PRL Hacking Phones

Print Friendly, PDF & Email

Note: this is not an original article, it did not appear on this date. This date is used because I found a HowardForums post that I had made on this date, in reference to the work I was doing. It’s a story worth remembering. So I wrote this piece, but gave it the 2005 date because that was the time I was actually doing this, even though in this article I specifically reference things that happened well after 2005.

In 2009 and 2010, I created my own hack of Windows Mobile 6.5 for the HTC Touch (“Vogue” phone), but that was done using a special tool that made it easy to do. I called my own distribution NuVogue. I would provide links to files, but they were lost in a 2013 server hack and I didn’t really have any backups of those files. Nobody wants to use them anymore, anyway, it’s okay. 😉

But before trying to build Android for Vogue, or my own Windows Mobile distributions, I did my first PRL hack. A PRL is a Preferred Roaming List. The PRL is used by CDMA cell phone carriers (Verizon Wireless and Sprint in the United States). The PRL contains a list of the towers your phone is allowed to “roam” on, when you can’t get a signal from your own carrier. These are towers that have been agreed upon between multiple carriers – not all towers are necessarily included in a roaming agreement.

In 2005 I was with Verizon Wireless. It worked great when I was away at college, but in my home town my coverage was spotty. Not just spotty, but in the apartment I was living in with a few room mates, my Verizon Phone couldn’t get a signal at all. In fact, I had to go outside, and walk nearly a block away just to check text messages and voicemails. My room mates, who both had Sprint, had flawless coverage.

After following some of the aforementioned “HoFo” tutorials, and deciding to just tinker on my own, I found a piece of software that would talk to my Audiovox CDM-9900 phone called Asura. Asura allowed me to extract a PRL from my phone. I then used “QPST” (Qualcomm Product Support Tools) to modify the PRL. The System ID for my town for Verizon Wireless was 32. I was able to get the “SID” from my friend’s phones, and modify my PRL to include their SID number. Once I uploaded the hacked PRL to my phone and restarted it, I suddenly had a cell phone signal!

It wasn’t a perfect system. Texts didn’t always come through automatically. I might have to dial a phone number and establish a connection to the tower and then a queue of texts would come to my phone. But at least I didn’t have to travel a block every time I wanted to use my phone. And if someone actually needed to call me (people actually called each other in 2005), they could still get through to my phone! It would actually ring and I would make the call using the Sprint tower, even though I was still a Verizon Wireless customer!

I used this new PRL “sparingly” for a few weeks, until I could get a bill and see if there were additional charges. There weren’t! I was beating the system! I only ended up doing this for about two months over one summer, but it was a very cool, very memorable feeling. I had used my geek powers to outsmart the major companies for a few weeks in the summer of 2005. Go me.