Compared to PDANet, FoxFi, NetShare, EasyTether, Wi-Fi Tether Router, and sshuttle tunneling:
On Android
-
+ Fully open-source and free of charge.
-
+ More reliable and has higher internet speeds.
-
+ Within reason, grants you unlimited data. This depends on the telecom and your plan.
-
+ Bypasses limited video quality on YouTube or other streaming services, and other DPI firewall rules.
-
- Only works on "bootloader unlocked" Android devices.
-
A bootloader unlocked Google Pixel 4A (5G) can be had for ~$80 USD, and has very fast mobile data. Buy a Pixel 6 instead if ~$210 USD is still reasonable to you.
-
GrapheneOS is recommended for Google devices.
-
-
|
ℹ️
|
iOS and iPadOS are TODO; I am currently trying out some ideas I have to successfully pull it off, and all without jailbreaking. I doubt it’ll be as fast as the methods used on Android, but the slowdown should be minimal. |
On iOS and iPadOS
-
+ Fully open-source and free of charge.
-
+ Within reason, grants you unlimited data. This depends on the telecom and your plan.
-
+ Bypasses limited video quality on YouTube or other streaming services, and other DPI firewall rules.
Android
|
🔥
|
Some OSes block Android snitching by default, such as GrapheneOS. If so, please skip to section 3; do not unlock your bootloader, and do not install Magisk. |
-
Unlock the bootloader if you haven’t already.
-
Install Magisk; read "Getting Started", then "Patching Images".
-
On the hotspot/tethering device, install NetMonster for its network monitoring. Without NetMonster, you are blind to what bands are used, and their signal strength.
== 2. Fully blocking Android snitching to your telecom . Download our Unlimited Hotspot Magisk module. . Open Magisk → Modules → Install from storage → Select the "unlimited-hotspot-v6.zip" that was downloaded. . Reboot.
iOS and iPadOS
-
Open the Terminal, and run:
brew install wireguard-tools.
macOS
|
ℹ️
|
Tested on Ventura 13.5.2. |
-
Open Unlimited Hotspot’s "macOS" folder in Finder.
-
Open Terminal.
-
Type
sudo -i, enter your login password, then press Enter. -
Type
cpthen drag theset-ios-tcp-stack.shfile in, press Space, type in/var/rootand press Enter. -
Type
cpthen drag thecom.felikcat.set.ttl.plistfile in, press Space, type in/Library/LaunchDaemonsand then press Enter. -
chmod +x /var/root/set-ios-tcp-stack.sh -
launchctl load -w /Library/LaunchDaemons/com.felikcat.set.ttl.plist.
-
nano /etc/pf.conf -
Add the following three lines before
nat-anchor:
-
pfctl -f /etc/pf.confthenpfctl -e.
-
Linux: zapret.
-
Windows: GhosTCP.
-
Android: PowerTunnel for Android.
-
iOS/iPadOS: None available.
If the hotspot device is plugged into a router, likely through USB, additional steps are required:
Asuswrt-Merlin
-
Advanced Settings - WAN→ disableExtend the TTL valueandSpoof LAN TTL value. -
Advanced Settings - Administration-
Enable JFFS custom scripts and configs→ "Yes" -
Enable SSH→ "LAN only"
-
-
Replace the LAN IP and login name if needed:
$ ssh 192.168.50.1 -l asus-
Use other SSH clients if preferred, such as MobaXterm or Termius.
-
-
# nano /jffs/scripts/wan-event
#!/bin/sh
# shellcheck disable=SC2068
Say() {
printf '%s%s' "$$" "$@" | logger -st "($(basename "$0"))"
}
WAN_IF=$1
WAN_STATE=$2
# Call appropriate script based on script_type
SERVICE_SCRIPT_NAME="wan${WAN_IF}-${WAN_STATE}"
SERVICE_SCRIPT_LOG="/tmp/WAN${WAN_IF}_state"
# Execute and log script state
if [ -f "/jffs/scripts/${SERVICE_SCRIPT_NAME}" ]; then
Say " Script executing.. for wan-event: $SERVICE_SCRIPT_NAME"
echo "$SERVICE_SCRIPT_NAME" >"$SERVICE_SCRIPT_LOG"
sh /jffs/scripts/"${SERVICE_SCRIPT_NAME}" "$@"
else
Say " Script not defined for wan-event: $SERVICE_SCRIPT_NAME"
fi
##@Insert### nano /jffs/scripts/wan0-connected
#!/bin/sh
# HACK: I am unsure of what to check.
## Do this too early and the TTL & HL won't be set.
sleep 5s; modprobe xt_HL; wait
# Removes these iptables entries if present.
# WARNING: Only removes these entries once, and never assumes the same entries are present twice.
iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2
# TTL & HL hotspot detection bypass.
## Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).
iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2Now, set permissions correctly to avoid this error: custom_script: Found wan-event, but script is not set executable!
# chmod a+rx /jffs/scripts/*
# reboot
GoldenOrb or OpenWrt via LuCI
-
GoldenOrb specific:
Network→Firewall→Custom TTL Settings-
Ensure its option is disabled.
-
-
Network→Firewall→Custom Rules
# Removes these iptables entries if present; only removes once, so if the same entry is present twice (script assumes this never happens), it would need to be removed twice. iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2 # TTL & HL hotspot detection bypass. ## Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router). iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2
|
💡
|
After enabling USB hotspot, enable "Data Saver". This tells Android to restrict data to USB hotspot and what app is at the forefront only. |
-
Use Netflix’s Speedtest, then compare that result to Waveform’s Bufferbloat Test.
This tests for throttling of streaming servers (Netflix), various forms of data fingerprinting, and hotspot/hotspot detections.
-
Search for "Roaming" in the Settings app, then disable it.
-
Context: Roaming to a different telecom usually has unavoidable throttling. Roaming kicks in when signal strength is either very poor or non-existent from your telecom. In T-Mobile USA’s case, they roam on AT&T with only up to 250kbps download & upload speeds on AT&T’s towers.
-
-
Install Network Signal Guru then use it to set the allowed LTE bands to only the "LTE 4x4 Bands" listed on cacombos.com for your device. This could stabilize your speeds, and can potentially increase speeds.
-
If the ads bother you, enable Systemless Hosts in Magisk’s settings, then install AdAway and use its Root method; do not use its VPN method.
-
-
Only if you have high ping or ping spiking issues: try disabling "hotspot hardware acceleration" in the Settings app.
Resources used
Learning resources
-
Random XDA forums posts and threads to accumulate personal experiences with hotspot throttling or blocking bypass attempts.
-
https://incolumitas.com/2021/03/13/tcp-ip-fingerprinting-for-vpn-and-proxy-detection/ and https://github.com/NikolaiT/zardaxt
-
https://blog.cloudflare.com/optimizing-tcp-for-high-throughput-and-low-latency/
Third-party scripts
-
/jffs/scripts/wan-eventused for Asuswrt-Merlin is a refined version of this script.
You’ve reached the end of this guide. Star it if you liked it.
Tip me if you want more telecoms tested, such as AT&T, Verizon, and third-party MVNOs using say AT&T’s network like Cricket Wireless. As of Sep 10 2023, I’ve only tested with a Magenta T-Mobile plan.
Scan this image, or click on it to tip me on Ko-fi:
