:experimental: ifdef::env-github[] :icons: :tip-caption: :bulb: :note-caption: :information_source: :important-caption: :heavy_exclamation_mark: :caution-caption: :fire: :warning-caption: :warning: endif::[] == Introduction This guide showcases the fastest and most reliable way of tethering on Android (both non-root and root), but is incompatible with many ROMs and kernels. + There are sections made within reason to make this guide compatible with more devices, with those being clearly defined as worse choices. WARNING: A rooted tethering device (Android phone likely) is faster and far more reliable than non-rooted devices with mobile data after finishing this guide. + Just ensure the rooted tethering device has no sensitive information, as root entirely breaks Android's security measures. . Check the bands the phone or tablet supports before proceeding, at: link:https://www.kimovil.com/[Kimovil] + If it doesn't support all of your telecom's bands, don't expect good results (for any guide). . Enabling "Data Saver" while tethering is recommended. Which should restrict data usage to tethering, and what app is at the forefront only. + ** Don't use Google Play Services or microG if possible, as they may ignore "Data Saver" completely. *** Those two apps can also slow the device down while also draining the device's battery heavily; this is more severe on older Android versions, and some ROMs deviating heavily from Google's AOSP. == Rooted requirements *1: link:https://topjohnwu.github.io/Magisk/[Install Magisk], then...* ** The link:https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf#installation[MagiskHide Props Config] module. ** The link:https://f-droid.org/en/packages/com.termux/[Termux] terminal emulator (link:https://wiki.termux.com/wiki/Termux_Google_Play[from F-Droid only]). *** If you are using an F-Droid app to download and install Termux, don't use the official F-Droid app, use link:https://github.com/Iamlooker/Droid-ify/releases[Droid-ify] instead. ** The Busybox Magisk module: . Magisk -> `Modules` (puzzle piece icon) . Search for 'busybox' to find "Busybox for Android NDK", then install it. *2: Install the following apps; if needed, use the link:https://gitlab.com/AuroraOSS/AuroraStore/-/releases[Aurora Store] app for installing apps on the Google Play Store.* * link:https://play.google.com/store/apps/details?id=com.draco.ktweak[KTweak for higher network speeds], using its "throughput" profile. * link:https://adaway.org/[AdAway to block Network Signal Guru's ads]. + Magisk's "Systemless Hosts" feature has to be enabled for AdAway to work. ** link:https://play.google.com/store/apps/details?id=com.qtrun.QuickTest[Network Signal Guru for band locking], which is required to maintain reliable speeds. *3: The kernel in use has the "xt_HL.ko" module built-in (netfilter's TTL packet mangling).* * High-quality kernels with "xt_HL.ko" support, that also use the BBR TCP congestion control algorithm (which link:https://docs.google.com/spreadsheets/d/1I1NcVVbuC7aq4nGalYxMNz9pgS9OLKcFHssIBlj9xXI/edit#gid=1926845420[greatly increases reliability]): ** kdrag0n's link:https://forum.xda-developers.com/search/member?user_id=7291478&content=thread[Proton Kernel]. ** Freak07's link:https://forum.xda-developers.com/search/member?user_id=3428502&content=thread[Kirisakura] kernel. NOTE: Search terms to use on link:https://forum.xda-developers.com/search/[XDA Forums] to find other kernels with "xt_HL.ko" support: + `TTL spoofing`, `TTL target`, `IPtables TTL`, `TTL/HL target`, `TTL module`. * Testing "xt_HL.ko" support: + . Launch Termux. + . `$ su` + . `# iptables -t mangle -A POSTROUTING -o wlan+ -j TTL --ttl-set 64` + . `# ip6tables -t mangle -A POSTROUTING -o wlan+ -j HL --hl-set 64` + ** If there's no output, the commands succeeded (kernel has "xt_HL.ko" support). TIP: If your preferred custom kernel does not support `--ttl-set` and `--hl-set`, inform them of this repository. + For kernel tweakers: link:https://web.archive.org/web/20210423030541/https://forum.xda-developers.com/t/magisk-stock-bypass-tether-restrictions.4262265/[an example of enabling "xt_HL.ko" support through Magisk]. == For non-rooted * *Using a ROM that explicitly stops Android from snitching is required:* *** https://github.com/GrapheneOS/platform_frameworks_base/commit/d4e03e77dd590e3ed89af8b72d5c09f875fc46b0 *** https://github.com/GrapheneOS/platform_build/commit/b22db418509758b781699898dc43c1c1d3a94999 * Caveats: ** Cell band locking is likely not possible; don't expect reliable stationary speeds. ** TTL detections have to be bypassed per device, or a router has to do it with one of the following firmwares: *** Asuswrt-Merlin: `WAN` -> enable `Extend the TTL value` and `Spoof LAN TTL value`. *** DD-WRT, Tomato, OpenWrt, or GoldenOrb (the best option for anything telecom related). == About telecoms (mobile providers/carriers) * Telecoms do know about these tricks, but the offensive (this guide) is much stronger than the defensive. ** Telecoms' defenses being: *** Using link:https://en.wikipedia.org/wiki/Deep_packet_inspection[DPI software] to detect and/or shape traffic based on certain criteria, such as Video Streaming (throttling YouTube and/or Netflix to force low video quality), which VPNs directly counter. **** If VPNs are pwned (blocked and/or throttled), try these protocols: IKEv2, SoftEther, then OpenVPN with tls-crypt (use TCP if UDP is pwned). *** Android and iOS telling the telecom that it's tethered/hotspot data. *** Checking the IMEI of the device to see if it's a phone/tablet or not. **** Sometimes blocking IMEIs (usually non-Sierra LTE modems like Quectel, but can be easily spoofed into an allowed IMEI anyway...) === VPNs A paid VPN is recommended as it's easy to route all traffic through it, and shouldn't reduce speeds if: * The protocol used is IKEv2 (fastest on unreliable links), or SoftEther (the best at bypassing DPI software, with good speeds). + ** WireGuard is fastest on not unreliable links, but is easily detected by DPI software. ** If the speeds are lower than expected on all protocols, connect to the VPN on a different device, specifically one with link:https://en.wikipedia.org/wiki/AES_instruction_set#x86_architecture_processors[AES-NI supported]. .Good paid VPN providers do the following [%collapsible] ==== . Transparent communication, and easily accessible forums or a Discord "guild". . Only bare-metal (dedicated) servers used, with no hard drives (RAM only). ** Bare-metal is faster and more secure than virtual servers ("VPS" / "VDS"). . State their geolocated (fake) server locations, or have none. . All server locations allow all traffic except outbound port 25. ** P2P should never be blocked, despite also being abuse-prone. . Ability to link:https://airvpn.org/faq/port_forwarding/[select ports to forward]; this heavily gauges if a VPN provider is worth your time, even if you never need port forwarding. ** AirVPN, hide.me, Mullvad, and TorGuard have the best implementations of port forwarding as of 31 December 2021. *** link:https://teddit.net/r/VPNTorrents/comments/oqnnrq/list_of_vpns_that_allow_portforwarding_2021/[List of VPNs that allow Port Forwarding]. ==== == 1. Start of the root-only guide: Configure props NOTE: For non-root, skip to *3.* . Launch Termux. . `$ su` . `# settings delete system tether_entitlement_check_state; settings delete global tether_dun_required` . `# props` ** "Select an option below." -> "Add/edit custom props" kbd:[4 ↵] ** Select "New custom prop" with kbd:[n ↵] *** `net.tethering.noprovisioning` kbd:[↵] -> kbd:[true ↵] -> kbd:[y ↵] **** "Do you want to reboot now?" kbd:[n ↵] ** Select "New custom prop" with kbd:[n ↵] *** `tether_entitlement_check_state` kbd:[↵] -> kbd:[0 ↵] -> kbd:[y ↵] **** "Do you want to reboot now?" kbd:[n ↵] ** Select "New custom prop" with kbd:[n ↵] *** `tether_dun_required` kbd:[↵] -> kbd:[0 ↵] -> kbd:[y ↵] **** "Do you want to reboot now?" -> kbd:[y ↵] == 2. Adjust TTL & HL * Getting the correct network interface(s); look for 'rmnet' and/or 'rndis' (example: "v4-rmnet_data2"). ** `$ netstat -i` .Termux:Boot [%collapsible] ==== * link:https://f-droid.org/en/packages/com.termux.boot/[Install Termux:Boot] and disable "battery optimizations" for Termux and Termux:Boot in your device's settings. * Make the script: . `$ mkdir -p ~/.termux/boot` . `$ cd ~/.termux/boot` . `$ nano set-tether-ttl.sh` NOTE: Replace "v4-rmnet_data2" with your network interface if it's different. [source, shell] ---- #!/data/data/com.termux/files/usr/bin/sh su -c "iptables -t mangle -A POSTROUTING -o v4-rmnet_data2 -j TTL --ttl-set 64 && \ ip6tables -t mangle -A POSTROUTING -o v4-rmnet_data2 -j HL --hl-set 64" ---- * Launch the script: ** `$ chmod +x set-tether-ttl.sh && sh set-tether-ttl.sh` *** Termux:Boot will automatically run set-tether-ttl.sh after startup/boot, though it will break if the interface name changes, which I cannot test nor know if this happens on Android, and if it does it may be specific to a ROM. ==== .AFWall+ (will not work on ROMs with their own Firewall app, such as CalyxOS) [%collapsible] ==== * link:https://github.com/ukanth/afwall#availability[Install AFWall+] . Open AFWall+ -> 3 vertical dots (hamburger menu) -> `Preferences` - `UI Preferences` ** `Confirm AFWall+ disable` -> Enabled - `Binaries` ** `Iptables binary` -> System iptables ** `BusyBox binary` -> System BusyBox . Open AFWall+ -> 3 vertical dots (hamburger menu) -> `Set custom script` . Put in "Enter custom script below": NOTE: Replace "v4-rmnet_data2" with your network interface if it's different [source] ---- iptables -t mangle -A POSTROUTING -o v4-rmnet_data2 -j TTL --ttl-set 64 ip6tables -t mangle -A POSTROUTING -o v4-rmnet_data2 -j HL --hl-set 64 ---- ==== .For kernels with no "xt_HL.ko" support; not recommended [%collapsible] ==== . Install then open link:https://play.google.com/store/apps/details?id=org.segin.ttleditor[TTL Editor]. . Check "Apply to all network interfaces using /proc"... ** Or specify a specific interface, "v4-rmnet_data2" being an example. . Press OK to the side of "Set new TTL" to apply a chosen TTL, likely 64. WARNING: TTL changes aren't persistent with this method, rebooting/shutdown will lose these changes until you apply them manually again. ==== == 3. Test TTL & HL change on the tethered device * IPv4 (test TTL): `$ ping -4 gnu.org` * IPv6 (test HL): `$ ping -6 gnu.org` If the TTL & HL is 64 (or what you know works for your telecom), then you've successfully completed this guide. TIP: If this works, then Star this repository! + - If this didn't work, try link:https://github.com/RiFi2k/unlimited-tethering[RiFi2k's guide]