Database Users

*TUTORIAL* How to flash Kali Pwn Pad on your N7 2013!!

Hello xda developers!
Do you love computer security as much as I do?
Do you have a nexus 7 2013? A Nexus 7 2012 will work too i will get to that...
Have you seen the amazing Pwn Pad Tablet from Pwnie_Express -> http://pwnieexpress.com/products/pwnpad
Now that is one amazing piece of hardware with some amazing software, yet I don't know about you but I don't have $1,000 dollars to purchase a penetration testing tablet, and even if i did i wouldn't. The Pwn Pad tablet is a 2012 Nexus 7 tablet that the amazing people from Pwnie Express have hacked up to put Ubuntu in a chroot environment with some amazing programs such as EvilAP, Metasploit, Wifite, and Kismet. The greatest thing about the Pwn Pad is that they have done some modifying to a kernel to enable usb wifi devices to work such as the ALFA AWUS036H and the TP-LINK usb wifi device.
Now some people over at a another forum have done some amazing work for the Nexus 7 tablet and they were able to create a Pwn Pad based Rom but instead of Ubuntu they choose Kali Linux which in my opinion is much better for Penetration Testing. In fact the new 2014 Pwn Pad tablet from Pwnie_Express will be coming using the N7 2013 with Kali Linux instead of Ubuntu which is what the 2012 Pwn Pad uses. Moving on...
There are some definite bonuses to using the Kali Pwn Pad created by a user who calls himself "Binky Bear" compared to the original Pwn Pad from the great guys at Pwnie_Express. The first big bonus is that you get Kali Linux instead of Ubuntu. A second great bonus is that Binky Bear has take the [ElementalX kernel v2.2] and tweaked it a bit to work with his creation of Kali Pwn Pad v0.5. The big bonus with Binky's kernel which is based of [ElementalX kernel v2.2] is that the kernel supports USB OTG + Host Charge Mode. This means that if you have a OTG cable that has also has a Y-Cable you are able to power your usb wifi adapter and charge your tablet at the same time. This is one limitation of the original Pwn Pad from Pwnie_Express. The Pwnie_Express Pwn Pad can not power the usb wifi adapter and charge the tablet at the same time, they recommend you use a docking station. However, when you put Kali Pwn Pad on your N7 tablet you will not have this limitation!
Here is a picture of my tablet with the TP-Link usb wifi adapter:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Are you getting excited? I know I was when i first laid eyes on the Pwn Pad from Pwnie_Express! The Pwn Pad was the reason I went out and purchased a Nexus 7, only i didn't know it was the 2012 edition that was being used by Pwnie_Express and I purchased the 2013. So i had to wait for someone to come up with something for the N7 2013, luckily Binky Bear was sent from computer security heaven!
Okay so lets get started... (Many of you these steps will be very elementary for some of you just skip ahead where you feel comfortable)
i wanted to make this guide as detailed as possible (spoon feeding!)
So you have a Nexus 7 is it rooted? The first thing we need to do is Unlock your Bootloader and Root your tablet...
UPDATE TIP: I am jumping ahead here but you need to know this tip...
Anytime you do anything under TWRP recovery manager especially flashing zip files and Rom's you should have your Nexus 7 tablet plugged into power. If your Nexus device is in recovery manager for a period of time (and it will be when we flash kali pwn pad) it could turn the screen off. If your device is being powered it is easy to get the screen back. You just need to press the power button and slide the bottom of the screen from left to right in order to unlock the screen. If your device is not being powered it can be a real pain in the ass to get the screen to come back on from TWRP recovery. PLEASE TAKE THIS ADVICE SERIOUSLY!
STEP 1: Unlock BootLoader and Root your Tablet: There is a great tool for Windows Computers that will basically do whole rooting process for you. If you have been into the Nexus 7 world for some time now then you know exactly what tool I am talking about. The tool I am talking about is the Nexus 7 Root Toolkit by WuGFresh. Here is a link to his website -> http://www.wugfresh.com/nrt/
Now you can use the Nexus 7 Root Toolkit to unlock your tablets BootLoader which is a must! Unlocking your bootloader is the very first thing you should do your Nexus 7 tablet.
In order to unlock your bootloader you need to do a couple of things first. First thing is go into "Settings" for your tablet and click on "About Tablet" When you are in the "about tablet" click on "build number" 7 times to enable "developer options". Once you have clicked on it 7 times go back to settings and go into "developer options" and enable "usb debugging"
Okay now that usb debugging is enabled, we need to install the usb drivers so your tablet can communicate with your computer. This will work for windows vista/xp/7. If you have Windows 8 or Linux or Mac you will need to follow the steps for installing USB drivers and rooting your tablet for your specific setup. It is not hard just do a quick google search or do a search on youtube for a video tutorial...
Moving on...
Now the easiest way to install the usb drivers for your Nexus 7 device is to use the program by WuGFresh -> the Nexus 7 Root Toolkit. Just click on the button to install the usb drivers and follow the steps. If you prefer to manually install the usb drivers you can use this link here to download them -> http://developer.android.com/sdk/win-usb.html
I would really recommend that you use the WuGFresh root toolkit to install the usb drivers though...
Okay now that you have the USB drivers installed you need to unlock the bootloader. Click on the button on the WuGFresh Nexus 7 Root Toolkit which says "unlock bootloader". Follow the steps. When your Nexus 7 tablet reboots you will see a screen come up that says do you want to unlock the bootloader. Slide the bottom button to right to unlock your bootloader. When you do that it will tell you that you may void your warranty unlocking your bootloader but don't worry you can always re-lock it if you want to, especially if you need your warranty. The N7 Root Toolkit has an option to restore your device back to factory settings, unrooted with a locked bootloader! Such a great tool...
Okay so now your bootloader should be unlocked...
So now what you want to do is root your device and install the TWRP recovery manager. Now i know that many of you out there are used to CWM (clockwork mod recovery manager) but TWRP is a great recovery manager and you will need it with Multirom. We will get to multirom...
So under the root button on your Nexus 7 Root Toolkit is an option that you can click on to check which says "install recovery manager" make sure you click that button before you hit the root button!
So check that option to install recovery manager (which it installs TWRP) and let the NRT (nexus root toolkit) do its magic...
Okay so now you should have a rooted tablet! Lets make sure by first making sure that SuperSU is in fact installed on your tablet!. If it is open up the app "busybox free" which should have been put on your tablet by the NRT program. When you start busybox free it should ask you for root permission.
Go ahead and grant busyboxy free root permission and install busybox free...it can't hurt and it is a great program.
If you would like a video tutorial on how to root your N7 with the NRT program here is a youtube video link -> http://www.youtube.com/watch?v=Lg_QU9w5xCU
Moving on...
STEP 2: INSTALL MULTIROM MANAGER
Now that your tablet is rooted you need to install MultiRom Manager. What this does is it allows you to put multiple roms on your tablet without ever harming your stock (internal) android rom. This is a great tool and all of us who use it really owe the developer a lot of credit...
There is a very easy way to install MultiRom Manager. The developer of this program has created an app that you can download from the Google Play Store to install it easily and successfully.
Open up the Google Play store and do a search for "multirom manager". Download it, open it up, grant it root permission and run the app. The app will do all of the hard work for you and it will install MultiRom for you. Once it is done reboot your tablet. Since your stock rom won't have the reboot option i recommend downloading "quickboot" from the Google Play Store. This app requires root access but it will allow you to quickly reboot your tablet, boot into recovery, or boot into the bootloader.
When you are booting up after installing multirom you need to click on your tablet as MultiRom is counting down. The only Rom that will be listed is "internal" (because you haven't installed any other roms) go ahead and boot into "internal" by clicking on the boot button.
IMPORTANT NOTE: it is very important to boot your internal (stock rom) at least one time before you flash/add another ROM with multirom manager. MAKE SURE YOU DO THIS!
Okay so now you should have MultiRom Manager installed. That was easy right!?
STEP 3: Download the neccessary files for your Nexus 7 2013 model FLO Tablet.
Now i have tested this specific version of CM 11 for my Nexus 7 32GB 2013 model FLO (wifi only) tablet. This hacked up version of Cyanogenmod 11 is a bit different than the nightlies and is the only version of cyanogenmod that i found that could work with the kernel for Kali Pwn Pad.
If you have a N7 2012 then you can use SmoothRom v5.2 for your 2012. I will write up another tutorial for the N7 2012 tablets but for now this is for the people with the N7 2013 2nd edition tablets.
Here is a link for the specific cyanogenmod 11 rom that will work with Kali Pwn Pad.
http://forum.xda-developers.com/showthread.php?t=2545628
that is a link for the thread...
*UPDATE*
It has come to my attention that the CUSTOM CyanogenMod (CM) project that XDA member Bruce2728 is running has been updated. So when i told you to download the specific "cm-11-20131213-bruce2728-odexed-flo.zip" zip file it will no longer be available. You should be able to do this tutorial with any of his updates and it should work just fine. As of right now the current zip available is "cm-11-20131217-bruce2728-bricked-linaro-flo.zip". Do not let the "bricked" scare you into not trying it...
NOTE: okay so i decided to go ahead and upload the exact zip file that I used with my installation of KaliPwnPad v0.5. Here is a link for the cm11-20131213-bruce2728-odexed-flo.zip. You can download it here -> http://www.filedropper.com/cm-11-20131213-bruce2728-odexed-flo The newer versions of Bruce2728's custom CM11 ROMS should work just fine but if you feel more comfortable using the exact ROM that i used then feel free to download from the link above.
Please note that specific thread is an on going project and will most likely be updated on a regular basis. I have also gotten Kali Pwn Pad to work on the "Ice Cold ROM Project" which runs on Android 4.3.1 if you would feel more comfortable using that ROM. I will make a note of it on PAGE 2 or 3 of this thread please look for it if you are interested in using Ice Cold ROM. The whole process will be the same you will just use ICE COLD ROM and a slightly different kernel.
I would suggest you try Bruce's custom CM 11 Project for the stability of CM, plus if you have MultiRom installed on your N7 device it is almost impossible to hurt your system. If anything goes wrong just boot up in TWRP recovery and delete the rom -> "FROM LIST ROMS".
Here is a direct link to download the files that you need for that specific CM 11 Rom. Make sure you also download the PA (paranoid android) google apps zip that is in this directory link:
http://bruce2728.mabsoft.dk/CM-11/
Now when you are looking to download the CM11 ROM make sure you click on the directory "FLO". If you have a N7 2013 your model tablet is FLO.
There are a couple of ROM zip files in the FLO directory. The one that you want is the cm-11-20131213-bruce2728-odexed-flo.zip
Make sure you download that exact zip file.
Another good file to download is the SuperSU zip file which you may need. You may be able to install SuperSu without the zip but lets download it just in case.
Here is the link: http://download.chainfire.eu/370/SuperSU/UPDATE-SuperSU-v1.80.zip
UPDATE:
There has also been an update with the SuperSU zip file. I believe the new version of SuperSU is 1.86. Always go with the newest version of SuperSu.
Okay so you should have downloaded these files:
1. cm-11-20131213-bruce2728-odexed-flo.zip
2. pa_gapps-full-4.4-20131119-signed.zip
3. UPDATE-SuperSU-v1.80.zip
The first file is the android 4.4.2 custom CyanogenMod ROM.
The second file is a full google apps zip from the paranoid android rom
The third file is the updated supersu zip which is a stable SU binary used for rooting your tablet.
Okay so lets move on...
STEP 4: INSTALLING CUSTOM CM11 ROM...
Okay now that we have those files downloaded (remember where you downloaded them, download folder maybe?) lets boot into recovery manager. Open up your quickboot app that you downloaded and boot into recovery manager.
TIP: When your tablet is booting up MultiRom loads first. When you tap on your tablet to stop the countdown you will see a button that says "MISC" in the top right corner. If you hit that button you can boot into recovery or reboot your tablet from MultiRom.
Now in recovery manager which works hand in hand with MultiRom you are going to want follow these steps:
1. Hit the Advanced button
2. Hit the MultiRom button
3. Add Rom
4. When you hit "add rom" you will have a few options, you want to select "add zip". Choose the cm-11-20131213-bruce2728-odexed-flo.zip file to flashed.
5. Once that is done flash the zip by sliding the bottom button from left to right.
Okay now after you flash the zip you should see "ZIP FLASHED SUCCESSFULLY".
Now what you want to do is hit the back button till you get to the main recovery page.
Next step adding Google Apps from TWRP recovery manager:
1. advanced
2. multirom
3. list rom
4. now that you have flashed CM11 you should see a ROM under "internal". Remember "internal" is your stock rooted nexus 7 rom.
click on the CM11-bruce rom
5. click flash zip.
6. pick the pa-gapps.zip file.
7. slide the button to flash the zip.
HIT THE BUTTON TO REBOOT YOUR SYSTEM.
SIDE NOTE: many people will suggest to wipe dalvik/cache and it doesn't hurt and a lot of times is a good option. You may not need to do this but you may need to if you have problems adding SUPERSU to your newly added CM11(bruce) Android ROM. If you do want to wipe your dalvik and cache for your added CM11 rom make sure you do under "list roms" click on CM11-bruce-odexed and choose the wipe dalvik/cache button.
NOTE: if you don't choose your CM11 rom you will wipe dalvik and cache for your stock "internal rom".
Okay so now that your Nexus 7 is rebooting you need to tap on your device to stop the countdown from MultiRom. You want to select your newly added "CM11-bruce-odexed" rom and hit BOOT.
SET UP YOUR DEVICE and make sure GOOGLE PLAY STORE IS RUNNING CORRECTLY:
IMPORTANT TIP: if the google play store stops working try rebooting your system. If that does not work and your google play store is giving you an error 920 code then you need to close the google play store. go to settings -> apps -> all apps. Click on Google Play and wipe data and cache. After that you need to click on GMAIL and wipe data and cache.
WIPING THE CACHE and DATA on GMAIL will fix problems with the GOOGLE PLAY STORE especially error code 920.
STEP 5: ADD SUPERSU TO CM11.
Now CM11 comes already prerooted but you will need to install SuperSU in order to get many of the apps for Kali Pwn Pad to work correctly. If you had SuperSU already downloaded from the Google Play store i would uninstall it first (dont run it first) and then reinstall it from the google play store. Open up the App and it will most likely tell you that you need to update the SU binary. Choose to do that with a normal install and the SuperSU app should tell you that you have successfully installed the SUPERSU but we need to check. After the first install of SUPERSU you need to reboot your CM11-bruce rom in order for the new SuperSU binary to take effect! THIS IS VERY IMPORTANT MAKE SURE YOU REBOOT FIRST AFTER YOU FIRST INSTALL SUPERSU.
Okay so try opening an app that needs root such as busybox free. If you do not have busybox free download it from the google play store.
If the SUPER SU notice pops up asking for root access then you have it working and you can move on.
If you get an error (which you probably will, i did) saying that there was a problem with SU and it could not get root access then what you need to do is boot into recovery and wipe dalvik and cache for your CM11 rom. Make sure you do it in TWRP under "list roms" and that you wipe the dalvik and cache for the correct CM11-bruce-oxdeded ROM and not your INTERNAL ROM.
Once you wipe dalvik and cache for your CM11-bruce ROM the Android System will rebuild itself. Once the boot it back up, try running busybox free or any other app that needs root. Did a SUPERSU notice pop up? If it did great!
If you get another error try uninstalling SuperSU boot back into recovery wipe dalvik and cache and then boot the CM11-bruce ROM back up and try downloading and installing SuperSU from the google play store. Reboot and and once the system has rebooted try running an app that needs root. If you get the SuperSu notice you are in business!
If you get another error then you can try this...
Boot back up into recovery. In CM11 you can just hold the power button and you should have an option for reboot. Hit the reboot button and you should see an option for recovery. Hit recovery and it will boot your tablet into TWRP recovery. If you do not see that option then you need to go into SETTINGS -> ABOUT TABLET -> CLICK ON BUILD NUMBER 7 TIMES. ONCE DEVELOPER OPTIONS IS ENABLED GO INTO DEVELOPER OPTIONS AND SELECT "ADVANCED REBOOT" THIS WILL ENABLE THE ADVANCED REBOOT OPTIONS FROM THE POWER BUTTON.
Okay so now you are in TWRP recovery...
Go to ADVANCED -> MULTIROM -> LIST ROMS -> Select the CM11-bruce ROM -> CLICK ADD ZIP -> SELECT THE UPDATE-SUPERSU.ZIP AND FLASH IT FROM RECOVERY.
Now reboot your system and you should have SuperSU installed on your system. Check this by running an app that needs root. Such as titanium backup, or any other.
Now you have successfully added SuperSU, we will be moving on...
STEP 6: INSTALLING BINKY BEAR'S CUSTOM KERNEL BASED OFF OF ELEMENTALX V2.2
Binky Bear who has done us all a huge favor has tweaked the ElementalX kernel in order for us to use usb wifi devices such as the ALFA AWUS036H or the TP-LINK TL-WN722N. Without this kernel working with USB wifi devices such as those would not be possible and USB OTG + HOST CHARGE would not be possible.
Before you flash Binky's custom kernel you should make a note of your current kernel. Go to SETTINGS -> ABOUT TABLET -> and look at the kernel. Write it down because after you flash Binky's kernel we need to make sure that the kernels have changed.
With my experience the TP-LINK TL-WN722N works best. I had a lot of trouble with the ALFA AWUS036H but many people were able to get it to work.
***UPDATE***
I was finally able to get my ALFA AWUS036H device to work with Nexus 7 and the issue ended up being power. In order to use your ALFA you have to have enough power to operate it. I have gone into great detail on how to get your ALFA AWUS036H working on page 10 of this thread. Please look at it and look at the picture on page 10 or at the bottom of this post and take notice on how i setup my OTG cables. Instead of using a Y-SPLIT OTG cable i use a single OTG cable and connect it to a USB HUB. My ALFA goes into the USB HUB which is getting power from a powerbank with 2.2A output. Please check out page 10 for more information...
.
Here is a link if you want to order the TP-LINK TL-WN722N from amazon. It only runs around $15 which it is totally worth it!
http://www.amazon.com/TP-LINK-TL-WN722N-Wireless-Adapter-Detachable/dp/B002WBX9C6
Here is a picture of my TP-LINK TL-WN722N USB WIFI device working with my Nexus 7 2013 Model FLO working with Kali Pwn Pad and the linux program "WIFITE".
Okay so lets move on to flash Binky's Kernel based off the ElementalX kernel. If you would like a link to the ElementalX kernel here is the XDA thread. LINK -> http://forum.xda-developers.com/showthread.php?t=2389022
So the first thing you are going to need is to download the Kernel. Here is the link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/18/
Now once you open that link you will want to go to the section "Custom Kernels". Now since the CM11 Rom you installed is running Android 4.4.2 you will want to download the custom kernel for android 4.4+ under "Nexus 7 2013" make sure you download the kernel for your correct device.
While you are at it Download the Kali Pwn Pad v0.5 file. Here is the description: update-kalipwn-v05.zip = 1.14 GB | Update 8 DEC | Confirmed working on Android 4.4+.
IMPORTANT NOTE: Make sure before you flash this kernel in TWRP that your tablet is plugged in to power! REMEMBER THE NOTICE I TYPED ABOVE.
Once you are done downloading that kernel and Kali Pwn Pad v0.5 you will need to boot into recovery again. Once you are in recovery make sure you go to -> ADVANCED -> MULTIROM -> LIST ROM -> SELECT CM11-BRUCE ROM -> ADD ZIP
Now when you go to add the zip file you will want to select the el-kitkatkaliflo2.2.zip file. Now when you start to flash that zip file you will be greated with a ELEMENTALX picture and a nice and easy to follow menu of options.
Now Binky's kernel based off ELementalX v2.2 is pretty straight forward you can just choose mostly the default options that come up. When you get to CPU GOVERNOR choose "on demand" and when you get towards the end i choose the options for:
option: USB FAST CHARGE
option: exFAT file system
option: USB OTG + HOST CHARGE (this is very important!)
Follow the steps and when it is done hit finish. Now you should see in TWRP "zip successfully flashed" and you should be able to hit "reboot". Now there could be a chance that your tablet turns off after flashing the kernel and you may be able to turn your tablet back on "by pressing the power button" if you can't get it to power back on dont worry. Just hold down the power button and your tablet will reboot and you can boot back into your CM11-bruce ROM from MultiRom.
Even if your tablet turns off after flashing the kernel you will still have installed the kernel,so don't panic. After you reboot your tablet and you have booted up CM11-bruce make sure the kernel has changed by going to SETTINGS -> ABOUT TABLET -> LOOK AT KERNEL.
DO YOU SEE [email protected] #1? If you do you have successfully installed Binky's kernel!!
If you see that kernel in your "ABOUT TABLET" then you are all good and you can now move on to flashing Kali Pwn Pad v0.5 to your Nexus 7 system!!!
STEP 7. FLASH KALI PWN PAD v0.5 TO YOUR TABLET.
So we have come a long way and we are almost there...
AGAIN MAKE SURE YOUR TABLET IS PLUGGED IN TO POWER ESPECIALLY FOR THIS STEP!
Now that we have successfully flashed Binky's kernel we need to flash the KaliPwnPadv0.5 zip file that we downloaded from this link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/18/
Okay so lets boot back up into recovery.
Now that we are in Recovery go to -> ADVANCED -> MULTIROM -> LIST ROMS -> SELECT CM11-BRUCE -> ADD ZIP.
You are going to select the update-kalipwn-v0.5.zip file that you downloaded earlier.
WARNING: this file will take about 30 minutes to flash. you are going to want to keep and eye on this file. if at all possible do not let TWRP time out and turn off the screen. You can avoid TWRP turning off your screen from an idle timeout by clicking on your tablet's screen once a minute. I know it may seem like a lot but it is best and easier to avoid the screen from turning off from an idle timeout. If your tablet does turn off from an idle time out if you are on POWER you should be able to turn the screen back on by just clicking on the power button and swiping the bottom of your tablet from left to right to unlock it.
Okay now that KaliPwnPadv0.5 is flashing you will just have to wait for it to finish...
It does take about 30 minutes for this big file to flash. Now you will see the progress bar filling up. When the progress bar is full don't worry that the zip isn't done flashing. It may take 5-7 minutes after the progress bar is full for the zip file to finish flashing.
Okay so once you see the kalipwnpadv0.5 zip file is about done flashing you are going to want to look for this line "zip successfully flashed". When this file was done flashing at the very last line i received and error..
The error i received was "unable to load ramdisk" and then i got a message on the top screen which said "Error: unable to flash zip". Don't worry this will not affect your system, it did not to mine.
However, not everyone got this error, some people were able to flash the kali pwn pad v0.5 zip without error. I just want you to know that if you do get this error not to worry.
Once the file finished regardless if you got "zip file flashed successfully" or "unable to load ramdisk" error you will need to reboot your tablet.
NOTE: If you want, if you did get the "unable to load ramdisk error" you could boot your CM11-BRUCE ROM back up, boot into Recovery again and try flashing the kalipwnpad v0.5 zip again and you may not get the error the second time. Just a suggestion...its up to but like i said that error "unable to load ramdisk" should not affect your system.
Now click on multirom to stop the countdown and select your CM11-BRUCE Android Rom.
WHEN YOU BOOT YOUR CM11-BRUCE ROM YOU SHOULD SEE THE MESSAGE "ANDROID IS UPGRADING" AND YOU SHOULD SEE ABOUT 40 APPS THAT ARE BEING UPGRADED.
This is a good thing! It means that Kali Pwn Pad took and the apps are being added to your system! Now what you are going to want to do is try out a few apps. The first one i did was change VNC password. Click on the app "configure kali" from your apps menu and choose "change vnc password" the password needs to be 8-characters long. Choose a new pass and then choose the option to boot vnc server. Pay attention to what port number the vnc server starts on, such as 5900 or 5901 or 5902. Once your VNC server is running you can use "androidvnc" from the google play store to boot into kali linux which is running xfce4.
GOOD TIP ABOUT VNC SERVER AND VNC APP:
If you want to use a usb keyboard or any external keyboard with your VNC session then you will need to use another VNC application because AndroidVNC does not support external keyboards and it has not been updated since 2011. A good choice for a VNC application that supports keyboards is MultiVNC which can be found on the Google Play Store. Do yourself a favor and download it!
PAY ATTENTION TO THIS IMPORANT NOTE!!
IMPORTANT NOTE: if you had terminal emulator on your device before you flashed kali pwn pad you will need to delete it and reinstall it for kali pwn pad to work correctly. If you get an error from trying to run any of the shell script apps such as "config kali" you need to delete terminal emulator and reinstall it. Reboot your ROM and you should be fine.
What you need to get the most out of your new penetration testing tablet:
List of Tools:
1. USB WIFI DEVICE -> TOP PICK: TP-LINK TL-WN722N (this usb wifi device worked great for me and i love it!) When i get my ALFA AWUS036H working i will let you know how i did it but for now get this usb device! I gave a link above on where to get it from amazon!
2. USB OTG CABLE w/ POWER!: This is a must have! Many people have reported not being able to get their usb wifi device to work because they did not have an OTG cable that allowed power to be plugged in. This means their usb wifi device was not getting enough power so it could not be used. Here is a link from amazon on where to get the cable.
LINK:
http://www.amazon.com/Micro-Cable-Power-Nexus-Galaxy/dp/B00CXAC1ZW?tag=5336432715-20
3. USB BLUETOOTH SIGNAL BOOSTER: hands down best for this is the "ubertooth" from the hacker store. I have just ordered this and i can't wait till it gets here! As soon as i get it i will let you know how it works and add the steps on getting it working to this tutorial. Here is the link.
Update Ubertooth-One Now Working On Kali PwnPad:
I can confirm that ubertooth does work in fact work with Kali PwnPad. You can now use the Parani-UD100 / Parani-UD100 G03 with Kali PwnPad and you can in fact use Ubertooth with Kali PwnPad. In order to add bluetooth support to Kali PwnPad you need to download Binky's latest kernel which is based on elementalx v2.6 and flash the zip file in twrp recovery.
How to setup bluetooth + ubertooth-one:
Links on how to setup bluetooth and ubertooth-one are on PART II of the tutorial:
Link:
http://hakshop.myshopify.com/products/ubertooth-one
TUTORIAL WILL BE CONTINUED ON NEXT POST!!!
-droidshadow

