Ok, I take back the few weeks statement. I took a look a quick look to see what MEP code entry looked like.
I found the function in net.rim.device.apps.internal.options.items.SIMCard OptionsItem within the net_rim_bb_options_app module. The relevant parts of the function are as follows:
Edit: I just did a search for the SIMCard class. I found it in package net.rim.device.api.system within the module net_rim_cldc. Here is the function that the above method calls:
private final void method_11072(int type)
SimplePasswordDialog simplepassworddialog = new SimplePasswordDialog();
String unlockCode = simplepassworddialog.getText();
This confirms what I suspected prior to the edit. The actual unlock validation happens in firmware. I'll have to figure out how to reverse engineer the binary firmware to proceed any further.
public static final void requestDeactivateMEP(int type, byte code)
// invokenative requestDeactivateMEP(int type, byte code)
Don't expect a Thyth-o-matic subsidy unlock code generator any time soon.