FreeCalypso IMEIs

[Mychaela Falconia]

Hello FC community,

Let me start with a reminder for those new to our mailing list: the
primary mission of FreeCalypso is to produce and market new hardware
devices (development boards, modems and some day a complete libre
phone for end users) with the Calypso chipset and with full commercial
product grade firmware running on this chipset.  Because FC hardware
products are primarily intended not for OsmocomBB-style hacking but
for end-user-style operation on real commercial GSM networks, it is
imperative that every FC hardware device ship with not only commercial
product grade operational firmware and RF calibration, but also an
IMEI assignment programmed in its flash file system that:

a) is world-unique to the best of our ability to ensure such;

b) stands the best possible chance of being accepted as valid by most
   public GSM networks;

c) is as close to genuinely legitimate as is feasible in our
   circumstances.

Toward this end I have made my best-faith due diligence attempt to
obtain an IMEI number range through the official channels:

https://imeidb.gsma.com/imei/iaregistrationrequest

However, there is one insurmountable obstacle with this official path:
they absolutely require that the brand name on the registration form
(and there has to be *some* brand name for which IMEIs are being
requested) be accompanied by proof of ownership of that brand name by
the applicant in form of some government-issued certificate.  In the
case of an applicant like yours truly who does not have any form of
presence (physical or legal or otherwise) in any country other than
USA, the only kind of govt-issued "brand registration certificate" I
can think of that could satisfy GSMA's assinine requirement would be a
trademark registration with USPTO.

In other words, GSMA and their partner agencies in the IMEIDB program
will not allow us to get any legitimate IMEI number ranges for new GSM
ME devices made and sold under the FreeCalypso brand unless I get
FreeCalypso registered as a trademark with USPTO.  I have started
looking into that trademark process and found that it is surprisingly
affordable (only $225 USD for the online application fee, which I can
definitely afford), but the problem is with the processing time frame:
according to USPTO's website, the process from the initial application
submission to the issuance of the trademark registration certificate
(the piece required to *begin* the IMEIDB process) is on the order of
many months to a whole year.

I am hoping to get my FreeCalypso trademark application completed and
submitted no later than September (next month), in which case we will
hopefully get the trademark process complete and become able to at
least attempt the official IMEIDB route some time in late 2018.  I am
doing this process in order to be able to make another good faith, due
diligence attempt at getting a legitimate IMEI range assignment for
whatever our next FC hardware product is going to be, but not for the
present FCDEV3B.

In the case of our current and almost ready to ship FCDEV3B product, I
am certainly not going to put everything on hold for a whole year
until we can get a registered trademark to please IMEIDB admins, hence
we have to take a different approach.

For our current FCDEV3B product, I have decided to make a reuse of the
35465101 TAC (first 8 digits of the IMEI) that was originally assigned
to FIC for the GTA01 and later reused by Openmoko for the GTA02, i.e.,
number our FCDEV3B boards out of an unused subrange of FIC/Openmoko's
range.  I was previously intent on squatting on an unused subrange of
Pirelli's 35278901 range instead, and the three boards that have
already been shipped to our community members and/or crowdfunding
contributors have been shipped out with the /etc/IMEISV file in FFS
containing a number taken from that 35278901 range (but you all know
the fc-fsio set-imeisv command to change it to whatever you like :),
but after deeper consideration I have decided that presenting
ourselves to GSM networks as if we were Openmoko should be a better
choice than claiming to be a Pirelli DP-L10.

The IMEIDB entry for TAC 35465101 reads "FIC Neo1973 smartphone", and
our FCDEV3B is most definitely not a smartphone, so how is pretending
to be a Neo1973 any better than pretending to be a Pirelli DP-L10?
The answer lies in the similarity of use cases between Openmoko GTA0x
devices and our FCDEV3B, and a big dissimilarity with the Pirelli.

The production firmware on our FCDEV3B modems (Magnetite presently and
Selenite in the future) provides the user with an AT command interface
with voice, SMS, CSD and GPRS capabilities, and the user is free to
play with this AT command interface as she wishes.  But exactly the
same thing is true of OM GTA0x devices, the word "smartphone" in the
IMEIDB entry notwithstanding: despite having the form factor and the
two-processor architecture of a smartphone, GTA0x devices have always
been fully open above the serial interface to the modem from day one,
thus if a network operator sees that a user is connecting from a
GTA01/02 device, that operator cannot make any assumptions about what
"smartphone" application software stack may or may not be in use:
everything above the AT command interface and all capabilities of that
interface are fair game for the end user to play with as she sees fit
on an OM GTA0x, exactly the same as on our FCDEV3B.

