[Discontinued] Bypass Tether Restrictions

Search This thread

fddm

Senior Member
Feb 24, 2011
258
171
Since you had the source code for the kernel, what exactly required reverse engineering to implement?
Stock kernels are built with the option CONFIG_MODULE_SIG_FORCE, an option that forces signature checks on kernel modules before they can be loaded. Stock kernel sources did not fully build, so I just built modules and patched the kernel to work with them.

Given that T-mobile's Internet connection is native IPv6 only why did you not create a corresponding Ip6tables rule which also sets the the TTL to 64 for IPv6 packets?
I do, with USB tethering, were IPv6 NAT is supported. Normally you'd just use physdev to modify those packets on the way out, but that doesn't seem to work with ipv6. You need a NAT on the phone or router. I run the NAT on the phone so it shares the tunnel(and IP) with the phone, effectively hiding behind it just like ipv4.

Why did you merge the DUN APN's? Don't carriers (like T-Mobile) use the separate APN for the hotspot as the primary means to determine the throttling, e.g. primary APN is unlimited data and DUN APN is 40GB?
Deleting it would work just as well. If you look at the example, "pcweb.metropcs.com" is the DUN and it gets deleted. I mark the primary as DUN for good measure, but it is not strictly necessary. If the phone can't find a DUN apn it just uses the primary.
 

flash713

Senior Member
May 7, 2015
1,166
559
OnePlus 7 Pro
Google Pixel 5
I use a OnePlus 7 pro (rooted w/DerpFest rom) I had initially made a ,DUN apns-conf.xml without ipv6 just ipv4 and I also did: adb shell (and) settings put global tether_dun_required 0
I added the ole: net.tethering.nonprovisioning=true using Magisk Props hide module, added new custom prop.... Along with the open source VPN hotspot app.. (with the green and yellow icon) Then I uncheck "tethering hardware acceleration" in dev options. In the past I've used a proxy server I always had connection issues.. I know VPN Hotspot app doesn't
allow ipv6 as it's already set that way by default in the app but I have used my tether this past week and the week before and I didn't think about my apn that I made with ,DUN, I had to do a clean install last week and I never made another apn without ipv6. My hotspot still works and is usually at a decent speed when tethering my desktop. I've gotten between 25-72 mbps download and about half that upload regularly. I haven't and don't use it much unless I have to but I ran speed tests off and on just to see.. I use Ubuntu on my home PC and i had initially changed TTL on it to 65 but I have rebooted since I changed it and never redid it again. Anyway that's my report. ✌️
 
Last edited:
  • Like
Reactions: fddm

JDToo

Member
Feb 1, 2015
13
1
I do, with USB tethering, were IPv6 NAT is supported. Normally you'd just use physdev to modify those packets on the way out, but that doesn't seem to work with ipv6. You need a NAT on the phone or router.
So T-mobile doesn't assign IPv6 global unicast addresses to connecting devices on the hotspot? My only experience thus far with T-mobile has been with dedicated cell service routers, and T-mobile does assign global IPv6 addresses to clients on those. I assumed phones would do the same.
 

fddm

Senior Member
Feb 24, 2011
258
171
So T-mobile doesn't assign IPv6 global unicast addresses to connecting devices on the hotspot? My only experience thus far with T-mobile has been with dedicated cell service routers, and T-mobile does assign global IPv6 addresses to clients on those. I assumed phones would do the same.
It certainly does when using built-in tether feature, but most tethered traffic doesn't seem accessible through the kernel firewall. Further, if you set your router up as a bridge and use a physdev rule to modify the HL, IPv6 will not work. If you setup NAT6 on the phone or router modifying HL works as intended. Seems like a kernel bug.
 
I' ve decided I should effectively close this thread. I already made a guide some time ago on how to patch kernels, and that was original the reason I made this thread in the first place. 5G Ace was just my new toy and I solved a novel problem that Google gave me absolutely no leads on. There really wasn't anything out at the time, so I thought it was quite cool that I was able to run wireguard in kernel mode and tether ipv6 traffic. But now it's nothing special.

