This project deploys clash, mihomo, sing-box, v2ray, xray, hysteria proxies via Magisk, KernelSU, or APatch. It supports REDIRECT (TCP only), TPROXY (TCP + UDP), and TUN (TCP + UDP, provided by the cores). It also supports a mixed mode of REDIRECT (TCP) + TUN (UDP) proxy.
This project is not responsible for the following: bricked devices, SD card corruption, or SoC burnouts.
Please ensure your configuration file does not cause a traffic loop, as this may lead to infinite device reboots.
If you're not sure how to configure this module, you might need applications like ClashForAndroid, sing-box for Android, v2rayNG, surfboard, SagerNet, AnXray, etc.
- Download the module package from the Release page, and install it via Magisk Manager, KernelSU Manager, or APatch.
- Supports online updates via Magisk Manager (effective immediately after the update without reboot).
- User configuration is backed up during module updates and appended to the new
/data/adb/box/scripts/box.configfile (in shell, later-defined variables override previous ones, but it's recommended to edit thebox.configfile after updating to remove redundant definitions and deprecated fields).
The module does not include binary executables for clash, mihomo, sing-box, v2ray-core, xray-core, hysteria.
After installing the module, please download the core files for your device's architecture and place them in the /data/adb/box/bin/ directory.
- Each core works in the
/data/adb/box/core_namedirectory, where the core_name is defined in thebin_namevariable of the/data/adb/box/scripts/box.configfile. The valid values areclash,mihomo,sing-box,xray,v2ray,hysteria, and thebin_namedetermines the core enabled by the module. - The configuration files for each core must be customized by the user. The module script checks the validity of the configuration, and the check results are stored in the
/data/adb/box/run/check.logfile. - Tip: The
mihomoandsing-boxcores come with default configurations prepared for working with the transparent proxy script. It is recommended to edit theproxy-providersoroutboundssections to add your proxy server. For advanced configurations, please refer to the respective official documentation. Links: Clash documentation, Mihomo documentation, Sing-box documentation, V2Ray documentation, Xray documentation, Hysteria documentation.
The following core services are collectively referred to as Box.
- The Box service will automatically run after the system starts.
- You can start or stop the Box service in real-time via the Magisk Manager app, without needing to reboot your device. Starting the service may take a few seconds, while stopping the service may take effect immediately.
-
Box proxies all applications (APPs) for all Android users by default.
-
If you want Box to proxy all applications (APPs) except certain ones, open the
/data/adb/box/scripts/box.configfile, change theproxy_modevalue toblacklist(default value), and add elements to theuser_packages_listarray. The format for each element isandroid_user:package_name, separated by spaces. This will exclude the specified apps from being proxied. For example,user_packages_list=("0:com.android.captiveportallogin" "10:com.tencent.mm")excludes the CaptivePortalLogin app for user 0 and WeChat for user 10. -
If you want to only proxy certain applications (APPs), open the
/data/adb/box/scripts/box.configfile, change theproxy_modevalue towhitelist, and add elements to theuser_packages_listarray. The format for each element isandroid_user:package_name, separated by spaces. This will only proxy the specified apps. For example,user_packages_list=("0:com.termux" "10:org.telegram.messenger")proxies Termux for user 0 and Telegram for user 10. -
When the
proxy_modevalue iscore, the transparent proxy will not work, and only the core will be started, which can be used to support native TUN inbound of some cores (sing-box, clash, mihomo).
-
Box uses TPROXY transparent proxy for TCP + UDP by default. If the device does not support TPROXY, it will automatically use REDIRECT to proxy TCP only.
-
Open the
/data/adb/box/scripts/box.configfile, and change theproxy_methodvalue toREDIRECTorMIXEDto use REDIRECT to proxy TCP. If TUN is not enabled in the core (only Sing-box, Clash, Mihomo supports TUN), UDP will not be proxied.
-
Box runs with the
root:net_adminuser group by default. -
Open the
/data/adb/box/scripts/box.configfile and change thebox_user_groupvalue to an existingUID:GIDon the device. In this case, the core used by Box must be in the/system/bin/directory (can use Magisk) and requires thesetcapbinary, which is included in libcap.
-
Box proxies the local device, hotspot, and USB tethering by default.
-
Open the
/data/adb/box/scripts/box.configfile, and add thewlan+element to theignore_out_listarray to bypass WLAN in transparent proxy, leaving the hotspot unaffected. -
Open the
/data/adb/box/scripts/box.configfile and remove thewlan+element from theap_listarray to stop proxying the hotspot (MediaTek devices may useap+instead ofwlan+, which can be checked with theifconfigcommand).
-
Box proxies all processes by default.
-
If you want Box to proxy all processes except certain ones, open the
/data/adb/box/scripts/box.configfile, change theproxy_modevalue toblacklist(default value), and add GID elements to thegid_listarray, separated by spaces. This will exclude the specified GID processes from being proxied. -
If you want to only proxy specific processes, open the
/data/adb/box/scripts/box.configfile, change theproxy_modevalue towhitelist, and add GID elements to thegid_listarray, separated by spaces. This will only proxy the specified GID processes.
Tip: Since Android's iptables does not support PID extension matching, Box matches processes indirectly by matching GID. Android can use the busybox setuidgid command to start specific processes with a specific UID and any GID.
If you want to control the Box service entirely via command-line, simply create a file /data/adb/box/manual. In this case, the Box service will not start automatically when your device boots, and you won't be able to manage the Box service's start or stop via Magisk Manager or KernelSU Manager apps.
-
The Box service script is
/data/adb/box/scripts/box.service. -
For example, in the test environment (Magisk version: 25200):
-
Start the service:
/data/adb/box/scripts/box.service start -
Stop the service:
/data/adb/box/scripts/box.service stop -
Restart the service:
/data/adb/box/scripts/box.service restart -
Show status:
/data/adb/box/scripts/box.service status
-
-
The transparent proxy script is
/data/adb/box/scripts/box.tproxy. -
For example, in the test environment (Magisk version: 25200):
-
Enable the transparent proxy:
/data/adb/box/scripts/box.tproxy enable -
Disable the transparent proxy:
/data/adb/box/scripts/box.tproxy disable -
Reload the transparent proxy:
/data/adb/box/scripts/box.tproxy renew
-
-
When modifying the configuration files for each core, please ensure that the relevant configuration matches the definitions in the
/data/adb/box/scripts/box.configfile. -
Box service can use yq to modify user configuration. -
When the Box service is started for the first time (or using the box.tproxy renew command), the local machine IP will be added to the bypass list to prevent traffic loops. It will also start monitoring and insert local IP anti-loopback rules when network changes occur. However, if the local machine has a public IP address, it is still recommended to add the IP to the
intranetarray in the/data/adb/box/scripts/box.configfile, or you may try uncommenting these three lines. -
The logs for the Box service are in the
/data/adb/box/rundirectory.
- Uninstalling this module via Magisk Manager, KernelSU Manager, or APatch app will delete the
/data/adb/service.d/box4_service.shfile but retain the Box data directory/data/adb/box. - You can use the command to clear Box data:
rm -rf /data/adb/box.
