chizi-0618 / box4magisk Goto Github PK
View Code? Open in Web Editor NEWUse sing-box, clash, v2ray, xray tunnel proxy on Android devices.
License: GNU General Public License v3.0
Use sing-box, clash, v2ray, xray tunnel proxy on Android devices.
License: GNU General Public License v3.0
配置格式都正确,其他vmess节点都没问题,hysteria2节点无法连通,run日志也没有任何报错,试了下Surfing就可以连通,我看了我下载的mihomo内核和Surfing 6.8.4使用的clashmeta内核一样。不知道是哪里的问题,感觉可能是box.service配置导致的
由于需要下载手机刷机包,发现下载链接无法打开:
https://dl.google.com/dl/android/aosp/cheetah-ap2a.240605.024-factory-c6156301.zip
页面报错信息如下:
We're sorry...
... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
See Google Help for more information.
已尝试关闭wifi,直接使用移动网络,出现同样的报错。
mihomo核心,配置文件使用默认,仅增加了订阅链接。
测试条件:pixel 4a Android 13 单用户, box4magisk 4.4
proxy_method="TPROXY"
proxy_mode="blacklist"
user_packages_list=("0:com.bilibili.app.in" "0:org.zwanoo.android.speedtest")
使用以上配置时,yacd面板中仍可看到bilibili和speedtest的流量被代理
使用box4magisk默认配置以clash进行连接时,无论是使用blacklist、whitelist还是core,Adguard都无法正常使用。因为启动了box4magisk后,box4magisk与Adguard存在冲突,Adguard既无法使用“VPN模式”(提示设备不支持VPN)也无法使用“本地http代理模式”(流量实际并不经过Adguard)。
请问box4magisk能否仅监听某个端口(如:7891),而不全局代理手机所有流量、不与VPN产生冲突,设备内的app自行按需选择代理?
第一次看到开个代理能把 SOC 烧毁的,为啥要点名 SOC 被烧毁的风险啊
准确的说就是使用box4magisk的透明代理作为其他VPN应用的前置代理,组成代理链。我使用clash meta核心,将VPN应用(Adguard VPN和NekoBox)加入TPROXY白名单进行实验,流量会回环。
以下是我的部分配置文件:
scripts/box.config
#!/system/bin/sh
bin_name="clash"
redir_port="7891"
tproxy_port="1536"
clash_dns_port="1053"
clash_dns_listen="0.0.0.0:${clash_dns_port}"
clash_fake_ip_range="28.0.0.1/8"
tun_device="tun0"
box_user_group="root:net_admin"
# If you want to change the user or group, you must make the Box core in the /system/bin directory, otherwise the changes will not take effect.
# If you are using Magisk, you can copy the Box core files (sing-box, clash, etc.) to /data/adb/modules/bin_files/system/bin/ and reboot the phone
bin_name_list=("sing-box" "clash" "xray" "v2ray")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"
intranet=(0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)
ipv6="disable"
proxy_method="TPROXY"
# REDIRECT: TCP only / TPROXY: TCP + UDP / MIXED: REDIRECT TCP + TUN UDP
proxy_mode="whitelist"
# blacklist / whitelist / core
user_packages_list=("0:com.android.proxyhandler" "0:com.android.vpndialogs" "0:android" "0:com.adguard.vpn")
clash/config.yaml
mixed-port: 7890
redir-port: 7891
tproxy-port: 1536
allow-lan: false
mode: rule
geodata-mode: true
unified-delay: true
log-level: warning
ipv6: true
external-controller: 127.0.0.1:9999
external-ui: /storage/emulated/0/MT2/Yacd-meta-gh-pages/
secret: "masaka"
enable-process: true
find-process-mode: strict
#tcp-concurrent: true
global-client-fingerprint: chrome
geox-url:
geoip: "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@releases/download/latest/geoip.dat"
geosite: "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@releases/download/latest/geosite.dat"
mmdb: "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@releases/download/latest/country.mmdb"
profile:
store-selected: true
store-fake-ip: false
sniffer:
enable: true
sniff:
TLS:
ports: [443, 8443]
HTTP:
ports: [80, 8080-8880]
override-destination: true
tun:
enable: true
device: tun0
stack: system
dns-hijack:
- 'any:53'
auto-route: false # 如使用box4ksu的应用黑白名单,须关闭
auto-detect-interface: true
mtu: 9000
strict_route: false # 如使用box4ksu的应用黑白名单,须关闭
dns:
enable: true
listen: 0.0.0.0:1053
ipv6: false
enhanced-mode: redir-host # 如使用box4ksu的应用黑名单,须禁用fake-ip
default-nameserver:
- 'https://223.5.5.5/dns-query'
nameserver:
- 'https://1.1.1.1/dns-query#dns'
proxy-server-nameserver:
- 'https://1.12.12.12/dns-query'
nameserver-policy:
"geosite:cn,private":
- 'https://doh.pub/dns-query'
- 'https://dns.alidns.com/dns-query'
如若在/box/sing-box/config.json的dns规则中添加诸如“package_name”类的(https://sing-box.sagernet.org/zh/configuration/dns/rule/),而/data/adb/box/scripts/box.config中的(比如如“user_packages_list”)不做修改,那么实际效果是使用哪个?
