDR - I'm not sure what the current state of projects like OpenBTS is - but outside controlled environments it will be illegal in most jurisdictions, and impractical for a mobile phone - have a look at the size and power consumption of the transmit-capable SDR stuff. There are reverse engineering efforts for Qualcomm and Quectel modems underway.
We will see how far they advance...
(11-14-2020, 03:10 AM)fsflover Wrote: [quote='JuniperFury' pid='83294' dateline='1605328067']
>Can you link me to the modem isolation discussion?
You should be able to find details here: https://wiki.pine64.org/index.php/PinePhone or here: https://xnux.eu/devices/feature/modem-pp...-pinephone.
>So most mobile network modems are blackboxes? Is there any way to reverse engineer them or hobble together my own 3G modem for private use?
AFAK no, but see here: https://forum.pine64.org/showthread.php?tid=11815.
(11-11-2020, 06:29 PM)wibble Wrote: I'm not aware of a legal one that isn't a black box - between corporate intellectual property policies and regulatory dislike for unlicensed people being able to change transmit characteristics it's an uphill battle. It's a similar situation for WiFi chipsets - most of them have an embedded processor with closed firmware too, and sometimes they have security issues. The FCC were sufficiently worried about the possibility of OpenWRT users using bands or transmit powers not allowed in their country that they considered mandating firmware signing for wifi access points. Wider awareness of SDR is probably a nightmare scenario for them.
It may be possible with SDR - I'm not sure what the current state of projects like OpenBTS is - but outside controlled environments it will be illegal in most jurisdictions, and impractical for a mobile phone - have a look at the size and power consumption of the transmit-capable SDR stuff.
Interesting. Never heard of OpenBTS, looks pretty cool. Also interesting not many know about SDR.
(11-15-2020, 11:07 AM)LinAdmin2 Wrote: There are reverse engineering efforts for Qualcomm and Quectel modems underway.
We will see how far they advance...
Can you point me in the direction of these efforts?
And thank you all for your time.
We're going to likely get a few PinePhones as they don't have a 6 month lead time like the Librem's. Since the modem is soldered in, we'll just keep this off with the kill switch and use an external modem like before. I can foresee scenarios where having an internal unused modem and dormant SIM/IMSI available as a backup option to activate deadmans or whatever need be before a disposal which could be useful if we detect external modem targeting or compromise.
I've been off the internet for quite some time. Can anyone recommend good courses or moocs that would help me dive in to everything I need to develop the PinePhone as well? Courses without much theory or history that would allow me to start working and customising the device for different scenarios would be great. I am guessing I need basics of electrical engineering because those schematics looked like extraterrestrial hieroglyphics ^_^. GSM Stack and I guess C++ for the linux os?
Anything on policy design and policy writing fundamentals would also be useful. As I'm curious how the FCC and other relevant institutions in the telecom industry come together and make their decisions that become law and regulation. I am guessing when the FCC makes decisions it influences internationally as well? So it would be good to understand how this leviathan functions and influences in a cross-border multi-national context.
Thank you all again for your hospitality.
(11-23-2020, 12:39 AM)JuniperFury Wrote: (11-15-2020, 11:07 AM)LinAdmin2 Wrote: There are reverse engineering efforts for Qualcomm and Quectel modems underway.
We will see how far they advance...
Can you point me in the direction of these efforts? There's a separation between Qualcomm's blob that does the radio side and Quectel's part that does management and looks after interfaces. All the reverse engineering I'm aware of has been directed at Quectel's part.
https://forum.pine64.org/showthread.php?tid=11797
https://xnux.eu/devices/feature/modem-pp-reveng.html
https://projects.osmocom.org/projects/qu.../wiki/EC25
I don't know whether libqmi is based on public documentation or reverse engineering of the interface for talking to Qualcomm's blob.
