This only changes the apparent IMEI at the OS level to mask oneself from apps that pry.

The hardware is still using the same old IMEI as far as the phone company and SIGINT is concerned. This is not readily, or trivially, changeable.

I believe it was easier and possible in older phones. For example if you get an SL45 somewhere, I remember you had to flash your IMEI (or any IMEI) after the firmware change - otherwise it failed to register on the network. That would suggest it wasn't only as software level.

On those older phones the radio and phone application tended to be highly combined and running on the same processor, so re-writing the firmware would require you to reprogram hardware identifiers (there's a handful of embedded PCs at the moment where the ethernet MAC address isn't actually stored in NV memory so also has to be set on boot). -but yeah, you _need_ IMSI and IMEI as minimum to register on a network.

As far as I know, nearly every "modern" or smartphone has distinct separation between OS+applications and the radio world to the point where they're not only running separate firmware (anyone flashing android images will have seen this) but they're running on physically separate CPUs.

The other sad thing about the older phones (I've got a 6310 and a 7110 on my desk at the moment) is that they often don't support A5/3 encryption, so you can't actually use them on most modern networks (I believe it's the encryption; if anyone else knows better please tell me) -so if you're desperate to change the IMEI for some reason you can't just use an ancient handset to do it. It also means I can't throw off the shackles of this modern world and re-live 1990's hardware :(

I guess my original question could be better phrased as "does anyone know if it's possible on a _modern_ handset -and as it's device specific; which ones?"

I also feel I should point out a couple of "good" reasons for the macro operators not wanting people to have the ability. As it's the hardware identifier, it's used to blacklist stolen handsets -and anything that discourages kids from stealing my phone at knifepoint is probably a good thing. Different handsets also have all sorts of odd network quirks too. For macro operators, being able to profile how different handsets behave on their network can be extremely useful just for the sake of keeping the network running properly.

My sudden paranoid realisation though is that if you're a TLA, being able to go from IMEI to make/model of handset and therefore know exactly what exploits to use, must be quite useful o_0