I’ve been seeing all of this chatter on the web, YouTube and everywhere else about unlocking phone handsets, so they can work on any provider’s network. There are dozens of companies out there who offer unlock codes for any phone, any provider, for a fee of course. You can get them on eBay, you can get them on various online sites, you can get instructions through torrent sites and so on.
The one thing you can’t get, no matter how hard you look, is the actual algorithm they use to generate these codes.
Some sites claim to have the database directly from the carrier, and others claim to have a “calculator” that generates the unlock codes. Some even require you to download a piece of software to run on your PC and send them back the info. Do not trust any of them! (especially the ones who ask you to run software on your PC to unlock your phone handset).
These pieces of software are trojans and will infect your PC with all sorts of bad things that will steal, keylog and misuse your computer while you’re not using it (i.e. join your computer to a botnet).
One can (illegally) find music, movies, software, all kinds of content online without paying for it. I wonder what prevents unlocking algorithms from falling into the file-sharing world? How is it some big secret that so many people know, but still hold close enough that they can sell it to others, but it never leaks out into the P2P community?
The online places that sell these unlock codes (not all are legit, so buyer beware if you use them), sell them for all sorts of amounts, turnaround times and immediate delivery. I’ve seen the same unlock code go from $5.99 at one online website to $39.95 on another site.
Don’t do it.
If you want to get an unlock code from your provider (mine happens to be AT&T), just call them and ask for it! That’s what I did, and after speaking to a very helpful and cordial gentleman named Abram at AT&T for about 51 minutes tonight, he emailed me the instructions + unlock code for my 6-day-old BlackBerry Bold 9700. I paid nothing at all for this unlock code, nor did I have to beg, lie or plead my case with him.
I upgraded to a BlackBerry 9700 from a BlackBerry Bold 9000 shortly after Valentines Day, and prior to that, I had a Palm Treo 680 and a Palm Treo 650 before that. All of these devices were unlocked by calling AT&T and asking them for the MPE (unlock) code. Not once did I have to download or pay for an unlock code.
To unlock your phone, the steps are easy (click images to see full-size):
- First, you’ll need your IMEI number, which you can get in two ways. I used the first method, because I could copy/paste the IMEI number in the highlighted row for use in another dialog later on in this process:
- Insert your AT&T (or other provider’s) SIM card into your phone
- Power on the phone turn off the radio (turn Wireless option “Off”). On my BlackBerry, this is found under Setup -> Manage Connections -> Turn All Connections Off:
- While still in the Settings folder, select Options, then select Advanced Options.
- Scroll down and select SIM Card from the list. The basic window will look like this:
- While in this screen, type MEPD (caps or not, does not matter here). There will be nothing displayed on the screen, but after you type it, you should see the following:
- Next, type MEP2 (This is typed as “MEP” alt “E”; alt “E” is the number 2 on the device’s keypad). This does not display any output on the screen. When you do this, you’ll see a screen that looks like this:
- Enter the unlock code that AT&T (or your provider) has given you. In my case, this was: 0128073088796123, but this code is unique for your IMEI, so my code won’t work for your phone. You’re welcome to try though:
- Press Enter to submit the unlock code. If it worked, your SIM Card screen should now look like the following. Notice that the “Network” option now shows “Disabled”.
- Your phone is now unlocked!
For the curious, the IMEI itself is very similar to a credit card number, and the algorithm for creating and validating the IMEI is nearly identical. A typical IMEI number will look something like this: ABCDEF.GH.IJKLMNO.P (for example: 357240.03.512174.4).
This information contains the following basic structure:
- ABCDEF is Type Approval Code, or “TAC”. This is the first six digits of the IMEI and it identifies the country in which type approval was sought for the phone, and the approval number. The first two digits of the TAC represent the country of approval.
- GH is the “Final Assembly Code” or “FAC”. This identifies the place of manufacture or final assembly. It is always two digits in length.
- IJKLMNO is the serial number of the device itself
- P is a check digit, and is defined using a formula called “Luhn Formula“, thus sometimes the last digit is called the Luhn Check Digit and is not always set to 0
If you want to validate your own IMEI, you can use the tool at International Numbering Plans to do it.
There are plenty of other places that use this algorithm to verify the IMEI, but the magic sauce is taking the valid IMEI + the carrier name and generating a working unlock code in return. I’m going to do a bit more digging, but it has to be possible, because non-free tools exist out there that can do it.