You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9e3ad8f179 | 3 years ago | |
---|---|---|
.gitattributes | 3 years ago | |
LICENSE | 3 years ago | |
README.adoc | 3 years ago |
README.adoc
:experimental: ifdef::env-github[] :icons: :tip-caption: :bulb: :note-caption: :information_source: :important-caption: :heavy_exclamation_mark: :caution-caption: :fire: :warning-caption: :warning: endif::[] == About Artifical restrictions placed on tethering make it difficult to work from home for those not fortunate to have a high-speed ISP * Your mobile provider cannot: ** Entirely prove this method (link:https://github.com/RiFi2k/unlimited-tethering[among some others]) is being used * Your mobile provider can (if no VPN, or Tor, or I2P, or proxy is used): ** Check for specific domains being connected to that only a Windows PC would connect to, but not an Android phone, to assume the current month is all tethered traffic ** Using link:https://en.wikipedia.org/wiki/Deep_packet_inspection[DPI software], traffic can be shaped/tampered/manipulated/throttled based on certain criteria(s), such as Video Streaming (making YouTube videos or Netflix buffer more, some like T-Mobile force lower video quality) A paid VPN is recommended since it's easy to route all traffic through it, and shouldn't reduce speeds (if the VPN connection is on a device with link:https://en.wikipedia.org/wiki/AES_instruction_set#x86_architecture_processors[AES-NI support]) WARNING: VPNs don't grant privacy, Tor and I2P do; these can easily be used alongside a VPN if desired + For this guide, VPNs are used for the intention of hiding traffic from your mobile provider, and ensuring web content isn't blocked + *`Ultimately, usage of a VPN is optional`* ___ .Good paid VPN providers do the following: * Transparent communication, and all software used is open-source * Use only dedicated/physical/bare metal servers (faster and more secure than virtual servers, called "VPS" or "VDS") * Servers are only located in countries with lots of transit capability (for South America, is only Brazil) * No fake server locations (unless for streaming purposes on specific domains/websites, and is stated as such) * All server locations allow all forms of traffic except outbound port 25 (to prevent email spam abuse) * Word of mouth advertising; not shoved in your face by sponsored YouTube videos and Google Ads * VPN's company is not based in a tax haven country; tax haven = profitability is heavily considered, meaning they'd likely sell your data to earn more profit * Ability to link:https://airvpn.org/faq/port_forwarding/[select ports to forward] (not just a randomized port on connection, as is the case with PIA/Private Internet Access) For your own research, avoid all websites recommending VPNs under the parent company "Kape Technologies": https://restoreprivacy.com/private-internet-access-kape-crossrider/ * Recommendations: . link:https://airvpn.org[AirVPN] | link:https://airvpn.dev[AirVPN #2] | link:http://airvpn3epnw2fnsbx5x2ppzjs6vxtdarldas7wjyqvhscj7x43fxylqd.onion[AirVPN via Tor] . link:https://mullvad.net[Mullvad] | link:http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion[Mullvad via Tor] . Cryptostorm (best at bypassing VPN blocking due to competitors not having the "port striping" feature, which is link:https://archive.is/6LyZf[documented] on how it's done) . link:https://www.ovpn.com[OVPN] TIP: Trust-worthy free VPN providers, but have slow network speeds: + 1. link:https://riseup.net/en/vpn[Riseup] | link:http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/en/vpn[Riseup via Tor] + 2. link:https://cryptostorm.is/wireguard[Cryptostorm] | link:http://kzaeunogz6s75ptgy6ifjzwwy75xdfenenswvrczd7mewxgrad5a.b32.i2p/[Cryptostorm via I2P] (I2P > Tor when available) | link:http://stormwayszuh4juycoy4kwoww5gvcu2c4tdtpkup667pdwe4qenzwayd.onion/wireguard[Cryptostorm via Tor] [quote, Cryptostorm blog, https://cryptostorm.is/blog/wireguard-support-added ] "Our free WireGuard server works the same as our "Cryptofree" service: bandwidth is throttled to roughly 160kbps down, 130kbps up. Not fast enough to watch any HD videos, but plenty of bandwidth for sending an email, browsing a website, IRC, etc." == Requirements * Magisk, and by that accord *root*; link:https://github.com/ghost-420/Ez_Magisk[installing Magisk (via recovery)] * link:https://github.com/Magisk-Modules-Repo/MagiskHidePropsConf#installation[MagiskHide Props Config] module installed * The link:https://f-droid.org/en/packages/com.termux/[Termux] terminal emulator (link:https://wiki.termux.com/wiki/Termux_Google_Play[from F-Droid only]) * link:https://f-droid.org/en/packages/dev.ukanth.ufirewall/[AFWall+ from F-Droid] * Install Busybox Magisk module . Magisk -> Modules (puzzle piece icon) . Search for 'busybox' to find "Busybox for Android NDK", then install it == Recommended/optional * Access to a VPN provider that respects its users (no traffic shaping) * Google Play Store, alternatively through link:https://gitlab.com/AuroraOSS/AuroraStore/-/releases[Aurora Store] * link:https://play.google.com/store/apps/details?id=com.draco.ktweak[KTweak for higher network speeds], using its 'throughput' profile * Kernel with the "xt_HL.ko" module (netfilter's TTL packet mangling) enabled ** Known kernels with support (and seem high-quality): *** Freak07's link:https://forum.xda-developers.com/t/kernel-23-07-2021-android-11-kirisakura-1-1-8-for-asus-zenfone-8-aka-sake.4295287/[Kirisakura] for ASUS ZenFone 8 *** kdrag0n's link:https://forum.xda-developers.com/t/kernel-pixel-5-proton-kernel.4194683/[ProtonKernel] for Pixel 4a 5G/Pixel 5 *** kristofpetho's link:https://forum.xda-developers.com/t/kernel-oos-omega-kernel-oos11-august-7-2021.4271027/[Omega Kernel] for OnePlus 9 Pro NOTE: Search terms to use on link:https://forum.xda-developers.com/search/[XDA Forums] to find other kernels with "xt_HL.ko" support: + TTL spoofing + TTL target + IPtables TTL + TTL/HL target + TTL module + NOTE: Testing "xt_HL.ko" support: + 1. Launch Termux + 2. ``su`` + 3. ``iptables -t mangle -A POSTROUTING -o wlan+ -j TTL --ttl-set 64;ip6tables -t mangle -A POSTROUTING -o wlan+ -j HL --hl-set 64`` + TIP: If your preferred custom kernel does not support `--ttl-set` and `--hl-set`, inform them of this repository + For kernel tweakers: link:https://web.archive.org/web/20210423030541/https://forum.xda-developers.com/t/magisk-stock-bypass-tether-restrictions.4262265/[an aid with enabling "xt_HL.ko" support through Magisk] == 1. Configure props NOTE: ↵ is the kbd:[Enter / Return] key . Launch Termux . ``su`` . ``settings delete system tether_entitlement_check_state;settings delete global tether_dun_required`` . ``props`` ** "Select an option below." -> "Add/edit custom props" kbd:[4 ↵] ** Select "New custom prop" with kbd:[n ↵] *** `net.tethering.noprovisioning` kbd:[↵] -> kbd:[true ↵] -> kbd:[y ↵] **** "Do you want to reboot now?" kbd:[n ↵] ** Select "New custom prop" with kbd:[n ↵] *** `tether_entitlement_check_state` kbd:[↵] -> kbd:[0 ↵] -> kbd:[y ↵] **** "Do you want to reboot now?" kbd:[n ↵] ** Select "New custom prop" with kbd:[n ↵] *** `tether_dun_required` kbd:[↵] -> kbd:[0 ↵] -> kbd:[y ↵] **** "Do you want to reboot now?" -> kbd:[y ↵] == 2. Adjust TTL & HL .Alternative method for kernels with no "xt_HL.ko" support [%collapsible] ==== . Install link:https://play.google.com/store/apps/details?id=org.segin.ttleditor[TTL Editor] . Open TTL Editor . Check "Apply to all network interfaces using /proc" . Press OK to the side of "Set new TTL" to apply a chosen TTL, likely 64 NOTE: TTL changes reset on reboot/shut down/boot with this method ==== ___ . Open AFWall+ -> 3 vertical dots (hamburger menu) -> Preferences - UI Preferences ** Confirm AFWall+ disable -> Enabled - Binaries ** Iptables binary -> System iptables ** BusyBox binary -> System BusyBox . Open AFWall+ -> 3 vertical dots (hamburger menu) -> Set custom script . Put in "Enter custom script below" //// Blanket setting \*rmnet* might be a bad idea? + rndis* is specific to USB tethering; \*rmnet* still has business with USB tethering, along with all other tether types //// [source] ---- iptables -t mangle -A POSTROUTING -o +rmnet+ -j TTL --ttl-set 64 iptables -t mangle -A POSTROUTING -o rndis+ -j TTL --ttl-set 64 ip6tables -t mangle -A POSTROUTING -o +rmnet+ -j HL --hl-set 64 ip6tables -t mangle -A POSTROUTING -o rndis+ -j HL --hl-set 64 ---- == 3. Test TTL & HL change on the tethered device NOTE: kbd:[CTRL + C] to stop pinging at any time * IPv4/TTL/iptables: `ping -4 gnu.org` * IPv6/HL/ip6tables: `ping -6 gnu.org` If the TTL & HL is 64, you've successfully completed this guide TIP: If this works, then Star this repository! NOTE: If this didn't work, try link:https://github.com/RiFi2k/unlimited-tethering[RiFi2k's method]