Compile Kali Nethunter

Hackers always have to bring some outfits with them to satisfy their desire to pretend to be aggressive everywhere, so they invented Kali Nethunter, which packs the hacker spirit in their mobile phones, wherever they go, and wherever they go. Where do you come from? Eh, I don’t send it, I don’t send it. As a hacker, using your own stuff is awesome, but using other people’s stuff is just pretending. So I’m here to talk about how to turn all the mobile phones that use WeChat to play games in the trouser pockets into “hacking mobile phones”.

In the past two months, Cyanogen has closed down, CM has also been renamed LineageOS, and it has been upgraded to Android N (CM14.1) following the trend. Taking advantage of the opportunity to come back again, I will summarize my previous experience and write tutorials while upgrading my mobile phone. Don’t worry, the steps are all common~

requirements for readers

We are going to install Kali Nethunter in your phone, if your phone is net hunter official support Yes, I have played with the mobile phone, swiped the machine,** Card swiping zip package ** It should be no problem for you.

If not, since this article covers how to compile your own CM system and integrate its kernel into nethunter. So, have to** Know a little about Linux ** ,Will be at** Command line typing ** , if yourself** compiled software ** Of course better, after all, that’s what it is essentially.

If you succeed in flashing the machine in the end, then you have to know more about linux, because this software has no interface, you can treat it as a Linux virtual machine, if you don’t know how to click it, what’s the use of installing it?

mobile phone requirements

My own mobile phone is OnePlus 3, if yours is not…

Kernel open source

Although nominally speaking, the steps are common, but first of all, the mobile phone has to be powerful. The biggest requirements for mobile phones are:** Kernel code open source ** . Only with it can we know that the domestic manufacturers open source are:** OnePlus, Huawei, Xiaomi, ZTE ** . OnePlus and Xiaomi are on Github, and Huawei and ZTE have to go to the official website to find it themselves. For other things… I don’t know Jiefanggou. here is a参考教程 (English). For foreign mobile phones, we can basically find them from the major manufacturers we have heard of. My son must open source, and Sanshuang must have so many custom ROMs. Others can be found in the above post.

Does it support CM?

To be honest, I only studied how to compile the whole Android under CyanogenMod. Because its compilation environment is very well matched, just type commands, and I don’t have the heart to study the entire system, I just want to change a kernel parameter. How to check whether it is supported or not? [Model cm] Baidu, if there is, there is, if not, there is no way. Of course, if it is supported by other ROMs such as Google’s son or AOSP AOKP, you can also use its code as the compilation environment, and the commands are similar. If the CM doesn’t have it but can find the kernel source code, that’s fine too. It should be more convenient. Just make directly, without relying on this or that. nethunter tutorial How to compile a single kernel is covered in , so I won’t go into details here.

nethunterofficial support

if the phone is官方支持的型号 , Just click on their download link, and then just like a normal Android phone flashing package, swipe in the card, restart it, no need to look down.

Configuration Environment

System requirements: Linux (preferably Ubuntu) or macOS.

install dependencies

Install dependencies first, the main reference官方教程 to enter commands. Key points: For your own system such as ubuntu15.04, enter the command under the title “For Ubuntu >= 15.04”. As long as the JDK and package are installed, the USB configuration can be ignored. mac pays special attention

  1. The disk that needs to be installed is case-sensitive. You can see it in Disk Utility. If not, just follow the steps in the above tutorial to create a sparseimage.
  2. exist苹果官网 Download the Xcode 7.3.1 version, the latest version is not compatible, and the App Store will let you update it or not.
  3. Need to install additional linux programs, brew install coreutils findutils gnu-sed, I wrote a small script to add them to the PATH variable, and send it out later

Download the Android source code

The source code varies from person to person, the main command is still reference这个教程 .

Get the repo applet

sudo wget -O /usr/local/bin/repo

Create a directory of your liking

mkdir ~/android
cd ~/android

Download the source code with the repo applet

repo init -u cm-14.1 --depth=1 --groups=all,-notdefault,-x86,-mips,-linux,-exynos5

Notice! The URL in the previous command can be different depending on your system. The URL is the source code index of the entire Android system. If CM supports your mobile phone, there is no need to change it. Other parameters can be passed repo init -h See what it means. Start downloading (about 18G or so)

repo sync

Prepare the kernel source code

Every time you enter the compilation environment, you must prepare the environment variables. The following sentence must be entered every time you compile

source build/

Then download the exclusive code of the mobile phone. If the mobile phone is not oneplus3, replace it with the codename of other mobile phones. For example, Xiaomi 3 and 4 are cancro, Xiaomi 5 is gemini, Redmi 3 is ido and so on.小米Github It’s written on it.

breakfast oneplus3

Modify kernel parameter reference nethunter official tutorial . Enter the kernel code directory

cd kernel/oneplus/oneplus3
make clean
export ARCH=arm64
export SRCARCH=arm64

export here is a small hole, not in the tutorial, but it must be added. If the CPU of your mobile phone is 32-bit, replace arm64 with arm, and the same reasoning follows. If you don’t add this, you can’t configure defconfig correctly. Starting from the existing configuration file, find the existing configuration under the arch/arm64/configs directory, such as cyanogenmod_oneplus3_defconfig

ls arch/arm64/configs
make cyanogenmod_oneplus3_defconfig

The default parameters are configured.

because A bug of clang , mac users need to change the 12th line under scripts/kconfig/lxdialog/ to this (- is original, + is modified)

- if [ $? -eq 0 ]; then
+ if [ $? -eq 0 -o -f /usr/lib/lib${lib}.${ext} ]; then

Then we all enter the configuration menu together.

make menuconfig

according to教程 configuration. In the menuconfig menu, press up and down to navigate, poke esc twice to return to the upper-level directory, y is to select a check box (compile the module into the kernel), n is to cancel, m is to compile a module (such as a driver) into A separate applet, loaded when needed. If you encounter the problem of being stuck on the first screen after the last flash, the kernel size is too large. At this time, compile some modules independently with m.

Special options: in the tutorial picture* DVB for Linux * The option is gone, now renamed* Digital TV support * select* Deselect before Customize DVB Frontends ** Autoselect ancillary drivers (tuners, sensors, i2c, frontends) * Then cancel all the options in the frontends menu and in the tuner except for RTL2830. Special option 2: (Maybe only my phone has this bug, or all of them may have it) If you choose it in the menuconfig above* HCI USB Driver * , if the compilation fails, press这个patch Just change this file. Additionally, the* Bluetooth device drivers * inside* Atheros firmware download driver * , btusb.c needs a function inside. Finally, save the configuration and the kernel configuration is complete.

cp .config cyanogenmod_oneplus3_defconfig
make mrproper

Other optional configuration

If some modules were compiled independently with m in the front, and SELinux was not turned off, then you need to change SEPolicy. In the source code/device/oneplus/oneplus3/sepolicy directory (oneplus/oneplus3 is replaced by the device model), create or edit init.te and add at the end

It turns out that only fd use and system module_load are needed, but I forgot how to write the strategy. If you want to use a USB keyboard, or badUSB attack, and like me, you don’t want to turn off SELinux, then continue to change the policy. according to他的教程 Come. but also to mark这个patch .


After all the modifications are completed, cd back to the main directory of the source code, and run the command to compile the kernel and start the image separately.

mka bootimage

After he finishes scrolling, the words that come out are green, which means the compilation is successful.

Adapt to Nethunter

Find another directory to download its installer.

git clone --depth 1

cd kali-nethunter/nethunter-installer

Then download the nethunter device directory, press Enter all the way and wait for the download. You will get a devices directory with a size of about 1G.


Use a script to put the newly compiled Image.gz-dtb and modules into devices/nougat/oneplus3cm. Nougat is the Android version, and the name of oneplus3cm is based on the nethunter tutorial. The kernel module should be placed in /lib/modules/[kernel version number], so that modprobe can find it. As for the kernel version number, it is obtained by a single command, and this command is already in my script. [TODO: Desensitized upload]

strings $out/obj/KERNEL_OBJ/arch/arm64/boot/Image | grep -o '3.*cyan[^ ]*' | head -n1

Finally, edit devices.cfg to add your newly adapted device according to the gourd painting.

vim devices.cfg
python -d oneplus3cm -n -u -ns  # nouget uninstaller_created no_supersu

Then you get our brand new card swiping package of your own!

Throw the warm card brush package just generated into the recovery, update directly, and then restart, if there is no error, it will be fine, all over!

Turn on the Nethunter app, follow the prompts to install kali chroot and other metapackages, and your hacker phone is complete!

applaud! Sprinkle flowers! Get up and take a screenshot.