• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[ROM][Official] Kali NetHunter for the OnePlus One LineageOS 17.1 Q

Search This thread

yesimxev

Senior Member
May 8, 2017
180
69
68747470733a2f2f6769746c61622e636f6d2f6b616c696c696e75782f6e657468756e7465722f6275696c642d736372697074732f6b616c692d6e657468756e7465722d70726f6a6563742f7261772f6d61737465722f696d616765732f6e657468756e7465722d6769742d6c6f676f2e706e67


I present to you: Kali NetHunter for the OnePlus One LineageOS 17.1 Q

This is the latest (experimental) version for the OnePlus One.

Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform.
The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks, as well as a client to the Kali NetHunter App Store.
Beyond the penetration testing tools arsenal within Kali Linux and the Kali NetHunter App Store, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, Evil AP MANA attacks, and much more. For more information about the moving parts that make up NetHunter, check out our NetHunter Components page.
NetHunter is an open-source project developed by Offensive Security and the community.

~ Prerequisites ~
- Lineage 17.1 - https://download.lineageos.org/bacon
- Gapps if needed - https://opengapps.org
- TWRP - https://twrp.me/oneplus/oneplusone.html
- Magisk – https://forum.xda-developers.com/apps/magisk

~~ Downloads ~~
- NetHunter: https://www.androidfilehost.com/?fid=17248734326145736621

~~ How to Install ~~
Assuming you have unlocked bootloader
- Flash TWRP
- Copy Lineage, Magisk and NetHunter image to USB drive
- Boot into TWRP, insert USB drive.
- Flash Lineage, and Gapps if needed, reboot and do initial setup
- Reboot into TWRP
- Some old devices with new ROMs doesn't have a TWRP with system_root prop set, therefore do
Code:
adb shell setprop ro.build.system_root_image true
- Flash Magisk, NetHunter

- Reboot
- Run NetHunter app
- Reboot

~~~ Notes & Updates ~~~
- wlan1 unplug reboot is solved
- Y-cable is still supported, just need to have it as a Custom Command or in a script (AndroidSU)
Code:
bootkali ycable start
To stop:
Code:
bootkali ycable stop
- Bluetooth Arsenal is supported, but you need to downgrade Bluez to 4.101 by compiling it in Kali chroot and installing "on top of" current Bluez so the bluetooth service will be able to run
- Mana is being replaced, for the time being you can downgrade iptables with the following :
Code:
wget http://old.kali.org/kali/pool/main/i/iptables/iptables_1.6.2-1.1_armhf.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libip4tc0_1.6.2-1.1_armhf.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libip6tc0_1.6.2-1.1_armhf.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libiptc0_1.6.2-1.1_armhf.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libxtables12_1.6.2-1.1_armhf.deb

dpkg -i *.deb

apt-mark hold iptables
apt-mark hold libip4tc0
apt-mark hold libip6tc0
apt-mark hold libiptc0
apt-mark hold libxtables12

- To downgrade to bluez-4.101:
Code:
apt-get update && apt-get install libdbus-1-dev libglib2.0-dev
apt-mark hold bluez
wget http://www.kernel.org/pub/linux/bluetooth/bluez-4.101.tar.gz
tar xvf bluez-4.101.tar.gz && cd bluez-4.101
./configure --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc --localstatedir=/var --libexecdir=/lib --build=arm
make && make install

Please not that BLE is not supported in bluez-4.x. If you prefer to use that, keep bluez-5.x

Credits: The Offensive Security Team and the NetHunter community

Android Version: 10.0

XDA: DevDB Information
Kali Nethunter, Kernel & ROM for the OnePlus One

Contributors
@yesimxev

Source Code: https://gitlab.com/kalilinux/nethunter/
Kernel Source: https://github.com/yesimxev/android_kernel_oppo_msm8974

Follow me on Twitter!
 
Last edited:

JERKBALL

Member
Oct 7, 2006
5
0
Thank you very much for keeping up with new Releases for our beloved OPO...

I wiped up my OPO completely and started from scratch...

But after sticking to your tutorial and setting up chroot I get the following:

Code:
[-] sdcard /lib/modules/3.4.113-yesimxev-g4885cdc67a2 doesn't exist or isn't mounted. .

Is this related to the new kernel?
 

yesimxev

Senior Member
May 8, 2017
180
69
Thank you very much for keeping up with new Releases for our beloved OPO...

I wiped up my OPO completely and started from scratch...

But after sticking to your tutorial and setting up chroot I get the following:

Code:
[-] sdcard /lib/modules/3.4.113-yesimxev-g4885cdc67a2 doesn't exist or isn't mounted. .

Is this related to the new kernel?
Thanks for mentioning, the modules dir wasn't in the correct place in the zip. It will be fine in the next release. I'll update the links once they are released.

For now, update to the latest app and you can ignore that message, it will remain as a warning only.
 

Ween Dwijler

Member
Feb 6, 2021
32
2
Thailand
Have you updated the NH ap from the store? I'll build a kernel flasher so you have it before release

Hmmm...... I just spent about a full week to get Nethunter functional on an Oneplus One. It was a very revealing journey, lots of flashing, bricking, flashing, upgrading, downgrading,I've learned a lot.

Tried CM and LOS 16 and 17 with NH for Marshmallow and for Pie. Used the ones from Kali's download site and the ones you linked above. Followed all instructions to the letter and comma, and all variations on it that I could imagine.

The end result is always the samel No bluetooth, no usb.

And since the whole idea is to have a compact mobile to do pentesting on wireless setups and devices in the field, for which we need usb and bluetooth, it seems to be pretty useless. It really puzzles me why the Oneplus One is the preferred device, other than it is a nice Mr. Robot gadget to show of in the bar?

However, I truly want to be proven wrong in my conclusion and work with you to get this sorted out. If you like. I get the idea there are many with similar problems that never got solved and they might have given up and moved on to another device. But I am not afraid of a good challenge, so....... lets do it.

This is what I have:

Oneplus One 16GB
Alfa AWUS036ACH with Realtek rtl8812au chip (have the latest drivers)

Can we make it really work?

(mind you, pentesters at $ 200K a year are probably not willing to spent so much time on getting a tool to work. I'm just a student in pentesting and still learning, so economics are not that much of an issue, yet).

I realise this is all free, open source software. But that doesn't mean it shouldn't be working perfect after proper installing everything.

I hope I can help to make it better.
 

yesimxev

Senior Member
May 8, 2017
180
69
I have a OPO with the above install but an updated kernel which not released yet. But I'll provide you tonigh for testing. Although the above should be fully functional other than the modules dir (which is ignored by the latest NH app).

I'm happy to help you as I know how frustrating is to get used to this kind of version vs device specific fight :)

Just to confirm:
No usb or bluetooth? usb hid? Or wlan1? What's your busybox version? Internal or external bluetooth?
 

Ween Dwijler

Member
Feb 6, 2021
32
2
Thailand
Thank you very much for keeping up with new Releases for our beloved OPO...

I wiped up my OPO completely and started from scratch...

But after sticking to your tutorial and setting up chroot I get the following:

Code:
[-] sdcard /lib/modules/3.4.113-yesimxev-g4885cdc67a2 doesn't exist or isn't mounted. .

Is this related to the new kernel?
I got that, too. But did the whole thing again and than it was gone.

I noticed that a good way to make sure all reinstalling happens in a "clean" way is to follow this method of working:

1.
TWRP recovery - Wipe all, except USB-OTG. ---> Reboot.

2.
Repeat that 1 more time!!! (counting for residual voltage, causing bits to be persistent in memory, contaminating new install)

3.
Flash LOS 16 or 17 with TWRP from attached USB stick. (If data doesn't show up on USB-OTG, touch it for 5 seconds, release, phone vibrates and the data will be visible. If that doesn't work, unplug the OTG cable, wait 5 seconds and replug it. Repeat previous touch, vibrate etc. If that doesn't work, unplug USB, 5 seconds wait, replug, go to mount and try to mount USB-OTG, return to Install, select Storage and repeat the first step of this no.3 part)

4.
After flash is complete, reboot, setup CM or LOS, activate Developers options by tapping 7x on Build number (you can find that under Settings/about phone). One step back, under settings you find Developer options. Go in there, check Advanced reboot, uncheck Update Cyanogen recovery, check Android debugging. Press right power button shortly, Power options pops up. Choose Reboot, next screen pops up, choose Recovery, confirm with tapping ok.

5.
Back in TWRP, unplug the USB, wait 5 seconds and replug the USB in. Follow the steps I described in 3. to get the data visible. Choose to install Magisk or SuperSU (whatever you like and have). Let it run, when finished reboot again. After reboot is completed, reboot again from LOS to make sure Magisk or SuperSU are completely installed and ready.

6.
Reboot into TWRP Recovery again, do the USB mount trick thing, choose the right version NH zip (you might have, like me, different versions on it) and install NH. When finished, reboot.

7.
Pay attention here!
Back in LOS, check that Magisk or SuperSU are properly installed and working.
Start NH Terminal, popup asks for Superuser rights. You have 10 seconds to grant them! Do it! Follow the further screen instructions, allow for all.
Next, start up NH itself, 10 seconds only for granting SU right!!! Allow all. After this, reboot system.

8.
Start NH terminal, command sudo apt update && sudo apt full-upgrade. Follow the instructions. During that, you get a white window asking for yes or no. Chose Yes and confirm with enter. Another one like that will pop up again a little later, choose the second line (keep present config etc.) and confim with yes and enter.
Let the process run its course. When finished, reboot system again.

9.
Start up NH (if it is not already started), go to Kali Chroot Manager and start it. All should be green now and ready to go.

Happy Hunting!
 

Ween Dwijler

Member
Feb 6, 2021
32
2
Thailand
I have a OPO with the above install but an updated kernel which not released yet. But I'll provide you tonigh for testing. Although the above should be fully functional other than the modules dir (which is ignored by the latest NH app).

I'm happy to help you as I know how frustrating is to get used to this kind of version vs device specific fight :)

Just to confirm:
No usb or bluetooth? usb hid? Or wlan1? What's your busybox version? Internal or external bluetooth?

After trying to install above twice, with red warning in TWRP that something failed to mount, I abandoned it and switched back to CM and the Marshmallow NH. But that doesn't work either.

At least I got to see lsusb in LOS 16 with NH and your kernel update ten. Before I updated your kernel, lsusb didn't show anything in LOS 16 NH.

Here goes:
Installed 2020.4 Pie. No lsusb readout, no bluetooth.

Next:
TWRP installed your ...ten.zip, rebooted and after 2 attempts (unplug and plug in again) lsusb in NH terminal registered the OTG as hub, on 001.002 was my USB stick. Unplugged the stick, plugged in the AWUS036ACH, and 001.002 became 0bda Realtek 802.11.

Checked in terminal of Android, got the same reading.

So Android sees it on the USB, NH sees it too. However, no wlan1 shows up when I do iwconfig, ifconfig or run airmon-ng.

Are the Realtek rtl8812au drivers already patched into the kernel? (Do I say that right?).

If yes, what prevents NH from getting wlan1?

The wifi adapter is not powered (I thought it could get power from the OPO?). Has that anything to do with it?

Bluetooth is the internal one from OPO. Busybox was installed with the NH version. I'm now back at CM 13 again, so I donno which version in the LOS install I had. I will go back to the machines and get the LOS 16 installed.

Or do you prefer LOS 17?
 

Ween Dwijler

Member
Feb 6, 2021
32
2
Thailand
I have a OPO with the above install but an updated kernel which not released yet. But I'll provide you tonigh for testing. Although the above should be fully functional other than the modules dir (which is ignored by the latest NH app).

I'm happy to help you as I know how frustrating is to get used to this kind of version vs device specific fight :)

Just to confirm:
No usb or bluetooth? usb hid? Or wlan1? What's your busybox version? Internal or external bluetooth?

Ok, I am ready to go.

- Wiped the OPO completely
- Flashed and installed lineage-17.1-20210128-nightly-bacon-signed.zip
- Did the setup, developers options etc.
- flashed and checked proper install of Magisk

Next step?

NB. I have 2 hours more today. After that it is bedtime for me. We probably have a time difference. For me it will be 3AM in 2 hours.
 

Ween Dwijler

Member
Feb 6, 2021
32
2
Thailand
I have a OPO with the above install but an updated kernel which not released yet. But I'll provide you tonigh for testing. Although the above should be fully functional other than the modules dir (which is ignored by the latest NH app).

I'm happy to help you as I know how frustrating is to get used to this kind of version vs device specific fight :)

Just to confirm:
No usb or bluetooth? usb hid? Or wlan1? What's your busybox version? Internal or external bluetooth?

Ok, I thought to go on with installing the NH fs from your link. Got the same error:1 again. Error installing zip file 'usb_otg/nethunter-2020.4-generic-armhf-kalifs-full.zip'.

Get the same message for the other one.
 

yesimxev

Senior Member
May 8, 2017
180
69
Ok, I thought to go on with installing the NH fs from your link. Got the same error:1 again. Error installing zip file 'usb_otg/nethunter-2020.4-generic-armhf-kalifs-full.zip'.

Get the same message for the other one.
Seems like you haven't done the
Code:
adb shell setprop ro.build.system_root_image true

Haven't you flashed the zips from here yet? What did you use? This version is not released yet anywhere, it's here for testing.
 

Ween Dwijler

Member
Feb 6, 2021
32
2
Thailand
Seems like you haven't done the
Code:
adb shell setprop ro.build.system_root_image true

Haven't you flashed the zips from here yet? What did you use? This version is not released yet anywhere, it's here for testing.

I used the zips you provided in the links above. But, indeed, I didn't do the setprop. Busy getting it back up again....hahaha. Next install will be after the setprop command. Try to do it now. Stay tuned.
 

yesimxev

Senior Member
May 8, 2017
180
69
After trying to install above twice, with red warning in TWRP that something failed to mount, I abandoned it and switched back to CM and the Marshmallow NH. But that doesn't work either.

At least I got to see lsusb in LOS 16 with NH and your kernel update ten. Before I updated your kernel, lsusb didn't show anything in LOS 16 NH.

Here goes:
Installed 2020.4 Pie. No lsusb readout, no bluetooth.

Next:
TWRP installed your ...ten.zip, rebooted and after 2 attempts (unplug and plug in again) lsusb in NH terminal registered the OTG as hub, on 001.002 was my USB stick. Unplugged the stick, plugged in the AWUS036ACH, and 001.002 became 0bda Realtek 802.11.

Checked in terminal of Android, got the same reading.

So Android sees it on the USB, NH sees it too. However, no wlan1 shows up when I do iwconfig, ifconfig or run airmon-ng.

Are the Realtek rtl8812au drivers already patched into the kernel? (Do I say that right?).

If yes, what prevents NH from getting wlan1?

The wifi adapter is not powered (I thought it could get power from the OPO?). Has that anything to do with it?

Bluetooth is the internal one from OPO. Busybox was installed with the NH version. I'm now back at CM 13 again, so I donno which version in the LOS install I had. I will go back to the machines and get the LOS 16 installed.

Or do you prefer LOS 17?
8812au is not supported on this device.

Btw are you trying both pie and ten zips on lineage-17.1 rom?
 

Ween Dwijler

Member
Feb 6, 2021
32
2
Thailand
Ok, used setprop ro.build.system_root_image true, got message "failed to map file and error installing.

This is a new one for me!!

I think TWRP is somehow damaged. Will brick it now and do a full setup again, starting with Color. Tomorrow more about this saga.
 

yesimxev

Senior Member
May 8, 2017
180
69
Ok, used setprop ro.build.system_root_image true, got message "failed to map file and error installing.

This is a new one for me!!

I think TWRP is somehow damaged. Will brick it now and do a full setup again, starting with Color. Tomorrow more about this saga.
I went back to TWRP 3.4 but 3.5 also flashed everything. The zip might got corrupted? Installs for me fine. I'll make the revert to bluez-4.101 because bluez 5.x is not working on this device
 

Ween Dwijler

Member
Feb 6, 2021
32
2
Thailand
I went back to TWRP 3.4 but 3.5 also flashed everything. The zip might got corrupted? Installs for me fine. I'll make the revert to bluez-4.101 because bluez 5.x is not working on this device

I used both TWRP 3.4 and 3.5, same result. Sideload didn't work either. Managed to get Magisk flashed. That first had the same error as the rest. Last it went well. So, I thought, lets go for NH too. Nope. Error again.

Tomorrow I will download everything fresh again from the web, and see if it works. Maybe the USB stick got corrupted somehow? Got another one to try.

Which chipset is supported on the OPO, if not 8812au?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 5
    68747470733a2f2f6769746c61622e636f6d2f6b616c696c696e75782f6e657468756e7465722f6275696c642d736372697074732f6b616c692d6e657468756e7465722d70726f6a6563742f7261772f6d61737465722f696d616765732f6e657468756e7465722d6769742d6c6f676f2e706e67


    I present to you: Kali NetHunter for the OnePlus One LineageOS 17.1 Q

    This is the latest (experimental) version for the OnePlus One.

    Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform.
    The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks, as well as a client to the Kali NetHunter App Store.
    Beyond the penetration testing tools arsenal within Kali Linux and the Kali NetHunter App Store, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, Evil AP MANA attacks, and much more. For more information about the moving parts that make up NetHunter, check out our NetHunter Components page.
    NetHunter is an open-source project developed by Offensive Security and the community.

    ~ Prerequisites ~
    - Lineage 17.1 - https://download.lineageos.org/bacon
    - Gapps if needed - https://opengapps.org
    - TWRP - https://twrp.me/oneplus/oneplusone.html
    - Magisk – https://forum.xda-developers.com/apps/magisk

    ~~ Downloads ~~
    - NetHunter: https://www.androidfilehost.com/?fid=17248734326145736621

    ~~ How to Install ~~
    Assuming you have unlocked bootloader
    - Flash TWRP
    - Copy Lineage, Magisk and NetHunter image to USB drive
    - Boot into TWRP, insert USB drive.
    - Flash Lineage, and Gapps if needed, reboot and do initial setup
    - Reboot into TWRP
    - Some old devices with new ROMs doesn't have a TWRP with system_root prop set, therefore do
    Code:
    adb shell setprop ro.build.system_root_image true
    - Flash Magisk, NetHunter

    - Reboot
    - Run NetHunter app
    - Reboot

    ~~~ Notes & Updates ~~~
    - wlan1 unplug reboot is solved
    - Y-cable is still supported, just need to have it as a Custom Command or in a script (AndroidSU)
    Code:
    bootkali ycable start
    To stop:
    Code:
    bootkali ycable stop
    - Bluetooth Arsenal is supported, but you need to downgrade Bluez to 4.101 by compiling it in Kali chroot and installing "on top of" current Bluez so the bluetooth service will be able to run
    - Mana is being replaced, for the time being you can downgrade iptables with the following :
    Code:
    wget http://old.kali.org/kali/pool/main/i/iptables/iptables_1.6.2-1.1_armhf.deb
    wget http://old.kali.org/kali/pool/main/i/iptables/libip4tc0_1.6.2-1.1_armhf.deb
    wget http://old.kali.org/kali/pool/main/i/iptables/libip6tc0_1.6.2-1.1_armhf.deb
    wget http://old.kali.org/kali/pool/main/i/iptables/libiptc0_1.6.2-1.1_armhf.deb
    wget http://old.kali.org/kali/pool/main/i/iptables/libxtables12_1.6.2-1.1_armhf.deb
    
    dpkg -i *.deb
    
    apt-mark hold iptables
    apt-mark hold libip4tc0
    apt-mark hold libip6tc0
    apt-mark hold libiptc0
    apt-mark hold libxtables12

    - To downgrade to bluez-4.101:
    Code:
    apt-get update && apt-get install libdbus-1-dev libglib2.0-dev
    apt-mark hold bluez
    wget http://www.kernel.org/pub/linux/bluetooth/bluez-4.101.tar.gz
    tar xvf bluez-4.101.tar.gz && cd bluez-4.101
    ./configure --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc --localstatedir=/var --libexecdir=/lib --build=arm
    make && make install

    Please not that BLE is not supported in bluez-4.x. If you prefer to use that, keep bluez-5.x

    Credits: The Offensive Security Team and the NetHunter community

    Android Version: 10.0

    XDA: DevDB Information
    Kali Nethunter, Kernel & ROM for the OnePlus One

    Contributors
    @yesimxev

    Source Code: https://gitlab.com/kalilinux/nethunter/
    Kernel Source: https://github.com/yesimxev/android_kernel_oppo_msm8974

    Follow me on Twitter!
    2
    Well done! I'm personally not interested in NetHunter but it's nice to see some development still happening for our good old Oneplus One :)
    1
    Ok, I'll go do it now.

    Ok, did the setprop before flashing. Copied the zips from USB to local Download dir/map. Installed first nethunter-2020.4-generic-armhf-kalifs-full.zip and after that kernel-nethunter-20210206_204827-oneplus1-ten.zip (your latest).

    Both installs went smooth, no interruptions. After that, rebooted the system. No program icons (NH Terminal, NH, etc.) anywhere.
    1
    I'll try to patch but my weeks are extremely busy now
    That would be very, very nice. I'm really looking forward to have this working and start to use it in the field.

    FYI attached the lsusb readings in kali terminal and android terminal. The realtek shows up, but I guess the drivers are missing.
    1
    So I tried, Large, everything, top10 and small. All of them crashed. I tried installing all packages manually and found out 5 are causing the phone to reboot and then not able to install other packages. If I just leave out those 5 it does seem to work without to many glitches or issues.
    Can you just simply do apt-get update && apt-get install kali-linux-nethunter in chroot? Is it crashing with that too? Do you have enough space on /data?