Droid Bionic wireless tether reverse engineering

---

This thread is intended to discuss technical details of the Droid Bionic's wireless tethering system. Please keep all posts on topic.

Here's what has been discovered to far:

• The "Mobile Hotspot" lockout can be disabled by setting entitlement_check=0 in the settings storage database com.motorola.android.providers.settings. This is thoroughly discussed in other threads.
• While tethering your phone will disconnect and reconnect to the network using alternate credentials containing your ISMI. These credentials appear to originate from the SIM card. The previous RadioComm NAI method does not work with the new LTE chipset.
• The web service used by the entitlement check appears hard-coded in VzwEntitlementService.odex. It is located at: https://quickaccess.verizonwireless....e/service?WSDL
• The "Mobile Hotspot" icon isn't a stand-alone application, it's just a link to the settings page (Settings > Wireless & Networks > Tethering & Mobile Hotspot > Mobile Hotspot settings)

Please feel free to share your observations!

Quote:

Originally Posted by vmspionage

• While tethering your phone will disconnect and reconnect to the network using alternate credentials containing your ISMI. These credentials appear to originate from the SIM card. The previous RadioComm NAI method does not work with the new LTE chipset.

I'm curious, since this is the case, I would assume that using this they can actually verify who is paying for tethering and who isn't by comparing these connections to who is actually paying for the service. I know the phone hasn't been out long enough for this to be tested very much, but any off chance that someone's billing cycle has reset or can tell if they can track it or not?

\system\etc\apns-conf.xml

Code:

    <!-- BEGIN Motorola, a13803, 07/10/2010, IKHALFMWK-87: Modify Apn database for VZW LTE support -->
    <!-- BEGIN Motorola, btm478, 12/02/2010, IKHALFMWK-117:Change Inactivity Timer to 24 hrs  -->
    <apn carrier="Verizon Internet"
        mcc="310"
        mnc="004"
        apn="VZWINTERNET"
        mmsc="http://mms.vtext.com/servlets/mms"
        type="default,mms,dun"
        inactivetimer="1440"
        enabled="true"
        iptype="IPv6v4"
        class="3"
    />

\system\etc\motorola\com.motorola.android.dm.servi ce\databases\dmAccounts.xml

Code:

<list>
        <string>__overwrite_all__</string>
        <map>
                <string name='AccName'>VzWDMServer</string>
                <string name='UserName'>xxxxxxxxxxxx</string>
                <string name='ServerPW'>0000000000000000</string>
                <string name='AuthPref'>DIGEST</string>
                <string name='ClientNonce'>123abc</string>
                <string name='AddrType'>1</string>
                <string name='ServerID'>com.vzwdmserver</string>
                <string name='Addr'>https://4g.vzwdm.com/</string>
                <string name='ClientPW'>xxxxxxxxxxxx</string>
                <string name='ServerNonce'>abc123</string>
                <string name='ConRef'/>
                <string name='Name'>VzWDMServer</string>
                <string name='PortNbr'>443</string>
        </map>
</list>

---------- Post added at 08:13 PM ---------- Previous post was at 08:09 PM ----------

Quote:

Originally Posted by K.AuthoR

I'm curious, since this is the case, I would assume that using this they can actually verify who is paying for tethering and who isn't by comparing these connections to who is actually paying for the service. I know the phone hasn't been out long enough for this to be tested very much, but any off chance that someone's billing cycle has reset or can tell if they can track it or not?

Yes. If you don't subscribe to tethering then you should never be using that authentication method and your usage for that account should be zero. It would be trivial for them to figure out who is tethering based on the usage logs and feature list alone.

In fact, I've seen evidence (but haven't verified) that if you subscribe to tethering those data bytes will show up as a separate "Tethering Usage" line item in the "My Verizon" app on the data details screen... it's just hidden for everyone else.

Well **** me then, I did that hack and tethered for about 10 minutes between class today. If it shows up on my bill (probably will at this point) I can probably get them to drop it if I bitch enough since usually VZ is flexible if it's a one-time offense.

Quote:

Originally Posted by K.AuthoR

Well **** me then, I did that hack and tethered for about 10 minutes between class today. If it shows up on my bill (probably will at this point) I can probably get them to drop it if I bitch enough since usually VZ is flexible if it's a one-time offense.

You are going to bitch at them for you trying to illegally tether? Man up and just pay it.

I'm probably provoking an already-beaten-to-death argument by saying this, but I believe that in my payment for data, I should be allowed to use it how I want. I seriously doubt they'll come after me for a couple of megabytes anyway, if it's not excessive then I'll just take it as a good omen and continue on with my lesson learned.

I'll stop derailing the thread now, but I'll still be interested to learn what's going on on the inside.

Quote:

Originally Posted by K.AuthoR

I'm probably provoking an already-beaten-to-death argument by saying this, but I believe that in my payment for data, I should be allowed to use it how I want. I seriously doubt they'll come after me for a couple of megabytes anyway, if it's not excessive then I'll just take it as a good omen and continue on with my lesson learned.

I'll stop derailing the thread now, but I'll still be interested to learn what's going on on the inside.

Tethering wasn't the point, bitching to have them remove the cost of you tethering was. I'm all for tethering but if I do it and get charged, I pay the piper. My mistake not theirs, unlike that stupid $1.99 mysterious data fee we used to get.

Quote:

Originally Posted by Mustang02

My mistake not theirs, unlike that stupid $1.99 mysterious data fee we used to get.

That was prob a bad rep adding ringback tone or the like.....

What do these posts have to do with the thread? Take your arguments to the general section.

I am quite confused as to how tethering on the thunderbolt is "undetectable" and the bionic is easily traced.

I have been running DroidTheory,s shiftAOSP under the presumption that tethering is untrackable. I assumed this because it was implied. Was I misinformed about tethering and what makes the bionic Different? Different chipset?

And just to be clear the wired tethering options available aren't as easily traceable or untraceable?