[ROM][Official] Kali NetHunter for the Huawei Nexus 6P LOS17.1 - Nexus 6P Android Development

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I present to you: Kali NetHunter for the Huawei Nexus 6P LOS17.1
Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform.
The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks, as well as a client to the Kali NetHunter App Store.
Beyond the penetration testing tools arsenal within Kali Linux and the Kali NetHunter App Store, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, Evil AP MANA attacks, and much more. For more information about the moving parts that make up NetHunter, check out our NetHunter Components page.
NetHunter is an open-source project developed by Offensive Security and the community.
~ Prerequisites ~
- TWRP - https://drive.google.com/open?id=1axm3GVbTKypUdQAuYubNknJX4wKRFIec
- Stock components - vendor, radio, & bootloader img's from the stock oreo 8.1 OPM7.181205.001 Dec 2018 factory image - https://androidfilehost.com/?w=files&flid=286833
- Magisk – https://forum.xda-developers.com/apps/magisk
~~ Downloads ~~
- NetHunter installer (find the latest release for Nexus 6P): https://www.kali.org/get-kali/#kali-mobile
- fstab with disabled forceencrpyt - https://www.androidfilehost.com/?fid=4349826312261764572
- vendor image with patched fw for nexmon - https://www.androidfilehost.com/?fid=8889791610682949885
EDIT: Use the following if there's no mirror on the link above: https://github.com/yesimxev/nethunter_files/raw/main/angler/vendor.squashfs.zip
- nexmon zip with nexutil and libs - https://www.androidfilehost.com/?fid=8889791610682951480
- Bootanimation TWRP flasher - https://www.androidfilehost.com/?fid=10763459528675571003
~~ How to Install ~~
- Assuming you have flashed stock radio, vendor, bootloader, TWRP, and Lineage 17.1 (using the steps from https://forum.xda-developers.com/ne...t/rom-lineageos-17-0-nexus-6p-angler-t4012099)
- Plug in to PC if you haven't done that yet
- Reboot into TWRP
- Format data
- Copy Magisk, NetHunter image, and fstab to USB-C drive or adb push to /sdcard
- Reboot into bootloader and flash vendor which was unzipped from zip
Code:
fastboot flash vendor vendor.squashfs
- Reboot into TWRP
- Copy fstab to /system_root/
Code:
adb push fstab.angler /sdcard/
adb shell "twrp mount /system_root && twrp remountrw /system_root && cp /sdcard/fstab.angler /system_root/"
- Format data
- Reboot to system & do Android setup
- Reboot into TWRP
- Install Nexmon files through adb, from the zip above
Code:
twrp mount /system_root && twrp remountrw /system_root && cp /sdcard/libnexmonkali.so /system_root/system/lib64/kalilibnexmon.so && cp /sdcard/libnexmon.so /system_root/system/lib64/ && cp /sdcard/nexutil /system_root/system/xbin/ && chmod a+x /system_root/system/xbin/nexutil
- Flash NetHunter image
- Flash Magisk
- Reboot
- Run NetHunter app, update from NH Store
- Reboot
~~~ Notes & Updates ~~~
Nexmon is finally working with injection in Kali Chroot , although EAPOL data is still not (or malformed) in the captures.
- copy Nexmon libs over to /system/lib64/ from the nexmon.zip (not in TWRP):
Code:
adb push libnexmon* /sdcard/ && adb push nexutil /sdcard/
- and copy using androidsu terminal:
Code:
mount -o rw,remount / && cp /sdcard/libnexmonkali.so /system/lib64/kalilibnexmon.so && cp /sdcard/libnexmon.so /system/lib64/ && cp /sdcard/nexutil /system/xbin/ && chmod a+x /system/xbin/nexutil
For devices which have no space left on system: you need to copy those files before flashing NetHunter. I didn't have this problem, maybe due to GApps pico. Then use the following commands in TWRP:
Code:
twrp mount /system_root && twrp remountrw /system_root && cp /sdcard/libnexmonkali.so /system_root/system/lib64/kalilibnexmon.so && cp /sdcard/libnexmon.so /system_root/system/lib64/ && cp /sdcard/nexutil /system_root/system/xbin/ && chmod a+x /system_root/system/xbin/nexutil
Thanks @JaK3sT for discovering this!
You have to make sure that wifi is on but you're not connected to an AP.
Enable in AndroidSU terminal, I created a custom command with
Code:
nexutil -m2
Export LD_PRELOAD for faking ioctl in every Kali Chroot terminal window you open
Code:
export LD_PRELOAD=/system/lib64/kalilibnexmon.so
Hijacker is not fully supported as I've built one with aarch64 tools, but it randomly stops airodump although it's working. Will give it a shot in the future.
- Mana is being replaced, for the time being you can downgrade iptables in chroot with the following :
Code:
wget http://old.kali.org/kali/pool/main/i/iptables/iptables_1.6.2-1.1_arm64.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libip4tc0_1.6.2-1.1_arm64.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libip6tc0_1.6.2-1.1_arm64.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libiptc0_1.6.2-1.1_arm64.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libxtables12_1.6.2-1.1_arm64.deb
dpkg -i *.deb
apt-mark hold iptables
apt-mark hold libip4tc0
apt-mark hold libip6tc0
apt-mark hold libiptc0
apt-mark hold libxtables12
Credits: The Offensive Security Team and the NetHunter community, huge thanks to Re4son & kimocoder for patching the wlan1 insert reboot issue! Long time mystery.
Another extremely big thanks for @draco42 for patching libnexmon and kalilibnexmon!
Android Version: 10.0
XDA: DevDB Information
Kali Nethunter, Kernel & ROM for the Huawei Nexus 6P
Contributors
@Re4son, @kimocoder, @yesimxev, @draco42
Source Code: https://gitlab.com/kalilinux/nethunter/
Kernel Source: https://github.com/Re4son/android_kernel_huawei_angler

**RESERVED**

Omg ...?????

**RESERVED**

Thank you!
Before your post went up, I had been trying for DAYS to install Nethunter on PE10.
Everytime I lost root (Magisk) on reboot and the Nethunter app never showed up.
I KNEW I was missing some important steps (which were not documented).
Now that official instructions are available I'm going to try and install it the proper way.

@Re4son @kimocoder
@yesimxev
Wow, you guys are on fire.
Congratulations to this great updates and foremost the long outstanding release for the Angler!
Which under Oreo flawlessly works now.
No nasty reboots while attempting to set your nic into monitor mode for sure. :good:
Kimocoder did an amazing job with the port of the new driver.
I could basically use every adapter. Especially the ac ones.
You accidentally mixed up some of the links.
This is the Angler (Huawei Nexus 6P) sub-forum and you posted a link for the installer to the Shamu (Motorola Nexus 6).
Also did I try to look over the source and compiled it for myself, but after everything was set up, my kernel and chroot & everything else, the usb adapter plug in/out bug occurred again.
Re4son worked on flair's source 16days ago.
Where can I find the one you used in the new release?
Here is the link to the correct one - >
https://build.nethunter.com/contrib...er-2020.2-pre3-angler-los-ten-kalifs-full.zip
For the user who aren't comfortable to use Android ten for other reasons, here the recommended stable release for Android Oreo stock - >
https://build.nethunter.com/contrib...unter-2020.2-pre3-angler-oreo-kalifs-full.zip
I had no time the last week(s), but I did see a couple of issues who need to be addressed.
One of the main problems with the new Oreo kernel neither Nexmon or the new QUALCOMM patch from kimocoder and Co. are working.
I will come back to this when I have the time..
Firstly great work to the entire team and big thanks for this great contribution

wow:laugh:awosome!

Could you explain to less experienced user how someone are going to be modify the last twrp version for the Angler wit fstab accordingly?

Thanks for mentioning the link, replaced with the correct one. To do fstab:
Copy fstab to eg. Internal storage
Boot into TWRP
In terminal, type
Code:
mount -o rw,remount /vendor
cp /sdcard/fstab.angler /vendor/etc/

yesimxev said:
Thanks for mentioning the link, replaced with the correct one. To do fstab:
Copy fstab to eg. Internal storage
Boot into TWRP
In terminal, type
Click to expand...
Click to collapse
Thanks a bunch, @yesimxev!
As you saw in both threads for LOS 17 and PE, do they come with specific TWRP versions.*
Are they some what of relevant, or is the official release by twrp.me sufficient?
*LOS 17.1
https://forum.xda-developers.com/showpost.php?p=81059545&postcount=3
*Pixel Experience 10.0
https://forum.xda-developers.com/showpost.php?p=80290619&postcount=3

Thanks for this it works perfect but my Question is how to survive a System update?
For example a new Version of los 17 Comes out, i Flash it, so the nethunter kernel is gone.
When i Flash the whole nethunter Image then all works fine but the chroot Environment will be wiped and replaced with the one from the Image. Thats not so good because all of the Manual Things are wiped also, like compiled Software and post updated and installed Software.
So whats the best way to Keep the chroot Environment after an Android System update?

Create a backup of your rootfs via the Chroot Manager is probably the best option. You could just reflash the kernel too

Thanks for your fast reply.
How to Flash the kernel only? I looked into the Archive but there are too many scripts for all the Little nice Things during the installation and there isnt a single zip file for the kernel or i missed something. Sorry i m not that great developer…
I thought i could comment out the chroot extraction in the installer script, its the last step. Is this a possibility?
---------- Post added at 11:50 AM ---------- Previous post was at 11:46 AM ----------
And the possibility to backup the chroot in the chroot Manager i never saw, thats great and probably the best Option yes. Thanks for that hint!

yesimxev said:
Thanks for mentioning the link, replaced with the correct one. To do fstab:
Copy fstab to eg. Internal storage
Boot into TWRP
In terminal, type
Code:
mount -o rw,remount /vendor
cp /sdcard/fstab.angler /vendor/etc/
Click to expand...
Click to collapse
When I tried copy fstab.anger from my /usb_otg to /vendor/etc/ via file manager in TWRP, a received error ERROR status code 1.
So I tried mount command, which is mentioned above, via terminal in TWRP. /vendor was mounted succesfully but when I used cp command a received error again, that target is in read-only filesystem. And yes I definitely mount it with "-o rw" (read write).
What can I do wrong?

SalyczeQ said:
When I tried copy fstab.anger from my /usb_otg to /vendor/etc/ via file manager in TWRP, a received error ERROR status code 1.
So I tried mount command, which is mentioned above, via terminal in TWRP. /vendor was mounted succesfully but when I used cp command a received error again, that target is in read-only filesystem. And yes I definitely mount it with "-o rw" (read write).
What can I do wrong?
Click to expand...
Click to collapse
Forgot to mention that vendor has to be mounted first. Use
Code:
mount /vendor

Nick_Speed said:
How to Flash the kernel only? I looked into the Archive but there are too many scripts for all the Little nice Things during the installation and there isnt a single zip file for the kernel or i missed something. Sorry i m not that great developer…
Click to expand...
Click to collapse
Probably because they were just released and for now as complete installer by Offensive being offered. ;/
I build both of the newly released kernel for LOS 17.1 and 8.1 Stock Oreo with the python installer.
Ten
https://mega.nz/file/hUBHxSyT#HJRVnp_uH1hosPfsDClSiG9hzO54eQkM24ONG48b3Fc
Oreo
https://mega.nz/file/AVZxFIDC#SQG_X6yfmwb3cjmO8bzYqo5RhTJ7hjmWEOrk-c97f2o
Best regards
---------- Post added at 09:47 PM ---------- Previous post was at 09:43 PM ----------
SalyczeQ said:
Thanks for mentioning the link, replaced with the correct one. To do fstab:
Copy fstab to eg. Internal storage
Boot into TWRP
In terminal, type
When I tried copy fstab.anger from my /usb_otg to /vendor/etc/ via file manager in TWRP, a received error ERROR status code 1.
So I tried mount command, which is mentioned above, via terminal in TWRP. /vendor was mounted succesfully but when I used cp command a received error again, that target is in read-only filesystem. And yes I definitely mount it with "-o rw" (read write).
What can I do wrong?
Click to expand...
Click to collapse
Did you use the official version, or the ones supported by the the according rom developer?

yesimxev said:
Forgot to mention that vendor has to be mounted first. Use
Code:
mount /vendor
Click to expand...
Click to collapse
View attachment 4996285
as you can see I tried, but the same error still occurs

UsPdSr said:
---------- Post added at 09:47 PM ---------- Previous post was at 09:43 PM ----------
[/COLOR]
Did you use the official version or the ones supported by the according to rom developer?
Click to expand...
Click to collapse
I used TWRP provided beside according rom, not the official version. View attachment 4996289
But If you will check the screenshot which I attached, I notice something weird, that in mount TWRP page I see vendor partition twice. Can It be a problem?
Is there any big difference between TWRP provided for LOS17.1 and PE10? Because the last thing I can think of is that I may swap it and use PE10 TWRP for install LOS17.1 rom.

SalyczeQ said:
I used TWRP provided beside according rom, not the official version.
But If you will check the screenshot which I attached, I notice something weird, that in mount TWRP page I see vendor partition twice. Can It be a problem?
Is there any big difference between TWRP provided for LOS17.1 and PE10? Because the last thing I can think of is that I may swap it and use PE10 TWRP for install LOS17.1 rom.
Click to expand...
Click to collapse
I tried the installation with LOS.
I had countless error messages primarily because of the vendor, too.
I have seen this weird entry before, after another user botched his installation as well.
I would definitely erase the recovery with fastboot, or try to flash the official one over.
Since the Nexus 6p received support for Pie am I very sceptical of the usage as daily driver.
I have no desire to flash these funny FBEwhatever recoveries and and see my device commit suicide. - _-
So.
I am definitely going to try it again, especially Pixel Experience is interesting, but I would like to ask the Nethunter team ( @yesimxev, @Re4son), if it would be possible to write a more detailed instructions on how to get this work, or perhaps assemble something to flash without modification by the user..
Many heaps

UsPdSr said:
I tried the installation with LOS.
I had countless error messages primarily because of the vendor, too.
I have seen this weird entry before, after another user botched his installation as well.
I would definitely erase the recovery with fastboot, or try to flash the official one over.
Since the Nexus 6p received support for Pie am I very sceptical of the usage as daily driver.
I have no desire to flash these funny FBEwhatever recoveries amd and see me device commit suicide.
So.
I am definitely going to try it again, especially Pixel Experience is interesting, but I would like to ask the Nethunter team ( @yesimxev, @Re4son), if it would be possible to write a more detailed instructions on how to get this work, or perhaps assemble something to flash without modification by the user..
Many heaps
Click to expand...
Click to collapse
Hey there,
So for ten i installed ExtendedUI OFFICIAL and PixelDust with the twrp fbe 10, reboot to recovery, rooted with magisk, set all up, install busybox within magisk, reboot to recovery, then installed the nethunter zip, rebooted to recovery,
rooted with magisk, reboot to System.
All is fine, the kernel etc. but no nethunter apps are showing. So i extracted the apps from the zip file, installed all and updated the nethunter app throught fdroid because the nethunter store app isnt working with extensions but fdroid did and the source for the nethunter repo you can copy from the store app.
Then fire up the nethunter up, set up chroot and tata, all is working great.
and btw thanks for the flashable kernel ;o)

Related

FireTV 2 (sloane) Recovery [v6] - 3.0.0-5

It's finally here! Recovery for the Fire TV 2. This is based off of TWRP and the way versions will work is I will increment the last digit in the version as I make updates. So 3.0.0-1 is my first release based off of 3.0.0. The downloads will be numbered starting at v1, and at the bottom of the post it will explain what is contained within each version.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As usual, this WILL void your warranty and I am NOT responsible for anything you do with this. Installing it properly won't brick your Fire TV, but doing stupid things with it might.
Installing this requires root. If you are not rooted, please see my FireTV 2 Recovery Installer page.
Installation
You can copy the files to /sdcard, a USB storage device, or an sdcard. I will be using /sdcard in the instructions, but you can replace it with /storage/usbotg for USB or /storage/sdcard1 for an sdcard.
Copy the zip file to your destination.
Connect adb
Code:
adb connect IPADDRESS
Open an adb shell
Code:
adb shell
Run the zip file (replace vX with the actual version you downloaded). This will automatically run su, so make sure to accept the prompt if necessary.
Code:
sh /sdcard/firetv2_recovery_vX.zip
Reboot
Upgrade
You may repeat this to upgrade to a newer version, or you can install an updated pre-rooted rom, as I will be uploading new versions of those with every version of recovery.
Notes
This includes bootmenu. For everyone that loved the old FireTV 1 bootmenu with Comic Sans, I'm sorry to disappoint you, but the Comic Sans is gone. When the FireTV boots, it will present you with the bootmenu where you can leave it alone and it will boot normally or you can select recovery and it will boot in to recovery. You do need a USB keyboard to interact with the bootmenu. To force it to boot in to Recovery, you can create a file /cache/bootmenu_recovery.
DHCP for Ethernet is enabled, and if there is enough demand I may add in wifi at some point. The IP address should show up in the top left corner.
USB storage, USB keyboard/mice, and sdcards should all work. Hotplugging works, so you should be able to plug and unplug devices as needed.
You can use a USB keyboard, mouse, or the mouse emulator to interact with it. To use a keyboard, you can use the arrow keys to move the cursor and the enter key to select buttons. Sliders don't require sliding, so you can just hit enter/click on them. To use the mouse emulator, use adb shell and then run the program mouse and follow the instructions.
ROMs
Recovery must be included in all ROMs. If you want to develop a ROM, please contact me about including recovery in it.
Kernels
The bootloader is locked and you cannot flash kernels. If you do attempt to flash a kernel, you will brick it.
Installing zips
You can push zips to /sdcard, put it on a USB storage, put it on an sdcard, or use adb sideload. Do note you need adb version 1.0.32 to use adb sideload.
Stuck in a loop?
If you cannot boot normally and keep going back to the bootmenu, wipe Cache from Wipe -> Advanced Wipe.
If that doesn't work, ensure Cache is not mounted from in the 'Mount' menu and run this from an adb shell:
Code:
mke2fs /dev/block/platform/mtk-msdc.0/by-name/cache
Source Code
You can find the source code here:
https://github.com/androidrbox/sloane-2ndinit
https://github.com/androidrbox/android_bootable_recovery
WARNINGS
It is extremely important you never reboot after a failure. This will most likely lead to a brick. If recovery is hung, you can use adb shell to run
Code:
killall recovery
to restart it
It is also extremely important to never reboot after wiping /system.
If you wind up bricking, you must use the Unbrick Image to unbrick.
Finally, thanks to everyone who has donated to me and those that helped to get me my FireTV 2.
Changelog and Downloads:
April 8, 2016 - v6 (md5sum: 79c1a3efbac86618fa2cdbb4901fbd77)
This should prevent auto flashing amazon updates.
This includes 2ndinit version dee776 and TWRP version 3.0.0-5.
February 14, 2016 - v5 (md5sum: 16c957c86f1f61160e14a55819610707)
This should fix the problems certain keyboard were having in recovery.
This includes 2ndinit version dee776 and TWRP version 3.0.0-4.
February 12, 2016 - v4 (md5sum: 15c6d375607839cac4b186a2b68b8b0d)
This includes 2ndinit version 743aa4 and TWRP version 3.0.0-3.
These are just changes related to the unbricking image. No other functional changes.
February 8, 2016 - v3 (md5sum: b39a4dbe0c19080a97f602f37fda63ec)
This includes an updated script. You can now just run the zip instead of needing the zip and the script.
This includes TWRP 3.0.0-2.
Added a reboot recovery option in addition to reboot system. Now reboot system will reboot straight in to Android. Reboot recovery will reboot to the bootmenu.
Fixed restoring backups.
This includes the same version of 2ndinit.
February 7, 2016 - v2 (md5sum: 762621104d158d7ce4010bea725f7181)
This includes an automated script.
This has the same versions of 2ndinit and recovery as v1.
February 6, 2016 - v1 (md5sum: 7be673dd24489080eacdd0ad00feda51)
This comes with 2ndinit version fe3362 and recovery version 3.0.0-1
Awesome work!
Will try immediately! Thanks for posting this on weekend
Thankyou Rbox, i just saw this & its put a smile on my face. Just one question do you need to reblock the updates after recovery & root have been installed? Thanks
deanr1977 said:
Thankyou Rbox, i just saw this & its put a smile on my face. Just one question do you need to reblock the updates after recovery & root have been installed? Thanks
Click to expand...
Click to collapse
As long as you don't wipe data, updates remain blocked.
rbox said:
As long as you don't wipe data, updates remain blocked.
Click to expand...
Click to collapse
I downloaded both the zips from the Github, im already rooted on the previously rooted software & updates are blocked, im not sure if to wait for AFTV News to do a guide or not, im clued up but not to ADB or Terminal savey so i gonna look at the readme & see if i should try it tonight? I rooted with the video guide before & it was a breeze, i know it sounds easy but want to do it right. Can you give me a little more info on connecting the ADB or Terminal please if you arnt busy?
deanr1977 said:
I downloaded both the zips from the Github, im already rooted on the previously rooted software & updates are blocked, im not sure if to wait for AFTV News to do a guide or not, im clued up but not to ADB or Terminal savey so i gonna look at the readme & see if i should try it tonight? I rooted with the video guide before & it was a breeze, i know it sounds easy but want to do it right. Can you give me a little more info on connecting the ADB or Terminal please if you arnt busy?
Click to expand...
Click to collapse
If you don't want to deal with adb, use the installer.
rbox said:
If you don't want to deal with adb, use the installer.
Click to expand...
Click to collapse
Thanks mate, looking at this now. Will it delete any data on the system? Kodi, Amazon apps or External Sd card? Thanks in advance
deanr1977 said:
Thanks mate, looking at this now. Will it delete any data on the system? Kodi, Amazon apps or External Sd card? Thanks in advance
Click to expand...
Click to collapse
Installing recovery and roms does nothing to data.
rbox said:
It's finally here! Recovery for the Fire TV 2. This is based off of TWRP and the way versions will work is I will increment the last digit in the version as I make updates. So 3.0.0-1 is my first release based off of 3.0.0. The downloads will be numbered starting at v1, and at the bottom of the post it will explain what is contained within each version.
As usual, this WILL void your warranty and I am NOT responsible for anything you do with this. Installing it properly won't brick your Fire TV, but doing stupid things with it might.
Installing this requires root. If you are not rooted, please see my FireTV 2 Recovery Installer page.
Installation
Copy the contents of the zip to /sdcard on your FireTV.
Remount /system as read-write
Code:
mount -o remount,rw /system
Make the /system/recovery directory
Code:
mkdir /system/recovery
Copy 2ndinitstub
Code:
cp /sdcard/2ndinitstub /system/bin/ext4_resize
Copy 2ndinit
Code:
cp /sdcard/2ndinit /system/recovery/
Copy the recovery ramdisk
Code:
cp /sdcard/ramdisk-recovery.cpio /system/recovery/
Remount /system as read-only
Code:
mount -o remount,ro /system
Upgrade
You may repeat this to upgrade, but it is easier to just install a new pre-rooted rom. Every update for recovery I will make a new rom.
Notes
This includes bootmenu. For everyone that loved the old FireTV 1 bootmenu with Comic Sans, I'm sorry to disappoint you, but the Comic Sans is gone. When the FireTV boots, it will present you with the bootmenu where you can leave it alone and it will boot normally or you can select recovery and it will boot in to recovery. You do need a USB keyboard to interact with the bootmenu. To force it to boot in to Recovery, you can create a file /cache/bootmenu_recovery.
DHCP for Ethernet is enabled, and if there is enough demand I may add in wifi at some point. The IP address should show up in the top left corner.
USB storage, USB keyboard/mice, and sdcards should all work. Hotplugging works, so you should be able to plug and unplug devices as needed.
You can use a USB keyboard, mouse, or the mouse emulator to interact with it. To use a keyboard, you can use the arrow keys to move the cursor and the enter key to select buttons. Sliders don't require sliding, so you can just hit enter/click on them. To use the mouse emulator, use adb shell and then run the program mouse and follow the instructions.
ROMs
Recovery must be included in all ROMs. If you want to develop a ROM, please contact me about including recovery in it.
Kernels
The bootloader is locked and you cannot flash kernels. If you do attempt to flash a kernel, you will brick it.
Installing zips
You can push zips to /sdcard, put it on a USB storage, put it on an sdcard, or use adb sideload. Do note you need adb version 1.0.32 to use adb sideload.
Source Code
You can find the source code here:
https://github.com/androidrbox/sloane-2ndinit
https://github.com/androidrbox/android_bootable_recovery
Finally, thanks to everyone who has donated to me and those that helped to get me my FireTV 2.
Changelog and Downloads:
Februrary 6, 2016 - v1 (md5sum: 7be673dd24489080eacdd0ad00feda51)
This comes with 2ndinit version fe3362 and recovery version 3.0.0-1
Click to expand...
Click to collapse
the commands are entered through adb correct......Also, once recovery is installed can I flash either of your pre-rooted roms or do I have to flash the version I'm currently on....i.e. if I'm on 5.0.4 I can only flash 5.0.4
thanks again for your great work!
dk1keith said:
the commands are entered through adb correct......Also, once recovery is installed can I flash either of your pre-rooted roms or do I have to flash the version I'm currently on....i.e. if I'm on 5.0.4 I can only flash 5.0.4
thanks again for your great work!
Click to expand...
Click to collapse
Yes adb shell. You can flash either version.
rbox said:
Yes adb shell. You can flash either version.
Click to expand...
Click to collapse
Awesome thanks rbox
Not working for me. everything is copied over and after reboot there is no menu. Amazon white logo for 5 seconds, than the colored logo and system is booted in less than 15 seconds.
aboshi said:
Not working for me. everything is copied over and after reboot there is no menu. Amazon white logo for 5 seconds, than the colored logo and system is booted in less than 15 seconds.
Click to expand...
Click to collapse
Same here. No boot menu. Reboot to recovery brings up the stock recovery as well.
dk1keith said:
Awesome thanks rbox
Click to expand...
Click to collapse
first command: mount -o remount,rw /system
in adb shell returns a mountermission denied
aboshi said:
Not working for me. everything is copied over and after reboot there is no menu. Amazon white logo for 5 seconds, than the colored logo and system is booted in less than 15 seconds.
Click to expand...
Click to collapse
retyre said:
Same here. No boot menu. Reboot to recovery brings up the stock recovery as well.
Click to expand...
Click to collapse
Both of you please run:
Code:
ls -lZ /system/bin/ext4_resize /system/recovery
dk1keith said:
first command: mount -o remount,rw /system
in adb shell returns a mountermission denied
Click to expand...
Click to collapse
You need to be root...
rbox said:
Both of you please run:
Code:
ls -lZ /system/bin/ext4_resize /system/recovery
You need to be root...
Click to expand...
Click to collapse
you mean by typing su?
dk1keith said:
you mean by typing su?
Click to expand...
Click to collapse
Yes, by typing su.
Code:
-rwxr-xr-x root shell u:object_r:system_file:s0 ext4_resize
-rw------- root root u:object_r:system_file:s0 2ndinit
-rw------- root root u:object_r:system_file:s0 ramdisk-recovery.cpio
aboshi said:
Code:
-rwxr-xr-x root shell u:object_r:system_file:s0 ext4_resize
-rw------- root root u:object_r:system_file:s0 2ndinit
-rw------- root root u:object_r:system_file:s0 ramdisk-recovery.cpio
Click to expand...
Click to collapse
Hrm... can you run
Code:
ls -l /system/bin/ext4_resize /system/recovery
also?

How to build the kernel for your Huawei P9 Plus

Huawei have helpfully released the kernel source for the Huawei P9 Plus on their download site. Impressively, the version posted there (3.10.90) actually matches the current release build. However, the download itself is only part of the puzzle - it's important to then know how to compile it and use it. Hence this guide.
Some points to note first of all...
This guide refers to building on Linux. You can probably build on OSX or whatever too but seriously, it's less pain in the long run to spin up an Ubuntu VM.
In the download linked above, as well as the kernel, there are some other bits and pieces (some of which are quite bizarre). I've mirrored the kernel to Bitbucket, so you don't need to grab the whole download.
Got that? OK, so here's a step by step on how to build the kernel! I strongly recommend building stock first and testing that works for you, then you can start adding your tweaks in. I'm interested to hear what you add / change!
Open a terminal window on your Linux machine / in your Linux VM. No GUIs here. Change to the directory where you want the kernel / toolchain to live.
First of all, we're going to clone the toolchain from AOSP.
Code:
git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9
Next we're going to clone the kernel source itself from my git repo on bitbucket.
Code:
git clone https://gitlab.com/paulobrien/android_kernel_huawei_p9plus.git kernel
We need to add the toolchain location to the path.
Code:
export PATH=$(pwd)/aarch64-linux-android-4.9/bin:$PATH
We need to specify that we are cross compiling for arm64.
Code:
export CROSS_COMPILE=$(pwd)/aarch64-linux-android-4.9/bin/aarch64-linux-android-
Let's create a directory for our output to go in to.
Code:
mkdir out
We've got the kernel downloaded, so let's change to that directory so we're ready to go.
Code:
cd kernel
A bit of cleaning up before we get started...
Code:
make ARCH=arm64 O=../out mrproper
Specify that we're building for the P9 (hisi3650 chipset)...
Code:
make ARCH=arm64 O=../out p9plus_extracted_defconfig
And build it!
Code:
make ARCH=arm64 O=../out -j8
When this process completes, we can check the '../out' directory and you should find the file arch/arm64/boot/Image. This is the kernel that you've just built! You can't flash it as is though, you need to put it into a boot image first.
Here's how you do it...
Change out of the kernel directory back to its parent.
Code:
cd ..
Download tools for manipulating the boot image.
Code:
git clone https://github.com/xiaolu/mkbootimg_tools.git
Download the stock boot image (actually we're using the root ready version for convenience).
Code:
wget -O boot.img http://nigella.modaco.com/files/boot.stock.huaweip9plus.b161.img
Extract the boot image.
Code:
mkbootimg_tools/mkboot boot.img boot.extracted
Copy the new kernel into the extracted boot folder.
Code:
cp out/arch/arm64/boot/Image.gz boot.extracted/kernel
Build a new boot image.
Code:
mkbootimg_tools/mkboot boot.extracted boot.newkernel.img
You now have a new boot image (boot.newkernel.img). All that's left is to flash it to your device! Reboot to bootloader (either using 'adb reboot bootloader' or by powering on with volume down held), flash using 'fastboot flash boot boot.newkernel.img' and then reboot using 'fastboot reboot'. Job done! In the About screen of settings you should see the date of the new kernel and details of your build machine.
Great work mate. You are rock
paulobrien said:
Huawei have helpfully released
will this work for the latest nougat?
Click to expand...
Click to collapse
Hi @paulobrien, does this guide works for Huawei P10 souce code downloaded from here?? http://consumer.huawei.com/en/opensource/detail/
I am trying to compile aosp for Huawei p10.
Thank you.
Update: How to build the kernel for your Huawei P9 Plus
Hello Fellows,
thank you @paulobrien for this nice and handy How To.
It didn't work for me so I've updated your How To a little to compile the P9 Plus kernel for the VIE-L09 Device.
The kernel source and config file comes from the Huawei Opensource Website.
https://consumer.huawei.com/en/opensource/
Filtered for P9 Plus
-> P9 Plus, VIE-AL10, Android 7.0, EMUI 5.0
The source is from the VIE-AL10 but works great with the VIE-L09 as well.
I've put the unmodified kernelsource to github.
The updated How To is also inspired by this [ULTIMATE GUIDE] and the View attachment README_Kernel.txt from the Huawei VIE_NG_EMUI5.0_opensource.tar.gz
Thanks and Credits to @paulobrien, @osm0sis and @Eliminator79
Preconditions:
An unlocked bootloader and rooted P9 Plus
A dump of the phones boot.img for ex. with DD if=/dev/block/mmcblk0p28 of=/...boot.img
A Linux System to compile the source
A working fastboot connection
optional: A working ADB connection (to pull the dumped boot.img)
optional: A working SSH connection (to pull the dumped boot.img)
install ubuntu-14.04.6-desktop-amd64.iso
user and machine name will be displayed in the kernel
update git:
Code:
sudo apt-get install git
git --version -> git version 1.9.1
sudo add-apt-repository ppa:git-core/ppa
sudo apt-get update && sudo apt-get install git
git --version -> [B]git version 2.26.2[/B]
menuconfig classic:
Code:
sudo apt-get install build-essential libssl-dev libncurses5-dev bison flex
menuconfig modern GUI:
Code:
sudo apt-get install libqt4-dev pkg-config
get the ndk r16b toolchain aarch64-linux-android-4.9 from Google:
Code:
wget https://dl.google.com/android/repository/android-ndk-r16b-linux-x86_64.zip
extract the aarch64 folder:
Code:
unzip android-ndk-r16b-linux-x86_64.zip android-ndk-r16b/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/*
mv android-ndk-r16b/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64 aarch64-linux-android-4.9 && rm -Rf android-ndk-r16b
export path and cross_compiler: (needs to be done every reboot)
Code:
export PATH=$PATH:$(pwd)/aarch64-linux-android-4.9/bin
export CROSS_COMPILE=$(pwd)/aarch64-linux-android-4.9/bin/aarch64-linux-android-
install fastboot
Code:
sudo apt-get install android-tools-fastboot
sudo apt-get install android-tools-adb
Clone the actually source or extract the downloaded one in a directory for ex. P9PLUSKERNELSRC
just compile it or make some changes as well.
clone the Huawei P9 Plus Nougat Stock Kernel Source 4.1.18:
Code:
git clone https://github.com/newbit1/HUAWEI_P9PLUS_VIENNA_NG_EMUI5.0_STOCK_KERNEL_4.1.18.git P9PLUSKERNELSRC
Update 30.04.2020: OREO repo added
alternative for OREO, clone the P9 Plus Oreo Stock Kernel Source 4.4.23:
The OREO Kernel will not boot the P9Plus with Nougat on it. But It has its config.gz already included.
Code:
git clone https://github.com/newbit1/HUAWEI_P9PLUS_VIENNA_OREO_EMUI8.0_STOCK_KERNEL_4.4.23.git P9PLUSKERNELSRC
the stock default kernel config file is in "kernel/arch/arm64/configs/merge_hi3650_defconfig":
Code:
cd P9PLUSKERNELSRC/kernel
make ARCH=arm64 distclean
rm ../out -Rf && make clean && make mrproper && mkdir ../out
make ARCH=arm64 O=../out merge_hi3650_defconfig
If you want to make changes, use the menu to config the kernel:
menuconfig classic:
Code:
make ARCH=arm64 O=../out menuconfig
menuconfig modern GUI:
Code:
make ARCH=arm64 O=../out xconfig
compile the kernel... and have a drink
Code:
make ARCH=arm64 O=../out -j8
If/when the kernel is compiled, pack it with AIK-Linux in the dumped and unpacked boot.img from your P9-Plus.
An unlocked bootloader and rooted P9 Plus is a precondition!
For example purposes in this How To I use the boot.img from my phone.
It has a init with magisk root 20.3
get the Android Image Kitchen from osm0sis xda:
Code:
wget https://forum.xda-developers.com/attachment.php?attachmentid=4825093 -O AIK-Linux-v3.6-ALL.tar.gz
tar -xvzf AIK-Linux-v3.6-ALL.tar.gz
cd AIK-Linux
wget https://github.com/newbit1/HUAWEI_P9PLUS_VIENNA_NG_EMUI5.0_STOCK_KERNEL_4.1.18/raw/master/HUAWEI_P9PLUS_NG_STOCK_BOOT_KERNEL_4.1.18.img -O boot.img
./unpackimg.sh
rm -f split_img/boot.img-zImage
put the just compiled kernel into the AIK and repack it:
Code:
mv ~/P9PLUSKERNELSRC/out/arch/arm64/boot/Image.gz ~/AIK-Linux/split_img/boot.img-zImage
./repackimg.sh
the repacked boot image-new.img is ready to be flashed into the P9 Plus​
checking the ADB connection:
Enable USB Debugging and connect the P9 Plus via USB:
Code:
adb devices
List of devices attached
N9xxxxxxxxxxxxxx device
checking the Fastboot connection:
unplug the usb cable in
switch off the phone
hold the volume down button and keep holding it
plug the usb cable in
phone boots into fastboot mode
release the volume down button
check the fastboot connection with the P9 Plus
Code:
sudo fastboot devices
N9xxxxxxxxxxxxxx fastboot
flash image-new.img with the new kernel
Code:
sudo fastboot flash boot image-new.img
target reported max download size of 471859200 bytes
sending 'boot' (16238 KB)...
OKAY [ 0.844s]
writing 'boot'...
OKAY [ 0.121s]
finished. total time: 0.965s
reboot the phone and unplug the cable
Code:
sudo fastboot reboot
your phone is booting now...
Enjoy your new kernel
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
@newbit, you think nice, but its old and not useful anymore for newer android versions. 2nd i think, your cam is broken.
dkionline said:
@newbit, you think nice, but its old and not useful anymore for newer android versions. 2nd i think, your cam is broken.
Click to expand...
Click to collapse
Thank you @dkionline for your feedback.
I have to admit, you did put me in shock for like a half of heartbeat regarding the camera.
However, no, the Cams are working fine. So far everything else as well, and yes it is possible
That something is not working as it should. I did not do any special hardware test yet.
Any suggestions on how to do this?
I agree, the topic is relatively old, but it was very useful to me, even though it was not working as described.
In addition, I do not like to spam the forum with similar topics, so I have just updated it.
The main reason for the need to compile it was the outdated kernel version.
Unfortunately I don't make any progress yet to upgrade my kernel, but I will publish it If I am going to make
any progress.
If you have any idea on how to cherry-pick a stable-linux kernel version into an android Linux kernel? Please be my guest,
any support is very much appreciated.
Cheers
NewBit
Edit: 02.05.2020
Your comment didn't let me go after all... How does this "cam is broken" manifest in detail?
I've notices I can only take some fotos right after the phone booted, and then it says loading
and keeps deleting the just taken photos. Video recording works. A non stock camera app
also still works. When I put the stock kernel back, it doesn't delete the photos anymore.
Where does this come from? The stock camera app itself? What is the reason behind this?
I can remember I had a very similar issue some time ago, but this was solved with a simple reboot, this isn't.
Thanks again for your feedback!
newbit said:
Edit: 02.05.2020
Your comment didn't let me go after all... How does this "cam is broken" manifest in detail?
I've notices I can only take some fotos right after the phone booted, and then it says loading
and keeps deleting the just taken photos. Video recording works. A non stock camera app
also still works. When I put the stock kernel back, it doesn't delete the photos anymore.
Where does this come from? The stock camera app itself? What is the reason behind this?
I can remember I had a very similar issue some time ago, but this was solved with a simple reboot, this isn't.
Thanks again for your feedback!
Click to expand...
Click to collapse
In detail, the cam cant save pictures in Nougat, in all EMUI 5 sources we got. So, if you want, better update to EMUI 8 and build a kernel there. All works well, but just GCC4.9 toolchains.

[SM-G9750] Random root reboot fix (Snapdragon S10 & S10e probably, too)

WARNING: This won't work currently for the SM-G9730. I need a recovery.img(.lz4) from the latest firmware.
Here's a not-so-widely-tested fix for the spontaneous reboot that occurs after rooting the SM-G9750 and other Snapdragon S10 models.
tulth located this patch. If you read the description of that patch, it mentions a NULL pointer getting dereferenced in find_get_entry (such a thing tends to cause crashes in your average program, so when this happens in the kernel, it's not surprising that a crash and reset is the response). If you look at tulth's last_kmsg, my last_kmsg and G-ThGraf's last_kmsg from a G9730, you'll notice they all have one thing in common: SHTF at smaps_pte_range+0x29c. What's at that location on those devices' kernel? Why it's only find_get_entry(vma->vm_file. So yeah, it's the same bug, already known to Google and it's been fixed in their kernel tree since January. The bug is triggered externally by reading /proc/<pid>/smaps_rollup under certain conditions. You might be able to workaround this by disabling programs to get more free RAM, but The Only Way To Fix the Underlying Kernel Bug Is To Fix the Kernel Itself™.
We're probably not going to see a new kernel update until (if?) we get an update for the next major version of Android. We Snapdragon S10* users already have an older kernel compared to Exynos S10 owners (our 4.14.78 vs. their 4.14.85) and it's probably because of that they don't see this bug. So I think the idea of Samsung fixing this is a non-starter. While I did manage to build an SM-G9750 kernel from source (their instructions leave a lot to be desired) with that patch applied, I could not get my phone to boot the result.
I am not a programmer, but I do know just slightly enough to get the ball rolling and provide the fix that that aforementioned patch does in the opcode form that can be applied onto the existing kernel on the phone.
While I've not half-arsed it in the sense I took the easy way out (always having mss->check_shmem_swap set to zero is an easy one-liner workaround; however, freeing of unneeded SHM pages wouldn't happen, eventually causing your phone to crawl to a halt), I am not familiar with assembly language for any platform at all and, as such, I could not find a way to free up enough space in the show_smap function. So I jump quite far out into a chunk of the .text section where it's full of zeroes. I don't know anything about the ELF format to be able to tell you why this section of zeroes exists - I make the probably-wrong assumption it's perhaps a requirement of the ELF format if a linker that's very good at producing optimised code still bothers to output that or it's optimisation by alignment - but it's there and it's a good place to add extra code to on account of, you know, being empty and marked executable.
As far as I can see, where I have placed the code isn't referenced by anything else at all in the kernel but I can't be 100% certain on that. Nevertheless, I've been testing this on and off (I've had to manually initiate reboots in between for various reasons) myself for the past seven days or so and I've not noticed any adverse effects.
EDIT: Saying that, I think I'll try and move the code into load_module() when I get time because this kernel can't actually load modules (see below) thus much of the code there is pointless.The risk is yours, should you choose to apply this fix.
I would've liked to wrote this as a kernel module, being far easier to maintain, and hooked the relevant smap functions (in a similar vein to flar2's wp_mod and AleksJ's ric_mod) but thanks to the geniuses at Samsung, load_module() will always return early and the compiler accordingly realises it can optimise the function by excising all the code needed to actually load a module - there's no point in keeping unreachable code. Why Samsung bothered turning on mandatory module signing is beyond me because modules will never load! You can see this for yourself: insmod /system/vendor/lib/modules/wil6210.ko will always fail with "Exec format error", and that's a signed module built and shipped by Samsung themselves for their kernel. Anyway.
As long as the kernel version remains the same, it's likely, but not guaranteed, the same patches will work for future software updates from Samsung and all I'll have to do is update the compatibility list. If you try this on any other kernel version, the chances of not being able to boot are very high. The task of maintaining this doesn't enthuse me, but I'll continue to do so out of necessity, for I like having a rooted phone but not one that restarts at the worst of times.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I know people have reported longer uptimes than that on their phone before having a forced restart, but in my case, my phone has AOD enabled, the latest stable Magisk version installed and is running EdXposed. Before this fix, I've never seen an uptime longer than about 16 hours (usually less), regardless of whether the phone was in use or not, as getting multiple restarts in a day tends to have that effect.
As long as you only write to the recovery partition (and that's the only block device that this guide tells you to write to ), you should always be able to use Odin to reflash it to reverse this, the process being somewhat similar to flashing Magisk in the first place but with the notable exception of not needing to factory reset anything. The following flashing routine was adapted from Magisk, so my thanks to topjohnwu.
If someone has the bright idea of sharing their already-patched recovery.img because typing copy and pasting commands is hard, I'll point out the following: anybody flashing such an image should really make sure they're running the same firmware and Magisk version the image was designed for. (And after reading ianmacd's posts, topjohnwu supposedly doesn't like pre-patched images with Magisk being shared. I'll respect that, and so should you.)
I won't take any responsibility if this damages your phone. Perform the following at your own risk. If you agree, then:
If you haven't already, root the phone with Magisk. Make sure to keep a copy of the magisk_patched.tar somewhere on your computer so you can reflash it with ODIN if something goes wrong here. Always make sure Magisk is installed before modifying the recovery partition yourself. If you have a pending software update, install that with Odin and root that first before doing the following.
Set up ADB on your phone and computer
From your computer, adb shell into the phone
Run
Code:
uname -r
Only attempt to apply these patches if you get 4.14.78-16509050 back. For an older version, the bottom of this post has previous patches that may or may not apply. Or just update your phone.
Run
Code:
su
and then
Code:
rm -rf /data/local/tmp/q12kpwrk ; mkdir /data/local/tmp/q12kpwrk && cd /data/local/tmp/q12kpwrk
Run
Code:
mkdir recovery && cd recovery
Find the recovery partition on your phone by running:
Code:
recovery_blk="`readlink -f /dev/block/by-name/recovery`" ; [ -b "$recovery_blk" ] || echo "Eh, something's off here. Don't continue"
Dump it to a file by running:
Code:
dd if="$recovery_blk" of=recovery.img
Extract the kernel by running:
Code:
/data/adb/magisk/magiskboot unpack recovery.img || echo "Stop! Do not continue!"
If you see the warning message again on a new line, then stop.
Otherwise, if all went well with the step above (the message "Kernel is uncompressed or not a supported compressed type!" can be safely disregarded), then note that for any of these patches, if you don't get any matches or get more than one, then do not continue any further. Don't selectively apply any of these patches; it's all or nothing.
Apply the first patch by running:
Code:
/data/adb/magisk/magiskboot hexpatch kernel F7030032895240F9F64F00F9 F7030032FD10F997F64F00F9
Run
Code:
/data/adb/magisk/magiskboot hexpatch kernel 02000014C02E00F9E1630191 02000014ED10F997E1630191
If you have an SM-G9750/Snapdragon S10+: run
Code:
/data/adb/magisk/magiskboot hexpatch kernel F30300AAA1010035F40313AA750640F9890E41F83F7500F103010054AA02098BC10501B0407100D121B83191 F30300AA0D000014895240F9DF420239C0035FD600000000D22E40F94E02008BCE2E00F9C0035FD621B83191
OR if you have an SM-G9730/Snapdragon S10: there is currently no patch. Feel free to send me a recovery.img from the latest firmware and I'll adapt it
OR if you have an SM-G9700/Snapdragon S10e (thanks to Laikar_ for the recovery.img and testing): run
Code:
/data/adb/magisk/magiskboot hexpatch kernel F30300AAA1010035F40313AA750640F9890E41F83F7500F103010054AA02098BA10501D0407100D121B81D91 F30300AA0D000014895240F9DF420239C0035FD600000000D22E40F94E02008BCE2E00F9C0035FD621B81D91
Have the patched kernel placed into a new recovery image, new-boot.img, by running:
Code:
/data/adb/magisk/magiskboot repack recovery.img || echo "Stop! Do not continue!"
Check to see if new-boot.img isn't somehow larger than the recovery partition itself by running
Code:
[ `stat -c '%s' "new-boot.img"` -gt `blockdev --getsize64 "$recovery_blk"` ] && echo "Do not continue!"
Flash the new recovery image by running
Code:
cat new-boot.img /dev/zero >"$recovery_blk" 2>/dev/null
Run
Code:
sync ; sync ; sync ; reboot recovery
If the phone boots again, great! If you're stuck at the Samsung-only logo that fades in and out for many minutes, just restart the phone again whilst holding the recovery button combo to boot into Android with Magisk activated like normal.
You can rm -rf the /data/local/tmp/q12kpwrk folder afterwards to get some space back.
If your phone keeps restarting, or you automatically get put into semi-bootloader flashing mode, hold the bootloader button combo to get to the blue-background downloading mode and reflash magisk_patched.tar (and HOME_CSC) with Odin. If you didn't keep said file or a Magisk-patched recovery.img you can tar up with 7-Zip and get Odin to flash as AP, you'll need to download the latest firmware for your SM-G9750 with Frija or similar, reflash that and then follow the instructions to root your phone again with Magisk.
If you do get a reboot after applying this, looking at /proc/last_kmsg will indicate if it's something to do with this patch or something else entirely.
Q&A:
Q: Will I have to reapply this if I update Magisk from Magisk Manager with a direct install?
A: No.
Q: Will I have to reapply this if I update the phone's firmware?
A: Yes, but check the new kernel's version first and see if it's listed in the compatibility section. If not, then you'll need to wait for an update to this fix. And remember to make sure that Magisk is installed first before modifying the recovery partition yourself.
Q: I don't want to wait hours to see if my phone will restart out of the blue. How can I test for this bug?
A: A variation on the steps to reproduce here, you can do this:
Code:
su
dd if=/data/media/0/AP_G9750ZHU1ASF1_CL16082828_QB24224470_REV00_user_low_ship_MULTI_CERT_meta_OS9.tar.md5 of=/dev/shm # or any very large file (3-4 GB, /dev/urandom might work). This fills up the allocated space for shared memory
cat /proc/*/smaps_rollup
If your kernel isn't patched, restart your phone certainly does. (Of course, you should probably run reboot recovery anyway if not because a full SHM isn't really conducive to a well-running Android session.)
Q: Do you have any other kernel patches?
A: Just the one, only tested on the SM-G9750, and it seems to not be needed at all - it has no bearing on this specific reboot issue anyway. This one disables one aspect of RKP. Again, I don't think this is actually needed on the S10+ , but Magisk still attempts to patch for this issue indiscriminately (probably for the benefit of older devices), although its patch will not apply to our kernel.
Code:
/data/adb/magisk/magiskboot hexpatch kernel 1FA50F7143010054491540B93FA50F71E30000544B0940B97FA50F71830000544A1940B95FA10F7168090054 1FA10F71810A0054491540B93FA10F71200A00544B0940B97FA10F71C00900544A1940B95FA10F7161090054
Q: Are you a dirty GPL violator, qwerty12?
A: No! What I am providing is the compiled form of the patch linked to in the beginning of this thread. If you want to understand what this does in lovely C, just look at that patch. Of course, I have to deal with this on the assembler level, so there is no source per se, just dump all the hex strings into an online disassembler. The first two magiskboot hexpatch invocations replace two existing instructions with jumps into the new code I add. The third hexpatch invocation adds the additional code implementing the patch - the original replaced instruction is executed, along with the code I added to set mss->check_shmem_swap to zero before vma->vm_file is checked for != NULL and for shmem_swapped to be added to mss->swap instead of replacing it.
Patches for older kernels:
4.14.78-16082828:
Use Magisk Manager to install the Busybox Magisk module. No, this is not optional. You can use a version of Busybox from another source, but note that this is the version I have personally tested all this with. Restart your phone anyway if you already have it installed; you want your phone's running state to be as fresh as possible to avoid the possibility of running into this bug while attempting to fix it.
Code:
/data/adb/magisk/magiskboot hexpatch kernel F7030032895240F9F64F00F9 F70300327ED15494F64F00F9
Code:
/data/adb/magisk/magiskboot hexpatch kernel 02000014C02E00F9E1630191 020000146ED15494E1630191
Code:
printf '\x89\x52\x40\xF9\xDF\x42\x02\x39\xC0\x03\x5F\xD6\x00\x00\x00\x00\xD2\x2E\x40\xF9\x4E\x02\x00\x8B\xCE\x2E\x00\xF9\xC0\x03\x5F\xD6' | busybox dd of=kernel bs=1 seek="$((0x017F9AAC + 20))" conv=notrunc
The magiskboot hexpatch equivalent of this was too large, so I settled for writing to a hard coded offset.
I have random reboot... will try this patch tomorrow.
Sent from my SM-G9750 using Tapatalk
Hi... already doing your patches... i thinks succesfully, because i dont have any error, and boot normally after last command.
So.... i have to wait if random reboot appear right ? *to test*
Thank you... will report in about 3 days
Hi,
Vuska said:
So.... i have to wait if random reboot appear right ? *to test*
Click to expand...
Click to collapse
You can run the commands under "Q: I don't want to wait hours to see if my phone will restart out of the blue. How can I test for this bug?" in the first post. If your phone restarts automatically when running cat, then your phone is still susceptible to restarting itself during use.
If it doesn't restart, then you need to run reboot recovery yourself immediately, but it means the fix was successfully applied.
PS D:\S10+\ADB platform-tools> ./adb devices
List of devices attached
R28M31K3DNZ device
PS D:\S10+\ADB platform-tools> ./adb shell
beyond2q:/ $ su
Permission denied
1|beyond2q:/ $
?????
N1ldo said:
PS D:\S10+\ADB platform-tools> ./adb devices
List of devices attached
R28M31K3DNZ device
PS D:\S10+\ADB platform-tools> ./adb shell
beyond2q:/ $ su
Permission denied
1|beyond2q:/ $
?????
Click to expand...
Click to collapse
do you already install busybox via magisk ? also there will be a pop up in your device to request access from computer. accept it
already enable usb debugging in developer menu ?
permission denied .... [emoji848] .. strange... already rooted right ?
Sent from my SM-G9750 using Tapatalk
Vuska said:
do you already install busybox via magisk ? also there will be a pop up in your device to request access from computer. accept it
already enable usb debugging in developer menu ?
permission denied .... [emoji848] .. strange... already rooted right ?
Sent from my SM-G9750 using Tapatalk
Click to expand...
Click to collapse
Yes.
As you can see in the prints below.
i try install another busybox to.
N1ldo said:
beyond2q:/ $ su
Permission denied
1|beyond2q:/ $
?????
Click to expand...
Click to collapse
Check your Magisk settings to see if you haven't turned off ADB superuser access and your apps list for a denied Shell entry.
qwerty12 said:
Check your Magisk settings to see if you haven't turned off ADB superuser access and your apps list for a denied Shell entry.
Click to expand...
Click to collapse
Thank you all ...:good::good:
Yes Shell was unauthorized root on Magisk application list :victory:
3 days now.... i can say it successfully fixed.... [emoji106][emoji106]
Thank you.
hope you will update too when new firmware arrives....
because i dont understand some code mean.... just follow and copy paste
Sent from my SM-G9750 using Tapatalk
*ASG7 firmware is out
I can provide a recovery.img from s10e (smg9700), also any way i can contact you for some help about building the kernel? I have been trying to do with s10e's one and i'm not having much success
FlatOutRU said:
*ASG7 firmware is out
Click to expand...
Click to collapse
Downloading...
is ASG7 can use this patches ?
Sent from my SM-G9750 using Tapatalk
FlatOutRU said:
*ASG7 firmware is out
Click to expand...
Click to collapse
Vuska said:
s ASG7 can use this patches ?
Click to expand...
Click to collapse
I'll download the update later and give it a once-over; however, I'll quote myself:
qwerty12 said:
As long as the kernel version remains the same, it's likely, but not guaranteed, the same patches will work for future software updates from Samsung and all I'll have to do is update the compatibility list.
Click to expand...
Click to collapse
Laikar_ said:
I can provide a recovery.img from s10e (smg9700), also any way i can contact you for some help about building the kernel? I have been trying to do with s10e's one and i'm not having much success
Click to expand...
Click to collapse
That would be appreciated, thanks. I can move the S10e into the "Patch not tested" section of the compatibility list.
I wish you'd have asked me this a few days ago, I deleted the kernel tree I had on my disk because I thought a new source ZIP from Samsung would be forthcoming for the new firmware. I'd've just attached a diff...
I did get the kernel to build but I could not get the result to boot. Some of the compiler warnings displayed during build didn't make it seem like I was going to get a working kernel image. I'll get back to you soon with some steps
qwerty12 said:
That would be appreciated, thanks. I can move the S10e into the "Patch not tested" section of the compatibility list.
I wish you'd have asked me this a few days ago, I deleted the kernel tree I had on my disk because I thought a new source ZIP from Samsung would be forthcoming for the new firmware. I'd've just attached a diff...
I did get the kernel to build but I could not get the result to boot. Some of the compiler warnings displayed during build didn't make it seem like I was going to get a working kernel image. I'll get back to you soon with some steps
Click to expand...
Click to collapse
I can't post links yet, tinyurl(dot)com/y537462u for the drive download link
Does EdXposed work for G9750?
qwerty12 said:
I'll download the update later and give it a once-over; however, I'll quote myself:
Click to expand...
Click to collapse
Its changed a bit
kakahoho said:
Does EdXposed work for G9750?
Click to expand...
Click to collapse
Yes.
FlatOutRU said:
Its changed a bit
Click to expand...
Click to collapse
Good call; there's now code at 0x017F9AAC + 20, probably not a good idea to overwrite that...
I was hoping the newer build date might have meant that Samsung applied the patch, meaning I could abandon this thread, but no such luck: I did the quick writing to /dev/shm test and my phone kernel panicked. Lovely.
I've updated the first thread with an updated patch. I followed through with my plan of moving my extra code into load_module() instead of the empty section of zeros as, thanks to Samsung's kernel developers' ineptness, that function will always fail - may as well make it early return and then use the extra space gained to store my code in.
Laikar_ said:
I can't post links yet, tinyurl(dot)com/y537462u for the drive download link
Click to expand...
Click to collapse
Thanks for the S10e recovery image, Laikar_. I've checked the recovery image's kernel and moved the S10e into the "Patch not tested" section. I'll write up some steps soon on building a kernel that won't boot
Anyway,
The S10 and S10e recovery images are not from ASG7, however, so I don't know if my newer patch applies to it but my old ones do. I think my newer one will do, too, but that's an educated guess.
Just like with the S10, anybody's welcome to try this on their S10e and let me know of the result.
qwerty12 said:
Yes.
Good call; there's now code at 0x017F9AAC + 20, probably not a good idea to overwrite that...
I was hoping the newer build date might have meant that Samsung applied the patch, meaning I could abandon this thread, but no such luck: I did the quick writing to /dev/shm test and my phone kernel panicked. Lovely.
I've updated the first thread with an updated patch. I followed through with my plan of moving my extra code into load_module() instead of the empty section of zeros as, thanks to Samsung's brainiac developers, that function will always fail - may as well make it early return and then use the extra space gained to store my code in.
Thanks for the S10e recovery image, Laikar_. I've checked the recovery image's kernel and moved the S10e into the "Patch not tested" section. I'll write up some steps soon on building a kernel that won't boot
Anyway,
The S10 and S10e recovery images are not from ASG7, however, so I don't know if my newer patch applies to it but my old ones do. I think my newer one will do, too, but that's an educated guess.
Just like with the S10, anybody's welcome to try this on their S10e and let me know of the result.
Click to expand...
Click to collapse
so the first post already update to 050 kernel right ?
mean after i updated my s10+ magisk etc.. i can do that all steps right ?
cool...
still not yet finished my download since yesterday... my internet down.. [emoji2357]
Sent from my SM-G9750 using Tapatalk
Vuska said:
so the first post already update to 050 kernel right ?
mean after i updated my s10+ magisk etc.. i can do that all steps right ?
Click to expand...
Click to collapse
Yep, the first post is updated for ASG7. Those steps are working on my SM-G9750 running it, anyway
Laikar_ said:
[...]any way i can contact you for some help about building the kernel? I have been trying to do with s10e's one and i'm not having much success
Click to expand...
Click to collapse
I'll mention again that I couldn't get the result to boot. If you work it out, please let me know. I hate loading kernel images into a disassembler
I did this on a Ubuntu 18.04.2 minimal installation. I figure that if you want to build a kernel then you, like me, have at least a working familiarity with GNU/Linux, so I won't go too in-depth.
First, install the packages needed to build:
Code:
sudo apt install git-core gnupg flex bison gperf build-essential zip zlib1g-dev libxml2-utils xsltproc unzip python bc libssl-dev
Download the toolchain mentioned in README_kernel.txt:
Code:
git clone --depth=1 https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9
Download Snapdragon LLVM Compiler for Android v6.0.9 - Linux64 from https://developer.qualcomm.com/software/snapdragon-llvm-compiler-android/tools and untar it somewhere on your system. (This isn't actually the exact compiler Samsung use - if you look at /proc/version on your phone, you'll see it says 6.0.10 - but this is the closest we mere mortals will get.)
Download the source code zip from Samsung and untar Kernel.tar.gz into a newly-created folder. Inside said folder, run chmod 644 Makefile ; chmod 755 build_kernel.sh.
Open build_kernel.sh in your favourite editor. Make the following changes:
Set BUILD_CROSS_COMPILE to the folder where aarch64-linux-android-gcc, aarch64-linux-android-ld etc. are after cloning from git. Make sure to leave the aarch64-linux-android- suffix at the end. For me, this line looks like this:
Code:
BUILD_CROSS_COMPILE=/home/fp/x/aarch64-linux-android-4.9/bin/aarch64-linux-android-
KERNEL_LLVM_BIN needs to be set to the location of the Clang binary downloaded from Qualcomm. For me, this line looks like this:
Code:
KERNEL_LLVM_BIN=/home/fp/x/93270/toolchains/llvm-Snapdragon_LLVM_for_Android_6.0/prebuilt/linux-x86_64/bin/clang
After both REAL_CC=$KERNEL_LLVM_BIN instances add
Code:
CFP_CC=$KERNEL_LLVM_BIN
(although I think this is the wrong way to do it, consider just disabling CONFIG_RKP_CFP)
Open the Makefile in your favourite editor. Find the following line
Code:
@echo Cannot use CONFIG_CC_STACKPROTECTOR_$(stackp-name): \
$(stackp-flag) not supported by compiler >&2 && exit 1
Remove the "&& exit 1". The proper way to fix this would be to set CONFIG_CC_STACKPROTECTOR_STRONG to n in the config file; however if you run clang --help, you'll see that -fstack-protector-strong is actually supported. Why turn off a useful security feature?
Run build_kernel.sh and the kernel should build (albeit with a metric crap-ton of warnings, which is just one reason why it's not surprising the resulting kernel won't boot)

[ROM][Official] Kali NetHunter for the OnePlus One LineageOS 17.1 Q

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I present to you: Kali NetHunter for the OnePlus One LineageOS 17.1 Q
This is the latest (experimental) version for the OnePlus One.
Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform.
The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks, as well as a client to the Kali NetHunter App Store.
Beyond the penetration testing tools arsenal within Kali Linux and the Kali NetHunter App Store, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, Evil AP MANA attacks, and much more. For more information about the moving parts that make up NetHunter, check out our NetHunter Components page.
NetHunter is an open-source project developed by Offensive Security and the community.
~ Prerequisites ~
- Lineage 17.1 - https://download.lineageos.org/bacon
- Gapps if needed - https://opengapps.org
- TWRP - https://twrp.me/oneplus/oneplusone.html
- Magisk – https://forum.xda-developers.com/apps/magisk
~~ Downloads ~~
- NetHunter: https://www.androidfilehost.com/?fid=17248734326145736621
~~ How to Install ~~
Assuming you have unlocked bootloader
- Flash TWRP
- Copy Lineage, Magisk and NetHunter image to USB drive
- Boot into TWRP, insert USB drive.
- Flash Lineage, and Gapps if needed, reboot and do initial setup
- Reboot into TWRP
- Some old devices with new ROMs doesn't have a TWRP with system_root prop set, therefore do
Code:
adb shell setprop ro.build.system_root_image true
- Flash Magisk, NetHunter
- Reboot
- Run NetHunter app
- Reboot
~~~ Notes & Updates ~~~
- wlan1 unplug reboot is solved
- Y-cable is still supported, just need to have it as a Custom Command or in a script (AndroidSU)
Code:
bootkali ycable start
To stop:
Code:
bootkali ycable stop
- Bluetooth Arsenal is supported, but you need to downgrade Bluez to 4.101 by compiling it in Kali chroot and installing "on top of" current Bluez so the bluetooth service will be able to run
- Mana is being replaced, for the time being you can downgrade iptables with the following :
Code:
wget http://old.kali.org/kali/pool/main/i/iptables/iptables_1.6.2-1.1_armhf.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libip4tc0_1.6.2-1.1_armhf.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libip6tc0_1.6.2-1.1_armhf.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libiptc0_1.6.2-1.1_armhf.deb
wget http://old.kali.org/kali/pool/main/i/iptables/libxtables12_1.6.2-1.1_armhf.deb
dpkg -i *.deb
apt-mark hold iptables
apt-mark hold libip4tc0
apt-mark hold libip6tc0
apt-mark hold libiptc0
apt-mark hold libxtables12
- To downgrade to bluez-4.101:
Code:
apt-get update && apt-get install libdbus-1-dev libglib2.0-dev
apt-mark hold bluez
wget http://www.kernel.org/pub/linux/bluetooth/bluez-4.101.tar.gz
tar xvf bluez-4.101.tar.gz && cd bluez-4.101
./configure --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc --localstatedir=/var --libexecdir=/lib --build=arm
make && make install
Please not that BLE is not supported in bluez-4.x. If you prefer to use that, keep bluez-5.x
Credits: The Offensive Security Team and the NetHunter community
Android Version: 10.0
XDA: DevDB Information
Kali Nethunter, Kernel & ROM for the OnePlus One
Contributors
@yesimxev
Source Code: https://gitlab.com/kalilinux/nethunter/
Kernel Source: https://github.com/yesimxev/android_kernel_oppo_msm8974
Follow me on Twitter!
Well done! I'm personally not interested in NetHunter but it's nice to see some development still happening for our good old Oneplus One
Thank you very much for keeping up with new Releases for our beloved OPO...
I wiped up my OPO completely and started from scratch...
But after sticking to your tutorial and setting up chroot I get the following:
Code:
[-] sdcard /lib/modules/3.4.113-yesimxev-g4885cdc67a2 doesn't exist or isn't mounted. .
Is this related to the new kernel?
JERKBALL said:
Thank you very much for keeping up with new Releases for our beloved OPO...
I wiped up my OPO completely and started from scratch...
But after sticking to your tutorial and setting up chroot I get the following:
Code:
[-] sdcard /lib/modules/3.4.113-yesimxev-g4885cdc67a2 doesn't exist or isn't mounted. .
Is this related to the new kernel?
Click to expand...
Click to collapse
Thanks for mentioning, the modules dir wasn't in the correct place in the zip. It will be fine in the next release. I'll update the links once they are released.
For now, update to the latest app and you can ignore that message, it will remain as a warning only.
Didn't work for me at all. Back to LOS 16.0.
Ween Dwijler said:
Didn't work for me at all. Back to LOS 16.0.
Click to expand...
Click to collapse
Have you updated the NH ap from the store? I'll build a kernel flasher so you have it before release
yesimxev said:
Have you updated the NH ap from the store? I'll build a kernel flasher so you have it before release
Click to expand...
Click to collapse
Hmmm...... I just spent about a full week to get Nethunter functional on an Oneplus One. It was a very revealing journey, lots of flashing, bricking, flashing, upgrading, downgrading,I've learned a lot.
Tried CM and LOS 16 and 17 with NH for Marshmallow and for Pie. Used the ones from Kali's download site and the ones you linked above. Followed all instructions to the letter and comma, and all variations on it that I could imagine.
The end result is always the samel No bluetooth, no usb.
And since the whole idea is to have a compact mobile to do pentesting on wireless setups and devices in the field, for which we need usb and bluetooth, it seems to be pretty useless. It really puzzles me why the Oneplus One is the preferred device, other than it is a nice Mr. Robot gadget to show of in the bar?
However, I truly want to be proven wrong in my conclusion and work with you to get this sorted out. If you like. I get the idea there are many with similar problems that never got solved and they might have given up and moved on to another device. But I am not afraid of a good challenge, so....... lets do it.
This is what I have:
Oneplus One 16GB
Alfa AWUS036ACH with Realtek rtl8812au chip (have the latest drivers)
Can we make it really work?
(mind you, pentesters at $ 200K a year are probably not willing to spent so much time on getting a tool to work. I'm just a student in pentesting and still learning, so economics are not that much of an issue, yet).
I realise this is all free, open source software. But that doesn't mean it shouldn't be working perfect after proper installing everything.
I hope I can help to make it better.
I have a OPO with the above install but an updated kernel which not released yet. But I'll provide you tonigh for testing. Although the above should be fully functional other than the modules dir (which is ignored by the latest NH app).
I'm happy to help you as I know how frustrating is to get used to this kind of version vs device specific fight
Just to confirm:
No usb or bluetooth? usb hid? Or wlan1? What's your busybox version? Internal or external bluetooth?
JERKBALL said:
Thank you very much for keeping up with new Releases for our beloved OPO...
I wiped up my OPO completely and started from scratch...
But after sticking to your tutorial and setting up chroot I get the following:
Code:
[-] sdcard /lib/modules/3.4.113-yesimxev-g4885cdc67a2 doesn't exist or isn't mounted. .
Is this related to the new kernel?
Click to expand...
Click to collapse
I got that, too. But did the whole thing again and than it was gone.
I noticed that a good way to make sure all reinstalling happens in a "clean" way is to follow this method of working:
1.
TWRP recovery - Wipe all, except USB-OTG. ---> Reboot.
2.
Repeat that 1 more time!!! (counting for residual voltage, causing bits to be persistent in memory, contaminating new install)
3.
Flash LOS 16 or 17 with TWRP from attached USB stick. (If data doesn't show up on USB-OTG, touch it for 5 seconds, release, phone vibrates and the data will be visible. If that doesn't work, unplug the OTG cable, wait 5 seconds and replug it. Repeat previous touch, vibrate etc. If that doesn't work, unplug USB, 5 seconds wait, replug, go to mount and try to mount USB-OTG, return to Install, select Storage and repeat the first step of this no.3 part)
4.
After flash is complete, reboot, setup CM or LOS, activate Developers options by tapping 7x on Build number (you can find that under Settings/about phone). One step back, under settings you find Developer options. Go in there, check Advanced reboot, uncheck Update Cyanogen recovery, check Android debugging. Press right power button shortly, Power options pops up. Choose Reboot, next screen pops up, choose Recovery, confirm with tapping ok.
5.
Back in TWRP, unplug the USB, wait 5 seconds and replug the USB in. Follow the steps I described in 3. to get the data visible. Choose to install Magisk or SuperSU (whatever you like and have). Let it run, when finished reboot again. After reboot is completed, reboot again from LOS to make sure Magisk or SuperSU are completely installed and ready.
6.
Reboot into TWRP Recovery again, do the USB mount trick thing, choose the right version NH zip (you might have, like me, different versions on it) and install NH. When finished, reboot.
7.
Pay attention here!
Back in LOS, check that Magisk or SuperSU are properly installed and working.
Start NH Terminal, popup asks for Superuser rights. You have 10 seconds to grant them! Do it! Follow the further screen instructions, allow for all.
Next, start up NH itself, 10 seconds only for granting SU right!!! Allow all. After this, reboot system.
8.
Start NH terminal, command sudo apt update && sudo apt full-upgrade. Follow the instructions. During that, you get a white window asking for yes or no. Chose Yes and confirm with enter. Another one like that will pop up again a little later, choose the second line (keep present config etc.) and confim with yes and enter.
Let the process run its course. When finished, reboot system again.
9.
Start up NH (if it is not already started), go to Kali Chroot Manager and start it. All should be green now and ready to go.
Happy Hunting!
yesimxev said:
I have a OPO with the above install but an updated kernel which not released yet. But I'll provide you tonigh for testing. Although the above should be fully functional other than the modules dir (which is ignored by the latest NH app).
I'm happy to help you as I know how frustrating is to get used to this kind of version vs device specific fight
Just to confirm:
No usb or bluetooth? usb hid? Or wlan1? What's your busybox version? Internal or external bluetooth?
Click to expand...
Click to collapse
After trying to install above twice, with red warning in TWRP that something failed to mount, I abandoned it and switched back to CM and the Marshmallow NH. But that doesn't work either.
At least I got to see lsusb in LOS 16 with NH and your kernel update ten. Before I updated your kernel, lsusb didn't show anything in LOS 16 NH.
Here goes:
Installed 2020.4 Pie. No lsusb readout, no bluetooth.
Next:
TWRP installed your ...ten.zip, rebooted and after 2 attempts (unplug and plug in again) lsusb in NH terminal registered the OTG as hub, on 001.002 was my USB stick. Unplugged the stick, plugged in the AWUS036ACH, and 001.002 became 0bda Realtek 802.11.
Checked in terminal of Android, got the same reading.
So Android sees it on the USB, NH sees it too. However, no wlan1 shows up when I do iwconfig, ifconfig or run airmon-ng.
Are the Realtek rtl8812au drivers already patched into the kernel? (Do I say that right?).
If yes, what prevents NH from getting wlan1?
The wifi adapter is not powered (I thought it could get power from the OPO?). Has that anything to do with it?
Bluetooth is the internal one from OPO. Busybox was installed with the NH version. I'm now back at CM 13 again, so I donno which version in the LOS install I had. I will go back to the machines and get the LOS 16 installed.
Or do you prefer LOS 17?
yesimxev said:
I have a OPO with the above install but an updated kernel which not released yet. But I'll provide you tonigh for testing. Although the above should be fully functional other than the modules dir (which is ignored by the latest NH app).
I'm happy to help you as I know how frustrating is to get used to this kind of version vs device specific fight
Just to confirm:
No usb or bluetooth? usb hid? Or wlan1? What's your busybox version? Internal or external bluetooth?
Click to expand...
Click to collapse
Ok, I am ready to go.
- Wiped the OPO completely
- Flashed and installed lineage-17.1-20210128-nightly-bacon-signed.zip
- Did the setup, developers options etc.
- flashed and checked proper install of Magisk
Next step?
NB. I have 2 hours more today. After that it is bedtime for me. We probably have a time difference. For me it will be 3AM in 2 hours.
yesimxev said:
I have a OPO with the above install but an updated kernel which not released yet. But I'll provide you tonigh for testing. Although the above should be fully functional other than the modules dir (which is ignored by the latest NH app).
I'm happy to help you as I know how frustrating is to get used to this kind of version vs device specific fight
Just to confirm:
No usb or bluetooth? usb hid? Or wlan1? What's your busybox version? Internal or external bluetooth?
Click to expand...
Click to collapse
Ok, I thought to go on with installing the NH fs from your link. Got the same error:1 again. Error installing zip file 'usb_otg/nethunter-2020.4-generic-armhf-kalifs-full.zip'.
Get the same message for the other one.
Ween Dwijler said:
Ok, I thought to go on with installing the NH fs from your link. Got the same error:1 again. Error installing zip file 'usb_otg/nethunter-2020.4-generic-armhf-kalifs-full.zip'.
Get the same message for the other one.
Click to expand...
Click to collapse
Seems like you haven't done the
Code:
adb shell setprop ro.build.system_root_image true
Haven't you flashed the zips from here yet? What did you use? This version is not released yet anywhere, it's here for testing.
yesimxev said:
Seems like you haven't done the
Code:
adb shell setprop ro.build.system_root_image true
Haven't you flashed the zips from here yet? What did you use? This version is not released yet anywhere, it's here for testing.
Click to expand...
Click to collapse
I used the zips you provided in the links above. But, indeed, I didn't do the setprop. Busy getting it back up again....hahaha. Next install will be after the setprop command. Try to do it now. Stay tuned.
A 5 years old phone is NOT going to beat a 60 year old man.
Ween Dwijler said:
After trying to install above twice, with red warning in TWRP that something failed to mount, I abandoned it and switched back to CM and the Marshmallow NH. But that doesn't work either.
At least I got to see lsusb in LOS 16 with NH and your kernel update ten. Before I updated your kernel, lsusb didn't show anything in LOS 16 NH.
Here goes:
Installed 2020.4 Pie. No lsusb readout, no bluetooth.
Next:
TWRP installed your ...ten.zip, rebooted and after 2 attempts (unplug and plug in again) lsusb in NH terminal registered the OTG as hub, on 001.002 was my USB stick. Unplugged the stick, plugged in the AWUS036ACH, and 001.002 became 0bda Realtek 802.11.
Checked in terminal of Android, got the same reading.
So Android sees it on the USB, NH sees it too. However, no wlan1 shows up when I do iwconfig, ifconfig or run airmon-ng.
Are the Realtek rtl8812au drivers already patched into the kernel? (Do I say that right?).
If yes, what prevents NH from getting wlan1?
The wifi adapter is not powered (I thought it could get power from the OPO?). Has that anything to do with it?
Bluetooth is the internal one from OPO. Busybox was installed with the NH version. I'm now back at CM 13 again, so I donno which version in the LOS install I had. I will go back to the machines and get the LOS 16 installed.
Or do you prefer LOS 17?
Click to expand...
Click to collapse
8812au is not supported on this device.
Btw are you trying both pie and ten zips on lineage-17.1 rom?
Ween Dwijler said:
A 5 years old phone is NOT going to beat a 60 year old man.
Click to expand...
Click to collapse
Keep it up! Flash this kernel https://www.androidfilehost.com/?fid=17248734326145730243
Ok, used setprop ro.build.system_root_image true, got message "failed to map file and error installing.
This is a new one for me!!
I think TWRP is somehow damaged. Will brick it now and do a full setup again, starting with Color. Tomorrow more about this saga.
Ween Dwijler said:
Ok, used setprop ro.build.system_root_image true, got message "failed to map file and error installing.
This is a new one for me!!
I think TWRP is somehow damaged. Will brick it now and do a full setup again, starting with Color. Tomorrow more about this saga.
Click to expand...
Click to collapse
I went back to TWRP 3.4 but 3.5 also flashed everything. The zip might got corrupted? Installs for me fine. I'll make the revert to bluez-4.101 because bluez 5.x is not working on this device
yesimxev said:
I went back to TWRP 3.4 but 3.5 also flashed everything. The zip might got corrupted? Installs for me fine. I'll make the revert to bluez-4.101 because bluez 5.x is not working on this device
Click to expand...
Click to collapse
I used both TWRP 3.4 and 3.5, same result. Sideload didn't work either. Managed to get Magisk flashed. That first had the same error as the rest. Last it went well. So, I thought, lets go for NH too. Nope. Error again.
Tomorrow I will download everything fresh again from the web, and see if it works. Maybe the USB stick got corrupted somehow? Got another one to try.
Which chipset is supported on the OPO, if not 8812au?

[KERNEL] Nethunter For Pixel 4a 5G Android 12L

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
ALYNX Nethunter Kernel for Pixel 4a 5G - [Android 12L]
What is Nethunter ?
Kali NetHunter is a free & Open-source Mobile Penetration Testing Platform for Android devices, based on Kali Linux.​
Click to expand...
Click to collapse
Code:
I'm not responsible for bricked devices, dead SD cards.
Do some research if you have any concerns about features included in this Kernel.
About the kernel :
Kernel is based on fsociety kernel sources.
Features:
Internal Wifi Monitor Mode Support (packet injection doesn't work as it is based on qcacld-3.0 which is not capable of packet injection yet)
HID gadget keyboard/mouse
USB WiFi, mac80211 (Monitor mode, packet capture, packet injection) [Compatibility List]
RTL88XXAU USB WIFI Support
RTL8188EUS USB WIFI Support
ATH9K_HTC USB WIFI Support
Ethernet Support
Bluetooth USB Support
SDR Support
BadUSB
warning: please do not update magisk after flashing the kernel, you can update the magisk before flashing the kernel.
Installation:
Download the zip file containing the kernel from below
Flash the zip using franco kernel manager if franco doesn't work use EX kernel manager (Flashing the kernel/zip will preserve the root)
Install Busybox
Download Wireless_firmware.zip open Magisk and install the zip as Magisk module
Install Nethunter store
Install Nethunter app & Nethunter terminal from Nethunter store
Open Nethunter app & Download the full chroot kalifs within the app and let the app setup everything. After it finishes it'll start the chroot automatically.
Update the sources with apt-get update && apt-get upgrade in the chroot using nethunter terminal
Reboot the device
Note: if nethunter app crashes open any android terminal in su environment and paste the following.
Code:
pm grant com.offsec.nethunter android.permission.ACCESS_FINE_LOCATION
pm grant com.offsec.nethunter android.permission.ACCESS_COARSE_LOCATION
pm grant com.offsec.nethunter android.permission.READ_EXTERNAL_STORAGE
pm grant com.offsec.nethunter android.permission.WRITE_EXTERNAL_STORAGE
pm grant com.offsec.nethunter com.offsec.nhterm.permission.RUN_SCRIPT
pm grant com.offsec.nethunter com.offsec.nhterm.permission.RUN_SCRIPT_SU
pm grant com.offsec.nethunter com.offsec.nhterm.permission.RUN_SCRIPT_NH
pm grant com.offsec.nethunter com.offsec.nhterm.permission.RUN_SCRIPT_NH_LOGIN
Extra:
if you want to replace nethunter terminal with termux (not completely nethunter main app will still launch nethunter terminal everytime for any operation but you can access kali chroot environment from termux.
(i know nethunter terminal sucks)
Follow these steps to access the environment from termux:
Install termux from f-droid or from nethunter store
Open termux and install root repo using pkg update && pkg install root-repo tsu wget
Download the script from termux using wget https://raw.githubusercontent.com/name-is-cipher/boot-nethunter/main/install_boot-kali.sh
chmod +x install_boot-kali.sh && ./install_boot-kali.sh
let it setup everything.
restart termux and type boot-kali to access the nethunter chroot environment
if you like my work give this post a like : )
Credits:
Team Kali For Nethunter
momojura For fsociety kernel.
XDA:DevDB Information
Alynx Nethunter For Pixel 4a 5G Bramble
Contributors: V3rB0se
Source Code: https://github.com/V3rB0se/redbull
Version Information
Status: Stable
Stable Release Date: 02/08/2022
Created 02/08/2022
Last Updated 27/07/2022
Reserved​
Hey! Slight problem.
I just flashed the kernel through Franco's, and it's loaded correctly, but I don't have usb.hid for some unknown reason. I'm not sure if I've messed up or you have, so I thought I'd ask? See below for further info.
WoodenPlankGames said:
Hey! Slight problem.
I just flashed the kernel through Franco's, and it's loaded correctly, but I don't have usb.hid for some unknown reason. I'm not sure if I've messed up or you have, so I thought I'd ask? See below for further info.
View attachment 5711105View attachment 5711107
Click to expand...
Click to collapse
try installing some older versions of nethunter.
I found a setting to enable it, but now I'm having another problem: Your kernel appears to have entirely disabled OTG Game controller support.
WoodenPlankGames said:
I found a setting to enable it, but now I'm having another problem: Your kernel appears to have entirely disabled OTG Game controller support.
Click to expand...
Click to collapse
please post the logs. i have no idea what you're talking about. was it enabled before in the stock kernel?
V3rB0se said:
please post the logs. i have no idea what you're talking about. was it enabled before in the stock kernel?
Click to expand...
Click to collapse
I don't have any logs. It's not complicated. I plugged in my razer Kishi, and it didn't work. It did on (and still does when i reflash my backup of) the stock kernel.
Edit: Interestingly, the HID feature this kernel reports (Once you enable it in the nethunter app) adding still works after reflashing stock. I was under the impression that needed a kernel patch. Odd.
WoodenPlankGames said:
I found a setting to enable it, but now I'm having another problem: Your kernel appears to have entirely disabled OTG Game controller support.
Click to expand...
Click to collapse
I'll make sure to fix this in the upcoming update. but i need logs to find the problem.
WoodenPlankGames said:
I don't have any logs. It's not complicated. I plugged in my razer Kishi, and it didn't work. It did on (and still does when i reflash my backup of) the stock kernel.
Edit: Interestingly, the HID feature this kernel reports (Once you enable it in the nethunter app) adding still works after reflashing stock. I was under the impression that needed a kernel patch. Odd.
Click to expand...
Click to collapse
everything else is working i guess?
Sup fellas, it's been almost 10 years since I've unlocked a Bootloader and now it looks like there is all this Github and Backtrack ports around... Soo can someone refresh me...
After I unlock the BootLoader can I go str8 to installing a custom Rom or do i gotta put the Bloat free + ROOTED rom on first for some reason....?
What Custom Roms are compatible with this kernel? I doubt the stock android 12 rom this probably needs will have the Radio Tower mods i need.... (what rom is good for the Radio tower exploits again? uh.. you know.. the ones that offer Data Wells .. of course for research / education / pentesting purposes only... lol Maybe that Resurrection rom i seen on here yesterday/? LOL) [i srsly dont know why i cant find it in the pixel 4a forums anymore along with pages of discontinued roms... = / hmm ]
AND if a rom requires a different kernel than this can I flash this one on there afterwards and still expect the Rom will function and i wont be bricked..?
BrawnyPaperTowelHead said:
Sup fellas, it's been almost 10 years since I've unlocked a Bootloader and now it looks like there is all this Github and Backtrack ports around... Soo can someone refresh me...
After I unlock the BootLoader can I go str8 to installing a custom Rom or do i gotta put the Bloat free + ROOTED rom on first for some reason....?
What Custom Roms are compatible with this kernel? I doubt the stock android 12 rom this probably needs will have the Radio Tower mods i need.... (what rom is good for the Radio tower exploits again? uh.. you know.. the ones that offer Data Wells .. of course for research / education / pentesting purposes only... lol Maybe that Resurrection rom i seen on here yesterday/? LOL) [i srsly dont know why i cant find it in the pixel 4a forums anymore along with pages of discontinued roms... = / hmm ]
AND if a rom requires a different kernel than this can I flash this one on there afterwards and still expect the Rom will function and i wont be bricked..?
Click to expand...
Click to collapse
i think you should ask such question here but yeah you can go straight to install custom roms after unlocking the bootloader.
V3rB0se said:
i think you should ask such question here but yeah you can go straight to install custom roms after unlocking the bootloader.
Click to expand...
Click to collapse
Thank You sir, Compliments to the CHef!
NEWEST EDIT: GOT KALI.apk running finally by pasting the provided codefix in 'Nethunter Terminal' thanstead of TERMUX!!! ! : But now I Cant get CHROOT to install whether from the server installer or Manual Patching...! appears that lots of users are having the same problem... https://www.zerodaysnoop.com/articles/install-problems-with-nethunter-lite/
EDIT AGAIN!: Found The "If Kali .apk doesnt start.. paste the following:..." section on bottom... but now I cant get that to even work... First it seems Termux needs root ... but I try sudo and Tsudo..but it only gives the same error I believe...??? see below!:
EDIT: 'BUSY BOX INSTALLER from fDroid client said busybox was actually installed now after i probably rebooted the phone... so I moved on to downloading Nethunter.. and Nethunter Terminal... tried opening nethunter app wuthout terminal installed... it gave an error.. went and installed Nethunter terminal... tried choosing KALI layout and it gace an error... then I chose Android SU Terminal mode and it works....
So I try opening Nethunter to Download the chroot and Khalifs... Nethunter keeps stalling and giving errors and wont let me find these chroots, etc....???? wtf?
---- gonna try reinstalling kali stuff in the right order (ALL OVER) in the meantime to see if these alleviates anything...
Followed instructions perfectly... thought i needed a JSON configuration file for an hour until I noticed FRANCO MANAGER had a MANUAL INSTALL option...
Made my way to the busy box install part.... now NONE (ABSOLUTELY NONE) of the BusyBox apps on F-Droid are working with my phone! below is the error i Get with the best looking app...
gonna try my luck with using termux to create the directory it says it can't install Busybox in.. and also try Play Store versions in the meantime.... -___-;
ANY IDEAS?
BrawnyPaperTowelHead said:
NEWEST EDIT: GOT KALI.apk running finally by pasting the provided codefix in 'Nethunter Terminal' thanstead of TERMUX!!! ! : But now I Cant get CHROOT to install whether from the server installer or Manual Patching...! appears that lots of users are having the same problem... https://www.zerodaysnoop.com/articles/install-problems-with-nethunter-lite/
EDIT AGAIN!: Found The "If Kali .apk doesnt start.. paste the following:..." section on bottom... but now I cant get that to even work... First it seems Termux needs root ... but I try sudo and Tsudo..but it only gives the same error I believe...??? see below!:
EDIT: 'BUSY BOX INSTALLER from fDroid client said busybox was actually installed now after i probably rebooted the phone... so I moved on to downloading Nethunter.. and Nethunter Terminal... tried opening nethunter app wuthout terminal installed... it gave an error.. went and installed Nethunter terminal... tried choosing KALI layout and it gace an error... then I chose Android SU Terminal mode and it works....
So I try opening Nethunter to Download the chroot and Khalifs... Nethunter keeps stalling and giving errors and wont let me find these chroots, etc....???? wtf?
---- gonna try reinstalling kali stuff in the right order (ALL OVER) in the meantime to see if these alleviates anything...
Followed instructions perfectly... thought i needed a JSON configuration file for an hour until I noticed FRANCO MANAGER had a MANUAL INSTALL option...
Made my way to the busy box install part.... now NONE (ABSOLUTELY NONE) of the BusyBox apps on F-Droid are working with my phone! below is the error i Get with the best looking app...
gonna try my luck with using termux to create the directory it says it can't install Busybox in.. and also try Play Store versions in the meantime.... -___-;
ANY IDEAS?
Click to expand...
Click to collapse
Do not download termux from playstore download it from fdroid. for chroot you can download it manually and use backup option in nethunter app to install the zip. and install the tsu package from root-repo.
V3rB0se said:
Do not download termux from playstore download it from fdroid. for chroot you can download it manually and use backup option in nethunter app to install the zip. and install the tsu package from root-repo.
Click to expand...
Click to collapse
Okay.. I DID manually download it and had to code a github program to download the chroot from the official repo for me without timing out and causing a hash error with my terrible Internet.... then it seeded it for a Torrent that wont fail during Download....
But the whole problem turned out to be how ANDROID 12L breaks the install with it's SCREEN TIMEOUT/Sleep mode thing... which was only warned about in some youtube video for the Pixel 4a version that i seen listed before finding this guide....
Oh well... now wondering if I need the massive 1gb chroot file on my system for kali to function properly or if i could delete it now... : /

Categories

Resources