Use Magisk's built-in busybox instead

Corrected the following mistakes:
- Incrementing TTL & HL on the wrong network interface (rmnet).
- Not removing properties before setting them; changes don't apply as intended without doing this.
- Not waiting until the end of the PREROUTING iptables chain to increase TTL/HL.
- Suggesting to download a huge app (Termux) to check for one thing, which is TTL & HL decrement/increment support.

.gitattributes

@@ -3,3 +3,4 @@ META-INF/** text eol=lf
 *.prop text eol=lf
 *.sh text eol=lf
 *.adoc text eol=lf
+*.json text eol=lf

.gitignore

@@ -0,0 +1 @@
+.idea/*

README.adoc

@@ -10,51 +10,40 @@ endif::[]
 
 == About
 [.lead]
-This hotspot/tethering limitation bypass beats PDANet, FoxFi, NetShare, EasyTether, WiFi Tether Router, and sshuttle tunneling. Reasons being:
+This bypass method & tutorial compared to PDANet, FoxFi, NetShare, EasyTether, Wi-Fi Tether Router, and sshuttle tunneling:
 
-. Least amount or no speed reduction, is reliable, doesn't break apps/programs/software, and no increase in https://www.waveform.com/tools/bufferbloat[bufferbloat]/ping spikes.
+. Reliable with little to no speed reduction.
 
-. Works for as many client (tethered to) devices as possible. It's plug and play after setup.
-** This means no programs are required to be installed on client devices.
+. Plug and play, other devices don't need to install apps to have internet.
 
-. Difficult for telecoms to prove intentional bypassing of their tethering detections.
+. Bypasses service specific throttling such as limited video quality on YouTube or other streaming services, and censorship.
+** Other devices have to install an app for this goal, it's unavoidable.
 
-. Optionally can fully bypass DPI (Deep Packet Inspection); used to throttle & tamper with sites such as Netflix or YouTube by limiting video quality, and sometimes censorship.
-** A good VPN provider is required for this goal.
-
-== Requirements
-* A rooted Android 5.0 or newer device with an active SIM card or eSIM.
-** Android 4.4.4 is compatible if Magisk v20.4 or up to v22.0 is used.
-
-
-== Requirements can't be met
-* Get an unlocked Google Pixel phone that support all radio bands of your telecom.
-** Use https://www.kimovil.com/en/[Kimovil] to check radio band support. Note that the same phone from different countries have different bands supported.
-** The recommendation is an unlocked https://swappa.com/listings/google-pixel-4a-5g/unlocked[Pixel 4a (5G)] for $100 USD from https://swappa.com/vs/ebay[Swappa instead of Ebay].
+This guide is tested from an unlocked US https://swappa.com/listings/google-pixel-4a-5g/unlocked[Pixel 4a 5G], it can be had for ~$110.
 
 
 == Preparation
-
 . https://topjohnwu.github.io/Magisk/[Install Magisk]; read "Getting Started", then "Patching Images".
 
 . Install the following apps:
 
-* The https://f-droid.org/en/packages/com.termux/[Termux] terminal emulator from F-Droid only (https://wiki.termux.com/wiki/Termux_Google_Play[why?]).
+* A https://f-droid.org/repo/jackpal.androidterm_72.apk[terminal emulator]; for that app make sure to allow all the permissions it asked for.
 
-* https://apkpure.com/network-signal-guru/com.qtrun.QuickTest[Network Signal Guru] for its band locking, helps maintain reliable speeds, and/or avoid congested bands for higher speeds.
+* https://apkpure.com/network-signal-guru/com.qtrun.QuickTest[Network Signal Guru] for its radio band locking to maintain and increase network speeds.
 
 * https://github.com/AdAway/AdAway/releases[AdAway] to block Network Signal Guru's advertising.
 ** AdAway requires you to enable "Systemless Hosts" in Magisk's settings.
 
-=== A custom kernel with "xt_HL.ko" support
-.Testing if "xt_HL.ko" (netfilter's TTL/HL packet mangling) is present:
-. Run Termux.
+* https://apkpure.com/netmonster/cz.mroczis.netmonster[NetMonster] for its network monitoring. Without it, you are practically blind to what LTE or 5G bands are used, and what the various signal strengths are; this is very useful information.
+
+
+=== Testing mangling support
+. Open a terminal emulator.
 . `$ su`
 . `# iptables -t mangle -A POSTROUTING -o null -j TTL --ttl-inc 1; ip6tables -t mangle -A POSTROUTING -o null -j HL --hl-inc 1`
-** If there's no output, skip downloading and installing a custom kernel as there's already "xt_HL.ko" support.
+** No output is good/desired. If this is the case, link:#skip-ahead[skip ahead] to blocking Android snitching, and spoofing TTL & HL.
 
 === Downloading a suitable custom kernel
-
 NOTE: The listed kernels include the BBR or BBRv2 TCP congestion control algorithm to https://web.archive.org/web/20220313173158/http://web.archive.org/screenshot/https://docs.google.com/spreadsheets/d/1I1NcVVbuC7aq4nGalYxMNz9pgS9OLKcFHssIBlj9xXI[help maintain speeds over bad network conditions].
 
 |===
@@ -69,16 +58,18 @@ Use these search terms on the https://forum.xda-developers.com/search/[XDA Forum
 
 
 === Installing a custom kernel
-. Install https://github.com/SmartPack/BusyBox-Installer/releases[BusyBox Installer], then run it.
-. Install https://github.com/libxzr/HorizonKernelFlasher/releases[Horizon Kernel Flasher], run it, then point it to the ZIP containing the custom kernel.
-
+. Download the https://github.com/Magisk-Modules-Alt-Repo/BuiltIn-BusyBox/releases[Built-In BusyBox] Magisk module.
+. Open Magisk -> Modules -> Install from storage -> Select the module ZIP that was downloaded.
+. Reboot.
+. Install https://github.com/libxzr/HorizonKernelFlasher/releases[Horizon Kernel Flasher], open it, then point it to the ZIP containing the custom kernel.
 
-== 1. Blocking Android snitching, and spoofing TTL & HL
 
-. Download our https://github.com/felikcat/unlimited-hotspot/releases/download/v1/unlimited_hotspot_v1.zip[Unlimited Hotspot] Magisk module.
-. Open Magisk -> Modules -> Install from storage -> Select the "unlimited_hotspot_v1.zip" that was downloaded.
+== [[skip-ahead]]1. Blocking Android snitching, and spoofing TTL & HL
+. Download our https://github.com/felikcat/unlimited-hotspot/releases/download/v5/unlimited-hotspot-v5.zip[Unlimited Hotspot] Magisk module.
+. Open Magisk -> Modules -> Install from storage -> Select the "unlimited-hotspot-v5.zip" that was downloaded.
 . Reboot.
 
+
 [.lead] 
 For routers to also be plug and play, additional steps are required:
 
@@ -96,18 +87,10 @@ For routers to also be plug and play, additional steps are required:
 [source, shell]
 ----
 #!/bin/sh
-# Martineau wrote this script:
-# https://www.snbforums.com/threads/wan-start-script-also-run-on-wan-stop.61295/#post-542636
-#
-#   v384.15 Introduced wan-event script, (wan-start will be deprecated in a future release.)
-#
-#          wan-event      {0 | 1} {stopping | stopped | disconnected | init | connecting | connected}
-#
 # shellcheck disable=SC2068
 Say() {
   printf '%s%s' "$$" "$@" | logger -st "($(basename "$0"))"
 }
-#========================================================================================================================================
 WAN_IF=$1
 WAN_STATE=$2
 
@@ -133,9 +116,7 @@ fi
 #!/bin/sh
 
 # HACK: Not sure what to check for exactly; do it too early and the TTL & HL won't get set.
-sleep 5s
-
-modprobe xt_HL; wait
+sleep 5s; modprobe xt_HL; wait
 
 # Removes these iptables entries if present; only removes once, so if the same entry is present twice (script assumes this never happens), it would need to be removed twice.
 iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2
@@ -143,16 +124,16 @@ iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2
 ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
 ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2
 
-# Bypass TTL & HL detections for hotspot/tethering.
+# TTL & HL hotspot detection bypass.
 ## Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).
-iptables -t mangle -I PREROUTING -i usb+ -j TTL --ttl-inc 2
+iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2
 iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2
-ip6tables -t mangle -I PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
+ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
 ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2
 ----
-Have to set permissions correctly to avoid this: `custom_script: Found wan-event, but script is not set executable!` +
-`# chmod a+rx /jffs/scripts/*` +
-`# reboot`
+TIP: Set permissions correctly to avoid this: `custom_script: Found wan-event, but script is not set executable!` +
+1. `# chmod a+rx /jffs/scripts/*` +
+2. `# reboot`
 
 ___
 ====
@@ -172,11 +153,11 @@ iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2
 ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
 ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2
 
-# Bypass TTL & HL detections for hotspot/tethering.
+# TTL & HL hotspot detection bypass.
 ## Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).
-iptables -t mangle -I PREROUTING -i usb+ -j TTL --ttl-inc 2
+iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2
 iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2
-ip6tables -t mangle -I PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
+ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
 ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2
 ----
 
@@ -184,59 +165,63 @@ ___
 ====
 
 
-== 2. Check TTL & HL
+== 2. Confirm the tethering is un-throttled
+TIP: After enabling USB tethering, enable "Data Saver". This tells Android to restrict data to USB tethering and what app is at the forefront only.
 
-Do this for both the tethering device, and the devices being tethered to.
+. Use https://fast.com[Netflix's Speedtest], then compare that result to https://www.waveform.com/tools/bufferbloat[Waveform's Bufferbloat Test]. +
+This tests for throttling of streaming servers (Netflix), various forms of data fingerprinting, and tethering/hotspot detections.
+. If Netflix is throttled, use the https://github.com/krlvm/PowerTunnel[PowerTunnel] app on the client/tethered to device with its LibertyTunnel addon enabled, and test again.
 
-* If the TTL and/or HL isn't exactly the same as the tethering device, then modify the `ttl-inc` and `hl-inc` to match.
-** inc = increment, dec = decrement; `ttl-inc 2` adds to the TTL by 2, `ttl-dec 1` subtracts the TTL by 1.
 
-* IPv4/TTL: `$ ping -4 bing.com`
-** For Android & macOS: `$ ping bing.com` 
-* IPv6/HL: `$ ping -6 bing.com`
-** For Android & macOS: `$ ping6 bing.com`
+== 3. Getting better internet speeds
+. Search for "Roaming" in the Settings app, then disable Roaming.
+** Roaming to a different telecom usually means unavoidable throttling.
+*** For example, T-Mobile USA's agreement with AT&T allow the usage of AT&T towers, but only up to 250kbps download & upload speeds is allowed while roaming on AT&T's network.
+. Use Network Signal Guru to set the allowed LTE bands to only the "LTE 4x4 Bands" listed on https://cacombos.com/device/G025E[cacombos.com] for your device.
 
 
-== 3. Using a VPN to bypass DPI-based throttling, shaping, and censorship
+== This guide doesn't work, or goes from fast to inexplicably slow
+[.lead]
+Using a VPN is likely the missing puzzle piece. +
+VPNs bypass DPI firewalls, they will not increase privacy.
+
 
-.Least shady free VPNs; not recommended.
+.Least shady free VPNs; try before any paid VPNs.
 [%collapsible]
 ====
 
-* Ordered from best to worst:
-. https://cloudflarewarp.com/[Cloudflare WARP] (never torrent on this). +
-You can get the https://github.com/TheCaduceus/WARP-UNLIMITED-ADVANCED[paid WARP+ for free], in which the "Railway App" method is recommended.
+. https://protonvpn.com/free-vpn/[ProtonVPN Free]
 
 . https://cryptostorm.is/cryptofree[Cryptofree]
 ** Using their free WireGuard server is recommended.
 
-. https://protonvpn.com/free-vpn/[ProtonVPN Free]
+. https://cloudflarewarp.com/[Cloudflare WARP] (never torrent on this). +
+You can get the https://github.com/TheCaduceus/WARP-UNLIMITED-ADVANCED[paid WARP+ for free].
 
+___
 ====
 
 
-.Open-source VPN protocol comparison; what is suitable for your situation.
+.Recommendations and requirements for a good paid VPN provider.
 [%collapsible]
 ====
-* *WireGuard*, the fastest on reliable internet; easily detected by DPI firewalls.
-* *IKEv2/IPSec*, sometimes faster than WireGuard on unreliable internet. Depending on the VPN provider, IKEv2 can either be resistant to DPI firewalls (hide.me's implementation), or not at all.
-* *SoftEther*, bypasses DPI firewalls easily with good speeds in general, but is more complicated to set up for non-Windows OSes.
-* *OpenVPN3*, resistant to DPI firewalls if tls-crypt is used alongside port 443; China, Iran, and Egypt require OpenVPN over SSL which further reduces speeds. This protocol isn't efficient and has bufferbloat issues.
 
-====
+*The recommendations*
 
+* United States citizens: https://www.privateinternetaccess.com/vpn-server[Private Internet Access]. Has a server in every single US state, and an optional dedicated IP addon if streaming services (Netflix, Hulu, Amazon Prime, etc.) must always work.
+* The fastest, but with a limited selection of servers for the United States: https://hide.me/en/network[hide.me].
+* Strong emphasis on ethics: https://mullvad.net/en/servers[Mullvad], https://www.cryptostorm.is/uptime[Cryptostorm], https://airvpn.org/status/[AirVPN].
 
-.Requirements for a good paid VPN provider.
-[%collapsible]
-====
 
-NOTE: TorGuard is the overall gold standard for other VPNs to follow as of 23 January 2023, except for their buggy Windows program. hide.me has the best Windows program at the moment.
+*The requirements*
+
+. Network locking in their VPN software is reliable; very important to stay under the telecom's radar regarding "OS fingerprinting".
 
 . Show which servers are geolocated/virtual (fake location) servers, or have none.
 
 . Addon available (or included) for a dedicated/static/streaming IP, to get around streaming service blocks, and other websites using anti-VPN services such as https://blocked.com.
 
-. P2P/http://www.bittorrent.org/introduction.html[BitTorrent protocol] isn't blocked on all servers.
+. P2P/ http://www.bittorrent.org/introduction.html[BitTorrent protocol] isn't blocked on all servers.
 ** If all servers have this protocol unblocked, it will narrow down the amount of hosting services that VPN provider can use. +
 This means higher ping/latency for some ISPs/telecoms; low latency is important for online gaming and video conferencing, among others.
 
@@ -256,57 +241,54 @@ This means higher ping/latency for some ISPs/telecoms; low latency is important
 ** The most problematic: Android TV, iOS/iPadOS, and Linux (especially distros not based on Ubuntu or Fedora).
 *** Linux support for most VPNs lack a graphical interface, and lack features included in their Windows and/or macOS VPN software.
 
+TIP: https://web.archive.org/web/20220929090559/https://thatoneprivacysite.xyz/choosing-the-best-vpn-for-you/[An archive of "That One Privacy Site"], dated 19th December 2019. +
+Use it as a second opinion on what justifies a good paid VPN provider.
+
+___
 ====
 
 
-.Finding honest VPN reviews or information.
+.If the VPN can't connect.
 [%collapsible]
 ====
 
-. https://youtube.com/channel/UCXJWKuGh0qedrYviGEJmlWw[Tom Spark's Reviews] on YouTube, or directly at his https://www.vpntierlist.com/[VPN Tier List] website.
-
-. https://restoreprivacy.com/vpn/best/[RestorePrivacy].
+. Check if IPv4 or IPv6 is being used to reach the VPN server.
+** For T-Mobile, connecting through IPv6 may be required.
+. If the VPN still can't connect, try each supported protocol in this order:
+** WireGuard -> IKEv2/IPSec -> SoftEther -> OpenVPN (UDP, port 443) -> OpenVPN (TCP, port 443) -> OpenVPN over SSL (TCP, port 443)
 
-. https://web.archive.org/web/20220929090559/https://thatoneprivacysite.xyz/choosing-the-best-vpn-for-you/[An archive of "That One Privacy Site"], dated 19th December 2019. +
-Use it as a second opinion for what justifies a good paid VPN provider.
+[.lead]
+Reasoning for each open-source VPN protocol choice:
 
-TIP: Many VPN review websites and videos are dishonest, as Kape Technologies owns many popular VPN review websites to unfairly promote their products as the "best". +
-https://restoreprivacy.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/
+* *WireGuard*: fastest on reliable internet; easily blockable by DPI firewalls.
+* *IKEv2/IPSec*: sometimes faster than WireGuard on unreliable internet. Depending on the VPN provider, IKEv2 can either be resistant to DPI firewalls (hide.me's implementation), or not at all.
+* *SoftEther*: bypasses most DPI firewalls with good speeds in general, but is more complicated to set up for non-Windows OSes.
+* *OpenVPN3*: resistant to DPI firewalls if tls-crypt is used alongside port 443; China, Iran, and Egypt require OpenVPN over SSL which further reduce speeds. This protocol isn't efficient and has latency issues.
 
+___
 ====
 
 
-== 4. Confirm the tethering is un-throttled
-
-NOTE: Enable "Data Saver" while USB tethering. This tells Android to restrict data to USB tethering and what app is at the forefront only.
-
-WARNING: If Wi-Fi or Bluetooth tethering is used, Android will forcefully disable "Data Saver".
-
-. Disconnect from the VPN.
-. Use https://fast.com[Netflix's Speedtest], then after that's complete use https://www.waveform.com/tools/bufferbloat[Waveform's Bufferbloat Test]. +
-This will test for throttling of streaming servers (Netflix), various forms of data fingerprinting, and tethering/hotspot detections.
-. Connect to a VPN on the tethered-to (client) device, then repeat the above step.
-
-. Optionally, speedtest again after installing https://github.com/tytydraco/KTweak-Android-App/releases[KTweak] and applying its "throughput" profile.
-
-=== If the VPN can't connect:
-. First check if IPv4 or IPv6 is being used to reach the VPN server.
-** For T-Mobile, connecting through IPv6 may be required.
-. If the VPN still can't connect, try each supported protocol in this order:
-** WireGuard -> IKEv2/IPSec -> SoftEther -> AnyConnect [TorGuard only] -> OpenVPN (UDP, port 443) -> OpenVPN (TCP, port 443) -> OpenVPN over SSL (TCP, port 443)
-
-
 == Appendices
 
-.Learning resources used
+.Resources used
 [%collapsible]
 ====
 
+[.lead]
+Learning
+
 . https://archive.org/download/p173_20220313/p173.pdf
 . https://archive.org/download/technology-showcase-policy-control-for-connected-and-tethered-devices/technology-showcase-policy-control-for-connected-and-tethered-devices.pdf
 . https://archive.org/download/geneva_ccs19/geneva_ccs19.pdf
 . Random XDA forums posts and threads to accumulate personal experiences with hotspot/tethering bypass attempts.
 
+[.lead]
+Third-party scripts
+
+. `/jffs/scripts/wan-event` used for Asuswrt-Merlin is a refined version of https://www.snbforums.com/threads/wan-start-script-also-run-on-wan-stop.61295/#post-542636[this script].
+
+___
 ====
 
 *You've reached the end of this guide.* Star it if you liked it.

module.prop

@@ -1,7 +1,7 @@
 id=unlimited-hotspot
 name=Unlimited Hotspot
-version=v2
-versionCode=2
+version=v5
+versionCode=5
 author=felikcat
 description=https://github.com/felikcat/unlimited-hotspot
 updateJson=https://raw.githubusercontent.com/felikcat/unlimited-hotspot/master/update.json

post-fs-data.sh

@@ -1,6 +0,0 @@
-#!/system/bin/sh
-MODDIR=${0%/*}
-
-# Block Android from inserting 'dun' into the APN.
-# Yet another way Android shows the telecom that tethering is enabled.
-settings put global tether_dun_required 0

service.sh

@@ -1,19 +1,64 @@
 #!/system/bin/sh
-MODDIR=${0%/*}
-
-# Failsafe: Incase these iptables entries were already present, remove them once.
-for INTERFACE in "v4-rmnet_data+" "wlan1" "bt-pan"; do
-    iptables -t mangle -D PREROUTING -i $INTERFACE -j TTL --ttl-inc 1
-    iptables -t mangle -D POSTROUTING -o $INTERFACE -j TTL --ttl-inc 1
-    ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i $INTERFACE -j HL --hl-inc 1
-    ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o $INTERFACE -j HL --hl-inc 1
+
+# Write pending (memory) cached data to disk as a precaution before applying any changes.
+sync
+
+# resetprop (without -n) = deletes a property then modifies it, this forces property_service to update that property immediately.
+# Don't automatically insert 'dun' into the APN,
+# which would persistently tell the telecom that tethering was used.
+# At that point, only after a reboot and not getting 'dun' added again would mask it.
+resetprop -v tether_dun_required 0
+
+# Tethering hardware acceleration causes latency issues on the Pixel 4a (5G).
+resetprop -v tether_offload_disabled 1
+
+# Don't tell the telecom to check if tethering is even allowed for your data plan.
+resetprop -v net.tethering.noprovisioning true
+resetprop -v tether_entitlement_check_state 0
+
+# Don't apply iptables rules until Android has fully booted.
+until [ "$(getprop sys.boot_completed)" -eq 1 ] && [ -d "/sdcard" ]; do
+    sleep 3
 done
 
 # Bypass TTL/HL detections for only Tether device (server) -> Tethered To devices (client).
 # WARNING: Routers (as the client) require their own TTL/HL increment script.
-for INTERFACE in "v4-rmnet_data+" "wlan1" "bt-pan"; do
-    iptables -t mangle -I PREROUTING -i $INTERFACE -j TTL --ttl-inc 1
+# Tethering interfaces -> rndis0: USB, wlan1: Wi-Fi, bt-pan: Bluetooth.
+# -A: last rule in chain, -I: "head"/first rule (by default) in chain.
+for INTERFACE in "rndis0" "wlan1" "bt-pan"; do
+    iptables -t mangle -A PREROUTING -i $INTERFACE -j TTL --ttl-inc 1
     iptables -t mangle -I POSTROUTING -o $INTERFACE -j TTL --ttl-inc 1
-    ip6tables -t mangle -I PREROUTING ! -p icmpv6 -i $INTERFACE -j HL --hl-inc 1
+    ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i $INTERFACE -j HL --hl-inc 1
     ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o $INTERFACE -j HL --hl-inc 1
 done
+
+# == Network optimizations ==
+
+# Disabling ICMP echo replies breaks PMTUD, leading to worsened packet fragmentation.
+write /proc/sys/net/ipv4/icmp_echo_ignore_all 0
+write /proc/sys/net/ipv6/icmp/echo_ignore_all 0
+
+# TCP acknowledgements help with lossy connections.
+write /proc/sys/net/ipv4/tcp_sack 1
+write /proc/sys/net/ipv4/tcp_dsack 1
+write /proc/sys/net/ipv4/tcp_fack 1
+
+# Ensure MTU is valid to prevent stuck connection(s); very useful on misconfigured networks:
+# https://blog.cloudflare.com/path-mtu-discovery-in-practice/
+write /proc/sys/net/ipv4/tcp_mtu_probing 1
+
+# iOS 11 forced telecoms to implement full support for TCP ECN.
+write /proc/sys/net/ipv4/tcp_ecn 1
+
+# Protects against wrapped TCP sequence numbers, as they cause more packet retransmissions during packet loss conditions.
+write /proc/sys/net/ipv4/tcp_timestamps 1
+
+# At 1: Violates TCP standards and can cause unpredictable network performance.
+write /proc/sys/net/ipv4/tcp_syncookies 0
+
+# Enables TCP Fast Open (RFC7413) for both requesting (client) and sending (server).
+write /proc/sys/net/ipv4/tcp_fastopen 3
+
+# == END ==
+
+exit 0

system.prop

@@ -1,3 +0,0 @@
-# Deny alerting the telecom to check if tethering is allowed for this device.
-net.tethering.noprovisioning=true
-tether_entitlement_check_state=0

update.json

@@ -1,6 +1,6 @@
 {
-    "version": "v2",
-    "versionCode": 2,
-    "zipUrl": "https://github.com/felikcat/unlimited-hotspot/releases/download/v2/unlimited_hotspot_v2.zip",
-    "changelog": "Thank you for using the unlimited hotspot module!"
+    "version": "v5",
+    "versionCode": 5,
+    "zipUrl": "https://github.com/felikcat/unlimited-hotspot/releases/download/v5/unlimited-hotspot-v5.zip",
+    "changelog": "Thank you for using the unlimited hotspot module by felikcat!"
 }