As mentioned before, unlocking is the act of persuading the firmware to no longer enforce carrier-specific restriction. It's a feature of the phone's firmware, designed to allow the owner to use their phone on whatever carrier's network they want. Locking is typically done by entering a "magic" number (or so called unlock code) into the phone's user interface, in a special screen that is usually accessed through an obscure, hidden or hard to find menu.
For the majority of cases, to find a working unlock code, one needs the following information:
- Brand and Model number
- Network: Network phone is locked to.
- IMEI number: Unique number given to all mobile phones.
Then there are lot of websites that allow you to use the above information and provide an "unlock code
." Some phones' unlock code is generated by a simple algorithm based on IMEI number (don't even use a) and b)) while some phones "unlock codes
" are cryptographically derived from the phone's IMEI along with a secret or random code using asymmetric cipher, with the idea that the carrier (and the phone) knows the shared secret and so only the carrier can generate the unlock code upon request (i.e., expiry of the term). Some phones even go further (Blackberry in particular) and have a deeper level of locking that requires connection between the phone and a special piece of hardware to unlock.
There are even lots of apps like "SIM unlock" app on the Android market that allow one to enter an IMEI number and directly unlock the phone. However this may not work for all phones. Some phones just have signed and locked bootloader and are too hard to unlock. One way is to break into the phone hardware and bypass the bootloader that checks the signature (see previous section).
It is important to understand the concept of a signed, locked and encrypted bootloader that will be described in Part 3, and is also the basis of next-generation security platforms for embedded devices, which is covered in Part 4.
About the author:
Mohit Arora (firstname.lastname@example.org) is a Sr. Systems engineer and Security Architect at Freescale Semiconductor. He is responsible for product and architecture definition for 32-bit industrial and general-purpose parts. "Embedded Security" is one of his main expertise and focus areas and he also leads the Security IP Asset team in AISG (Automotive Industrial and Solution Group). He holds more than 35 publications and is also the author of the book "
The Art of Hardware Architecture."
For more articles like this and others related to designing for the embedded Internet, visit Embedded Internet Designline and/or subscribe to the biweekly Embedded Internet newsletter (free registration).