Ok T-Mobile as well as other isps have been known to log dns servers to see
what users access and is a big privacy concern, I would like to use OpenDns
but I have not been able to do so, any help would be appreciated, here is
what I have tried:
added this to init.rc:
setprop ro.kernel.android.ndns 2
setprop net.rmnet0.dns1 208.67.222.222
setprop net.rmnet0.dns2 208.67.220.220
setprop net.dns1.108 208.67.222.222 # random dns setting set???
setprop net.dns2.108 208.67.220.220 # wtf
setprop net.dns1 208.67.222.222
setprop net.dns2 208.67.220.220
and also ran in terminal, restarted interface and still wont use opendns,
verified at welcome.opendns.com that opendns isnt setup properly...
T-Mobile/Google have obviously made it hard to change dns settings for a reason and I would like to control this myself, as well as others should for privacy/security purposes, so lets figure this out
defcon
P.S. I know you can change DNS on wifi, through ipsettings with anycut, the mobile network dns settings seem to be set by dhcp and are static and we cant seem to change them within a gui, so we gotta figure out how to hack the dns settings on boot or when the interface connects to T-Mobile or your cell network...
Maybe you might want to reconsider:
http://forum.xda-developers.com/showthread.php?t=508149
If you're too lazy to read the entire thread, basically there is evidence someone has registered some t-mo gateway ips with their opendns account and is poisoning some of the resolves. Atleast one gateway seems to be blocking resolves of gmail.
Anyway, T-Mo can track your traffic without DNS, I assure you. Unless you are running some kind of end-to-end encryption like tor or a vpn tunnel, they can (and probably do) perform deep packet inspection.
the dns settings are automatically reset when your network status changes and this seems to happen extremely often, so there's basically no point in using setprop
yea obviously, so we need to find an alternative solution.
this one works
You're fooling yourself if you think using an alternate DNS server is buying you any increase in privacy. Everything you are viewing over GSM is going through a proxy server. If you really don't want T-Mobile to know where you're going, your choices are basically:
1. Only use Wifi for browsing
2. Set up some kind of encrypted tunnel (via VPN, SSH tunnel, etc.) and point your web browser to it.
3. Only visit HTTPS sites (in which case T-Mobile will know the IP address you're going to but not necessarily the website domain).
jashsu said:
they can (and probably do) perform deep packet inspection.
Click to expand...
Click to collapse
I can confirm they DO use deep packet inspection.
I've posted this over at the Rhodium Thread located here:
http://forum.xda-developers.com/showthread.php?t=731292
but haven't gotten a single response yet. Since this is a concern for more than one device I feel like I should post it here. Mods feel free to move this to the correct location if need be.
===================
So it seems to me that this is a problem on ALL Android devices that I have tested with. Here's the situation
I have a router in my house in which I have DHCP turned off so my device will grab an IP (Not Static) and DNS from the ISP. I need to find a way to be able to just change the DNS Settings to 208.67.222.222 and 208.67.220.220 on android without having to manually put in an IP since the IP will automatically get changed every few day's.
Android doesn't seem to let me do that. Does anyone know how? Going into the Advance Menu in the Wifi settings and changing the dns does not actually change anything... I noticed this on the following android devices as well: Moto Cliq, MyTouch 3g, old Kaiser running android on NAND, and my Rhodium Devices running android.
Any reason as to why Android isn't updating my DNS Settings? Any help would be appreciated.
starmena said:
I have a router in my house in which I have DHCP turned off so my device will grab an IP (Not Static) and DNS from the ISP. I need to find a way to be able to just change the DNS Settings to 208.67.222.222 and 208.67.220.220 on android without having to manually put in an IP since the IP will automatically get changed every few day's.
Click to expand...
Click to collapse
Ok so DHCP is assigning your network config, but you want to use different DNS servers than the DHCP allocated ones?
starmena said:
Android doesn't seem to let me do that. Does anyone know how? Going into the Advance Menu in the Wifi settings and changing the dns does not actually change anything... I noticed this on the following android devices as well: Moto Cliq, MyTouch 3g, old Kaiser running android on NAND, and my Rhodium Devices running android.
Click to expand...
Click to collapse
On my HTC Hero running an Android 2.1 ROM, unless "Static IP" is selected, I dont even get the option to change the DNS servers (option is greyed-out).
One way to manually change DNS is via shell if you have root access on your phone using ADB shell (or ssh, telnet etc if your ROM supports them), see this thread [Q] Help! Changing DNS settings .
Any network config tools on the app store?
-jc
starmena said:
I've posted this over at the Rhodium Thread located here:
http://forum.xda-developers.com/showthread.php?t=731292
but haven't gotten a single response yet. Since this is a concern for more than one device I feel like I should post it here. Mods feel free to move this to the correct location if need be.
===================
So it seems to me that this is a problem on ALL Android devices that I have tested with. Here's the situation
I have a router in my house in which I have DHCP turned off so my device will grab an IP (Not Static) and DNS from the ISP. I need to find a way to be able to just change the DNS Settings to 208.67.222.222 and 208.67.220.220 on android without having to manually put in an IP since the IP will automatically get changed every few day's.
Android doesn't seem to let me do that. Does anyone know how? Going into the Advance Menu in the Wifi settings and changing the dns does not actually change anything... I noticed this on the following android devices as well: Moto Cliq, MyTouch 3g, old Kaiser running android on NAND, and my Rhodium Devices running android.
Any reason as to why Android isn't updating my DNS Settings? Any help would be appreciated.
Click to expand...
Click to collapse
I'm confused by your question. If you have DHCP turned off your device's are not going to grab an IP address from your router. Why don't you turn on DHCP and let your router assign IP addresses. As doing so your devices will also use the DNS setting from the router which will be your ISP's DNS ip address. Unless you change your DNS settings in your router to one of the many public DNS servers available. My recommendation is turn DHCP to "ON" on your router. Maybe start your DHCP IP assignment at 192.168.1.100 and go up to 150. That way you can use the range from .2 to .99 for static IP's. This is how I configured my router but I'm also using DD-WRT firmware on my router which highly customizes the router. Alternately you can change your routers DNS ip setting to Open DNS server so there would be no need for you to change it on the phone if you are using WIFI. Just let your router do all that work for you. Hope this helps. Viva Santiago Rep Dom y NYC.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Tether TPROXY uses iptables tproxy rules to capture tethered traffic and route it through a local proxy. This allows you to tether through your phone's internet source, be it a VPN or whatever else. Should also bypass APN classification and TTL/HL DPI checks. It supports TCP and UDP for IPv4 and IPv6. It can not proxy raw packets like ICMP, you can disable "Prevent Leaking" if required for your setup.
Tether TPROXY should support all tethering operations(USB, Wifi Hotspot, Ethernet). It does not enable tethering, that needs to be done manually.
Options:
Prevent Leaking - Allow traffic to exit through tproxy exclusively. Drops traffic on the forward chain of the filter table.
DPI Circumvention - Passes traffic on ports 80 and 443 to tpws to skirt DPI. Gives you proper fast.com scores.
Enable Dnsmasq - Bypass the built-in services and use Dnsmasq to provide DHCP/DHCP6/SLAAC/DNS.
IPv4 Address* - Lets you pick your IPv4 address/prefix. Makes it possible to set static addresses on your devices.
IPv6 Prefix* - ULA makes devices prefer using IPv4, GUA makes devices prefer IPv6.
*Only takes effect when Dnsmasq is enabled
Notes:
-After disabling the service, you will need to restart any active tethers you have running
-You may need to set APN protocol to IPv6 or IPv4/IPv6 to enable IPv6 for your mobile network.
-Dnsmasq can be used to get IPv6 working, but it is not recommended if you want traffic to leak.
-When using Dnsmasq, clients connected before the service is started will need to reconnect to get new addresses/routes.
Requires a kernel built with CONFIG_NETFILTER_XT_TARGET_TPROXY
Dependencies:
hev-socks5-server - https://github.com/heiher/hev-socks5-server
hev-socks5-tproxy - https://github.com/heiher/hev-socks5-tproxy
tpws - https://github.com/bol-van/zapret
Dnsmasq - https://github.com/worstperson/dnsmasq
Source:
GitHub - worstperson/TetherTPROXY
Contribute to worstperson/TetherTPROXY development by creating an account on GitHub.
github.com
Download:
[How it works]
When the service is enabled, it applies iptables rules and starts any servers required. These rules do not depend on the interface so they apply to all tethered traffic with no additions. This alone is enough for IPv4 to work.
The service also listens to "android.net.conn.TETHER_STATE_CHANGED" which fires whenever tethering is enabled or disabled. The service waits 5 seconds and then checks for Android's Dnsmasq listening on port 53 to tell if tethering is active. That IP is checked against established routes to get the active tether interface. With that, we can find it's IPv6 address and add an exception to allow IPv6 to work. If Dnsmasq is enabled, we also set IPs and routes at this point.
To get Dnsmasq to work, we need to make it use alternative ports with the options "--port=5353" and "--dhcp-alternate-port=6767,68". Then 3 iptables are used to make clients use them. One takes DHCP broadcasts and redirects them to port 6767, the second takes DNS requests and redirects them to port 5353, and the final rule blocks Router Advertisement packets from non-root processes.
(reserved)
Is this tested on Android 12.1? I enable the service, and the app shows Kernal TPROXY Support = PASS as well as having DPI Circumvention enabled selected.
I turn on my hotspot after enabling the service and I am still getting throttled to ~.5 mpbs. Are there any additional steps I missed or should try?
I'm using a Pixel 5A 5G on T-mobile with March update.
kkuhle said:
I turn on my hotspot after enabling the service and I am still getting throttled to ~.5 mpbs. Are there any additional steps I missed or should try?
Click to expand...
Click to collapse
Thanks for reporting!
Since you have "Prevent Leaking" enabled in your picture and the client(s) you have tested are able to access the internet after the service is started, I can know for sure that everything has loaded up correctly and tethered traffic is being successfully routed through the hex-socks5 and tpws proxies. I thought maybe tpws was exposing the TTL/HL of your traffic, but that is not the case, both hex-socks5 and tpws recreate packets with the TTL of the host(64).
I'm afraid I don't have a solution for you if the above information is correct/complete, it really should be working.
Just an added note, DPI Circumvention is mostly just for video, to access higher resolutions on services like Youtube or Netflix.
I tested this on Android 11, and it generally worked pretty flawlessly. I tried going back to Android 12 and seemed that it was working (speeds were not being capped). However, it seems to generally sooner than later start causing data connection to stop working altogether so hotspot clients of course aren't able to get an internet connection either.
kkuhle said:
I tested this on Android 11, and it generally worked pretty flawlessly. I tried going back to Android 12 and seemed that it was working (speeds were not being capped). However, it seems to generally sooner than later start causing data connection to stop working altogether so hotspot clients of course aren't able to get an internet connection either.
Click to expand...
Click to collapse
Thank you for the report! My devices are all A11 atm, I'll flash a GSI to one of them to see if I can reproduce. I'll also try to post a new version soon as this initial release is very rough.
fddm said:
Thank you for the report! My devices are all A11 atm, I'll flash a GSI to one of them to see if I can reproduce. I'll also try to post a new version soon as this initial release is very rough.
Click to expand...
Click to collapse
Welcome! I wanted to add that I started trying to use USB tethering hotspot yesterday instead of wifi hotspot. With usb tethering, my connection seemed to be rock solid (still A12) for a few hours as I used it. I had a couple additional devices that I just extended my hotspot on from my laptop settings. I only selected "Enable Service" in Tether TPROXY this time. Here is my usage from yesterday.
Total data over 15G and only 2.5 being recognized as Hotspot. There were some times where I disabled the service as it was causing me issues with the wifi hotspot (before I figured out the USB tethering was working nicely), so it may all be from that. I also didn't enable "Prevent Leaking" so I'll have to mess around with that next time I need it and see how/if usage changes.
I haven't been able to find anything else for Android 12 that has done what it claims when I was searching a couple weeks ago. Thanks a ton for this!
I spoke too soon. I can't get this to work anymore. It generally seems to cause my mobile network to stop working. I am over my mobile hotspot cap, so maybe that has someting to do with it.
I know it’s a dumb question. But I rooted my phone with only READ access to system files since I still can’t figure out how to do that. I wonder if it’s possible for me to use this app with just root?
shield616_666 said:
I know it’s a dumb question. But I rooted my phone with only READ access to system files since I still can’t figure out how to do that. I wonder if it’s possible for me to use this app with just root?
Click to expand...
Click to collapse
Only root is required, you do not need system r/w. This app is in an still in an early alpha state though.
fddm said:
View attachment 5572677
Tether TPROXY uses iptables tproxy rules to capture tethered traffic and route it through a local proxy. This allows you to tether through your phone's internet source, be it a VPN or whatever else. Should also bypass APN classification and TTL/HL DPI checks. It supports TCP and UDP for IPv4 and IPv6. It can not proxy raw packets like ICMP, you can disable "Prevent Leaking" if required for your setup.
Tether TPROXY should support all tethering operations(USB, Wifi Hotspot, Ethernet). It does not enable tethering, that needs to be done manually.
Options:
Prevent Leaking - Allow traffic to exit through tproxy exclusively. Drops traffic on the forward chain of the filter table.
