Hi, this cannot raise the TTL, and macOS' PF does not support TTL mangling unlike iptables.
I have an alternative way of bypassing this detection here: https://github.com/felikcat/unlimited-hotspot/#3-moving-past-a-dpi-firewalls-throttle-triggers
I mention it since I want more people rather than myself to test, I also use T-Mobile, as seen here.
NoWayOut That's due to TCP fingerprinting methods, other people say use a VPN but if you can get away with not using one as I currently do, that's faster.
Linux's TCP/IP stack is very similar to Android, so it's easy to look like an Android phone.
macOS you can make look like iOS easily. For Windows I am not sure, but it is very different compared to both macOS and Linux.
There is anti-DPI programs for Windows that are more comprehensive than the macOS and Linux alternatives, so you might not have to worry about it.
N3rdTek
PDANet+ or PairVPN needlessly slow down your internet. They're either outdated, or over-complex methods.
felikcat
I am sorry, but your guide was completely incomprehensible to me. What am I supposed to do if I want to use my GrapheneOS Pixel 7 Pro as a hotspot for my MacBook Pro?
Am I supposed to install anything on the Mac?
Or just install Power Tunnel on the Pixel (did this, used the VPN method, hotspot usage was detected right away)?
Also, I assume we are talking about Wi-Fi hotspot, as I never use USB.
Please clarify!
Thanks.
I was wondering how T-Mobile detects hotspot usage and hadn't been able to evade the detection using the various online tutorials and the advice given here.
If I understand correctly, they check the TTL counter of the passing data packets (that your internet traffic is wrapped in). If there are extra "routers" (like a wifi hotspot) on the way from cell service router to the target device, the TTL will be lower, than it would have been if the packets originated from the smartphone, since when passing each router the TTL value get's decremented by one.
So to bypass this, you need to change (increment by 1) the default initial TTL value (64 on MacOS) on your connected device - i.e. your MacBook, so the cell service doesn't notice the difference from the stock android initial TTL (which is 64, as I understand) once the packet reaches your service provider:
sudo sysctl net.inet.ip.ttl=65
Haven't tried doing that myself, though.
Look, not to sound petulant, but all of this obviously does not work. It is just bunch of untested "what ifs" and even in the best case scenario (phone acting as a hotspot for your computer) is this a real hotspot? The way I see it, a real hotspot would let any device connect to it without the device being modified. What if I want to connect an IoT device? Should I modify its TTL? This is preposterous and half-assed. It is obvious that no one knows exactly how T-Mobile is detecting hotspot use and no one knows how to prevent hotspot detection on the phone without modifying the connected device.
AlanZ It is obvious that no one knows exactly how T-Mobile is detecting hotspot use [...]
Earlier in this thread is some highly plausible information about non-TTL methods.
AlanZ [...] and no one knows how to prevent hotspot detection on the phone without modifying the connected device.
That is a strong claim, e.g., see:
https://github.com/GrapheneOS/os-issue-tracker/issues/30 (but note that management requests that people express interest via the thumbs-up button, not by a text comment).
I need unlimited tethering to work correctly on the phone, not by modifying a whole bunch of stuff on your computer. What if I need to supply unlimited internet to a IOT device, that can't be modified?
In that sense, no, GOS does not remove carrier restrictions.
AlanZ True. One might say that's a privacy issue also.
AlanZ GOS does not remove carrier restrictions.
GrapheneOS does remove carrier restrictions. There's nothing GrapheneOS can do about a provider blocking network traffic when they detect something they don't like.
GrapheneOS does not, to my knowledge, change the behavior of how hotspots work. Those aren't the same thing. It may be possible to make a change to avoid detection, but I don't know for sure.
AlanZ GOS does not remove carrier restrictions.
GrapheneOS can't stop your carrier from doing IP-stack fingerprinting ( de0u) of packets after they leave your device unless they leave via a VPN connection, which has been requested: https://discuss.grapheneos.org/d/2916-tether-thru-vpn
I know this post is old but for those who are still seeking ways to tether with a restricted carrier here's another option:
https://www.technadu.com/how-to-share-a-vpn-connection-on-android-without-root/258827/
Note that this option doesn't work if you can't turn on hotspot at all.
Also, a few things not mentioned on the article:
Again, not confirmed with T-Mobile but hope somebody finds this helps.
GrapheneOS The way I understand it is that if you raise TTL by 1 on a Laptop connected to a GOS device hotspot you have to remove the "dun" parameter from the APN.
If that's correct why is this the case? Why do I have to remove "dun" then?
Confirmed using Every proxy app to bypass hotspot limit with T-Mobile. I didn't use a VPN (although I will be trying that next).
My Path -
T-Mobile Cell Service
Pixel 8 Pro
Every Proxy
Mobile hotspot
Windows 11
Without every proxy, I got exactly 600kbps using testmy.net to test download speed. (My tether limit was exceeded this morning and I was warmed by text I would only get 600kbps)
With every proxy, I got 155mbps.
So, great success for me. I don't yet have GrapheneOS though so I can't say how that would affect things. Currently using OEM OS...
Thanks for the help, LKnet
