Once upon a time, I bought a mobile Internet modem from Three Mobile for my wife so she could get Internet access while travelling. Once her travels were completed and its duties discharged, I put it in a box and forgot about it.
Some years later I stumbled across it and thought maybe I could put it to use. At least I could get that network lock taken off it now it was well out of contract. Three, for their part, were only too happy to oblige just as soon as I turned up with the receipt. So I put it back in its box and forgot again.
This week I stumbled on it again, just as locked and receipt free as the last time I found it, but this time I decided I wasn’t going to ask anyone if I could get it unlocked.
First of all: Wikipedia says this is legal where I am. If I can unlock it then I’m good to go. If I break it then I get to keep both bits.
The device is a Huawei E1550 3G broadband dongle. It takes a regular SIM card. A micro SD card and it plugs in via USB. Once plugged in it appears as a CDROM with drivers (a clever touch) and a flash drive if there’s a card in the reader. The modem mode is initially disabled for compatibility and the drivers activate it once they are installed.
If I take this to a mobile shop to be unlocked unofficially, one of three things could happen:
- They load a file onto an SD card, power it up, and the phone automagically unlocks.
- They connect it and talk to it via USB, and issue commands.
- They connect it and talk to it via the serial port that makes it function like a phone and issue commands.
It is possible that it has to be unlocked via the mobile network, but I estimate that would make it very hard to do unofficially.
First of all, lets plug it in and see if it’s still working.
[11881.541173] usb 2-1.1: new high-speed USB device number 17 using ehci-pci [11881.660574] usb 2-1.1: New USB device found, idVendor=12d1, idProduct=1001 [11881.660579] usb 2-1.1: New USB device strings: Mfr=2, Product=1, SerialNumber=0 [11881.660583] usb 2-1.1: Product: HUAWEI Mobile [11881.660586] usb 2-1.1: Manufacturer: HUAWEI Technology [11881.665318] usb-storage 2-1.1:1.0: USB Mass Storage device detected [11881.685259] option 2-1.1:1.0: GSM modem (1-port) converter detected [11881.685439] usb 2-1.1: GSM modem (1-port) converter now attached to ttyUSB0 [11881.685575] usb-storage 2-1.1:1.1: USB Mass Storage device detected [11881.709350] option 2-1.1:1.1: GSM modem (1-port) converter detected [11881.709500] usb 2-1.1: GSM modem (1-port) converter now attached to ttyUSB1 [11881.709666] usb-storage 2-1.1:1.2: USB Mass Storage device detected [11881.725236] option 2-1.1:1.2: GSM modem (1-port) converter detected [11881.725369] usb 2-1.1: GSM modem (1-port) converter now attached to ttyUSB2 [11881.725477] usb-storage 2-1.1:1.3: USB Mass Storage device detected [11881.726246] scsi host6: usb-storage 2-1.1:1.3 [11881.726477] usb-storage 2-1.1:1.4: USB Mass Storage device detected [11881.728165] scsi host7: usb-storage 2-1.1:1.4 [11882.732475] scsi 7:0:0:0: Direct-Access HUAWEI MMC Storage 2.31 PQ: 0 ANSI: 2 [11882.734182] sd 7:0:0:0: Attached scsi generic sg2 type 0 [11882.734478] scsi 6:0:0:0: CD-ROM HUAWEI Mass Storage 2.31 PQ: 0 ANSI: 2 [11882.745698] sr 6:0:0:0: [sr1] scsi-1 drive [11882.745940] sr 6:0:0:0: Attached scsi CD-ROM sr1 [11882.746111] sr 6:0:0:0: Attached scsi generic sg3 type 5 [11882.749836] sd 7:0:0:0: [sdb] Attached SCSI removable disk
So far, so good. It still works. The easiest thing to do now is spin up minicom and see if I can talk to it. Happily Huawei offers an AT command guide which has the tantalising AT^CARDLOCK command.
Välkommen till minicom 2.7.1 FLAGGOR: I18n Kompilerad den Aug 13 2017, 15:25:34. Port /dev/ttyUSB0, 22:15:52 Tryck CTRL-A Z för hjälp om specialtangenter ATZ OK AT^CARDLOCK? ^CARDLOCK: 2,10,0 OK
The SIM in the device is the original, now expired Three SIM. The results of the cardlock query are status, times and operator. Status 2 means it accepts the SIM. Times is showing there have been no incorrect attempts to unlock it. I’m less sure what the operator means, but zero definitely means it’s not a special case. Let’s reach out and touch someone!
ATD07<SNIP> NO CARRIER
The SIM card is properly expired. Right now getting this back online is going to need a new Three SIM, but what I have to hand is a free O2 SIM. Let’s swap over and see what we get.
AT^CARDLOCK? ^CARDLOCK: 1,10,0
This time the SIM card is rejected because of the network lock. I found a website that offers to generate unlock codes for free if you give it your IMEI code. I don’t know if that’s sensitive data, but it’s something to think about. Using the code from there I tried:
AT^CARDLOCK="<CODE HERE>" OK AT^CARDLOCK? ^CARDLOCK: 2,10,0
The quotes appear to be essential. And the device is unlocked. I unplugged it, plugged it back in and it was picked up by NetworkManager which asked me for some details and then happily connected to the Internet. O2 kindly gave me a few pence free credit so I could test it out before committing my own hard-earned cash.
Next questions:
- Can I reengage the card lock? The manual says the unlock is permanent, but that seems unlikely. This question probably speaks volumes about me.
- What can I do with it now? A project near the house can use my WiFi. A project near me can use my phone. Distant station. Upgraded Nerd Army Knife. SMS interface.
- Open firmware?