Tutorial continued...
STEP 8: GETTING YOUR USB WIFI DEVICE WORKING WITH KALI PWN PAD.
here is how i got my usb wifi device to work with kali pwn pad. Okay the only one i was able to get to work first of all is the TP-LINK TL-WN722N but if you check out BENE from the zetaboards forum he has gotten 2 other usb wifi devices to work. Here is a link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/18/
*UPDATE*
Okay so if anyone of you have been reading my posts of the zetaboards forum then you might know that I have been having trouble getting my ALFA AWUS036H USB Wifi Device to work with Kali Pwn Pad. Now others have been able to get their ALFA device to work with Kali Pwn Pad but I have not..
As of recent i have made some advances in getting my ALFA to somewhat work but still the best device is the TP-LINK-TL-WN722N. If you want to try your ALFA make sure you delete the app "pcap capture" that app will block the ALFA from working and coming up as the wlan1 interface. Also try unplugging and plugging in your ALFA to your USB OTG Cable. Another very big important tip is that the ALFA has to be into power so you need an OTG cable that has a Y-SPLIT which you can plug in a charging cable to. As of right now for my ALFA i can get "wlan1" to come up but i am having some "SIOCFLAG" issues which i will eventually work out. When i do get my ALFA working i will post exact instructions on how to fix any issues you might come across with the device. Remember...others have been able to get their ALFA to work just fine so it may just be my device. For right now though i would definitely recommend getting the TP-LINK USB Wifi device it works amazing. Two days ago i switched my home router from WPA2 to WEP encryption and my Nexus 7 + WIFITE + TP-LINK was able to crack my home router within 5 minutes!
Continued...
Okay so what i did was first boot up the CM11-bruce rom. After the boot finished up i would plug in my USB OTG CABLE with my nexus 7 charging cable into my OTG cable (power plug) and my usb wifi device (TP-LINK TL-WN722N) into the other Y-cable adapter plug. I have had success plugging in my OTG cable after the ROM boots. For some reason if i try to plug in and boot the ROM with the OTG cable plugged in my usb wifi device will not come up! so please pay attention to that...
IMPORTANT: NOTICE THAT I PLUG IN MY OTG CABLE AFTER MY NEXUS 7 HAS BOOTED UP AND I AM KALI LINUX.
Okay so your ROM is booted up and your USB WIFI Device is plugged in now how do you connect it? First log into Kali Linux with any of the apps. I like to choose the app "configkali"and then choose "start vnc server". After the vnc server starts you are chrooted into Kali Linux. First check to see if wlan1 is available with the command in terminal emulator "ifconfig"
If you run "ifconfig" and you only see wlan0 then you need to run the command "iwconfig". If you run "iwconfig" you should see wlan1 available.
If you see "wlan1" when running the command "iwconfig" then you can load the interface by running the command "ifconfig wlan1 up".
After you run "ifconfig wlan1 up" you should see this:
Once wlan1 is up and running you can run any of the apps such as "Wifite" and "Kismet" to fully utilize your usb wifi device!!
Now for the app "kismet" you may have an issue with a small screen size which Binky has issue a zip file fix which you can download here:
http://d-h.st/YgC
Once you download that kismet zip file fix you just need to flash it in TWRP recovery manager. Just make sure that you flash it to your CM11-bruce ROM from the section "list roms" which you should be a pro by now!!
Now there are some small errors with certain apps on Kali Pwn Pad which can be fixed quite easily with a text editor. If you are going to fix these small issues which can be done very easily with nano i would suggest that you do it in vnc with xfce4 it is much easier that way. Here is a link on the zetaboards forum thread on those issues and how to fix those problems...
SMALL FIXES LINK:
http://w11.zetaboards.com/Pwnie_Express/single/?p=8259168&t=9369003
Well that is about it...
@binky
I would really like to thank Binky Bear for all of his hard work. Brother this would not have been possible if it wasn't for you. You have put so much time in this project and we all owe you so much. I have loved turning my Nexus 7 Tablet into a penetration testing machine, and thank you for saving me over $1,000 dollars as compared to the Pwn Pad tablet! Binky I would really like to take this time thanking you for all of the extra time you took to help me with all of the responses and answering all the questions i had. Binky I wrote this tutorial for you to reference to try and make your life easier and you have done so much for all of us.
People if you get a chance, go by the zetathread forum and make sure you thank Binky!
@BENE
Bene i would like to thank you also for all of the testing that you have done to make sure Kali Pwn Pad did in fact work on the 2013 Nexus 7 tablet device. Bene i would not have been able to put Kali Pwn Pad on my tablet if it was not for you and Binky. Bene you pointed me in the right direction by pointing me to the custom CM11-bruce ROM and all the advice and tips you gave me made this possible. Thank you for taking time to help me and I want you to know just how much i appreciate your help.
I would like to thank everyone else who helped me...you know who you are! I am just very tired of typing at this point!
Well i hope this tutorial has been helpful to you and i will be updating it regularly! If you have any questions please let me know and I will be happy to assist you! If this tutorial has helped you please give me a thanks to show your appreciation!
Have fun with your now new penetration testing tablet! Make sure to also show your thanks to Binky! He is the man!
Have fun!
-droidshadow

Tutorial continued...
After seeing all that text...man that is a very long tutorial. However, i really tried to be as detailed as possible and really give you as much as i could step by step instructions. If anything is confusing you please let me know so that i can either fix it, edit it, or elaborate a bit more.
***UPDATE***
Okay so one thing I forgot to add to the tutorial is a way for you to check which usb devices are connected to your tablet through the Kali Linux chroot environment. For those of you who are Linux users when you read this you will probably be thinking oh ya i remember that command! So lets get started...
Now when you are connecting usb devices such as your usb wifi adapters for example your ALFA AWUS036H (RTL8187) or your TP-LINK WN722N or finally your Alfa AWUS036NHA you may in the beginning have trouble getting your usb devices to show up on Kali PwnPad. There is however a very nice program in Linux to help you troubleshoot connecting your usb devices by showing you which devices are connected to Kali PwnPad so you can see where you are having troubles. The program/command that I am talking about is "lsusb".
For those of you who don't know what that command is or does, lsusb stands for list usb and it will show you what usb devices are connected to your Kali PwnPad linux system. I was very happily surprised to see that this command would actually work in a linux chroot environment especially with Android as the host operating system but it works amazing!
How to install...
Okay so in order to install lsusb on Kali PwnPad we need to install just one package. So when you are in chroot Kali PwnPad environment, (you can do this by clicking config kali and hit 0 to exit the menu) this will bring you to a command line prompt you should see [email protected] at your command line prompt, just run this command -> "apt-get update" then run "apt-get install usbutils". Now if the second command does not work then try running "apt-get install usbutil" i am almost 100% sure that the usbutil(s) has an "s" at the end but it may not so try "apt-get install usbutils" first and if that does not work try usutils without the s on the end.
That is it... very simple right!?
So when you instal that package you can now use the command "lsusb" and others that are in that package but i will only be discussing lsusb here. When you run lsusb you should see whatever usb device you have attached. If you are using an OTG cable with a Y-SPLIT for power hosting then you will most likely only have one usb device attached so when you run lsusb you will only see one usb device obviously. Now if you happen to be using a usb hub like the one i posted in my picture at the bottom of the tutorial on page one or at the bottom of this post, when you run lsusb you will see all usb devices attached and you will also see your usb hub attached as well! If however when you run lsusb you don't see any usb devices listed and you don't see your cflex usb hub listed then you know that you have a problem somewhere. You either have a bad OTG cable, a bad cflex usb hub, or you are not getting enough power to your USB devices so they are not working because of power issues.
Problems with connecting more than one usb device:
The two most common problems I see that people get when trying to attach more than one usb device is that one, they are not setting up their usb hub/cables correctly so try moving things around and switching cables around till you find a setup that works. The second issue/problem I see that people make is that they are not getting enough power to their usb devices so their usb devices are not turning on, hence they can not be attached because there is not enough power for them to work. This power issue is a big issue with ALFA products. ALFA products require more power to work than say the TP-LINK. This is why i recommend people to start off with the TP-LINK as it is much easier to setup because it requires much less power to work versus the ALFA products.
Tip on which powerbank to get for your Nexus 7:
Okay so some people have asked me which powerbank should they get for their Nexus 7 when they are trying to connect their usb devices and be mobile at the same time. Powerbanks work great with the Nexus 7 and with Kali PwnPad so you don't always have to be plugged into a wall outlet in order to power your usb devices. One big recommendation for which powerbank to get is one that has at least a 2A output. You need at least 2A output in order to get enough power to get your ALFA's to work properly. If you are just going to use a TP-LINK then any powerbank will work just fine for the most part. Okay so another big recommendation for your powerbank is that it have at least 2 usb plug-in outputs. This will just make life a lot easier for you. When you look at your powerbank for the most part one output will say 0.8A or 1A and the second one will say 2A. When you are trying to power your usb devices make sure your usb hub is plugged into the usb option on your powerbank that says 2A. This will give you enough power for your devices. My powerbank has 3 usb output options 2 usb outputs are 1A and the 3rd is 2.2A. That kind of powerbank works great with Kali PwnPad + ALFA products but a 2A output will do just fine. I have tested on two other powerbanks with 2A output and they worked just fine with both Alfa's mentioned above.
Output for lsusb:
Okay so when you run lsusb you should see all usb devices attached and you should see your usb hub (if you are using one) listed in the output as well. Later on today I will post a picture of the output so you can see first hand what it looks like. Later today i am going to be flashing Binky's new kernel based off of elementalX v2.6 which has added bluetooth support. I will let you all know how my Parani-UD100 usb bluetooth adapter and my ubertooth (should be here by Monday) works with lsusb, and if the usb bluetooth devices are showing up on the lsusb output. I will also be writing a separate post on how to setup ubertooth and the parani-ud100 with Kali PwnPad as well.
IMPORTANT NOTE:
At the bottom of the post I am uploading a picture of my 2013 Nexus 7 with my cflex usb hub along with 2 usb wifi devices, one ALFA AWUS036H, and my TP-LINK WN722N. Please study the picture and see how i setup my cables as it might help you when it comes time to setup your cables. If when you setup your OTG cables and your usb hub if your usb devices are not showing up try unplugging your OTG cable and plugging it back in and see if that helps. Try rearranging the cables for different combinations until you find one that works. If that does not work try a restart and see if that helps... Bottom line is it will work but it may take you a few tries until you find a combination that works for you. SO DO NOT GIVE UP, YOU WILL GET IT!
UPDATE: HOW TO CONFIGURE BLUETOOTH + UBERTOOTH-ONE:
Okay so if you want to configure bluetooth on kali pwnpad then go to this link here and look for my detailed post on how to setup bluetooth. Here is the link -> http://forum.xda-developers.com/showthread.php?t=2577356&page=16
If you want to learn how to setup ubertooth-one on kali pwnpad then go to this tutorial -> http://ubertooth.sourceforge.net/usage/build/
For that ubertooth-one tutorial make sure you do all steps that apply. Some steps by not work because this is linux in an android environment but just keep moving ahead with the rest of the tutorial. I followed this tutorial exactly and ubertooth worked great on kali pwnpad. If you want to use the GUI ubertooth program which shows a graph of bluetooth analysis then obviously you need to be in a VNC session.
All other ubertooth programs can be ran from terminal emulator once you are in Kali Linux in a chroot environment.
If any of you are unfamiliar with VNC and want to learn how to setup VNC manually on Kali Linux (even though binky has taken care of this in his config kali app) you can learn how to setup VNC from this post -> http://forum.xda-developers.com/showthread.php?t=2577356&page=14
I hope this post will help you with your USB devices and any troubleshooting that you may have to do. Also I will let you all know very soon how Binky's new kernel based off of elementalX v2.6 works out since he added bluetooth support so we can start doing some bluetooth hacking and bluetooth packet injection with the parani-ud100 and the ubertooth! Again please study the picture at the bottom of this post to help you out with setting up your OTG cables. Please notice that I am using a single OTG cable with no y-split to connect to my cflex usb hub. Again i hope this has helped you out and be on the look out for my updates on the new kernel from Binky and how bluetooth support works out. Keep your fingers crossed that the bluetooth support added to Binky's new kernel works out without any issues! I will let you all know very very soon!
Thank you all for your continued interest and support for Kali PwnPad and for this thread but most of all THANK YOU BINKY for giving us all such a great penetration testing system for our Nexus 7 devices. We all owe you so much Binky. thank you again!
-droidshadow

