Hi everyone,
I’m in a bit of a unique and challenging situation regarding internet access and would really appreciate some insights from this community.
I live in an area with limited internet options – no fiber and subpar 5G connectivity. The only available wired internet is via an outdated telephone line, offering a mere 2mb download speed, which is far from sufficient for my needs. My job involves sending and downloading large files regularly, often exceeding 100GB, so a fast and reliable internet connection is crucial.
Currently, I’m using T-Mobile’s Mobile Unlimited plan on my phone, which gives me about 50mb download speed. It is called „L Nielimitowana” (I’m from Poland). It’s manageable but not ideal, especially since I need to keep my phone constantly connected to my PC. This setup is far from ideal for my work.
I approached T-Mobile about a 5G router plan, but they informed me that they don’t offer 5G router plans in areas with suboptimal connections to avoid providing unsatisfactory service. However, they did propose an alternative: getting a second SIM card with unlimited 5G internet at half the price of my current plan. But here’s the catch – the representative and the contract clearly state that this SIM card will not work in a mobile router, only in phones.
This brings me to my main questions for you knowledgeable folks:
Is it true that T-Mobile (or other carriers) can distinguish if a SIM card is being used in a router instead of a phone? If so, how do they do it?
Are there any workarounds or specific types of routers that might bypass this limitation?
Having a router with this type of internet would be a game-changer for me, so any advice, insights, or experiences you can share would be immensely helpful.
Thanks in advance!
Yes, but you can work around any imitations if you are clever and understand their means of detection.
The carrier can tell whether the sim card is in a phone vs tethered to a router and shared. They can track this in two ways.
- via the IMEI number of the phone, some carriers will detect if the sim is not in a voice device, so placing the sim in a 4/5G enabled router may be esily tracked & detected.
- Tethered to a router via USB can be detetected via the TCP/IP TTL value. With every hop on a netowrk, the TTL of packets is reduced in increments. The carrier can look at the TTL it expects vs the TTL is sees t odetermin that there are more hops downstream of the phone, which will be added by a router.
But this can all be defeated
You simply tether your phone to a router over USB as if it is a WWAN interface. OpenWRT is a great router OS to do this (I have done this with both iphone and adroid, though android is simplest)
AFrom there, with the WWAN setup up, all you need to do is re-increment the TTL by 1 at the router to compensate for the extra hop and your router is invisible to the carrier.
This is done in the OpenWRT firewall custom config: (here is a example I am using in my config, - “wan_iphone” is the usb tethered phone interface name)
iptables -t mangle -I POSTROUTING -o wan_iphone -j TTL --ttl-inc 1
Your carrier wil have no idea!
Hi there,
First off, a big thank you for taking the time to share such a detailed solution! I really appreciate it!
I should clarify a bit more about what I’m looking for, though. My ideal setup is to use a second SIM card directly in a router, without involving my phone at all. This way, I can keep my phone free for regular use and mobility while a separate router manages my home internet needs.
Given your knowledge on the topic, do you think it’s possible to set up something like this, especially with the carrier’s restrictions? I’m curious if there’s a specific type of router that could work around these limitations?
You might want to consider the purchase of a second phone that can be permanently tethered to your router or phone. T-Mobile will definitely be able to detect usage directly in a router SIM slot. A buddy of mine purchase a couple of plans that used a SIM intended for phone plans in the router, these plans were quickly shut down by T-Mobile and/or ATT. He had no recourse to go after the shady dealers as they had disappeared.
The spare phone as a modem is the only foolproof way unfortunately.
With a router, devices connected behid this creates an an extra hop and this can be detected in the TTL, but you mileage may vary if you put a sim in a WWAN enabled router. It might work or it might not.
I’ve tried a number of methods with different carriers. Some dont limit this sort of thing via technical surveileance, they just deploy an acceptable use policy. (but these are typically the carriers that give you unlimited data BUT with a maximum speed cap) The faster the link, the more likely you will encounter proactive surviellance.
EDIT: This below usb modem link is also a voice enabled device that you can build a raspi phone out of, and it also can recieive SMS, making it likely it reports as a voice enabled device, which is what carriers usually stipualte. I’ve had no issues with multiple SIM plans in it.
I use this IOT type usb industrial modem plugged into my OpenWRT router as my failover link which is viraully plug and play in linux, The benefit with this is I can also use this modem on other professional study projects for testing and its much cheaper that a spare phone. Its just another cheaper option to think about.
