[Kernel][Exynos][BROKEN] Kali NetHunter for the Galaxy S7

Search This thread

jcadduono

Recognized Developer
Jan 17, 2014
1,492
6,209
29
Thunder Bay
adduono.com


OKAY SO

Currently, I am unable to get even stock kernel sources to boot. I'm not sure what to do to at this point. Waiting on someone else that actually has the device to get this figured out - DO NOT FLASH!

WARNING: This is completely untested, highly theoretical, and possibly dangerous. Flash at your own risk.
Back up your original boot image in TWRP before attempting to flash this! If it doesn't boot, you can simply restore your previous boot image.


This is Kali NetHunter 3.0.5 for the Galaxy S7.

If you don't know what Kali NetHunter is, well, it's the entire Kali Linux operating system in a chroot on your phone, plus a bunch of awesome apps for executing exploits, fixing things, doing cool things. It goes on, I suppose.
I'm gonna be honest guys, I'm not a security person. When it comes to security, I'm more of a Paul Blart.
What I do know though, is that there is apt-get, and apt-get is life.

Find much more information here: https://github.com/offensive-security/kali-nethunter/wiki
The answer to all your questions, generally the answer is YES, IT CAN DO THAT.

Most ROMs should be supported, as our installer uses a dynamic patching method on your current boot image!

The updater zip will add a few files to your /system partition, and install all of the NetHunter apps to your /data partition.
The chroot is located in /data/local, so you don't have to worry about your system partition being full. It's full read/write capable.
Understand that the zip will replace your current kernel with a completely different one.
This is necessary because most stock or custom kernels don't provide the drivers needed to operate most of Kali NetHunter's features.

DOWNLOAD

Current version: 3.0.5 (beta, 2016-03-11)

Please be careful to download the right version based on this table:
SM-G930F, SM-G930FD, SM-G930X, SM-G930W8: herolte
SM-G935F, SM-G935FD, SM-G935X, SM-G935W8: See proper forum.
All others be sad.

Download is available at: https://idlekernel.com/nethunter/herolte/
Grab the 700 MB+ zip.
Kernel-only zip is for upgrading your kernel, or just using the NetHunter kernel by itself. (yes, you can do that!)

BEFORE INSTALLING

IMPORTANT: Kali NetHunter requires write access to your data partition!
Flash this zip in TWRP to allow system modifications and unencrypted data: https://idlekernel.com/fun-stuff-trust-me/no-verity-opt-encrypt.zip
Once that is flashed, go to the wipe page and use the [Format Data] button.
This will wipe all your data, including internal storage!
Boot up your system and set up Android.
Now you can go back into TWRP and flash Kali NetHunter.

Currently, Samsung encryption is not supported by TWRP, so we have to disable it.
Sorry security freaks! There's a lot of irony here, isn't there?

The Kali chroot and apps are installed on your data partition (in /data/local for chroot). To initialize the chroot and install Kali Linux, you need to start the Kali NetHunter app.

The NetHunter installer will automatically install SuperSU (2.68) in system mode, which I consider to be more stable. Since NetHunter already modifies your system partition, there is no need to use systemless SuperSU anyways.

Also included is an extra Busybox that gives you full large file support and some extra applets.

FULL FRESH INSTALL STEPS
  1. Install Team Win Recovery Project to your recovery partition.
    Transparent.gif
  2. If your data partition doesn't mount in TWRP:
    Go to [Wipe] -> [Format Data] (not advanced wipe) -> type "yes".
    WARNING: This will wipe your internal storage, disable encryption, and factory reset your phone!
    Once your data partition is formatted, go to [Reboot] -> [Recovery].
    Transparent.gif
  3. Download dm-verity and force encryption disabler.
    Without exiting TWRP, transfer no-verity-opt-encrypt.zip to your device over MTP* and flash it using [Install] in TWRP.
    Transparent.gif
  4. If you wiped your data partition in step 2:
    Go to [Reboot] -> [System].
    Set up your phone by following the Android setup wizard.
    Once it's set up, reboot back into recovery.
    Transparent.gif
  5. Download Kali NetHunter.
    Without exiting TWRP, transfer the NetHunter installer zip to your device over MTP* and flash it using [Install] in TWRP.
    Transparent.gif
  6. Go to [Reboot] -> [System].
    Transparent.gif
  7. Wait 5-15 minutes for your device to finish setting itself up.
    Transparent.gif
  8. Open the NetHunter app to initialize the environment
    Transparent.gif
  9. You're done!
* MTP, known as Media Transfer Protocol, is the same way you transfer files from your PC to your device when booted into system.

UPDATING TO A NEWER BUILD

Going from 3.0.0 and up, all you have to do is flash the new build in recovery and wipe dalvik cache.

UPDATING YOUR ROM

To get all your NetHunter and SuperSU functions back after flashing a new ROM, just flash the ~60 MB update-nethunter-* zip again.

THE KERNEL

The NetHunter kernel for the Galaxy S7 is based on Samsung's OSRC G930FXXU1APAW kernel sources.
It has the following changes:
  • F2FS updated to Jaeguek Kim's latest kernel.org f2fs-stable sources
  • F2FS formatted system, data, and cache partition support
  • UKSM Ultra Kernel Same-page Merging KSM support
  • Updated and enabled USB (OTG) Atheros, Ralink, and Realtek WiFi drivers
  • Simple IO (SIO) scheduler as default IO scheduler
  • USB HID Gadget keyboard support
  • mac80211 packet injection support
  • DriveDroid compatibility
  • Additional drivers built in for the full Kali NetHunter experience
  • Data partition encryption changed from forced to optional (disabled during installation)
  • Disables dm-verity and allows you to boot modified system partitions

RAN INTO AN ISSUE OR BUG?

In order for me to help you, you have to at minimum reply with:
  • The link to the exact zip you downloaded
  • Your device model (it better not be something other than G900F, dangit!)
  • The name of the ROM you're flashing it on
  • The version and build date of the ROM you're flashing it on
  • A complete description of your problem
  • Optional: An audio recording of you reading this entire post
If your issue is with a specific app, it might be better to contact the developer of that app.

If your issue is during the installation (ex. flashing the NetHunter zip), then please collect a TWRP recovery.log for me.

If you found a problem and were able to fix it, and no one's mentioned it in the thread already, it would be kind to state the issue and your fix for others to make use of as well.

You can join me and the other NetHunter developers on IRC at the #nethunter room on freenode to more handily diagnose problems together.
I apologize, but I can't do house calls at this time.

KNOWN ISSUES

  • USB Keyboard - The keyboard is unusable when using Google Keyboard as your input method. Switch to Hacker's Keyboard.
  • NetHunter Terminal - It doesn't automatically set the columns/rows, so you need to type "resize" sometimes to fix the display.
DEVELOPMENT

You can see my branch of the installer development here: https://github.com/jcadduono/kali-nethunter
Alternatively, the main branch is also available on the Offensive Security GitHub: https://github.com/offensive-security/kali-nethunter
Kernel source: https://github.com/jcadduono/nethunter_kernel_herolte

SCREENSHOTS
1.png
2.png

4.png
3.png

DISCLAIMER

I am not affiliated with Offensive Security. They seem like cool guys though.
I'm not even a novice when it comes to security and penetration. I'm just a simple system administrator with a passion for breaking Android.
Please restrain yourselves from asking me security related questions.

XDA:DevDB Information
Kali NetHunter for the Galaxy S7, Kernel for the Samsung Galaxy S7

Contributors
jcadduono, The Kali NetHunter team
Source Code: https://github.com/offensive-security/kali-nethunter

Kernel Special Features:

Version Information
Status: Beta
Current Beta Version: 3.0.5
Beta Release Date: 2016-03-11

Created 2016-03-11
Last Updated 2016-04-15
 

cappone

Senior Member
Jan 18, 2012
107
5
finally, did great work there, but how do i download it :D
ok did manage it some how the IDM was the issue and cant download it
 
Last edited:

cappone

Senior Member
Jan 18, 2012
107
5
hm cant flash ur kernel and stuck in boot loop, when i try to flash it its says in twrp "unable to mount /data as rw!" any idea?
 

Activadee

Member
Jul 27, 2015
18
4
Kiel
I installed now your test 2 Kernel zip. But its causing Bootloop - its dont go over the "Samsung Galaxy S7" logo. Its a European s7 with Exynos. If you tell me HOW to provide some logs i would like to help you if i can ;D


Edit// I Managed to upload the log from booting with your kernel. I don't know if it's right but maybe it helps you. I backed up my boot with twrp, flashed your kernel, reboot until the loop and restored the old boot with twrp

https://drive.google.com/file/d/0B9IHgLrX7UgTRThJUEs3RExUR1k/view?usp=docslist_api
 
Last edited:

jcadduono

Recognized Developer
Jan 17, 2014
1,492
6,209
29
Thunder Bay
adduono.com
I installed now your test 2 Kernel zip. But its causing Bootloop - its dont go over the "Samsung Galaxy S7" logo. Its a European s7 with Exynos. If you tell me HOW to provide some logs i would like to help you if i can ;D


Edit// I Managed to upload the log from booting with your kernel. I don't know if it's right but maybe it helps you. I backed up my boot with twrp, flashed your kernel, reboot until the loop and restored the old boot with twrp

https://drive.google.com/file/d/0B9IHgLrX7UgTRThJUEs3RExUR1k/view?usp=docslist_api

nope need /sys/fs/pstore not recovery.log

i also need a backup of your boot partition after flashing the kernel
 
Last edited:

jcadduono

Recognized Developer
Jan 17, 2014
1,492
6,209
29
Thunder Bay
adduono.com
I upload the boot partition later. Would you please tell me how to grab the log from /sys/fs/pstore ? Via Adb from twrp?

yes it should exist for a few minutes after exiting boot loop and entering twrp, adb pull /sys/fs/pstore
it will grab the whole folder for you

in the meantime, i have made a flashable tar for kernel with the boot image you gave me. i trimmed out much of the secure stuff & knox, and enabled adb debugging.
https://idlekernel.com/nethunter/herolte/AP_nethunter_G930F_APB9_test1.tar

you should hopefully be able to adb in and get logcat and /proc/kmsg while it is stuck in samsung logo after flashing it....
 
Last edited:

Activadee

Member
Jul 27, 2015
18
4
Kiel
yes it should exist for a few minutes after exiting boot loop and entering twrp, adb pull /sys/fs/pstore
it will grab the whole folder for you

in the meantime, i have made a flashable tar for kernel with the boot image you gave me. i trimmed out much of the secure stuff & knox, and enabled adb debugging.
https://idlekernel.com/nethunter/herolte/AP_nethunter_kernel_G930F.tar

you should hopefully be able to adb in and get logcat and /proc/kmsg while it is stuck in samsung logo after flashing it....

Going to do this later this day.
 
Last edited:
  • Like
Reactions: jcadduono

Activadee

Member
Jul 27, 2015
18
4
Kiel
Going to do this later this day.

Ok, lets begin.

I flashed first the test 2 zip from yesterday to get /sys/fs/pstore

flashed the zip via twrp -> reboot to system -> again it dont go over the FIRST Samsung logo - it shows up for 2 secs and rebooting again. This is the only result i get when i flash the zip. after i rebooted to twrp i connected my phone to my laptop to pull /sys/fs/pstore

So i started adb and typed in: adb pull /sys/fs/pstore
the result is
pull: building file list...
0 files pulled. 0 files skipped.
There is no files in the folder.


I restored the original boot partition and flashed your *.tar file via odin 3.10.7.

the result is just the same.

For better undestanding i uploaded a picture with my "high end build in 2MP Tablet Camera" to show you what samsung logo i mean. Its showing up for 2 secs, reboots and showing up again.

https://drive.google.com/open?id=0B9IHgLrX7UgTbkstc0RrOS1zamc

With the original boot partition - there is an other samsung logo after the first one. I uploaded it here :
https://drive.google.com/open?id=0B9IHgLrX7UgTcG1nZ3cyZ3VNbkk

Hope i could help you with this.
 

CuBz90

Senior Member
Sep 27, 2010
2,223
1,032
Manchester
www.galaxys7.co.uk
Thanks for your time and assistance. Would anyone else be willing to come to #nethunter on freenode IRC and flash a few test zips for me?

I would. I have the G935F so could help with that. Let me know. Everytime I go to #nethunter you're not active. I'm assuming it's due to our different time zones. I was then told I shouldn't be there if it's nothing to do with AOSP, which was rude. but anyway, let me know what I can do to help. I am available anytime after 2pm (GMT)

Sent from my SM-G935F using Tapatalk
 
Last edited:

curioct

Senior Member
Jan 12, 2011
280
41
Just ordered mine unnfortunately there's a 7 day lead time / back log if you're still stuck then I will be happy to come on IRC and help with the testing
 

Mgrev

Member
Sep 26, 2014
45
8
this is kind of irrellevant, but could you please trhy to port it to the s6? it has no problems with the bootloader when loading unofficial files. also, i have not planned on getting the s7
 

jcadduono

Recognized Developer
Jan 17, 2014
1,492
6,209
29
Thunder Bay
adduono.com
this is kind of irrellevant, but could you please trhy to port it to the s6? it has no problems with the bootloader when loading unofficial files. also, i have not planned on getting the s7

i'm actually having the exact same problem on Note 5 right now, which will also apply to S6...can't figure out how to boot custom kernels without it rebooting at lock screen. =(
hopefully t-mobile S7/edge will not have these problems since it is qcom...

got to say development would be a million times easier if i had these phones myself ><

update 2016-03-28: try this if you're crazy enough! https://idlekernel.com/nethunter/herolte/ (grab latest)
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 12


    OKAY SO

    Currently, I am unable to get even stock kernel sources to boot. I'm not sure what to do to at this point. Waiting on someone else that actually has the device to get this figured out - DO NOT FLASH!

    WARNING: This is completely untested, highly theoretical, and possibly dangerous. Flash at your own risk.
    Back up your original boot image in TWRP before attempting to flash this! If it doesn't boot, you can simply restore your previous boot image.


    This is Kali NetHunter 3.0.5 for the Galaxy S7.

    If you don't know what Kali NetHunter is, well, it's the entire Kali Linux operating system in a chroot on your phone, plus a bunch of awesome apps for executing exploits, fixing things, doing cool things. It goes on, I suppose.
    I'm gonna be honest guys, I'm not a security person. When it comes to security, I'm more of a Paul Blart.
    What I do know though, is that there is apt-get, and apt-get is life.

    Find much more information here: https://github.com/offensive-security/kali-nethunter/wiki
    The answer to all your questions, generally the answer is YES, IT CAN DO THAT.

    Most ROMs should be supported, as our installer uses a dynamic patching method on your current boot image!

    The updater zip will add a few files to your /system partition, and install all of the NetHunter apps to your /data partition.
    The chroot is located in /data/local, so you don't have to worry about your system partition being full. It's full read/write capable.
    Understand that the zip will replace your current kernel with a completely different one.
    This is necessary because most stock or custom kernels don't provide the drivers needed to operate most of Kali NetHunter's features.

    DOWNLOAD

    Current version: 3.0.5 (beta, 2016-03-11)

    Please be careful to download the right version based on this table:
    SM-G930F, SM-G930FD, SM-G930X, SM-G930W8: herolte
    SM-G935F, SM-G935FD, SM-G935X, SM-G935W8: See proper forum.
    All others be sad.

    Download is available at: https://idlekernel.com/nethunter/herolte/
    Grab the 700 MB+ zip.
    Kernel-only zip is for upgrading your kernel, or just using the NetHunter kernel by itself. (yes, you can do that!)

    BEFORE INSTALLING

    IMPORTANT: Kali NetHunter requires write access to your data partition!
    Flash this zip in TWRP to allow system modifications and unencrypted data: https://idlekernel.com/fun-stuff-trust-me/no-verity-opt-encrypt.zip
    Once that is flashed, go to the wipe page and use the [Format Data] button.
    This will wipe all your data, including internal storage!
    Boot up your system and set up Android.
    Now you can go back into TWRP and flash Kali NetHunter.

    Currently, Samsung encryption is not supported by TWRP, so we have to disable it.
    Sorry security freaks! There's a lot of irony here, isn't there?

    The Kali chroot and apps are installed on your data partition (in /data/local for chroot). To initialize the chroot and install Kali Linux, you need to start the Kali NetHunter app.

    The NetHunter installer will automatically install SuperSU (2.68) in system mode, which I consider to be more stable. Since NetHunter already modifies your system partition, there is no need to use systemless SuperSU anyways.

    Also included is an extra Busybox that gives you full large file support and some extra applets.

    FULL FRESH INSTALL STEPS
    1. Install Team Win Recovery Project to your recovery partition.
      Transparent.gif
    2. If your data partition doesn't mount in TWRP:
      Go to [Wipe] -> [Format Data] (not advanced wipe) -> type "yes".
      WARNING: This will wipe your internal storage, disable encryption, and factory reset your phone!
      Once your data partition is formatted, go to [Reboot] -> [Recovery].
      Transparent.gif
    3. Download dm-verity and force encryption disabler.
      Without exiting TWRP, transfer no-verity-opt-encrypt.zip to your device over MTP* and flash it using [Install] in TWRP.
      Transparent.gif
    4. If you wiped your data partition in step 2:
      Go to [Reboot] -> [System].
      Set up your phone by following the Android setup wizard.
      Once it's set up, reboot back into recovery.
      Transparent.gif
    5. Download Kali NetHunter.
      Without exiting TWRP, transfer the NetHunter installer zip to your device over MTP* and flash it using [Install] in TWRP.
      Transparent.gif
    6. Go to [Reboot] -> [System].
      Transparent.gif
    7. Wait 5-15 minutes for your device to finish setting itself up.
      Transparent.gif
    8. Open the NetHunter app to initialize the environment
      Transparent.gif
    9. You're done!
    * MTP, known as Media Transfer Protocol, is the same way you transfer files from your PC to your device when booted into system.

    UPDATING TO A NEWER BUILD

    Going from 3.0.0 and up, all you have to do is flash the new build in recovery and wipe dalvik cache.

    UPDATING YOUR ROM

    To get all your NetHunter and SuperSU functions back after flashing a new ROM, just flash the ~60 MB update-nethunter-* zip again.

    THE KERNEL

    The NetHunter kernel for the Galaxy S7 is based on Samsung's OSRC G930FXXU1APAW kernel sources.
    It has the following changes:
    • F2FS updated to Jaeguek Kim's latest kernel.org f2fs-stable sources
    • F2FS formatted system, data, and cache partition support
    • UKSM Ultra Kernel Same-page Merging KSM support
    • Updated and enabled USB (OTG) Atheros, Ralink, and Realtek WiFi drivers
    • Simple IO (SIO) scheduler as default IO scheduler
    • USB HID Gadget keyboard support
    • mac80211 packet injection support
    • DriveDroid compatibility
    • Additional drivers built in for the full Kali NetHunter experience
    • Data partition encryption changed from forced to optional (disabled during installation)
    • Disables dm-verity and allows you to boot modified system partitions

    RAN INTO AN ISSUE OR BUG?

    In order for me to help you, you have to at minimum reply with:
    • The link to the exact zip you downloaded
    • Your device model (it better not be something other than G900F, dangit!)
    • The name of the ROM you're flashing it on
    • The version and build date of the ROM you're flashing it on
    • A complete description of your problem
    • Optional: An audio recording of you reading this entire post
    If your issue is with a specific app, it might be better to contact the developer of that app.

    If your issue is during the installation (ex. flashing the NetHunter zip), then please collect a TWRP recovery.log for me.

    If you found a problem and were able to fix it, and no one's mentioned it in the thread already, it would be kind to state the issue and your fix for others to make use of as well.

    You can join me and the other NetHunter developers on IRC at the #nethunter room on freenode to more handily diagnose problems together.
    I apologize, but I can't do house calls at this time.

    KNOWN ISSUES

    • USB Keyboard - The keyboard is unusable when using Google Keyboard as your input method. Switch to Hacker's Keyboard.
    • NetHunter Terminal - It doesn't automatically set the columns/rows, so you need to type "resize" sometimes to fix the display.
    DEVELOPMENT

    You can see my branch of the installer development here: https://github.com/jcadduono/kali-nethunter
    Alternatively, the main branch is also available on the Offensive Security GitHub: https://github.com/offensive-security/kali-nethunter
    Kernel source: https://github.com/jcadduono/nethunter_kernel_herolte

    SCREENSHOTS
    1.png
    2.png

    4.png
    3.png

    DISCLAIMER

    I am not affiliated with Offensive Security. They seem like cool guys though.
    I'm not even a novice when it comes to security and penetration. I'm just a simple system administrator with a passion for breaking Android.
    Please restrain yourselves from asking me security related questions.

    XDA:DevDB Information
    Kali NetHunter for the Galaxy S7, Kernel for the Samsung Galaxy S7

    Contributors
    jcadduono, The Kali NetHunter team
    Source Code: https://github.com/offensive-security/kali-nethunter

    Kernel Special Features:

    Version Information
    Status: Beta
    Current Beta Version: 3.0.5
    Beta Release Date: 2016-03-11

    Created 2016-03-11
    Last Updated 2016-04-15
    5
    Is there a specific way of how to flash the kernel? Because I can't undstand why it's not working

    Sent with my Nova powered SM-G901F

    Something wrong with Samsung's source.
    It seems that new version of TIMA RKP will prevent device to boot from custom kernel. (Seems It will verify the signature).
    We could boot with RKP disabled,but we will meet random reboot problems.
    I am comparing S7's RKP with Note5's.
    2
    Going to do this later this day.

    Ok, lets begin.

    I flashed first the test 2 zip from yesterday to get /sys/fs/pstore

    flashed the zip via twrp -> reboot to system -> again it dont go over the FIRST Samsung logo - it shows up for 2 secs and rebooting again. This is the only result i get when i flash the zip. after i rebooted to twrp i connected my phone to my laptop to pull /sys/fs/pstore

    So i started adb and typed in: adb pull /sys/fs/pstore
    the result is
    pull: building file list...
    0 files pulled. 0 files skipped.
    There is no files in the folder.


    I restored the original boot partition and flashed your *.tar file via odin 3.10.7.

    the result is just the same.

    For better undestanding i uploaded a picture with my "high end build in 2MP Tablet Camera" to show you what samsung logo i mean. Its showing up for 2 secs, reboots and showing up again.

    https://drive.google.com/open?id=0B9IHgLrX7UgTbkstc0RrOS1zamc

    With the original boot partition - there is an other samsung logo after the first one. I uploaded it here :
    https://drive.google.com/open?id=0B9IHgLrX7UgTcG1nZ3cyZ3VNbkk

    Hope i could help you with this.
    2
    I now tried around 20 or 30 builds to get the kernel from opensource working. Different toolchains, stock dtb image, your dtb.img generator. Tima enabled, tima disabled, tima enabled and tima_rkp disabled, tima enabled and tima_rkp enabled etc etc.
    IT didn't booted up a single time.!!!
    Actually if you disable TIMA,it would boot.
    Now I am working on random reboots.
    1
    I upload the boot partition later. Would you please tell me how to grab the log from /sys/fs/pstore ? Via Adb from twrp?

    // Edit

    The files from the boot partition are uploaded
    https://drive.google.com/folderview?id=0B9IHgLrX7UgTRnlvcWFiRHVwYUE

    I just flashed your Kernel and backed up the partition after this. Or do you need one with already tried to boot?
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone