安卓版本:15
需要ROOT权限:需要
可用性验证:已验证可用
调试目的是使客户端手机看到wifi的mac地址为指定值
启动自定义热点shell脚本,使用静态IP配置
#!/system/bin/sh
# 防止变量未定义或命令失败时继续执行
set -euo pipefail
# iptables备份目录
IPTABLES_BACKUP_FILE="/data/local/tmp/wlan_52_iptables_backup"
# 远程配置文件地址,自行起了一个http便于修改hostapd配置
URL="http://conf.local.com/tool/hosapd_52.conf"
# 本地保存路径
DEST="/data/local/tmp/hosapd_52.conf"
# 控制文件
HOSTAPD_CTRL="/data/vendor/wifi/hostapd/ctrl/wlan_52"
# 接口名称
IFNAME="wlan_52"
# 子网
SUBNET="192.168.50.0/24"
# 网关
GATEWAY="192.168.50.1"
# 客户端配置的静态IP
CLIENT_IP="192.168.50.15"
# 获取上行接口名称,示例wlan0
UPLINK_IFNAME=$(ip route get 8.8.8.8 | awk '{print $5; exit}')
if [ -z "$UPLINK_IFNAME" ]; then
echo "[52_ERROR] Failed to get uplink interface name"
exit 1
fi
echo "[52_INFO] Uplink interface name: $UPLINK_IFNAME"
# 检测是否为移动数据 (无子网)
if [[ "$UPLINK_IFNAME" == rmnet* ]] || [[ "$UPLINK_IFNAME" == ccmni* ]]; then
IS_MOBILE_DATA=true
echo "[52_INFO] Network type : Mobile Data"
else
IS_MOBILE_DATA=false
echo "[52_INFO] Network type : WIFI"
fi
# 获取上行网关,示例192.168.137.1
UPLINK_GATEWAY=$(ip route get 8.8.8.8 | awk '/via/ {print $3}')
if [ -z "$UPLINK_GATEWAY" ]; then
echo "[52_ERROR] Failed to get uplink gateway"
exit 1
fi
echo "[52_INFO] Uplink gateway: $UPLINK_GATEWAY"
# 如果是wifi则获取上行子网,否则略过
if $IS_MOBILE_DATA; then
echo "[52_INFO] This is mobile data, skipping getting uplink subnet"
else
# 获取上行子网,示例192.168.137.0/24
UPLINK_SUBNET=$(ip route show dev "$UPLINK_IFNAME" proto kernel scope link | awk '{print $1}')
if [ -z "$UPLINK_SUBNET" ]; then
echo "[52_ERROR] Failed to get uplink subnet"
exit 1
fi
echo "[52_INFO] Uplink subnet: $UPLINK_SUBNET"
fi
# 获取上行ip,示例192.168.137.15
UPLINK_IP=$(ip -4 addr show dev "$UPLINK_IFNAME" | awk '/inet/ { sub(/\/[0-9]+$/, "", $2); print $2; exit }')
if [ -z "$UPLINK_IP" ]; then
echo "[52_ERROR] Failed to get uplink ip"
exit 1
fi
echo "[52_INFO] Uplink ip: $UPLINK_IP"
# 使用 curl 下载hosapd配置文件
curl -fsSL "$URL" -o "$DEST"
echo "[52_INFO] Downloading configuration file from: $URL"
# 判断是否下载成功
if [ $? -eq 0 ]; then
echo "[52_INFO] Configuration file downloaded successfully to: $DEST"
else
echo "[52_ERROR] Failed to download configuration file"
exit 1
fi
# 设置hosapd.conf权限
echo "[52_INFO] Setting permissions for $DEST..."
chown wifi:wifi "$DEST"
chmod 660 "$DEST"
# 备份所有iptables规则
echo "[52_INFO] IPTABLES_BACKUP, Backing up all iptables rules..."
# 完整备份当前iptables规则
iptables-save > "$IPTABLES_BACKUP_FILE"
echo "[52_INFO] IPTABLES_BACKUP, Full iptables rules : $IPTABLES_BACKUP_FILE"
# 清空指定iptables规则
echo "[52_INFO] IPTABLES_BACKUP, Clearing iptables rules..."
iptables -F
iptables -t nat -F
iptables -X
echo "[52_INFO] IPTABLES_BACKUP, Cleared all iptables rules"
# 检查接口是否已存在,如果存在则删除
echo "[52_INFO] Checking if interface $IFNAME exists..."
if ip link show "$IFNAME" > /dev/null 2>&1; then
echo "[52_INFO] Interface $IFNAME exists. Deleting..."
# 尝试将接口关闭
ip link set "$IFNAME" down
# 删除接口(使用 iw 优先,其次尝试 ip)
iw dev "$IFNAME" del
echo "[52_INFO] Interface $IFNAME deleted via iw."
# 再次检查接口是否存在
if ip link show "$IFNAME" > /dev/null 2>&1; then
echo "[52_ERROR] Failed to delete interface $IFNAME"
exit 1
else
echo "[52_INFO] Interface $IFNAME deleted successfully."
fi
else
echo "[52_INFO] Interface $IFNAME does not exist."
fi
# 创建接口,并判断是否创建成功
echo "[52_INFO] Creating interface $IFNAME..."
# 获取phy设备名称
PHY=$(ls /sys/class/ieee80211/)
iw phy "$PHY" interface add "$IFNAME" type __ap
if [ $? -eq 0 ]; then
echo "[52_INFO] Interface $IFNAME created successfully."
# 分配地址
ip addr add "$GATEWAY"/24 dev "$IFNAME"
echo "[52_INFO] Address assigned to $IFNAME."
# 启动接口
ip link set dev "$IFNAME" up
echo "[52_INFO] Interface $IFNAME started."
# 允许IP转发
sysctl -w net.ipv4.ip_forward=1
echo "[52_INFO] IP forwarding enabled."
# 配置路由表
## 移动数据路由配置
### ip route add default dev wlan0 table 100
## Wi-Fi路由配置
### ip route add 192.168.137.0/24 dev wlan0 src 192.168.137.15 table 100
### ip route add default via 192.168.137.1 dev wlan0 table 100
if $IS_MOBILE_DATA; then
# 移动数据路由配置
echo "[52_INFO] Create custom routing table, Add route : ip route add default dev "$UPLINK_IFNAME" table 100"
ip route add default dev "$UPLINK_IFNAME" table 100
else
# Wi-Fi路由配置
echo "[52_INFO] Create custom routing table, Add route : ip route add "$UPLINK_SUBNET" dev "$UPLINK_IFNAME" src "$UPLINK_IP" table 100"
ip route add "$UPLINK_SUBNET" dev "$UPLINK_IFNAME" src "$UPLINK_IP" table 100
echo "[52_INFO] Create custom routing table, Add route : ip route add default via "$UPLINK_GATEWAY" dev "$UPLINK_IFNAME" table 100"
ip route add default via "$UPLINK_GATEWAY" dev "$UPLINK_IFNAME" table 100
fi
# 创建策略路由规则
## ip rule add from 192.168.50.0/24 lookup 100
## ip rule add to 192.168.50.0/24 lookup 100
## ip rule add from 192.168.137.15 lookup 100
echo "[52_INFO] Create policy routing rules, Add rule : ip rule add from "$SUBNET" lookup 100"
ip rule add from "$SUBNET" lookup 100
echo "[52_INFO] Create policy routing rules, Add rule : ip rule add to "$SUBNET" lookup 100"
ip rule add to "$SUBNET" lookup 100
echo "[52_INFO] Create policy routing rules, Add rule : ip rule add from "$UPLINK_IP" lookup 100"
ip rule add from "$UPLINK_IP" lookup 100
# 创建完整NAT配置
# 移动数据路由配置
## iptables -t nat -A POSTROUTING -o wlan0 -s 192.168.50.0/24 -j MASQUERADE
# Wi-Fi路由配置
## iptables -t nat -A PREROUTING -i wlan_52 -d 192.168.137.15 -j DNAT --to-destination 192.168.50.15
## iptables -t nat -A POSTROUTING -o wlan0 -s 192.168.50.0/24 -j SNAT --to-source 192.168.137.15
## iptables -t nat -A POSTROUTING -o wlan_52 -s 192.168.137.0/24 -j SNAT --to-source 192.168.50.1
if $IS_MOBILE_DATA; then
# 移动数据NAT配置
echo "[52_INFO] Create NAT configuration, Add iptables : iptables -t nat -A POSTROUTING -o "$UPLINK_IFNAME" -s "$SUBNET" -j MASQUERADE"
iptables -t nat -A POSTROUTING -o "$UPLINK_IFNAME" -s "$SUBNET" -j MASQUERADE
else
# Wi-Fi NAT配置
echo "[52_INFO] Create NAT configuration, Add iptables : iptables -t nat -A PREROUTING -i "$IFNAME" -d "$UPLINK_IP" -j DNAT --to-destination "$CLIENT_IP""
iptables -t nat -A PREROUTING -i "$IFNAME" -d "$UPLINK_IP" -j DNAT --to-destination "$CLIENT_IP"
echo "[52_INFO] Create NAT configuration, Add iptables : iptables -t nat -A POSTROUTING -o "$UPLINK_IFNAME" -s "$SUBNET" -j SNAT --to-source "$UPLINK_IP""
iptables -t nat -A POSTROUTING -o "$UPLINK_IFNAME" -s "$SUBNET" -j SNAT --to-source "$UPLINK_IP"
echo "[52_INFO] Create NAT configuration, Add iptables : iptables -t nat -A POSTROUTING -o "$IFNAME" -s "$UPLINK_SUBNET" -j SNAT --to-source "$GATEWAY""
iptables -t nat -A POSTROUTING -o "$IFNAME" -s "$UPLINK_SUBNET" -j SNAT --to-source "$GATEWAY"
fi
# 创建防火墙规则
## iptables -A FORWARD -i wlan_52 -o wlan0 -j ACCEPT
## iptables -A FORWARD -i wlan0 -o wlan_52 -j ACCEPT
## iptables -A INPUT -i wlan_52 -j ACCEPT
## iptables -A OUTPUT -o wlan_52 -j ACCEPT
echo "[52_INFO] Create firewall rules, Add iptables : iptables -A FORWARD -i "$IFNAME" -o "$UPLINK_IFNAME" -j ACCEPT"
iptables -A FORWARD -i "$IFNAME" -o "$UPLINK_IFNAME" -j ACCEPT
echo "[52_INFO] Create firewall rules, Add iptables : iptables -A FORWARD -i "$UPLINK_IFNAME" -o "$IFNAME" -j ACCEPT"
iptables -A FORWARD -i "$UPLINK_IFNAME" -o "$IFNAME" -j ACCEPT
echo "[52_INFO] Create firewall rules, Add iptables : iptables -A INPUT -i "$IFNAME" -j ACCEPT"
iptables -A INPUT -i "$IFNAME" -j ACCEPT
echo "[52_INFO] Create firewall rules, Add iptables : iptables -A OUTPUT -o "$IFNAME" -j ACCEPT"
iptables -A OUTPUT -o "$IFNAME" -j ACCEPT
else
echo "[52_ERROR] Failed to create interface $IFNAME"
exit 1
fi
# 启动热点
echo "[52_INFO] Starting AP..."
# /vendor/bin/hw/hostapd /data/local/tmp/hosapd_52.conf &
/vendor/bin/hw/hostapd "$DEST" &
sleep 3
echo "[52_INFO] Create custom routing table, Add route : ip route add "$SUBNET" dev "$IFNAME" src "$GATEWAY" table 100"
ip route add "$SUBNET" dev "$IFNAME" src "$GATEWAY" table 100
hosapd_52.conf配置示例
interface=wlan_52
driver=nl80211
ctrl_interface=/data/vendor/wifi/hostapd/ctrl
ssid=wifi_ssid
channel=0
acs_exclude_dfs=1
freqlist=5735-5815
ieee80211n=1
ieee80211ac=1
ieee80211ax=0
ieee80211be=0
hw_mode=a
ht_capab=[HT40+]
vht_oper_chwidth=1
ignore_broadcast_ssid=0
wowlan_triggers=any
interworking=0
auth_algs=1
wpa=2
rsn_pairwise=CCMP
wpa_key_mgmt=WPA-PSK
ieee80211w=0
wpa_passphrase=wifi_password
bssid=56:16:51:8f:39:18
acs_exclude_6ghz_non_psc=0
ocv=0
beacon_prot=0
