Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

Droid Bionic wireless tether reverse engineering

OP vmspionage

13th September 2011, 09:22 PM   |  #1  
vmspionage's Avatar
OP Junior Member
Thanks Meter: 4
 
10 posts
Join Date:Joined: Jun 2008
More
This thread is intended to discuss technical details of the Droid Bionic's wireless tethering system. Please keep all posts on topic.

Here's what has been discovered to far:
  • The "Mobile Hotspot" lockout can be disabled by setting entitlement_check=0 in the settings storage database com.motorola.android.providers.settings. This is thoroughly discussed in other threads.
  • While tethering your phone will disconnect and reconnect to the network using alternate credentials containing your ISMI. These credentials appear to originate from the SIM card. The previous RadioComm NAI method does not work with the new LTE chipset.
  • The web service used by the entitlement check appears hard-coded in VzwEntitlementService.odex. It is located at: https://quickaccess.verizonwireless....e/service?WSDL
  • The "Mobile Hotspot" icon isn't a stand-alone application, it's just a link to the settings page (Settings > Wireless & Networks > Tethering & Mobile Hotspot > Mobile Hotspot settings)

Please feel free to share your observations!
The Following 2 Users Say Thank You to vmspionage For This Useful Post: [ View ]
13th September 2011, 10:01 PM   |  #2  
K.AuthoR's Avatar
Senior Member
Thanks Meter: 19
 
167 posts
Join Date:Joined: Nov 2008
Quote:
Originally Posted by vmspionage

  • While tethering your phone will disconnect and reconnect to the network using alternate credentials containing your ISMI. These credentials appear to originate from the SIM card. The previous RadioComm NAI method does not work with the new LTE chipset.

I'm curious, since this is the case, I would assume that using this they can actually verify who is paying for tethering and who isn't by comparing these connections to who is actually paying for the service. I know the phone hasn't been out long enough for this to be tested very much, but any off chance that someone's billing cycle has reset or can tell if they can track it or not?
13th September 2011, 10:13 PM   |  #3  
vmspionage's Avatar
OP Junior Member
Thanks Meter: 4
 
10 posts
Join Date:Joined: Jun 2008
More
\system\etc\apns-conf.xml
Code:
    <!-- BEGIN Motorola, a13803, 07/10/2010, IKHALFMWK-87: Modify Apn database for VZW LTE support -->
    <!-- BEGIN Motorola, btm478, 12/02/2010, IKHALFMWK-117:Change Inactivity Timer to 24 hrs  -->
    <apn carrier="Verizon Internet"
        mcc="310"
        mnc="004"
        apn="VZWINTERNET"
        mmsc="http://mms.vtext.com/servlets/mms"
        type="default,mms,dun"
        inactivetimer="1440"
        enabled="true"
        iptype="IPv6v4"
        class="3"
    />
\system\etc\motorola\com.motorola.android.dm.servi ce\databases\dmAccounts.xml
Code:
<list>
        <string>__overwrite_all__</string>
        <map>
                <string name='AccName'>VzWDMServer</string>
                <string name='UserName'>xxxxxxxxxxxx</string>
                <string name='ServerPW'>0000000000000000</string>
                <string name='AuthPref'>DIGEST</string>
                <string name='ClientNonce'>123abc</string>
                <string name='AddrType'>1</string>
                <string name='ServerID'>com.vzwdmserver</string>
                <string name='Addr'>https://4g.vzwdm.com/</string>
                <string name='ClientPW'>xxxxxxxxxxxx</string>
                <string name='ServerNonce'>abc123</string>
                <string name='ConRef'/>
                <string name='Name'>VzWDMServer</string>
                <string name='PortNbr'>443</string>
        </map>
</list>


---------- Post added at 08:13 PM ---------- Previous post was at 08:09 PM ----------

Quote:
Originally Posted by K.AuthoR

I'm curious, since this is the case, I would assume that using this they can actually verify who is paying for tethering and who isn't by comparing these connections to who is actually paying for the service. I know the phone hasn't been out long enough for this to be tested very much, but any off chance that someone's billing cycle has reset or can tell if they can track it or not?

Yes. If you don't subscribe to tethering then you should never be using that authentication method and your usage for that account should be zero. It would be trivial for them to figure out who is tethering based on the usage logs and feature list alone.

In fact, I've seen evidence (but haven't verified) that if you subscribe to tethering those data bytes will show up as a separate "Tethering Usage" line item in the "My Verizon" app on the data details screen... it's just hidden for everyone else.
Last edited by vmspionage; 13th September 2011 at 10:32 PM.
13th September 2011, 10:20 PM   |  #4  
K.AuthoR's Avatar
Senior Member
Thanks Meter: 19
 
167 posts
Join Date:Joined: Nov 2008
Well **** me then, I did that hack and tethered for about 10 minutes between class today. If it shows up on my bill (probably will at this point) I can probably get them to drop it if I bitch enough since usually VZ is flexible if it's a one-time offense.
13th September 2011, 11:32 PM   |  #5  
Senior Member
Thanks Meter: 36
 
306 posts
Join Date:Joined: Nov 2010
Quote:
Originally Posted by K.AuthoR

Well **** me then, I did that hack and tethered for about 10 minutes between class today. If it shows up on my bill (probably will at this point) I can probably get them to drop it if I bitch enough since usually VZ is flexible if it's a one-time offense.

You are going to bitch at them for you trying to illegally tether? Man up and just pay it.
13th September 2011, 11:56 PM   |  #6  
K.AuthoR's Avatar
Senior Member
Thanks Meter: 19
 
167 posts
Join Date:Joined: Nov 2008
I'm probably provoking an already-beaten-to-death argument by saying this, but I believe that in my payment for data, I should be allowed to use it how I want. I seriously doubt they'll come after me for a couple of megabytes anyway, if it's not excessive then I'll just take it as a good omen and continue on with my lesson learned.

I'll stop derailing the thread now, but I'll still be interested to learn what's going on on the inside.
14th September 2011, 12:01 AM   |  #7  
Senior Member
Thanks Meter: 36
 
306 posts
Join Date:Joined: Nov 2010
Quote:
Originally Posted by K.AuthoR

I'm probably provoking an already-beaten-to-death argument by saying this, but I believe that in my payment for data, I should be allowed to use it how I want. I seriously doubt they'll come after me for a couple of megabytes anyway, if it's not excessive then I'll just take it as a good omen and continue on with my lesson learned.

I'll stop derailing the thread now, but I'll still be interested to learn what's going on on the inside.

Tethering wasn't the point, bitching to have them remove the cost of you tethering was. I'm all for tethering but if I do it and get charged, I pay the piper. My mistake not theirs, unlike that stupid $1.99 mysterious data fee we used to get.
14th September 2011, 09:59 AM   |  #8  
nemanracing's Avatar
Member
Flag Riverside, CA
Thanks Meter: 1
 
78 posts
Join Date:Joined: Aug 2005
More
Quote:
Originally Posted by Mustang02

My mistake not theirs, unlike that stupid $1.99 mysterious data fee we used to get.

That was prob a bad rep adding ringback tone or the like.....
14th September 2011, 03:16 PM   |  #9  
elislurry's Avatar
Senior Member
Raleigh NC
Thanks Meter: 35
 
147 posts
Join Date:Joined: Jun 2010
More
What do these posts have to do with the thread? Take your arguments to the general section.
The Following User Says Thank You to elislurry For This Useful Post: [ View ]
14th September 2011, 07:20 PM   |  #10  
Senior Member
Thanks Meter: 59
 
525 posts
Join Date:Joined: Nov 2010
I am quite confused as to how tethering on the thunderbolt is "undetectable" and the bionic is easily traced.

I have been running DroidTheory,s shiftAOSP under the presumption that tethering is untrackable. I assumed this because it was implied. Was I misinformed about tethering and what makes the bionic Different? Different chipset?

And just to be clear the wired tethering options available aren't as easily traceable or untraceable?
Last edited by Brenardo; 15th September 2011 at 12:28 AM.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes