Categories
How To...

How To install NetHunter Lite (part 1)

In this How To we look at turning a smartphone or tablet into a dedicated and fully-featured mobile Pentesting platform. We start with downloading the Kali Linux NetHunter Lite ROM image and Rooting the Android device.

In a recent article, How To install NetHunter Rootless Edition, we examined installing a version of Kali Linux on non-rooted Nexus devices. Whilst this provided many penetration testing tools, there were certain limitations.

We are going to look at installing Kali Linux NetHunter Lite which provides us with a more dedicated mobile pentesting platform and the following additional functionality:

  • Metasploit with database
  • NetHunter App
  • WiFi Injection
  • HID attacks

For details on the differences check out the ‘1.0 NetHunter Editions’ section within the NetHunter Documentation.

The instructions and screenshots during this How To will be from an Ubuntu 20.10 computer. An upcoming article will cover differences when performing this How To using Mac and Windows computers.

Important

The steps covered in this article involve unlocking a device and flashing the ROM (Read-Only Memory) with new software. This comes with inherent risk in that if it fails then the device ‘can’ be rendered unusable or unrecoverable.

Warning: Proceed with caution and at your own risk!

NetHunter Lite on a Nexus 7

We are going to install Kali Linux NetHunter Lite on a 32 Gb Nexus 7 (2012 – WiFi only). These steps should be similar if installing on a different device e.g. Nexus 4 / 5 / 6 / 9 / 10 or OnePlus One.

Here are the main steps to be carried out:

  1. Prerequisites
  2. Download pre-built image
  3. Rooting the device
  4. Verify device is Rooted
  5. Install NetHunter Lite
  6. Run NetHunter

Advisory: We strongly suggest reading through the whole of this article prior to performing any actions.

In this article, part 1, we will cover Steps 1-4 then the remaining Steps will be covered in part 2.

Step 1 – Prerequisites

There are a number of possible configurations for our Nexus device when starting this installation:

  • Stock device – running Android V4.1 (Jelly Bean) or V5.1.1 (Lollipop) with a Locked Bootloader.
  • Upgraded device – running a later or modified operating system with an Unlocked Bootloader & Custom Recovery tool installed e.g Android 8.1.0 (Oreo – LineageOS 15.1) with TWRP.

If you have a ‘stock device’ then you will need to perform Steps 1-6 in our article How To upgrade Android for NetHunter from Linux (part 1) in order to get to the point of having a device that is backed up, has an Unlocked Bootloader, and TWRP (Team Win Recovery Project) installed. You do not need to upgrade to Android 8.1.1 (Step 7).

Nexus 7 with TWRP main menu
TWRP main menu on a Nexus 7.

Step 2 – Download pre-built image

Gathering device information

In order to download the correct image for a specific device it is necessary to obtain certain information. To do this a terminal window is needed if not already installed on your device e.g. Termux:

  1. Open https://store.nethunter.com on the device’s web browser.
  2. Click on the ‘DOWNLOAD STORE APP’ button.
  3. Go to the ‘Downloads’ folder and click on the ‘NetHunterStore.apk’ file. If prompted open ‘Settings’ and allow ‘Unknown sources’.
  4. Start the installation. There may be a prompt regarding the permissions that will be accessible so read and click ‘INSTALL’.
  5. After the installation completes, open the NetHunter Store via the new icon and search for ‘Termux’ then download and install.

Open the Termux app and run the following commands:

getprop ro.product.device

getprop ro.product.model

getprop ro.product.name
Device properties on a Nexus 7 (2012).
Device properties on a Nexus 5x.

Another piece of information we need is the Android version and associated nickname (in brackets). There are some earlier and later versions but these are the main ones we are concerned with:

Android versionVersion name
4.1Jelly Bean
4.4KitKat
5.0Lollipop
6.0Marshmallow
7.0Nougat
8.0Oreo
9Pie
10Ten
Android versions and associated names.

In certain cases the year of the device may also be relevant e.g. Nexus 7 has the 1st Generation from 2012 and 2nd Generation from 2013. Click here and visit Step 2 within the article to find out more.

Finding a pre-built NetHunter image

Now we need to visit these pages to see if we can find a pre-built match for the details we have about our device:

  1. Official NetHunter Images
  2. NetHunter Kernel Statistics
  3. Official NetHunter Kernels
  4. Kali Linux NetHunter Downloads

Using our Nexus 7 details (grouper, nakasi, Android 8.x / Oreo or LineageOS 15.1) we had these results:

  • #1 – no match.
  • #2 – implied there are 18 potential matches on Oreo.
  • #3 – gave the following:
    • Model = Nexus 7 2012 … match 🙂
    • Kernel ID = grouper … match 🙂
    • Android version = kitkat (Android 4.4) … mismatch 🙁
  • #4 – match on Generic ARMhf e.g. file nethunter-2020.4-generic-armhf-kalifs-full.zip

#3 is a close match apart from the Android version so we opt for #4.

The ZIP file (~1.6Gb) was downloaded then copied to the Downloads folder on our device via the USB cable.

Step 3 – Rooting the device

As mentioned in the Prerequisites (Step 1) our device needs an Unlocked Bootloader and a Custom Recovery tool (TWRP) installed.

There are two methods of rooting a device:

  • Stock device – that runs an original version of Android. For rooting this device, Magisk Manager can be used.
  • Upgraded device – that runs a custom ROM (e.g. LineageOS) that was upgraded by flashing the ROM. For rooting this device the ‘LineageOS addonsu’ can be used. Magisk can be problematic.

Follow the relevant sub-section below based on your device (A or B):

A) Rooting with Magisk Manager
Magisk Manager website homepage.

In order to ‘root’ our device we need to perform the following:

  1. Start the device and boot into Android.
  2. Open the web browser and download the latest version of Magisk Manager. Alternatively download the file via your desktop computer and copy it to the Download folder on your device.
  3. Open the File Manager* on your device, navigate to the Download folder and click on the Magisk .apk file to install. There may be a prompt to Allow an install from this source.
    * If not installed then this can be downloaded from the Play Store or the .apk file can be downloaded from here then installed.
  4. Open the Magisk Manager app and you should see this screen:
Magisk Manager startup screen.
  1. Magisk Manager is the latest version installed but the Magisk image is not yet so click ‘Install’.
  2. Click NEXT for Options.
  3. Select ‘Download Zip Only’ under Method then LET’S GO.
  4. Within the Download folder on your device there will be a new file e.g. Magisk-21.4(21400).zip
  5. Reboot your device into the Unlocked Bootloader by issuing this command from your computer:
adb reboot bootloader
  1. Start TWRP by selecting the ‘Recovery mode’ pressing the Volume Down button within the Bootloader screen then Power button.
  2. Once in TWRP click ‘Install’, navigate to the Download folder and select the file Magisk-21.4(21400).zip and Swipe right to flash.
  3. Once complete the click Reboot System.
Magisk successfully flashed via TWRP.
  1. Restart Magisk Manager app and Magisk should now be Installed.

For further details check out the XDA article:

B) Rooting with SuperSU

First of all SuperSU needs to be downloaded:

To install SuperSU:

  1. Boot into TWRP and click ‘Install’.
  2. Select ZIP file in the Download folder e.g. SR5-SuperSU-v2.82-SR5-20171001224502.zip
  3. Swipe right to confirm Flash.
  4. Once complete click ‘Reboot System’.
  5. Go to ‘Developer options’ within Settings.
  6. Change ‘Root access’ to ‘ADB’ if desired. A pop-up warning may appear about enabling root access.

Enable ‘Advanced restart’, and ‘Android debugging’ if desired, within ‘Developer options’:

‘Advanced restart’ turned on within ‘Developer options’ on Nexus 7.

Whilst upgrading our version of Android in the article How To upgrade Android for NetHunter from Linux (part 1) we used Android Debug Bridge (adb) to unlock and boot our device into the Bootloader. Unfortunately following the upgrade to Android 8.1.1 (LineageOS 15.1) this no longer worked via USB and gave an error:

adb reboot bootloader

error: no devices/emulators found

Note: Having tried many suggestions online without success it must be down to a Linux driver issue for the new operating system. Additionally the backup taken via TWRP would not work in a restore so the device could not be returned to Android 5.1.1!

Fortunately enabling ‘Advanced restart’ still allows us to start the Bootloader via the Power button and hence TWRP or jump straight into TWRP via the Recovery option.

Alternatively hold down the Power & Volume Down buttons then release the Power button when the device first shows signs of powering up. Continue to hold the Volume Down button until the device has entered the Bootloader.

Another method to use adb, instead of USB, is over the network:

  1. Go into Settings -> System -> Developer Options on the device.
  2. Enable option ‘ADB over network’.
  3. Issue the following commands via Terminal window on your Linux computer (change IP to that specified under ‘ADB over network’):
adb connect 192.168.1.137:5555

adb devices
Connecting to a Nexus 7 running LineageOS 15.1 via ADB over a network.

Now you can issue any adb commands needed.

Step 4 – Verify device is Rooted

Root Checker app for Android.

Once Step 3 is complete, whether option A or B was carried out, we now need to verify that the device was in fact rooted:

  1. Boot the device into Android or LineageOS.
  2. Install Root Checker Basic by one of these methods:
    • Play Store if your are signed into Google.
    • Visit here and download the .apk file and install.
      If the latest version does not work on LineageOS then try a previous version e.g. v6.4.8.
  3. Run the Root Checker app and click ‘Verify Root’.
  4. You should now be prompted with a pop-up as follows then click ‘GRANT’ before the DENY timer expires:
Superuser request within Magisk.
  1. If GRANT was not clicked in time then uninstall the Root Checker app via Settings -> Apps -> Uninstall. Reinstall the Root Checker app, then repeat 3-4 above.

If rooting was successful then you should see a screen similar to this:

Gaining root access to a Nexus 7 succeeded.

If root was unsuccessful then you should see a screen like this:

Gaining root access to a Nexus 7 failed.

If rooting your device did not work then go back to Step 3 and try again observing any error messages or hints as to what caused the problem.

Please look out for Part 2 of this article which will continue with the installation of NetHunter Lite.


Do you have experience of Rooting an Android-based device? Do you have any comments or suggestions? If so please share your thoughts in the comments below.

Leave a Reply