FORUMS
Remove All Ads from XDA

[GUIDE] Convert Your Nexus into KaliPwn Phone

611 posts
Thanks Meter: 510
 
Post Reply Email Thread


for other devices follow this

****i am not responsible for your phone or anything you do with aircrack-ng


this guide will help you, do what a $1,295.00 PWN PHONE can!!





------------------------------------------------------------------------------------------------
Things You Need
------------------------------------------------------------------------------------------------
1) Nexus 5 (rooted)
2) OTG Cable
3) list of USB supported
.TP-LINK TL-WN722N(confirmed by me & DragonHunt3r)
.Linksys WUSB600N V2 (confirmed by DragonHunt3r)
.TP-LINK TL-WN725N V1 & V2
.ALFA Network AWUS036H
(if you have other wifi usb then just ask ill try to add it into the guide)
4) Ubuntu (to compile kernel)





------------------------------------------------------------------------------------------------

PART A
(Compiling Kernel)

------------------------------------------------------------------------------------------------

Setting up your ubuntu machine
Code:
$ sudo apt-get update
Code:
$ sudo apt-get install oracle-java6-installer
Code:
$ sudo apt-get install git gnupg ccache lzop flex bison gperf build-essential zip curl zlib1g-dev zlib1g-dev:i386 libc6-dev lib32bz2-1.0 lib32ncurses5-dev x11proto-core-dev libx11-dev:i386 libreadline6-dev:i386 lib32z1-dev libgl1-mesa-glx:i386 libgl1-mesa-dev g++-multilib mingw32 tofrodos python-markdown libxml2-utils xsltproc libreadline6-dev lib32readline-gplv2-dev libncurses5-dev bzip2 libbz2-dev libbz2-1.0 libghc-bzlib-dev lib32bz2-dev squashfs-tools pngcrush schedtool dpkg-dev
Code:
$ sudo ln -s /usr/lib/i386-linux-gnu/mesa/libGL.so.1 /usr/lib/i386-linux-gnu/libGL.so
Code:
git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.6/

create a file /etc/udev/rules.d/51-android.rules (as the root user)
copy paste the below code and save

Code:
# adb protocol on passion (Nexus One)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e12", MODE="0600", OWNER="<username>"
# fastboot protocol on passion (Nexus One)
SUBSYSTEM=="usb", ATTR{idVendor}=="0bb4", ATTR{idProduct}=="0fff", MODE="0600", OWNER="<username>"
# adb protocol on crespo/crespo4g (Nexus S)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e22", MODE="0600", OWNER="<username>"
# fastboot protocol on crespo/crespo4g (Nexus S)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e20", MODE="0600", OWNER="<username>"
# adb protocol on stingray/wingray (Xoom)
SUBSYSTEM=="usb", ATTR{idVendor}=="22b8", ATTR{idProduct}=="70a9", MODE="0600", OWNER="<username>"
# fastboot protocol on stingray/wingray (Xoom)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="708c", MODE="0600", OWNER="<username>"
# adb protocol on maguro/toro (Galaxy Nexus)
SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", ATTR{idProduct}=="6860", MODE="0600", OWNER="<username>"
# fastboot protocol on maguro/toro (Galaxy Nexus)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e30", MODE="0600", OWNER="<username>"
# adb protocol on panda (PandaBoard)
SUBSYSTEM=="usb", ATTR{idVendor}=="0451", ATTR{idProduct}=="d101", MODE="0600", OWNER="<username>"
# adb protocol on panda (PandaBoard ES)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="d002", MODE="0600", OWNER="<username>"
# fastboot protocol on panda (PandaBoard)
SUBSYSTEM=="usb", ATTR{idVendor}=="0451", ATTR{idProduct}=="d022", MODE="0600", OWNER="<username>"
# usbboot protocol on panda (PandaBoard)
SUBSYSTEM=="usb", ATTR{idVendor}=="0451", ATTR{idProduct}=="d00f", MODE="0600", OWNER="<username>"
# usbboot protocol on panda (PandaBoard ES)
SUBSYSTEM=="usb", ATTR{idVendor}=="0451", ATTR{idProduct}=="d010", MODE="0600", OWNER="<username>"
# adb protocol on grouper/tilapia (Nexus 7)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e42", MODE="0600", OWNER="<username>"
# fastboot protocol on grouper/tilapia (Nexus 7)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e40", MODE="0600", OWNER="<username>"
# adb protocol on manta (Nexus 10)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4ee2", MODE="0600", OWNER="<username>"
# fastboot protocol on manta (Nexus 10)
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4ee0", MODE="0600", OWNER="<username>"
<username> must be replaced by the actual username of the user who is authorized to access the phones over USB.

Setting correct paths
Code:
gedit android-path.sh
cope paste the code and save it
Code:
export CC=$(pwd)/arm-eabi-4.6/bin/arm-eabi-
export CROSS_COMPILE=$(pwd)/arm-eabi-4.6/bin/arm-eabi-

export ARCH=arm
export SUBARCH=arm

export PATH=$PATH:$(pwd)/andorid_boot_tools_bin
Make it executable and source to current terminal window.
(you need to source it to your current terminal window before you compile)
Code:
 $ chmod +x android-path.sh
$ source android-path.sh



Download Source (any kernel source can be used)

ElementalX Kernel Source
Franco.kernel Source
Android Kernel Source

using andoid kernel source
Code:

$ git clone https://android.googlesource.com/kernel/msm.git
Code:
 
$ cd msm/
$ git branch -a
$ git checkout origin/android-msm-hammerhead-3.4-kitkat-mr2
Code:
$ make hammerhead_defconfig
$ make menuconfig
Adding required drivers

For TP-LINK_TL-WN722N
Code:
quick look in wikidev will tell you that TP-LINK TL-WN722N uses ath9k_htc drivers

Enabling ath9k drivers in kernel
To enable ath9k, you must first enable mac80211 through make menuconfig when compiling your kernel. If you do not know what this means then please learn to compile kernels or rely on your Linux distribution's kernel. Below are the options you need to enable ath9k through make menuconfig.

Code:
Networking support  --->
  Wireless  --->
    < * > cfg80211 - wireless configuration API
    < * > Generic IEEE 802.11 Networking Stack (mac80211)
You can then enable ath9k in the kernel configuration under
Code:
Device Drivers  --->[*] Network device support  --->
        Wireless LAN  --->
          Atheros Wireless Cards ---->
            < * >   Atheros 802.11n wireless cards support
            < * >   Atheros HTC based wireless card support
save and exit menuconfig check in your .config file if you have them enable(its a hidden file)
Code:
CONFIG_ATH_COMMON=y
CONFIG_ATH9K_HW=y
CONFIG_ATH9K_COMMON=y
CONFIG_ATH9K_HTC=y

For TP-LINK TL-WN725N V1 & V2
[CODE]
quick look in V1 & V2 wikidev will tell you that TP-LINK_TL-WN725N uses rtl8192cu & 8188eu drivers

To enable rtl8192cu & 8188eu, you must first enable rtl8192cu & 8188eu through make menuconfig when compiling your kernel. If you do not know what this means then please learn to compile kernels or rely on your Linux distribution's kernel. Below are the options you need to enable rtl8192cu & 8188eu through make menuconfig.

Code:
Device Drivers  --->[*] Network device support  --->
        Wireless LAN  --->
          [*]   Realtek RTL8192CU/RTL8188CU USB Wireless Network Adapter

For Linksys WUSB600N V2
[CODE]
quick look in wikidev will tell you that WUSB600N V2 uses rt2800usb drivers

To enable rt2800usb, you must first enable rt2800usb through make menuconfig when compiling your kernel. If you do not know what this means then please learn to compile kernels or rely on your Linux distribution's kernel. Below are the options you need to enable rt2800usb through make menuconfig.

Code:
Device Drivers  --->[*] Network device support  --->
        Wireless LAN  --->
            Ralink driver support   ---->
            < * >   Ralink rt27xx/rt28xx/rt30xx (USB) support  -->
                         < * >   rt2800usb - Include support for rt35xx devices (EXPERIMENTAL) (NEW)
                         < * >   rt2800usb - Include support for unknown (USB) devices

For ALFA Network AWUS036H
[CODE]quick look in wikidev will tell you that AWUS036H uses rtl8187 drivers

Enabling rtl8187 drivers in kernel
To enable rtl8187, you must first enable rtl8187 through make menuconfig when compiling your kernel. If you do not know what this means then please learn to compile kernels or rely on your Linux distribution's kernel. Below are the options you need to enable rtl8187 through make menuconfig.


Code:
Networking support  --->
  Wireless  --->
    < * > Common routines for IEEE802.11 drivers  
    < * > Generic IEEE 802.11 Networking Stack (mac80211)
You can then enable rtl8187 in the kernel configuration under
Code:
Code:
Device Drivers  --->[*] Network device support  --->
        Wireless LAN  --->
          [*]   Realtek 8187 and 8187B USB support
save and exit menuconfig
save and exit menuconfig if you dint do it
now your ready to compile
Code:
make -j4
this will take some time to compile

you should get something like this in the end
Code:
Kernel: arch/arm/boot/zImage-dtb is ready
now you need to get a boot.img from any nexus 5 rom and place it in boot_img (create this folder where you earlier downloaded the toolchain and the kernel)

Code:
$ cd .. # if you was in msm directory
$ git clone https://github.com/pbatard/bootimg-tools.git
$ cd bootimg-tools/
$ make
$ cd cpio/
$ gcc mkbootfs.c  -o mkbootfs -I../include
$ cd ../..
$ mkdir andorid_boot_tools_bin
$ cd andorid_boot_tools_bin/
$ cp ../bootimg-tools/mkbootimg/mkbootimg .
$ cp ../bootimg-tools/mkbootimg/unmkbootimg .
$ cp ../bootimg-tools/cpio/mkbootfs .
$ cd ..
time to create your own boot
Code:
$ unmkbootimg -i boot_img/boot.img
$ cp msm/arch/arm/boot/zImage-dtb kernel
$ mkbootimg --base 0 --pagesize 2048 --kernel_offset 0x00008000 --ramdisk_offset 0x02900000 --second_offset 0x00f00000 --tags_offset 0x02700000 --cmdline 'console=ttyHSL0,115200,n8 androidboot.hardware=hammerhead  user_debug=31 maxcpus=2 msm_watchdog_v2.enable=1' --kernel kernel --ramdisk ramdisk.cpio.gz -o boot.img
install the boot.img to your phone (this wont flash the kernel, it will temporarily boot with this kernel, after you restart you will go back to what ever kernel you had before
Code:
$ adb reboot bootloader
$ sudo fastboot boot boot.img


------------------------------------------------------------------------------------------------

PART B
(setting up your phone)

------------------------------------------------------------------------------------------------
For TP-LINK_TL-WN722N
Code:
download the firmware files here
1. htc_7010.fw
2. htc_9271.fw
For TP-LINK TL-WN725N V1 & V2
Code:
Download the firmware files here

For Linksys WUSB600N V2
Code:
Download the firmware files here
1. rt2870.bin
For ALFA Network AWUS036H
Code:
hopefully nothing to do here,... if it doesnt work let me know
copy them to your phone
use a file manager with root to copy firmware files to /system/etc/firmware/

install Linux deploy on your phone
fire up linux deploy and go to properties-->Distribution and select kali linux
installation path set to /sdcard/linux.img
hit the install button

after installation click start button

start your favorite ssh program and happy aircrack-ng
(SH credentials are “android” for the username (configured via Linux Deploy) and “changeme” as the password.)


The Following 35 Users Say Thank You to chiragkrishna For This Useful Post: [ View ] Gift chiragkrishna Ad-Free
 
 
19th August 2014, 12:51 PM |#2  
nagato86's Avatar
Senior Member
Flag Casalbordino
Thanks Meter: 27
 
More
hello ... how did you get those two lines of commands on the keyboard ?!
The Following User Says Thank You to nagato86 For This Useful Post: [ View ] Gift nagato86 Ad-Free
19th August 2014, 01:09 PM |#3  
chiragkrishna's Avatar
OP Senior Member
Flag bangalore
Thanks Meter: 510
 
More
which command are you talking about?
you should use the commands one by one
19th August 2014, 01:30 PM |#4  
RoyJ's Avatar
Senior Member
Thanks Meter: 2,589
 
More
Quote:
Originally Posted by chiragkrishna

which command are you talking about?
you should use the commands one by one

If I'm not mistaken, I believe he means your screen shot. In terminal with Ctrl, alt, etc above the keyboard.
The Following User Says Thank You to RoyJ For This Useful Post: [ View ] Gift RoyJ Ad-Free
19th August 2014, 01:46 PM |#5  
chiragkrishna's Avatar
OP Senior Member
Flag bangalore
Thanks Meter: 510
 
More
you need to install aircrack-ng in kali
i am not going to guide you on how to use kali!! you have to figure it on your own!!

code used in that screenshot,
Code:
$ sudo airmon-ng
$ sudo airmon-ng start wlan1
The Following 3 Users Say Thank You to chiragkrishna For This Useful Post: [ View ] Gift chiragkrishna Ad-Free
19th August 2014, 06:23 PM |#6  
shizkoff777's Avatar
Senior Member
Flag elizabethton
Thanks Meter: 5,561
 
More
Quote:
Originally Posted by chiragkrishna

you need to install aircrack-ng in kali
i am not going to guide you on how to use kali!! you have to figure it on your own!!

code used in that screenshot,

Code:
$ sudo airmon-ng
$ sudo airmon-ng start wlan1

Love this reply.Honestly if u don't know how then you should not be trying it

Sent from my Nexus 5 using Tapatalk
The Following User Says Thank You to shizkoff777 For This Useful Post: [ View ] Gift shizkoff777 Ad-Free
19th August 2014, 09:57 PM |#7  
parker09's Avatar
Senior Member
Thanks Meter: 173
 
More
What does this do, get you better WiFi connection in terms of speed/stability?
19th August 2014, 11:07 PM |#8  
GT-af's Avatar
Senior Member
Flag Paris
Thanks Meter: 68
 
More
Search aircrack-ng on Google, you're very far !

Sent from my Nexus 5 using XDA Free mobile app
20th August 2014, 02:07 AM |#9  
Senior Member
Thanks Meter: 163
 
More
Quote:
Originally Posted by GT-af

Search aircrack-ng on Google, you're very far !

Sent from my Nexus 5 using XDA Free mobile app

Well..... It could, just not the way he was probably expecting
20th August 2014, 07:31 AM |#10  
DragonHunt3r's Avatar
Senior Member
Thanks Meter: 509
 
More
Pretty cool tut I must say, I'm wondering, could you make it support aswell the Wusb600n v2 ? that's what I'm currently having as usb wifi :P
20th August 2014, 09:04 AM |#11  
chiragkrishna's Avatar
OP Senior Member
Flag bangalore
Thanks Meter: 510
 
More
added support for WUSB600N V2

this guide will help you, do what a $1,295.00 PWN PHONE can!!
The Following 4 Users Say Thank You to chiragkrishna For This Useful Post: [ View ] Gift chiragkrishna Ad-Free
Post Reply Subscribe to Thread

Tags
kali phone, kernel drivers, pwnexpress, usb wifi

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes