[GUIDE] Convert Your Nexus into KaliPwn Phone

Search This thread
By:
Advanced…
tehSecret

tehSecret

Senior Member
Jul 28, 2012
95
53
david makarove said:
Hey , thanks for the OP for this awesome guide
Actually i don't own nexus 5(i wish i got one)
anyway, this Kali project is interesting
But i didn't really got what is it exactly
is it full ROM with Kali toolset or what ?
Can you please explain it to me ?
Thanks in advance :)

sent from unknown place using unknown app
Click to expand...
Click to collapse

This thread shows you how to build your own custom kernel for Kali as well how to install kali via Linux deploy. Another method is just to flash the nethunter zip file for the n5. That zip contains all the libs and files necessary to run Kali in chroot. You can find it at nethunter.com. Remember to go thru the initial setup of your ROM first before you flash the zip.
 
  • Like
Reactions: david makarove
iliass01

iliass01

Senior Member
Feb 19, 2014
157
34
tehSecret said:
This thread shows you how to build your own custom kernel for Kali as well how to install kali via Linux deploy. Another method is just to flash the nethunter zip file for the n5. That zip contains all the libs and files necessary to run Kali in chroot. You can find it at nethunter.com. Remember to go thru the initial setup of your ROM first before you flash the zip.
Click to expand...
Click to collapse

You don't need to go through the initial setup. At least it did work for me without doing it ?
 
  • Like
Reactions: david makarove
tehSecret

tehSecret

Senior Member
Jul 28, 2012
95
53
iliass01 said:
You don't need to go through the initial setup. At least it did work for me without doing it ?
Click to expand...
Click to collapse

The first time I flashed NH on a clean install , without doing the initial setup , it worked. I tried it again a few days later, without going thru the initial setup and I got all kinds of "files not found". I only posted that step to ensure success and I also read elsewhere to include that step. If you flash NH over an already configured ROM you should be good to go. That step is probably just to ensure that everything gets settled in before throwing Kali on top of a clean install.
 
  • Like
Reactions: david makarove
T

td32

Senior Member
Nov 17, 2013
100
33
chiragkrishna said:
You can build the lollipop kernel... Its same instructions... Just download lollipop kernel source...
Click to expand...
Click to collapse

i got this error

0GLoL2X.png


tried it twice and it still gets stuck over there
From what i see around, it seams that a wrong path is set.

EDIT:
fixed it

replaced the paths with

Code: 
$ export PATH=$(pwd)/prebuilts/gcc/linux-x86/arm/arm-eabi-4.6/bin:$PATH
$ export ARCH=arm
$ export SUBARCH=arm
$ export CROSS_COMPILE=arm-eabi-

here is the boot.img, lolipop kernel for Alfa AWUS036H
pwnlolli-td32.img SHA1:d2516bc15a546467a971869e93b5b2887801b180
Code: 
http://d-h.st/htH5

if you need only the aircrack tools just get the aircrack for android(someone has build it for android)
Code: 
https://github.com/kriswebdev/android_aircrack
 
Last edited:
iliass01

iliass01

Senior Member
Feb 19, 2014
157
34
So, I tried this guide all day from top to bottom, but with no success... I tried it on both CyanogenMod 12 and Stock 5.0.1 with a TP-Link WN722N Wireless Adapter (the one with the ath9_k drivers).

For CyanogenMod 12 I tried this and this kernel source. And for Stock 5.0.1 I used the stock kernel source from google. All the kernels booted after compiling

I first enabled the given settings in the make menuconfig. Then I get to compile the kernel without errors. After flashing the kernel I add the firmware files to system/etc/firmware, changed permissions and reboot. Then I install Kali Linux in Linux Deploy and SSH to it via Terminal Emulator. But there are a few weird things:

1. When I use the "ifconfig" command the adapter won't show up. Only wlan0.
2. When I try to use "lsusb" it says " Command not found" tried to install it via " sudo apt-get install usbutils" but it gives me another error afterwards.
3. When I try to use one of Kali's feature's (like " sudo airmon-ng") it also says command not found...

So what am I doing wrong? Who can help me setting this up?

Sorry if I'm asking noob questions... This is the first time I compiled kernels.

Thanks in advance!
 
p4rot

p4rot

Senior Member
Jan 5, 2013
537
319
Kali nethunter exist and the setup is a lot easier

Sent from my Nexus 5 using XDA Free mobile app
 
  • Like
Reactions: Nolfer
M

matusala

Senior Member
Oct 19, 2014
297
128
I installed official build from here https://www.pwnieexpress.com/products/pentesting-community-editions
Works like a charm. Now i will buy OTG cable + WN722N.

But what is this about? If i compile myself will i be able to install pwnphone on other versions of android? Oficial one is 4.4.2 and can't update.
Will i get all the tools that i have on my oficial build?

Oh and how can i add to the rom sendRawPdu method? I want to be able to send flash (class 0) SMS :)
 
kaluoshi

kaluoshi

Inactive Recognized Developer
Sep 2, 2011
1,452
5,656
South Italy
@chiragkrishna Hey there, awesome guide :)

I have decided to recycle my Nexus 5 for fun, so i bought a TP-LINK TL-WN725N and a TP-LINK_TL-WN722N from amazon. Sad story: the ones i got are V3 EU devices. I literally have tried any way to deploy/install kali (your method, net hunter 3.0, legacy builds from pwnexpress etc.), tried many different kernels, tried 4.4.4, 5.X.X, 6.X.X, 7.X.X, same result "no device found", i do only see the device with $lsusb

Any idea if we can get V3s to work? I can't refund the adapters, is too late lol, i don't really wanna buy a third one, but i will if i have to.

Thanks!

BB
 
S

Slimegod

Senior Member
Mar 12, 2011
2,300
99
iliass01 said:
So, I tried this guide all day from top to bottom, but with no success... I tried it on both CyanogenMod 12 and Stock 5.0.1 with a TP-Link WN722N Wireless Adapter (the one with the ath9_k drivers).

For CyanogenMod 12 I tried this and this kernel source. And for Stock 5.0.1 I used the stock kernel source from google. All the kernels booted after compiling

I first enabled the given settings in the make menuconfig. Then I get to compile the kernel without errors. After flashing the kernel I add the firmware files to system/etc/firmware, changed permissions and reboot. Then I install Kali Linux in Linux Deploy and SSH to it via Terminal Emulator. But there are a few weird things:

1. When I use the "ifconfig" command the adapter won't show up. Only wlan0.
2. When I try to use "lsusb" it says " Command not found" tried to install it via " sudo apt-get install usbutils" but it gives me another error afterwards.
3. When I try to use one of Kali's feature's (like " sudo airmon-ng") it also says command not found...

So what am I doing wrong? Who can help me setting this up?

Sorry if I'm asking noob questions... This is the first time I compiled kernels.

Thanks in advance!
Click to expand...
Click to collapse

How did you fix this error, I'm also facing it.
 
You must log in or register to reply here.

Similar threads

Chromium
[GUIDE] Nexus 5 - How to Unlock Bootloader, Install Custom Recovery and Root
Replies
2K
Views
1M
Lughnasadh
Lughnasadh
abaaaabbbb63
[TUTORIAL] How to flash a factory image | Return to stock | Unroot/SAVE your Nexus 5
Replies
2K
Views
1M
V
vhin09
benkxda
  • Locked
[INDEX] Google Nexus 5 - ROMs, Kernels, MODs, Recoveries, Themes [30 Jul 2017]
Replies
522
Views
925K
karandpr
karandpr
RohanM
  • Poll
Nexus 5 Indian Thread [Pricing, Availability, Reviews, Support and More]
Replies
12K
Views
852K
S
siddlv
caspboy
New GPU Drivers for Nexus 5 || Compatible with Android 4.4 || Updated 8.8.14
Replies
1K
Views
400K
T
Trinitrotoluol19

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 35
    chiragkrishna
    chiragkrishna


    for other devices follow this

    ****i am not responsible for your phone or anything you do with aircrack-ng


    this guide will help you, do what a $1,295.00 PWN PHONE can!!


    2zdumxf.jpg



    ------------------------------------------------------------------------------------------------
    Things You Need
    ------------------------------------------------------------------------------------------------
    1) Nexus 5 (rooted)
    2) OTG Cable
    3) list of USB supported
    .TP-LINK TL-WN722N(confirmed by me & DragonHunt3r)
    .Linksys WUSB600N V2 (confirmed by DragonHunt3r)
    .TP-LINK TL-WN725N V1 & V2
    .ALFA Network AWUS036H
    (if you have other wifi usb then just ask ill try to add it into the guide)
    4) Ubuntu (to compile kernel)





    ------------------------------------------------------------------------------------------------

    PART A
    (Compiling Kernel)

    ------------------------------------------------------------------------------------------------

    Setting up your ubuntu machine
    Code: 
    $ sudo apt-get update
    Code: 
    $ sudo apt-get install oracle-java6-installer
    Code: 
    $ sudo apt-get install git gnupg ccache lzop flex bison gperf build-essential zip curl zlib1g-dev zlib1g-dev:i386 libc6-dev lib32bz2-1.0 lib32ncurses5-dev x11proto-core-dev libx11-dev:i386 libreadline6-dev:i386 lib32z1-dev libgl1-mesa-glx:i386 libgl1-mesa-dev g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc libreadline6-dev lib32readline-gplv2-dev libncurses5-dev bzip2 libbz2-dev libbz2-1.0 libghc-bzlib-dev lib32bz2-dev squashfs-tools pngcrush schedtool dpkg-dev
    Code: 
    $ sudo ln -s /usr/lib/i386-linux-gnu/mesa/libGL.so.1 /usr/lib/i386-linux-gnu/libGL.so
    Code: 
    git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.6/


    create a file /etc/udev/rules.d/51-android.rules (as the root user)
    copy paste the below code and save

    Code: 
    # adb protocol on passion (Nexus One)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e12", MODE="0600", OWNER="<username>"
# fastboot protocol on passion (Nexus One)
SUBSYSTEM=="usb", ATTR{idVendor}=="0bb4", ATTR{idProduct}=="0fff", MODE="0600", OWNER="<username>"
# adb protocol on crespo/crespo4g (Nexus S)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e22", MODE="0600", OWNER="<username>"
# fastboot protocol on crespo/crespo4g (Nexus S)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e20", MODE="0600", OWNER="<username>"
# adb protocol on stingray/wingray (Xoom)
SUBSYSTEM=="usb", ATTR{idVendor}=="22b8", ATTR{idProduct}=="70a9", MODE="0600", OWNER="<username>"
# fastboot protocol on stingray/wingray (Xoom)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="708c", MODE="0600", OWNER="<username>"
# adb protocol on maguro/toro (Galaxy Nexus)
SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", ATTR{idProduct}=="6860", MODE="0600", OWNER="<username>"
# fastboot protocol on maguro/toro (Galaxy Nexus)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e30", MODE="0600", OWNER="<username>"
# adb protocol on panda (PandaBoard)
SUBSYSTEM=="usb", ATTR{idVendor}=="0451", ATTR{idProduct}=="d101", MODE="0600", OWNER="<username>"
# adb protocol on panda (PandaBoard ES)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="d002", MODE="0600", OWNER="<username>"
# fastboot protocol on panda (PandaBoard)
SUBSYSTEM=="usb", ATTR{idVendor}=="0451", ATTR{idProduct}=="d022", MODE="0600", OWNER="<username>"
# usbboot protocol on panda (PandaBoard)
SUBSYSTEM=="usb", ATTR{idVendor}=="0451", ATTR{idProduct}=="d00f", MODE="0600", OWNER="<username>"
# usbboot protocol on panda (PandaBoard ES)
SUBSYSTEM=="usb", ATTR{idVendor}=="0451", ATTR{idProduct}=="d010", MODE="0600", OWNER="<username>"
# adb protocol on grouper/tilapia (Nexus 7)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e42", MODE="0600", OWNER="<username>"
# fastboot protocol on grouper/tilapia (Nexus 7)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e40", MODE="0600", OWNER="<username>"
# adb protocol on manta (Nexus 10)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4ee2", MODE="0600", OWNER="<username>"
# fastboot protocol on manta (Nexus 10)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4ee0", MODE="0600", OWNER="<username>"
    <username> must be replaced by the actual username of the user who is authorized to access the phones over USB.

    Setting correct paths
    Code: 
    gedit android-path.sh
    cope paste the code and save it
    Code: 
    export CC=$(pwd)/arm-eabi-4.6/bin/arm-eabi-
export CROSS_COMPILE=$(pwd)/arm-eabi-4.6/bin/arm-eabi-

export ARCH=arm
export SUBARCH=arm

export PATH=$PATH:$(pwd)/andorid_boot_tools_bin

    Make it executable and source to current terminal window.
    (you need to source it to your current terminal window before you compile)
    Code: 
     $ chmod +x android-path.sh
$ source android-path.sh




    Download Source (any kernel source can be used)

    ElementalX Kernel Source
    Franco.kernel Source
    Android Kernel Source

    using andoid kernel source
    Code: 
    $ git clone https://android.googlesource.com/kernel/msm.git
    Code: 
    $ cd msm/
$ git branch -a
$ git checkout origin/android-msm-hammerhead-3.4-kitkat-mr2
    Code: 
    $ make hammerhead_defconfig
$ make menuconfig

    Adding required drivers

    For TP-LINK_TL-WN722N
    Code: 
    quick look in [URL="https://wikidevi.com/wiki/TP-LINK_TL-WN722N"]wikidev[/URL] will tell you that TP-LINK TL-WN722N uses [URL="http://wireless.kernel.org/en/users/Drivers/ath9k_htc"]ath9k_htc[/URL] drivers

Enabling [URL="http://wireless.kernel.org/en/users/Drivers/ath9k"]ath9k[/URL] drivers in kernel
To enable ath9k, you must first enable mac80211 through make menuconfig when compiling your kernel. If you do not know what this means then please learn to compile kernels or rely on your Linux distribution's kernel. Below are the options you need to enable ath9k through make menuconfig.

[CODE]Networking support  --->
  Wireless  --->
    < * > cfg80211 - wireless configuration API
    < * > Generic IEEE 802.11 Networking Stack (mac80211)
    You can then enable ath9k in the kernel configuration under
    Code: 
    Device Drivers  --->
  [*] Network device support  --->
        Wireless LAN  --->
          Atheros Wireless Cards ---->
            < * >   Atheros 802.11n wireless cards support
            < * >   Atheros HTC based wireless card support


    save and exit menuconfig
    check in your .config file if you have them enable(its a hidden file)

    Code: 
    CONFIG_ATH_COMMON=y
CONFIG_ATH9K_HW=y
CONFIG_ATH9K_COMMON=y
CONFIG_ATH9K_HTC=y
    [/CODE]


    For TP-LINK TL-WN725N V1 & V2
    Code: 
    quick look in [URL="https://wikidevi.com/wiki/TP-LINK_TL-WN725N_v1"]V1[/URL] & [URL="https://wikidevi.com/wiki/TP-LINK_TL-WN725N_v2"]V2[/URL] wikidev will tell you that TP-LINK_TL-WN725N uses [URL="http://wireless.kernel.org/en/users/Drivers/rtl819x"]rtl8192cu[/URL]  & [URL="https://github.com/lwfinger/rtl8188eu"]8188eu[/URL] drivers

To enable rtl8192cu & 8188eu, you must first enable rtl8192cu & 8188eu through make menuconfig when compiling your kernel. If you do not know what this means then please learn to compile kernels or rely on your Linux distribution's kernel. Below are the options you need to enable rtl8192cu & 8188eu through make menuconfig.

[CODE]Device Drivers  --->
  [*] Network device support  --->
        Wireless LAN  --->
          
              [*]   Realtek RTL8192CU/RTL8188CU USB Wireless Network Adapter


    For Linksys WUSB600N V2
    Code: 
    quick look in [URL="https://wikidevi.com/wiki/Linksys_WUSB600N_v2"]wikidev[/URL] will tell you that WUSB600N V2 uses [URL="http://wireless.kernel.org/en/users/Drivers/rt2800usb"]rt2800usb[/URL] drivers

To enable rt2800usb, you must first enable rt2800usb through make menuconfig when compiling your kernel. If you do not know what this means then please learn to compile kernels or rely on your Linux distribution's kernel. Below are the options you need to enable rt2800usb through make menuconfig.

[CODE]Device Drivers  --->
  [*] Network device support  --->
        Wireless LAN  --->
            Ralink driver support   ---->
            < * >   Ralink rt27xx/rt28xx/rt30xx (USB) support  -->
                         < * >   rt2800usb - Include support for rt35xx devices (EXPERIMENTAL) (NEW)
                         < * >   rt2800usb - Include support for unknown (USB) devices


    For ALFA Network AWUS036H
    Code: 
    quick look in [URL="https://wikidevi.com/wiki/ALFA_Network_AWUS036H"]wikidev[/URL] will tell you that AWUS036H uses [URL="http://wireless.kernel.org/en/users/Drivers/rtl8187"]rtl8187[/URL] drivers

Enabling [URL="http://wireless.kernel.org/en/users/Drivers/ath9k"]rtl8187[/URL] drivers in kernel
To enable rtl8187, you must first enable rtl8187 through make menuconfig when compiling your kernel. If you do not know what this means then please learn to compile kernels or rely on your Linux distribution's kernel. Below are the options you need to enable rtl8187 through make menuconfig.


[CODE]Networking support  --->
  Wireless  --->
    < * > Common routines for IEEE802.11 drivers  
    < * > Generic IEEE 802.11 Networking Stack (mac80211)
    You can then enable rtl8187 in the kernel configuration under
    Code: 
    [CODE]
Device Drivers  --->
  [*] Network device support  --->
        Wireless LAN  --->
          
              [*]   Realtek 8187 and 8187B USB support


    save and exit menuconfig[/CODE]

    save and exit menuconfig if you dint do it
    now your ready to compile
    Code: 
    make -j4
    this will take some time to compile

    you should get something like this in the end
    Code: 
    Kernel: arch/arm/boot/zImage-dtb is ready

    now you need to get a boot.img from any nexus 5 rom and place it in boot_img (create this folder where you earlier downloaded the toolchain and the kernel)

    Code: 
    $ cd .. # if you was in msm directory
$ git clone https://github.com/pbatard/bootimg-tools.git
$ cd bootimg-tools/
$ make
$ cd cpio/
$ gcc mkbootfs.c  -o mkbootfs -I../include
$ cd ../..
$ mkdir andorid_boot_tools_bin
$ cd andorid_boot_tools_bin/
$ cp ../bootimg-tools/mkbootimg/mkbootimg .
$ cp ../bootimg-tools/mkbootimg/unmkbootimg .
$ cp ../bootimg-tools/cpio/mkbootfs .
$ cd ..

    time to create your own boot
    Code: 
    $ unmkbootimg -i boot_img/boot.img
$ cp msm/arch/arm/boot/zImage-dtb kernel
$ mkbootimg --base 0 --pagesize 2048 --kernel_offset 0x00008000 --ramdisk_offset 0x02900000 --second_offset 0x00f00000 --tags_offset 0x02700000 --cmdline 'console=ttyHSL0,115200,n8 androidboot.hardware=hammerhead  user_debug=31 maxcpus=2 msm_watchdog_v2.enable=1' --kernel kernel --ramdisk ramdisk.cpio.gz -o boot.img

    install the boot.img to your phone (this wont flash the kernel, it will temporarily boot with this kernel, after you restart you will go back to what ever kernel you had before
    Code: 
    $ adb reboot bootloader
$ sudo fastboot boot boot.img



    ------------------------------------------------------------------------------------------------

    PART B
    (setting up your phone)

    ------------------------------------------------------------------------------------------------
    For TP-LINK_TL-WN722N
    Code: 
    download the firmware files [URL="http://wireless.kernel.org/download/htc_fw/1.3/"]here[/URL]
1. htc_7010.fw
2. htc_9271.fw

    For TP-LINK TL-WN725N V1 & V2
    Code: 
    Download the firmware files [URL="https://drive.google.com/folderview?id=0Bxm4XqSOJU3YWlVaZ1NFRDF4RTA&usp=sharing"]here[/URL]


    For Linksys WUSB600N V2
    Code: 
    Download the firmware files [URL="https://drive.google.com/folderview?id=0Bxm4XqSOJU3YMGZTcjJ2ei10V1k&usp=sharing"]here[/URL]
1. rt2870.bin

    For ALFA Network AWUS036H
    Code: 
    hopefully nothing to do here,... if it doesnt work let me know

    copy them to your phone
    use a file manager with root to copy firmware files to /system/etc/firmware/

    install Linux deploy on your phone
    fire up linux deploy and go to properties-->Distribution and select kali linux
    installation path set to /sdcard/linux.img
    hit the install button

    after installation click start button

    start your favorite ssh program and happy aircrack-ng
    (SH credentials are “android” for the username (configured via Linux Deploy) and “changeme” as the password.)


    View
    9
    franciscofranco
    franciscofranco
    parker09 said:
    What does this do, get you better WiFi connection in terms of speed/stability?
    Click to expand...
    Click to collapse
    Yes, it turns your Wi-Fi into a 1Gb/s power house regardless of the connection you're on.

    To test do this:

    1 - hook up your dial-up cable and modem/router/whatever
    2 - connect your N5 to that network and try to open www.nike.com
    3 - if it takes 10m to load, then you're on the correct network, 56k yay!
    4 - flash this
    5 - connect to your 56k network
    6 - ???
    7 - www.nike.com loads in 2s
    8 - profit

    -----

    Nice guide OP :)
    View
    7
    DragonHunt3r
    DragonHunt3r
    If anyone is interested, I just compiled Franco's Kernel (r61 Nightly) with support only for the TP-LINK TL-WN722N
    You can grab it from here: https://www.mediafire.com/?v56czrl5xfpd178
    View
    6
    chiragkrishna
    chiragkrishna
    complete rom with all the required apps coming up soon,...

    Pwn-Phone-2014-820x420.jpg






    View
    5
    DragonHunt3r
    DragonHunt3r
    Anyone seen this yet ? it's pretty awesome http://www.kali.org/kali-linux-nethunter/ :victory:
    View

New posts