[KERNEL] Nethunter for Galaxy S20 FE 5G r8q (Snapdragon)

Search This thread

Svirusx

Senior Member
Jun 6, 2015
300
234


WirusMOD Nethunter Kernel for Samsung Galaxy S20 FE 5G (Snapdragon) - Stock Android 10 & 11 & 12
Code:
I am not responsible for bricked devices.
If you going to flash it, you accepted it.
Of course your warranty is void.

Nethunter Features:
  • BadUSB
  • HID gadget keyboard/mouse
  • DriveDroid
  • USB WiFi, mac80211 (Monitor mode, packet capture, packet injection) [Compatibility List]
  • support rtl88xxau USB WiFi
  • support rtl8188eus USB WiFi
  • support rtl88x2bu USB WiFi
  • Ethernet
  • Bluetooth HCI USB support
  • RTL-SDR DVB support
  • Monitor mode for buildin wifi card ( Qcacld-3.0 ) (No frame injection)
  • Enabled BT_RFCOMM
  • Support for extra file systems like CIFS, NFS, NTFS, F2FS
Extra:
  • Boeffla wakelock blocker v1.10
  • Wireguard
  • Docker support

Download: Android 12 releases start with v3.x
Latest version SM-G781X here.

Installation:
1. TWRP Backup your ROM
2. Flash Nethunter Kernel
3. Flash latest Magisk
4. Install busybox can be one from Magisk repository
5. Install Nethunter Store
6. Install NetHunter apk, NetHunter Terminal, NetHunter KeX from Nethunter Store
7. In NetHunter apk go to Kali Chroot Manager and install chroot.
7. Extract Nethunter_WirusMOD_r8q_vX.X_binaries.7z and binaries to folders:
Android 11 = Firmwares: /vendor/firmware_mnt/image/
Android 10 = Firmwares: /vendor/etc/firmware_mnt/image/
Firmwares: Give permissions to every file rw-r--r-- (if they aren't set)
hid-keyboard binary: system/xbin/ and give permissions to it rwxr-xr-x
8. Reboot


OLD: Loadable modules only for version 1.0:

Most of modules are integrated in kernel. Here are only two modules to load. Use they only if you need they.
Modules_Nethunter_WirusMOD_vX.X.7z

insmod 8188eu.ko - load module
rmmod 8188eu.ko - unload module
lsmod - list loaded modules

Another way to load modules is Module Loader
Copy modules to storage and choose modules which you want to load.


BUGs / Informations:
-If Safetynet Fix is installed can cause freeze at samsung flashy logo.
-If USB Arsenal setting HID function doesn't work try set it without ADB.
-In kernel are added binaries from Nethunter_WirusMOD_r8q_vX.X_binaries.7z(without modules) but they aren't copied automatically.
-airodump-ng can't self change channels for wlan0.
-If monitor mode for wlan0 doesn't work. Enable wifi connection > disable it -> enable monitor mode with Nethunter apk and try airodump wlan0
-Change channel in wlan0 monitor mode and frame capture:
iwpriv wlan0 setMonChan 36 2 - Setting channel 36
tcpdump -i wlan0 -w <tcpdump.pcap>

Docker Installation:

Every Commando execute in Termux app! More info here

pkg install root-repo
pkg install golang make cmake ndk-multilib tsu tmux docker

mkdir $TMPDIR/docker-build
cd $TMPDIR/docker-build
wget https://github.com/krallin/tini/archive/v0.19.0.tar.gz
tar xf v0.19.0.tar.gz
cd tini-0.19.0
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX ..
make -j8
make install
ln -s $PREFIX/bin/tini-static $PREFIX/bin/docker-init

1. Run docker server
sudo dockerd --iptables=false

2. Test of those two containers work
sudo docker run hello-world
sudo docker run --network host --name nginx nginx:latest
#Go with browser to IP address of your smartphone with port 80. If you get nginx default page it works!

#Internet in docker containers
sudo ip route add default via <Gateway> dev wlan0
sudo ip rule add from all lookup main pref 30000


BUGs / Informations:
- option to forward ports from docker network to host does not work ( e.q. -p 0.0.0.0:80:3000) you need to use Host mode "--network host"
- Not every container for arm64 works with android. e.q official gitea can not bind port 3000. (I made special version of gitea with fix more info here)

Docker Screens:

docker containers.jpg
Gitea.jpg
Nginx.jpg



Screens:

NetHunter.jpg
NetHunter Terminal.jpg




Credits:
Samsung for Kernel Source
Nethunter creators for the best portable penetration testing tool.
afaneh92 for TWRP and multidisabler
jesec for unlock guide



XDA:DevDB Information
[KERNEL] Nethunter for Galaxy S20 FE 5G (Snapdragon)

Contributors

Svirusx
Source Code: https://github.com/Svirusx/Nethunter-Kernel-S20_FE_5G

Kernel Special Features:

Version Information
Status:
Beta

Created 2020-12-21
Last Updated 2022-04-20
 
Last edited:

Svirusx

Senior Member
Jun 6, 2015
300
234
2022.04.20 - v3.1
Added rtl88x2bu support


2022.01.18 - v3.0
Initial release for Android 12

2021.09.11 - v2.5
Added kernel module to support Docker

2021.07.14 - v2.4
Update Samsung kernel source to G781BXXU3CUE3

2021.05.24 - v2.3
Update Samsung kernel source to G781BXXU3CUD6

2021.05.13 - v2.2
Update Samsung kernel source to G781BXXU2CUD1

2021.01.27 - v2.1
Back to v2.1 Enabling Samsung MTP break some of usb attacks

Update used llvm toolchain ship to 10.0.

2021.01.20 - v2.1
Update used llvm toolchain ship to 10.0.

2021.01.14 - v2.0
Initial release for Android 11

2021.01.03 - v1.2
Enabled BT_RFCOMM and BT_RFCOMM_TTY

2020.12.23 - v1.1
rtl8188eus integrated in kernel
Disable loadable modules support.

2020.12.21 - v1.0
Initial release
 
Last edited:
  • Like
Reactions: EDllT and tombbb

TRKARTAL

Senior Member
Jun 21, 2017
167
28
İstanbul
Hello. Is Qualcomm wifi firmwares supports injections ? (deauth, attacks...) Needs patch for injections ?
I am using Sony Xperia Z5 Compact and it uses Broadcomm 43455 firmware. I patched via NexMon, and monitor mode injections works well.
 

Svirusx

Senior Member
Jun 6, 2015
300
234
Hello. Is Qualcomm wifi firmwares supports injections ? (deauth, attacks...) Needs patch for injections ?
I am using Sony Xperia Z5 Compact and it uses Broadcomm 43455 firmware. I patched via NexMon, and monitor mode injections works well.
This depends which version of driver "Qcacld" is installed in kernel. Qcacld-2.0 support injections, Qcacld-3.0 does not support. Qcacld driver is open source there is possible to get injection with Qcacld-3.0 when someone make patch for it or codeaurora release support for injection.
 
  • Like
Reactions: TRKARTAL

TRKARTAL

Senior Member
Jun 21, 2017
167
28
İstanbul
This depends which version of driver "Qcacld" is installed in kernel. Qcacld-2.0 support injections, Qcacld-3.0 does not support. Qcacld driver is open source there is possible to get injection with Qcacld-3.0 when someone make patch for it or codeaurora release support for injection.

Is your applied wlan0 (internal) injection patch this right:
 

oooobs007

Member
Sep 5, 2016
7
1
i have flashed R11 version and now i have a bootloop

Edit: My qualcomm secure boot is on, maybe it is my fault

Edit 2: Now its booting fine 👍
 
Last edited:

markmn123

Member
Jan 15, 2021
12
3
Will this only work on unlocked variants of the S20 FE or can this work with say...the AT&T version?
Also can this do HID attacks through Rucky or just the Nethunter app?
 

Svirusx

Senior Member
Jun 6, 2015
300
234
Will this only work on unlocked variants of the S20 FE or can this work with say...the AT&T version?
Also can this do HID attacks through Rucky or just the Nethunter app?

This kernel work only with S20 FE 5G, i haven't S20 FE which is Exynos based to create kernel. This kernel normally would work to every S20 FE 5G which are codenumber r8q. Of course before trying make backup. I have only EU version of this phone.

Rucky works fine but you need to enable HID what is integrated in Nethunter app. If you can search in code maybe it is possible to enable it without Nethunter but i use Nethunter thats why i didn't tried extract it.
 
Oct 16, 2020
14
3
This kernel work only with S20 FE 5G, i haven't S20 FE which is Exynos based to create kernel. This kernel normally would work to every S20 FE 5G which are codenumber r8q. Of course before trying make backup. I have only EU version of this phone.

Rucky works fine but you need to enable HID what is integrated in Nethunter app. If you can search in code maybe it is possible to enable it without Nethunter but i use Nethunter thats why i didn't tried extract it.
can you make nethunter kernel for Samsung a30s sm-a307fn
it's about hid function, that i face errors when enable it
and didn't face anything when left it

i can build the kernel and currently i have one of my own in my aforementioned device
but the problem that i don't have enough experience in C language to fix this annoying problem
so it would be great, if you fired an official nehtunter kernel for this device:)
 

Svirusx

Senior Member
Jun 6, 2015
300
234
can you make nethunter kernel for Samsung a30s sm-a307fn
it's about hid function, that i face errors when enable it
and didn't face anything when left it

i can build the kernel and currently i have one of my own in my aforementioned device
but the problem that i don't have enough experience in C language to fix this annoying problem
so it would be great, if you fired an official nehtunter kernel for this device:)

In kernel 4.x hid patch isn't needed see info here. You need only binaries like here but you can too use nethunter kernel builder.
 

Svirusx

Senior Member
Jun 6, 2015
300
234
i'm already have it in anykernel file
i was just mean, that i face problem when enable hid function option in kernel control
and was tried anything from patch to search about problem, so if u can build it and fired it to a30s device will be great.
Have you tried to enable HID function in Nethunter -> USB Arsenal but with ADB Disable?
When i try enable HID with ADB Enabled it won't work everytime sometime i must enable another modes before HID + ADB works.

Look too at my kernel source maybe you need something yet to enable ?
 
Oct 16, 2020
14
3
Have you tried to enable HID function in Nethunter -> USB Arsenal but with ADB Disable?
When i try enable HID with ADB Enabled it won't work everytime sometime i must enable another modes before HID + ADB works.

Look too at my kernel source maybe you need something yet to enable ?
Bro, i'm talking about hid functhion option, that i face problem when enable it
and can't fix the error, so how i can active it from nethunter app if it not enabled in kernel??
please if u can build it to me, i will be very thankful to you🙏

that's my kernel source: https://github.com/MrRob0-X/exynos7885-a30s.git

it'll be great too if you fired it on xda
so that everyone who has the same device can benefit.
 

Svirusx

Senior Member
Jun 6, 2015
300
234
Bro, i'm talking about hid functhion option, that i face problem when enable it
and can't fix the error, so how i can active it from nethunter app if it not enabled in kernel??
please if u can build it to me, i will be very thankful to you🙏

that's my kernel source: https://github.com/MrRob0-X/exynos7885-a30s.git

it'll be great too if you fired it on xda
so that everyone who has the same device can benefit.

I don't have time to support and further maintain Nethunter kernels for smartphones which i don't have. I can only try little help you but... This source code is without any commits for nethunter. It looks like raw copy of samsung source which directly isn't compilable without toolchains.
Look at another kernels for your smartphone maybe they have build scripts or maybe you can use they as base for nethunter kernel?

This thread is for Samsung Galaxy S20 FE 5G This is my last answer for a30s here. If you have any further questions i can answer only in priv.
 
Oct 16, 2020
14
3
I don't have time to support and further maintain Nethunter kernels for smartphones which i don't have. I can only try little help you but... This source code is without any commits for nethunter. It looks like raw copy of samsung source which directly isn't compilable without toolchains.
Look at another kernels for your smartphone maybe they have build scripts or maybe you can use they as base for nethunter kernel?

This thread is for Samsung Galaxy S20 FE 5G This is my last answer for a30s here. If you have any further questions i can answer only in priv.
ok.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 12


    WirusMOD Nethunter Kernel for Samsung Galaxy S20 FE 5G (Snapdragon) - Stock Android 10 & 11 & 12
    Code:
    I am not responsible for bricked devices.
    If you going to flash it, you accepted it.
    Of course your warranty is void.

    Nethunter Features:
    • BadUSB
    • HID gadget keyboard/mouse
    • DriveDroid
    • USB WiFi, mac80211 (Monitor mode, packet capture, packet injection) [Compatibility List]
    • support rtl88xxau USB WiFi
    • support rtl8188eus USB WiFi
    • support rtl88x2bu USB WiFi
    • Ethernet
    • Bluetooth HCI USB support
    • RTL-SDR DVB support
    • Monitor mode for buildin wifi card ( Qcacld-3.0 ) (No frame injection)
    • Enabled BT_RFCOMM
    • Support for extra file systems like CIFS, NFS, NTFS, F2FS
    Extra:
    • Boeffla wakelock blocker v1.10
    • Wireguard
    • Docker support

    Download: Android 12 releases start with v3.x
    Latest version SM-G781X here.

    Installation:
    1. TWRP Backup your ROM
    2. Flash Nethunter Kernel
    3. Flash latest Magisk
    4. Install busybox can be one from Magisk repository
    5. Install Nethunter Store
    6. Install NetHunter apk, NetHunter Terminal, NetHunter KeX from Nethunter Store
    7. In NetHunter apk go to Kali Chroot Manager and install chroot.
    7. Extract Nethunter_WirusMOD_r8q_vX.X_binaries.7z and binaries to folders:
    Android 11 = Firmwares: /vendor/firmware_mnt/image/
    Android 10 = Firmwares: /vendor/etc/firmware_mnt/image/
    Firmwares: Give permissions to every file rw-r--r-- (if they aren't set)
    hid-keyboard binary: system/xbin/ and give permissions to it rwxr-xr-x
    8. Reboot


    OLD: Loadable modules only for version 1.0:

    Most of modules are integrated in kernel. Here are only two modules to load. Use they only if you need they.
    Modules_Nethunter_WirusMOD_vX.X.7z

    insmod 8188eu.ko - load module
    rmmod 8188eu.ko - unload module
    lsmod - list loaded modules

    Another way to load modules is Module Loader
    Copy modules to storage and choose modules which you want to load.


    BUGs / Informations:
    -If Safetynet Fix is installed can cause freeze at samsung flashy logo.
    -If USB Arsenal setting HID function doesn't work try set it without ADB.
    -In kernel are added binaries from Nethunter_WirusMOD_r8q_vX.X_binaries.7z(without modules) but they aren't copied automatically.
    -airodump-ng can't self change channels for wlan0.
    -If monitor mode for wlan0 doesn't work. Enable wifi connection > disable it -> enable monitor mode with Nethunter apk and try airodump wlan0
    -Change channel in wlan0 monitor mode and frame capture:
    iwpriv wlan0 setMonChan 36 2 - Setting channel 36
    tcpdump -i wlan0 -w <tcpdump.pcap>

    Docker Installation:

    Every Commando execute in Termux app! More info here

    pkg install root-repo
    pkg install golang make cmake ndk-multilib tsu tmux docker

    mkdir $TMPDIR/docker-build
    cd $TMPDIR/docker-build
    wget https://github.com/krallin/tini/archive/v0.19.0.tar.gz
    tar xf v0.19.0.tar.gz
    cd tini-0.19.0
    mkdir build
    cd build
    cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX ..
    make -j8
    make install
    ln -s $PREFIX/bin/tini-static $PREFIX/bin/docker-init

    1. Run docker server
    sudo dockerd --iptables=false

    2. Test of those two containers work
    sudo docker run hello-world
    sudo docker run --network host --name nginx nginx:latest
    #Go with browser to IP address of your smartphone with port 80. If you get nginx default page it works!

    #Internet in docker containers
    sudo ip route add default via <Gateway> dev wlan0
    sudo ip rule add from all lookup main pref 30000


    BUGs / Informations:
    - option to forward ports from docker network to host does not work ( e.q. -p 0.0.0.0:80:3000) you need to use Host mode "--network host"
    - Not every container for arm64 works with android. e.q official gitea can not bind port 3000. (I made special version of gitea with fix more info here)

    Docker Screens:

    docker containers.jpg
    Gitea.jpg
    Nginx.jpg



    Screens:

    NetHunter.jpg
    NetHunter Terminal.jpg




    Credits:
    Samsung for Kernel Source
    Nethunter creators for the best portable penetration testing tool.
    afaneh92 for TWRP and multidisabler
    jesec for unlock guide



    XDA:DevDB Information
    [KERNEL] Nethunter for Galaxy S20 FE 5G (Snapdragon)

    Contributors

    Svirusx
    Source Code: https://github.com/Svirusx/Nethunter-Kernel-S20_FE_5G

    Kernel Special Features:

    Version Information
    Status:
    Beta

    Created 2020-12-21
    Last Updated 2022-04-20
    2
    2022.04.20 - v3.1
    Added rtl88x2bu support


    2022.01.18 - v3.0
    Initial release for Android 12

    2021.09.11 - v2.5
    Added kernel module to support Docker

    2021.07.14 - v2.4
    Update Samsung kernel source to G781BXXU3CUE3

    2021.05.24 - v2.3
    Update Samsung kernel source to G781BXXU3CUD6

    2021.05.13 - v2.2
    Update Samsung kernel source to G781BXXU2CUD1

    2021.01.27 - v2.1
    Back to v2.1 Enabling Samsung MTP break some of usb attacks

    Update used llvm toolchain ship to 10.0.

    2021.01.20 - v2.1
    Update used llvm toolchain ship to 10.0.

    2021.01.14 - v2.0
    Initial release for Android 11

    2021.01.03 - v1.2
    Enabled BT_RFCOMM and BT_RFCOMM_TTY

    2020.12.23 - v1.1
    rtl8188eus integrated in kernel
    Disable loadable modules support.

    2020.12.21 - v1.0
    Initial release
    2
    How I get official kalifs-arm64-full.tar.xz
    File after download file size take 2.99 gb file downloading time download percentage not showing

    Links to download kalifs are near normal downloading of kali linux isos (choose mobile scroll down to generic images)
    Direct link:
    1
    Hello. Is Qualcomm wifi firmwares supports injections ? (deauth, attacks...) Needs patch for injections ?
    I am using Sony Xperia Z5 Compact and it uses Broadcomm 43455 firmware. I patched via NexMon, and monitor mode injections works well.
    This depends which version of driver "Qcacld" is installed in kernel. Qcacld-2.0 support injections, Qcacld-3.0 does not support. Qcacld driver is open source there is possible to get injection with Qcacld-3.0 when someone make patch for it or codeaurora release support for injection.
    1
    Is your applied wlan0 (internal) injection patch this right:
    This injection patch is for USB wifi cards not for wlan0