*TUTORIAL* How to flash Kali Pwn Pad on your N7 2013!!

Search This thread

droidshadow

Senior Member
Dec 28, 2012
356
204
Hello xda developers!

Do you love computer security as much as I do?

Do you have a nexus 7 2013? A Nexus 7 2012 will work too i will get to that...

Have you seen the amazing Pwn Pad Tablet from Pwnie_Express -> http://pwnieexpress.com/products/pwnpad

Now that is one amazing piece of hardware with some amazing software, yet I don't know about you but I don't have $1,000 dollars to purchase a penetration testing tablet, and even if i did i wouldn't. The Pwn Pad tablet is a 2012 Nexus 7 tablet that the amazing people from Pwnie Express have hacked up to put Ubuntu in a chroot environment with some amazing programs such as EvilAP, Metasploit, Wifite, and Kismet. The greatest thing about the Pwn Pad is that they have done some modifying to a kernel to enable usb wifi devices to work such as the ALFA AWUS036H and the TP-LINK usb wifi device.


Now some people over at a another forum have done some amazing work for the Nexus 7 tablet and they were able to create a Pwn Pad based Rom but instead of Ubuntu they choose Kali Linux which in my opinion is much better for Penetration Testing. In fact the new 2014 Pwn Pad tablet from Pwnie_Express will be coming using the N7 2013 with Kali Linux instead of Ubuntu which is what the 2012 Pwn Pad uses. Moving on...

There are some definite bonuses to using the Kali Pwn Pad created by a user who calls himself "Binky Bear" compared to the original Pwn Pad from the great guys at Pwnie_Express. The first big bonus is that you get Kali Linux instead of Ubuntu. A second great bonus is that Binky Bear has take the [ElementalX kernel v2.2] and tweaked it a bit to work with his creation of Kali Pwn Pad v0.5. The big bonus with Binky's kernel which is based of [ElementalX kernel v2.2] is that the kernel supports USB OTG + Host Charge Mode. This means that if you have a OTG cable that has also has a Y-Cable you are able to power your usb wifi adapter and charge your tablet at the same time. This is one limitation of the original Pwn Pad from Pwnie_Express. The Pwnie_Express Pwn Pad can not power the usb wifi adapter and charge the tablet at the same time, they recommend you use a docking station. However, when you put Kali Pwn Pad on your N7 tablet you will not have this limitation!

Here is a picture of my tablet with the TP-Link usb wifi adapter:

GR1ymkK.jpg



Are you getting excited? I know I was when i first laid eyes on the Pwn Pad from Pwnie_Express! The Pwn Pad was the reason I went out and purchased a Nexus 7, only i didn't know it was the 2012 edition that was being used by Pwnie_Express and I purchased the 2013. So i had to wait for someone to come up with something for the N7 2013, luckily Binky Bear was sent from computer security heaven!


Okay so lets get started... (Many of you these steps will be very elementary for some of you just skip ahead where you feel comfortable)
i wanted to make this guide as detailed as possible (spoon feeding!)

So you have a Nexus 7 is it rooted? The first thing we need to do is Unlock your Bootloader and Root your tablet...



UPDATE TIP: I am jumping ahead here but you need to know this tip...

Anytime you do anything under TWRP recovery manager especially flashing zip files and Rom's you should have your Nexus 7 tablet plugged into power. If your Nexus device is in recovery manager for a period of time (and it will be when we flash kali pwn pad) it could turn the screen off. If your device is being powered it is easy to get the screen back. You just need to press the power button and slide the bottom of the screen from left to right in order to unlock the screen. If your device is not being powered it can be a real pain in the ass to get the screen to come back on from TWRP recovery. PLEASE TAKE THIS ADVICE SERIOUSLY!




STEP 1: Unlock BootLoader and Root your Tablet: There is a great tool for Windows Computers that will basically do whole rooting process for you. If you have been into the Nexus 7 world for some time now then you know exactly what tool I am talking about. The tool I am talking about is the Nexus 7 Root Toolkit by WuGFresh. Here is a link to his website -> http://www.wugfresh.com/nrt/

Now you can use the Nexus 7 Root Toolkit to unlock your tablets BootLoader which is a must! Unlocking your bootloader is the very first thing you should do your Nexus 7 tablet.

In order to unlock your bootloader you need to do a couple of things first. First thing is go into "Settings" for your tablet and click on "About Tablet" When you are in the "about tablet" click on "build number" 7 times to enable "developer options". Once you have clicked on it 7 times go back to settings and go into "developer options" and enable "usb debugging"

Okay now that usb debugging is enabled, we need to install the usb drivers so your tablet can communicate with your computer. This will work for windows vista/xp/7. If you have Windows 8 or Linux or Mac you will need to follow the steps for installing USB drivers and rooting your tablet for your specific setup. It is not hard just do a quick google search or do a search on youtube for a video tutorial...

Moving on...

Now the easiest way to install the usb drivers for your Nexus 7 device is to use the program by WuGFresh -> the Nexus 7 Root Toolkit. Just click on the button to install the usb drivers and follow the steps. If you prefer to manually install the usb drivers you can use this link here to download them -> http://developer.android.com/sdk/win-usb.html

I would really recommend that you use the WuGFresh root toolkit to install the usb drivers though...

Okay now that you have the USB drivers installed you need to unlock the bootloader. Click on the button on the WuGFresh Nexus 7 Root Toolkit which says "unlock bootloader". Follow the steps. When your Nexus 7 tablet reboots you will see a screen come up that says do you want to unlock the bootloader. Slide the bottom button to right to unlock your bootloader. When you do that it will tell you that you may void your warranty unlocking your bootloader but don't worry you can always re-lock it if you want to, especially if you need your warranty. The N7 Root Toolkit has an option to restore your device back to factory settings, unrooted with a locked bootloader! Such a great tool...

Okay so now your bootloader should be unlocked...

So now what you want to do is root your device and install the TWRP recovery manager. Now i know that many of you out there are used to CWM (clockwork mod recovery manager) but TWRP is a great recovery manager and you will need it with Multirom. We will get to multirom...

So under the root button on your Nexus 7 Root Toolkit is an option that you can click on to check which says "install recovery manager" make sure you click that button before you hit the root button!

So check that option to install recovery manager (which it installs TWRP) and let the NRT (nexus root toolkit) do its magic...

Okay so now you should have a rooted tablet! Lets make sure by first making sure that SuperSU is in fact installed on your tablet!. If it is open up the app "busybox free" which should have been put on your tablet by the NRT program. When you start busybox free it should ask you for root permission.

Go ahead and grant busyboxy free root permission and install busybox free...it can't hurt and it is a great program.

If you would like a video tutorial on how to root your N7 with the NRT program here is a youtube video link -> http://www.youtube.com/watch?v=Lg_QU9w5xCU

Moving on...

STEP 2: INSTALL MULTIROM MANAGER

Now that your tablet is rooted you need to install MultiRom Manager. What this does is it allows you to put multiple roms on your tablet without ever harming your stock (internal) android rom. This is a great tool and all of us who use it really owe the developer a lot of credit...

There is a very easy way to install MultiRom Manager. The developer of this program has created an app that you can download from the Google Play Store to install it easily and successfully.

Open up the Google Play store and do a search for "multirom manager". Download it, open it up, grant it root permission and run the app. The app will do all of the hard work for you and it will install MultiRom for you. Once it is done reboot your tablet. Since your stock rom won't have the reboot option i recommend downloading "quickboot" from the Google Play Store. This app requires root access but it will allow you to quickly reboot your tablet, boot into recovery, or boot into the bootloader.

When you are booting up after installing multirom you need to click on your tablet as MultiRom is counting down. The only Rom that will be listed is "internal" (because you haven't installed any other roms) go ahead and boot into "internal" by clicking on the boot button.

IMPORTANT NOTE: it is very important to boot your internal (stock rom) at least one time before you flash/add another ROM with multirom manager. MAKE SURE YOU DO THIS!

Okay so now you should have MultiRom Manager installed. That was easy right!?

STEP 3: Download the neccessary files for your Nexus 7 2013 model FLO Tablet.

Now i have tested this specific version of CM 11 for my Nexus 7 32GB 2013 model FLO (wifi only) tablet. This hacked up version of Cyanogenmod 11 is a bit different than the nightlies and is the only version of cyanogenmod that i found that could work with the kernel for Kali Pwn Pad.

If you have a N7 2012 then you can use SmoothRom v5.2 for your 2012. I will write up another tutorial for the N7 2012 tablets but for now this is for the people with the N7 2013 2nd edition tablets.


Here is a link for the specific cyanogenmod 11 rom that will work with Kali Pwn Pad.

http://xdaforums.com/showthread.php?t=2545628

that is a link for the thread...


*UPDATE*

It has come to my attention that the CUSTOM CyanogenMod (CM) project that XDA member Bruce2728 is running has been updated. So when i told you to download the specific "cm-11-20131213-bruce2728-odexed-flo.zip" zip file it will no longer be available. You should be able to do this tutorial with any of his updates and it should work just fine. As of right now the current zip available is "cm-11-20131217-bruce2728-bricked-linaro-flo.zip". Do not let the "bricked" scare you into not trying it...



NOTE: okay so i decided to go ahead and upload the exact zip file that I used with my installation of KaliPwnPad v0.5. Here is a link for the cm11-20131213-bruce2728-odexed-flo.zip. You can download it here -> http://www.filedropper.com/cm-11-20131213-bruce2728-odexed-flo The newer versions of Bruce2728's custom CM11 ROMS should work just fine but if you feel more comfortable using the exact ROM that i used then feel free to download from the link above.



Please note that specific thread is an on going project and will most likely be updated on a regular basis. I have also gotten Kali Pwn Pad to work on the "Ice Cold ROM Project" which runs on Android 4.3.1 if you would feel more comfortable using that ROM. I will make a note of it on PAGE 2 or 3 of this thread please look for it if you are interested in using Ice Cold ROM. The whole process will be the same you will just use ICE COLD ROM and a slightly different kernel.

I would suggest you try Bruce's custom CM 11 Project for the stability of CM, plus if you have MultiRom installed on your N7 device it is almost impossible to hurt your system. If anything goes wrong just boot up in TWRP recovery and delete the rom -> "FROM LIST ROMS".


Here is a direct link to download the files that you need for that specific CM 11 Rom. Make sure you also download the PA (paranoid android) google apps zip that is in this directory link:

http://bruce2728.mabsoft.dk/CM-11/

Now when you are looking to download the CM11 ROM make sure you click on the directory "FLO". If you have a N7 2013 your model tablet is FLO.

There are a couple of ROM zip files in the FLO directory. The one that you want is the cm-11-20131213-bruce2728-odexed-flo.zip

Make sure you download that exact zip file.


Another good file to download is the SuperSU zip file which you may need. You may be able to install SuperSu without the zip but lets download it just in case.

Here is the link: http://download.chainfire.eu/370/SuperSU/UPDATE-SuperSU-v1.80.zip


UPDATE:
There has also been an update with the SuperSU zip file. I believe the new version of SuperSU is 1.86. Always go with the newest version of SuperSu.



Okay so you should have downloaded these files:

1. cm-11-20131213-bruce2728-odexed-flo.zip

2. pa_gapps-full-4.4-20131119-signed.zip

3. UPDATE-SuperSU-v1.80.zip



The first file is the android 4.4.2 custom CyanogenMod ROM.

The second file is a full google apps zip from the paranoid android rom

The third file is the updated supersu zip which is a stable SU binary used for rooting your tablet.


Okay so lets move on...


STEP 4: INSTALLING CUSTOM CM11 ROM...

Okay now that we have those files downloaded (remember where you downloaded them, download folder maybe?) lets boot into recovery manager. Open up your quickboot app that you downloaded and boot into recovery manager.

TIP: When your tablet is booting up MultiRom loads first. When you tap on your tablet to stop the countdown you will see a button that says "MISC" in the top right corner. If you hit that button you can boot into recovery or reboot your tablet from MultiRom.

Now in recovery manager which works hand in hand with MultiRom you are going to want follow these steps:

1. Hit the Advanced button

2. Hit the MultiRom button

3. Add Rom

4. When you hit "add rom" you will have a few options, you want to select "add zip". Choose the cm-11-20131213-bruce2728-odexed-flo.zip file to flashed.

5. Once that is done flash the zip by sliding the bottom button from left to right.



Okay now after you flash the zip you should see "ZIP FLASHED SUCCESSFULLY".

Now what you want to do is hit the back button till you get to the main recovery page.


Next step adding Google Apps from TWRP recovery manager:

1. advanced

2. multirom

3. list rom

4. now that you have flashed CM11 you should see a ROM under "internal". Remember "internal" is your stock rooted nexus 7 rom.
click on the CM11-bruce rom

5. click flash zip.

6. pick the pa-gapps.zip file.

7. slide the button to flash the zip.


HIT THE BUTTON TO REBOOT YOUR SYSTEM.

SIDE NOTE: many people will suggest to wipe dalvik/cache and it doesn't hurt and a lot of times is a good option. You may not need to do this but you may need to if you have problems adding SUPERSU to your newly added CM11(bruce) Android ROM. If you do want to wipe your dalvik and cache for your added CM11 rom make sure you do under "list roms" click on CM11-bruce-odexed and choose the wipe dalvik/cache button.

NOTE: if you don't choose your CM11 rom you will wipe dalvik and cache for your stock "internal rom".



Okay so now that your Nexus 7 is rebooting you need to tap on your device to stop the countdown from MultiRom. You want to select your newly added "CM11-bruce-odexed" rom and hit BOOT.

SET UP YOUR DEVICE and make sure GOOGLE PLAY STORE IS RUNNING CORRECTLY:

IMPORTANT TIP: if the google play store stops working try rebooting your system. If that does not work and your google play store is giving you an error 920 code then you need to close the google play store. go to settings -> apps -> all apps. Click on Google Play and wipe data and cache. After that you need to click on GMAIL and wipe data and cache.

WIPING THE CACHE and DATA on GMAIL will fix problems with the GOOGLE PLAY STORE especially error code 920.



STEP 5: ADD SUPERSU TO CM11.

Now CM11 comes already prerooted but you will need to install SuperSU in order to get many of the apps for Kali Pwn Pad to work correctly. If you had SuperSU already downloaded from the Google Play store i would uninstall it first (dont run it first) and then reinstall it from the google play store. Open up the App and it will most likely tell you that you need to update the SU binary. Choose to do that with a normal install and the SuperSU app should tell you that you have successfully installed the SUPERSU but we need to check. After the first install of SUPERSU you need to reboot your CM11-bruce rom in order for the new SuperSU binary to take effect! THIS IS VERY IMPORTANT MAKE SURE YOU REBOOT FIRST AFTER YOU FIRST INSTALL SUPERSU.

Okay so try opening an app that needs root such as busybox free. If you do not have busybox free download it from the google play store.

If the SUPER SU notice pops up asking for root access then you have it working and you can move on.

If you get an error (which you probably will, i did) saying that there was a problem with SU and it could not get root access then what you need to do is boot into recovery and wipe dalvik and cache for your CM11 rom. Make sure you do it in TWRP under "list roms" and that you wipe the dalvik and cache for the correct CM11-bruce-oxdeded ROM and not your INTERNAL ROM.

Once you wipe dalvik and cache for your CM11-bruce ROM the Android System will rebuild itself. Once the boot it back up, try running busybox free or any other app that needs root. Did a SUPERSU notice pop up? If it did great!

If you get another error try uninstalling SuperSU boot back into recovery wipe dalvik and cache and then boot the CM11-bruce ROM back up and try downloading and installing SuperSU from the google play store. Reboot and and once the system has rebooted try running an app that needs root. If you get the SuperSu notice you are in business!

If you get another error then you can try this...

Boot back up into recovery. In CM11 you can just hold the power button and you should have an option for reboot. Hit the reboot button and you should see an option for recovery. Hit recovery and it will boot your tablet into TWRP recovery. If you do not see that option then you need to go into SETTINGS -> ABOUT TABLET -> CLICK ON BUILD NUMBER 7 TIMES. ONCE DEVELOPER OPTIONS IS ENABLED GO INTO DEVELOPER OPTIONS AND SELECT "ADVANCED REBOOT" THIS WILL ENABLE THE ADVANCED REBOOT OPTIONS FROM THE POWER BUTTON.

Okay so now you are in TWRP recovery...

Go to ADVANCED -> MULTIROM -> LIST ROMS -> Select the CM11-bruce ROM -> CLICK ADD ZIP -> SELECT THE UPDATE-SUPERSU.ZIP AND FLASH IT FROM RECOVERY.

Now reboot your system and you should have SuperSU installed on your system. Check this by running an app that needs root. Such as titanium backup, or any other.

Now you have successfully added SuperSU, we will be moving on...

STEP 6: INSTALLING BINKY BEAR'S CUSTOM KERNEL BASED OFF OF ELEMENTALX V2.2

Binky Bear who has done us all a huge favor has tweaked the ElementalX kernel in order for us to use usb wifi devices such as the ALFA AWUS036H or the TP-LINK TL-WN722N. Without this kernel working with USB wifi devices such as those would not be possible and USB OTG + HOST CHARGE would not be possible.

Before you flash Binky's custom kernel you should make a note of your current kernel. Go to SETTINGS -> ABOUT TABLET -> and look at the kernel. Write it down because after you flash Binky's kernel we need to make sure that the kernels have changed.


With my experience the TP-LINK TL-WN722N works best. I had a lot of trouble with the ALFA AWUS036H but many people were able to get it to work.

***UPDATE***
I was finally able to get my ALFA AWUS036H device to work with Nexus 7 and the issue ended up being power. In order to use your ALFA you have to have enough power to operate it. I have gone into great detail on how to get your ALFA AWUS036H working on page 10 of this thread. Please look at it and look at the picture on page 10 or at the bottom of this post and take notice on how i setup my OTG cables. Instead of using a Y-SPLIT OTG cable i use a single OTG cable and connect it to a USB HUB. My ALFA goes into the USB HUB which is getting power from a powerbank with 2.2A output. Please check out page 10 for more information...
.

Here is a link if you want to order the TP-LINK TL-WN722N from amazon. It only runs around $15 which it is totally worth it!

http://www.amazon.com/TP-LINK-TL-WN722N-Wireless-Adapter-Detachable/dp/B002WBX9C6


Here is a picture of my TP-LINK TL-WN722N USB WIFI device working with my Nexus 7 2013 Model FLO working with Kali Pwn Pad and the linux program "WIFITE".

SpfDl9H.jpg



Okay so lets move on to flash Binky's Kernel based off the ElementalX kernel. If you would like a link to the ElementalX kernel here is the XDA thread. LINK -> http://xdaforums.com/showthread.php?t=2389022


So the first thing you are going to need is to download the Kernel. Here is the link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/18/

Now once you open that link you will want to go to the section "Custom Kernels". Now since the CM11 Rom you installed is running Android 4.4.2 you will want to download the custom kernel for android 4.4+ under "Nexus 7 2013" make sure you download the kernel for your correct device.

While you are at it Download the Kali Pwn Pad v0.5 file. Here is the description: update-kalipwn-v05.zip = 1.14 GB | Update 8 DEC | Confirmed working on Android 4.4+.


IMPORTANT NOTE: Make sure before you flash this kernel in TWRP that your tablet is plugged in to power! REMEMBER THE NOTICE I TYPED ABOVE.


Once you are done downloading that kernel and Kali Pwn Pad v0.5 you will need to boot into recovery again. Once you are in recovery make sure you go to -> ADVANCED -> MULTIROM -> LIST ROM -> SELECT CM11-BRUCE ROM -> ADD ZIP

Now when you go to add the zip file you will want to select the el-kitkatkaliflo2.2.zip file. Now when you start to flash that zip file you will be greated with a ELEMENTALX picture and a nice and easy to follow menu of options.

Now Binky's kernel based off ELementalX v2.2 is pretty straight forward you can just choose mostly the default options that come up. When you get to CPU GOVERNOR choose "on demand" and when you get towards the end i choose the options for:

option: USB FAST CHARGE

option: exFAT file system

option: USB OTG + HOST CHARGE (this is very important!)

Follow the steps and when it is done hit finish. Now you should see in TWRP "zip successfully flashed" and you should be able to hit "reboot". Now there could be a chance that your tablet turns off after flashing the kernel and you may be able to turn your tablet back on "by pressing the power button" if you can't get it to power back on dont worry. Just hold down the power button and your tablet will reboot and you can boot back into your CM11-bruce ROM from MultiRom.

Even if your tablet turns off after flashing the kernel you will still have installed the kernel,so don't panic. After you reboot your tablet and you have booted up CM11-bruce make sure the kernel has changed by going to SETTINGS -> ABOUT TABLET -> LOOK AT KERNEL.

DO YOU SEE VX@VIRTUAL-MACHINE #1? If you do you have successfully installed Binky's kernel!!

If you see that kernel in your "ABOUT TABLET" then you are all good and you can now move on to flashing Kali Pwn Pad v0.5 to your Nexus 7 system!!!


STEP 7. FLASH KALI PWN PAD v0.5 TO YOUR TABLET.

So we have come a long way and we are almost there...

AGAIN MAKE SURE YOUR TABLET IS PLUGGED IN TO POWER ESPECIALLY FOR THIS STEP!


Now that we have successfully flashed Binky's kernel we need to flash the KaliPwnPadv0.5 zip file that we downloaded from this link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/18/

Okay so lets boot back up into recovery.

Now that we are in Recovery go to -> ADVANCED -> MULTIROM -> LIST ROMS -> SELECT CM11-BRUCE -> ADD ZIP.

You are going to select the update-kalipwn-v0.5.zip file that you downloaded earlier.

WARNING: this file will take about 30 minutes to flash. you are going to want to keep and eye on this file. if at all possible do not let TWRP time out and turn off the screen. You can avoid TWRP turning off your screen from an idle timeout by clicking on your tablet's screen once a minute. I know it may seem like a lot but it is best and easier to avoid the screen from turning off from an idle timeout. If your tablet does turn off from an idle time out if you are on POWER you should be able to turn the screen back on by just clicking on the power button and swiping the bottom of your tablet from left to right to unlock it.

Okay now that KaliPwnPadv0.5 is flashing you will just have to wait for it to finish...

It does take about 30 minutes for this big file to flash. Now you will see the progress bar filling up. When the progress bar is full don't worry that the zip isn't done flashing. It may take 5-7 minutes after the progress bar is full for the zip file to finish flashing.

Okay so once you see the kalipwnpadv0.5 zip file is about done flashing you are going to want to look for this line "zip successfully flashed". When this file was done flashing at the very last line i received and error..

The error i received was "unable to load ramdisk" and then i got a message on the top screen which said "Error: unable to flash zip". Don't worry this will not affect your system, it did not to mine.

However, not everyone got this error, some people were able to flash the kali pwn pad v0.5 zip without error. I just want you to know that if you do get this error not to worry.

Once the file finished regardless if you got "zip file flashed successfully" or "unable to load ramdisk" error you will need to reboot your tablet.


NOTE: If you want, if you did get the "unable to load ramdisk error" you could boot your CM11-BRUCE ROM back up, boot into Recovery again and try flashing the kalipwnpad v0.5 zip again and you may not get the error the second time. Just a suggestion...its up to but like i said that error "unable to load ramdisk" should not affect your system.


Now click on multirom to stop the countdown and select your CM11-BRUCE Android Rom.


WHEN YOU BOOT YOUR CM11-BRUCE ROM YOU SHOULD SEE THE MESSAGE "ANDROID IS UPGRADING" AND YOU SHOULD SEE ABOUT 40 APPS THAT ARE BEING UPGRADED.

This is a good thing! It means that Kali Pwn Pad took and the apps are being added to your system! Now what you are going to want to do is try out a few apps. The first one i did was change VNC password. Click on the app "configure kali" from your apps menu and choose "change vnc password" the password needs to be 8-characters long. Choose a new pass and then choose the option to boot vnc server. Pay attention to what port number the vnc server starts on, such as 5900 or 5901 or 5902. Once your VNC server is running you can use "androidvnc" from the google play store to boot into kali linux which is running xfce4.


GOOD TIP ABOUT VNC SERVER AND VNC APP:
If you want to use a usb keyboard or any external keyboard with your VNC session then you will need to use another VNC application because AndroidVNC does not support external keyboards and it has not been updated since 2011. A good choice for a VNC application that supports keyboards is MultiVNC which can be found on the Google Play Store. Do yourself a favor and download it!


PAY ATTENTION TO THIS IMPORANT NOTE!!

IMPORTANT NOTE: if you had terminal emulator on your device before you flashed kali pwn pad you will need to delete it and reinstall it for kali pwn pad to work correctly. If you get an error from trying to run any of the shell script apps such as "config kali" you need to delete terminal emulator and reinstall it. Reboot your ROM and you should be fine.


What you need to get the most out of your new penetration testing tablet:

List of Tools:

1. USB WIFI DEVICE -> TOP PICK: TP-LINK TL-WN722N (this usb wifi device worked great for me and i love it!) When i get my ALFA AWUS036H working i will let you know how i did it but for now get this usb device! I gave a link above on where to get it from amazon!

2. USB OTG CABLE w/ POWER!: This is a must have! Many people have reported not being able to get their usb wifi device to work because they did not have an OTG cable that allowed power to be plugged in. This means their usb wifi device was not getting enough power so it could not be used. Here is a link from amazon on where to get the cable.

LINK:
http://www.amazon.com/Micro-Cable-Power-Nexus-Galaxy/dp/B00CXAC1ZW?tag=5336432715-20


3. USB BLUETOOTH SIGNAL BOOSTER: hands down best for this is the "ubertooth" from the hacker store. I have just ordered this and i can't wait till it gets here! As soon as i get it i will let you know how it works and add the steps on getting it working to this tutorial. Here is the link.

Update Ubertooth-One Now Working On Kali PwnPad:

I can confirm that ubertooth does work in fact work with Kali PwnPad. You can now use the Parani-UD100 / Parani-UD100 G03 with Kali PwnPad and you can in fact use Ubertooth with Kali PwnPad. In order to add bluetooth support to Kali PwnPad you need to download Binky's latest kernel which is based on elementalx v2.6 and flash the zip file in twrp recovery.

How to setup bluetooth + ubertooth-one:

Links on how to setup bluetooth and ubertooth-one are on PART II of the tutorial:


Link:
http://hakshop.myshopify.com/products/ubertooth-one



TUTORIAL WILL BE CONTINUED ON NEXT POST!!!

-droidshadow
 

Attachments

  • 20140109_183929.jpg
    20140109_183929.jpg
    259.3 KB · Views: 8,410
  • 20140109_183919.jpg
    20140109_183919.jpg
    245.9 KB · Views: 7,703
Last edited:

droidshadow

Senior Member
Dec 28, 2012
356
204
Tutorial continued...

STEP 8: GETTING YOUR USB WIFI DEVICE WORKING WITH KALI PWN PAD.

here is how i got my usb wifi device to work with kali pwn pad. Okay the only one i was able to get to work first of all is the TP-LINK TL-WN722N but if you check out BENE from the zetaboards forum he has gotten 2 other usb wifi devices to work. Here is a link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/18/


*UPDATE*

Okay so if anyone of you have been reading my posts of the zetaboards forum then you might know that I have been having trouble getting my ALFA AWUS036H USB Wifi Device to work with Kali Pwn Pad. Now others have been able to get their ALFA device to work with Kali Pwn Pad but I have not..

As of recent i have made some advances in getting my ALFA to somewhat work but still the best device is the TP-LINK-TL-WN722N. If you want to try your ALFA make sure you delete the app "pcap capture" that app will block the ALFA from working and coming up as the wlan1 interface. Also try unplugging and plugging in your ALFA to your USB OTG Cable. Another very big important tip is that the ALFA has to be into power so you need an OTG cable that has a Y-SPLIT which you can plug in a charging cable to. As of right now for my ALFA i can get "wlan1" to come up but i am having some "SIOCFLAG" issues which i will eventually work out. When i do get my ALFA working i will post exact instructions on how to fix any issues you might come across with the device. Remember...others have been able to get their ALFA to work just fine so it may just be my device. For right now though i would definitely recommend getting the TP-LINK USB Wifi device it works amazing. Two days ago i switched my home router from WPA2 to WEP encryption and my Nexus 7 + WIFITE + TP-LINK was able to crack my home router within 5 minutes!



Continued...

Okay so what i did was first boot up the CM11-bruce rom. After the boot finished up i would plug in my USB OTG CABLE with my nexus 7 charging cable into my OTG cable (power plug) and my usb wifi device (TP-LINK TL-WN722N) into the other Y-cable adapter plug. I have had success plugging in my OTG cable after the ROM boots. For some reason if i try to plug in and boot the ROM with the OTG cable plugged in my usb wifi device will not come up! so please pay attention to that...

IMPORTANT: NOTICE THAT I PLUG IN MY OTG CABLE AFTER MY NEXUS 7 HAS BOOTED UP AND I AM KALI LINUX.

9P1EOIC.jpg




Okay so your ROM is booted up and your USB WIFI Device is plugged in now how do you connect it? First log into Kali Linux with any of the apps. I like to choose the app "configkali"and then choose "start vnc server". After the vnc server starts you are chrooted into Kali Linux. First check to see if wlan1 is available with the command in terminal emulator "ifconfig"

If you run "ifconfig" and you only see wlan0 then you need to run the command "iwconfig". If you run "iwconfig" you should see wlan1 available.

If you see "wlan1" when running the command "iwconfig" then you can load the interface by running the command "ifconfig wlan1 up".

After you run "ifconfig wlan1 up" you should see this:

AeN0K8v.jpg



Once wlan1 is up and running you can run any of the apps such as "Wifite" and "Kismet" to fully utilize your usb wifi device!!

Now for the app "kismet" you may have an issue with a small screen size which Binky has issue a zip file fix which you can download here:
http://d-h.st/YgC

Once you download that kismet zip file fix you just need to flash it in TWRP recovery manager. Just make sure that you flash it to your CM11-bruce ROM from the section "list roms" which you should be a pro by now!!


Now there are some small errors with certain apps on Kali Pwn Pad which can be fixed quite easily with a text editor. If you are going to fix these small issues which can be done very easily with nano i would suggest that you do it in vnc with xfce4 it is much easier that way. Here is a link on the zetaboards forum thread on those issues and how to fix those problems...

SMALL FIXES LINK:

http://w11.zetaboards.com/Pwnie_Express/single/?p=8259168&t=9369003


Well that is about it...
@binky

I would really like to thank Binky Bear for all of his hard work. Brother this would not have been possible if it wasn't for you. You have put so much time in this project and we all owe you so much. I have loved turning my Nexus 7 Tablet into a penetration testing machine, and thank you for saving me over $1,000 dollars as compared to the Pwn Pad tablet! Binky I would really like to take this time thanking you for all of the extra time you took to help me with all of the responses and answering all the questions i had. Binky I wrote this tutorial for you to reference to try and make your life easier and you have done so much for all of us.

People if you get a chance, go by the zetathread forum and make sure you thank Binky!
@BENE

Bene i would like to thank you also for all of the testing that you have done to make sure Kali Pwn Pad did in fact work on the 2013 Nexus 7 tablet device. Bene i would not have been able to put Kali Pwn Pad on my tablet if it was not for you and Binky. Bene you pointed me in the right direction by pointing me to the custom CM11-bruce ROM and all the advice and tips you gave me made this possible. Thank you for taking time to help me and I want you to know just how much i appreciate your help.

I would like to thank everyone else who helped me...you know who you are! I am just very tired of typing at this point! :cowboy:

Well i hope this tutorial has been helpful to you and i will be updating it regularly! If you have any questions please let me know and I will be happy to assist you! If this tutorial has helped you please give me a thanks to show your appreciation!

Have fun with your now new penetration testing tablet! Make sure to also show your thanks to Binky! He is the man!

Have fun!

-droidshadow
 
Last edited:

droidshadow

Senior Member
Dec 28, 2012
356
204
Tutorial continued...

After seeing all that text...man that is a very long tutorial. However, i really tried to be as detailed as possible and really give you as much as i could step by step instructions. If anything is confusing you please let me know so that i can either fix it, edit it, or elaborate a bit more.


***UPDATE***

Okay so one thing I forgot to add to the tutorial is a way for you to check which usb devices are connected to your tablet through the Kali Linux chroot environment. For those of you who are Linux users when you read this you will probably be thinking oh ya i remember that command! So lets get started...

Now when you are connecting usb devices such as your usb wifi adapters for example your ALFA AWUS036H (RTL8187) or your TP-LINK WN722N or finally your Alfa AWUS036NHA you may in the beginning have trouble getting your usb devices to show up on Kali PwnPad. There is however a very nice program in Linux to help you troubleshoot connecting your usb devices by showing you which devices are connected to Kali PwnPad so you can see where you are having troubles. The program/command that I am talking about is "lsusb".

For those of you who don't know what that command is or does, lsusb stands for list usb and it will show you what usb devices are connected to your Kali PwnPad linux system. I was very happily surprised to see that this command would actually work in a linux chroot environment especially with Android as the host operating system but it works amazing!


How to install...

Okay so in order to install lsusb on Kali PwnPad we need to install just one package. So when you are in chroot Kali PwnPad environment, (you can do this by clicking config kali and hit 0 to exit the menu) this will bring you to a command line prompt you should see root@localhost at your command line prompt, just run this command -> "apt-get update" then run "apt-get install usbutils". Now if the second command does not work then try running "apt-get install usbutil" i am almost 100% sure that the usbutil(s) has an "s" at the end but it may not so try "apt-get install usbutils" first and if that does not work try usutils without the s on the end.

That is it... very simple right!?


So when you instal that package you can now use the command "lsusb" and others that are in that package but i will only be discussing lsusb here. When you run lsusb you should see whatever usb device you have attached. If you are using an OTG cable with a Y-SPLIT for power hosting then you will most likely only have one usb device attached so when you run lsusb you will only see one usb device obviously. Now if you happen to be using a usb hub like the one i posted in my picture at the bottom of the tutorial on page one or at the bottom of this post, when you run lsusb you will see all usb devices attached and you will also see your usb hub attached as well! If however when you run lsusb you don't see any usb devices listed and you don't see your cflex usb hub listed then you know that you have a problem somewhere. You either have a bad OTG cable, a bad cflex usb hub, or you are not getting enough power to your USB devices so they are not working because of power issues.


Problems with connecting more than one usb device:

The two most common problems I see that people get when trying to attach more than one usb device is that one, they are not setting up their usb hub/cables correctly so try moving things around and switching cables around till you find a setup that works. The second issue/problem I see that people make is that they are not getting enough power to their usb devices so their usb devices are not turning on, hence they can not be attached because there is not enough power for them to work. This power issue is a big issue with ALFA products. ALFA products require more power to work than say the TP-LINK. This is why i recommend people to start off with the TP-LINK as it is much easier to setup because it requires much less power to work versus the ALFA products.


Tip on which powerbank to get for your Nexus 7:

Okay so some people have asked me which powerbank should they get for their Nexus 7 when they are trying to connect their usb devices and be mobile at the same time. Powerbanks work great with the Nexus 7 and with Kali PwnPad so you don't always have to be plugged into a wall outlet in order to power your usb devices. One big recommendation for which powerbank to get is one that has at least a 2A output. You need at least 2A output in order to get enough power to get your ALFA's to work properly. If you are just going to use a TP-LINK then any powerbank will work just fine for the most part. Okay so another big recommendation for your powerbank is that it have at least 2 usb plug-in outputs. This will just make life a lot easier for you. When you look at your powerbank for the most part one output will say 0.8A or 1A and the second one will say 2A. When you are trying to power your usb devices make sure your usb hub is plugged into the usb option on your powerbank that says 2A. This will give you enough power for your devices. My powerbank has 3 usb output options 2 usb outputs are 1A and the 3rd is 2.2A. That kind of powerbank works great with Kali PwnPad + ALFA products but a 2A output will do just fine. I have tested on two other powerbanks with 2A output and they worked just fine with both Alfa's mentioned above.


Output for lsusb:

Okay so when you run lsusb you should see all usb devices attached and you should see your usb hub (if you are using one) listed in the output as well. Later on today I will post a picture of the output so you can see first hand what it looks like. Later today i am going to be flashing Binky's new kernel based off of elementalX v2.6 which has added bluetooth support. I will let you all know how my Parani-UD100 usb bluetooth adapter and my ubertooth (should be here by Monday) works with lsusb, and if the usb bluetooth devices are showing up on the lsusb output. I will also be writing a separate post on how to setup ubertooth and the parani-ud100 with Kali PwnPad as well.

IMPORTANT NOTE:


At the bottom of the post I am uploading a picture of my 2013 Nexus 7 with my cflex usb hub along with 2 usb wifi devices, one ALFA AWUS036H, and my TP-LINK WN722N. Please study the picture and see how i setup my cables as it might help you when it comes time to setup your cables.
If when you setup your OTG cables and your usb hub if your usb devices are not showing up try unplugging your OTG cable and plugging it back in and see if that helps. Try rearranging the cables for different combinations until you find one that works. If that does not work try a restart and see if that helps... Bottom line is it will work but it may take you a few tries until you find a combination that works for you. SO DO NOT GIVE UP, YOU WILL GET IT!


UPDATE: HOW TO CONFIGURE BLUETOOTH + UBERTOOTH-ONE:

Okay so if you want to configure bluetooth on kali pwnpad then go to this link here and look for my detailed post on how to setup bluetooth. Here is the link -> http://xdaforums.com/showthread.php?t=2577356&page=16

If you want to learn how to setup ubertooth-one on kali pwnpad then go to this tutorial -> http://ubertooth.sourceforge.net/usage/build/

For that ubertooth-one tutorial make sure you do all steps that apply. Some steps by not work because this is linux in an android environment but just keep moving ahead with the rest of the tutorial. I followed this tutorial exactly and ubertooth worked great on kali pwnpad. If you want to use the GUI ubertooth program which shows a graph of bluetooth analysis then obviously you need to be in a VNC session.

All other ubertooth programs can be ran from terminal emulator once you are in Kali Linux in a chroot environment.

If any of you are unfamiliar with VNC and want to learn how to setup VNC manually on Kali Linux (even though binky has taken care of this in his config kali app) you can learn how to setup VNC from this post ->
http://xdaforums.com/showthread.php?t=2577356&page=14


I hope this post will help you with your USB devices and any troubleshooting that you may have to do. Also I will let you all know very soon how Binky's new kernel based off of elementalX v2.6 works out since he added bluetooth support so we can start doing some bluetooth hacking and bluetooth packet injection with the parani-ud100 and the ubertooth! Again please study the picture at the bottom of this post to help you out with setting up your OTG cables. Please notice that I am using a single OTG cable with no y-split to connect to my cflex usb hub. Again i hope this has helped you out and be on the look out for my updates on the new kernel from Binky and how bluetooth support works out. Keep your fingers crossed that the bluetooth support added to Binky's new kernel works out without any issues! I will let you all know very very soon!

Thank you all for your continued interest and support for Kali PwnPad and for this thread but most of all THANK YOU BINKY for giving us all such a great penetration testing system for our Nexus 7 devices. We all owe you so much Binky. thank you again!


-droidshadow
 

Attachments

  • 20140109_183929.jpg
    20140109_183929.jpg
    259.3 KB · Views: 2,475
Last edited:

rulk

Senior Member
Sep 1, 2007
55
4
Grandville
niche application, but very very cool.
Just wanted to say thanks for the tutorial!

I am a security student and I purchased my Nexus 7 Tablet with this exact application in mind!

I have been stumbling through things and keep having to start over..

With this tutorial (assuming it works for me) You just saved me probably another 8+ hours screwing with it.. And the look on my class mates faces when i come in with a full Kali installation... ;)

I will post again once I have it all installed and go from there. And thanks for the part for the wifi. I might have to go and order atleast one now. I am building a mobile hacking station into my vehicle and a couple other machines. Was not aware of this WiFi also working.

Now that I have my stock rom back on for the 6th time today... (grrr) I am off to follow this tutorial!

One quick question for you...
Can you use the built in WiFi with this to hack with as well?
I understand you won't likely be able to hack wifi without the USB wifi adapter but I am also interested in hacking in the network once I am in. In otherwords it makes sense to use the USB wifi adapter to gain access to a network then unplug it and use the built in to hack the actual network.

I will mention again I am a security student learning this stuff and I will not be using these to break any laws. I will likely be hacking into my own computers setup for this experience or other computers setup for this.

I assume you could use a similar style USB wired lan interface as well.

have you tried the latest kali rom that was posted?

Rodney
 
Last edited:
  • Like
Reactions: EliteCodexer

droidshadow

Senior Member
Dec 28, 2012
356
204
@rulk

Hey i am glad that you like the tutorial! People have reported getting the internal broadcomm wifi chipset that is built into the Nexus 7 tablet to work with monitor mode. So you technically could use wifite and aircrack-ng with your tablets built in wifi. The only problem with that is that you will loose all internet connection once you put your internal wifi cad into "monitor mode"

If you get an OTG Cable with multiple Y-Cables you could plug in multiple usb wifi adapters...

There is one gentleman on the other zetaboards forum that has multiple usb wifi adapters (multiple ALFA's) that you could check out...

I just ordered a different ALFA NOT THE AWUS036H that has the RTL8187L chipset the ALFA i ordered i believe has an ATHEROS chipset i believe, and once i try it out I will let you know how it works,,,

Have fun brother, and let me know if you have any questions!

-droidshadow
 

rulk

Senior Member
Sep 1, 2007
55
4
Grandville
If you go to the link in your tutorial there is another one listed now:

update-kalipwn-v05-1.zip = 1.46 GB | Update 18 DEC | Uncomfirmed working on Android 4.4+.

I loaded this one onto my tablet and about half of the programs exit abruptly.

I just screwed up my tablet again...

I had backed up the rom before installing kali but since it didnt work I tried to restore but there is not a restore option for just the rom so I did the main restore... Looks like I over wrote my stock rom with the CM rom and lost the second rom..

Ugh

Looks like it will be cool once I get it working though..
If I can use the WiFi to do my internet stuff then switch it off to use this stuff then I am good. I really don't need two wifi adapters on it yet.
Although I may be ordering some new ones so I can...

Rodney
 
  • Like
Reactions: EliteCodexer

droidshadow

Senior Member
Dec 28, 2012
356
204
Rulk:
Yes Binky has just added that Kali pwn update but as you can see in the comments it has not been tested...

You need to make sure that you are using the custom CM ROM I mentioned the CM11-bruce ROM and make sure you use Binky's kernel for 4.4+ then only use the update-kalipwnv0.5 that I mentioned in the tutorial.

If you have Multirom installed you will be fine just remove (delete) the ROM and start over.

The custom cm11 ROM and kernel are crucial to getting Kali pwn pad to work!

-droidshadow

Sent from my SCH-I535 using XDA Premium 4 mobile app
 

droidshadow

Senior Member
Dec 28, 2012
356
204
@rulk I forgot to get you the link so that you can turn your internal WiFi card on your Nexus 7 into monitor mode but if you do a Google search for 'android monitor mode' one of the very first links that comes up is bcmon.blogspot (something like that) and they have actually created an APK file to get monitor mode on the Nexus 7. Granted this was tested on N7 2012 and on CM 9 but other guys have told me they got it working on newer CM10+ ROMs

When I get home I will give you the link

-droidshadow

Sent from my SCH-I535 using XDA Premium 4 mobile app
 
Aug 14, 2012
45
8
Fantastic tutorial! I greatly appreciate the detail that went in 2 this masterpiece. I just checked the link 4 CyanogenMod download and the only ones posted for the Flo model are 12 / 18 and 12 / 17

Sent from my Nexus 7 using XDA Premium 4 mobile app
 

p4rot

Senior Member
Jan 5, 2013
537
319
Just a little question,
Do we need a USB WiFi device like the one linked to amazon so that this whole setup works?
BTW the flo Roms available don't say odexed but bricked linaro, is that the one we need?

Sent from my Nexus 7 using xda app-developers app
 
Last edited:

droidshadow

Senior Member
Dec 28, 2012
356
204
@AlchemicalVibrations

You do NOT download the CM ROM from the official CyanogenMod website. You have to download it from the xda thread that is in the link I provided.
@jonathanxx1

You do not necessarily need the USB WiFi device like the one I linked from Amazon but then it would leave apps like wifite kismet and aircrack-ng useless. But there is still some great apps such as metasploit SET (social engineering toolkit) and openvas just to mention a few...

For the $15 the TP-LINK USB WiFi device costs it is truly worth it!

-droidshadow

Sent from my SCH-I535 using XDA Premium 4 mobile app
 
  • Like
Reactions: pan.droid

droidshadow

Senior Member
Dec 28, 2012
356
204
@johnathanx

You are right he has updated the ROM...

Go with the second to last zip should be fine...

Try flashing that zip with Multirom and it should work just fine...

If for any reason you have a problem I will upload the cm11-bruce-odexed.zip file that I have I promise

-droidshadow

Sent from my SCH-I535 using XDA Premium 4 mobile app
 

p4rot

Senior Member
Jan 5, 2013
537
319
@AlchemicalVibrations

You do NOT download the CM ROM from the official CyanogenMod website. You have to download it from the xda thread that is in the link I provided.
@jonathanxx1

You do not necessarily need the USB WiFi device like the one I linked from Amazon but then it would leave apps like wifite kismet and aircrack-ng useless. But there is still some great apps such as metasploit SET (social engineering toolkit) and openvas just to mention a few...

For the $15 the TP-LINK USB WiFi device costs it is truly worth it!

-droidshadow

Sent from my SCH-I535 using XDA Premium 4 mobile app

The file (ROM) that I got is cm 11 2013/12/18 bruce2728 bricked linaro, is that it, just to make sure before flashing and messing everything up.

Sent from my Nexus 7 using xda app-developers app
 
Aug 14, 2012
45
8
Ok on bruce's page I see two downloads:

cm-11-20131217-bruce2728-bricked-linaro-flo.zip

cm-11-20131218-bruce2728-bricked-linaro-flo.zip

Just to be sure, did you mean the cm-11-20131217-bruce2728 one? Also, SuperSU updated to 1.86 so is that okay to go with or do we need the 1.8 you referenced in OP?

Sent from my SCH-I535 using XDA Premium 4 mobile app
 

p4rot

Senior Member
Jan 5, 2013
537
319
The file (ROM) that I got is cm 11 2013/12/18 bruce2728 bricked linaro, is that it, just to make sure before flashing and messing everything up.

Sent from my Nexus 7 using xda app-developers app

In gonna wait for an answer also before flashing

Sent from my Nexus 7 using xda app-developers app

---------- Post added at 04:29 AM ---------- Previous post was at 04:27 AM ----------

In gonna wait for an answer also before flashing

Sent from my Nexus 7 using xda app-developers app

I mean an answer to the question the poster above me just asked.

Sent from my Nexus 7 using xda app-developers app
 

droidshadow

Senior Member
Dec 28, 2012
356
204
In gonna wait for an answer also before flashing

Sent from my Nexus 7 using xda app-developers app

---------- Post added at 04:29 AM ---------- Previous post was at 04:27 AM ----------



I mean an answer to the question the poster above me just asked.

Sent from my Nexus 7 using xda app-developers app

Jonathanxx1:

Do you have multirom installed? It is almost impossible to mess up your tablet with MultiRom installed...


You can go with either zip file i would probably go with the latest zip file the 12-18 one. With multirom installed you can't go wrong...

If your rom messes up you can just hold down the power button it will reboot your tablet and you can delete the rom from TWRP recovery and you can easily start over again.

Now go ahead and try that rom and if it works great, if it doesn't work then i will upload the cm11-bruce-odexed.zip file that i use specifically for my installation.

Does anyone know of a good (and free) upload site where i can upload a zip file around 180MB?


As for SuperSU updating itself always go with the most recent SuperSU zip file that is available...

I stated in the tutorial that you may not even need the SuperSU zip file it is just good to have just in case you have problems adding SuperSU to your cm11-bruce ROM installation.


Have fun brother!

-droidshadow
 

p4rot

Senior Member
Jan 5, 2013
537
319
I will try with the latest Bruce ROM and the latest super su and report back after.

Sent from my Nexus 7 using xda app-developers app
 

droidshadow

Senior Member
Dec 28, 2012
356
204
Want to try a different ROM?...

I will try with the latest Bruce ROM and the latest super su and report back after.

Sent from my Nexus 7 using xda app-developers app


Jonathanxx1:

I wanted to let you and everyone else who is interested in putting Kali Pwn Pad on their Nexus 7 device that I was in fact able to get Kali Pwn Pad to work with another custom ROM. The ROM I choose was recommended to me by another *tester* and it worked very well for me.

The ROM I choose was "Ice Cold ROM" and here is a link to the XDA Thread -> http://xdaforums.com/showthread.php?t=2488056

Ice Cold Rom is a very nice and stable ROM that runs on Android 4.3.1

If you would like to use this ROM to put Kali Pwn Pad on you are going to want to choose the ROM for "FLO" if you have the Nexus 7 2013 WIFI only tablet like i do.. (if you don't choose the correct Rom for your device).

Okay so the whole process is the same if you want to use Ice Cold ROM except you are going to be adjusting a few things...

1st. You are going to want to get the correct GApps.zip file. For Ice Cold Rom you can use the same GApps.zip file that Cyanognemod uses for their 10.2 version. Here is a link -> http://wiki.cyanogenmod.org/w/Google_Apps (choose the gapps.zip for CM 10.2 the 0813).

2nd. You are going to want to use a slightly different kernel. You will be using Binky's kernel for Android 4.3 which is based off of ElementalX v1.8 Here is another link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/21/#new

Make sure you get this kernel -> Android 4.3 Based off ElementalX v1.8.. Defconfig can be found here for developers. The trick was cfg80211. This is confirmed working by BeNe.

3rd. Instead of using Kali Pwn Pad v0.5 you are going to need to use Kali Pwn Pad v0.4. Now i know you might be thinking that kali pwn pad v0.5 is probably better than v0.4 but let me tell you that i have been playing with kalipwnpadv0.4 for about 3 days now and it is quite stable..


Well that is it...

The whole process for using Ice Cold Rom instead of Bruce2728 Custom CM11 project is the same except you are going to be using those 3 files mentioned above instead..

If anyone has any questions please dont hesitate to ask...

*NOTE* if you used Bruce2728 updated CM11 zip file (1217 or above) please let me know how it worked for you so i can relay it into my tutorial.
If i have to i will try it out myself...


I hope this has been helpful for you...

-droidshadow
 
Last edited:
  • Like
Reactions: mdamaged

Top Liked Posts

  • There are no posts matching your filters.
  • 36
    Hello xda developers!

    Do you love computer security as much as I do?

    Do you have a nexus 7 2013? A Nexus 7 2012 will work too i will get to that...

    Have you seen the amazing Pwn Pad Tablet from Pwnie_Express -> http://pwnieexpress.com/products/pwnpad

    Now that is one amazing piece of hardware with some amazing software, yet I don't know about you but I don't have $1,000 dollars to purchase a penetration testing tablet, and even if i did i wouldn't. The Pwn Pad tablet is a 2012 Nexus 7 tablet that the amazing people from Pwnie Express have hacked up to put Ubuntu in a chroot environment with some amazing programs such as EvilAP, Metasploit, Wifite, and Kismet. The greatest thing about the Pwn Pad is that they have done some modifying to a kernel to enable usb wifi devices to work such as the ALFA AWUS036H and the TP-LINK usb wifi device.


    Now some people over at a another forum have done some amazing work for the Nexus 7 tablet and they were able to create a Pwn Pad based Rom but instead of Ubuntu they choose Kali Linux which in my opinion is much better for Penetration Testing. In fact the new 2014 Pwn Pad tablet from Pwnie_Express will be coming using the N7 2013 with Kali Linux instead of Ubuntu which is what the 2012 Pwn Pad uses. Moving on...

    There are some definite bonuses to using the Kali Pwn Pad created by a user who calls himself "Binky Bear" compared to the original Pwn Pad from the great guys at Pwnie_Express. The first big bonus is that you get Kali Linux instead of Ubuntu. A second great bonus is that Binky Bear has take the [ElementalX kernel v2.2] and tweaked it a bit to work with his creation of Kali Pwn Pad v0.5. The big bonus with Binky's kernel which is based of [ElementalX kernel v2.2] is that the kernel supports USB OTG + Host Charge Mode. This means that if you have a OTG cable that has also has a Y-Cable you are able to power your usb wifi adapter and charge your tablet at the same time. This is one limitation of the original Pwn Pad from Pwnie_Express. The Pwnie_Express Pwn Pad can not power the usb wifi adapter and charge the tablet at the same time, they recommend you use a docking station. However, when you put Kali Pwn Pad on your N7 tablet you will not have this limitation!

    Here is a picture of my tablet with the TP-Link usb wifi adapter:

    GR1ymkK.jpg



    Are you getting excited? I know I was when i first laid eyes on the Pwn Pad from Pwnie_Express! The Pwn Pad was the reason I went out and purchased a Nexus 7, only i didn't know it was the 2012 edition that was being used by Pwnie_Express and I purchased the 2013. So i had to wait for someone to come up with something for the N7 2013, luckily Binky Bear was sent from computer security heaven!


    Okay so lets get started... (Many of you these steps will be very elementary for some of you just skip ahead where you feel comfortable)
    i wanted to make this guide as detailed as possible (spoon feeding!)

    So you have a Nexus 7 is it rooted? The first thing we need to do is Unlock your Bootloader and Root your tablet...



    UPDATE TIP: I am jumping ahead here but you need to know this tip...

    Anytime you do anything under TWRP recovery manager especially flashing zip files and Rom's you should have your Nexus 7 tablet plugged into power. If your Nexus device is in recovery manager for a period of time (and it will be when we flash kali pwn pad) it could turn the screen off. If your device is being powered it is easy to get the screen back. You just need to press the power button and slide the bottom of the screen from left to right in order to unlock the screen. If your device is not being powered it can be a real pain in the ass to get the screen to come back on from TWRP recovery. PLEASE TAKE THIS ADVICE SERIOUSLY!




    STEP 1: Unlock BootLoader and Root your Tablet: There is a great tool for Windows Computers that will basically do whole rooting process for you. If you have been into the Nexus 7 world for some time now then you know exactly what tool I am talking about. The tool I am talking about is the Nexus 7 Root Toolkit by WuGFresh. Here is a link to his website -> http://www.wugfresh.com/nrt/

    Now you can use the Nexus 7 Root Toolkit to unlock your tablets BootLoader which is a must! Unlocking your bootloader is the very first thing you should do your Nexus 7 tablet.

    In order to unlock your bootloader you need to do a couple of things first. First thing is go into "Settings" for your tablet and click on "About Tablet" When you are in the "about tablet" click on "build number" 7 times to enable "developer options". Once you have clicked on it 7 times go back to settings and go into "developer options" and enable "usb debugging"

    Okay now that usb debugging is enabled, we need to install the usb drivers so your tablet can communicate with your computer. This will work for windows vista/xp/7. If you have Windows 8 or Linux or Mac you will need to follow the steps for installing USB drivers and rooting your tablet for your specific setup. It is not hard just do a quick google search or do a search on youtube for a video tutorial...

    Moving on...

    Now the easiest way to install the usb drivers for your Nexus 7 device is to use the program by WuGFresh -> the Nexus 7 Root Toolkit. Just click on the button to install the usb drivers and follow the steps. If you prefer to manually install the usb drivers you can use this link here to download them -> http://developer.android.com/sdk/win-usb.html

    I would really recommend that you use the WuGFresh root toolkit to install the usb drivers though...

    Okay now that you have the USB drivers installed you need to unlock the bootloader. Click on the button on the WuGFresh Nexus 7 Root Toolkit which says "unlock bootloader". Follow the steps. When your Nexus 7 tablet reboots you will see a screen come up that says do you want to unlock the bootloader. Slide the bottom button to right to unlock your bootloader. When you do that it will tell you that you may void your warranty unlocking your bootloader but don't worry you can always re-lock it if you want to, especially if you need your warranty. The N7 Root Toolkit has an option to restore your device back to factory settings, unrooted with a locked bootloader! Such a great tool...

    Okay so now your bootloader should be unlocked...

    So now what you want to do is root your device and install the TWRP recovery manager. Now i know that many of you out there are used to CWM (clockwork mod recovery manager) but TWRP is a great recovery manager and you will need it with Multirom. We will get to multirom...

    So under the root button on your Nexus 7 Root Toolkit is an option that you can click on to check which says "install recovery manager" make sure you click that button before you hit the root button!

    So check that option to install recovery manager (which it installs TWRP) and let the NRT (nexus root toolkit) do its magic...

    Okay so now you should have a rooted tablet! Lets make sure by first making sure that SuperSU is in fact installed on your tablet!. If it is open up the app "busybox free" which should have been put on your tablet by the NRT program. When you start busybox free it should ask you for root permission.

    Go ahead and grant busyboxy free root permission and install busybox free...it can't hurt and it is a great program.

    If you would like a video tutorial on how to root your N7 with the NRT program here is a youtube video link -> http://www.youtube.com/watch?v=Lg_QU9w5xCU

    Moving on...

    STEP 2: INSTALL MULTIROM MANAGER

    Now that your tablet is rooted you need to install MultiRom Manager. What this does is it allows you to put multiple roms on your tablet without ever harming your stock (internal) android rom. This is a great tool and all of us who use it really owe the developer a lot of credit...

    There is a very easy way to install MultiRom Manager. The developer of this program has created an app that you can download from the Google Play Store to install it easily and successfully.

    Open up the Google Play store and do a search for "multirom manager". Download it, open it up, grant it root permission and run the app. The app will do all of the hard work for you and it will install MultiRom for you. Once it is done reboot your tablet. Since your stock rom won't have the reboot option i recommend downloading "quickboot" from the Google Play Store. This app requires root access but it will allow you to quickly reboot your tablet, boot into recovery, or boot into the bootloader.

    When you are booting up after installing multirom you need to click on your tablet as MultiRom is counting down. The only Rom that will be listed is "internal" (because you haven't installed any other roms) go ahead and boot into "internal" by clicking on the boot button.

    IMPORTANT NOTE: it is very important to boot your internal (stock rom) at least one time before you flash/add another ROM with multirom manager. MAKE SURE YOU DO THIS!

    Okay so now you should have MultiRom Manager installed. That was easy right!?

    STEP 3: Download the neccessary files for your Nexus 7 2013 model FLO Tablet.

    Now i have tested this specific version of CM 11 for my Nexus 7 32GB 2013 model FLO (wifi only) tablet. This hacked up version of Cyanogenmod 11 is a bit different than the nightlies and is the only version of cyanogenmod that i found that could work with the kernel for Kali Pwn Pad.

    If you have a N7 2012 then you can use SmoothRom v5.2 for your 2012. I will write up another tutorial for the N7 2012 tablets but for now this is for the people with the N7 2013 2nd edition tablets.


    Here is a link for the specific cyanogenmod 11 rom that will work with Kali Pwn Pad.

    http://xdaforums.com/showthread.php?t=2545628

    that is a link for the thread...


    *UPDATE*

    It has come to my attention that the CUSTOM CyanogenMod (CM) project that XDA member Bruce2728 is running has been updated. So when i told you to download the specific "cm-11-20131213-bruce2728-odexed-flo.zip" zip file it will no longer be available. You should be able to do this tutorial with any of his updates and it should work just fine. As of right now the current zip available is "cm-11-20131217-bruce2728-bricked-linaro-flo.zip". Do not let the "bricked" scare you into not trying it...



    NOTE: okay so i decided to go ahead and upload the exact zip file that I used with my installation of KaliPwnPad v0.5. Here is a link for the cm11-20131213-bruce2728-odexed-flo.zip. You can download it here -> http://www.filedropper.com/cm-11-20131213-bruce2728-odexed-flo The newer versions of Bruce2728's custom CM11 ROMS should work just fine but if you feel more comfortable using the exact ROM that i used then feel free to download from the link above.



    Please note that specific thread is an on going project and will most likely be updated on a regular basis. I have also gotten Kali Pwn Pad to work on the "Ice Cold ROM Project" which runs on Android 4.3.1 if you would feel more comfortable using that ROM. I will make a note of it on PAGE 2 or 3 of this thread please look for it if you are interested in using Ice Cold ROM. The whole process will be the same you will just use ICE COLD ROM and a slightly different kernel.

    I would suggest you try Bruce's custom CM 11 Project for the stability of CM, plus if you have MultiRom installed on your N7 device it is almost impossible to hurt your system. If anything goes wrong just boot up in TWRP recovery and delete the rom -> "FROM LIST ROMS".


    Here is a direct link to download the files that you need for that specific CM 11 Rom. Make sure you also download the PA (paranoid android) google apps zip that is in this directory link:

    http://bruce2728.mabsoft.dk/CM-11/

    Now when you are looking to download the CM11 ROM make sure you click on the directory "FLO". If you have a N7 2013 your model tablet is FLO.

    There are a couple of ROM zip files in the FLO directory. The one that you want is the cm-11-20131213-bruce2728-odexed-flo.zip

    Make sure you download that exact zip file.


    Another good file to download is the SuperSU zip file which you may need. You may be able to install SuperSu without the zip but lets download it just in case.

    Here is the link: http://download.chainfire.eu/370/SuperSU/UPDATE-SuperSU-v1.80.zip


    UPDATE:
    There has also been an update with the SuperSU zip file. I believe the new version of SuperSU is 1.86. Always go with the newest version of SuperSu.



    Okay so you should have downloaded these files:

    1. cm-11-20131213-bruce2728-odexed-flo.zip

    2. pa_gapps-full-4.4-20131119-signed.zip

    3. UPDATE-SuperSU-v1.80.zip



    The first file is the android 4.4.2 custom CyanogenMod ROM.

    The second file is a full google apps zip from the paranoid android rom

    The third file is the updated supersu zip which is a stable SU binary used for rooting your tablet.


    Okay so lets move on...


    STEP 4: INSTALLING CUSTOM CM11 ROM...

    Okay now that we have those files downloaded (remember where you downloaded them, download folder maybe?) lets boot into recovery manager. Open up your quickboot app that you downloaded and boot into recovery manager.

    TIP: When your tablet is booting up MultiRom loads first. When you tap on your tablet to stop the countdown you will see a button that says "MISC" in the top right corner. If you hit that button you can boot into recovery or reboot your tablet from MultiRom.

    Now in recovery manager which works hand in hand with MultiRom you are going to want follow these steps:

    1. Hit the Advanced button

    2. Hit the MultiRom button

    3. Add Rom

    4. When you hit "add rom" you will have a few options, you want to select "add zip". Choose the cm-11-20131213-bruce2728-odexed-flo.zip file to flashed.

    5. Once that is done flash the zip by sliding the bottom button from left to right.



    Okay now after you flash the zip you should see "ZIP FLASHED SUCCESSFULLY".

    Now what you want to do is hit the back button till you get to the main recovery page.


    Next step adding Google Apps from TWRP recovery manager:

    1. advanced

    2. multirom

    3. list rom

    4. now that you have flashed CM11 you should see a ROM under "internal". Remember "internal" is your stock rooted nexus 7 rom.
    click on the CM11-bruce rom

    5. click flash zip.

    6. pick the pa-gapps.zip file.

    7. slide the button to flash the zip.


    HIT THE BUTTON TO REBOOT YOUR SYSTEM.

    SIDE NOTE: many people will suggest to wipe dalvik/cache and it doesn't hurt and a lot of times is a good option. You may not need to do this but you may need to if you have problems adding SUPERSU to your newly added CM11(bruce) Android ROM. If you do want to wipe your dalvik and cache for your added CM11 rom make sure you do under "list roms" click on CM11-bruce-odexed and choose the wipe dalvik/cache button.

    NOTE: if you don't choose your CM11 rom you will wipe dalvik and cache for your stock "internal rom".



    Okay so now that your Nexus 7 is rebooting you need to tap on your device to stop the countdown from MultiRom. You want to select your newly added "CM11-bruce-odexed" rom and hit BOOT.

    SET UP YOUR DEVICE and make sure GOOGLE PLAY STORE IS RUNNING CORRECTLY:

    IMPORTANT TIP: if the google play store stops working try rebooting your system. If that does not work and your google play store is giving you an error 920 code then you need to close the google play store. go to settings -> apps -> all apps. Click on Google Play and wipe data and cache. After that you need to click on GMAIL and wipe data and cache.

    WIPING THE CACHE and DATA on GMAIL will fix problems with the GOOGLE PLAY STORE especially error code 920.



    STEP 5: ADD SUPERSU TO CM11.

    Now CM11 comes already prerooted but you will need to install SuperSU in order to get many of the apps for Kali Pwn Pad to work correctly. If you had SuperSU already downloaded from the Google Play store i would uninstall it first (dont run it first) and then reinstall it from the google play store. Open up the App and it will most likely tell you that you need to update the SU binary. Choose to do that with a normal install and the SuperSU app should tell you that you have successfully installed the SUPERSU but we need to check. After the first install of SUPERSU you need to reboot your CM11-bruce rom in order for the new SuperSU binary to take effect! THIS IS VERY IMPORTANT MAKE SURE YOU REBOOT FIRST AFTER YOU FIRST INSTALL SUPERSU.

    Okay so try opening an app that needs root such as busybox free. If you do not have busybox free download it from the google play store.

    If the SUPER SU notice pops up asking for root access then you have it working and you can move on.

    If you get an error (which you probably will, i did) saying that there was a problem with SU and it could not get root access then what you need to do is boot into recovery and wipe dalvik and cache for your CM11 rom. Make sure you do it in TWRP under "list roms" and that you wipe the dalvik and cache for the correct CM11-bruce-oxdeded ROM and not your INTERNAL ROM.

    Once you wipe dalvik and cache for your CM11-bruce ROM the Android System will rebuild itself. Once the boot it back up, try running busybox free or any other app that needs root. Did a SUPERSU notice pop up? If it did great!

    If you get another error try uninstalling SuperSU boot back into recovery wipe dalvik and cache and then boot the CM11-bruce ROM back up and try downloading and installing SuperSU from the google play store. Reboot and and once the system has rebooted try running an app that needs root. If you get the SuperSu notice you are in business!

    If you get another error then you can try this...

    Boot back up into recovery. In CM11 you can just hold the power button and you should have an option for reboot. Hit the reboot button and you should see an option for recovery. Hit recovery and it will boot your tablet into TWRP recovery. If you do not see that option then you need to go into SETTINGS -> ABOUT TABLET -> CLICK ON BUILD NUMBER 7 TIMES. ONCE DEVELOPER OPTIONS IS ENABLED GO INTO DEVELOPER OPTIONS AND SELECT "ADVANCED REBOOT" THIS WILL ENABLE THE ADVANCED REBOOT OPTIONS FROM THE POWER BUTTON.

    Okay so now you are in TWRP recovery...

    Go to ADVANCED -> MULTIROM -> LIST ROMS -> Select the CM11-bruce ROM -> CLICK ADD ZIP -> SELECT THE UPDATE-SUPERSU.ZIP AND FLASH IT FROM RECOVERY.

    Now reboot your system and you should have SuperSU installed on your system. Check this by running an app that needs root. Such as titanium backup, or any other.

    Now you have successfully added SuperSU, we will be moving on...

    STEP 6: INSTALLING BINKY BEAR'S CUSTOM KERNEL BASED OFF OF ELEMENTALX V2.2

    Binky Bear who has done us all a huge favor has tweaked the ElementalX kernel in order for us to use usb wifi devices such as the ALFA AWUS036H or the TP-LINK TL-WN722N. Without this kernel working with USB wifi devices such as those would not be possible and USB OTG + HOST CHARGE would not be possible.

    Before you flash Binky's custom kernel you should make a note of your current kernel. Go to SETTINGS -> ABOUT TABLET -> and look at the kernel. Write it down because after you flash Binky's kernel we need to make sure that the kernels have changed.


    With my experience the TP-LINK TL-WN722N works best. I had a lot of trouble with the ALFA AWUS036H but many people were able to get it to work.

    ***UPDATE***
    I was finally able to get my ALFA AWUS036H device to work with Nexus 7 and the issue ended up being power. In order to use your ALFA you have to have enough power to operate it. I have gone into great detail on how to get your ALFA AWUS036H working on page 10 of this thread. Please look at it and look at the picture on page 10 or at the bottom of this post and take notice on how i setup my OTG cables. Instead of using a Y-SPLIT OTG cable i use a single OTG cable and connect it to a USB HUB. My ALFA goes into the USB HUB which is getting power from a powerbank with 2.2A output. Please check out page 10 for more information...
    .

    Here is a link if you want to order the TP-LINK TL-WN722N from amazon. It only runs around $15 which it is totally worth it!

    http://www.amazon.com/TP-LINK-TL-WN722N-Wireless-Adapter-Detachable/dp/B002WBX9C6


    Here is a picture of my TP-LINK TL-WN722N USB WIFI device working with my Nexus 7 2013 Model FLO working with Kali Pwn Pad and the linux program "WIFITE".

    SpfDl9H.jpg



    Okay so lets move on to flash Binky's Kernel based off the ElementalX kernel. If you would like a link to the ElementalX kernel here is the XDA thread. LINK -> http://xdaforums.com/showthread.php?t=2389022


    So the first thing you are going to need is to download the Kernel. Here is the link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/18/

    Now once you open that link you will want to go to the section "Custom Kernels". Now since the CM11 Rom you installed is running Android 4.4.2 you will want to download the custom kernel for android 4.4+ under "Nexus 7 2013" make sure you download the kernel for your correct device.

    While you are at it Download the Kali Pwn Pad v0.5 file. Here is the description: update-kalipwn-v05.zip = 1.14 GB | Update 8 DEC | Confirmed working on Android 4.4+.


    IMPORTANT NOTE: Make sure before you flash this kernel in TWRP that your tablet is plugged in to power! REMEMBER THE NOTICE I TYPED ABOVE.


    Once you are done downloading that kernel and Kali Pwn Pad v0.5 you will need to boot into recovery again. Once you are in recovery make sure you go to -> ADVANCED -> MULTIROM -> LIST ROM -> SELECT CM11-BRUCE ROM -> ADD ZIP

    Now when you go to add the zip file you will want to select the el-kitkatkaliflo2.2.zip file. Now when you start to flash that zip file you will be greated with a ELEMENTALX picture and a nice and easy to follow menu of options.

    Now Binky's kernel based off ELementalX v2.2 is pretty straight forward you can just choose mostly the default options that come up. When you get to CPU GOVERNOR choose "on demand" and when you get towards the end i choose the options for:

    option: USB FAST CHARGE

    option: exFAT file system

    option: USB OTG + HOST CHARGE (this is very important!)

    Follow the steps and when it is done hit finish. Now you should see in TWRP "zip successfully flashed" and you should be able to hit "reboot". Now there could be a chance that your tablet turns off after flashing the kernel and you may be able to turn your tablet back on "by pressing the power button" if you can't get it to power back on dont worry. Just hold down the power button and your tablet will reboot and you can boot back into your CM11-bruce ROM from MultiRom.

    Even if your tablet turns off after flashing the kernel you will still have installed the kernel,so don't panic. After you reboot your tablet and you have booted up CM11-bruce make sure the kernel has changed by going to SETTINGS -> ABOUT TABLET -> LOOK AT KERNEL.

    DO YOU SEE VX@VIRTUAL-MACHINE #1? If you do you have successfully installed Binky's kernel!!

    If you see that kernel in your "ABOUT TABLET" then you are all good and you can now move on to flashing Kali Pwn Pad v0.5 to your Nexus 7 system!!!


    STEP 7. FLASH KALI PWN PAD v0.5 TO YOUR TABLET.

    So we have come a long way and we are almost there...

    AGAIN MAKE SURE YOUR TABLET IS PLUGGED IN TO POWER ESPECIALLY FOR THIS STEP!


    Now that we have successfully flashed Binky's kernel we need to flash the KaliPwnPadv0.5 zip file that we downloaded from this link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/18/

    Okay so lets boot back up into recovery.

    Now that we are in Recovery go to -> ADVANCED -> MULTIROM -> LIST ROMS -> SELECT CM11-BRUCE -> ADD ZIP.

    You are going to select the update-kalipwn-v0.5.zip file that you downloaded earlier.

    WARNING: this file will take about 30 minutes to flash. you are going to want to keep and eye on this file. if at all possible do not let TWRP time out and turn off the screen. You can avoid TWRP turning off your screen from an idle timeout by clicking on your tablet's screen once a minute. I know it may seem like a lot but it is best and easier to avoid the screen from turning off from an idle timeout. If your tablet does turn off from an idle time out if you are on POWER you should be able to turn the screen back on by just clicking on the power button and swiping the bottom of your tablet from left to right to unlock it.

    Okay now that KaliPwnPadv0.5 is flashing you will just have to wait for it to finish...

    It does take about 30 minutes for this big file to flash. Now you will see the progress bar filling up. When the progress bar is full don't worry that the zip isn't done flashing. It may take 5-7 minutes after the progress bar is full for the zip file to finish flashing.

    Okay so once you see the kalipwnpadv0.5 zip file is about done flashing you are going to want to look for this line "zip successfully flashed". When this file was done flashing at the very last line i received and error..

    The error i received was "unable to load ramdisk" and then i got a message on the top screen which said "Error: unable to flash zip". Don't worry this will not affect your system, it did not to mine.

    However, not everyone got this error, some people were able to flash the kali pwn pad v0.5 zip without error. I just want you to know that if you do get this error not to worry.

    Once the file finished regardless if you got "zip file flashed successfully" or "unable to load ramdisk" error you will need to reboot your tablet.


    NOTE: If you want, if you did get the "unable to load ramdisk error" you could boot your CM11-BRUCE ROM back up, boot into Recovery again and try flashing the kalipwnpad v0.5 zip again and you may not get the error the second time. Just a suggestion...its up to but like i said that error "unable to load ramdisk" should not affect your system.


    Now click on multirom to stop the countdown and select your CM11-BRUCE Android Rom.


    WHEN YOU BOOT YOUR CM11-BRUCE ROM YOU SHOULD SEE THE MESSAGE "ANDROID IS UPGRADING" AND YOU SHOULD SEE ABOUT 40 APPS THAT ARE BEING UPGRADED.

    This is a good thing! It means that Kali Pwn Pad took and the apps are being added to your system! Now what you are going to want to do is try out a few apps. The first one i did was change VNC password. Click on the app "configure kali" from your apps menu and choose "change vnc password" the password needs to be 8-characters long. Choose a new pass and then choose the option to boot vnc server. Pay attention to what port number the vnc server starts on, such as 5900 or 5901 or 5902. Once your VNC server is running you can use "androidvnc" from the google play store to boot into kali linux which is running xfce4.


    GOOD TIP ABOUT VNC SERVER AND VNC APP:
    If you want to use a usb keyboard or any external keyboard with your VNC session then you will need to use another VNC application because AndroidVNC does not support external keyboards and it has not been updated since 2011. A good choice for a VNC application that supports keyboards is MultiVNC which can be found on the Google Play Store. Do yourself a favor and download it!


    PAY ATTENTION TO THIS IMPORANT NOTE!!

    IMPORTANT NOTE: if you had terminal emulator on your device before you flashed kali pwn pad you will need to delete it and reinstall it for kali pwn pad to work correctly. If you get an error from trying to run any of the shell script apps such as "config kali" you need to delete terminal emulator and reinstall it. Reboot your ROM and you should be fine.


    What you need to get the most out of your new penetration testing tablet:

    List of Tools:

    1. USB WIFI DEVICE -> TOP PICK: TP-LINK TL-WN722N (this usb wifi device worked great for me and i love it!) When i get my ALFA AWUS036H working i will let you know how i did it but for now get this usb device! I gave a link above on where to get it from amazon!

    2. USB OTG CABLE w/ POWER!: This is a must have! Many people have reported not being able to get their usb wifi device to work because they did not have an OTG cable that allowed power to be plugged in. This means their usb wifi device was not getting enough power so it could not be used. Here is a link from amazon on where to get the cable.

    LINK:
    http://www.amazon.com/Micro-Cable-Power-Nexus-Galaxy/dp/B00CXAC1ZW?tag=5336432715-20


    3. USB BLUETOOTH SIGNAL BOOSTER: hands down best for this is the "ubertooth" from the hacker store. I have just ordered this and i can't wait till it gets here! As soon as i get it i will let you know how it works and add the steps on getting it working to this tutorial. Here is the link.

    Update Ubertooth-One Now Working On Kali PwnPad:

    I can confirm that ubertooth does work in fact work with Kali PwnPad. You can now use the Parani-UD100 / Parani-UD100 G03 with Kali PwnPad and you can in fact use Ubertooth with Kali PwnPad. In order to add bluetooth support to Kali PwnPad you need to download Binky's latest kernel which is based on elementalx v2.6 and flash the zip file in twrp recovery.

    How to setup bluetooth + ubertooth-one:

    Links on how to setup bluetooth and ubertooth-one are on PART II of the tutorial:


    Link:
    http://hakshop.myshopify.com/products/ubertooth-one



    TUTORIAL WILL BE CONTINUED ON NEXT POST!!!

    -droidshadow
    19
    Tutorial continued...

    STEP 8: GETTING YOUR USB WIFI DEVICE WORKING WITH KALI PWN PAD.

    here is how i got my usb wifi device to work with kali pwn pad. Okay the only one i was able to get to work first of all is the TP-LINK TL-WN722N but if you check out BENE from the zetaboards forum he has gotten 2 other usb wifi devices to work. Here is a link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/18/


    *UPDATE*

    Okay so if anyone of you have been reading my posts of the zetaboards forum then you might know that I have been having trouble getting my ALFA AWUS036H USB Wifi Device to work with Kali Pwn Pad. Now others have been able to get their ALFA device to work with Kali Pwn Pad but I have not..

    As of recent i have made some advances in getting my ALFA to somewhat work but still the best device is the TP-LINK-TL-WN722N. If you want to try your ALFA make sure you delete the app "pcap capture" that app will block the ALFA from working and coming up as the wlan1 interface. Also try unplugging and plugging in your ALFA to your USB OTG Cable. Another very big important tip is that the ALFA has to be into power so you need an OTG cable that has a Y-SPLIT which you can plug in a charging cable to. As of right now for my ALFA i can get "wlan1" to come up but i am having some "SIOCFLAG" issues which i will eventually work out. When i do get my ALFA working i will post exact instructions on how to fix any issues you might come across with the device. Remember...others have been able to get their ALFA to work just fine so it may just be my device. For right now though i would definitely recommend getting the TP-LINK USB Wifi device it works amazing. Two days ago i switched my home router from WPA2 to WEP encryption and my Nexus 7 + WIFITE + TP-LINK was able to crack my home router within 5 minutes!



    Continued...

    Okay so what i did was first boot up the CM11-bruce rom. After the boot finished up i would plug in my USB OTG CABLE with my nexus 7 charging cable into my OTG cable (power plug) and my usb wifi device (TP-LINK TL-WN722N) into the other Y-cable adapter plug. I have had success plugging in my OTG cable after the ROM boots. For some reason if i try to plug in and boot the ROM with the OTG cable plugged in my usb wifi device will not come up! so please pay attention to that...

    IMPORTANT: NOTICE THAT I PLUG IN MY OTG CABLE AFTER MY NEXUS 7 HAS BOOTED UP AND I AM KALI LINUX.

    9P1EOIC.jpg




    Okay so your ROM is booted up and your USB WIFI Device is plugged in now how do you connect it? First log into Kali Linux with any of the apps. I like to choose the app "configkali"and then choose "start vnc server". After the vnc server starts you are chrooted into Kali Linux. First check to see if wlan1 is available with the command in terminal emulator "ifconfig"

    If you run "ifconfig" and you only see wlan0 then you need to run the command "iwconfig". If you run "iwconfig" you should see wlan1 available.

    If you see "wlan1" when running the command "iwconfig" then you can load the interface by running the command "ifconfig wlan1 up".

    After you run "ifconfig wlan1 up" you should see this:

    AeN0K8v.jpg



    Once wlan1 is up and running you can run any of the apps such as "Wifite" and "Kismet" to fully utilize your usb wifi device!!

    Now for the app "kismet" you may have an issue with a small screen size which Binky has issue a zip file fix which you can download here:
    http://d-h.st/YgC

    Once you download that kismet zip file fix you just need to flash it in TWRP recovery manager. Just make sure that you flash it to your CM11-bruce ROM from the section "list roms" which you should be a pro by now!!


    Now there are some small errors with certain apps on Kali Pwn Pad which can be fixed quite easily with a text editor. If you are going to fix these small issues which can be done very easily with nano i would suggest that you do it in vnc with xfce4 it is much easier that way. Here is a link on the zetaboards forum thread on those issues and how to fix those problems...

    SMALL FIXES LINK:

    http://w11.zetaboards.com/Pwnie_Express/single/?p=8259168&t=9369003


    Well that is about it...
    @binky

    I would really like to thank Binky Bear for all of his hard work. Brother this would not have been possible if it wasn't for you. You have put so much time in this project and we all owe you so much. I have loved turning my Nexus 7 Tablet into a penetration testing machine, and thank you for saving me over $1,000 dollars as compared to the Pwn Pad tablet! Binky I would really like to take this time thanking you for all of the extra time you took to help me with all of the responses and answering all the questions i had. Binky I wrote this tutorial for you to reference to try and make your life easier and you have done so much for all of us.

    People if you get a chance, go by the zetathread forum and make sure you thank Binky!
    @BENE

    Bene i would like to thank you also for all of the testing that you have done to make sure Kali Pwn Pad did in fact work on the 2013 Nexus 7 tablet device. Bene i would not have been able to put Kali Pwn Pad on my tablet if it was not for you and Binky. Bene you pointed me in the right direction by pointing me to the custom CM11-bruce ROM and all the advice and tips you gave me made this possible. Thank you for taking time to help me and I want you to know just how much i appreciate your help.

    I would like to thank everyone else who helped me...you know who you are! I am just very tired of typing at this point! :cowboy:

    Well i hope this tutorial has been helpful to you and i will be updating it regularly! If you have any questions please let me know and I will be happy to assist you! If this tutorial has helped you please give me a thanks to show your appreciation!

    Have fun with your now new penetration testing tablet! Make sure to also show your thanks to Binky! He is the man!

    Have fun!

    -droidshadow
    18
    Tutorial continued...

    After seeing all that text...man that is a very long tutorial. However, i really tried to be as detailed as possible and really give you as much as i could step by step instructions. If anything is confusing you please let me know so that i can either fix it, edit it, or elaborate a bit more.


    ***UPDATE***

    Okay so one thing I forgot to add to the tutorial is a way for you to check which usb devices are connected to your tablet through the Kali Linux chroot environment. For those of you who are Linux users when you read this you will probably be thinking oh ya i remember that command! So lets get started...

    Now when you are connecting usb devices such as your usb wifi adapters for example your ALFA AWUS036H (RTL8187) or your TP-LINK WN722N or finally your Alfa AWUS036NHA you may in the beginning have trouble getting your usb devices to show up on Kali PwnPad. There is however a very nice program in Linux to help you troubleshoot connecting your usb devices by showing you which devices are connected to Kali PwnPad so you can see where you are having troubles. The program/command that I am talking about is "lsusb".

    For those of you who don't know what that command is or does, lsusb stands for list usb and it will show you what usb devices are connected to your Kali PwnPad linux system. I was very happily surprised to see that this command would actually work in a linux chroot environment especially with Android as the host operating system but it works amazing!


    How to install...

    Okay so in order to install lsusb on Kali PwnPad we need to install just one package. So when you are in chroot Kali PwnPad environment, (you can do this by clicking config kali and hit 0 to exit the menu) this will bring you to a command line prompt you should see root@localhost at your command line prompt, just run this command -> "apt-get update" then run "apt-get install usbutils". Now if the second command does not work then try running "apt-get install usbutil" i am almost 100% sure that the usbutil(s) has an "s" at the end but it may not so try "apt-get install usbutils" first and if that does not work try usutils without the s on the end.

    That is it... very simple right!?


    So when you instal that package you can now use the command "lsusb" and others that are in that package but i will only be discussing lsusb here. When you run lsusb you should see whatever usb device you have attached. If you are using an OTG cable with a Y-SPLIT for power hosting then you will most likely only have one usb device attached so when you run lsusb you will only see one usb device obviously. Now if you happen to be using a usb hub like the one i posted in my picture at the bottom of the tutorial on page one or at the bottom of this post, when you run lsusb you will see all usb devices attached and you will also see your usb hub attached as well! If however when you run lsusb you don't see any usb devices listed and you don't see your cflex usb hub listed then you know that you have a problem somewhere. You either have a bad OTG cable, a bad cflex usb hub, or you are not getting enough power to your USB devices so they are not working because of power issues.


    Problems with connecting more than one usb device:

    The two most common problems I see that people get when trying to attach more than one usb device is that one, they are not setting up their usb hub/cables correctly so try moving things around and switching cables around till you find a setup that works. The second issue/problem I see that people make is that they are not getting enough power to their usb devices so their usb devices are not turning on, hence they can not be attached because there is not enough power for them to work. This power issue is a big issue with ALFA products. ALFA products require more power to work than say the TP-LINK. This is why i recommend people to start off with the TP-LINK as it is much easier to setup because it requires much less power to work versus the ALFA products.


    Tip on which powerbank to get for your Nexus 7:

    Okay so some people have asked me which powerbank should they get for their Nexus 7 when they are trying to connect their usb devices and be mobile at the same time. Powerbanks work great with the Nexus 7 and with Kali PwnPad so you don't always have to be plugged into a wall outlet in order to power your usb devices. One big recommendation for which powerbank to get is one that has at least a 2A output. You need at least 2A output in order to get enough power to get your ALFA's to work properly. If you are just going to use a TP-LINK then any powerbank will work just fine for the most part. Okay so another big recommendation for your powerbank is that it have at least 2 usb plug-in outputs. This will just make life a lot easier for you. When you look at your powerbank for the most part one output will say 0.8A or 1A and the second one will say 2A. When you are trying to power your usb devices make sure your usb hub is plugged into the usb option on your powerbank that says 2A. This will give you enough power for your devices. My powerbank has 3 usb output options 2 usb outputs are 1A and the 3rd is 2.2A. That kind of powerbank works great with Kali PwnPad + ALFA products but a 2A output will do just fine. I have tested on two other powerbanks with 2A output and they worked just fine with both Alfa's mentioned above.


    Output for lsusb:

    Okay so when you run lsusb you should see all usb devices attached and you should see your usb hub (if you are using one) listed in the output as well. Later on today I will post a picture of the output so you can see first hand what it looks like. Later today i am going to be flashing Binky's new kernel based off of elementalX v2.6 which has added bluetooth support. I will let you all know how my Parani-UD100 usb bluetooth adapter and my ubertooth (should be here by Monday) works with lsusb, and if the usb bluetooth devices are showing up on the lsusb output. I will also be writing a separate post on how to setup ubertooth and the parani-ud100 with Kali PwnPad as well.

    IMPORTANT NOTE:


    At the bottom of the post I am uploading a picture of my 2013 Nexus 7 with my cflex usb hub along with 2 usb wifi devices, one ALFA AWUS036H, and my TP-LINK WN722N. Please study the picture and see how i setup my cables as it might help you when it comes time to setup your cables.
    If when you setup your OTG cables and your usb hub if your usb devices are not showing up try unplugging your OTG cable and plugging it back in and see if that helps. Try rearranging the cables for different combinations until you find one that works. If that does not work try a restart and see if that helps... Bottom line is it will work but it may take you a few tries until you find a combination that works for you. SO DO NOT GIVE UP, YOU WILL GET IT!


    UPDATE: HOW TO CONFIGURE BLUETOOTH + UBERTOOTH-ONE:

    Okay so if you want to configure bluetooth on kali pwnpad then go to this link here and look for my detailed post on how to setup bluetooth. Here is the link -> http://xdaforums.com/showthread.php?t=2577356&page=16

    If you want to learn how to setup ubertooth-one on kali pwnpad then go to this tutorial -> http://ubertooth.sourceforge.net/usage/build/

    For that ubertooth-one tutorial make sure you do all steps that apply. Some steps by not work because this is linux in an android environment but just keep moving ahead with the rest of the tutorial. I followed this tutorial exactly and ubertooth worked great on kali pwnpad. If you want to use the GUI ubertooth program which shows a graph of bluetooth analysis then obviously you need to be in a VNC session.

    All other ubertooth programs can be ran from terminal emulator once you are in Kali Linux in a chroot environment.

    If any of you are unfamiliar with VNC and want to learn how to setup VNC manually on Kali Linux (even though binky has taken care of this in his config kali app) you can learn how to setup VNC from this post ->
    http://xdaforums.com/showthread.php?t=2577356&page=14


    I hope this post will help you with your USB devices and any troubleshooting that you may have to do. Also I will let you all know very soon how Binky's new kernel based off of elementalX v2.6 works out since he added bluetooth support so we can start doing some bluetooth hacking and bluetooth packet injection with the parani-ud100 and the ubertooth! Again please study the picture at the bottom of this post to help you out with setting up your OTG cables. Please notice that I am using a single OTG cable with no y-split to connect to my cflex usb hub. Again i hope this has helped you out and be on the look out for my updates on the new kernel from Binky and how bluetooth support works out. Keep your fingers crossed that the bluetooth support added to Binky's new kernel works out without any issues! I will let you all know very very soon!

    Thank you all for your continued interest and support for Kali PwnPad and for this thread but most of all THANK YOU BINKY for giving us all such a great penetration testing system for our Nexus 7 devices. We all owe you so much Binky. thank you again!


    -droidshadow
    4
    @rulk

    Hey i am glad that you like the tutorial! People have reported getting the internal broadcomm wifi chipset that is built into the Nexus 7 tablet to work with monitor mode. So you technically could use wifite and aircrack-ng with your tablets built in wifi. The only problem with that is that you will loose all internet connection once you put your internal wifi cad into "monitor mode"

    If you get an OTG Cable with multiple Y-Cables you could plug in multiple usb wifi adapters...

    There is one gentleman on the other zetaboards forum that has multiple usb wifi adapters (multiple ALFA's) that you could check out...

    I just ordered a different ALFA NOT THE AWUS036H that has the RTL8187L chipset the ALFA i ordered i believe has an ATHEROS chipset i believe, and once i try it out I will let you know how it works,,,

    Have fun brother, and let me know if you have any questions!

    -droidshadow
    3
    Oh which latest kali rom are you talking about?...

    Can you give me a link?..

    -droidshadow