box.config 内容
#!/system/bin/sh
bin_name="sing-box"
redir_port="7891"
tproxy_port="1536"
clash_dns_port="1053"
clash_dns_listen="0.0.0.0:${clash_dns_port}"
clash_fake_ip_range="28.0.0.1/8"
tun_device="tun0"
box_user_group="root:net_admin"
bin_name_list=("sing-box" "clash" "xray" "v2ray")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"
intranet=(0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)
ipv6="disable"
proxy_method="TPROXY"
proxy_mode="blacklist"
user_packages_list=()
gid_list=()
ap_list=("wlan+" "ap+" "rndis+")
ignore_out_list=()
不知道哪里错误,什么都没敢修改,只修改了运行核心bin_name="sing-box"运行就会报错:
/data/adb/box/scripts/box.tproxy[559]: can't create /proc/sys/net/ipv6/conf/wlan0/accept_ra: No such file or directory
proxy_mode="blacklist"修改为proxy_mode="core"就没问题了但仍然打不开管理面板。手机U是联发科的。
sing-box 配置
{
"log": {
"disabled": false,
"level": "warn",
"output": "box.log",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "tls://8.8.8.8",
"detour": "Proxy"
},
{
"tag": "dnspod",
"address": "https://223.5.5.5/dns-query",
"detour": "direct"
},
{
"tag": "fakedns",
"address": "fakeip"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"outbound": "any",
"server": "dnspod"
// "disable_cache": true
},
{
"geosite": "category-ads-all",
"server": "block",
"disable_cache": true
},
{
"domain_keyword": [
"ntp",
"time"
],
"domain_regex": [
"(^|\\.)(alt[1-8]-mtalk|mtalk|mtalk4)\\.google\\.com$"
],
"geosite": [
"cn",
"apple@cn",
"category-games@cn",
"private"
],
"server": "dnspod"
},
{
"query_type": [
"A",
"AAAA"
],
"server": "fakedns"
}
],
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
},
"strategy": "prefer_ipv4",
// "strategy": "ipv4_only"
"independent_cache": true
},
"inbounds": [
// {
// "type": "mixed",
// "tag": "mixed-in",
// "listen": "::",
// "listen_port": 1080,
// "sniff": true
// "domain_strategy": "prefer_ipv4" // remove this line if you want to resolve the domain remotely (if the server is not sing-box, UDP may not work due to wrong behavior).
// "set_system_proxy": false
// },
{
"type": "tun",
"tag": "tun-in",
"interface_name": "tun3",
"inet4_address": "172.19.0.1/30",
// "inet6_address": "fdfe:dcba:9876::1/126",
"stack": "system",
"auto_route": true,
"strict_route": true,
"sniff": true,
"platform": {
"http_proxy": {
"enabled": true,
"server": "127.0.0.1",
"server_port": 1080
}
}
}
// {
// "type": "tproxy",
// "tag": "tproxy-in",
// "listen": "::",
// "listen_port": 1536,
// "sniff": true
// }
],
// proviedrs 需要使用 https://github.com/qjebbs/sing-box
//
"providers": [
{
"tag": "国际",
"url": "https://xxx",
"interval": "24h",
"cache_file": "provider1.txt",
"download_detour": "direct"
}
// {
// "tag": "provider2",
// "url": "base64 订阅链接2",
// "interval": "18h",
// "cache_file": "provider2.txt",
// "download_detour": "direct",
//
// "exclude": "官网|剩余|到期|流量"
// },
// {
// "tag": "provider3",
// "url": "base64 订阅链接3",
// "interval": "12h",
// "cache_file": "provider3.txt",
// "download_detour": "direct",
//
// "include": "IEPL|专线"
// }
],
"outbounds": [
{
"type": "direct",
"tag": "direct",
"domain_strategy": "prefer_ipv4"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
},
{
"type": "selector",
"tag": "Proxy",
"providers": [
"国际"
// "provider2",
// "provider3"
],
"outbounds": [
"direct"
]
},
{
"type": "selector",
"tag": "Domestic",
"providers": [
"国际"
// "provider2",
// "provider3"
],
"outbounds": [
"direct"
]
}
],
"route": {
"rules": [
{
"port": 53,
"outbound": "dns-out"
},
{
"port": [
123
],
"port_range": [
"5228:5230"
],
"outbound": "direct"
},
{
"geosite": "category-ads-all",
"outbound": "block"
},
{
"geosite": [
"apple@cn",
"category-games@cn",
"private"
],
"outbound": "direct"
},
{
"geosite": [
"geolocation-!cn",
"microsoft",
"apple",
"google"
],
"outbound": "direct"
},
{
"geosite": [
"cn"
],
"outbound": "direct"
},
{
"geoip": [
"cn",
"private"
],
"outbound": "direct"
}
],
// "auto_detect_interface": true,
"find_process": true,
"final": "Proxy"
},
"experimental": {
"clash_api": {
"external_controller": "0.0.0.0:9999",
"secret": "singbox",
"external_ui": "dashboard",
"store_selected": true,
"store_fakeip": true
},
"debug": {
"listen": "0.0.0.0:8964"
}
}
}
su -c /data/adb/box4/scripts/box.service start
启动 box4su -c /data/adb/box4/scripts/box.tproxy enable
expr: Unexpected end of input
在包名不存在时,awk '{if($1=="'${package}'"){print $2}}' /data/system/packages.list
输出为空
导致 expr ${user} \* "100000" + $(awk '{if($1=="'${package}'"){print $2}}' /data/system/packages.list)
被解析为 expr ${user} \* "100000" +
建议使用变量保存 awk '{if($1=="'${package}'"){print $2}}' /data/system/packages.list
的结果,判断是否为空,为空则不执行 expr
hysteria的配置文件应该没有问题,是从官版hysteria的配置文件中复制过来的,用官版可以正常运行
box4magisk模块启动之后,也可以成功连接上hysteria核心的socks端口
box4magisk配置为tproxy,白名单模式,通过代理的浏览器访问谷歌油管均失败,log显示dial timeout
切换成Redirect也是相同的结果
在config.yaml里开启ipv6不起作用
box4(4.7)+xray(1.8.4)启动成功没网络,我的v2rayNG配置文件导入
box/clash/config.yaml
- {name: 香港, <<: *u,filter: "(?i)港|hk|hongkong|kong kong"}
kong kong
-> hong kong
今天设置手机的时候发现香港组没有得到预期的结果,看了半天发现有个 typo 🥹
我看了下代码,发现没有指定geoip.dat和geosite.dat的目录,在不改代码的情况下,只能放到/data/adb/box/bin目录下吗
设备:三星s20
系统:oneui5(安卓13)
核心:sing-box
问题:想通过以太网共享(连接路由器)共享网络,尝试在aplist中添加eth+(以太网共享的网卡),但是不起作用,路由器的网络无法走代理仍为直连模式,热点,usb和本机网络可正常通过代理。
nohup: can't execute '/data/adb/ksu/bin/busybox': No such file or directory
将box.config文件内的ipv6="disable"改为ipv6="enable"后fake-ip失效 下面是我的配置文件
mixed-port: 7890
redir-port: 7891
tproxy-port: 1536
allow-lan: false
mode: rule
geodata-mode: true
unified-delay: true
log-level: error
ipv6: true
external-controller: 127.0.0.1:9090
external-ui: ui
secret: ""
enable-process: true
find-process-mode: strict
#tcp-concurrent: true
global-client-fingerprint: chrome
geox-url:
geoip: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.dat"
geosite: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
mmdb: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/country.mmdb"
profile:
store-selected: true
store-fake-ip: true
sniffer:
enable: false
sniff:
TLS:
ports: [443, 8443]
HTTP:
ports: [80, 8080-8880]
override-destination: true
tun:
enable: false
device: tun3
stack: system
inet6-address:
dns-hijack:
- 'any:53'
auto-route: true
auto-detect-interface: true
dns:
enable: true
enhanced-mode: fake-ip
fake-ip-range: 198.19.0.1/16
listen: 0.0.0.0:53
nameserver:
- 223.5.5.5
- 8.8.8.8
- 114.114.114.114
ipv6: true
#!/system/bin/sh
bin_name="clash"
redir_port="7891"
tproxy_port="1536"
clash_dns_port="53"
clash_dns_listen="0.0.0.0:${clash_dns_port}"
clash_fake_ip_range="198.19.0.1/16"
tun_device="tun0"
box_user_group="root:net_admin"
# If you want to change the user or group, you must make the Box core in the /system/bin directory, otherwise the changes will not take effect.
# If you are using Magisk, you can copy the Box core files (sing-box, clash, etc.) to /data/adb/modules/bin_files/system/bin/ and reboot the phone
bin_name_list=("sing-box" "clash" "xray" "v2ray")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"
intranet=(0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.18.0.1/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)
ipv6="enable" # enable / disable
proxy_method="TPROXY"
# REDIRECT: TCP only / TPROXY: TCP + UDP / MIXED: REDIRECT TCP + TUN UDP
proxy_mode="blacklist"
# blacklist / whitelist / core
user_packages_list=("0:com.jingdong.app.mall" "0:com.sonelli.juicessh")
# Android User:Package Name, For example:
# user_packages_list=("0:com.android.captiveportallogin" "10:com.tencent.mm")
gid_list=()
# The gid in the list will be bypassed or proxied according to the proxy_mode configuration, and the gid can be arbitrarily specified by the busybox setuidgid command
ap_list=("wlan+" "ap+" "rndis+")
ignore_out_list=()
描述:
使用的是sing-box核心,经测试sing-box的配置是没有问题了,运行后去连接sing-box的mixed端口可正常访问Google,但是box4magisk设置的透明代理应用不起作用(不能访问Google)
看log文件内容box4magisk是正常运行了,error中有一条icmp参数错误
run_error.log:
grep: no REGEX
Bad argument `icmp'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `icmp'
Try `iptables -h' or 'iptables --help' for more information.
run.log:
[2024-05-26 12:00:02 CST] [Warn]: sing-box service is stopped.
[2024-05-26 12:00:02 CST] [Info]: sing-box will be started with the root:net_admin user group.
[2024-05-26 12:00:02 CST] [Info]: starting sing-box service.
[2024-05-26 12:00:04 CST] [Info]: sing-box service is running. ( PID: 5336 )
[2024-05-26 12:00:06 CST] [Info]: use TPROXY:TCP+UDP.
[2024-05-26 12:00:06 CST] [Info]: creating ip(6)tables transparent proxy rules.
[2024-05-26 12:00:06 CST] [Info]: wlan+ ap+ rndis+ transparent proxy.
[2024-05-26 12:00:06 CST] [Info]: proxy mode: whitelist, 10:com.twitter.android 10:com.yandex.browser 10:com.android.browser transparent proxy.
[2024-05-26 12:00:07 CST] [Error]: create iptables transparent proxy rules failed.
[2024-05-26 12:00:07 CST] [Warn]: disable IPv6.
[2024-05-26 12:00:47 CST] [Warn]: cleaning up ip(6)tables transparent proxy rules.
[2024-05-26 12:00:48 CST] [Warn]: clean up ip(6)tables transparent proxy rules done.
[2024-05-26 12:00:48 CST] [Warn]: enable IPv6.
[2024-05-26 12:00:48 CST] [Info]: sing-box has started with the root:net_admin user group.
[2024-05-26 12:00:48 CST] [Info]: sing-box service is running. ( PID: 5336 )
[2024-05-26 12:00:48 CST] [Info]: sing-box memory usage: 32068kB
[2024-05-26 12:00:48 CST] [Info]: sing-box cpu usage: 2.2%
[2024-05-26 12:00:48 CST] [Info]: sing-box running time: 0:47
[2024-05-26 12:00:48 CST] [Warn]: stopping sing-box service.
[2024-05-26 12:00:49 CST] [Warn]: sing-box service is stopped.
box.config配置:
#!/system/bin/sh
bin_name="sing-box"
redir_port="7891"
tproxy_port="1536"
#clash_dns_port="1053"
#clash_dns_listen="0.0.0.0:${clash_dns_port}"
#fake_ip_range_v4="198.18.0.0/15"
#fake_ip_range_v6="fc00::/18"
#tun_device="tun0"
box_user_group="root:net_admin"
# If you want to change the user or group, you must make the Box core in the /system/bin directory, otherwise the changes will not take effect.
# If you are using Magisk, you can copy the Box core files (sing-box, clash, etc.) to /data/adb/modules/bin_files/system/bin/ and reboot the phone
bin_name_list=("sing-box" "clash" "mihomo" "xray" "v2ray")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"
intranet=(0.0.0.0/8 10.0.0.0/8 100.0.0.0/8 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
# The use of 100.0.0.0/8 instead of 100.64.0.0/10 is purely due to a mistake by China Telecom's service provider, and you can change it back.
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)
ipv6="disable"
proxy_method="TPROXY"
# REDIRECT: TCP only / TPROXY: TCP + UDP / MIXED: REDIRECT TCP + TUN UDP
proxy_mode="whitelist"
# blacklist / whitelist / core
user_packages_list=("10:com.twitter.android" "10:com.yandex.browser" "10:com.android.browser")
# Android User:Package Name, For example:
# user_packages_list=("0:com.android.captiveportallogin" "10:com.tencent.mm")
gid_list=()
# The gid in the list will be bypassed or proxied according to the proxy_mode configuration, and the gid can be arbitrarily specified by the busybox setuidgid command
ap_list=("wlan+" "ap+" "rndis+")
ignore_out_list=()
sing-box配置:
{
"log": {
"level": "info",
"output": "sing-box.log",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "tls://1.1.1.1",
"detour": "Proxy"
},
{
"tag": "fakedns",
"address": "fakeip"
},
{
"tag": "dnspod",
"address": "https://1.12.12.12/dns-query",
"detour": "direct"
},
{
"tag": "rcode",
"address": "rcode://name_error"
}
],
"rules": [
// 见 https://github.com/SagerNet/sing-box/releases/tag/v1.2.2
{
"outbound": "any",
"server": "dnspod",
"disable_cache": true
},
{
"geosite": "category-ads-all",
"server": "rcode"
},
{
"geosite": [
"cn",
"apple@cn",
"category-games@cn"
],
"server": "dnspod"
}
],
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
},
"strategy": "prefer_ipv4",
"final": "cloudflare"
// "final": "fakedns"
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "::",
"listen_port": 10801,
"sniff": true,
"domain_strategy": "prefer_ipv4"
// "set_system_proxy": false
},
// {
// "type": "tun",
// "tag": "tun-in",
// "interface_name": "tun3",
// "inet4_address": "172.19.0.1/30",
// "inet6_address": "fdfe:dcba:9876::1/126",
// "stack": "system",
// "auto_route": true,
// "strict_route": true,
// "sniff": true
// },
// {
// "type": "redirect",
// "tag": "redirect-in",
// "listen": "::",
// "listen_port": 7891,
// "sniff": true
// },
{
"type": "tproxy",
"tag": "tproxy-in",
"listen": "::",
"listen_port": 1536,
"sniff": true
}
],
// proviedrs 需要使用 https://github.com/qjebbs/sing-box
//
// "providers": [
// {
// "tag": "provider1",
// "url": "base64 订阅链接1",
// "interval": "24h",
// "cache_file": "provider1.txt",
// "download_detour": "direct"
// },
// {
// "tag": "provider2",
// "url": "base64 订阅链接2",
// "interval": "18h",
// "cache_file": "provider2.txt",
// "download_detour": "direct",
//
// "exclude": "官网|剩余|到期|流量"
// },
// {
// "tag": "provider3",
// "url": "base64 订阅链接3",
// "interval": "12h",
// "cache_file": "provider3.txt",
// "download_detour": "direct",
//
// "include": "IEPL|专线"
// }
// ],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
},
{
"type": "socks",
"tag": "socks-out",
"server": "127.0.0.1",
"server_port": 10080
},
{
"type": "selector",
"tag": "Proxy",
// "providers": [
// "provider1",
// "provider2",
// "provider3"
// ],
"outbounds": [
"socks-out"
]
}
],
"route": {
"rules": [
{
"port": 53,
"outbound": "dns-out"
},
{
"geosite": "category-ads-all",
"outbound": "block"
},
{
"geosite": [
"apple@cn",
"category-games@cn",
"cn"
],
"outbound": "direct"
},
{
"geoip": [
"cn",
"private"
],
"outbound": "direct"
}
],
// "auto_detect_interface": true,
// "default_mark": 233,
"find_process": true,
"final": "socks-out"
},
"experimental": {
}
}
blacklist模式下设置绕过termux,但是由termux创建的进程,比如AdGuardHome、MOSDNS,还是进入代理,请问有办法可以绕过这些进程吗?
不知道是不是有意为之, tproxy 启用时会将 IPv6 禁用。我只删去了此处并在 box.config 中取消相关注释便可使用 IPv6,没发现任何问题
RT,开启数据网络的情况下,重启设备,然后就无网络,必须再次开关数据网才有网络
请问如何设置clash的订阅链接,或者自建节点,目前只看到了clash下面的config.yaml里面只有订阅链接,请问如何添加自建节点!
mihomo内核tun模式ipv6失效,同样的配置在clash.meta for android下ipv6是正常的,请问需要修改哪个配置。
mode: rule
ipv6: true
dns:
enable: true
ipv6: true
RT
核心为clash meta,配置如下(已去除节点和规则)
代理方式为TProxy,系统为Android 13
使用流量时也正确检测到了rmnet_data3,但实际使用只有tg app走了代理,chrome甚至也没走代理,请问该如何解决?需要补充哪些信息?
可以弄一种通过包名排除代理的吗?或者给后台加一个能手动选择排除代理的应用列表...
每次开机都要输一遍/data/adb/box/scripts/box.tproxy disable,怎么彻底禁用tproxy。
小米通讯共享貌似走的是p2p数据,如果开了box4,那么平板dns有错误,只能用于qq,微信,淘宝,部分软件无法加载图片,大部分软件无网络,如果不开就是正常的网络,这个问题有办法搞定吗,用的mihomo内核。
模块开启后可正常透明代理,但 VoLTE 无法使用(无论 WiFi 或移动数据下)。
由于运营商默认使用 VoLTE,所以导致使用模块时,手机无法拨打/接听电话。
使用 box 的默认配置,仅修改了 bin_name。
使用的 xray 配置也大同小异,仅修改了一些路由和DNS分流规则。
日志中没看到异常,搜索网上也没发现相关资料。
目前尝试了以下方法,问题依然存在:
除此之外模块非常方便好用,如果能解决该问题的话不胜感谢。
原来使用的也是mihomo核心,box没更新之前我一直用的clash的名字。看到更新后我就转移到mihomo的文件夹和名字了。核心配置文件啥都没变,直接粘贴过去的。然后开面板看到了所有host变ip了
请问这个和box_for_root模块是否一样?
我之前用你这个,一直连接不上网络,我才用的box_for_root
使用clash内核时,能否有办法在core模式下放过adguard的uid?
目前的core模式在adguard使用vpn模式时,用socks5 或 http 代理入站的时候会出现本地回环,在adguard应用列表中排除root和Android系统均不起作用
Originally posted by @a1623382 in #3 (comment)
请问box4模块里面clash/v2ray/xray等的配置文件服务器地址使用域名解析ipv6地址失败,连接不上服务器地址怎么办
目前用mihomo自带的tun很好用,但每次重启都要手动关闭默认的透明代理,不然会冲突无法联网,如何设置成默认停用。
执行脚本 #!/bin/sh 的这个设定在安卓9及以前版本似乎存在问题。
我测试了很多安卓9及以前的版本,几乎都没有软链接/system/bin/sh至/bin/sh
在安卓9及以前的版本只能手动软链接/system/bin/sh至/bin/sh之后脚本才能够正常启动
但是这个问题在安卓10开始并不存在,因为安卓10开始系统会完成以上软链接
请求将脚本内#!/bin/sh改为#!/system/bin/sh以兼容更多版本
希望能加入hysteria2内核,这对于非机场用户很有用,谢谢
按如下配置后无法联网
box config
#!/system/bin/sh
bin_name="sing-box"
redir_port="7891"
tproxy_port="9898"
clash_dns_port="1053"
clash_dns_listen="0.0.0.0:${clash_dns_port}"
fake_ip_range_v4="198.18.0.0/15"
fake_ip_range_v6="fc00::/18"
tun_device="tun0"
box_user_group="root:net_admin"
# If you want to change the user or group, you must make the Box core in the /system/bin directory, otherwise the changes will not take effect.
# If you are using Magisk, you can copy the Box core files (sing-box, clash, etc.) to /data/adb/modules/bin_files/system/bin/ and reboot the phone
bin_name_list=("sing-box" "clash" "mihomo" "xray" "v2ray")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"
intranet=(0.0.0.0/8 10.0.0.0/8 100.0.0.0/8 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
# The use of 100.0.0.0/8 instead of 100.64.0.0/10 is purely due to a mistake by China Telecom's service provider, and you can change it back.
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)
ipv6="disable"
proxy_method="TPROXY"
# REDIRECT: TCP only / TPROXY: TCP + UDP / MIXED: REDIRECT TCP + TUN UDP
proxy_mode="blacklist"
# blacklist / whitelist / core
user_packages_list=()
# Android User:Package Name, For example:
# user_packages_list=("0:com.android.captiveportallogin" "10:com.tencent.mm")
gid_list=()
# The gid in the list will be bypassed or proxied according to the proxy_mode configuration, and the gid can be arbitrarily specified by the busybox setuidgid command
ap_list=("wlan+" "ap+" "rndis+")
ignore_out_list=()
sing-box config:
sing-box/config.json
{
"log": {
"level": "trace",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "cloudflare",
"address": "1.1.1.1",
"detour": "socks-out"
},
{
"tag": "local",
"address": "local",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "cloudflare",
"disable_cache": true
}
],
"strategy": "ipv4_only"
},
"inbounds": [
{
"type": "tproxy",
"tag": "tproxy-in",
"listen": "::",
"listen_port": 9898,
"sniff": true
}
],
"outbounds": [
{
"type": "socks",
"tag": "socks-out",
"server": "192.168.1.11",
"server_port": 8080,
"version": "5",
"network": "udp",
"udp_over_tcp": false
},
{
"type": "dns",
"tag": "dns"
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
}
],
"route": {
"rules": [
{
"port": 53,
"outbound": "dns"
}
],
"final": "socks-out",
"auto_detect_interface": false
}
}
+0000 2024-05-18 18:48:53 INFO router: using dns[dns] as default outbound for connection
+0000 2024-05-18 18:48:53 INFO router: using socks[socks-out] as default outbound for packet connection
+0000 2024-05-18 18:48:53 INFO router: updated default interface wlan0, index 16, vpn disabled
+0000 2024-05-18 18:48:53 INFO inbound/tproxy[tproxy-in]: tcp server started at [::]:9898
+0000 2024-05-18 18:48:53 INFO inbound/tproxy[tproxy-in]: udp server started at [::]:9898
+0000 2024-05-18 18:48:53 INFO sing-box started (0.00s)
+0000 2024-05-18 18:48:57 INFO [2954390041 0ms] inbound/tproxy[tproxy-in]: inbound connection from 192.168.1.41:42872
+0000 2024-05-18 18:48:57 INFO [2954390041 0ms] inbound/tproxy[tproxy-in]: inbound connection to 142.250.189.174:443
+0000 2024-05-18 18:48:57 DEBUG [2954390041 1ms] router: sniffed protocol: tls, domain: play-fe.googleapis.com
+0000 2024-05-18 18:48:58 INFO [2561511886 0ms] inbound/tproxy[tproxy-in]: inbound connection from 192.168.1.41:42876
+0000 2024-05-18 18:48:58 INFO [2561511886 0ms] inbound/tproxy[tproxy-in]: inbound connection to 142.250.189.174:443
+0000 2024-05-18 18:48:58 INFO [3886906365 0ms] inbound/tproxy[tproxy-in]: inbound connection from 192.168.1.41:40616
+0000 2024-05-18 18:48:58 INFO [3470913107 1ms] inbound/tproxy[tproxy-in]: inbound connection from 192.168.1.41:42878
+0000 2024-05-18 18:48:58 INFO [3470913107 2ms] inbound/tproxy[tproxy-in]: inbound connection to 142.250.189.174:443
+0000 2024-05-18 18:48:58 INFO [3886906365 2ms] inbound/tproxy[tproxy-in]: inbound connection to 142.250.191.42:443
+0000 2024-05-18 18:48:58 DEBUG [3470913107 3ms] router: sniffed protocol: tls, domain: play-fe.googleapis.com
+0000 2024-05-18 18:48:58 DEBUG [2561511886 1ms] router: sniffed protocol: tls, domain: play-fe.googleapis.com
+0000 2024-05-18 18:48:58 DEBUG [3886906365 7ms] router: sniffed protocol: tls, domain: play.googleapis.com
+0000 2024-05-18 18:49:01 INFO [2900828353 0ms] inbound/tproxy[tproxy-in]: inbound packet connection from 192.168.1.41:46085
+0000 2024-05-18 18:49:01 INFO [2900828353 0ms] inbound/tproxy[tproxy-in]: inbound packet connection to 8.8.8.8:53
+0000 2024-05-18 18:49:01 DEBUG [2900828353 0ms] router: sniffed packet protocol: dns
+0000 2024-05-18 18:49:01 DEBUG [2900828353 0ms] router: match[0] port=53 => dns
+0000 2024-05-18 18:49:01 DEBUG dns: exchange www.google.ru. IN A
+0000 2024-05-18 18:49:01 INFO outbound/socks[socks-out]: outbound packet connection to 1.1.1.1:53
+0000 2024-05-18 18:49:04 INFO [2937715998 0ms] inbound/tproxy[tproxy-in]: inbound packet connection from 192.168.1.41:30474
+0000 2024-05-18 18:49:04 INFO [2937715998 0ms] inbound/tproxy[tproxy-in]: inbound packet connection to 114.114.114.114:53
+0000 2024-05-18 18:49:04 DEBUG [2937715998 0ms] router: sniffed packet protocol: dns
+0000 2024-05-18 18:49:04 DEBUG [2937715998 0ms] router: match[0] port=53 => dns
+0000 2024-05-18 18:49:04 DEBUG dns: exchange www.google.ru. IN A
+0000 2024-05-18 18:49:08 DEBUG dns: exchange www.google.ru. IN A
+0000 2024-05-18 18:49:11 ERROR dns: exchange failed for www.google.ru. IN A: context deadline exceeded
+0000 2024-05-18 18:49:11 DEBUG [1176772088 10.0s] inbound/tproxy[tproxy-in]: connection closed: io: read/write on closed pipe | upstream: context canceled
+0000 2024-05-18 18:49:11 ERROR dns: exchange failed for www.google.ru. IN A: context canceled
+0000 2024-05-18 18:49:11 INFO outbound/socks[socks-out]: outbound packet connection to 1.1.1.1:53
+0000 2024-05-18 18:49:11 DEBUG dns: exchange www.google.ru. IN A
+0000 2024-05-18 18:49:14 ERROR dns: exchange failed for www.google.ru. IN A: context deadline exceeded
+0000 2024-05-18 18:49:14 INFO outbound/socks[socks-out]: outbound packet connection to 1.1.1.1:53
+0000 2024-05-18 18:49:14 DEBUG [293763425 10.0s] inbound/tproxy[tproxy-in]: connection closed: io: read/write on closed pipe | upstream: context canceled
+0000 2024-05-18 18:49:15 ERROR dns: exchange failed for www.google.ru. IN A: context canceled
+0000 2024-05-18 18:49:27 ERROR [2954390041 30.1s] inbound/tproxy[tproxy-in]: process connection from 192.168.1.41:42872: unexpected EOF
+0000 2024-05-18 18:49:27 INFO [3884017762 0ms] inbound/tproxy[tproxy-in]: inbound packet connection from 192.168.1.41:43421
+0000 2024-05-18 18:49:27 INFO [3884017762 0ms] inbound/tproxy[tproxy-in]: inbound packet connection to 142.250.189.174:443
+0000 2024-05-18 18:49:27 INFO [393830923 0ms] inbound/tproxy[tproxy-in]: inbound connection from 192.168.1.41:42936
+0000 2024-05-18 18:49:27 INFO [393830923 0ms] inbound/tproxy[tproxy-in]: inbound connection to 142.250.189.174:443
+0000 2024-05-18 18:49:27 DEBUG [3884017762 2ms] router: sniffed packet protocol: quic, domain: play-fe.googleapis.com
+0000 2024-05-18 18:49:27 INFO [3884017762 2ms] outbound/socks[socks-out]: outbound packet connection to 142.250.189.174:443
+0000 2024-05-18 18:49:27 DEBUG [393830923 2ms] router: sniffed protocol: tls, domain: play-fe.googleapis.com
+0000 2024-05-18 18:49:28 ERROR [2561511886 30.0s] inbound/tproxy[tproxy-in]: process connection from 192.168.1.41:42876: unexpected EOF
+0000 2024-05-18 18:49:28 ERROR [3470913107 30.0s] inbound/tproxy[tproxy-in]: process connection from 192.168.1.41:42878: unexpected EOF
+0000 2024-05-18 18:49:28 INFO [985630623 0ms] inbound/tproxy[tproxy-in]: inbound connection from 192.168.1.41:42940
+0000 2024-05-18 18:49:28 INFO [985630623 0ms] inbound/tproxy[tproxy-in]: inbound connection to 142.250.189.174:443
+0000 2024-05-18 18:49:28 DEBUG [985630623 4ms] router: sniffed protocol: tls, domain: play-fe.googleapis.com
+0000 2024-05-18 18:49:30 INFO [2220690807 0ms] inbound/tproxy[tproxy-in]: inbound connection from 192.168.1.41:42942
+0000 2024-05-18 18:49:30 INFO [2220690807 0ms] inbound/tproxy[tproxy-in]: inbound connection to 142.250.189.174:443
+0000 2024-05-18 18:49:30 DEBUG [2220690807 2ms] router: sniffed protocol: tls, domain: play-fe.googleapis.com
socks5-server log:
2024/05/18 18:51:13 socks.go:1216: [socks5-udp] 192.168.1.41:40558 >-< 192.168.1.11:61315
2024/05/18 18:51:13 socks.go:1149: [socks5-udp] 192.168.1.41:40562 - 192.168.1.11:16667 BIND ON 192.168.1.11:61317 OK
2024/05/18 18:51:13 socks.go:1209: [socks5-udp] 192.168.1.41:40562 <-> 192.168.1.11:61317 [tun: 192.168.1.11:61318]
2024/05/18 18:51:13 socks.go:1212: [socks5-udp] 192.168.1.41:40562 <-> 192.168.1.11:61317
2024/05/18 18:51:14 socks.go:1216: [socks5-udp] 192.168.1.41:40562 >-< 192.168.1.11:61317
2024/05/18 18:51:14 socks.go:1149: [socks5-udp] 192.168.1.41:40566 - 192.168.1.11:16667 BIND ON 192.168.1.11:61319 OK
2024/05/18 18:51:14 socks.go:1209: [socks5-udp] 192.168.1.41:40566 <-> 192.168.1.11:61319 [tun: 192.168.1.11:61320]
2024/05/18 18:51:14 socks.go:1212: [socks5-udp] 192.168.1.41:40566 <-> 192.168.1.11:61319
2024/05/18 18:51:14 socks.go:1216: [socks5-udp] 192.168.1.41:40566 >-< 192.168.1.11:61319
2024/05/18 18:51:14 socks.go:1149: [socks5-udp] 192.168.1.41:40568 - 192.168.1.11:16667 BIND ON 192.168.1.11:61321 OK
2024/05/18 18:51:14 socks.go:1209: [socks5-udp] 192.168.1.41:40568 <-> 192.168.1.11:61321 [tun: 192.168.1.11:61322]
2024/05/18 18:51:14 socks.go:1212: [socks5-udp] 192.168.1.41:40568 <-> 192.168.1.11:61321
2024/05/18 18:51:24 socks.go:1216: [socks5-udp] 192.168.1.41:40568 >-< 192.168.1.11:61321
2024/05/18 18:51:24 socks.go:1149: [socks5-udp] 192.168.1.41:40596 - 192.168.1.11:16667 BIND ON 192.168.1.11:61323 OK
2024/05/18 18:51:24 socks.go:1209: [socks5-udp] 192.168.1.41:40596 <-> 192.168.1.11:61323 [tun: 192.168.1.11:61324]
2024/05/18 18:51:24 socks.go:1212: [socks5-udp] 192.168.1.41:40596 <-> 192.168.1.11:61323
2024/05/18 18:51:24 socks.go:1216: [socks5-udp] 192.168.1.41:40596 >-< 192.168.1.11:61323
2024/05/18 18:51:24 socks.go:1149: [socks5-udp] 192.168.1.41:40598 - 192.168.1.11:16667 BIND ON 192.168.1.11:61325 OK
2024/05/18 18:51:24 socks.go:1209: [socks5-udp] 192.168.1.41:40598 <-> 192.168.1.11:61325 [tun: 192.168.1.11:61326]
2024/05/18 18:51:24 socks.go:1212: [socks5-udp] 192.168.1.41:40598 <-> 192.168.1.11:61325
2024/05/18 18:51:25 socks.go:1216: [socks5-udp] 192.168.1.41:40598 >-< 192.168.1.11:61325
2024/05/18 18:51:25 socks.go:1149: [socks5-udp] 192.168.1.41:40602 - 192.168.1.11:16667 BIND ON 192.168.1.11:61327 OK
2024/05/18 18:51:25 socks.go:1209: [socks5-udp] 192.168.1.41:40602 <-> 192.168.1.11:61327 [tun: 192.168.1.11:61328]
2024/05/18 18:51:25 socks.go:1212: [socks5-udp] 192.168.1.41:40602 <-> 192.168.1.11:61327
2024/05/18 18:51:27 socks.go:1216: [socks5-udp] 192.168.1.41:40602 >-< 192.168.1.11:61327
例如可以A进程走节点1 B进程走节点2吗?
[ 白名单无效 ]
# blacklist / whitelist / core
proxy_mode="whitelist"
# Android User:Package Name, For example:
user_packages_list=("0:com.android.chrome" "0:com.google.android.youtube" )
已执行 box.tproxy renew
, 也尝试过重启,居然只有 youtube
可以使用,另外 0:com.google.android.youtube
不管放在 哪个位置都可以.
黑名单模式是正常的,可以正确排除不需要的项目
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.