• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[Magisk][Stock] Bypass Tether Restrictions

Search This thread

fddm

Senior Member
Feb 24, 2011
158
107
This is an example of how I seamlessly bypass native tether restrictions for both usb and wifi tethering. For the Moto G Ace 5G, this comes in two parts. A kernel mod to disable CONFIG_MODULE_SIG_FORCE and Magisk module to set things up. The kernel modification was made through reverse engineering with Ghidra and the kernel module included in the Magisk module was built by compiling official sources with CONFIG_NETFILTER_XT_TARGET_HL=m added to the config.

The Magisk Module has three main parts:
system.prop - Disable tether provisioning
apns-conf.xml - Modify APN configuration
service.sh - Insert xt_HL and apply the iptables rule

The rule looks like:
Code:
iptables -t mangle -I POSTROUTING -o rmnet_data+ -j TTL --ttl-set 64
It tells the kernel to modify the TTL of all IPv4 traffic exiting through any mobile interface. The interface can be different on other devices, another common example would be "v4-rmnet_data+". It should also be noted that this only touches IPv4 traffic. If your carrier flags the hop limit of IPv6 traffic, I can only recommend blocking IPv6 to the tethered interface with an ip6tables rule or using another method.

The supplied apns-conf.xml is modified for T-Mobile and MetroPCS, you may need to edit it if your carrier differs. This is done by finding the DUN APNs, merging them with the primary APNs, and removing them as follows:
<apn carrier="MetroPCS"
mcc="310"
mnc="160"
apn="fast.metropcs.com"
mmsc="http://metropcs.mmsmvno.com/mms/wapenc"
type="default,supl,mms"
protocol="IPV6"
mvno_match_data="6D38"
mvno_type="gid"
mtu="1440"
user_editable="0"
carrier_id="1949"
/>
<apn carrier="MetroPCS DUN"
mcc="310"
mnc="160"
apn="pcweb.metropcs.com"
type="dun"
protocol="IPV4V6"
mvno_match_data="6D38"
mvno_type="gid"
mtu="1440"
user_visible="0"
carrier_id="1949"
/>

****************************************************

<apn carrier="MetroPCS"
mcc="310"
mnc="160"
apn="fast.metropcs.com"
mmsc="http://metropcs.mmsmvno.com/mms/wapenc"
type="default,supl,mms,dun"
protocol="IPV4V6"
mvno_match_data="6D38"
mvno_type="gid"
mtu="1440"
user_editable="0"
carrier_id="1949"
/>

Modified Kernel:

Magisk Module:

After flashing the kernel and installing the module, you will need to enter your APN settings and restore defaults for them to take effect.
Note: The Magisk module also disables nondisable, preinstall, and system upgrades.

I think I might of got a GPL report for this thread, so here's a link to stock sources used to build modules:
and also my patching guide that was made after this post:
 
Last edited:
  • Like
Reactions: XeoNoX and h3xmind

XeoNoX

Senior Member
Oct 25, 2010
1,032
773
nice mod, quick question, how did you figure out which interface to mangle?
for example the following attachment has a few interfaces, how do you know which one to mangle?
 

Attachments

  • Capture.JPG
    Capture.JPG
    329 KB · Views: 109

jhjhjhjhjhjh

Senior Member
Mar 14, 2017
272
127
Well the way I have my hotspot undetectected.
Simple ,
Root of course,
1. Use adblocker or adaway first
2. Change DNS settings and apn.
DNS...dns.google or 1dot1dot1dot1.dns-.com
APN 4.4.8.8 NOT 4G.... I'll screen shot the settings.
4. Use app Hotspot VPN version 2.11.3
Set up hotspot on phone and activate hotspot via vpn app.. I'll screen shot the settings as well.
viola...😀

Edit..Thanks .O.P for this jewel. !! The VPN hotspot app works but only on the default apn..I guess metro/TMobile may have updated there servers..anyways I flashed the boot.img and installed the magisk module but I patched the boot.ing with the latest magisk 20.4 and manager 7.51.. I then said what does restore default apn mean? So I just took out my sim reinserted it and reset network settings only. Now I saw a fresh apn that allowed me to edit...yeah...before adding an apn was my only option. Now I noticed DNS and VPN apps work on default apn configs..
So VPN hotspot works and no detection from carrier or DNS errors..
I have two 5g ace phones I got for 89.99 a piece ..im on an unlimited data plan, I USB tether to my 5G ace to my laptop and utilized the windows 10 sharing feature. Share USB tether connection via Ethernet...then plug the Ethernet into my Netgear router. For Xbox and PlayStation I add port rules and assign a static i.p for both consoles.
Ii kid you not after 3 days of this method my average speeds using 5G per device connected to my router either by Ethernet or wifi , averages 40-90 MBs download and 33mb upload.. who needs an internet provider like spectrum anymore? Not me....;)
 

Attachments

  • Screenshot_20210423-075648.png
    Screenshot_20210423-075648.png
    113.8 KB · Views: 183
  • Screenshot_20210423-075630.png
    Screenshot_20210423-075630.png
    99.9 KB · Views: 170
  • Screenshot_20210423-075641.png
    Screenshot_20210423-075641.png
    78.8 KB · Views: 156
  • Screenshot_20210423-075655.png
    Screenshot_20210423-075655.png
    129.5 KB · Views: 155
  • Screenshot_20210423-075710.png
    Screenshot_20210423-075710.png
    120.8 KB · Views: 189
Last edited:
  • Like
Reactions: XeoNoX

fddm

Senior Member
Feb 24, 2011
158
107
nice mod, quick question, how did you figure out which interface to mangle?
for example the following attachment has a few interfaces, how do you know which one to mangle?
Your apn is setup with CLAT, so you mangle v4-rmnet_data+. You know which interface because it has an IPv4 address, in this case 192.0.0.2. The plus sign means it applies to all numbered networks by that name.

T-Mobile allows IPv6 HL of 64 and 63, so IPv6 is not an issue unless your tethering to a router. ip6tables only has access to forwarded ICMP traffic, TCP and UDP is encapsulated and can't be modified. In this case you block IPv6 or setup SNAT or MASQUERADING. SNAT is the only viable option without recompiling the kernel entirely and is on my TODO list.

@jhjhjhjhjhjh how did you change the APN TYPE and add DUN to it? the newer version of android wont allow this modification. what version of android are you using?
Moto phones do not have this patch yet afaik, there is no such restriction. Modifying apns-conf.xml is always an option though, as long as you have root. This is not required if your redirecting to a VPN and blocking IPv6 though, traffic never crosses the DUN.
 
Last edited:

XeoNoX

Senior Member
Oct 25, 2010
1,032
773
@fddm thank you sir, i will look into this and try it this weekend, as shown by my screenshot above i assume mines is called "v4-rmnet_data2" . i have a different rooted custom rom phone, ill try out and play with it and see if i can get it to work.
 

XeoNoX

Senior Member
Oct 25, 2010
1,032
773
@fddm thanks for your help, patience, and explanation, thanks i figured it out and got it working on a different rooted phone. I also incorporated some of jhjhjhjhjh's settings. i was lookng for a few weeks for a IPTABLES solution so this thread helped alot. I coulndt get the TTL mod to work via iptables on the phone because the filter requires kernal changes like you mentioned ( https://netfilter.org/projects/patch-o-matic/index.html) , as a work around i changed the TTL on the client. i was also able to mangle the rules to be able to tether direct bypassing tether restriction at full LTE speed. So far so good.
 
Last edited:

fddm

Senior Member
Feb 24, 2011
158
107
I got unrestricted usb tethering working with IPv6 support via SNAT, if anyone wants that. It uses the patched kernel above with a new module that enables the IPv6 nat table and an app to manage the connection.

Magisk Module:

USBTether app:

In the app set Tether Interface to Auto, IPv6 NAT to SNAT, and enable Dnsmasq and Modify Outgoing TTL. After enabling the service it will automatically configure the connection, even after a reboot, until the service is disabled.

Make sure you restore default APN settings as mentioned in the OP, it disables CLAT which would otherwise prevent IPv6 from working(split network) unless your using a VPN.

Sources:
 
Last edited:
  • Like
Reactions: XeoNoX

gullzway

Senior Member
Nov 17, 2007
211
17
Does the same method for previous Motorola's not work? This works on my Z3 Play on Android 9 and G Stylus on Android 10.
Root with Magisk and use MagiskHide Props Config to add net.tethering.noprovisioning=true
 

fddm

Senior Member
Feb 24, 2011
158
107
Does the same method for previous Motorola's not work? This works on my Z3 Play on Android 9 and G Stylus on Android 10.
Root with Magisk and use MagiskHide Props Config to add net.tethering.noprovisioning=true
That only disables the provisioning check, for most carriers you still need to use "settings put global tether_dun_required 0" or change the apn to bypass the dun. On TMO/VZW, you additionally need to set the TTL/HL or the packets will be flagged as tethering regardless.

There are tons of ways to do this, but methods that are fully contained on the device are most interesting to me.
 

gullzway

Senior Member
Nov 17, 2007
211
17
That only disables the provisioning check, for most carriers you still need to use "settings put global tether_dun_required 0" or change the apn to bypass the dun. On TMO/VZW, you additionally need to set the TTL/HL or the packets will be flagged as tethering regardless.

There are tons of ways to do this, but methods that are fully contained on the device are most interesting to me.
That only disables the provisioning check, for most carriers you still need to use "settings put global tether_dun_required 0" or change the apn to bypass the dun. On TMO/VZW, you additionally need to set the TTL/HL or the packets will be flagged as tethering regardless.

There are tons of ways to do this, but methods that are fully contained on the device are most interesting to me.
Indeed. I just set up this Ace 5g last night. Even after adding the net.tethering.noprovisioning=true prop, and "settings put global tether_dun_required 0" MY Hotspot is still being throttled. VPN doesn't help. I'm connecting with an iphone and its still throttled to 500kb/s.
I guess since I was Sprint before, now T Mobile signal, it not as easy.

Can you explain "set the TTL/HL." Will this only work on a PC? Not sure how to Edit APN's on this device either.
 

fddm

Senior Member
Feb 24, 2011
158
107
You use Linux firewall rules on the router or bridge to overwrite that field in the packet or if it's a PC you can tell your kernel to create packets with a specific value. Try not to double Nat if you can avoid it. EDIT: Something like this is a good example:
but the specifics depend on application. I've done this on DD-WRT, Tomato, and in plain Linux distros, as well as well as on the phone itself like shown in this thread.

VPN should always work though. Use VPN Hotspot with IPv6 and tethering hardware acceleration disabled. Cloudflare Warp and Google One VPNs are your best bets to avoid traffic shaping on mobile networks IMO.
 
Last edited:

gullzway

Senior Member
Nov 17, 2007
211
17
What about connecting a Firestick or other Mobile phone to the Ace 5G hotspot? Any way to get around the TMobile throttle? That's the only time I use it.
 

fddm

Senior Member
Feb 24, 2011
158
107
That's exactly what the OP is about, follow the steps and you'll be able to do exactly that with the native tether/hotspot on your phone.

Or if you want to use a VPN, use VPN Hotspot like I mentioned.
 

gullzway

Senior Member
Nov 17, 2007
211
17
That's exactly what the OP is about, follow the steps and you'll be able to do exactly that with the native tether/hotspot on your phone.

Or if you want to use a VPN, use VPN Hotspot like I mentioned.
Thanks, I'll try VPN hotspot. After reading "After flashing the kernel and installing the module, you will need to enter your APN settings and restore defaults for them to take effect."

I'm a little hesitant as I am unable to edit APN's on this New phone either through settings, or ##3282##

Edit: VPN Hotspot is working, data not counted as hotspot. Not sure how it works, I'm not even using my VPN unless it has one built in.
 
Last edited:

russellglen72

Member
May 7, 2012
25
2
Baytown Tx
This is an example of how I seamlessly bypass native tether restrictions for both usb and wifi tethering. For the Moto G Ace 5G, this comes in two parts. A kernel mod to disable CONFIG_MODULE_SIG_FORCE and Magisk module to set things up. The kernel modification was made through reverse engineering with Ghidra and the kernel module included in the Magisk module was built by compiling official sources with CONFIG_NETFILTER_XT_TARGET_HL=m added to the config.

The Magisk Module has three main parts:
system.prop - Disable tether provisioning
apns-conf.xml - Modify APN configuration
service.sh - Insert xt_HL and apply the iptables rule

The rule looks like:
Code:
iptables -t mangle -I POSTROUTING -o rmnet_data+ -j TTL --ttl-set 64
It tells the kernel to modify the TTL of all IPv4 traffic exiting through any mobile interface. The interface can be different on other devices, another common example would be "v4-rmnet_data+". It should also be noted that this only touches IPv4 traffic. If your carrier flags the hop limit of IPv6 traffic, I can only recommend blocking IPv6 to the tethered interface with an ip6tables rule or using another method.

The supplied apns-conf.xml is modified for T-Mobile and MetroPCS, you may need to edit it if your carrier differs. This is done by finding the DUN APNs, merging them with the primary APNs, and removing them as follows:
<apn carrier="MetroPCS"
mcc="310"
mnc="160"
apn="fast.metropcs.com"
mmsc="http://metropcs.mmsmvno.com/mms/wapenc"
type="default,supl,mms"
protocol="IPV6"
mvno_match_data="6D38"
mvno_type="gid"
mtu="1440"
user_editable="0"
carrier_id="1949"
/>
<apn carrier="MetroPCS DUN"
mcc="310"
mnc="160"
apn="pcweb.metropcs.com"
type="dun"
protocol="IPV4V6"
mvno_match_data="6D38"
mvno_type="gid"
mtu="1440"
user_visible="0"
carrier_id="1949"
/>

****************************************************

<apn carrier="MetroPCS"
mcc="310"
mnc="160"
apn="fast.metropcs.com"
mmsc="http://metropcs.mmsmvno.com/mms/wapenc"
type="default,supl,mms,dun"
protocol="IPV4V6"
mvno_match_data="6D38"
mvno_type="gid"
mtu="1440"
user_editable="0"
carrier_id="1949"
/>

Modified Kernel:

Magisk Module:

After flashing the kernel and installing the module, you will need to enter your APN settings and restore defaults for them to take effect.
Note: The Magisk module also disables nondisable, preinstall, and system upgrades.
Will flashing the boot.img mess with my root
 

cowboah

Member
Jun 3, 2021
9
1
I flashed the kernel and installed the Magisk module without issue. I'm a total newb to all this though, and I don't know what the OP means by "enter your APN settings and restore defaults". I know how to restore default APNS's, but I don't know what do for the first part. Just restoring the default APN does enable tethering that's hidden from the carrier (once the connection decides to work properly that is), but the internet is getting cut off intermittently with messages like "can't find DNS" or "connection timed out". I can't help but suspect that this has something to do with me not knowing how to follow the last step in the OP. Any help would be appreciated.
 

fddm

Senior Member
Feb 24, 2011
158
107
I flashed the kernel and installed the Magisk module without issue. I'm a total newb to all this though, and I don't know what the OP means by "enter your APN settings and restore defaults". I know how to restore default APNS's, but I don't know what do for the first part. Just restoring the default APN does enable tethering that's hidden from the carrier (once the connection decides to work properly that is), but the internet is getting cut off intermittently with messages like "can't find DNS" or "connection timed out". I can't help but suspect that this has something to do with me not knowing how to follow the last step in the OP. Any help would be appreciated.
Sounds like you got it then, restoring default APNs is all that calls for.

Not sure about about the errors your receiving though. This should act the same as tethering normally does. You might try disabling "Tethering hardware acceleration" in Developer options or manually set DNS servers on your client.
 

cowboah

Member
Jun 3, 2021
9
1
Sounds like you got it then, restoring default APNs is all that calls for.

Not sure about about the errors your receiving though. This should act the same as tethering normally does. You might try disabling "Tethering hardware acceleration" in Developer options or manually set DNS servers on your client.
Yeah, I ended up realizing it's the carrier. The connection was cutting out constantly and I just didn't notice it before setting things up. T-Mobile's network just isn't very good in my area. I switched to Cricket, and so far the network seems better. I'm trying to get set up again, and I'm having trouble merging the APN's for my carrier. It doesn't help that there is no dun type in either of the entries that use the same mmsc as I do.

<apn carrier="internet"
mcc="310"
mnc="150"
apn="ndo"
type="default,mms,fota,supl"
protocol="IPV4V6"
roaming_protocol="IPV4V6"
mmsc="http://mmsc.aiowireless.net"
mmsproxy="proxy.aiowireless.net"
mmsport="80"
mtu="1410"
user_editable="0"
carrier_id="1964"
/>

<apn carrier="internet"
mcc="310"
mnc="150"
apn="endo"
type="default,mms,fota,supl"
mvno_type="gid"
mvno_match_data="53FF"
protocol="IPV4V6"
roaming_protocol="IPV4V6"
mmsc="http://mmsc.aiowireless.net"
mmsproxy="proxy.aiowireless.net"
mmsport="80"
mtu="1410"
user_editable="0"
/>
The top is what I have unrooted after the switch. What I don't understand is if I need to add dun to the types and whether to use "ndo" or "endo" for the apn value.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    This is an example of how I seamlessly bypass native tether restrictions for both usb and wifi tethering. For the Moto G Ace 5G, this comes in two parts. A kernel mod to disable CONFIG_MODULE_SIG_FORCE and Magisk module to set things up. The kernel modification was made through reverse engineering with Ghidra and the kernel module included in the Magisk module was built by compiling official sources with CONFIG_NETFILTER_XT_TARGET_HL=m added to the config.

    The Magisk Module has three main parts:
    system.prop - Disable tether provisioning
    apns-conf.xml - Modify APN configuration
    service.sh - Insert xt_HL and apply the iptables rule

    The rule looks like:
    Code:
    iptables -t mangle -I POSTROUTING -o rmnet_data+ -j TTL --ttl-set 64
    It tells the kernel to modify the TTL of all IPv4 traffic exiting through any mobile interface. The interface can be different on other devices, another common example would be "v4-rmnet_data+". It should also be noted that this only touches IPv4 traffic. If your carrier flags the hop limit of IPv6 traffic, I can only recommend blocking IPv6 to the tethered interface with an ip6tables rule or using another method.