Now contrast with the Pirelli DP-L10.  Pirelli's product has never
offered an AT command interface as an official feature: the interface
presented on the phone's USB-serial port (Calypso IrDA UART) is TI's
RVTMUX, no AT commands; if you disassemble a Pirelli phone to shreds,
there is an unpopulated FPC/FFC connector footprint deep inside that
has Calypso MODEM UART signals on it, and there *might* be a working
or at least somewhat working AT command interface lurking in there (I
say "might be" because the hardware surgery to prove or disprove it
experimentally is more than I am willing to do at the moment), but
even if there is a somewhat working AT command interface on that
FPC/FFC internal debug interface, it can only be there because Foxconn
did not bother with removing it from their TI-based fw, not any kind
of properly supported feature of the product.

No external AT command interface means no CSD and no GPRS except
Pirelli's specific proprietary implementation of MMS (and possibly
WAP, not sure), thus making a CSD call or free use of GPRS from a
GTA02 or an FCDEV3B while presenting a 35278901 IMEI to the network is
a little akin to claiming to be a woman while standing to pee or
worse, having sex in the manner of a man - something that a lot of
people in the trans* community do but which I can never agree with.

Another similarity we have with Openmoko devices and a corresponding
dissimilarity with the Pirelli is the firmware situation.  Our fw is
genealogically descended from Openmoko's, and all of our current fw
offerings work equally well on both FCDEV3B and GTA0x devices, with
all of the functionality including CSD and GPRS.  (The fw binaries are
different for GTA0x and FCDEV3B targets, but only to accommodate for
some very small differences in the hw.)  Now contrast with the Pirelli:
their proprietary fw is quite different from ours, and our fw cannot
be used on Pirelli's hw except in a very crippled manner.

The above similarities between our hw+fw product and Openmoko's and
the corresponding dissimilarities with the Pirelli DP-L10 have led me
to the conclusion that pretending to be an Openmoko device to GSM
networks would be much closer to the truth than pretending to be a
Pirelli DP-L10, hence my decision to assign 35465101 IMEIs instead of
35278901.

I have already picked out a specific subrange out of FIC/OM's IMEI
range which I plan on using; per my current plan FCDEV3B IMEIs will
take the form of:

35465101-XXXyyy

where XXX are the digits I have selected to minimize the probability
of conflict with any FIC/OM-made GTA01 or GTA02 devices and yyy is the
3-digit individual serial number of a given FCDEV3B board.  I do not
plan on publishing the 3 XXX digits, as knowing the exact subrange out
of FIC/OM's range that is being reused for the FCDEV3B would make it
too easy for our enemies to create a blacklist entry for it.

As a matter of due diligence, I have emailed Mr. Sean Moss-Pultz (the
founder and last owner of Openmoko) indicating my intent to make a
reuse of a small subrange of FIC/OM's IMEI range, and also indicating
the specific subrange (the unpublished XXX digits) I plan on using.

The next batch of FCDEV3B boards which are on order from Technotronix
are expected to arrive in late August or early September, and I would
like to be able to ship them out no later than the end of September or
the beginning of October.  I have indicated this timeframe in my email
to Sean, and asked him to voice any objections, if he has such, before
the end of September.  Given this time window of more than a month, I
feel that I have done my due diligence, thus if I don't hear any
objections from Sean or any other Openmoko people or any other
situation-changing news before the end of September, FCDEV3B boards
from the next batch will ship out with IMEI assignments as detailed
above.

One last note: I have made references to what the official IMEI master
database says for some specific TACs (IMEI ranges).  Where can one
find this database?  Its official maintainers keep it secret and
inaccessible to mere mortals like us, but I have found a few leaked
dumps of this database of varying completeness on Scribd.  The latter
site is paywalled, but the paywall price was affordable, so I signed
up, and once I was in, I downloaded both TXT and PDF dumps (the two
formats they offer) of the few interesting docs I found, and they are
now on our FTP site:

ftp://ftp.freecalypso.org/pub/GSM/IMEI/

Hasta la Victoria, Siempre,
Mychaela aka The Mother