[KERNEL] Nethunter for Galaxy S20 FE 5G r8q (Snapdragon)

Search This thread

safanda1

New member
Dec 26, 2014
2
0
Здравствуйте, можете сделать ядро для galaxy-s20-fe-4g? Установил с 5г, все работает кроме NFS. Ядро мне очень понравилось, но NFS не работает
 

safanda1

New member
Dec 26, 2014
2
0
Hello, can you make a kernel for galaxy-s20-fe-4g? I installed it from 5g, everything works except NFS. I really liked the kernel, but NFS does not work
 

EDllT

Member
Oct 2, 2020
30
11
Here's a tutorial on how to fix the host's Android /system/bin not executing when using the chrooted Nethunter environment. UPDATED THREAD: https://xdaforums.com/t/power-user-...-chrooted-environment-and-vice-versa.4649451/

The problem started with an itch, I wanted to be able to access android APIs through a shell/terminal which isn't possible afaik from a rooted shell. Then I learned about Automate(really powerful app similar to tasker but with a more beautiful UI) which allows you to send broadcasts over to it basically acting as an API to do things which you'd never be able to do through a barebones shell otherwise.

Only problem is, to send broadcasts to that app I need to use the am(Activity Manager) command and the am command is only available in the host environment and can't be accessed in the nethunter chroot. So then began my investigation into this

This was kind of a steep learning curve ngl. This will also serve as a guide for my future self in case I ever face a similar issue again.

I will also provide links to resources for a deeper understanding, you don't need to look at the resources, however.

At the end of this, I will post a simple sh script which you could execute that should fix this issue in an instant.


Problem
When we are in a chrooted environment attempting to execute binaries that are present in /system/bin cause errors no matter what you try. Tried various things from setting LD_PRELOAD_PATH to modifying the elf but to no avail.

What is chroot

Attempting to execute them presents the following error
/system/bin/echo hello
zsh: no such file or directory: /system/bin/echo


Of course, if we use the one defined in our chroot path then it'd work normally
echo hi
hi
Which in reality just executes this
/usr/bin/echo hi

Now, why is the previous one erroring when this one's working fine? My first reaction was what in the hell does it mean no such file or directory. bruh it's right there, execute the damn thing. I could see 101% that it exists there and I could even use cat to read out its contents, check all the file permissions are correct, and the architecture is correct

How linux file permissions work

How to know your device architecture(it's aarch64 which is basically arm64 btw)

How to figure out a binary's architecture


Then from some previous project I can't recall, I learned about static and dynamically compiled binaries
Remembering this, the first thing I checked was ldd but nope that didn't work either
ldd /system/bin/echo
/system/bin/sh: error while loading shared libraries: /lib/aarch64-linux-gnu/libc.so: invalid ELF header

/system/bin/ldd /system/bin/echo
zsh: /system/bin/ldd: bad interpreter: /system/bin/sh: no such file or directory

What static and dynamic libraries are

Looking further, you will find out that /system/bin/ldd is nothing but a symlink to a static binary that exists in the host's /apex/com.runtime.android/bin/linker64

after various attempting for a period of time to mount bind and mount rbind the apex directory to the chroot, I just gave up on it because the com.runtime.android kept on showing up empty. Till I realized that linker64 was static. So I copied it over to another folder inside the chroot and voila, I was able to execute it simply by running ./linker64

Through this, I now understood that the problem is not something I don't understand. The problem lies purely with the dynamic libraries being missing which I am certain of now. tried rebinding a couple of times but nope that failed so I just copied the whole /apex/com.android.runtime/*(which is just 8.3 megabytes in size) to the chroot's /apex/com.android.runtime and copy /linkerconfig to the chroot's root as well

Notice how I used an asterisk instead of attempting to copy the directory directly,this is because it won't allow you to copy the directory which was another source of headache for me
Make sure to create empty directories for apex and com.android.runtime in your chroot before copying things over

mkdir /apex /apex/com.android.runtime

then copy over(btw, you could also just bind each file/directory inside runtime to the chroot's runtime but copying is just easier and persistent without having to modify the chroot initialization process)

cp -r /apex/com.android.runtime/* /data/local/nhsystem/kalifs/apex/com.android.runtime

Things started working a bit then

Then at last to fix some library dependencies, you need to create symlinks to some commands like linker64 and cmd through the chroot

ln -s /apex/com.android.runtime/bin/linker64 /usr/bin/linker64
ln -s /usr/bin/cmd /system/bin/cmd

Then, you should be able to successfully run any binary inside /system/bin from within the Nethunter chroot

Eg:
/system/bin/echo Hello
Hello

/system/bin/am start -a android.intent.action.VIEW -d xdaforums.com -n com.android.chrome/com.google.android.apps.chrome.Main

etc

Tips and tricks
Some chroot commands like ping inside the chroot environment don't work(didn't really look into it tbh)
You could either use the system's ping or use busybox's instead from within the chroot

/system/bin/ping google.com
busybox ping google.com

To fix the apt update problem ( Temporary error resolving http.kali.org )
Solution is in the 5th post by jafoca

To execute nethunter chroot binaries while being in a normal android shell
Btw, the thing you gotta modify is just the last bit which specifies /usr/bin/WHATEVER then the arguments/flags passed over. Note: Make sure that LD_PRELOAD doesn't contain anything by executing(by default it doesn't contain anything so most of the time you won't need to execute this) unset LD_PRELOAD

Eg #1
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin /system/xbin/chroot /data/local/nhsystem/kalifs /usr/bin/echo Hello world!

Eg #2
This will give you an sh shell, which looks weird(sometimes you will have some things running through this if for example you setup vs coder on your system
( To make it look like a normal chroot zsh shell, execute the following after the chroot shell has started /usr/bin/zsh followed by source /root/zshrc)

PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin /system/xbin/chroot /data/local/nhsystem/kalifs /usr/bin/sh


To access Android APIs that you wouldn't normally otherwise be able to normally access (I think tasker it's possible to do this with tasker too but I never bothered checking out tasker cuz it ain't free)
Automate has one limitation for free users, 30 blocks per flow. No ads no bs
Watch video for quick demo

Read documentation to become powerful

Start a flow
am broadcast -a com.llamalab.automate.intent.action.START_FLOW -d <Flow URI from Flow beginning block> -n com.llamalab.automate/.StartServiceReceiver

Stop a flow
am broadcast -a com.llamalab.automate.intent.action.STOP_FLOW -d <Flow URI from Flow beginning block> -n com.llamalab.automate/.StartServiceReceiver

KWGT to create advanced custom widgets capable of communicating with Automate, adb, shell scripts
(Saved me from having to create an app for some project of mine)


To mount the Nethunter chroot or any directory within the chroot so that you could access it through the phone's storage itself(in case you are dealing with some application)

mkdir /sdcard/nethunter_chroot
mount -o bind /data/local/nhsystem/kalifs /sdcard/nethunter_chroot

To unmount it( You don't have to do this manually, it will automatically unmount once the device resets)
umount /sdcard/nethunter_chroot


Some things that I have been interested in as well is to somehow ditch the VNC and directly output the desktop(forgot whether if it was xfce or plasma that comes with nethunter)
Still something that I have no idea also I like dex so I dunno whether if it'd interfere with Dex
If anyone has a clue about how to do this please let me know cuz I gotta know!!!


FINAL NOTE: WHEN RUNNING THE SCRIPT ATTACHED WITH THE MESSAGE, MAKE SURE TO RUN IT IN AN ANDROID SHELL ENVIRONMENT AS SU NOT IN THE CHROOT ENVIRONMENT!

Also make sure to check and understand what the script is doing before executing it(it's just 4~5 lines)
 

Attachments

  • fix_system_commands.sh
    906 bytes · Views: 12
Last edited:

EDllT

Member
Oct 2, 2020
30
11
Update: the reason why apex's android runtime kept showing up empty is probably because I wasn't mounting it from a global namespace which is a whole rabbit hole of its own

Executing the following before mounting ANYTHING should fix this issue
Bash:
su -mm
Or you could just goto magisk and in settings make the namespace global
 


WirusMOD Nethunter Kernel for Samsung Galaxy S20 FE 5G (Snapdragon) - Stock Android 10 & 11 & 12 & 13
Code:
I am not responsible for bricked devices.
If you going to flash it, you accepted it.
Of course your warranty is void.

Nethunter Features:
  • BadUSB
  • HID gadget keyboard/mouse
  • DriveDroid
  • USB WiFi, mac80211 (Monitor mode, packet capture, packet injection) [Compatibility List]
  • support rtl88xxau USB WiFi
  • support rtl8188eus USB WiFi
  • support rtl88x2bu USB WiFi
  • Ethernet
  • Bluetooth HCI USB support + Internal bluetooth support(carwhisperer does not work yet)
  • RTL-SDR DVB support
  • Monitor mode for buildin wifi card ( Qcacld-3.0 ) (No frame injection)
  • Enabled BT_RFCOMM
  • Support for extra file systems like CIFS, NFS, NTFS, F2FS
Extra:
  • Boeffla wakelock blocker v1.10
  • Wireguard
  • Docker support

Download: Android 13 releases start with v4.x
Latest version SM-G781X here.

Installation:
1. TWRP Backup your ROM
2. Flash Nethunter Kernel
3. Flash latest Magisk
4. Install busybox can be one from Magisk repository
5. Install Nethunter Store
6. Install NetHunter apk, NetHunter Terminal, NetHunter KeX from Nethunter Store
7. In NetHunter apk go to Kali Chroot Manager and install chroot.
7. Extract Nethunter_WirusMOD_r8q_vX.X_binaries.7z and binaries to folders:
Android 11 & 12 & 13 = Firmwares: /vendor/firmware_mnt/image/
Android 10 = Firmwares: /vendor/etc/firmware_mnt/image/
Firmwares: Give permissions to every file rw-r--r-- (if they aren't set)
hid-keyboard binary: system/xbin/ and give permissions to it rwxr-xr-x
8. Reboot


OLD: Loadable modules only for version 1.0:

Most of modules are integrated in kernel. Here are only two modules to load. Use they only if you need they.
Modules_Nethunter_WirusMOD_vX.X.7z

insmod 8188eu.ko - load module
rmmod 8188eu.ko - unload module
lsmod - list loaded modules

Another way to load modules is Module Loader
Copy modules to storage and choose modules which you want to load.


BUGs / Informations:
-If Safetynet Fix is installed can cause freeze at samsung flashy logo.
-If USB Arsenal setting HID function doesn't work try set it without ADB.
-In kernel are added binaries from Nethunter_WirusMOD_r8q_vX.X_binaries.7z(without modules) but they aren't copied automatically.
-airodump-ng can't self change channels for wlan0.
-If monitor mode for wlan0 doesn't work. Enable wifi connection > disable it -> enable monitor mode with Nethunter apk and try airodump wlan0
-Change channel in wlan0 monitor mode and frame capture:
iwpriv wlan0 setMonChan 36 2 - Setting channel 36
tcpdump -i wlan0 -w <tcpdump.pcap>

Docker Installation:

Every Commando execute in Termux app! More info here

pkg install root-repo
pkg install golang make cmake ndk-multilib tsu tmux docker

mkdir $TMPDIR/docker-build
cd $TMPDIR/docker-build
wget https://github.com/krallin/tini/archive/v0.19.0.tar.gz
tar xf v0.19.0.tar.gz
cd tini-0.19.0
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX ..
make -j8
make install
ln -s $PREFIX/bin/tini-static $PREFIX/bin/docker-init

1. Run docker server
sudo dockerd --iptables=false

2. Test of those two containers work
sudo docker run hello-world
sudo docker run --network host --name nginx nginx:latest
#Go with browser to IP address of your smartphone with port 80. If you get nginx default page it works!

#Internet in docker containers
sudo ip route add default via <Gateway> dev wlan0
sudo ip rule add from all lookup main pref 30000


BUGs / Informations:
- option to forward ports from docker network to host does not work ( e.q. -p 0.0.0.0:80:3000) you need to use Host mode "--network host"
- Not every container for arm64 works with android. e.q official gitea can not bind port 3000. (I made special version of gitea with fix more info here)

Docker Screens:


Screens:


Credits:
Samsung for Kernel Source
Nethunter creators for the best portable penetration testing tool.
afaneh92 for TWRP and multidisabler
jesec for unlock guide



XDA:DevDB Information
[KERNEL] Nethunter for Galaxy S20 FE 5G (Snapdragon)

Contributors

Svirusx
Source Code: https://github.com/Svirusx/Nethunter-Kernel-S20_FE_5G

Kernel Special Features:

Version Information
Status:
Beta

Created 2020-12-21
Last Updated 2022-12-10


WirusMOD Nethunter Kernel for Samsung Galaxy S20 FE 5G (Snapdragon) - Stock Android 10 & 11 & 12 & 13
Code:
I am not responsible for bricked devices.
If you going to flash it, you accepted it.
Of course your warranty is void.