niche application, but very very cool.

orlandoxpolice said:
niche application, but very very cool.
Click to expand...
Click to collapse
Just wanted to say thanks for the tutorial!
I am a security student and I purchased my Nexus 7 Tablet with this exact application in mind!
I have been stumbling through things and keep having to start over..
With this tutorial (assuming it works for me) You just saved me probably another 8+ hours screwing with it.. And the look on my class mates faces when i come in with a full Kali installation...
I will post again once I have it all installed and go from there. And thanks for the part for the wifi. I might have to go and order atleast one now. I am building a mobile hacking station into my vehicle and a couple other machines. Was not aware of this WiFi also working.
Now that I have my stock rom back on for the 6th time today... (grrr) I am off to follow this tutorial!
One quick question for you...
Can you use the built in WiFi with this to hack with as well?
I understand you won't likely be able to hack wifi without the USB wifi adapter but I am also interested in hacking in the network once I am in. In otherwords it makes sense to use the USB wifi adapter to gain access to a network then unplug it and use the built in to hack the actual network.
I will mention again I am a security student learning this stuff and I will not be using these to break any laws. I will likely be hacking into my own computers setup for this experience or other computers setup for this.
I assume you could use a similar style USB wired lan interface as well.
have you tried the latest kali rom that was posted?
Rodney

@rulk
Hey i am glad that you like the tutorial! People have reported getting the internal broadcomm wifi chipset that is built into the Nexus 7 tablet to work with monitor mode. So you technically could use wifite and aircrack-ng with your tablets built in wifi. The only problem with that is that you will loose all internet connection once you put your internal wifi cad into "monitor mode"
If you get an OTG Cable with multiple Y-Cables you could plug in multiple usb wifi adapters...
There is one gentleman on the other zetaboards forum that has multiple usb wifi adapters (multiple ALFA's) that you could check out...
I just ordered a different ALFA NOT THE AWUS036H that has the RTL8187L chipset the ALFA i ordered i believe has an ATHEROS chipset i believe, and once i try it out I will let you know how it works,,,
Have fun brother, and let me know if you have any questions!
-droidshadow

Oh which latest kali rom are you talking about?...
Can you give me a link?..
-droidshadow

If you go to the link in your tutorial there is another one listed now:
update-kalipwn-v05-1.zip = 1.46 GB | Update 18 DEC | Uncomfirmed working on Android 4.4+.
I loaded this one onto my tablet and about half of the programs exit abruptly.
I just screwed up my tablet again...
I had backed up the rom before installing kali but since it didnt work I tried to restore but there is not a restore option for just the rom so I did the main restore... Looks like I over wrote my stock rom with the CM rom and lost the second rom..
Ugh
Looks like it will be cool once I get it working though..
If I can use the WiFi to do my internet stuff then switch it off to use this stuff then I am good. I really don't need two wifi adapters on it yet.
Although I may be ordering some new ones so I can...
Rodney

Rulk:
Yes Binky has just added that Kali pwn update but as you can see in the comments it has not been tested...
You need to make sure that you are using the custom CM ROM I mentioned the CM11-bruce ROM and make sure you use Binky's kernel for 4.4+ then only use the update-kalipwnv0.5 that I mentioned in the tutorial.
If you have Multirom installed you will be fine just remove (delete) the ROM and start over.
The custom cm11 ROM and kernel are crucial to getting Kali pwn pad to work!
-droidshadow
Sent from my SCH-I535 using XDA Premium 4 mobile app

@rulk I forgot to get you the link so that you can turn your internal WiFi card on your Nexus 7 into monitor mode but if you do a Google search for 'android monitor mode' one of the very first links that comes up is bcmon.blogspot (something like that) and they have actually created an APK file to get monitor mode on the Nexus 7. Granted this was tested on N7 2012 and on CM 9 but other guys have told me they got it working on newer CM10+ ROMs
When I get home I will give you the link
-droidshadow
Sent from my SCH-I535 using XDA Premium 4 mobile app

Fantastic tutorial! I greatly appreciate the detail that went in 2 this masterpiece. I just checked the link 4 CyanogenMod download and the only ones posted for the Flo model are 12 / 18 and 12 / 17
Sent from my Nexus 7 using XDA Premium 4 mobile app

Just a little question,
Do we need a USB WiFi device like the one linked to amazon so that this whole setup works?
BTW the flo Roms available don't say odexed but bricked linaro, is that the one we need?
Sent from my Nexus 7 using xda app-developers app

@AlchemicalVibrations
You do NOT download the CM ROM from the official CyanogenMod website. You have to download it from the xda thread that is in the link I provided.
@jonathanxx1
You do not necessarily need the USB WiFi device like the one I linked from Amazon but then it would leave apps like wifite kismet and aircrack-ng useless. But there is still some great apps such as metasploit SET (social engineering toolkit) and openvas just to mention a few...
For the $15 the TP-LINK USB WiFi device costs it is truly worth it!
-droidshadow
Sent from my SCH-I535 using XDA Premium 4 mobile app

@johnathanx
You are right he has updated the ROM...
Go with the second to last zip should be fine...
Try flashing that zip with Multirom and it should work just fine...
If for any reason you have a problem I will upload the cm11-bruce-odexed.zip file that I have I promise
-droidshadow
Sent from my SCH-I535 using XDA Premium 4 mobile app

droidshadow said:
@AlchemicalVibrations
You do NOT download the CM ROM from the official CyanogenMod website. You have to download it from the xda thread that is in the link I provided.
@jonathanxx1
You do not necessarily need the USB WiFi device like the one I linked from Amazon but then it would leave apps like wifite kismet and aircrack-ng useless. But there is still some great apps such as metasploit SET (social engineering toolkit) and openvas just to mention a few...
For the $15 the TP-LINK USB WiFi device costs it is truly worth it!
-droidshadow
Sent from my SCH-I535 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
The file (ROM) that I got is cm 11 2013/12/18 bruce2728 bricked linaro, is that it, just to make sure before flashing and messing everything up.
Sent from my Nexus 7 using xda app-developers app

