Duality Nature Project: Radios, Basebands, RIL, ROOT Superuser, ROM, Bootloader, Modem, Phone Unlock

Thursday, April 28, 2011

Radios, Basebands, RIL, ROOT Superuser, ROM, Bootloader, Modem, Phone Unlock

 I tried asking many questions on popular forums to get these answers. At first glance people seemed knowledgeable. I had some experience with Iphone unlocking and jailbreaking iPhone's and sim unlocking blackberries. I was told that I needed to CID unlock a touch pro 2. I repeatedly asked what a CID lock was specifically but was never directly answered. It was always alluded to in conversations, but never spoken of directly in technical or straightforwards terms. I found a few definitions that a CID unlock allows the flashing of new ROM's. I concluded that the CID unlock was the same as the bootloader as to flash a new ROM one has to be in bootloader and you cannot get access to bootloader when you are on stock ROM/unchanged ROM from carrier. The bootloader is also referred to as ROOT access or Superuser access, because it is the Root of your device when the higher programs like the OS (operating system) has not loaded yet, so you effectly have more control. It is similar to boot screen on a pc. The hardware is different from a pc though in that smartphones like the Touch pro 2 or an iphone use flash memory called EEPROM (electrically eraseable reprogrammable read only memory) that is much easier to manipulate than traditional ROM on a desktop with certain techniques but also more resistant to change or damage vs a desktop computer's ROM. To get access to the bootloader/tricolor/rainbow/etc... could be considered a form of unlocking from the original carriers intended use so once done it can be used in different more advanced ways. Once the bootloader or root access is given, then ROM's can be flashed. Additionally, radio's can be flashed as well when they come prepackaged with other stock roms like sprint stock RUU (rom upgrade utility). I would install a stock RUU to get the radio, not necessarily the ROM itself and then  reflash a custom ROM like MightyROM for Windows phone or Cydia for iPHone. 

The other part to unlocking I found out is the radio. Every radio has certain software that tells it how to function or behave and what signals to collect and what signals to ignore. These are called protocols and are like commands or rules that the radio obeys when functioning. For example a command for the radio could be to connect to a sprint network on 1900 MHz signals. Another command could be ignore signals from Verizon 900 MHz frequencies. Another command that seems to be built into the radio on smartphones is ignore AM/FM frequencies so you can't get traditional radio, although the phone is fully capable of doing so. Part of the reason is because if the radio hardware on your phone picks up too many signals it means it is operating at a faster pace and thus using more electricity and more of the CPU, so there are commands to rule out certain frequencies and that makes it more efficient. The commands have to do with what is called a Radio Interface Layer (RIL). The RIL has two parts a driver and a proxy to communicate with the operating system. So for example you try to connect to Sprint or another carrier on your phone and you go to try to set up a connection in your settings by donig something like Dial Up Networking or Wireless area protocol, Wireless Tether, etc... and you might find that some of them don't work. This is because if the commands are not supported or communicated directly to the RIL then they can be blocked. One way to get around a block is to install new radio software that supports the features or commands that you want to use. Usually the radio software on your phone is also referred to as baseband such as on iphone or android phones in phone settings or device information, about phone section, etc... depending on what type of phone that you have. For example you can take the radio/baseband software that was on an iPad and put it on an iPhone 3gs and get reception from a T-Mobile sim card this way whereas originally with the stock radio/baseband you couldn't.

Now you may also notice that the radio or baseband is also referred to or synomous with modem such as in some connection settings which may say something like, "set up your modem". This is because the modem is the actual device or hardware that picks up radio signals for your phone to use, such as 19oo MHz Sprint or 900 MHz Verizon. A modem is basically an electronic piece of hardware that performs the same or similar functions to a traditional radio that get's radio signals/frequencies. Additionally radio frequencies are invisible and are in the air all the time such as when you turn a car radio on it gets different frequencies or radio stations depending on where you turn the dial, like FM station Z 107.7 or FM station 105.7 the Point. A modem is basically a very tiny piece of hardware that performs the functions of a radio in that it takes invisible radio signals and converts them into data like sound or pictures on the internet. 

So basically you have the motherboard on a device like a phone that contains a CPU and a modem/Radio. What signals and rules the radio/modem obeys is determined by the radio software or baseband generally and  the radio/modem communicates to the CPU through a RIL or Radio Interface Layer that contains a Driver and a Proxy. The CPU can get it's commands to tell and communicate with the radio/modem in many different ways but the main way is the OS or operating system such as when you are trying to set up a new connection in your phone settings for bluetooth or wifi or something similar it is sending commands from where you are (which is the OS) to the CPU which is communicated with the Modem/Radio via the Radio Interface Layer. Its kind of like having a bunch of guys in the room and guy "A" and Guy "C" want to speak to each other but neither speaks the others language so they need a middle man Guy "B" to translate for them. In this case the RIL is translating infromation between the CPU and the Radio/Modem and so it has all the power between those interactions/communications. 

Hopefully that clears things up so far so now I will tell about the 3 common types of locks:


Most people are familiar with SIM lock. Sims are used most places in the world. Usually you just have to enter an unlock code. The other type of lock is a CDMA lock. There is also an unlock code for this. For verizon and U.S. cellular the code is defaulted to 000000. CDMA lock only applies to CDMA phones which operate in the U.S., India, S. Korea, and Japan as of this writing. Most of the other countries only use Sim so they don't have to worry about CDMA. CDMA also works in conjunction with ESN lock. ESN lock has to do with blacklisting or grey listing by mobile phone carriers. If an ESN is blacklisted by a network, then it means it can't be used by that network. To get around this you have to have an ESN put on another network like Cricket or Metropcs. People call this flashing but all you usually have to do is have your CDMA unlock code which is also called the SPC or MSL and is 000000 for Verizon and U.S. cellular but is a random number for sprint. Then you have to install a new PRL file for that carrier once you add your esn to their network. The PRL file is the Preferred Roaming List and pretty much determines what cellular coverage you get.  The menu to access, modify, or other wise change the PRL and the cellular coverage in CDMA phones is the MSL SPC codes and it secret ## dialing menu in CDMA mode such as ##775# for changing the PRL. The main thing is to get the Esn added to their network though. Usually Cricket or MetroPCs will add it for you and do all the software changes like the PRL upgrade for a small fee of about $10. Other carriers like Sprint will not usually add an ESN under any circumstances, which is a shame if you want to use sprint and at this time there is no way around this as far as I know other than to already have a sprint phone. If you don't have a sprint phone but you want sprint service, your best course of action would probably be to try and trade someone on craigslist phones. If not you can flash to MetroPCs or Cricket by calling them and asking them to add the esn and update the PRL to use their service. Every phone is different though and this is only a general explanation that seems to apply to most phones. 

Good Luck!


M A R C U S said...

Thanks man, this helps alot. I was wondering if I could get your help for converting my wife's HTC Desire from Alltel to a Verizon Wireless device.

Let me know if we could start an email correspondence or something. Loved the video on Youtube, thanks for answering my questions.

-Eloquence (Marcus)

Derek Staroba said...

Hey, alltel is owned by verizon you shouldn't have to do anything just call them up and activate its already on their network. The phone I have is the same one with alltel I used it on Verizon np. But I did notice that if you flash it with Cyanogen Mod it shows up as U.S. cellular. Not really interested in U.S. cell but wondering if that might work too if you can get them to add the esn.

sjums said...

You deserve a medal for awesome posting!

Derek Staroba said...

Ty so much but I mustn't be vain right? Ty! :)

GirishMNR said...

how to get the PRL

Post a Comment