Nethunter Features:
  • BadUSB
  • HID gadget keyboard/mouse
  • DriveDroid
  • USB WiFi, mac80211 (Monitor mode, packet capture, packet injection) [Compatibility List]
  • support rtl88xxau USB WiFi
  • support rtl8188eus USB WiFi
  • support rtl88x2bu USB WiFi
  • Ethernet
  • Bluetooth HCI USB support + Internal bluetooth support(carwhisperer does not work yet)
  • RTL-SDR DVB support
  • Monitor mode for buildin wifi card ( Qcacld-3.0 ) (No frame injection)
  • Enabled BT_RFCOMM
  • Support for extra file systems like CIFS, NFS, NTFS, F2FS
Extra:
  • Boeffla wakelock blocker v1.10
  • Wireguard
  • Docker support

Download: Android 13 releases start with v4.x
Latest version SM-G781X here.

Installation:
1. TWRP Backup your ROM
2. Flash Nethunter Kernel
3. Flash latest Magisk
4. Install busybox can be one from Magisk repository
5. Install Nethunter Store
6. Install NetHunter apk, NetHunter Terminal, NetHunter KeX from Nethunter Store
7. In NetHunter apk go to Kali Chroot Manager and install chroot.
7. Extract Nethunter_WirusMOD_r8q_vX.X_binaries.7z and binaries to folders:
Android 11 & 12 & 13 = Firmwares: /vendor/firmware_mnt/image/
Android 10 = Firmwares: /vendor/etc/firmware_mnt/image/
Firmwares: Give permissions to every file rw-r--r-- (if they aren't set)
hid-keyboard binary: system/xbin/ and give permissions to it rwxr-xr-x
8. Reboot


OLD: Loadable modules only for version 1.0:

Most of modules are integrated in kernel. Here are only two modules to load. Use they only if you need they.
Modules_Nethunter_WirusMOD_vX.X.7z

insmod 8188eu.ko - load module
rmmod 8188eu.ko - unload module
lsmod - list loaded modules

Another way to load modules is Module Loader
Copy modules to storage and choose modules which you want to load.


BUGs / Informations:
-If Safetynet Fix is installed can cause freeze at samsung flashy logo.
-If USB Arsenal setting HID function doesn't work try set it without ADB.
-In kernel are added binaries from Nethunter_WirusMOD_r8q_vX.X_binaries.7z(without modules) but they aren't copied automatically.
-airodump-ng can't self change channels for wlan0.
-If monitor mode for wlan0 doesn't work. Enable wifi connection > disable it -> enable monitor mode with Nethunter apk and try airodump wlan0
-Change channel in wlan0 monitor mode and frame capture:
iwpriv wlan0 setMonChan 36 2 - Setting channel 36
tcpdump -i wlan0 -w <tcpdump.pcap>

Docker Installation:

Every Commando execute in Termux app! More info here

pkg install root-repo
pkg install golang make cmake ndk-multilib tsu tmux docker

mkdir $TMPDIR/docker-build
cd $TMPDIR/docker-build
wget https://github.com/krallin/tini/archive/v0.19.0.tar.gz
tar xf v0.19.0.tar.gz
cd tini-0.19.0
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX ..
make -j8
make install
ln -s $PREFIX/bin/tini-static $PREFIX/bin/docker-init

1. Run docker server
sudo dockerd --iptables=false

2. Test of those two containers work
sudo docker run hello-world
sudo docker run --network host --name nginx nginx:latest
#Go with browser to IP address of your smartphone with port 80. If you get nginx default page it works!

#Internet in docker containers
sudo ip route add default via <Gateway> dev wlan0
sudo ip rule add from all lookup main pref 30000


BUGs / Informations:
- option to forward ports from docker network to host does not work ( e.q. -p 0.0.0.0:80:3000) you need to use Host mode "--network host"
- Not every container for arm64 works with android. e.q official gitea can not bind port 3000. (I made special version of gitea with fix more info here)

Docker Screens:


Screens:


Credits:
Samsung for Kernel Source
Nethunter creators for the best portable penetration testing tool.
afaneh92 for TWRP and multidisabler
jesec for unlock guide



XDA:DevDB Information
[KERNEL] Nethunter for Galaxy S20 FE 5G (Snapdragon)

Contributors

Svirusx
Source Code: https://github.com/Svirusx/Nethunter-Kernel-S20_FE_5G

Kernel Special Features:

Version Information
Status:
Beta

Created 2020-12-21
Last Updated 2022-12-10
I can't give these permissions Firmwares: Give permissions to every file rw-r--r-- (if they aren't set)
 
Feb 9, 2021
24
5
Posts on this thread make it pretty clear that frame injection doesn't work on the phone's internal WiFi adapter, however, on the nexmon github page the galaxy s20 is listed as supporting frame injection.

Has anyone tried to patch with nexmon and gotten frame injection working for the phone's internal WiFi adapter?

Thanks.

 

mylesgoose

Member
Jan 6, 2024
22
1
Samsung Galaxy S9+
The nethunter zip files supplied cause android 14 oneui 6 to freeze at boot once installed. So i installed the nethunter kernel pre made in this thread directly into the oneui 6 android 14 boot.img and it is booting okay and shows that hid function is available, it does not display the kernel name weirdly in the system settings.. the nethutner app is not loading and nethunter terminal is also not loading, maybe needs busy box or something setup. is the app compatible with android 14, i don't know. another days problem. perhaps someone else figure out that also. take a backup of your device first if you try it. some further info here. https://telegra.ph/UN1CA-Install-Guide-for-S20FE-4G5G-Snapdragon-r8q-02-23 instructions for rom install if you have twrp isntalled isntall this rom like this
PS D:\platform-tools_r35.0.0-windows\platform-tools> ./adb sideload "D:\Downloads\UN1CA_1.1.6-5b6b1e2_20240223_r8q2-sign.zip"
* daemon not running; starting now at tcp:5037
* daemon started successfully
Total xfer: 1.00x
PS D:\platform-tools_r35.0.0-windows\platform-tools> ./adb sideload "D:\Downloads\Magisk-v27.0.zip"
Total xfer: 2.57x or from the decrypted data partition by downlaodeing to your device. you can then in twrp type multidisabler in the terminal and it will stop the device being encrytped. make sure you format your data partition and then type that commands it already has magisk installed so just install the app once booted. original rom location
 

Attachments

  • r8q-nethunterkernel-android14oneui6[1].zip
    4.1 GB · Views: 25
  • Magisk-v27.0[1].apk
    11.9 MB · Views: 6
  • twrp-3.7.0-r8q_ata-kaner_V2[1].tar
    42 MB · Views: 11

Behemuth

New member
Mar 8, 2024
1
1
The nethunter zip files supplied cause android 14 oneui 6 to freeze at boot once installed. So i installed the nethunter kernel pre made in this thread directly into the oneui 6 android 14 boot.img and it is booting okay and shows that hid function is available, it does not display the kernel name weirdly in the system settings.. the nethutner app is not loading and nethunter terminal is also not loading, maybe needs busy box or something setup. is the app compatible with android 14, i don't know. another days problem. perhaps someone else figure out that also. take a backup of your device first if you try it. some further info here. https://telegra.ph/UN1CA-Install-Guide-for-S20FE-4G5G-Snapdragon-r8q-02-23 instructions for rom install if you have twrp isntalled isntall this rom like this
PS D:\platform-tools_r35.0.0-windows\platform-tools> ./adb sideload "D:\Downloads\UN1CA_1.1.6-5b6b1e2_20240223_r8q2-sign.zip"
* daemon not running; starting now at tcp:5037
* daemon started successfully
Total xfer: 1.00x
PS D:\platform-tools_r35.0.0-windows\platform-tools> ./adb sideload "D:\Downloads\Magisk-v27.0.zip"
Total xfer: 2.57x or from the decrypted data partition by downlaodeing to your device. you can then in twrp type multidisabler in the terminal and it will stop the device being encrytped. make sure you format your data partition and then type that commands it already has magisk installed so just install the app once booted. original rom location
Bro, You have no idea how much I was looking for something like this. Thank you from the bottom of my heart...
 
  • Like
Reactions: mylesgoose

mylesgoose

Member
Jan 6, 2024
22
1
Samsung Galaxy S9+
The kernel string on wirusmod kernel replacement is flagged by Google play services. And so devices don't meet play integrity check. Can you recompile your kernel without the username string. As google updated their checking mechanism to search for random modded kernel strings. I have tested rooted device with and without kernel string and it passed and failed depending on the name change. kernel needs to be recompiled to match the string of a stock kernel. Here is a stock string img
@Svirusx
 

Attachments

  • Screenshot_20240309_231110_Settings.jpg
    Screenshot_20240309_231110_Settings.jpg
    248.6 KB · Views: 11

Svirusx

Senior Member
Jun 6, 2015
307
244
The kernel string on wirusmod kernel replacement is flagged by Google play services. And so devices don't meet play integrity check. Can you recompile your kernel without the username string. As google updated their checking mechanism to search for random modded kernel strings. I have tested rooted device with and without kernel string and it passed and failed depending on the name change. kernel needs to be recompiled to match the string of a stock kernel. Here is a stock string img
@Svirusx
This kernel wasn't made to pass Safetynet. Anyway i pass it further without any problem.
 

mylesgoose

Member
Jan 6, 2024
22
1
Samsung Galaxy S9+
This kernel wasn't made to pass Safetynet. Anyway i pass it further without any problem.
Perhaps it will pass on older update? Are you on older update from android? I am on lattest. I even went to android 14 and is good with safety net fixes. As soon as change kernel string I test safety net and is flagging. Changing kernel string removes the flag. In the newer updates they started checking kernel string. You can read about here https://xdaforums.com/t/module-play-integrity-fix-safetynet-fix.4607985/ I can test this by replace kernel only using the zip updater. today so stock kernel rooted andTest integrity prior and after. Replaced boot image again with stock kernel and root and no other changes and not flagged Both with root. The safety net fixes can’t work if the kernel string is modified from stock. There are no plans to fix either we are just instructed to compile from source without modifying the kernel string. Should we compile this again with the stock string so that it continues to work with future updates? Also proc config spoofing is good to hide the modified kernel I did it on Samsung s9+ and it worked. Should I update your kernel source code on GitHub? Also be good if that loadable modules was enabled so anyone can make updates or install drivers for new devices without having to recompile the kernel. I tested new update yet with old boot image and with modded kernel and is not flagging anything. So appears we can still use the old boot image with new updates.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    The nethunter zip files supplied cause android 14 oneui 6 to freeze at boot once installed. So i installed the nethunter kernel pre made in this thread directly into the oneui 6 android 14 boot.img and it is booting okay and shows that hid function is available, it does not display the kernel name weirdly in the system settings.. the nethutner app is not loading and nethunter terminal is also not loading, maybe needs busy box or something setup. is the app compatible with android 14, i don't know. another days problem. perhaps someone else figure out that also. take a backup of your device first if you try it. some further info here. https://telegra.ph/UN1CA-Install-Guide-for-S20FE-4G5G-Snapdragon-r8q-02-23 instructions for rom install if you have twrp isntalled isntall this rom like this
    PS D:\platform-tools_r35.0.0-windows\platform-tools> ./adb sideload "D:\Downloads\UN1CA_1.1.6-5b6b1e2_20240223_r8q2-sign.zip"
    * daemon not running; starting now at tcp:5037
    * daemon started successfully
    Total xfer: 1.00x
    PS D:\platform-tools_r35.0.0-windows\platform-tools> ./adb sideload "D:\Downloads\Magisk-v27.0.zip"
    Total xfer: 2.57x or from the decrypted data partition by downlaodeing to your device. you can then in twrp type multidisabler in the terminal and it will stop the device being encrytped. make sure you format your data partition and then type that commands it already has magisk installed so just install the app once booted. original rom location
    Bro, You have no idea how much I was looking for something like this. Thank you from the bottom of my heart...
  • 18


    WirusMOD Nethunter Kernel for Samsung Galaxy S20 FE 5G (Snapdragon) - Stock Android 10 & 11 & 12 & 13
    Code:
    I am not responsible for bricked devices.
    If you going to flash it, you accepted it.
    Of course your warranty is void.

    Nethunter Features:
    • BadUSB
    • HID gadget keyboard/mouse
    • DriveDroid
    • USB WiFi, mac80211 (Monitor mode, packet capture, packet injection) [Compatibility List]
    • support rtl88xxau USB WiFi
    • support rtl8188eus USB WiFi
    • support rtl88x2bu USB WiFi
    • Ethernet
    • Bluetooth HCI USB support + Internal bluetooth support(carwhisperer does not work yet)
    • RTL-SDR DVB support
    • Monitor mode for buildin wifi card ( Qcacld-3.0 ) (No frame injection)
    • Enabled BT_RFCOMM
    • Support for extra file systems like CIFS, NFS, NTFS, F2FS
    Extra:
    • Boeffla wakelock blocker v1.10
    • Wireguard
    • Docker support

    Download: Android 13 releases start with v4.x
    Latest version SM-G781X here.

    Installation:
    1. TWRP Backup your ROM
    2. Flash Nethunter Kernel
    3. Flash latest Magisk
    4. Install busybox can be one from Magisk repository
    5. Install Nethunter Store
    6. Install NetHunter apk, NetHunter Terminal, NetHunter KeX from Nethunter Store
    7. In NetHunter apk go to Kali Chroot Manager and install chroot.
    7. Extract Nethunter_WirusMOD_r8q_vX.X_binaries.7z and binaries to folders:
    Android 11 & 12 & 13 = Firmwares: /vendor/firmware_mnt/image/
    Android 10 = Firmwares: /vendor/etc/firmware_mnt/image/
    Firmwares: Give permissions to every file rw-r--r-- (if they aren't set)
    hid-keyboard binary: system/xbin/ and give permissions to it rwxr-xr-x
    8. Reboot


    OLD: Loadable modules only for version 1.0:

    Most of modules are integrated in kernel. Here are only two modules to load. Use they only if you need they.
    Modules_Nethunter_WirusMOD_vX.X.7z

    insmod 8188eu.ko - load module
    rmmod 8188eu.ko - unload module
    lsmod - list loaded modules

    Another way to load modules is Module Loader
    Copy modules to storage and choose modules which you want to load.


    BUGs / Informations:
    -If Safetynet Fix is installed can cause freeze at samsung flashy logo.
    -If USB Arsenal setting HID function doesn't work try set it without ADB.
    -In kernel are added binaries from Nethunter_WirusMOD_r8q_vX.X_binaries.7z(without modules) but they aren't copied automatically.
    -airodump-ng can't self change channels for wlan0.
    -If monitor mode for wlan0 doesn't work. Enable wifi connection > disable it -> enable monitor mode with Nethunter apk and try airodump wlan0
    -Change channel in wlan0 monitor mode and frame capture:
    iwpriv wlan0 setMonChan 36 2 - Setting channel 36
    tcpdump -i wlan0 -w <tcpdump.pcap>

    Docker Installation:

    Every Commando execute in Termux app! More info here

    pkg install root-repo
    pkg install golang make cmake ndk-multilib tsu tmux docker

    mkdir $TMPDIR/docker-build
    cd $TMPDIR/docker-build
    wget https://github.com/krallin/tini/archive/v0.19.0.tar.gz
    tar xf v0.19.0.tar.gz
    cd tini-0.19.0
    mkdir build
    cd build
    cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX ..
    make -j8
    make install
    ln -s $PREFIX/bin/tini-static $PREFIX/bin/docker-init

    1. Run docker server
    sudo dockerd --iptables=false

    2. Test of those two containers work
    sudo docker run hello-world
    sudo docker run --network host --name nginx nginx:latest
    #Go with browser to IP address of your smartphone with port 80. If you get nginx default page it works!

    #Internet in docker containers
    sudo ip route add default via <Gateway> dev wlan0
    sudo ip rule add from all lookup main pref 30000


    BUGs / Informations:
    - option to forward ports from docker network to host does not work ( e.q. -p 0.0.0.0:80:3000) you need to use Host mode "--network host"
    - Not every container for arm64 works with android. e.q official gitea can not bind port 3000. (I made special version of gitea with fix more info here)

    Docker Screens:

    docker containers.jpg
    Gitea.jpg
    Nginx.jpg



    Screens:

    NetHunter Terminal.jpg
    InternBluetooth.png




    Credits:
    Samsung for Kernel Source
    Nethunter creators for the best portable penetration testing tool.
    afaneh92 for TWRP and multidisabler
    jesec for unlock guide



    XDA:DevDB Information
    [KERNEL] Nethunter for Galaxy S20 FE 5G (Snapdragon)

    Contributors

    Svirusx
    Source Code: https://github.com/Svirusx/Nethunter-Kernel-S20_FE_5G

    Kernel Special Features:

    Version Information
    Status:
    Beta

    Created 2020-12-21
    Last Updated 2022-12-10
    3
    2022.12.10 - v4.0
    Initial release for Android 13 (G781BXXU4GVK6)
    Added Internal bluetooth support(carwhisperer does not work yet)


    2023.09.01 - v4.0.1 (Removed due not possible to change selinux mode when booted system)
    Safetynet switch in kernel changed, functional is same as v4.0


    2022.04.20 - v3.1
    Added rtl88x2bu support

    2022.01.18 - v3.0
    Initial release for Android 12

    2021.09.11 - v2.5
    Added kernel module to support Docker

    2021.07.14 - v2.4
    Update Samsung kernel source to G781BXXU3CUE3

    2021.05.24 - v2.3
    Update Samsung kernel source to G781BXXU3CUD6

    2021.05.13 - v2.2
    Update Samsung kernel source to G781BXXU2CUD1

    2021.01.27 - v2.1
    Back to v2.1 Enabling Samsung MTP break some of usb attacks

    Update used llvm toolchain ship to 10.0.

    2021.01.20 - v2.1
    Update used llvm toolchain ship to 10.0.

    2021.01.14 - v2.0
    Initial release for Android 11

    2021.01.03 - v1.2
    Enabled BT_RFCOMM and BT_RFCOMM_TTY

    2020.12.23 - v1.1
    rtl8188eus integrated in kernel
    Disable loadable modules support.

    2020.12.21 - v1.0
    Initial release
    2
    Hi @Svirusx. Thank you for your service.

    I've been trying to install the Nethunter kernel on my Galaxy S20 FE(SM-G781N) for the last few days. I tried to follow your instructions in the original article, but there was a problem in the second step (Flash Nethunter Kernel).

    After flashing the Nethunter kernel v4.0 and Magisk v25.2 to my S20 FE using TWRP(v3.7.0) from this link, my device's boot process broke for some reason.

    I was wondering why my device broke, so I tried to find out by flashing the Nethunter kernel and Magisk separately. As a result, I realized that both images were fine, but my device's Android version was the problem. My device was on Android 13, but TWRP v3.7.0 only supports Android versions up to 12.

    So, I downgraded my device to Android 12 using firmware that I downloaded using Samfw and restarted from the beginning. But I still couldn't flash Nethunter kernel(v3.1 for Android 12), and it was driving me crazy.

    Anyway, I successfully flashed the Nethunter kernel and Magisk, and here are the instructions that I followed:

    1. OEM unlock the device.
    2. Download the original S20FE's Android firmware using Samfw.
    3. Move firmware [AP] image to the device.
    4. Install Magisk(v25.2) apk to the device.
    5. Patch the firmware image using Magisk (Open the app->install->open the firmware image) that you moved in step 3.
    6. Move patched firmware image to your PC and flash your device with that patched [AP] image and anything else using Odin (After flash your device will be rooted).
    7. Install TWRP to your device(Go to download mode and flash TWRP image to AP using Odin).
    8. Boot into TWRP and install Nethunter kernel image using ADB sideload (provided by TWRP).
    I hope my efforts can help somebody. Cheers.

    Update:
    After installing Nethunter on my S20 FE (SM-G781N), I encountered several problems that I had to fix in order to use Nethunter.

    Firstly, when I tried to ping somewhere, it failed with the message 'socket: Permission denied.' I resolved this issue by adding the sockets group to the root account using the command 'usermod -aG sockets root.'

    Secondly, I couldn't install any package, including Kali metapackages, with the message 'Temporary failure resolving 'http.kali.org.' I fixed this problem by changing the uid of the _apt user to 0 in /etc/passwd.
    2
    How I get official kalifs-arm64-full.tar.xz
    File after download file size take 2.99 gb file downloading time download percentage not showing

    Links to download kalifs are near normal downloading of kali linux isos (choose mobile scroll down to generic images)
    Direct link:
    1
    The nethunter zip files supplied cause android 14 oneui 6 to freeze at boot once installed. So i installed the nethunter kernel pre made in this thread directly into the oneui 6 android 14 boot.img and it is booting okay and shows that hid function is available, it does not display the kernel name weirdly in the system settings.. the nethutner app is not loading and nethunter terminal is also not loading, maybe needs busy box or something setup. is the app compatible with android 14, i don't know. another days problem. perhaps someone else figure out that also. take a backup of your device first if you try it. some further info here. https://telegra.ph/UN1CA-Install-Guide-for-S20FE-4G5G-Snapdragon-r8q-02-23 instructions for rom install if you have twrp isntalled isntall this rom like this
    PS D:\platform-tools_r35.0.0-windows\platform-tools> ./adb sideload "D:\Downloads\UN1CA_1.1.6-5b6b1e2_20240223_r8q2-sign.zip"
    * daemon not running; starting now at tcp:5037
    * daemon started successfully
    Total xfer: 1.00x
    PS D:\platform-tools_r35.0.0-windows\platform-tools> ./adb sideload "D:\Downloads\Magisk-v27.0.zip"
    Total xfer: 2.57x or from the decrypted data partition by downlaodeing to your device. you can then in twrp type multidisabler in the terminal and it will stop the device being encrytped. make sure you format your data partition and then type that commands it already has magisk installed so just install the app once booted. original rom location
    Bro, You have no idea how much I was looking for something like this. Thank you from the bottom of my heart...