WARNING: **Rooting is a very bad idea, as it will entirely break the security model of Android.** +
If you're considering using an unused phone to tether from (which is rooted, and contents were already wiped), check the bands it supports on link:https://www.kimovil.com/[Kimovil].
== Introduction
== Requirements
* Magisk, and by that accord *root*; link:https://github.com/Iazos/Ez_Magisk[installing Magisk (via recovery)]
This guide showcases the fastest and most reliable way of tethering on Android (both non-root and root), but is incompatible with many ROMs and kernels. +
There are sections made within reason to make this guide compatible with more devices, with those being clearly defined as worse choices.
* The link:https://f-droid.org/en/packages/com.termux/[Termux] terminal emulator (link:https://wiki.termux.com/wiki/Termux_Google_Play[from F-Droid only])
WARNING: A rooted tethering device (Android phone likely) is faster and far more reliable than non-rooted devices with mobile data after finishing this guide. +
Just ensure the rooted tethering device has no sensitive information, as root entirely breaks Android's security measures.
* Installing Busybox Magisk module
. Magisk -> Modules (puzzle piece icon)
. Search for 'busybox' to find "Busybox for Android NDK", then install it
. Check the bands the phone or tablet supports before proceeding, at: link:https://www.kimovil.com/[Kimovil] +
If it doesn't support all of your telecom's bands, don't expect good results (for any guide).
. Enabling "Data Saver" while tethering is recommended. Which should restrict data usage to tethering, and what app is at the forefront only. +
** Don't use Google Play Services or microG if possible, as they may ignore "Data Saver" completely.
*** Those two apps can also slow the device down while also draining the device's battery heavily; this is more severe on older Android versions, and some ROMs deviating heavily from Google's AOSP.
.**Recommended (for root)**
[%collapsible]
====
* Google Play Store, alternatively through link:https://gitlab.com/AuroraOSS/AuroraStore/-/releases[Aurora Store]
** link:https://play.google.com/store/apps/details?id=com.draco.ktweak[KTweak for higher network speeds], using its 'throughput' profile
** The link:https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf#installation[MagiskHide Props Config] module.
** The link:https://f-droid.org/en/packages/com.termux/[Termux] terminal emulator (link:https://wiki.termux.com/wiki/Termux_Google_Play[from F-Droid only]).
*** If you are using an F-Droid app to download and install Termux, don't use the official F-Droid app, use link:https://github.com/Iamlooker/Droid-ify/releases[Droid-ify] instead.
** The Busybox Magisk module:
. Magisk -> `Modules` (puzzle piece icon)
. Search for 'busybox' to find "Busybox for Android NDK", then install it.
*2: Install the following apps; if needed, use the link:https://gitlab.com/AuroraOSS/AuroraStore/-/releases[Aurora Store] app for installing apps on the Google Play Store.*
* link:https://play.google.com/store/apps/details?id=com.draco.ktweak[KTweak for higher network speeds], using its "throughput" profile.
* link:https://adaway.org/[AdAway to block Network Signal Guru's ads]. +
Magisk's "Systemless Hosts" feature has to be enabled for AdAway to work.
** link:https://play.google.com/store/apps/details?id=com.qtrun.QuickTest[Network Signal Guru for band locking], which is required to maintain reliable speeds.
* Kernel with the "xt_HL.ko" module (netfilter's TTL packet mangling) enabled
** Known kernels with support (and seem high-quality):
*** Freak07's link:https://forum.xda-developers.com/t/kernel-23-07-2021-android-11-kirisakura-1-1-8-for-asus-zenfone-8-aka-sake.4295287/[Kirisakura] for ASUS ZenFone 8
*** kdrag0n's link:https://forum.xda-developers.com/t/kernel-pixel-5-proton-kernel.4194683/[Proton Kernel] for Google Pixel 4a 5G/Pixel 5
*** kristofpetho's link:https://forum.xda-developers.com/t/kernel-oos-omega-kernel-oos11-august-7-2021.4271027/[Omega Kernel] for OnePlus 9 Pro
*3: The kernel in use has the "xt_HL.ko" module built-in (netfilter's TTL packet mangling).*
* High-quality kernels with "xt_HL.ko" support, that also use the BBR TCP congestion control algorithm (which link:https://docs.google.com/spreadsheets/d/1I1NcVVbuC7aq4nGalYxMNz9pgS9OLKcFHssIBlj9xXI/edit#gid=1926845420[greatly increases reliability]):
If there's no output, the commands succeeded (kernel has "xt_HL.ko" support)
TIP: If your preferred custom kernel does not support `--ttl-set` and `--hl-set`, inform them of this repository +
For kernel tweakers: link:https://web.archive.org/web/20210423030541/https://forum.xda-developers.com/t/magisk-stock-bypass-tether-restrictions.4262265/[an aid with enabling "xt_HL.ko" support through Magisk]
** If there's no output, the commands succeeded (kernel has "xt_HL.ko" support).
TIP: If your preferred custom kernel does not support `--ttl-set` and `--hl-set`, inform them of this repository. +
For kernel tweakers: link:https://web.archive.org/web/20210423030541/https://forum.xda-developers.com/t/magisk-stock-bypass-tether-restrictions.4262265/[an example of enabling "xt_HL.ko" support through Magisk].
=== Don't meet the root requirement?
== For non-rooted
* This is the preferred way, if...
** The ROM used explicitly stops Android from snitching:
* *Using a ROM that explicitly stops Android from snitching is required:*
** Always set TTL to 65 on the devices being tethered to
*** Adjusting TTL alone could work on a few telecoms, but it's meant as a supplemental step for telecoms with smarter detections
* Caveats:
** Cell band locking is likely not possible; don't expect reliable stationary speeds.
** TTL detections have to be bypassed per device, or a router has to do it with one of the following firmwares:
*** Asuswrt-Merlin: `WAN` -> enable `Extend the TTL value` and `Spoof LAN TTL value`.
*** DD-WRT, Tomato, OpenWrt, or GoldenOrb (the best option for anything telecom related).
NOTE: Some router firmware (Asuswrt-Merlin, DD-WRT, Tomato, OpenWrt) can set TTL for all devices connected to it.
TIP: Skip straight to the "About" section, then "3. Test TTL & HL change on the tethered device"; these are the only root-less sections
== About telecoms (mobile providers/carriers)
* Telecoms do know about these tricks, but the offensive (this guide) is much stronger than the defensive.
** Telecoms' defenses being:
*** Using link:https://en.wikipedia.org/wiki/Deep_packet_inspection[DPI software] to detect and/or shape traffic based on certain criteria, such as Video Streaming (throttling YouTube and/or Netflix to force low video quality), which VPNs directly counter.
**** If VPNs are pwned (blocked and/or throttled), try these protocols: IKEv2, SoftEther, then OpenVPN with tls-crypt (use TCP if UDP is pwned).
*** Android and iOS telling the telecom that it's tethered/hotspot data.
*** Checking the IMEI of the device to see if it's a phone/tablet or not.
**** Sometimes blocking IMEIs (usually non-Sierra LTE modems like Quectel, but can be easily spoofed into an allowed IMEI anyway...)
== About
* Your telecom cannot:
** Directly prove this method (link:https://github.com/RiFi2k/unlimited-tethering[among some others]) is being used
*** Telecoms do know about this, but the offensive (this guide) is much stronger than the defensive, their defense being: DPI software, and the OS (Android and iOS) telling the telecom that it's tethered +
This guide can solve the OS problem unless it's iOS (buy the latest Google Pixel next time, it has proper firmware & hardware & software security as iPhones do)
=== VPNs
* Your telecom can (if no traffic encryptor such as Tor or a VPN is used):
** Check for specific domains being connected to that only a Windows PC or Mac would connect to, but not an Android phone.
** Use link:https://en.wikipedia.org/wiki/Deep_packet_inspection[DPI software] to shape traffic based on certain criteria(s), such as Video Streaming (throttling YouTube videos and/or Netflix, and/or forcing lower video quality)
A paid VPN is recommended as it's easy to route all traffic through it, and shouldn't reduce speeds if:
* A paid VPN is recommended since it's easy to route all traffic through it, and shouldn't reduce speeds, given the following criteria:
** Protocol used is WireGuard (fastest, expect on unreliable links), IKEv2 (best on unreliable links), or SoftEther (reasonably fast and best at bypassing DPI). +
** If the speeds are lower than expected on all protocols, connect to the VPN on a different device, specifically one with link:https://en.wikipedia.org/wiki/AES_instruction_set#x86_architecture_processors[AES-NI supported]
* The protocol used is IKEv2 (fastest on unreliable links), or SoftEther (the best at bypassing DPI software, with good speeds). +
** WireGuard is fastest on not unreliable links, but is easily detected by DPI software.
** If the speeds are lower than expected on all protocols, connect to the VPN on a different device, specifically one with link:https://en.wikipedia.org/wiki/AES_instruction_set#x86_architecture_processors[AES-NI supported].
