What is the difference between cellular data being used on my phone and cellular data being used on my notebook? Data is data.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    59
    arrow-down
    2
    ·
    9 months ago

    I’ve had great success getting around these restrictions.

    CalyxOS + Always on VPN (mullvad)

    The secret sauce is using a Android version that allows you to share your VPN with hotspotting. I believe only calyxos and lineage allow you to do this. Since the VPN client is running on the phone, all the traffic that originates from the phone will look like phone data, with the appropriate time to live, OS fingerprinting, etc.

    This can’t be done on stock Android, because it does not allow the VPN to be shared over tethering. So tethering traffic will not getting capsulated on the VPN client. There’s a security argument for this, but I prefer the user flexibility of allowing all the traffic to get VPNed.

    It’s still possible to do this without VPN sharing on the phone, you can use normal tethering on a unlocked phone, like stock Android. You just have to modify the traffic signature to look like whatever the carrier is looking for. Setting the appropriate time to live, using a VPN, and doing other OS fingerprinting tricks to keep the traffic consistent. It’s much easier to use a ROM that lets you share the VPN

    • brbposting@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      ·
      9 months ago

      Great tip.

      Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded or revalidated. In computer networking, TTL prevents a data packet from circulating indefinitely. In computing applications, TTL is commonly used to improve the performance and manage the caching of data.

      Hmm kinda makes sense

      • Laser@feddit.de
        link
        fedilink
        English
        arrow-up
        6
        ·
        9 months ago

        I had a provider before that blocked tethering and hotspot, the solution there was also to increase TTL on the clients connecting to the phone by 1. The phone would lower it by 1 again, making it look like data originated from there.

      • OmanMkII@aussie.zone
        link
        fedilink
        English
        arrow-up
        4
        ·
        9 months ago

        It’s possible to track the number of hops that a device on a network has, since TTL will be 8-bit numbers (and ususally start at 64, 128, etc.) if the TTL of a packet has 64 from the main device, the devices it’s sharing with will be 63 (and so on un the chain for N+1 hops). This may not be exactly how they do it since device fingerprinting would be way simpler, but it is a plausible way of tracking that a device is using a hotspot.