Skip to content

Latest commit

 

History

History
350 lines (257 loc) · 14.6 KB

README.adoc

File metadata and controls

350 lines (257 loc) · 14.6 KB

About

This guide compared to others → PDANet, FoxFi, NetShare, EasyTether, Wi-Fi Tether Router, TetherMe, iTether, MyWi, iPhoneModem:

  1. Supports hotspots from Android phones & tablets, iOS, iPadOS, and Quectel modems.

  2. Methods used are all high performance and reliability, unlike SSH tunneling.

  3. Fully open-source and free of charge.

    • Exception: the non-jailbroken iOS and iPadOS method, not open-source — but is free of charge.

  4. On "unlimited" telecom plans, grants you unlimited data for hotspots.

  5. Moves past various types of throttling, such as limited video quality on YouTube or other streaming services.

1. Preparation / Hosting an unlimited hotspot

Quectel modems
🔥
Never spoof to an IMEI of a device you do not own, it’s illegal in the United States, and you will block the device of whoever uses it — but only if it’s on the same telecom.
Spoof the Quectel modem’s IMEI to a phone or tablet you own that has mobile data capability:
  • AT+EGMR=1,7,"The IMEI here"

Non-jailbroken iOS and iPadOS
  1. Install PairVPN from the App Store on the iOS or iPadOS device, and on the clients (such as a Windows laptop).

  2. Connect the client to your iOS/iPadOS device via its "Mobile Hotspot" or through USB tethering.

  3. Run PairVPN as a server on the iOS/iPadOS device, then use the PairVPN client on devices that connect to that server.

    • For as long as PairVPN is used, there won’t be hotspot data usage.

    • Enable "Share Location" so that PairVPN can run in the background at all times, and also allow PairVPN to send notifications.

Non-rooted Android
  1. Install TetherFi on the Android device.

  2. Open the TetherFi app.

  3. Configure the following in the "Hotspot" tab:

    • Broadcast frequency → 5GHz

    • Enable all: Wake Locks

    • Enable: Bind Proxy to All Interfaces

  4. Open the "How To" tab and follow its instructions.

Rooted Android
  1. Install Magisk.

    • For macOS, I recommend using Homebrew to install ADB using: brew install android-platform-tools.

    • When it says to "Copy the boot/init_boot/recovery image to your device", that image they’re asking for is located in the zip file for the OS you downloaded.

      • For the Google Pixel 7 Pro: Extract image-cheetah-ap3a.241105.007.zip, then extract bootloader-cheetah-cloudripper-15.0-11969070.img. Now there is an init_boot.img extracted which can be transferred over to the Pixel phone so you can use Magisk to patch it. Continue to follow the official instructions.

  2. Download the Unlimited Hotspot Magisk module.

  3. Open Magisk → Modules → Install from storage → Select the "unlimited-hotspot-v7.zip" that was downloaded.

  4. Reboot.

2. Moving past throttling

⚠️
If using the PairVPN method, VPNs cannot be used, only anti-DPI applications. The TetherFi method still allows for VPNs, but requires a VPN that can run off a proxy such as AirVPN.
ℹ️
AirVPN is useful if you require torrenting as it has comprehensive port forwarding support.
Mullvad generally has the fastest speeds.
Mysterium or ResiVPN is useful if you require residental IPs, or use streaming services that block VPNs.
- Mysterium is not as fast as AirVPN or Mullvad, while ResiVPN has a very limited selection of locations.
- Mysterium Dark lets you pay only by data usage, while Mysterium is a subscription model. _
💡
For every macOS or other OS device you use, you’d have to install PowerTunnel (or other anti-DPI application) on each; they do not have to be the same anti-DPI application.
Install anti-DPI applications, specific to each OS:
How to use PowerTunnel on macOS
  1. Make sure the latest PowerTunnel.jar is downloaded.

  2. Download the Adoptium installer and open it.

  3. After you got done installing Adoptium "Temurin", in Finder, Left Option + Right Click PowerTunnel.jar then click "Open".
    kbmagic

  4. settings powertunnel

Additional required steps

HTTPS "packet chunking" (also called TCP fragmentation) is required to bypass throttling.
  1. 480

  2. Use a low chunk size, such as "1":
    480

If using PowerTunnel and TetherFi (for non-rooted Android).
  1. Go to PowerTunnel, then click on "Options".

  2. Configure the upstream proxy server to match what TetherFi says to use. For my case, it was 192.168.49.1 with port 8228 for the HTTP/HTTPS protocol.

    • 480

macOS
  1. Download Unlimited Hotspot, then open unlimited-hotspot-main.zip in Finder to extract it.

  2. After extracted, open the "unlimited-hotspot-main" folder, then open its "macOS" folder.

  3. Open Terminal.

  4. Type sudo -i, enter your login password, then press Enter.

  5. Type cp then drag the set-ios-tcp-stack.sh file in, press Space, type in /var/root and press Enter.

  6. Type cp then drag the felikcat.set.ios.tcpstack.plist file in, press Space, type in /Library/LaunchDaemons and then press Enter.

  7. chmod +x /var/root/set-ios-tcp-stack.sh

  8. launchctl load -w /Library/LaunchDaemons/felikcat.set.ios.tcpstack.plist

Now we need to add three Packet Filter rules and enable PF.
  1. nano /etc/pf.conf

  2. Add the following three lines before nat-anchor:
    pf rules

  3. pfctl -f /etc/pf.conf then pfctl -e


Routers

For Quectel modems, or if the hotspot device is plugged into a router, then these steps are required:

Asuswrt-Merlin
  1. Advanced Settings - WAN → disable Extend the TTL value and Spoof LAN TTL value.

  2. Advanced Settings - Administration

    • Enable JFFS custom scripts and configs → "Yes"

    • Enable SSH → "LAN only"

  3. Replace the LAN IP and login name if needed: $ ssh 192.168.50.1 -l asus

    • Use other SSH clients if preferred, such as MobaXterm or Termius.

  4. # nano /jffs/scripts/wan-event

#!/bin/sh
# shellcheck disable=SC2068
Say() {
  printf '%s%s' "$$" "$@" | logger -st "($(basename "$0"))"
}
WAN_IF=$1
WAN_STATE=$2

# Call appropriate script based on script_type
SERVICE_SCRIPT_NAME="wan${WAN_IF}-${WAN_STATE}"
SERVICE_SCRIPT_LOG="/tmp/WAN${WAN_IF}_state"

# Execute and log script state
if [ -f "/jffs/scripts/${SERVICE_SCRIPT_NAME}" ]; then
  Say "     Script executing.. for wan-event: $SERVICE_SCRIPT_NAME"
  echo "$SERVICE_SCRIPT_NAME" >"$SERVICE_SCRIPT_LOG"
  sh /jffs/scripts/"${SERVICE_SCRIPT_NAME}" "$@"
else
  Say "     Script not defined for wan-event: $SERVICE_SCRIPT_NAME"
fi

##@Insert##

# nano /jffs/scripts/wan0-connected

#!/bin/sh

# HACK: I am unsure of what to check.
## Do this too early and the TTL & HL won't be set.
sleep 5s; modprobe xt_HL; wait

# Removes these iptables entries if present.
# WARNING: Only removes these entries once, and never assumes the same entries are present twice.
iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

# Move past TTL & HL hotspot detections.
## Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).
iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

Now, set permissions correctly to avoid this error: custom_script: Found wan-event, but script is not set executable!
# chmod a+rx /jffs/scripts/*
# reboot

GoldenOrb

Copy the following TTL settings:
firefox wsJ71hUwXh
firefox lnpySSfHOt

OpenWrt
  1. NetworkFirewallCustom Rules

# Removes these iptables entries if present; only removes once, so if the same entry is present twice (script assumes this never happens), it would need to be removed twice.
iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

# Move past TTL & HL hotspot detections.
## Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).
iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

3. Using dnscrypt2 to get past webpage blocks

💡
Unnecessary if using a VPN.

Installation instructions for other OSes, such as Windows, Linux, etc.

macOS
  1. Go to AirVPN’s IP Leak to see your current DNS servers. Save a screenshot of this page.

  2. Install Homebrew if you haven’t already.

  3. brew install dnscrypt-proxy

  4. Be sure to read the information Brew gives you after it’s done installing dnscrypt-proxy.

    • It is recommended to install dnscrypt-proxy’s service.

  5. Open Settings, go to Network, then click on the Network interface you are currently using; for me, that is "USB 10/100/1G/2.5G LAN".

  6. Click "Details…​"
    settings dnscrypt

  7. Go to DNS, press the Plus (+) button under "DNS Servers", then type in 127.0.0.1
    settings dnscrypt 2

  8. Go back to AirVPN’s IP Leak to see if the changes to your DNS servers is successful; compare it to your prior screenshot.

4. Confirm the hotspot is un-throttled

5. Improving internet speeds

Android only → Enable Data Saver:
  • This only works via USB, as it will block wireless hotspots.

    • Context: Data saver tells Android to restrict data to only the USB hotspot and which app is at the forefront.

Android & iOS/iPadOS & Quectel → Disable roaming:
  • Android & iOS: Search for "Roaming" in the Settings app, then disable it.

    • Context: Roaming to a different telecom usually has unavoidable throttling. Roaming kicks in when signal strength is either very poor or non-existent from your telecom. In T-Mobile USA’s case, they roam on AT&T with only up to 250kbps download & upload speeds on AT&T’s towers.

Android & iOS/iPadOS & Quectel → Switch cell tower providers specifically for problematic areas
  • Android: Settings → Network & internet → SIMs → Disable "Automatically select network"

  • iOS: Context → T-Mobile owns Sprint’s towers. For me, Sprint has consistently better speeds at my home.
    ios network selection

Rooted Android & Quectel → Using specific 4G, LTE, 5G NA, or 5G SA bands:
  • Rooted Android:

    1. Install NetMonster for its network monitoring. Without NetMonster, you are blind to what bands are used, and their signal strength.

    2. Install Network Signal Guru then use it to set the allowed LTE bands to only the "LTE 4x4 Bands" listed on cacombos.com for your device. This could stabilize your speeds, and can potentially increase speeds.

    3. If the ads bother you, enable Systemless Hosts in Magisk’s settings, then install AdAway and use its Root method; do not use its VPN method.

Android only → Disable "hotspot hardware acceleration" in the Settings app:
  • Only if you have high ping or ping spiking issues, otherwise leave it enabled.

Appendices

Learning resources

Third-party scripts

  1. /jffs/scripts/wan-event used for Asuswrt-Merlin is a refined version of this script.

You’ve reached the end of this guide. Star it if you liked it.


Donations

Tip the apps or programs you rely on, such as TetherFi for non-rooted Android devices; some like PowerTunnel don’t seem to take donations.