DPI Circumvention - Passes traffic on ports 80 and 443 to tpws to skirt DPI. Gives you proper fast.com scores.
Enable Dnsmasq - Bypass the built-in services and use Dnsmasq to provide DHCP/DHCP6/SLAAC/DNS.
IPv4 Address* - Lets you pick your IPv4 address/prefix. Makes it possible to set static addresses on your devices.
IPv6 Prefix* - ULA makes devices prefer using IPv4, GUA makes devices prefer IPv6.
*Only takes effect when Dnsmasq is enabled
Notes:
-After disabling the service, you will need to restart any active tethers you have running
-You may need to set APN protocol to IPv6 or IPv4/IPv6 to enable IPv6 for your mobile network.
-Dnsmasq can be used to get IPv6 working, but it is not recommended if you want traffic to leak.
-When using Dnsmasq, clients connected before the service is started will need to reconnect to get new addresses/routes.
Requires a kernel built with CONFIG_NETFILTER_XT_TARGET_TPROXY
Dependencies:
hev-socks5-server - https://github.com/heiher/hev-socks5-server
hev-socks5-tproxy - https://github.com/heiher/hev-socks5-tproxy
tpws - https://github.com/bol-van/zapret
Dnsmasq - https://github.com/worstperson/dnsmasq
Source:
GitHub - worstperson/TetherTPROXY
Contribute to worstperson/TetherTPROXY development by creating an account on GitHub.
github.com
Download:
Click to expand...
Click to collapse
Thank you for this. Works like a charm to bypass a T-Mobile hotspot throttle. Awesome job, thank you
Something weird happens with this app, don't know if it supposed to happen like that but when this app is enable on my pixel 7 pro I'm able to share my hotspot with no problem but my current device gets no data at all, I don't know how to explain it, i might do a vid to show this to you
J0nhy said:
Something weird happens with this app, don't know if it supposed to happen like that but when this app is enable on my pixel 7 pro I'm able to share my hotspot with no problem but my current device gets no data at all, I don't know how to explain it, i might do a vid to show this to you
Click to expand...
Click to collapse
That is very weird and unintended. I suppose your running Android 13, so I'll need to get a test device set up so I can reproduce. Thanks for reporting!
Bro is this project dead? Btw it works fine on TMobile, but can't get it to work on Verizon
J0nhy said:
Bro is this project dead? Btw it works fine on TMobile, but can't get it to work on Verizon
Click to expand...
Click to collapse
Mind sharing more information? Are these the same device, stock or custom firmware? If it's carrier software/modifications flagging traffic, I can add some code automatically add 'dun' to your APN type and it should work around it.
fddm said:
Mind sharing more information? Are these the same device, stock or custom firmware? If it's carrier software/modifications flagging traffic, I can add some code automatically add 'dun' to your APN type and it should work around it.
Click to expand...
Click to collapse
Yep same device both on esim 5g, custom firmware "paranoid android" on pixel 7 pro, but i have tested on stock firmware and it's the same, I'm able to hotspot using "hotspot vpn" but traffic needs to go thru a VPN
J0nhy said:
Yep same device both on esim 5g, custom firmware "paranoid android" on pixel 7 pro, but i have tested on stock firmware and it's the same, I'm able to hotspot using "hotspot vpn" but traffic needs to go thru a VPN
Click to expand...
Click to collapse
Is this a dual esim setup? Mind sharing the output of this command from adb or a terminal app so I can be sure the patch updates the correct APN?
Code:
su
content query --uri content://telephony/carriers/preferapn
The fix will look something like this, but I don't have a device with multiple SIMs, so it only touches the first APN returned currently.
Java:
static void setDunApn() {
Log.w("TetherTPROXY", "Checking APN type for dun");
// get current id and apn type
Shell.Result command = Shell.cmd("content query --uri content://telephony/carriers/preferapn --projection _id:type | awk -F '[=,]' '{print $2,$4}'").exec();
if ( command.isSuccess() ) {
String[] parts = command.getOut().get(0).split(" ");
if ( parts.length == 2 && !parts[1].contains("dun")) {
Log.w("TetherTPROXY", "Setting APN type for dun");
// update type field with dun
Shell.cmd("content update --uri content://telephony/carriers --where \"_id=" + parts[0] + "\" --bind type:s:" + parts[1] + ",dun --bind edited:i:0").exec().getOut();
// restart data
Shell.cmd("svc data disable").exec().getOut();
Shell.cmd("svc data enable").exec().getOut();
}
}
}
Thanks for developing this app. I will have to try it even though I already have a couple of free working tethering solutions. It never hurts to have another tool for the toolshed given how things change with carriers. I take it that your app basically "proxifies/socksifies" traffic on the phone's tether interfaces to a local SOCKS5 proxy service/app on the phone.
By the way too many acronyms above. "DPI" is "deep packet inspection" for anyone else who wondered. I understand why you abbreviated it in the UI due to the length, but not in the description.
For IPv6 "GUA" is global unicast addresses (Internet routable) and "ULA" is unique local addresses (private IP addresses). I am not sure why you would want to choose a ULA in this situation since the goal is Internet access. Are the IP addresses on that configuration screen in the screenshot above the local addresses for the SOCKS5 proxy? If so, would using a ULA address for its IPv6 address mean that the clients would also need ULA addresses to access it? If so, how would the clients get those addresses? Self-generate them or does that setting set dnsmasq to issue ULA IPv6's to the tethered clients? Since (if?) you are using a SOCKS5 proxy to send the Internet traffic I am not sure why you say above that using "ULA" for IPv6 will prefer IPv4 when the IPv4 address is also a private one. Why favor private IPv4 over private IPv6?
fddm said:
Is this a dual esim setup? Mind sharing the output of this command from adb or a terminal app so I can be sure the patch updates the correct APN?
Code:
su
content query --uri content://telephony/carriers/preferapn
The fix will look something like this, but I don't have a device with multiple SIMs, so it only touches the first APN returned currently.
Java:
static void setDunApn() {
Log.w("TetherTPROXY", "Checking APN type for dun");
// get current id and apn type
Shell.Result command = Shell.cmd("content query --uri content://telephony/carriers/preferapn --projection _id:type | awk -F '[=,]' '{print $2,$4}'").exec();
if ( command.isSuccess() ) {
String[] parts = command.getOut().get(0).split(" ");
if ( parts.length == 2 && !parts[1].contains("dun")) {
Log.w("TetherTPROXY", "Setting APN type for dun");
// update type field with dun
Shell.cmd("content update --uri content://telephony/carriers --where \"_id=" + parts[0] + "\" --bind type:s:" + parts[1] + ",dun --bind edited:i:0").exec().getOut();
// restart data
Shell.cmd("svc data disable").exec().getOut();
Shell.cmd("svc data enable").exec().getOut();
}
}
}
Click to expand...
Click to collapse
The outcome for that command is:
i content://telephony/carriers/preferapn <
Row: 0 _id=1229, name=Verizon, numeric=311480, mcc=311, mnc=480, carrier_id=-1, apn=VZWINTERNET, user=, server=, password=, proxy=, port=, mmsproxy=, mmsport=, mmsc=, authtype=-1, type=default,dun,supl, current=1, protocol=IPV4V6, roaming_protocol=IP, carrier_enabled=1, bearer=0, bearer_bitmask=0, network_type_bitmask=0, lingering_network_type_bitmask=0, mvno_type=, mvno_match_data=, sub_id=-1, profile_id=0, modem_cognitive=1, max_conns=0, wait_time=0, max_conns_time=0, mtu=0, mtu_v4=0, mtu_v6=0, edited=0, user_visible=1, user_editable=1, owned_by=1, apn_set_id=0, skip_464xlat=-1, always_on=0
Can anyone change the DNS of the WiFi on android 12 (31.0810.1226.91)?
I use static IP to change the DNS of a particular WiFi.
However, it keeps append the google DNS (8.8.8.8) no matter what i do.
FYI, i am using pihole, so it just keeps bypassing my pihole and direct all traffics to 8.8.8.8.
Is this a bug or just i missed some settings?
I have tried the following:
1. factory reset
2. reset wifi, mobile data settings
3. turn off private DNS settings.
and none of the above mentioned works...
Any help is appreciated. Thanks!
Hello, I was able to change the DNS without problem. Open Settings, networks and internet, and then Private DNS, select the "Private DNS Provider Hostname"
gecov said:
Hello, I was able to change the DNS without problem. Open Settings, networks and internet, and then Private DNS, select the "Private DNS Provider Hostname"
Click to expand...
Click to collapse
But I am using pihole which is just an IP address and no hostname. So I can't use that setting
Put ip adres as hostname in correct format
Gojira-r32 said:
Put ip adres as hostname in correct format
Click to expand...
Click to collapse
I tried that and it doesnt allow me to save the settings...
If you have rooted, add a custom hosts entry with a name that points to your pihole router and then try. Can do that with AdAway.