TAC/ IMEI spoofing

professor_jonny · October 22, 2020, 2:04am

In New Zealand we have a government sponsored 4G LTE rollout for rural areas that are not covered by fibre or ADSL.

The problem is the modem provided is all that will work with the provided sim card and it is very basic and locked down.

To avoid people popping the sim cards in their phones and running around with 300 or so GB they TAG lock the sim cards to only work with Huawei branded devices where the TAG of the device matched that of the value stored in the sim card.

Is there a way to spoof the TAG code or bypass this check so I may use an omnia in place of my huawei device or something other method that will allow me to use a better router and firewall solution for my home?

I’m not trying to do any thing illegal i just want to use a modem to suit my needs.

I know there is tools to alter IMEI detaols but this would be deemed illegal in some countries, it is not mandated as illegal in new Zealand but I would like to avoid such a method.
.

JardaB · October 22, 2020, 6:36am

Ask in another forum, the question does not concern the MOX, Omnia or Shield router

professor_jonny · October 22, 2020, 7:25am

So there is no software layer API or other exploitable interface between the sim module and the LTE module that could be used for such a purpose ?

fantomas · October 22, 2020, 9:50am

isn’t it possible to turn those LTE devices to a bridge mode?

or ask the government why do they lock to single contractor?

professor_jonny · October 22, 2020, 8:38pm

There is no such option of bridge mode the web interface is very limited and branded to the telco company.

The interface has features disabled like VOIP, VPN, hot spotting etc… to force you to use their service with their connection.
The firmware is a secure process with Efuse’s in the chipset to block third party software.

As you can see I would like to get rid of all these problems with an opensource router to work around all these issues. but the TAG lock provides a problem.

The funny thing the government disabled Huawei from providing hardware for the 5G rollout for security concerns and then forces us to use huawei with the RBI service.

Leonardo · October 23, 2020, 2:35am

The IMEI is stored in the LTE module firmware. OpenWRT doesn’t provide any tool to manage those settings directly.
It may be possible to change the IMEI with AT commands, but the modem may prevent that.

viktor · October 23, 2020, 8:57am

Is it legal in any country? What about ISP conditions? And what about the rules of this forum?

Comodore125 · October 24, 2020, 10:27am

Fortunately we have an entrepreneur that invests where telco did want to have short term maximal profits for tens of years. Starlink is coming. Better to have 4G sponsored by government than to have nothing.

Since you cant realy do much with ISP provided router - I think it is best to take one ethernet cable and plug that to other full fledged routing device and use this device as default interface, main switch for other devices etc. ISP router will see traffic only from lte modem/router and your own routing device.

I bet that connectivity from LTE provider is crap without own ip adress etc. So in worst case just buy yourself dedicated server in some local datacentre and use it as VPN gateway with internet access and you will have fully dedicated line.