At least in my country, anything cracking the SIMLOCK IS illegal
Well it "is illegal". There has only been exactly one case so far, where someone got sentenced to something around 20 - 30 months on probation and that one cracked
several hundreds of phones
on a commercial basis, charging money from his customers for each unlock. The sentence was for copyright infringement (because the handset firmware was modified), not fraud against the provider (because he enabled his customers to use the "subsidized" handsets on another carrier's network afterwards) and the court that decided the case was only a district court, so they probably weren't very competent concerning intellectual property stuff.
The problem is that here in Germany (yeah, now you all know it, I'm German as well
) "circumventing a technical protection measure that's supposed to prevent you from accessing data or assisting someone in doing so" (I'm very loosely translating the law here, so don't take this for an official translation
) is already considered fraud. Sure this law was passed to cover the typical "hacking" scenario, where you break into a foreign system circumventing firewalls and then look at, say, internal data of another corporation. That is why it's colloquially referred to as "the hacker paragraph", but you see that the formulation is so inexact and vague, that it effectively covers our case as well. "Protection" doesn't neccessarily mean that it must be "hard to overcome", it's almost certainly enough as soon as it prevents you from "accidentally" overcoming it. It must make you realize that the data you're accessing is supposed to be protected. So from that point of view, the "unmapped memory" is probably much more than enough to be considered "protection", even though it only takes a stupid kernel parameter to break it (and a bit of a lenghty calculation if you're doing it for the first time).
Our case is a bit special though, since we (the ones that are "circumventing the protection measure") are also the
rightful owners of the system we "break into" and it would be a bit of a "perverted law" if you weren't allowed to look at data residing on your own system, just because it is somehow "protected". So the "looking at it" is definitely ok. And even breaking the security
on your own handset is definitely going to be ok. If it weren't ok, that would also mean that, say, when you forget the login for your computer and then break the hash in order to be able to log into your system again, you'd already be breaking the law since there is a "technical protection measure" in place that requires "thoughtful action" to "circumvent". Certainly, even in Germany, you're obviously never going to end up in courtroom for "breaking into your forgotten user account" on your own system/network.
However, the problem is that, by developing an
exploit, we're essentially providing a solution here that other people may use as well and, from the legal point of view, this might turn us into some kind of a "service provider". Basically, one could argue that we're providing some kind of "service for others to unlock their handsets", even though we're not charging for it and suddenly it's no longer our property we're breaking into. This is where it starts to become problematic.
Is it still illegal if you do the modification only for yourself on your own phone and do not distribute the modified code? Also: do you legally have to restore everything to stock if you sell the phone or give it away?
I don't think you have to revert to stock, as long as you explicitely mention that the firmware is altered. And of course you're not supposed to do it for commercial purposes. So "selling your S-OFF handset" would be ok, as long as you mention that it's S-OFF and you didn't use the S-OFF to, say, install malware on it that spies upon the subsequent owner.
Turning the handsets of your friends S-OFF would also be ok. On the other hand, "buying 100 handsets, unlocking, then selling them" would most likely get you in trouble.