WARNING: VPNs don't grant privacy, Tor and I2P do; these can easily be used alongside a VPN if desired +
For this guide, VPNs are used for the intention of hiding traffic from your telecom, and ensuring web content isn't blocked +
*`Ultimately, usage of a VPN is optional`*
.Good paid VPN providers do the following (and VPN recommendations)
.Good paid VPN providers do the following
[%collapsible]
====
* Transparent communication
* Use only dedicated/physical/bare metal servers
** Dedis are faster and more secure than virtual servers ("VPS" / "VDS")
** No hard drives installed in the servers is a good bonus
* No fake (geo-located) server locations
** Unless they are stated as such
* All server locations allow all traffic except outbound port 25 (to prevent email spam abuse)
* Ability to link:https://airvpn.org/faq/port_forwarding/[select ports to forward].
** AirVPN, hide.me, and TorGuard have the best implementations of port forwarding
*** link:https://teddit.net/r/VPNTorrents/comments/oqnnrq/list_of_vpns_that_allow_portforwarding_2021/[List of VPNs that allow P2P and Port Forwarding]
* Recommendations based on the above criteria and personal experiences:
. link:https://airvpn.org[AirVPN]
** Mirrors: link:https://airvpn.dev[AirVPN #2] | link:http://airvpn3epnw2fnsbx5x2ppzjs6vxtdarldas7wjyqvhscj7x43fxylqd.onion[AirVPN via Tor]
. link:https://mullvad.net[Mullvad]
** Mirror: link:http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion[Mullvad via Tor]
. link:https://hide.me[hide.me] (supports IKEv2 and SoftEther; the other recommendations don't)
. Transparent communication, and easily accessible forums or a Discord "guild".
. Only bare-metal (dedicated) servers used, with no hard drives (RAM only).
** Bare-metal is faster and more secure than virtual servers ("VPS" / "VDS").
. State their geolocated (fake) server locations, or have none.
. All server locations allow all traffic except outbound port 25.
** P2P should never be blocked, despite also being abuse-prone.
. Ability to link:https://airvpn.org/faq/port_forwarding/[select ports to forward]; this heavily gauges if a VPN provider is worth your time, even if you never need port forwarding.
** AirVPN, hide.me, Mullvad, and TorGuard have the best implementations of port forwarding as of 31 December 2021.
*** link:https://teddit.net/r/VPNTorrents/comments/oqnnrq/list_of_vpns_that_allow_portforwarding_2021/[List of VPNs that allow Port Forwarding].
====
== 1. Configure props
. Launch Termux
== 1. Start of the root-only guide: Configure props
NOTE: For non-root, skip to *3.*
. Launch Termux.
. `$ su`
. `# settings delete system tether_entitlement_check_state; settings delete global tether_dun_required`
. `# props`
@ -128,20 +132,20 @@ For this guide, VPNs are used for the intention of hiding traffic from your tele
== 2. Adjust TTL & HL
* Getting the correct network interface(s); look for 'rmnet' and/or 'rndis' (example: "v4-rmnet_data2")
* Getting the correct network interface(s); look for 'rmnet' and/or 'rndis' (example: "v4-rmnet_data2").
** `$ netstat -i`
.Termux:Boot
[%collapsible]
====
* link:https://f-droid.org/en/packages/com.termux.boot/[Install Termux:Boot] and disable "battery optimizations" for Termux and Termux:Boot in your phone's settings
* link:https://f-droid.org/en/packages/com.termux.boot/[Install Termux:Boot] and disable "battery optimizations" for Termux and Termux:Boot in your device's settings.
* Make the script:
. `$ mkdir -p ~/.termux/boot` +
. `$ cd ~/.termux/boot` +
. `$ mkdir -p ~/.termux/boot`
. `$ cd ~/.termux/boot`
. `$ nano set-tether-ttl.sh`
NOTE: Replace "v4-rmnet_data2" with your network interface if it's different
NOTE: Replace "v4-rmnet_data2" with your network interface if it's different.
** `$ chmod +x set-tether-ttl.sh && sh set-tether-ttl.sh`
Termux:Boot will automatically run set-tether-ttl.sh after startup/boot, though it will break if the interface name changes, which I cannot test nor know if this happens on Android, and if it does it may be specific to a ROM
*** Termux:Boot will automatically run set-tether-ttl.sh after startup/boot, though it will break if the interface name changes, which I cannot test nor know if this happens on Android, and if it does it may be specific to a ROM.
====
@ -162,14 +165,14 @@ Termux:Boot will automatically run set-tether-ttl.sh after startup/boot, though
nermur
2 years ago
committed by
GitHub