Recounting Recent: Kali NetHunter

After fixing a couple of my old broken android phones, playing around with unlocking the boot-loader, rooting them and installing custom ROM’s I decided to optimize an android for use with Kali NetHunter.

Monitor mode on NetHunter. Detecting two access points with WEP encryption in my neighborhood. These could be cracked in like 8-30 minutes.

Kali Linux NetHunter is an open source android penetration testing platform. Check out Offensive Security’s NetHunter page for more information.

NetHunter has versions available for many android devices. Nexus, OnePlus, Galaxy, Gemini, LG, HTC, some Sony’s and the list goes on. If trying this out make sure to do ample research on the device you are considering because CPU chipset varies on the same android phones between carriers. The wiki on gitlab lists the supported devices.

Also pay attention to the WiFi chipset because only a few inboard WiFi chips can be used for monitor mode, otherwise the phone will need an external adapter for WiFi penetration. To use the inboard chips we’ll have to modify the kernel and firmware but even if using an external adapter be sure to verify compatibility.\

I went with the Hawaii Nexus 6P as it supports inboard monitoring mode and Offensive Security sold me with their description for it. Also being able to get one on ebay for 50 something dollars is pretty compelling when some of the other options are still hundreds. (*note the following is all specific to the Hawaii Nexus 6P)

I reinstalled NetHunter while writing this post. These instructions are pretty good, it’s the installation.txt file from:

Kali boot animation

A few notes to simplify the process.

You need android sdk platform tools fastboot from android studio. Downloading all the files above into the sdk platform tools folder will simplify a lot so that you don’t need to include paths to run fastboot or paths for the files to flash.

If you have issues with the shell script just look within the scripts and ran each command from the shell.

You need to download the twrp recovery image separately, just google the img name.

You will need a usb connected external storage for step 5 because the 6P has no SD card slot.

An add-on for the lineageOS in order to enable root-access to apps is also needed which can be downloaded from the link above. Flash the add-on and then enable developer options and you can grant root access to apps.

flashing Kali

XDA developers forum is the best resource I’ve found for all of this. You can find support and instructions for all the other possible devices on their forum as well.

Leave a Reply