[ROM][Official] Kali NetHunter for the Huawei Nexus 6P LOS17.1

[yesimxev]

I present to you: Kali NetHunter for the Huawei Nexus 6P LOS17.1

Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform.
The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks, as well as a client to the Kali NetHunter App Store.
Beyond the penetration testing tools arsenal within Kali Linux and the Kali NetHunter App Store, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, Evil AP MANA attacks, and much more. For more information about the moving parts that make up NetHunter, check out our NetHunter Components page.
NetHunter is an open-source project developed by Offensive Security and the community.

~ Prerequisites ~
- TWRP - https://drive.google.com/open?id=1axm3GVbTKypUdQAuYubNknJX4wKRFIec
- Stock components - vendor, radio, & bootloader img's from the stock oreo 8.1 OPM7.181205.001 Dec 2018 factory image - https://androidfilehost.com/?w=files&flid=286833
- Magisk – https://forum.xda-developers.com/apps/magisk

~~ Downloads ~~
- NetHunter installer: https://www.androidfilehost.com/?fid=8889791610682950294
- fstab with disabled forceencrpyt - https://www.androidfilehost.com/?fid=4349826312261764572
- vendor image with patched fw for nexmon - https://www.androidfilehost.com/?fid=8889791610682949885
- nexmon zip with nexutil and libs - https://www.androidfilehost.com/?fid=8889791610682951480
- Bootanimation TWRP flasher - https://www.androidfilehost.com/?fid=10763459528675571003

~~ How to Install ~~
- Assuming you have flashed stock radio, vendor, bootloader, TWRP, and Lineage 17.1 (using the steps from https://forum.xda-developers.com/ne...t/rom-lineageos-17-0-nexus-6p-angler-t4012099)
- Copy Magisk, NetHunter image, bootanimation zip, and fstab to USB-C drive
- Plug in to PC if you haven't done that yet
- Reboot into bootloader and flash vendor which was unzipped from zip

fastboot flash vendor vendor.squashfs

- Reboot into TWRP, insert USB drive.
- Copy fstab to /system_root/, and format data

adb push fstab.angler /sdcard/
adb shell "twrp mount /system_root && twrp remountrw /system_root && cp /sdcard/fstab.angler /system_root/"

- Reboot into recovery & flash Magisk
- Reboot to system & do Android setup
- Reboot into TWRP
- Flash NetHunter image
- Flash bootanimation zip
- Reboot

#apps could not be flashed through TWRP, we have to do manually
- Download and install NetHunter Store from store.nethunter.com
- Install NH app, terminal, kex
- Run NetHunter app
- Reboot

~~~ Notes & Updates ~~~
Nexmon is finally working in Kali Chroot , although we're open to anything reported because we can't test everything.


- copy Nexmon libs over to /system/lib64/ from the nexmon.zip (not in TWRP):

adb push libnexmon* /sdcard/ && adb push nexutil /sdcard/

- and copy using androidsu terminal:

mount -o rw,remount / && cp /sdcard/libnexmonkali.so /system/lib64/kalilibnexmon.so && cp /sdcard/libnexmon.so /system/lib64/ && cp /sdcard/nexutil /system/xbin/ && chmod a+x /system/xbin/nexutil

You have to make sure that wifi is on but you're not connected to an AP.
Enable in AndroidSU terminal, I created a custom command with

nexutil -m2

Export LD_PRELOAD for faking ioctl in every Kali Chroot terminal window you open

export LD_PRELOAD=/system/lib64/kalilibnexmon.so

Hijacker is not fully supported as I've built one with aarch64 tools, but it randomly stops airodump although it's working. Will give it a shot in the future.

- Mana is being replaced, for the time being you can downgrade iptables in chroot with the following :

wget http://old.kali.org/kali/pool/main/i/iptables/iptables_1.6.2-1.1_arm64.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libip4tc0_1.6.2-1.1_arm64.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libip6tc0_1.6.2-1.1_arm64.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libiptc0_1.6.2-1.1_arm64.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libxtables12_1.6.2-1.1_arm64.deb

dpkg -i *.deb

apt-mark hold iptables
apt-mark hold libip4tc0
apt-mark hold libip6tc0
apt-mark hold libiptc0
apt-mark hold libxtables12

Credits: The Offensive Security Team and the NetHunter community, huge thanks to Re4son & kimocoder for patching the wlan1 insert reboot issue! Long time mystery.
Another extremely big thanks for @draco42 for patching libnexmon and kalilibnexmon!

Android Version: 10.0

XDA: DevDB Information
Kali Nethunter, Kernel & ROM for the Huawei Nexus 6P

Contributors
@Re4son, @kimocoder, @yesimxev, @draco42

Source Code: https://gitlab.com/kalilinux/nethunter/
Kernel Source: https://github.com/Re4son/android_kernel_huawei_angler

 

[Re4son]

**RESERVED**

 

[mataflakitas]

Omg ...?????

 

[yesimxev]

**RESERVED**

 

[aegis1314]

Thank you!

Before your post went up, I had been trying for DAYS to install Nethunter on PE10.

Everytime I lost root (Magisk) on reboot and the Nethunter app never showed up.
I KNEW I was missing some important steps (which were not documented).

Now that official instructions are available I'm going to try and install it the proper way.

 

[UsPdSr]

@Re4son @kimocoder
@yesimxev

Wow, you guys are on fire.

Congratulations to this great updates and foremost the long outstanding release for the Angler!
Which under Oreo flawlessly works now.
No nasty reboots while attempting to set your nic into monitor mode for sure. :good:

Kimocoder did an amazing job with the port of the new driver.

I could basically use every adapter. Especially the ac ones.

You accidentally mixed up some of the links.

This is the Angler (Huawei Nexus 6P) sub-forum and you posted a link for the installer to the Shamu (Motorola Nexus 6).

Also did I try to look over the source and compiled it for myself, but after everything was set up, my kernel and chroot & everything else, the usb adapter plug in/out bug occurred again.

Re4son worked on flair's source 16days ago.

Where can I find the one you used in the new release?

Here is the link to the correct one - >

https://build.nethunter.com/contrib...er-2020.2-pre3-angler-los-ten-kalifs-full.zip

For the user who aren't comfortable to use Android ten for other reasons, here the recommended stable release for Android Oreo stock - >

https://build.nethunter.com/contrib...unter-2020.2-pre3-angler-oreo-kalifs-full.zip

I had no time the last week(s), but I did see a couple of issues who need to be addressed.

One of the main problems with the new Oreo kernel neither Nexmon or the new QUALCOMM patch from kimocoder and Co. are working.

I will come back to this when I have the time..

Firstly great work to the entire team and big thanks for this great contribution

 

[lfcz]

wow:laugh:awosome!

 

[UsPdSr]

Could you explain to less experienced user how someone are going to be modify the last twrp version for the Angler wit fstab accordingly?

 

[yesimxev]

Thanks for mentioning the link, replaced with the correct one. To do fstab:
Copy fstab to eg. Internal storage
Boot into TWRP
In terminal, type

mount -o rw,remount /vendor
cp /sdcard/fstab.angler /vendor/etc/

 

[UsPdSr]

Thanks for mentioning the link, replaced with the correct one. To do fstab:
Copy fstab to eg. Internal storage
Boot into TWRP
In terminal, type

Thanks a bunch, @yesimxev!

As you saw in both threads for LOS 17 and PE, do they come with specific TWRP versions.*

Are they some what of relevant, or is the official release by twrp.me sufficient?

*LOS 17.1

https://forum.xda-developers.com/showpost.php?p=81059545&postcount=3

*Pixel Experience 10.0

https://forum.xda-developers.com/showpost.php?p=80290619&postcount=3

 

[Nick_Speed]

Thanks for this it works perfect but my Question is how to survive a System update?

For example a new Version of los 17 Comes out, i Flash it, so the nethunter kernel is gone.

When i Flash the whole nethunter Image then all works fine but the chroot Environment will be wiped and replaced with the one from the Image. Thats not so good because all of the Manual Things are wiped also, like compiled Software and post updated and installed Software.

So whats the best way to Keep the chroot Environment after an Android System update?

 

[Re4son]

Create a backup of your rootfs via the Chroot Manager is probably the best option. You could just reflash the kernel too

 

[Nick_Speed]

Thanks for your fast reply.

How to Flash the kernel only? I looked into the Archive but there are too many scripts for all the Little nice Things during the installation and there isnt a single zip file for the kernel or i missed something. Sorry i m not that great developer…

I thought i could comment out the chroot extraction in the installer script, its the last step. Is this a possibility?

---------- Post added at 11:50 AM ---------- Previous post was at 11:46 AM ----------

And the possibility to backup the chroot in the chroot Manager i never saw, thats great and probably the best Option yes. Thanks for that hint!

 

[SalyczeQ]

Thanks for mentioning the link, replaced with the correct one. To do fstab:
Copy fstab to eg. Internal storage
Boot into TWRP
In terminal, type

mount -o rw,remount /vendor
cp /sdcard/fstab.angler /vendor/etc/

When I tried copy fstab.anger from my /usb_otg to /vendor/etc/ via file manager in TWRP, a received error ERROR status code 1.
So I tried mount command, which is mentioned above, via terminal in TWRP. /vendor was mounted succesfully but when I used cp command a received error again, that target is in read-only filesystem. And yes I definitely mount it with "-o rw" (read write).

What can I do wrong?

 

[yesimxev]

When I tried copy fstab.anger from my /usb_otg to /vendor/etc/ via file manager in TWRP, a received error ERROR status code 1.
So I tried mount command, which is mentioned above, via terminal in TWRP. /vendor was mounted succesfully but when I used cp command a received error again, that target is in read-only filesystem. And yes I definitely mount it with "-o rw" (read write).

What can I do wrong?

Forgot to mention that vendor has to be mounted first. Use

mount /vendor

 

[UsPdSr]

How to Flash the kernel only? I looked into the Archive but there are too many scripts for all the Little nice Things during the installation and there isnt a single zip file for the kernel or i missed something. Sorry i m not that great developer…

Probably because they were just released and for now as complete installer by Offensive being offered. ;/

I build both of the newly released kernel for LOS 17.1 and 8.1 Stock Oreo with the python installer.

Ten

https://mega.nz/file/hUBHxSyT#HJRVnp_uH1hosPfsDClSiG9hzO54eQkM24ONG48b3Fc

Oreo

https://mega.nz/file/AVZxFIDC#SQG_X6yfmwb3cjmO8bzYqo5RhTJ7hjmWEOrk-c97f2o



Best regards

---------- Post added at 09:47 PM ---------- Previous post was at 09:43 PM ----------

Thanks for mentioning the link, replaced with the correct one. To do fstab:
Copy fstab to eg. Internal storage
Boot into TWRP
In terminal, type


When I tried copy fstab.anger from my /usb_otg to /vendor/etc/ via file manager in TWRP, a received error ERROR status code 1.
So I tried mount command, which is mentioned above, via terminal in TWRP. /vendor was mounted succesfully but when I used cp command a received error again, that target is in read-only filesystem. And yes I definitely mount it with "-o rw" (read write).

What can I do wrong?

Did you use the official version, or the ones supported by the the according rom developer?

 

[SalyczeQ]

Forgot to mention that vendor has to be mounted first. Use

mount /vendor

View attachment 4996285

as you can see I tried, but the same error still occurs

 

[SalyczeQ]

---------- Post added at 09:47 PM ---------- Previous post was at 09:43 PM ----------

[/COLOR]

Did you use the official version or the ones supported by the according to rom developer?

I used TWRP provided beside according rom, not the official version. View attachment 4996289

But If you will check the screenshot which I attached, I notice something weird, that in mount TWRP page I see vendor partition twice. Can It be a problem?

Is there any big difference between TWRP provided for LOS17.1 and PE10? Because the last thing I can think of is that I may swap it and use PE10 TWRP for install LOS17.1 rom.

 

[UsPdSr]

I used TWRP provided beside according rom, not the official version.

But If you will check the screenshot which I attached, I notice something weird, that in mount TWRP page I see vendor partition twice. Can It be a problem?

Is there any big difference between TWRP provided for LOS17.1 and PE10? Because the last thing I can think of is that I may swap it and use PE10 TWRP for install LOS17.1 rom.

I tried the installation with LOS.
I had countless error messages primarily because of the vendor, too.

I have seen this weird entry before, after another user botched his installation as well.

I would definitely erase the recovery with fastboot, or try to flash the official one over.

Since the Nexus 6p received support for Pie am I very sceptical of the usage as daily driver.

I have no desire to flash these funny FBEwhatever recoveries amd and see me device commit suicide.

So.

I am definitely going to try it again, especially Pixel Experience is interesting, but I would like to ask the Nethunter team ( @yesimxev, @Re4son), if it would be possible to write a more detailed instructions on how to get this work, or perhaps assemble something to flash without modification by the user..

Many heaps

 

[Nick_Speed]

I tried the installation with LOS.
I had countless error messages primarily because of the vendor, too.

I have seen this weird entry before, after another user botched his installation as well.

I would definitely erase the recovery with fastboot, or try to flash the official one over.

Since the Nexus 6p received support for Pie am I very sceptical of the usage as daily driver.

I have no desire to flash these funny FBEwhatever recoveries amd and see me device commit suicide.

So.

I am definitely going to try it again, especially Pixel Experience is interesting, but I would like to ask the Nethunter team ( @yesimxev, @Re4son), if it would be possible to write a more detailed instructions on how to get this work, or perhaps assemble something to flash without modification by the user..

Many heaps

Hey there,

So for ten i installed ExtendedUI OFFICIAL and PixelDust with the twrp fbe 10, reboot to recovery, rooted with magisk, set all up, install busybox within magisk, reboot to recovery, then installed the nethunter zip, rebooted to recovery,
rooted with magisk, reboot to System.

All is fine, the kernel etc. but no nethunter apps are showing. So i extracted the apps from the zip file, installed all and updated the nethunter app throught fdroid because the nethunter store app isnt working with extensions but fdroid did and the source for the nethunter repo you can copy from the store app.

Then fire up the nethunter up, set up chroot and tata, all is working great.

and btw thanks for the flashable kernel ;o)