Hi again,
I understand that it might not be feasible to know the specifics of every router model, so I won’t list various options. Instead, I’m wondering if it’s possible at all for a commercial 5G router, like the Netgear MR5200, to bypass IMEI detection issues. If there’s a chance, what specifications or features should I look for in a router to increase the likelihood of it working with the SIM card without detection? If this approach is too uncertain, I’ll use a cheap 5g capable phone as a modem instead.
As I said, the router’s WWAN IMEI is a bit like a MAC address that is bound to a hardware brand and type. But unlike simple MAC spoofing, you cant bypass that without some very advanced spy level hack skills and that’s can even be a criminal offence in some countries. (IMEI numbers are involved in network and cell tower authentication.) The carrier expects a link with a device that has the IMEI of a voice handset - and the Netgear cant do this.
Your carrier might work with the Netgear just fine, but that will only due to how motivated the carrier is to dectect and police this breach of their terms. You can buy the Netgear, but there is a risk that you’ll get cut. The only way to defeat this reliably is via the method I’ve given you, which is akin to exploiting a technical loophole.
Have you considered spinning up a virtual machine in the cloud and just using your home internet to connect via a remote desktop and do all of your work from there?
That’s a interesting approach. However, I’ve already invested a lot of money in setting up my home workspace and equipment. I’d prefer to find a solution that allows me to make the most of what I’ve already established.
I don’t have an answer to your question, only more questions — When you download large files, are you downloading onto your phone using the phone browser, and then copying onto your computer from the phone? Or downloading directly onto the computer using internet sharing from the phone?
Coming from the US, I am using a T-Mobile unlimited plan here that will give unlimited connection to the phone itself, only. If I connect a computer to it the data to the computer is sharply limited.
So for me, the way you are already doing it wouldn’t work, and I could easily put the SIM in a router but then I’d only get slow data for everything connected.
Yes they can. Based on the imei
But here’s the catch – the representative and the contract clearly state that this SIM card will not work in a mobile router, only in phones.
Try it, I bet it will work anyway (it does in the US)
I suspect this all boils down to commercial factors for the carrier, and this is triggered via the the amout of data you download.
If you are in the top few percentile of all plan users you will absolutely draw attention to yourself. I tend to believe that these sorts of scans are only performed against top abusers. Like small credit card fraud there is a an accepted cost built in because the cost of surveillance and correction can be much higher that the cost of the fraud itself.
If you just use a common about of data you may never have any issue becasue it takes resources to track and manage abusers, and if that user is within an average user profile it actually works against the carrier to cut you off because its just revenue.
It works until the vendor does a scan and shuts the SIM off for violation of the terms of service. It’s happened more than once to a buddy the has bought this kind of solution from shady dealers that don’t mention they are using a phone SIM.
Yes this is likely, which is why using a device that reports voice capabilties to the carrier (ideally a 2nd phone) as the modem is the safest way. The rest is sort of mid level TCP/IP networking fun. I’ve been running for 3 years with no issues this way.
Oh yeah I forgot to ask, do you use iphone or android?
If you use iphone you need to run a little script in the background to stop the phone asking for you to trust the connection and stopping the link every so often. I’ve added it for others that might search this solution later…
# Make iPhone tethering stay alive on OpenWrt
# After you successfully trusting the iPhone for tethering, copy files with name like
/var/lib/lockdown/12345678-9ABCDEF012345678.plist to /etc/lockdown/locks.
# That way, you won't have to set up trust again after router reboots.
if [ -e /etc/lockdown ]
then
mkdir -p /var/lib/lockdown
cp -f /etc/lockdown/* /var/lib/lockdown/
fi
# lockdown records restored, now we can launch usbmuxd. Don't launch it sooner! (this is run from inet.d)
usbmuxd
# We are up and running now. But unfortunately if your carrier signal is weak, iPhone will
# drop connection from time to time and you'd have to unplug and replug USB cable to start tethering
# again. Script below automates that activity.
# First wait a bit - we just brought the interface up by usbmuxd
sleep 60
# If we see iPhone ethernet interface, try to ping iPhone router's address (172.20.10.1).
# When the ping is unsuccessful, rebind iPhone ethernet USB driver and wait for things to settle down
while :
do
for i in /sys/bus/usb/drivers/ipheth/*:*
do
test -e "${i}" || continue
ping -w 3 172.20.10.1 &> /dev/null
if [ "${?}" -ne 0 ]; then
echo "${i##*/}" > "${i%/*}"/unbind
echo "${i##*/}" > "${i%/*}"/bind
sleep 15
fi
done
sleep 1
done
EOF
Worst case scenario you should be able to root your phone and do wifi hotspot without the carrier knowing. Might not work well for a ton of machines but for one it should do fine.