chizi-0618 / box4magisk Goto Github PK
View Code? Open in Web Editor NEWUse sing-box, clash, v2ray, xray tunnel proxy on Android devices.
License: GNU General Public License v3.0
Use sing-box, clash, v2ray, xray tunnel proxy on Android devices.
License: GNU General Public License v3.0
su -c /data/adb/box4/scripts/box.service start
启动 box4su -c /data/adb/box4/scripts/box.tproxy enable
expr: Unexpected end of input
在包名不存在时,awk '{if($1=="'${package}'"){print $2}}' /data/system/packages.list
输出为空
导致 expr ${user} \* "100000" + $(awk '{if($1=="'${package}'"){print $2}}' /data/system/packages.list)
被解析为 expr ${user} \* "100000" +
建议使用变量保存 awk '{if($1=="'${package}'"){print $2}}' /data/system/packages.list
的结果,判断是否为空,为空则不执行 expr
每次开机都要输一遍/data/adb/box/scripts/box.tproxy disable,怎么彻底禁用tproxy。
将box.config文件内的ipv6="disable"改为ipv6="enable"后fake-ip失效 下面是我的配置文件
mixed-port: 7890
redir-port: 7891
tproxy-port: 1536
allow-lan: false
mode: rule
geodata-mode: true
unified-delay: true
log-level: error
ipv6: true
external-controller: 127.0.0.1:9090
external-ui: ui
secret: ""
enable-process: true
find-process-mode: strict
#tcp-concurrent: true
global-client-fingerprint: chrome
geox-url:
geoip: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.dat"
geosite: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
mmdb: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/country.mmdb"
profile:
store-selected: true
store-fake-ip: true
sniffer:
enable: false
sniff:
TLS:
ports: [443, 8443]
HTTP:
ports: [80, 8080-8880]
override-destination: true
tun:
enable: false
device: tun3
stack: system
inet6-address:
dns-hijack:
- 'any:53'
auto-route: true
auto-detect-interface: true
dns:
enable: true
enhanced-mode: fake-ip
fake-ip-range: 198.19.0.1/16
listen: 0.0.0.0:53
nameserver:
- 223.5.5.5
- 8.8.8.8
- 114.114.114.114
ipv6: true
#!/system/bin/sh
bin_name="clash"
redir_port="7891"
tproxy_port="1536"
clash_dns_port="53"
clash_dns_listen="0.0.0.0:${clash_dns_port}"
clash_fake_ip_range="198.19.0.1/16"
tun_device="tun0"
box_user_group="root:net_admin"
# If you want to change the user or group, you must make the Box core in the /system/bin directory, otherwise the changes will not take effect.
# If you are using Magisk, you can copy the Box core files (sing-box, clash, etc.) to /data/adb/modules/bin_files/system/bin/ and reboot the phone
bin_name_list=("sing-box" "clash" "xray" "v2ray")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"
intranet=(0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.18.0.1/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)
ipv6="enable" # enable / disable
proxy_method="TPROXY"
# REDIRECT: TCP only / TPROXY: TCP + UDP / MIXED: REDIRECT TCP + TUN UDP
proxy_mode="blacklist"
# blacklist / whitelist / core
user_packages_list=("0:com.jingdong.app.mall" "0:com.sonelli.juicessh")
# Android User:Package Name, For example:
# user_packages_list=("0:com.android.captiveportallogin" "10:com.tencent.mm")
gid_list=()
# The gid in the list will be bypassed or proxied according to the proxy_mode configuration, and the gid can be arbitrarily specified by the busybox setuidgid command
ap_list=("wlan+" "ap+" "rndis+")
ignore_out_list=()
准确的说就是使用box4magisk的透明代理作为其他VPN应用的前置代理,组成代理链。我使用clash meta核心,将VPN应用(Adguard VPN和NekoBox)加入TPROXY白名单进行实验,流量会回环。
以下是我的部分配置文件:
scripts/box.config
#!/system/bin/sh
bin_name="clash"
redir_port="7891"
tproxy_port="1536"
clash_dns_port="1053"
clash_dns_listen="0.0.0.0:${clash_dns_port}"
clash_fake_ip_range="28.0.0.1/8"
tun_device="tun0"
box_user_group="root:net_admin"
# If you want to change the user or group, you must make the Box core in the /system/bin directory, otherwise the changes will not take effect.
# If you are using Magisk, you can copy the Box core files (sing-box, clash, etc.) to /data/adb/modules/bin_files/system/bin/ and reboot the phone
bin_name_list=("sing-box" "clash" "xray" "v2ray")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"
intranet=(0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)
ipv6="disable"
proxy_method="TPROXY"
# REDIRECT: TCP only / TPROXY: TCP + UDP / MIXED: REDIRECT TCP + TUN UDP
proxy_mode="whitelist"
# blacklist / whitelist / core
user_packages_list=("0:com.android.proxyhandler" "0:com.android.vpndialogs" "0:android" "0:com.adguard.vpn")
clash/config.yaml
mixed-port: 7890
redir-port: 7891
tproxy-port: 1536
allow-lan: false
mode: rule
geodata-mode: true
unified-delay: true
log-level: warning
ipv6: true
external-controller: 127.0.0.1:9999
external-ui: /storage/emulated/0/MT2/Yacd-meta-gh-pages/
secret: "masaka"
enable-process: true
find-process-mode: strict
#tcp-concurrent: true
global-client-fingerprint: chrome
geox-url:
geoip: "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@releases/download/latest/geoip.dat"
geosite: "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@releases/download/latest/geosite.dat"
mmdb: "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@releases/download/latest/country.mmdb"
profile:
store-selected: true
store-fake-ip: false
sniffer:
enable: true
sniff:
TLS:
ports: [443, 8443]
HTTP:
ports: [80, 8080-8880]
override-destination: true
tun:
enable: true
device: tun0
stack: system
dns-hijack:
- 'any:53'
auto-route: false # 如使用box4ksu的应用黑白名单,须关闭
auto-detect-interface: true
mtu: 9000
strict_route: false # 如使用box4ksu的应用黑白名单,须关闭
dns:
enable: true
listen: 0.0.0.0:1053
ipv6: false
enhanced-mode: redir-host # 如使用box4ksu的应用黑名单,须禁用fake-ip
default-nameserver:
- 'https://223.5.5.5/dns-query'
nameserver:
- 'https://1.1.1.1/dns-query#dns'
proxy-server-nameserver:
- 'https://1.12.12.12/dns-query'
nameserver-policy:
"geosite:cn,private":
- 'https://doh.pub/dns-query'
- 'https://dns.alidns.com/dns-query'
第一次看到开个代理能把 SOC 烧毁的,为啥要点名 SOC 被烧毁的风险啊
请问box4模块里面clash/v2ray/xray等的配置文件服务器地址使用域名解析ipv6地址失败,连接不上服务器地址怎么办
box/clash/config.yaml
- {name: 香港, <<: *u,filter: "(?i)港|hk|hongkong|kong kong"}
kong kong
-> hong kong
今天设置手机的时候发现香港组没有得到预期的结果,看了半天发现有个 typo 🥹
我看了下代码,发现没有指定geoip.dat和geosite.dat的目录,在不改代码的情况下,只能放到/data/adb/box/bin目录下吗
[ 白名单无效 ]
# blacklist / whitelist / core
proxy_mode="whitelist"
# Android User:Package Name, For example:
user_packages_list=("0:com.android.chrome" "0:com.google.android.youtube" )
已执行 box.tproxy renew
, 也尝试过重启,居然只有 youtube
可以使用,另外 0:com.google.android.youtube
不管放在 哪个位置都可以.
黑名单模式是正常的,可以正确排除不需要的项目
RT
使用box4magisk默认配置以clash进行连接时,无论是使用blacklist、whitelist还是core,Adguard都无法正常使用。因为启动了box4magisk后,box4magisk与Adguard存在冲突,Adguard既无法使用“VPN模式”(提示设备不支持VPN)也无法使用“本地http代理模式”(流量实际并不经过Adguard)。
请问box4magisk能否仅监听某个端口(如:7891),而不全局代理手机所有流量、不与VPN产生冲突,设备内的app自行按需选择代理?
可以弄一种通过包名排除代理的吗?或者给后台加一个能手动选择排除代理的应用列表...
执行脚本 #!/bin/sh 的这个设定在安卓9及以前版本似乎存在问题。
我测试了很多安卓9及以前的版本,几乎都没有软链接/system/bin/sh至/bin/sh
在安卓9及以前的版本只能手动软链接/system/bin/sh至/bin/sh之后脚本才能够正常启动
但是这个问题在安卓10开始并不存在,因为安卓10开始系统会完成以上软链接
请求将脚本内#!/bin/sh改为#!/system/bin/sh以兼容更多版本
box.config 内容
#!/system/bin/sh
bin_name="sing-box"
redir_port="7891"
tproxy_port="1536"
clash_dns_port="1053"
clash_dns_listen="0.0.0.0:${clash_dns_port}"
clash_fake_ip_range="28.0.0.1/8"
tun_device="tun0"
box_user_group="root:net_admin"
bin_name_list=("sing-box" "clash" "xray" "v2ray")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"
intranet=(0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)
ipv6="disable"
proxy_method="TPROXY"
proxy_mode="blacklist"
user_packages_list=()
gid_list=()
ap_list=("wlan+" "ap+" "rndis+")
ignore_out_list=()
不知道哪里错误,什么都没敢修改,只修改了运行核心bin_name="sing-box"运行就会报错:
/data/adb/box/scripts/box.tproxy[559]: can't create /proc/sys/net/ipv6/conf/wlan0/accept_ra: No such file or directory
proxy_mode="blacklist"修改为proxy_mode="core"就没问题了但仍然打不开管理面板。手机U是联发科的。
sing-box 配置
{
"log": {
"disabled": false,
"level": "warn",
"output": "box.log",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "tls://8.8.8.8",
"detour": "Proxy"
},
{
"tag": "dnspod",
"address": "https://223.5.5.5/dns-query",
"detour": "direct"
},
{
"tag": "fakedns",
"address": "fakeip"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"outbound": "any",
"server": "dnspod"
// "disable_cache": true
},
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
},
{
"domain_keyword": [
"ntp",
"time"
],
"domain_regex": [
"(^|\\.)(alt[1-8]-mtalk|mtalk|mtalk4)\\.google\\.com$"
],
"geosite": [
"cn",
"apple@cn",
"category-games@cn",
"private"
],
"server": "dnspod"
},
{
"query_type": [
"A",
"AAAA"
],
"server": "fakedns"
}
],
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
},
"strategy": "prefer_ipv4",
// "strategy": "ipv4_only"
"independent_cache": true
},
"inbounds": [
// {
// "type": "mixed",
// "tag": "mixed-in",
// "listen": "::",
// "listen_port": 1080,
// "sniff": true
// "domain_strategy": "prefer_ipv4" // remove this line if you want to resolve the domain remotely (if the server is not sing-box, UDP may not work due to wrong behavior).
// "set_system_proxy": false
// },
{
"type": "tun",
"tag": "tun-in",
"interface_name": "tun3",
"inet4_address": "172.19.0.1/30",
// "inet6_address": "fdfe:dcba:9876::1/126",
"stack": "system",
"auto_route": true,
"strict_route": true,
"sniff": true,
"platform": {
"http_proxy": {
"enabled": true,
"server": "127.0.0.1",
"server_port": 1080
}
}
}
// {
// "type": "tproxy",
// "tag": "tproxy-in",
// "listen": "::",
// "listen_port": 1536,
// "sniff": true
// }
],
// proviedrs 需要使用 https://github.com/qjebbs/sing-box
//
"providers": [
{
"tag": "国际",
"url": "https://xxx",
"interval": "24h",
"cache_file": "provider1.txt",
"download_detour": "direct"
}
// {
// "tag": "provider2",
// "url": "base64 订阅链接2",
// "interval": "18h",
// "cache_file": "provider2.txt",
// "download_detour": "direct",
//
// "exclude": "官网|剩余|到期|流量"
// },
// {
// "tag": "provider3",
// "url": "base64 订阅链接3",
// "interval": "12h",
// "cache_file": "provider3.txt",
// "download_detour": "direct",
//
// "include": "IEPL|专线"
// }
],
"outbounds": [
{
"type": "direct",
"tag": "direct",
"domain_strategy": "prefer_ipv4"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
},
{
"type": "selector",
"tag": "Proxy",
"providers": [
"国际"
// "provider2",
// "provider3"
],
"outbounds": [
"direct"
]
},
{
"type": "selector",
"tag": "Domestic",
"providers": [
"国际"
// "provider2",
// "provider3"
],
"outbounds": [
"direct"
]
}
],
"route": {
"rules": [
{
"port": 53,
"outbound": "dns-out"
},
{
"port": [
123
],
"port_range": [
"5228:5230"
],
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
},
{
"geosite": [
"apple@cn",
"category-games@cn",
"private"
],
"outbound": "direct"
},
{
"geosite": [
"geolocation-!cn",
"microsoft",
"apple",
"google"
],
"outbound": "direct"
},
{
"geosite": [
"cn"
],
"outbound": "direct"
},
{
"geoip": [
"cn",
"private"
],
"outbound": "direct"
}
],
// "auto_detect_interface": true,
"find_process": true,
"final": "Proxy"
},
"experimental": {
"clash_api": {
"external_controller": "0.0.0.0:9999",
"secret": "singbox",
"external_ui": "dashboard",
"store_selected": true,
"store_fakeip": true
},
"debug": {
"listen": "0.0.0.0:8964"
}
}
}
blacklist模式下设置绕过termux,但是由termux创建的进程,比如AdGuardHome、MOSDNS,还是进入代理,请问有办法可以绕过这些进程吗?
使用 clash.meta 1.14.1 core
无法连接网络,log中所有连接均报错如下
time="2023-02-11T06:45:58Z" level=warning msg="[TCP] dial PROXY (match RuleSet/proxy) x.x.x.x:58272 --> duckduckgo.com:443 error: csunicom.nodenet.cloud:28881 connect error: all DNS requests failed, first error: dial tcp4 94.140.15.15:53: no such device"
config.yaml
tproxy-port: 1536
allow-lan: true
mode: rule
log-level: debug
ipv6: false
external-controller: 127.0.0.1:9999
external-ui: Dashboard
geodata-mode: true
profile:
store-selected: true
store-fake-ip: false
tun:
enable: false
stack: system # or gvisor
dns-hijack:
- 'any:53'
auto-route: true
auto-detect-interface: true
hosts:
'+.clash.meta': 127.0.0.1
dns:
enable: true
ipv6: false
listen: 0.0.0.0:1053
enhanced-mode: fake-ip
fake-ip-filter: ['connect.rom.miui.com', '+.gstatic.com', '*', '+.lan', '+.stun.*.*', '+.stun.*.*.*', '+.stun.*.*.*.*', '+.stun.*.*.*.*.*', 'lens.l.google.com', '*.mcdn.bilivideo.cn']
fake-ip-range: 198.18.0.1/16
default-nameserver:
- 114.114.114.114
- 8.8.8.8
- 'https://223.5.5.5/dns-query'
- 'https://1.12.12.12/dns-query'
nameserver:
- 114.114.114.114
- 8.8.8.8
- 'https://223.5.5.5/dns-query' # alidns
- 'https://1.12.12.12/dns-query' # dns.pub
fallback:
- 'tcp://185.222.222.222#Proxy' # dns.sb
- 'tcp://94.140.15.15#Proxy' # adguard
- 'tcp://8.8.4.4#Proxy' # google
fallback-filter:
geoip: false
geoip-code: CN
geosite:
- '!CN'
# - GFW
# - GREATFIRE
# domain:
# - '+.gstatic.com'
box.config
#!/system/bin/sh
bin_name="clash"
tproxy_port="1536"
clash_dns_port="1053"
clash_dns_listen="0.0.0.0:1053"
clash_fake_ip_range="198.18.0.1/16"
box_user_group="root:net_admin"
# If you want to change the user or group, you must make the Box core in the /system/bin directory, otherwise the changes will not take effect.
# If you are using Magisk, you can copy the Box core files (sing-box, clash, etc.) to /data/adb/modules/bin_files/system/bin/ and reboot the phone
bin_name_list=("sing-box" "clash" "xray" "v2ray")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"
intranet=(0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)
ipv6="disable"
proxy_method="TPROXY"
# REDIRECT: TCP only / TPROXY: TCP + UDP / MIXED: REDIRECT TCP + TUN UDP
proxy_mode="blacklist"
# blacklist / whitelist / core
user_packages_list=()
# Android User:Package Name, For example:
# user_packages_list=("0:com.android.captiveportallogin" "10:com.tencent.mm")
ap_list=("wlan+" "ap+" "rndis+")
ignore_out_list=()
核心为clash meta,配置如下(已去除节点和规则)
代理方式为TProxy,系统为Android 13
使用流量时也正确检测到了rmnet_data3,但实际使用只有tg app走了代理,chrome甚至也没走代理,请问该如何解决?需要补充哪些信息?
模块开启后可正常透明代理,但 VoLTE 无法使用(无论 WiFi 或移动数据下)。
由于运营商默认使用 VoLTE,所以导致使用模块时,手机无法拨打/接听电话。
使用 box 的默认配置,仅修改了 bin_name。
使用的 xray 配置也大同小异,仅修改了一些路由和DNS分流规则。
日志中没看到异常,搜索网上也没发现相关资料。
目前尝试了以下方法,问题依然存在:
除此之外模块非常方便好用,如果能解决该问题的话不胜感谢。
不知道是不是有意为之, tproxy 启用时会将 IPv6 禁用。我只删去了此处并在 box.config 中取消相关注释便可使用 IPv6,没发现任何问题
使用clash内核时,能否有办法在core模式下放过adguard的uid?
目前的core模式在adguard使用vpn模式时,用socks5 或 http 代理入站的时候会出现本地回环,在adguard应用列表中排除root和Android系统均不起作用
Originally posted by @a1623382 in #3 (comment)
nohup: can't execute '/data/adb/ksu/bin/busybox': No such file or directory
设备:三星s20
系统:oneui5(安卓13)
核心:sing-box
问题:想通过以太网共享(连接路由器)共享网络,尝试在aplist中添加eth+(以太网共享的网卡),但是不起作用,路由器的网络无法走代理仍为直连模式,热点,usb和本机网络可正常通过代理。
测试条件:pixel 4a Android 13 单用户, box4magisk 4.4
proxy_method="TPROXY"
proxy_mode="blacklist"
user_packages_list=("0:com.bilibili.app.in" "0:org.zwanoo.android.speedtest")
使用以上配置时,yacd面板中仍可看到bilibili和speedtest的流量被代理
RT,开启数据网络的情况下,重启设备,然后就无网络,必须再次开关数据网才有网络
box4(4.7)+xray(1.8.4)启动成功没网络,我的v2rayNG配置文件导入
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.