Here are instructions to install Nethunter (as a ROM) with working native monitor mode in the chroot using Nexmon. The ROM is a modified CM 14.1 (nougat) base with custom kernel which supports: HID, Drivedroid, Kexec, and external wireless.
You will need the following 3 items (maybe 4):
-
TWRP (Multirom) for Hammerhead: https://s.basketbuild.com/filedl/devs?dev=Tassadar&dl=Tassadar//multirom/hammerhead/TWRP_multirom_hammerhead_20160210.img
-
Nethunter OS (based on CM 14.1): https://build.nethunter.com/nethunteros/CM14_1/hammerhead/nethunteros-nethunter-hammerhead-cm-14.1-hammerhead.zip
-
(If you get an error about updating your radio image then download latest radio image): http://www.mediafire.com/file/ld8vvfj774sx6xy/NEXUS5_M4B30X_RADIO.zip
-
TWRP for Angler: https://dl.twrp.me/angler/twrp-3.0.2-2-angler.img.html
-
Nethunter OS (based on CM 14.1): https://build.nethunter.com/nethunteros/CM14_1/hammerhead/cm-14.1-angler-nethunteros.zip
- kalifs-full.tar.xz: https://images.offensive-security.com/kalifs-full.tar.xz
SHA512 for Nethunter OS Nexus 5: 2da699575ffdf5310c498f526f8570f3594d89e5bbcf32d648fb4cd5d0dfb04d8b9a6e282e51a05bbbe63247e0037fe9aaf364ccdc393dfe54c5a531cc23aad2
SHA512 for Nethunter OS Nexus 6P:a2352000cc468888c515ae0c71fa7673542c1387fbff1e2682109da496b407c4a23f889a12434cd30f9dae8542e3b6a25c2c266be7e8a59f673314a312004eba
SHA512 for kalifs is updated and should match https://images.offensive-security.com/version.txt or version.txt on github https://github.com/offensive-security/kali-nethunter/blob/master/version.txt
Have you flashed Cyanogenmod before? If you can flash CM or a ROM its exactly the same way.
There is the easy way:using the Nexus Root Toolkit
There is the harder way:
- Download ADB and fastboot (depends on OS/distro)
- Put phone into fastboot by holding down vol down + power
- Warning this will wipe device In terminal on computer: fastboot oem unlock && fastboot reboot
- Reboot back into fastboot
- In terminal on computer: fastboot flash recovery TWRP_multirom_hammerhead_20160210.img
- Now boot into recovery by either using menu in fastboot or holding volume up + power.
If you have made into recovery you will want to copy the NethunterOS zip file to your device and maybe also the radio zip file.
- Always make a backup of a working OS under the backup tab. Select system/data/boot
- Wipe any previous ROMs by going to wipe tab. Select Advanced Wipe & system/data/cache
- Finaly go to install button and select NethunterOS zip file.
Reboot your device. When it starts up the first time it will reboot once, don't be nervours.
After your device loads go through the normal CM set up. Copy the kalifs-full.tar.xz from your computer to your device. Then:
- Go to the Nethunter app
- Go to "Kali Chroot Manger" after accepting permissions. If previous Chroot was found click "Remove Chroot" first.
- Click on "Install Chroot" > Use SDCARD > Use Full
- Exit out of app and run Nethunter terminal app and launch into Kali terminal
There is a specific binary file for loading mointior mode inside chroot. To run it inside Kali terminal:
source monstart-nh
To stop run:
source monstop-nh
Since we are using LD_PRELOAD the monitor mode is essentialy tied to the terminal window. So if you open a new window make sure you rerun script.
The technical explanation is we need to set LD_PRELOAD to our ioctl intercept that was compiled inside chroot. When the chroot is run we have to unset LD_PRELOAD and we are essentially telling the terminal to run LD_PRELOAD before each command.
It's a simple bash script and you can view it in /system/xbin/monstart-nh
If new versions come out you can flash ROM without having to go through most of the early steps. You can just go straight into recovery and install the zip file over ROM.
Here are things that need to be done for Nethunter OS:
- Add extra apks to Nethunter OS (drivedroid etc)
- Add a native updater
- Fix wallpaper offset
Source files can be found @:
@binkybear what steps are required to make a kernel that supports monitor mode lime hammerheadmon of yours.I can enable it in chroot using libfakeioctlkali but the device reboots after that.