(11-23-2020, 12:39 AM)JuniperFury Wrote: I've been off the internet for quite some time. Can anyone recommend good courses or moocs that would help me dive in to everything I need to develop the PinePhone as well? Courses without much theory or history that would allow me to start working and customising the device for different scenarios would be great. I am guessing I need basics of electrical engineering because those schematics looked like extraterrestrial hieroglyphics ^_^. GSM Stack and I guess C++ for the linux os? That's a big one - what level are you starting from? Any electronics or programming experience at all? Are you looking for general understanding, or do you have a specific goal in mind?
The GSM side is abstracted by oFono or ModemManager depending on which front end you're using. You communicate with these via dbus, and they translate to/from the AT, QMI or whatever else the modem hardware uses.
11-24-2020, 02:17 PM
(This post was last modified: 11-24-2020, 02:24 PM by misha64.)
Modem is not the only issue.
As pointed before pinephone also uses closed blobs for wifi, camera and booting process (although last is worked on?). Situation is better on librem5 but it is expensive and not functional yet. Also librem BT adapter seems to be a big mistery since I'm not aware of wifi/bt cards working w/o blobs, so they might be hiding some info on that part.
I would stick to rock64 or rockpro64 and build uboot from source + linux kernel w/o closed sources firmwares + fully open source packages. It is possible for rock64pro, should work on rock64 too:
https://stikonas.eu/wordpress/2019/09/15...rockpro64/
this way you get completely librem/open source starting from uboot, firmware, kernel etc. You can do it on gentoo (as in article), or by using debian/devuan
you can also stick to other distros - but will have to deblob kernel yourself
Also keep in mind init system, you don't want to run bloated systemd suspected to carry vulnerabilities. also I've seen myself systemd service de-anonimizing vpn through dns look-ups (call it a bug) on fedora so I would not trust it
than something like gentoo or devuan look as good options
As for wifi you can use Atheros usb card. Also pine team works on fully open source wifi/bt card:
For modem I guess you have your own solution. By adding enclosure, external screen (there are ones for rockpro64) + battery you should get fully open source and as private as it can get communication device on the go
Other option is necunos phone w/o modem, but it seems pricy:
https://necunos.com/
(11-23-2020, 07:06 AM)wibble Wrote: (11-23-2020, 12:39 AM)JuniperFury Wrote: (11-15-2020, 11:07 AM)LinAdmin2 Wrote: There are reverse engineering efforts for Qualcomm and Quectel modems underway.
We will see how far they advance...
Can you point me in the direction of these efforts? There's a separation between Qualcomm's blob that does the radio side and Quectel's part that does management and looks after interfaces. All the reverse engineering I'm aware of has been directed at Quectel's part.
https://forum.pine64.org/showthread.php?tid=11797
https://xnux.eu/devices/feature/modem-pp-reveng.html
https://projects.osmocom.org/projects/qu.../wiki/EC25
I don't know whether libqmi is based on public documentation or reverse engineering of the interface for talking to Qualcomm's blob.
(11-23-2020, 12:39 AM)JuniperFury Wrote: I've been off the internet for quite some time. Can anyone recommend good courses or moocs that would help me dive in to everything I need to develop the PinePhone as well? Courses without much theory or history that would allow me to start working and customising the device for different scenarios would be great. I am guessing I need basics of electrical engineering because those schematics looked like extraterrestrial hieroglyphics ^_^. GSM Stack and I guess C++ for the linux os? That's a big one - what level are you starting from? Any electronics or programming experience at all? Are you looking for general understanding, or do you have a specific goal in mind?
The GSM side is abstracted by oFono or ModemManager depending on which front end you're using. You communicate with these via dbus, and they translate to/from the AT, QMI or whatever else the modem hardware uses.
Thanks so much for the links! I love learning. As far as courses my background is general IT security, personnel security and investigation, networking, data science. As far as programming basic web design. Can solder, but electrical background is basic. For instance had to recently research how to figure out how big of a battery bank I need to power all my devices based on their hourly drain. Didn't know the calculations for this off the bat.
My goal is find a way for my children to not be tracked or spied on when they grow up and I'm long gone. I don't know where the world is going but the future globally looks oppressive authoritarian if not totalitarian and I don't believe there are any political solutions other then responsible educated citizens who have the capabilities and assets needed to check the power of every state on this planet and soon off.
As far as my linux background been a Qubes user for more than a year and have had no major problems that I couldn't figure out. This is forced to me to figure out fedora, debian and whonix. Also this made me aware of pernicious closed sourced firmware that could have backdoors or zerodays on all devices marketed as "secure". This false advertising bothers me to my core.
So my hope is to be able to get a foundation in the entire radio spectrum so I'm able to discern and adapt to the privacy and security flaws of new communication standards from non-benevolent, negligent, inconsiderate actors by being able to design and deploy devices that make the flaws of any communication standard irrelevant.
I'm currently in an amateur radio course where we're required to build on our own radio and antenna from recycled parts then use the radio for various tasks such as making contacts, signal detection, multilateration, radio discipline and encrypted transmission.
So got the PC down, now trying to get COMMS down. That's why I'm here. Thanks for any advice you can give.
(11-24-2020, 02:17 PM)misha64 Wrote: Modem is not the only issue.
As pointed before pinephone also uses closed blobs for wifi, camera and booting process (although last is worked on?). Situation is better on librem5 but it is expensive and not functional yet. Also librem BT adapter seems to be a big mistery since I'm not aware of wifi/bt cards working w/o blobs, so they might be hiding some info on that part.
I would stick to rock64 or rockpro64 and build uboot from source + linux kernel w/o closed sources firmwares + fully open source packages. It is possible for rock64pro, should work on rock64 too:
https://stikonas.eu/wordpress/2019/09/15...rockpro64/
this way you get completely librem/open source starting from uboot, firmware, kernel etc. You can do it on gentoo (as in article), or by using debian/devuan
you can also stick to other distros - but will have to deblob kernel yourself
Also keep in mind init system, you don't want to run bloated systemd suspected to carry vulnerabilities. also I've seen myself systemd service de-anonimizing vpn through dns look-ups (call it a bug) on fedora so I would not trust it
than something like gentoo or devuan look as good options
As for wifi you can use Atheros usb card. Also pine team works on fully open source wifi/bt card:
For modem I guess you have your own solution. By adding enclosure, external screen (there are ones for rockpro64) + battery you should get fully open source and as private as it can get communication device on the go
Other option is necunos phone w/o modem, but it seems pricy:
https://necunos.com/
Thanks for this! I'm sold! The spec to price ratio on the Rock64s looks great! We'll be getting a few of these along with the PinePhones for our experimentation and prototyping.
I looked up Necunos, saw a review that said "an expensive, open source phone-shaped… thing" . Expensive it is. Good to get a few of these in an emergency deployment, but the route I'm going I'll be building such a solution myself saving retail costs. Thanks for the info though.
(11-14-2020, 09:31 PM)hiimtye Wrote: (11-14-2020, 05:51 PM)evilbunny Wrote: (11-14-2020, 05:32 PM)hiimtye Wrote: I don't know of any carriers that actually check the IMEI anyway. if you call into customer service to swap phones they'll ask you for it, but the only number that matters is your SIM number. the IMEI is irrelevant and you can just swap phones indefinitely with no effect whatsoever
In Australia you can black list an IMEI with all 3 carriers from working if your phone is stolen, in the US Verizon restricts sim activation with a white list, any not on the list don't work.
More can be found in this thread this is true, you can blacklist the IMEI, and if added to the blacklist it will be refused service, but you would need to blacklist it.
apparently some companies will blacklist for non-payment, but idk I've no firsthand knowledge of it.
at any rate, if you're not blacklisted, the IMEI is irrelevant still. you don't have to call in a new IMEI, nor will your account info register any IMEI change unless you explicitly contact your carrier to do so.
Where Verizon's concerned, there's not a blacklist, but a whitelist. Meaning if your phone's not on it, it doesn't connect to the network.
In my experience, I took a sim from a working phone on the verizon network, put it in the pinephone, made one successful call, and then every call I tried to make after that I got a network message telling me the phone I was using wasn't the one used to activate the SIM, and to replace the SIM in the original phone to get service.
|