How does T-Mobile know I'm tethering unless it's their phone with special hooks?
Some phones flat tell the cellular provider.
Sometimes, the provider knows what the normal TTL for a device is (64 for an iPhone, for example), and if they see something less than that, they know it is from a tethered device.
See also: TCP/IP stack fingerprinting.
Could you find a way around it? I bet so, with a fully rooted phone and a lot of work. Perhaps using a proxy running on the phone hardware, for example.
Still, it will be a lot of work, and it only takes getting caught once for you to invalidate the TOS for T-Mobile and be un-invited as a customer.