    The supplied apns-conf.xml is modified for T-Mobile and MetroPCS, you may need to edit it if your carrier differs. This is done by finding the DUN APNs, merging them with the primary APNs, and removing them as follows:
    <apn carrier="MetroPCS"
    mcc="310"
    mnc="160"
    apn="fast.metropcs.com"
    mmsc="http://metropcs.mmsmvno.com/mms/wapenc"
    type="default,supl,mms"
    protocol="IPV6"
    mvno_match_data="6D38"
    mvno_type="gid"
    mtu="1440"
    user_editable="0"
    carrier_id="1949"
    />
    <apn carrier="MetroPCS DUN"
    mcc="310"
    mnc="160"
    apn="pcweb.metropcs.com"
    type="dun"
    protocol="IPV4V6"
    mvno_match_data="6D38"
    mvno_type="gid"
    mtu="1440"
    user_visible="0"
    carrier_id="1949"
    />

    ****************************************************

    <apn carrier="MetroPCS"
    mcc="310"
    mnc="160"
    apn="fast.metropcs.com"
    mmsc="http://metropcs.mmsmvno.com/mms/wapenc"
    type="default,supl,mms,dun"
    protocol="IPV4V6"
    mvno_match_data="6D38"
    mvno_type="gid"
    mtu="1440"
    user_editable="0"
    carrier_id="1949"
    />

    Modified Kernel:

    Magisk Module:

    After flashing the kernel and installing the module, you will need to enter your APN settings and restore defaults for them to take effect.
    Note: The Magisk module also disables nondisable, preinstall, and system upgrades.

    I think I might of got a GPL report for this thread, so here's a link to stock sources used to build modules:
    and also my patching guide that was made after this post:
    2
    i tether my laptop to my moto g7 and att clamps me to under 200k download. it sucks, but its all I have. i have 3 towers that I can see from where I live and maybe when the 5g comes, it will make a difference, but i doubt it.
    If you use PDA Net that wouldn't happen. Trust, I was hitting 300GB a month on my G7 Power.
    1
    Well the way I have my hotspot undetectected.
    Simple ,
    Root of course,
    1. Use adblocker or adaway first
    2. Change DNS settings and apn.
    DNS...dns.google or 1dot1dot1dot1.dns-.com
    APN 4.4.8.8 NOT 4G.... I'll screen shot the settings.
    4. Use app Hotspot VPN version 2.11.3
    Set up hotspot on phone and activate hotspot via vpn app.. I'll screen shot the settings as well.
    viola...😀

    Edit..Thanks .O.P for this jewel. !! The VPN hotspot app works but only on the default apn..I guess metro/TMobile may have updated there servers..anyways I flashed the boot.img and installed the magisk module but I patched the boot.ing with the latest magisk 20.4 and manager 7.51.. I then said what does restore default apn mean? So I just took out my sim reinserted it and reset network settings only. Now I saw a fresh apn that allowed me to edit...yeah...before adding an apn was my only option. Now I noticed DNS and VPN apps work on default apn configs..
    So VPN hotspot works and no detection from carrier or DNS errors..
    I have two 5g ace phones I got for 89.99 a piece ..im on an unlimited data plan, I USB tether to my 5G ace to my laptop and utilized the windows 10 sharing feature. Share USB tether connection via Ethernet...then plug the Ethernet into my Netgear router. For Xbox and PlayStation I add port rules and assign a static i.p for both consoles.
    Ii kid you not after 3 days of this method my average speeds using 5G per device connected to my router either by Ethernet or wifi , averages 40-90 MBs download and 33mb upload.. who needs an internet provider like spectrum anymore? Not me....;)
    1
    @jhjhjhjhjhjh how did you change the APN TYPE and add DUN to it? the newer version of android wont allow this modification. what version of android are you using?
    1
    I got unrestricted usb tethering working with IPv6 support via SNAT, if anyone wants that. It uses the patched kernel above with a new module that enables the IPv6 nat table and an app to manage the connection.

    Magisk Module:

    USBTether app:

    In the app set Tether Interface to Auto, IPv6 NAT to SNAT, and enable Dnsmasq and Modify Outgoing TTL. After enabling the service it will automatically configure the connection, even after a reboot, until the service is disabled.

    Make sure you restore default APN settings as mentioned in the OP, it disables CLAT which would otherwise prevent IPv6 from working(split network) unless your using a VPN.

    Sources: