README.adoc

About

This guide compared to PDANet, FoxFi, NetShare, EasyTether, Wi-Fi Tether Router, TetherMe, iTether, MyWi, iPhoneModem:

1. + Supports hotspots from Android phones & tablets, and Quectel modems.

   • There is methods for unjailbroken iOS and iPadOS, however they are frustrating to handle.

2. + Jailbreaking or rooting is not required.

3. + Fully open-source and free of charge.

4. + Better reliablity and internet speeds.

5. + On "unlimited" telecom plans, grants you unlimited data for hotspots.

   • Use within reason. Try not to use over two TBs (2000GB) of data in a month.

6. + Moves past various types of throttling, such as limited video quality on YouTube or other streaming services.

1. Preparation

1. If you use an OS that blocks Android snitching by default, such as GrapheneOS. Skip to "2. Moving past throttling".

2. Quectel modems: Skip to "2. Moving past throttling".

iOS and iPadOS

See here for the SSL method if you’re willing to experiment. Contributions here would be greatly appreciated, as I can’t anticipate every OS configuration and general setup, which is a requirement for these SSL and SSH methods.

Rooted/jailbroken Android

1. Install Magisk; read "Getting Started", then "Patching Images".

2. Download the Unlimited Hotspot Magisk module.

3. Open Magisk → Modules → Install from storage → Select the "unlimited-hotspot-v7.zip" that was downloaded.

4. Reboot.

2. Moving past throttling

ℹ️	For every macOS device you use, you’d have to install SpoofDPI on each. Same applies for Android devices via installing PowerTunnel, and so on for other OSes.

Install anti-DPI applications, specific to each OS:

• FreeBSD, OpenBSD: zapret.

• macOS and Linux: SpoofDPI, zapret also works — with crashing issues on macOS Ventura 13.5.2.

• Windows: GhosTCP.

• Android: PowerTunnel for Android.

• iOS/iPadOS: Cloudflare’s 1.1.1.1 app; any other VPNs work too, but be sure to use a reptuable one that utilizes WireGuard.

Additional required steps

macOS

1. Download Unlimited Hotspot, then open unlimited-hotspot-main.zip in Finder to extract it.

2. After extracted, open the "unlimited-hotspot-main" folder, then open its "macOS" folder.

3. Open Terminal.

4. Type sudo -i, enter your login password, then press Enter.

5. Type cp then drag the set-ios-tcp-stack.sh file in, press Space, type in /var/root and press Enter.

6. Type cp then drag the felikcat.set.ios.tcpstack.plist file in, press Space, type in /Library/LaunchDaemons and then press Enter.

7. chmod +x /var/root/set-ios-tcp-stack.sh

8. launchctl load -w /Library/LaunchDaemons/felikcat.set.ios.tcpstack.plist

Now we need to add three Packet Filter rules and enable PF.

1. nano /etc/pf.conf

2. Add the following three lines before nat-anchor:
   

3. pfctl -f /etc/pf.conf then pfctl -e

---

Routers

For Quectel modems, or if the hotspot device is plugged into a router, then these steps are required:

Asuswrt-Merlin

1. Advanced Settings - WAN → disable Extend the TTL value and Spoof LAN TTL value.

2. Advanced Settings - Administration

   • Enable JFFS custom scripts and configs → "Yes"

   • Enable SSH → "LAN only"

3. Replace the LAN IP and login name if needed: $ ssh 192.168.50.1 -l asus

   • Use other SSH clients if preferred, such as MobaXterm or Termius.

4. # nano /jffs/scripts/wan-event

#!/bin/sh
# shellcheck disable=SC2068
Say() {
  printf '%s%s' "$$" "$@" | logger -st "($(basename "$0"))"
}
WAN_IF=$1
WAN_STATE=$2

# Call appropriate script based on script_type
SERVICE_SCRIPT_NAME="wan${WAN_IF}-${WAN_STATE}"
SERVICE_SCRIPT_LOG="/tmp/WAN${WAN_IF}_state"

# Execute and log script state
if [ -f "/jffs/scripts/${SERVICE_SCRIPT_NAME}" ]; then
  Say "     Script executing.. for wan-event: $SERVICE_SCRIPT_NAME"
  echo "$SERVICE_SCRIPT_NAME" >"$SERVICE_SCRIPT_LOG"
  sh /jffs/scripts/"${SERVICE_SCRIPT_NAME}" "$@"
else
  Say "     Script not defined for wan-event: $SERVICE_SCRIPT_NAME"
fi

##@Insert##

# nano /jffs/scripts/wan0-connected

#!/bin/sh

# HACK: I am unsure of what to check.
## Do this too early and the TTL & HL won't be set.
sleep 5s; modprobe xt_HL; wait

# Removes these iptables entries if present.
# WARNING: Only removes these entries once, and never assumes the same entries are present twice.
iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

# Move past TTL & HL hotspot detections.
## Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).
iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

Now, set permissions correctly to avoid this error: custom_script: Found wan-event, but script is not set executable!
# chmod a+rx /jffs/scripts/*
# reboot

---

GoldenOrb or OpenWrt via LuCI

1. GoldenOrb specific: Network → Firewall → Custom TTL Settings

   • Ensure its option is disabled.

2. Network → Firewall → Custom Rules

# Removes these iptables entries if present; only removes once, so if the same entry is present twice (script assumes this never happens), it would need to be removed twice.
iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

# Move past TTL & HL hotspot detections.
## Increments the TTL & HL by 2 (1 for the router, 1 for the devices connected to the router).
iptables -t mangle -A PREROUTING -i usb+ -j TTL --ttl-inc 2
iptables -t mangle -I POSTROUTING -o usb+ -j TTL --ttl-inc 2
ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2
ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2

---

Quectel modems

Details

🔥	Never spoof to an IMEI of a device you do not own, you will block the device of whoever uses it — but only if it’s on the same telecom. It is also illegal in the United States to spoof to an IMEI of a device that is not owned by you.

You need to spoof the Quectel modem’s IMEI to a phone or tablet you own that has mobile data capability.

AT+EGMR=1,7,"The IMEI here"

3. Confirm the hotspot is un-throttled

💡	After enabling USB hotspot, enable "Data Saver". This tells Android to restrict data to USB hotspot and what app is at the forefront only.

• Use Netflix’s Speedtest, then compare that result to Waveform’s Bufferbloat Test.
  

  • This tests for throttling of streaming servers (Netflix), various forms of data fingerprinting, and hotspot detections.

4. Improving internet speeds

Disable roaming

• Android & iOS: Search for "Roaming" in the Settings app, then disable it.

  • Context: Roaming to a different telecom usually has unavoidable throttling. Roaming kicks in when signal strength is either very poor or non-existent from your telecom. In T-Mobile USA’s case, they roam on AT&T with only up to 250kbps download & upload speeds on AT&T’s towers.

Switch cell tower providers specifically for problematic areas

• iOS: Context: T-Mobile owns Sprint’s towers. For me, Sprint has consistently better speeds at my home.
  

(Android with Magisk only) → Using specific 4G, LTE, 5G NA, or 5G SA bands.

1. Install NetMonster for its network monitoring. Without NetMonster, you are blind to what bands are used, and their signal strength.

2. Install Network Signal Guru then use it to set the allowed LTE bands to only the "LTE 4x4 Bands" listed on cacombos.com for your device. This could stabilize your speeds, and can potentially increase speeds.

3. If the ads bother you, enable Systemless Hosts in Magisk’s settings, then install AdAway and use its Root method; do not use its VPN method.

💡	Android → Only if you have high ping or ping spiking issues: try disabling "hotspot hardware acceleration" in the Settings app.

Appendices

Learning resources

1. https://archive.org/download/p173_20220313/p173.pdf

2. https://archive.org/download/technology-showcase-policy-control-for-connected-and-tethered-devices/technology-showcase-policy-control-for-connected-and-tethered-devices.pdf

3. https://archive.org/download/geneva_ccs19/geneva_ccs19.pdf

4. https://incolumitas.com/2021/03/13/tcp-ip-fingerprinting-for-vpn-and-proxy-detection/

5. https://github.com/NikolaiT/zardaxt

6. https://blog.cloudflare.com/optimizing-tcp-for-high-throughput-and-low-latency/

7. Showed that moving past the hotspot clasification on non-jailbroken iOS and iPadOS devcies is possible, via ad-hoc Wi-Fi on the client, and a proxy server on the iOS/iPadOS device: https://blog.cyrusroshan.com/post/phone-data-hotspot

Third-party scripts

1. /jffs/scripts/wan-event used for Asuswrt-Merlin is a refined version of this script.

You’ve reached the end of this guide. Star it if you liked it.

---

Tip me if you want more pre-paid United States telecoms tested, such as AT&T, Verizon, and third-party MVNOs using say AT&T’s network like Cricket Wireless. As of Sep 10 2023: I’ve only tested with a Magenta T-Mobile plan, with me maxing out its hotspot data out.

Scan this image, or click on it to tip me on Ko-fi: