unlimited-hotspot icon indicating copy to clipboard operation
unlimited-hotspot copied to clipboard

Published 20 hours ago verified publisher icon felikcat

Metadata

Remove speed restrictions on your hotspot internet (iOS, iPadOS, Android, Quectel), and allows hotspots on any plan (rooted Android & Quectel only).

:experimental: :imagesdir: Pictures/ ifdef::env-github[] :icons: :tip-caption: :bulb: :note-caption: :information_source: :important-caption: :heavy_exclamation_mark: :caution-caption: :fire: :warning-caption: :warning: endif::[]

== About [.lead] This guide compared to others -> PDANet, FoxFi, NetShare, EasyTether, Wi-Fi Tether Router, TetherMe, iTether, MyWi, iPhoneModem:

. Supports hotspots from Android phones & tablets, iOS, iPadOS, and Quectel modems. . Methods used are all high performance and reliability, unlike SSH tunneling. . Fully open-source and free of charge.

  • Exception: the non-jailbroken iOS and iPadOS method, not open-source -- but is free of charge. . On "unlimited" telecom plans, grants you unlimited data for hotspots. . Moves past various types of throttling, such as limited video quality on YouTube or other streaming services.

NOTE: Follow the entire guide, top to bottom.

== 1. Preparation / Hosting an unlimited hotspot

.Quectel modems [%collapsible]

CAUTION: Never spoof to an IMEI of a device you do not own, it's illegal in the United States, and you will block the device of whoever uses it -- but only if it's on the same telecom.

.Spoof the Quectel modem's IMEI to a phone or tablet you own that has mobile data capability:

  • AT+EGMR=1,7,"The IMEI here"

====

.Non-jailbroken iOS and iPadOS [%collapsible]

. https://pairvpn.com/install[Install PairVPN] from the App Store on the iOS or iPadOS device, and on the clients (such as a Windows laptop).

. Connect the client to your iOS/iPadOS device via its "Mobile Hotspot" or through USB tethering.

. Run PairVPN as a server on the iOS/iPadOS device, then use the PairVPN client on devices that connect to that server.

  • For as long as PairVPN is used, there won't be hotspot data usage.

====

.Non-rooted Android [%collapsible]

. https://github.com/pyamsoft/tetherfi#tetherfi[Install TetherFi] on the Android device.

. Open the TetherFi app.

. Configure the following in the "Hotspot" tab:

  • Broadcast frequency -> 5GHz
  • Enable all: Wake Locks
  • Enable: Bind Proxy to All Interfaces

. Open the "How To" tab and follow its instructions.

====

.Rooted Android [%collapsible]

. https://topjohnwu.github.io/Magisk/[Install Magisk]; read "Getting Started", then "Patching Images".

. Download the https://github.com/felikcat/unlimited-hotspot/releases/download/v7/unlimited-hotspot-v7.zip[Unlimited Hotspot] Magisk module. . Open Magisk -> Modules -> Install from storage -> Select the "unlimited-hotspot-v7.zip" that was downloaded. . Reboot.

====

== 2. Moving past throttling TIP: For every macOS device you use, you'd have to install PowerTunnel on each. Same applies for other OSes.

.Install anti-DPI applications, specific to each OS:

  • FreeBSD, OpenBSD: https://github.com/bol-van/zapret/blob/master/docs/bsd.eng.md[zapret].

  • macOS and Linux: https://github.com/krlvm/PowerTunnel#configuring[PowerTunnel], or https://github.com/bol-van/zapret/blob/master/docs/readme.eng.md[zapret] (for macOS, use zapret's https://github.com/bol-van/zapret/blob/master/docs/bsd.eng.md[BSD instructions]).

  • Windows: https://github.com/macronut/ghostcp[GhosTCP].

  • Android: https://github.com/krlvm/PowerTunnel-Android#configuring[PowerTunnel for Android]; run it in VPN mode.

  • iOS/iPadOS: https://apps.apple.com/in/app/1-1-1-1-faster-internet/id1423538627[Cloudflare's 1.1.1.1 app]; any other VPNs utilizing WireGuard or OpenVPN work too.

.How to use PowerTunnel on macOS [%collapsible]

. Make sure the https://github.com/krlvm/PowerTunnel/releases[latest PowerTunnel.jar] is downloaded.

. Download the https://adoptium.net/download/[Adoptium installer] and open it.

. After you got done installing Adoptium "Temurin", in Finder, kbd:[Left Option] + kbd:[Right Click] PowerTunnel.jar then click "Open". + image:kbmagic.jpeg[]

. image:settings_powertunnel.png[]

====

=== Additional required steps

.HTTPS "packet chunking" (also called TCP fragmentation) is required to bypass throttling. [%collapsible]

. image:PowerTunnel1.png[480,360] . Use a low chunk size, such as "1": + image:PowerTunnel2.png[480,360]

====

.If using PowerTunnel and TetherFi (for non-rooted Android). [%collapsible]

. Go to PowerTunnel, then click on "Options". . Configure the upstream proxy server to match what TetherFi says to use. For my case, it was 192.168.49.1 with port 8228 for the HTTP/HTTPS protocol.

  • image:PowerTunnel3.png[480,360]

====

.macOS [%collapsible]

. https://github.com/felikcat/unlimited-hotspot/archive/refs/heads/main.zip[Download Unlimited Hotspot], then open unlimited-hotspot-main.zip in Finder to extract it. . After extracted, open the "unlimited-hotspot-main" folder, then open its "macOS" folder. . Open Terminal.

. Type sudo -i, enter your login password, then press kbd:[Enter]. . Type cp then drag the set-ios-tcp-stack.sh file in, press kbd:[Space], type in /var/root and press kbd:[Enter]. . Type cp then drag the felikcat.set.ios.tcpstack.plist file in, press kbd:[Space], type in /Library/LaunchDaemons and then press kbd:[Enter]. . chmod +x /var/root/set-ios-tcp-stack.sh . launchctl load -w /Library/LaunchDaemons/felikcat.set.ios.tcpstack.plist

.Now we need to add three Packet Filter rules and enable PF. . nano /etc/pf.conf . Add the following three lines before nat-anchor: + image:pf_rules.png[] . pfctl -f /etc/pf.conf then pfctl -e

'''

=== Routers For Quectel modems, or if the hotspot device is plugged into a router, then these steps are required:

.Asuswrt-Merlin [%collapsible]

. Advanced Settings - WAN -> disable Extend the TTL value and Spoof LAN TTL value. . Advanced Settings - Administration

  • Enable JFFS custom scripts and configs -> "Yes"
  • Enable SSH -> "LAN only" . Replace the LAN IP and login name if needed: $ ssh 192.168.50.1 -l asus
  • Use other SSH clients if preferred, such as MobaXterm or Termius. . # nano /jffs/scripts/wan-event

[source, shell]

#!/bin/sh

shellcheck disable=SC2068

Say() { printf '%s%s' "$$" "$@" | logger -st "($(basename "$0"))" } WAN_IF=$1 WAN_STATE=$2

Call appropriate script based on script_type

SERVICE_SCRIPT_NAME="wan${WAN_IF}-${WAN_STATE}" SERVICE_SCRIPT_LOG="/tmp/WAN${WAN_IF}_state"

Execute and log script state

if [ -f "/jffs/scripts/${SERVICE_SCRIPT_NAME}" ]; then Say " Script executing.. for wan-event: $SERVICE_SCRIPT_NAME" echo "$SERVICE_SCRIPT_NAME" >"$SERVICE_SCRIPT_LOG" sh /jffs/scripts/"${SERVICE_SCRIPT_NAME}" "$@" else Say " Script not defined for wan-event: $SERVICE_SCRIPT_NAME" fi

##@Insert##

# nano /jffs/scripts/wan0-connected [source, shell]

#!/bin/sh

HACK: I am unsure of what to check.

Do this too early and the TTL & HL won't be set.

sleep 5s; modprobe xt_HL; wait

Removes these iptables entries if present.

WARNING: Only removes these entries once, and never assumes the same entries are present twice.

iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

Move past TTL & HL hotspot detections.

Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).

iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

Now, set permissions correctly to avoid this error: custom_script: Found wan-event, but script is not set executable! + # chmod a+rx /jffs/scripts/* + # reboot

====

.GoldenOrb [%collapsible]

Copy the following TTL settings: + image:firefox_wsJ71hUwXh.png[] + image:firefox_lnpySSfHOt.png[]

====

.OpenWrt [%collapsible]

. Network -> Firewall -> Custom Rules [source, shell]

Removes these iptables entries if present; only removes once, so if the same entry is present twice (script assumes this never happens), it would need to be removed twice.

iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

Move past TTL & HL hotspot detections.

Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).

iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

====

== 3. Using dnscrypt2 to get past webpage blocks

https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation[Installation instructions for other OSes], such as Windows, Linux, etc.

.macOS [%collapsible]

. Go to https://ipleak.net/[AirVPN's IP Leak] to see your current DNS servers. Save a screenshot of this page.

. https://brew.sh/[Install Homebrew] if you haven't already.

. brew install dnscrypt-proxy

. Be sure to read the information Brew gives you after it's done installing dnscrypt-proxy.

  • It is recommended to install dnscrypt-proxy's service.

. Open Settings, go to Network, then click on the Network interface you are currently using; for me, that is "USB 10/100/1G/2.5G LAN". . Click "Details..." + image:settings_dnscrypt.png[] . Go to DNS, press the Plus (+) button under "DNS Servers", then type in 127.0.0.1 + image:settings_dnscrypt_2.png[]

. Go back to https://ipleak.net/[AirVPN's IP Leak] to see if the changes to your DNS servers is successful; compare it to your prior screenshot.

====

== 4. Confirm the hotspot is un-throttled

  • Use https://fast.com[Netflix's Speedtest], then compare that result to https://www.waveform.com/tools/bufferbloat[Waveform's Bufferbloat Test]. +
  • This tests for throttling of streaming servers (Netflix), various forms of data fingerprinting, and hotspot detections.

== 5. Improving internet speeds

.Android only -> Enable Data Saver

  • This only works via USB, as it will block wireless hotspots.
  • Context: Data saver tells Android to restrict data to only the USB hotspot and which app is at the forefront.

.Android & iOS/iPadOS & Quectel -> Disable roaming

  • Android & iOS: Search for "Roaming" in the Settings app, then disable it.
  • Context: Roaming to a different telecom usually has unavoidable throttling. Roaming kicks in when signal strength is either very poor or non-existent from your telecom. In T-Mobile USA's case, they roam on AT&T with only up to 250kbps download & upload speeds on AT&T's towers.
  • Quectel: TODO

.Android & iOS/iPadOS & Quectel -> Switch cell tower providers specifically for problematic areas

  • Android: TODO
  • iOS: Context -> T-Mobile owns Sprint's towers. For me, Sprint has consistently better speeds at my home. + image:ios_network_selection.PNG[width=281.5,height=305]
  • Quectel: TODO

.Rooted Android & Quectel -> Using specific 4G, LTE, 5G NA, or 5G SA bands.

  • Rooted Android: . Install https://apkpure.com/netmonster/cz.mroczis.netmonster[NetMonster] for its network monitoring. Without NetMonster, you are blind to what bands are used, and their signal strength.

. Install https://apkpure.com/network-signal-guru/com.qtrun.QuickTest[Network Signal Guru] then use it to set the allowed LTE bands to only the "LTE 4x4 Bands" listed on https://cacombos.com/device/G025E[cacombos.com] for your device. This could stabilize your speeds, and can potentially increase speeds.

. If the ads bother you, enable Systemless Hosts in Magisk's settings, then install https://github.com/AdAway/AdAway/releases[AdAway] and use its Root method; do not use its VPN method.

  • Quectel: TODO

.Android only -> Disable "hotspot hardware acceleration" in the Settings app.

  • Only if you have high ping or ping spiking issues, otherwise leave it enabled.

== Appendices

.Learning resources [%collapsible]

. https://archive.org/download/p173_20220313/p173.pdf . https://archive.org/download/technology-showcase-policy-control-for-connected-and-tethered-devices/technology-showcase-policy-control-for-connected-and-tethered-devices.pdf . https://archive.org/download/geneva_ccs19/geneva_ccs19.pdf . https://incolumitas.com/2021/03/13/tcp-ip-fingerprinting-for-vpn-and-proxy-detection/ . https://github.com/NikolaiT/zardaxt . https://blog.cloudflare.com/optimizing-tcp-for-high-throughput-and-low-latency/ . Showed that moving past the hotspot clasification on non-jailbroken iOS and iPadOS devcies is possible, via ad-hoc Wi-Fi on the client, and a proxy server on the iOS/iPadOS device: https://blog.cyrusroshan.com/post/phone-data-hotspot

[.lead] Third-party scripts

. /jffs/scripts/wan-event used for Asuswrt-Merlin is a refined version of https://www.snbforums.com/threads/wan-start-script-also-run-on-wan-stop.61295/#post-542636[this script].

====

You've reached the end of this guide. Star it if you liked it.

'''

=== Donations Tip the apps or programs you rely on first, such as TetherFi for non-rooted Android devices; some like PowerTunnel don't seem to take donations.

Tipping is appreciated, and is used for buying access to Verizon and AT&T plans: + image:kofi_qrcode.png[width=160,height=160,link="https://ko-fi.com/felikcat"]

Metadata

122
Stars
6
Forks
Watchers

Owner

verified publisher icon felikcat

Metadata

Remove speed restrictions on your hotspot internet (iOS, iPadOS, Android, Quectel), and allows hotspots on any plan (rooted Android & Quectel only).

Back