felikcat / unlimited-hotspot

Remove speed restrictions on your hotspot internet (iOS, iPadOS, Android, Quectel), and allows hotspots on any plan (rooted Android & Quectel only).
Do What The F*ck You Want To Public License
127 stars 6 forks source link
android bypass-throttling cellphone data hotspot hotspot-wifi internet ios linux macos mobile phone qualcomm quectel tablet tether tethering unlimited unlimited-data windows

:experimental: :imagesdir: Pictures/ ifdef::env-github[] :icons: :tip-caption: :bulb: :note-caption: :information_source: :important-caption: :heavy_exclamation_mark: :caution-caption: :fire: :warning-caption: :warning: endif::[]

== About [.lead] This guide compared to others -> PDANet, FoxFi, NetShare, EasyTether, Wi-Fi Tether Router, TetherMe, iTether, MyWi, iPhoneModem:

. Supports hotspots from Android phones & tablets, iOS, iPadOS, and Quectel modems. . Methods used are all high performance and reliability, unlike SSH tunneling. . Fully open-source and free of charge.

== 1. Preparation / Hosting an unlimited hotspot

.Quectel modems [%collapsible]

CAUTION: Never spoof to an IMEI of a device you do not own, it's illegal in the United States, and you will block the device of whoever uses it -- but only if it's on the same telecom.

.Spoof the Quectel modem's IMEI to a phone or tablet you own that has mobile data capability:

====

.Non-jailbroken iOS and iPadOS [%collapsible]

. https://pairvpn.com/install[Install PairVPN] from the App Store on the iOS or iPadOS device, and on the clients (such as a Windows laptop).

. Connect the client to your iOS/iPadOS device via its "Mobile Hotspot" or through USB tethering.

. Run PairVPN as a server on the iOS/iPadOS device, then use the PairVPN client on devices that connect to that server.

====

.Non-rooted Android [%collapsible]

. https://github.com/pyamsoft/tetherfi#tetherfi[Install TetherFi] on the Android device.

. Open the TetherFi app.

. Configure the following in the "Hotspot" tab:

. Open the "How To" tab and follow its instructions.

====

.Rooted Android [%collapsible]

. https://topjohnwu.github.io/Magisk/[Install Magisk]; read "Getting Started", then "Patching Images".

. Download the https://github.com/felikcat/unlimited-hotspot/releases/download/v7/unlimited-hotspot-v7.zip[Unlimited Hotspot] Magisk module. . Open Magisk -> Modules -> Install from storage -> Select the "unlimited-hotspot-v7.zip" that was downloaded. . Reboot.

====

== 2. Moving past throttling

WARNING: If using the PairVPN or TetherFi method, VPNs cannot be used, only anti-DPI applications.

NOTE: https://airvpn.org/[AirVPN] is useful if you require torrenting as it has comprehensive port forwarding support. + https://www.mysteriumvpn.com/[Mysterium] or https://resivpn.com/[ResiVPN] is useful if you require residental IPs, or use streaming services that block VPNs. +

.Using https://mullvad.net[Mullvad VPN] instead of anti-DPI applications: . Click the Gear icon -> Enable IPv6


TIP: For every macOS device you use, you'd have to install PowerTunnel on each. Same applies for other OSes.

.Install anti-DPI applications, specific to each OS:

.How to use PowerTunnel on macOS [%collapsible]

. Make sure the https://github.com/krlvm/PowerTunnel/releases[latest PowerTunnel.jar] is downloaded.

. Download the https://adoptium.net/download/[Adoptium installer] and open it.

. After you got done installing Adoptium "Temurin", in Finder, kbd:[Left Option] + kbd:[Right Click] PowerTunnel.jar then click "Open". + image:kbmagic.jpeg[]

. image:settings_powertunnel.png[]

====

=== Additional required steps

.HTTPS "packet chunking" (also called TCP fragmentation) is required to bypass throttling. [%collapsible]

. image:PowerTunnel1.png[480,360] . Use a low chunk size, such as "1": + image:PowerTunnel2.png[480,360]

====

.If using PowerTunnel and TetherFi (for non-rooted Android). [%collapsible]

. Go to PowerTunnel, then click on "Options". . Configure the upstream proxy server to match what TetherFi says to use. For my case, it was 192.168.49.1 with port 8228 for the HTTP/HTTPS protocol.

====

.macOS [%collapsible]

. https://github.com/felikcat/unlimited-hotspot/archive/refs/heads/main.zip[Download Unlimited Hotspot], then open unlimited-hotspot-main.zip in Finder to extract it. . After extracted, open the "unlimited-hotspot-main" folder, then open its "macOS" folder. . Open Terminal.

. Type sudo -i, enter your login password, then press kbd:[Enter]. . Type cp then drag the set-ios-tcp-stack.sh file in, press kbd:[Space], type in /var/root and press kbd:[Enter]. . Type cp then drag the felikcat.set.ios.tcpstack.plist file in, press kbd:[Space], type in /Library/LaunchDaemons and then press kbd:[Enter]. . chmod +x /var/root/set-ios-tcp-stack.sh . launchctl load -w /Library/LaunchDaemons/felikcat.set.ios.tcpstack.plist

.Now we need to add three Packet Filter rules and enable PF. . nano /etc/pf.conf . Add the following three lines before nat-anchor: + image:pf_rules.png[] . pfctl -f /etc/pf.conf then pfctl -e

'''

=== Routers For Quectel modems, or if the hotspot device is plugged into a router, then these steps are required:

.Asuswrt-Merlin [%collapsible]

. Advanced Settings - WAN -> disable Extend the TTL value and Spoof LAN TTL value. . Advanced Settings - Administration

[source, shell]

!/bin/sh

shellcheck disable=SC2068

Say() { printf '%s%s' "$$" "$@" | logger -st "($(basename "$0"))" } WAN_IF=$1 WAN_STATE=$2

Call appropriate script based on script_type

SERVICE_SCRIPT_NAME="wan${WAN_IF}-${WAN_STATE}" SERVICE_SCRIPT_LOG="/tmp/WAN${WAN_IF}_state"

Execute and log script state

if [ -f "/jffs/scripts/${SERVICE_SCRIPT_NAME}" ]; then Say " Script executing.. for wan-event: $SERVICE_SCRIPT_NAME" echo "$SERVICE_SCRIPT_NAME" >"$SERVICE_SCRIPT_LOG" sh /jffs/scripts/"${SERVICE_SCRIPT_NAME}" "$@" else Say " Script not defined for wan-event: $SERVICE_SCRIPT_NAME" fi

@Insert


# nano /jffs/scripts/wan0-connected [source, shell]

!/bin/sh

HACK: I am unsure of what to check.

Do this too early and the TTL & HL won't be set.

sleep 5s; modprobe xt_HL; wait

Removes these iptables entries if present.

WARNING: Only removes these entries once, and never assumes the same entries are present twice.

iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

Move past TTL & HL hotspot detections.

Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).

iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

Now, set permissions correctly to avoid this error: custom_script: Found wan-event, but script is not set executable! + # chmod a+rx /jffs/scripts/* + # reboot

====

.GoldenOrb [%collapsible]

Copy the following TTL settings: + image:firefox_wsJ71hUwXh.png[] + image:firefox_lnpySSfHOt.png[]

====

.OpenWrt [%collapsible]

. Network -> Firewall -> Custom Rules [source, shell]

Removes these iptables entries if present; only removes once, so if the same entry is present twice (script assumes this never happens), it would need to be removed twice.

iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

Move past TTL & HL hotspot detections.

Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).

iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

====

== 3. Using dnscrypt2 to get past webpage blocks

TIP: Unnecessary if using a VPN.

https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation[Installation instructions for other OSes], such as Windows, Linux, etc.

.macOS [%collapsible]

. Go to https://ipleak.net/[AirVPN's IP Leak] to see your current DNS servers. Save a screenshot of this page.

. https://brew.sh/[Install Homebrew] if you haven't already.

. brew install dnscrypt-proxy

. Be sure to read the information Brew gives you after it's done installing dnscrypt-proxy.

. Open Settings, go to Network, then click on the Network interface you are currently using; for me, that is "USB 10/100/1G/2.5G LAN". . Click "Details..." + image:settings_dnscrypt.png[] . Go to DNS, press the Plus (+) button under "DNS Servers", then type in 127.0.0.1 + image:settings_dnscrypt_2.png[]

. Go back to https://ipleak.net/[AirVPN's IP Leak] to see if the changes to your DNS servers is successful; compare it to your prior screenshot.

====

== 4. Confirm the hotspot is un-throttled

== 5. Improving internet speeds

.Android only -> Enable Data Saver:

.Android & iOS/iPadOS & Quectel -> Disable roaming:

.Android & iOS/iPadOS & Quectel -> Switch cell tower providers specifically for problematic areas

.Rooted Android & Quectel -> Using specific 4G, LTE, 5G NA, or 5G SA bands:

. Install https://apkpure.com/network-signal-guru/com.qtrun.QuickTest[Network Signal Guru] then use it to set the allowed LTE bands to only the "LTE 4x4 Bands" listed on https://cacombos.com/device/G025E[cacombos.com] for your device. This could stabilize your speeds, and can potentially increase speeds.

. If the ads bother you, enable Systemless Hosts in Magisk's settings, then install https://github.com/AdAway/AdAway/releases[AdAway] and use its Root method; do not use its VPN method.

.Android only -> Disable "hotspot hardware acceleration" in the Settings app:

== Appendices

.Learning resources [%collapsible]

. https://archive.org/download/p173_20220313/p173.pdf . https://archive.org/download/technology-showcase-policy-control-for-connected-and-tethered-devices/technology-showcase-policy-control-for-connected-and-tethered-devices.pdf . https://archive.org/download/geneva_ccs19/geneva_ccs19.pdf . https://incolumitas.com/2021/03/13/tcp-ip-fingerprinting-for-vpn-and-proxy-detection/ . https://github.com/NikolaiT/zardaxt . https://blog.cloudflare.com/optimizing-tcp-for-high-throughput-and-low-latency/ . Showed that moving past the hotspot clasification on non-jailbroken iOS and iPadOS devcies is possible, via ad-hoc Wi-Fi on the client, and a proxy server on the iOS/iPadOS device: https://blog.cyrusroshan.com/post/phone-data-hotspot

[.lead] Third-party scripts

. /jffs/scripts/wan-event used for Asuswrt-Merlin is a refined version of https://www.snbforums.com/threads/wan-start-script-also-run-on-wan-stop.61295/#post-542636[this script].

====

You've reached the end of this guide. Star it if you liked it.

'''

=== Donations Tip the apps or programs you rely on first, such as TetherFi for non-rooted Android devices; some like PowerTunnel don't seem to take donations.

Tipping is appreciated, and is used for buying access to Verizon and AT&T plans: + image:kofi_qrcode.png[width=160,height=160,link="https://ko-fi.com/felikcat"]