I've felt like posting this was always a mistake anyway, so pulled my files and am discontinuing this thread.
Hey, I don't know the reason why you pulled this project but please resurrect it. I have the Moto G Stylus 5G (2022) and it's damn near impossible to get proper tether on it via VPN (and that's with it factory unlocked and running on TMO). I used your guide on my Moto 5G Ace and it worked flawless. Please, come back and help us with this new phone.
 

fddm

Senior Member
Feb 24, 2011
258
171
@Articul8Madness I don't mind patching stock Moto kernels and building modules on request, I just need three things:
1. Link to stock kernel sources from Moto's github
2. /proc/config.gz pulled from your device
3. Stock boot image to patch

I only have an app for usb tethering, but can make one to support hotspoting as well if necessary.
 
@Articul8Madness I don't mind patching stock Moto kernels and building modules on request, I just need three things:
1. Link to stock kernel sources from Moto's github
2. /proc/config.gz pulled from your device
3. Stock boot image to patch

I only have an app for usb tethering, but can make one to support hotspoting as well if necessary.
1. The Kernel hasn't been released officially yet by Motorola.
2. Got that. (See Attachment)
3. Got that. (See Attachment...this has already been patched with Magisk, but if you need the unpatched one let me know).
 

fddm

Senior Member
Feb 24, 2011
258
171
This is what I used.

There's kernel sources for milan though a shared tree (MMI-RRWB31.Q3-46-64-2-2, for example, looks to have the required files). Just no readme describing how to compile these recent mtk kernels. Will take a bit of experimenting to set up the required toolchain and learn how to use it.

Code:
[+] Version string: Linux version 4.14.186+ ([email protected]) (Android (6443078 based on r383902) clang version 11.0.1 (https://android.googlesource.com/toolchain/llvm-project b397f81060ce6d701042b7
82172ed13bee898b79), LLD 11.0.1 (/buildbot/tmp/tmp6_m7QH b397f81060ce6d701042b782172ed13bee898b79)) #1 SMP PREEMPT Wed May 4 02:04:49 CDT 2022
 
There's kernel sources for milan though a shared tree (MMI-RRWB31.Q3-46-64-2-2, for example, looks to have the required files). Just no readme describing how to compile these recent mtk kernels. Will take a bit of experimenting to set up the required toolchain and learn how to use it.

Code:
[+] Version string: Linux version 4.14.186+ ([email protected]) (Android (6443078 based on r383902) clang version 11.0.1 (https://android.googlesource.com/toolchain/llvm-project b397f81060ce6d701042b7
82172ed13bee898b79), LLD 11.0.1 (/buildbot/tmp/tmp6_m7QH b397f81060ce6d701042b782172ed13bee898b79)) #1 SMP PREEMPT Wed May 4 02:04:49 CDT 2022
No worries. I appreciate any help in this. We just found out there is a Qualcomm version and Mediatek version of this phone, with most carriers giving out the Qualcomm version under a different name but same model number (difference being the #)
 

fddm

Senior Member
Feb 24, 2011
258
171
No worries. I appreciate any help in this. We just found out there is a Qualcomm version and Mediatek version of this phone, with most carriers giving out the Qualcomm version under a different name but same model number (difference being the #)
I've been reading up on other users' experiences on Android 12 specifically. They seem to imply it is part of the system or software installed on the system detecting either the tether app package name or the single hop proxy. But more importantly, other users did some testing and worked around the issue.

1.) One way was to setup double proxies. The tethering app is one proxy, but then they'll run another socks or http proxy on their phone and setup clients to use it. (The chain looks like this: Phone <-> Easytether <-> Proxy <-> Clients)

2.) The other way is to override the APN settings. This makes a lot of sense, since after the detection is made there must be some way of relaying that information to the carrier. It's done by tagging it with the DUN apn ofc.

I'd like you to try the second option. Here is a Magisk module that replaces apns-conf.xml with a version that has hidden dun apns removed. It also disables Moto system updater, non-disable on apks in /product, preinstalled facebook, and tether provisioning. After an install and reboot, open your Access Point Names window, hit the three dots top right, select Reset to default. You won't see a change as the APNs I removed were hidden.
 

Attachments

  • motocust_milan.zip
    92.4 KB · Views: 3
  • Like
Reactions: flash713
I've been reading up on other users' experiences on Android 12 specifically. They seem to imply it is part of the system or software installed on the system detecting either the tether app package name or the single hop proxy. But more importantly, other users did some testing and worked around the issue.

1.) One way was to setup double proxies. The tethering app is one proxy, but then they'll run another socks or http proxy on their phone and setup clients to use it. (The chain looks like this: Phone <-> Easytether <-> Proxy <-> Clients)

2.) The other way is to override the APN settings. This makes a lot of sense, since after the detection is made there must be some way of relaying that information to the carrier. It's done by tagging it with the DUN apn ofc.

I'd like you to try the second option. Here is a Magisk module that replaces apns-conf.xml with a version that has hidden dun apns removed. It also disables Moto system updater, non-disable on apks in /product, preinstalled facebook, and tether provisioning. After an install and reboot, open your Access Point Names window, hit the three dots top right, select Reset to default. You won't see a change as the APNs I removed were hidden.
I will try this in one hour and report back. I prefer the 2nd option as it has been HELL to even modify and/or save APN settings on this phone. Nothing like my Moto 5G Ace. (Ironically, even though its 5G I have no 5G options on the Stylus 2022).

Thank you SOOOOO much for this.
 
I've been reading up on other users' experiences on Android 12 specifically. They seem to imply it is part of the system or software installed on the system detecting either the tether app package name or the single hop proxy. But more importantly, other users did some testing and worked around the issue.

1.) One way was to setup double proxies. The tethering app is one proxy, but then they'll run another socks or http proxy on their phone and setup clients to use it. (The chain looks like this: Phone <-> Easytether <-> Proxy <-> Clients)

2.) The other way is to override the APN settings. This makes a lot of sense, since after the detection is made there must be some way of relaying that information to the carrier. It's done by tagging it with the DUN apn ofc.

I'd like you to try the second option. Here is a Magisk module that replaces apns-conf.xml with a version that has hidden dun apns removed. It also disables Moto system updater, non-disable on apks in /product, preinstalled facebook, and tether provisioning. After an install and reboot, open your Access Point Names window, hit the three dots top right, select Reset to default. You won't see a change as the APNs I removed were hidden.
Ok. So I've went far over my tether limit and its acting SLOW. Connection is very slow versus apps on the phone minue VPN Hotpsot are coming in at 31MB/s. I tried your other method as well - same speed. There must be something else going on.

I wish I could roll back to android 10 with this frigging phone. My Moto One 5G Ace running it doesn't have this problem.
 
I've been reading up on other users' experiences on Android 12 specifically. They seem to imply it is part of the system or software installed on the system detecting either the tether app package name or the single hop proxy. But more importantly, other users did some testing and worked around the issue.

1.) One way was to setup double proxies. The tethering app is one proxy, but then they'll run another socks or http proxy on their phone and setup clients to use it. (The chain looks like this: Phone <-> Easytether <-> Proxy <-> Clients)

2.) The other way is to override the APN settings. This makes a lot of sense, since after the detection is made there must be some way of relaying that information to the carrier. It's done by tagging it with the DUN apn ofc.

I'd like you to try the second option. Here is a Magisk module that replaces apns-conf.xml with a version that has hidden dun apns removed. It also disables Moto system updater, non-disable on apks in /product, preinstalled facebook, and tether provisioning. After an install and reboot, open your Access Point Names window, hit the three dots top right, select Reset to default. You won't see a change as the APNs I removed were hidden.
EDIT: It all works. Initially it didn't but the trick was using a 5G Force app and reset all my settings to LTE only. 5G doesn't "show" on this phone but its capable, once I did that in the settings it's been fast as hell. Seems it kept reverting back to 3G on connection.

All is well. Thank you.
 

fddm

Senior Member
Feb 24, 2011
258
171
EDIT: It all works. Initially it didn't but the trick was using a 5G Force app and reset all my settings to LTE only. 5G doesn't "show" on this phone but its capable, once I did that in the settings it's been fast as hell. Seems it kept reverting back to 3G on connection.

All is well. Thank you.
I'm floored, honestly. You have this phone:
Helio G88 is for sure 4G only. Leaves some open questions, but I'm glad you got it working anyway.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    I' ve decided I should effectively close this thread. I already made a guide some time ago on how to patch kernels, and that was original the reason I made this thread in the first place. 5G Ace was just my new toy and I solved a novel problem that Google gave me absolutely no leads on. There really wasn't anything out at the time, so I thought it was quite cool that I was able to run wireguard in kernel mode and tether ipv6 traffic. But now it's nothing special.

    I've felt like posting this was always a mistake anyway, so pulled my files and am discontinuing this thread.

    -------------------

    This is an example of how I seamlessly bypass native tether restrictions for both usb and wifi tethering. For the Moto G Ace 5G, this comes in two parts. A kernel mod to disable CONFIG_MODULE_SIG_FORCE and Magisk module to set things up. The kernel modification was made through reverse engineering with Ghidra and the kernel module included in the Magisk module was built by compiling official sources with CONFIG_NETFILTER_XT_TARGET_HL=m added to the config.

    The Magisk Module has three main parts:
    system.prop - Disable tether provisioning
    apns-conf.xml - Modify APN configuration
    service.sh - Insert xt_HL and apply the iptables rule

    The rule looks like:
    Code:
    iptables -t mangle -I POSTROUTING -o rmnet_data+ -j TTL --ttl-set 64
    It tells the kernel to modify the TTL of all IPv4 traffic exiting through any mobile interface. The interface can be different on other devices, another common example would be "v4-rmnet_data+". It should also be noted that this only touches IPv4 traffic. If your carrier flags the hop limit of IPv6 traffic, I can only recommend blocking IPv6 to the tethered interface with an ip6tables rule or using another method.

    The supplied apns-conf.xml is modified for T-Mobile and MetroPCS, you may need to edit it if your carrier differs. This is done by finding the DUN APNs, merging them with the primary APNs, and removing them as follows:
    <apn carrier="MetroPCS"
    mcc="310"
    mnc="160"
    apn="fast.metropcs.com"
    mmsc="http://metropcs.mmsmvno.com/mms/wapenc"
    type="default,supl,mms"
    protocol="IPV6"
    mvno_match_data="6D38"
    mvno_type="gid"
    mtu="1440"
    user_editable="0"
    carrier_id="1949"
    />
    <apn carrier="MetroPCS DUN"
    mcc="310"
    mnc="160"
    apn="pcweb.metropcs.com"
    type="dun"
    protocol="IPV4V6"
    mvno_match_data="6D38"
    mvno_type="gid"
    mtu="1440"
    user_visible="0"
    carrier_id="1949"
    />

    ****************************************************

    <apn carrier="MetroPCS"
    mcc="310"
    mnc="160"
    apn="fast.metropcs.com"
    mmsc="http://metropcs.mmsmvno.com/mms/wapenc"
    type="default,supl,mms,dun"
    protocol="IPV4V6"
    mvno_match_data="6D38"
    mvno_type="gid"
    mtu="1440"
    user_editable="0"
    carrier_id="1949"
    />

    Modified Kernel:

    Magisk Module:

    After flashing the kernel and installing the module, you will need to enter your APN settings and restore defaults for them to take effect.
    Note: The Magisk module also disables nondisable, preinstall, and system upgrades.

    I think I might of got a GPL report for this thread, so here's a link to stock sources used to build modules:
    and also my patching guide that was made after this post:
    3
    Well the way I have my hotspot undetectected.
    Simple ,
    Root of course,
    1. Use adblocker or adaway first
    2. Change DNS settings and apn.
    DNS...dns.google or 1dot1dot1dot1.dns-.com
    APN 4.4.8.8 NOT 4G.... I'll screen shot the settings.
    4. Use app Hotspot VPN version 2.11.3
    Set up hotspot on phone and activate hotspot via vpn app.. I'll screen shot the settings as well.
    viola...😀

    Edit..Thanks .O.P for this jewel. !! The VPN hotspot app works but only on the default apn..I guess metro/TMobile may have updated there servers..anyways I flashed the boot.img and installed the magisk module but I patched the boot.ing with the latest magisk 20.4 and manager 7.51.. I then said what does restore default apn mean? So I just took out my sim reinserted it and reset network settings only. Now I saw a fresh apn that allowed me to edit...yeah...before adding an apn was my only option. Now I noticed DNS and VPN apps work on default apn configs..
    So VPN hotspot works and no detection from carrier or DNS errors..
    I have two 5g ace phones I got for 89.99 a piece ..im on an unlimited data plan, I USB tether to my 5G ace to my laptop and utilized the windows 10 sharing feature. Share USB tether connection via Ethernet...then plug the Ethernet into my Netgear router. For Xbox and PlayStation I add port rules and assign a static i.p for both consoles.
    Ii kid you not after 3 days of this method my average speeds using 5G per device connected to my router either by Ethernet or wifi , averages 40-90 MBs download and 33mb upload.. who needs an internet provider like spectrum anymore? Not me....;)
    3
    i tether my laptop to my moto g7 and att clamps me to under 200k download. it sucks, but its all I have. i have 3 towers that I can see from where I live and maybe when the 5g comes, it will make a difference, but i doubt it.
    If you use PDA Net that wouldn't happen. Trust, I was hitting 300GB a month on my G7 Power.
    3
    I updated to Lineage OS 18.1
    Sources: https://github.com/SyberHexen

    ---------------------------------------------------------------------------------------------
    Native Tether

    We don't need to install a patched kernel with Lineage. I added dun to T-Mobile in apns-conf.xml, MetroPCS already had it set. You still need to make sure you have dun under APN type or run "settings put global tether_dun_required 0" through adb for your traffic not to count.

    Native Tether with IPv6 disabled:

    OR

    Native Tether with IPv6 untouched:
    (You may want this if your on the T-Mobile network and you tether directly to your devices)

    ---------------------------------------------------------------------------------------------
    USB Tether

    We have the option between Magisk module or custom kernel, the latter with masquerade support. For a direct mobile IPv4/IPv6 dual stack connection, you need to set APN protocol to IPv4/IPv6 in your APN configuration. I applied this for T-Mobile and MetroPCS in apns-conf.xml.

    Modules for IPv6 SNAT and TTL/HL:

    OR

    Kernel with IPv6 SNAT/MASQ and TTL/HL:

    USB Tether v0.5 app:

    ---------------------------------------------------------------------------------------------

    If you have connectivity issues, try disabling Tethering Hardware Acceleration in Developer Settings. Different APN settings can also help, using T-Mobile APN settings helped with MetroPCS for me. Also setting "persist.net.doxlat=false" in build.prop to disable CLAT and can help with IPv4 issues. I have a test module that does that here:
    3
    Since you had the source code for the kernel, what exactly required reverse engineering to implement?
    Stock kernels are built with the option CONFIG_MODULE_SIG_FORCE, an option that forces signature checks on kernel modules before they can be loaded. Stock kernel sources did not fully build, so I just built modules and patched the kernel to work with them.

    Given that T-mobile's Internet connection is native IPv6 only why did you not create a corresponding Ip6tables rule which also sets the the TTL to 64 for IPv6 packets?
    I do, with USB tethering, were IPv6 NAT is supported. Normally you'd just use physdev to modify those packets on the way out, but that doesn't seem to work with ipv6. You need a NAT on the phone or router. I run the NAT on the phone so it shares the tunnel(and IP) with the phone, effectively hiding behind it just like ipv4.

    Why did you merge the DUN APN's? Don't carriers (like T-Mobile) use the separate APN for the hotspot as the primary means to determine the throttling, e.g. primary APN is unlimited data and DUN APN is 40GB?
    Deleting it would work just as well. If you look at the example, "pcweb.metropcs.com" is the DUN and it gets deleted. I mark the primary as DUN for good measure, but it is not strictly necessary. If the phone can't find a DUN apn it just uses the primary.