Ok on bruce's page I see two downloads:
cm-11-20131217-bruce2728-bricked-linaro-flo.zip
cm-11-20131218-bruce2728-bricked-linaro-flo.zip
Just to be sure, did you mean the cm-11-20131217-bruce2728 one? Also, SuperSU updated to 1.86 so is that okay to go with or do we need the 1.8 you referenced in OP?
Sent from my SCH-I535 using XDA Premium 4 mobile app

jonathanxx1 said:
The file (ROM) that I got is cm 11 2013/12/18 bruce2728 bricked linaro, is that it, just to make sure before flashing and messing everything up.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
In gonna wait for an answer also before flashing
Sent from my Nexus 7 using xda app-developers app
---------- Post added at 04:29 AM ---------- Previous post was at 04:27 AM ----------
jonathanxx1 said:
In gonna wait for an answer also before flashing
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
I mean an answer to the question the poster above me just asked.
Sent from my Nexus 7 using xda app-developers app

jonathanxx1 said:
In gonna wait for an answer also before flashing
Sent from my Nexus 7 using xda app-developers app
---------- Post added at 04:29 AM ---------- Previous post was at 04:27 AM ----------
I mean an answer to the question the poster above me just asked.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
Jonathanxx1:
Do you have multirom installed? It is almost impossible to mess up your tablet with MultiRom installed...
You can go with either zip file i would probably go with the latest zip file the 12-18 one. With multirom installed you can't go wrong...
If your rom messes up you can just hold down the power button it will reboot your tablet and you can delete the rom from TWRP recovery and you can easily start over again.
Now go ahead and try that rom and if it works great, if it doesn't work then i will upload the cm11-bruce-odexed.zip file that i use specifically for my installation.
Does anyone know of a good (and free) upload site where i can upload a zip file around 180MB?
As for SuperSU updating itself always go with the most recent SuperSU zip file that is available...
I stated in the tutorial that you may not even need the SuperSU zip file it is just good to have just in case you have problems adding SuperSU to your cm11-bruce ROM installation.
Have fun brother!
-droidshadow

I will try with the latest Bruce ROM and the latest super su and report back after.
Sent from my Nexus 7 using xda app-developers app

Want to try a different ROM?...
jonathanxx1 said:
I will try with the latest Bruce ROM and the latest super su and report back after.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
Jonathanxx1:
I wanted to let you and everyone else who is interested in putting Kali Pwn Pad on their Nexus 7 device that I was in fact able to get Kali Pwn Pad to work with another custom ROM. The ROM I choose was recommended to me by another *tester* and it worked very well for me.
The ROM I choose was "Ice Cold ROM" and here is a link to the XDA Thread -> http://forum.xda-developers.com/showthread.php?t=2488056
Ice Cold Rom is a very nice and stable ROM that runs on Android 4.3.1
If you would like to use this ROM to put Kali Pwn Pad on you are going to want to choose the ROM for "FLO" if you have the Nexus 7 2013 WIFI only tablet like i do.. (if you don't choose the correct Rom for your device).
Okay so the whole process is the same if you want to use Ice Cold ROM except you are going to be adjusting a few things...
1st. You are going to want to get the correct GApps.zip file. For Ice Cold Rom you can use the same GApps.zip file that Cyanognemod uses for their 10.2 version. Here is a link -> http://wiki.cyanogenmod.org/w/Google_Apps (choose the gapps.zip for CM 10.2 the 0813).
2nd. You are going to want to use a slightly different kernel. You will be using Binky's kernel for Android 4.3 which is based off of ElementalX v1.8 Here is another link -> http://w11.zetaboards.com/Pwnie_Express/topic/9369003/21/#new
Make sure you get this kernel -> Android 4.3 Based off ElementalX v1.8.. Defconfig can be found here for developers. The trick was cfg80211. This is confirmed working by BeNe.
3rd. Instead of using Kali Pwn Pad v0.5 you are going to need to use Kali Pwn Pad v0.4. Now i know you might be thinking that kali pwn pad v0.5 is probably better than v0.4 but let me tell you that i have been playing with kalipwnpadv0.4 for about 3 days now and it is quite stable..
Well that is it...
The whole process for using Ice Cold Rom instead of Bruce2728 Custom CM11 project is the same except you are going to be using those 3 files mentioned above instead..
If anyone has any questions please dont hesitate to ask...
*NOTE* if you used Bruce2728 updated CM11 zip file (1217 or above) please let me know how it worked for you so i can relay it into my tutorial.
If i have to i will try it out myself...
I hope this has been helpful for you...
-droidshadow

Installation and run Kali linux

Hello,
1. Downloaded kalilinux.FULL.ext4.20131031.zip of around 2.2 GB.
2. Extracted zip on sdcard in kali folder and I got kalilinux.FULL.ext4.v2.img of 5.59 GB.
3. Installed Linux deploy from play store.
4. In the Linux deploy tap on right bottom download button and selected Kali Linux as distribution option, installation path /sdcard/storage/0/kali/Kali.img (I renamed the img).
5. Clicked on install option from menu option. Did not worked, got message something like Mounting Partitions... fail.
6. OK. I left this way and installed Linux deploy and reinstalled Linux deploy and installed kali Linux from Wi-Fi connection, it seems it got worked and after seeing many retrieving, validating, installing and configurating messages in Linux deploy, it seems me got installed.
7. But, I don't know how do I access Kali Linux on my this one plus one device which is running aicp 7.1.1 ROM.
Kindly tell me what step(s) need to run Kali Linux on my phone. I am interested to use above Kali.IMG, so that a fresh new installation can use this IMG which have bundelled many pre configured modules.

Do you have a VNC client?

SirSoviet said:
Do you have a VNC client?
Click to expand...
Click to collapse
Thanks for your reply. Yes sir, I have installed vnc app too, but I don't know what settings I need to have. I tried by localhost and Kali for connect, but it is saying "The port on which computer is listening for a connection could not be contacted". I don't know which "computer" is it talking about and what port I need to use?

GirishSharma said:
Thanks for your reply. Yes sir, I have installed vnc app too, but I don't know what settings I need to have. I tried by localhost and Kali for connect, but it is saying "The port on which computer is listening for a connection could not be contacted". I don't know which "computer" is it talking about and what port I need to use?
Click to expand...
Click to collapse
Sorry, I can't get it working on my device either :/ I just need to figure it out, I'm 100% sure it would work with the correct settings...

SirSoviet said:
Sorry, I can't get it working on my device either :/ I just need to figure it out, I'm 100% sure it would work with the correct settings...
Click to expand...
Click to collapse
Ok, no problem. Please share with us as and when you get success by installation and running Kali on the phone. I would like to request to other xda experts to please tell us how they are able to install Kali with offline .IMG file and other vnc settings.

May I ask here?
After installation kali runs as a normal operating system, not as an app, correct?
Does it run as a dual boot OS?

r0tati0n said:
May I ask here?
After installation kali runs as a normal operating system, not as an app, correct?
Does it run as a dual boot OS?
Click to expand...
Click to collapse
Well, it does run as a normal operating system, but it's sandboxed into an app. It's like a virtual machine.

i love Kali on my OnePlus One.
i use it with a micro USB to LAN Adapter for do anything what i will do with Kali

GirishSharma said:
Hello,
1. Downloaded kalilinux.FULL.ext4.20131031.zip of around 2.2 GB.
2. Extracted zip on sdcard in kali folder and I got kalilinux.FULL.ext4.v2.img of 5.59 GB.
3. Installed Linux deploy from play store.
4. In the Linux deploy tap on right bottom download button and selected Kali Linux as distribution option, installation path /sdcard/storage/0/kali/Kali.img (I renamed the img).
5. Clicked on install option from menu option. Did not worked, got message something like Mounting Partitions... fail.
6. OK. I left this way and installed Linux deploy and reinstalled Linux deploy and installed kali Linux from Wi-Fi connection, it seems it got worked and after seeing many retrieving, validating, installing and configurating messages in Linux deploy, it seems me got installed.
7. But, I don't know how do I access Kali Linux on my this one plus one device which is running aicp 7.1.1 ROM.
Kindly tell me what step(s) need to run Kali Linux on my phone. I am interested to use above Kali.IMG, so that a fresh new installation can use this IMG which have bundelled many pre configured modules.
Click to expand...
Click to collapse
May I ask you why did you install it as a guest os and not as dual boot with Multirom?

SirSoviet said:
Sorry, I can't get it working on my device either :/ I just need to figure it out, I'm 100% sure it would work with the correct settings...
Click to expand...
Click to collapse
Hi again,
Have you worked on it please? I don't know how people are using Kali Linux on phone?

GirishSharma said:
Hi again,
Have you worked on it please? I don't know how people are using Kali Linux on phone?
Click to expand...
Click to collapse
I tried it a couple weeks ago and it's surprisingly functional. Here's my settings: https://drive.google.com/folderview?id=0B1HrmNJiLNhjb04ydWlpaktPNkU
Press the button at the bottom-right, configure, then go back, press the three dots at the top then press install. After it's done, go to your VNC app of choice (I use VNC Viewer), add IP address localhost:5900, connect then enter user password. Ta da!
Btw, the reason you couldn't get it working is because you downloaded an image and used that, when Linux Deploy does everything for you.

SirSoviet said:
I tried it a couple weeks ago and it's surprisingly functional. Here's my settings: https://drive.google.com/folderview?id=0B1HrmNJiLNhjb04ydWlpaktPNkU
Press the button at the bottom-right, configure, then go back, press the three dots at the top then press install. After it's done, go to your VNC app of choice (I use VNC Viewer), add IP address localhost:5900, connect then enter user password. Ta da!
Btw, the reason you couldn't get it working is because you downloaded an image and used that, when Linux Deploy does everything for you.
Click to expand...
Click to collapse
Thanks for your reply. I will try your way when I will be in WiFi network area. Since, in my region network issue exists, I want to learn Kali installation by offline downloaded zip file so that :
1. Network issue can be override.
2. If I changes the ROM, I can play with zip on different ROMs.
So, please give a try by installing zip file as and when you gets spare time and kindly post your offline steps.

Galaxy Note 4 (SM-N910T) w/ LineagOS 15.1/NetHunter - Alfa AWUS036NEH not detected

First time posting, but I've read through dozens of threads and have used the site extensively. I cannot seem to find an answer to the issue I'm having. I had an old Galaxy Note 4 lying around and wanted to see if I could install NetHunter. After tons of trial and error, I was successful in flashing LineageOS 15.1, addonsu -15.1 arm, nethunter-generic-armhf-kalifs-full-rolling-2017.10-20171013-0449, and kernel-nethunter-generic-armhf-3.15.4-20170211-0304 (too new to post link of the NH builds). I have full chroot, updated busybox (v1.25-0-NetHunter) and SuperuserSU to manage root privileges. I had to install all of the tools (e.g., cspolit, DriveDroid, OpenVPN, etc.) individually, but they seem to be in working order.
My issue: I bought an external wifi adapter (Alfa AWUS036NEH) with a chipset (Ralink Technology Wifi Adapter RT2780) that supports monitor mode. The Wifi card appears to work flawlessly on my macbook with Kali distro, but I can't seem to find a way for the NH kernel on the Note 4 to recognize the adapter. In the kernel I flashed, I can see the rt2870.bin firmware required in the /system/etc/firmware folder, but for some reason Nethunter does not recognize the adapter. On most Nexus/NH builds, the wifi adapter is found to be compatible and is usually plug and play.
When I run:
-Kali terminal
-ifconfig
There is no wlan1. Only wlan0.
Same thing if I run iwconfig.
When I run:
-kali terminal
-airmon-ng
I receive a prompt that states:
Found phy0 with no interface assigned, would you like to assign one to it [y/n]?
-y
ERROR adding monitor mode interface: command failed: Operation not supported (-95)
No surprise, the above is indicating the embedded chipset does not support a monitor mode interface, but it doesn't even list the external adapter.
when I run: lsusb
Output shows the Ralink wifi adapter on bus 3:2.
I understand NetHunter was not built for LineageOS 15.1, but there has to be some way to maybe push the firmware or modify the firmware (I have the original firmware from the manufacture) to be compatible with my current build? Do I need to compile my own Kernel for this to work properly? Why doesn't the generic NH kernel, with the rt2870.bin file work?
Thanks ahead of time.

Have you tried using Magisk and flashing the Kali Nethunter module with that? It also includes multiple wireless firmware and I believe the correct one for your Alfa dongle. I too just bought that exact WIFI dongle and I'm still in the process of setting up Kali on my Note 4.
I had a similar issue as you on my OnePlus 5T even with the Magisk module for Nethunter. I'm going to try and find a different kernel because I think that's my issue on that phone.
My Note 4 is N910P but I'll let you know if I find something that works and maybe it'll help you find a way on your variant.

[Help] I need install Wireless Dongle driver on Huawei nove 2i with [RTL88x2BU]

Ask for help I want to install Wireless Dongle driver on android device. I have a driver file. But I can't install it. I want a simple guide step by step on linux
I have a picture preview. Have driver file Please check it for me About how I can install as easily as possible. Thank you very much
My devices
huawei nova 2i android 8.0 (Oreo)
android box CS918 Rockchip android 4.4 (KitKat)
Equipment is not the same But I think the driver installation method should be the same.
Driver Link + Guide [RTL88x2BU_WiFi_linux_v5.2.4.4]
https://www.mediafire.com/file/94b5wkvj41g1bla/RTL88x2BU_WiFi_linux_v5.2.4.4.rar/file

surathus said:
Ask for help I want to install Wireless Dongle driver on android device. I have a driver file. But I can't install it. I want a simple guide step by step on linux
I have a picture preview. Have driver file Please check it for me About how I can install as easily as possible. Thank you very much
My devices
huawei nova 2i android 8.0 (Oreo)
android box CS918 Rockchip android 4.4 (KitKat)
Equipment is not the same But I think the driver installation method should be the same.
Driver Link + Guide [RTL88x2BU_WiFi_linux_v5.2.4.4]
https://www.mediafire.com/file/94b5wkvj41g1bla/RTL88x2BU_WiFi_linux_v5.2.4.4.rar/file
Click to expand...
Click to collapse
You'd need to add support to kernel if you want to use the dongle on your phone over OTG.
There is a experimental entry in Kconfig for Realtek devices which have not been tested, enabling that might work. Else you will have to add support yourself.
Either way you'll need to compile your own kernel for it.
Have you tested by simply inserting OTG and dongle and see what happens?
Since phone has wifi already (I guess) it might not work if internal is interfering with external.

ante0 said:
You'd need to add support to kernel if you want to use the dongle on your phone over OTG.
There is a experimental entry in Kconfig for Realtek devices which have not been tested, enabling that might work. Else you will have to add support yourself.
Either way you'll need to compile your own kernel for it.
Have you tested by simply inserting OTG and dongle and see what happens?
Since phone has wifi already (I guess) it might not work if internal is interfering with external.
Click to expand...
Click to collapse
Thanks for the info

repeatedly

Who can get the files that I posted? Can be created as a driver Thank you very much

surathus said:
Who can get the files that I posted? Can be created as a driver Thank you very much
Click to expand...
Click to collapse
I had to add that driver to several linux kernels that i use on my machines (Ubuntu and OpenElec).
Never tested on my Mate 10 Pro, or any other Android device.
However, adding that to the kernel would require some work and i'm not even sure it works fine on android.
Here's a link to my github - > https://github.com/pretoriano80/RTL8822BU

Pretoriano80 said:
I had to add that driver to several linux kernels that i use on my machines (Ubuntu and OpenElec).
Never tested on my Mate 10 Pro, or any other Android device.
However, adding that to the kernel would require some work and i'm not even sure it works fine on android.
Here's a link to my github - > https://github.com/pretoriano80/RTL8822BU
Click to expand...
Click to collapse
thank alot for your help..
...Oh, I forgot to say that My device The model name really is named Realtek 8811CU Wireless Lan 802.11ac USB NIC.
I use the 8811CU driver installed on linux. It can connect and use normally. But the driver that came with the device The name is back. This model is RTL88x2BU. Will it work as well with the links you recommend?

surathus said:
thank alot for your help..
...Oh, I forgot to say that My device The model name really is named Realtek 8811CU Wireless Lan 802.11ac USB NIC.
I use the 8811CU driver installed on linux. It can connect and use normally. But the driver that came with the device The name is back. This model is RTL88x2BU. Will it work as well with the links you recommend?
Click to expand...
Click to collapse
Then probably this - > https://github.com/brektrou/rtl8821CU <- should work for your device.

Pretoriano80 said:
Then probably this - > https://github.com/brektrou/rtl8821CU <- should work for your device.
Click to expand...
Click to collapse
What do I have to do? help guide step-by-step That can help teach me
Right now it works great on linux & windows 10 but can not running on adroid devices.

surathus said:
What do I have to do? help guide step-by-step That can help teach me
Right now it works great on linux & windows 10 but can not running on adroid devices.
Click to expand...
Click to collapse
There is no easy way to do that. First you will have to check if your kernel has support for that Realtek driver and it it does, enable it (as ante0 said).
If it doesn't have support for that driver, then first compile the kernel from sources (without any modification to the source) and check if your device will boot, if it doesn't, then you can stop here and forget about adding that driver to the kernel.
If it does boot with the compiled kernel, then you will have to add the driver to the source code and here, again, there's no guarantee it will work. (compilation might fail or simply, the kernel builds just fine but the driver won't work... like i said, there's no easy way for this).
In my opinion, you better start searching on GitHub for an android kernel that already has support for that driver, but you will also have to check the kernel version (if it matches yours, then you have higher chances to port it for your device's kernel).
Best option : Buy a Wi-Fi adapter that have in-kernel support already.

Pretoriano80 said:
There is no easy way to do that. First you will have to check if your kernel has support for that Realtek driver and it it does, enable it (as ante0 said).
If it doesn't have support for that driver, then first compile the kernel from sources (without any modification to the source) and check if your device will boot, if it doesn't, then you can stop here and forget about adding that driver to the kernel.
If it does boot with the compiled kernel, then you will have to add the driver to the source code and here, again, there's no guarantee it will work. (compilation might fail or simply, the kernel builds just fine but the driver won't work... like i said, there's no easy way for this).
In my opinion, you better start searching on GitHub for an android kernel that already has support for that driver, but you will also have to check the kernel version (if it matches yours, then you have higher chances to port it for your device's kernel).
Best option : Buy a Wi-Fi adapter that have in-kernel support already.
Click to expand...
Click to collapse
Thanks again

Kali NetHunter On MI 9T

Hello Everyone!
I saw on the website of offensive security that they are released The official NetHunter For Mi 9T my question
Does the Internal wifi support packet injection and monitor mode (without external USB adapter)
Thanks Again I really need help guys.....

deigo775 said:
Hello Everyone!
I saw on the website of offensive security that they are released The official NetHunter For Mi 9T my question
Does the Internal wifi support packet injection and monitor mode (without external USB adapter)
Thanks Again I really need help guys.....
Click to expand...
Click to collapse
-There is a thread about Kali NH for Mi 9T, probably in Guides section or so
-If they didn't release a new, that "official" Kali was released long ago and I tested it with MIUI 11 (not sure would the same "add-on" package work correctly with MIUI 12)
- Monitoring WiFi works but Packet Injection does not work, you can find more info how/why in that thread
- Later I also installed Kali NH manually (how-to was described also in that thread) to MIUI 12 (still A10) and got the same: Monitoring working, Injection not
In short - you can install Kali NH to Mi 9T and WiFi monitoring will work out of the box (because NH recognizes Snapdragon and uses special command to put to the Monitor mode) but Packet Injection will not work (the most I found about was that it would require a special kernel)

zgfg said:
-There is a thread about Kali NH for Mi 9T, probably in Guides section or so
-If they didn't release a new, that "official" Kali was released long ago and I tested it with MIUI 11 (not sure would that package work correctly with MIUI 12)
- Monitoring WiFi works but Packet Injection does not work, you can find more info how/why in that thread
- Later I also installed Kali NH manually (how-to was also described in that thread) to MIUI 12 (still A10) and got the same: Monitoring working, Injection not
In short - you can install Kali NH to Mi 9T and WiFi monitoring will work out of the box (because NH recognizes Snapdragon and uses special command to put to the Monitor mode) but Pcket Injection will not work (the most I found about was that it would require a special kernel)
Click to expand...
Click to collapse
Thanks for the useful information
So the Airodump-ng works?
Can i connect the external adapter To the device ? And use it For packet injection You know ( using it as the wifi) And Thanks again

deigo775 said:
Thanks for the useful information
So the Airodump-ng works?
Can i connect the external adapter To the device ? And use it For packet injection You know ( using it as the wifi) And Thanks again
Click to expand...
Click to collapse
Didn't have/try external WiFi adapter but that should work (in that case both Monitoring and Injection must work over the adapter, no more the Snapdragon)
I was even able to break my own WiFi but instead of Packet Injection (to disconnect and initiate new reconnection on the second phone) I had to manually start connecting to my WiFi my second phone while Mi 9T was in monitoring mode - then it caught up and broke the pass

zgfg said:
Didn't have/try external WiFi adapter but that should work (in that case both Monitoring and Injection must work over the adapter, no more the Snapdragon)
I was even able to break my own WiFi but instead of Packet Injection (to disconnect and initiate new reconnection on the second phone) I had to manually start connecting to my WiFi my second phone while Mi 9T was in monitoring mode - then it caught up and broke the pass
Click to expand...
Click to collapse
Sorry for bothering Can U give a full guide on how to install official NetHunter on MI9T

deigo775 said:
Sorry for bothering Can U give a full guide on how to install official NetHunter on MI9T
Click to expand...
Click to collapse
Its been months I had uninstalled Kali NH (and later reformatted and switched to different firmwares), hence cannot support you but read another Q/A thread for Kali on Mi 9T, particularly the posts #21,23,27,32 - all steps were documented there (post #27):
https://forum.xda-developers.com/showpost.php?p=83160165&postcount=21
https://forum.xda-developers.com/showpost.php?p=83226095&postcount=23
https://forum.xda-developers.com/showpost.php?p=83271769&postcount=27

zgfg said:
Its been months I had uninstalled Kali NH (and later reformatted and switched to different firmwares), hence cannot support you but read another Q/A thread for Kali on Mi 9T, particularly the posts #21,23,27,32 - all steps were documented there (post #27):
https://forum.xda-developers.com/showpost.php?p=83160165&postcount=21
https://forum.xda-developers.com/showpost.php?p=83226095&postcount=23
https://forum.xda-developers.com/showpost.php?p=83271769&postcount=27
Click to expand...
Click to collapse
I can't Find A Word To Thank You You Really Helped Me a lot Thanks Mate Hope You Get Wonderful Day
My last question is i successfully installed the Net hunter and enabled The Monitor mode On wlan0 Using echo mode (Wifite and airodump-ng ) Are Working But Reaver and Wash having Trouble When Run the reaver and wash I got (found Bad packet with Bad fcs ignoring..) i try to run wash -i wlan0 -F but not detecting the Netwoks

deigo775 said:
I can't Find A Word To Thank You You Really Helped Me a lot Thanks Mate Hope You Get Wonderful Day
My last question is i successfully installed the Net hunter and enabled The Monitor mode On wlan0 Using echo mode (Wifite and airodump-ng ) Are Working But Reaver and Wash having Trouble When Run the reaver and wash I got (found Bad packet with Bad fcs ignoring..) i try to run wash -i wlan0 -F but not detecting the Netwoks
Click to expand...
Click to collapse
I'm glad that it worked to you. I spent in the summer a day or two on setting it up and documenting, good if it can help to others (there were couple of issues with chroot and sudo where I wasted a time to find the proper way to install)
I don't remember such details anymore - you can check in that theead my posts and screenshots if I reported (if I would have an issue bothering me, I would usually report/ask there)
Not sure anymore, maybe one method did not work and attacking always skipped over to the next method
Btw, are you using a stick or a built-in Qualcomm WiFi chipset, also, what was your firmware or custom Rom?
And does Packet injection work for you - i.e. can you jump from monitoring mode to cracking mode without the need to manually reconnect WiFi on the other phone/laptop (to capture its handshaking eith the WLAN AP)?

zgfg said:
I'm glad that it worked to you. I spent in the summer a day or two on setting it up and documenting, good if it can help to others (there were couple of issues with chroot and sudo where I wasted a time to find the proper way to install)
I don't remember such details anymore - you can check in that theead my posts and screenshots if I reported (if I would have an issue bothering me, I would usually report/ask there)
Not sure anymore, maybe one method did not work and attacking always skipped over to the next method
Btw, are you using a stick or a built-in Qualcomm WiFi chipset, also, what was your firmware or custom Rom?
And does Packet injection work for you - i.e. can you jump from monitoring mode to cracking mode without the need to manually reconnect WiFi on the other phone/laptop (to capture its handshaking eith the WLAN AP)?
Click to expand...
Click to collapse
Thanks Buddy Iam First Iam Using Miui Global Rom 11.0.5 Than flash the official NetHunter from their website Using The Method U send me in previous Post let's Talk about injection packet and monitor mode on external Adapter My Chipset is (RT2800 (Ralink Rt3070)) everything works with it successfully...
Now let's Talk about The built-in wifi i set up monitor mode by (echo "4" > /sys/module/wlan/parameters/con_mode) So The Wlan0 welll become in monitor mode (Now set (Wifte -i wlan0) u can see the Netwoks how ever The Reaver and wash Cant work it shows error
The injection mode don't work

deigo775 said:
Thanks Buddy Iam First Iam Using Miui Global Rom 11.0.5 Than flash the official NetHunter from their website Using The Method U send me in previous Post let's Talk about injection packet and monitor mode on external Adapter My Chipset is (RT2800 (Ralink Rt3070)) everything works with it successfully...
Now let's Talk about The built-in wifi i set up monitor mode by (echo "4" > /sys/module/wlan/parameters/con_mode) So The Wlan0 welll become in monitor mode (Now set (Wifte -i wlan0) u can see the Netwoks how ever The Reaver and wash Cant work it shows error
The injection mode don't work
Click to expand...
Click to collapse
Oh, you are still on MIUI 11 - you're probably saving your battery or what ?
For MIUI 11 you could have also flashed their official pre-built image for Mi 9T (I had it when I was on 11.0.3 EEA - easier installation, same nett results)
Btw, if injection does not work with your adapter, you could have the same with 9T alone (monitoring ok, injection nok)
At the end I was dissapointed (and I uninstalled, and didn't install again when I moved to Xiaomi.eu firmware) since to break my own WPA-PSK i had:
- to manually initiate WLAN reconnection on the other phone to capture its handshake (because of lacking the Injection) to enter to the cracking mode
- to put my (kn)own PSK for the WLAN under attack to the Kali's Dictionary (maybe because a more sofisticated method did not work and this was the only way to make the brute-force method to succeed cracking)
All together not useful for any real-case cracking (although I didn't want to use it for real cracking, I tested only with my WLANs at home, friends and family)
And all that for the price of about 9 GB on /data