Nethunter ROM on Nexus 5 & 6P with Nexmon (testing only)

NETHUNTEROS.MD

Nethunter OS on Nexus 5/Nexus 6P

Here are instructions to install Nethunter (as a ROM) with working native monitor mode in the chroot using Nexmon. The ROM is a modified CM 14.1 (nougat) base with custom kernel which supports: HID, Drivedroid, Kexec, and external wireless.

What you need

You will need the following 3 items (maybe 4):

Nexus 5 Devices:

• TWRP (Multirom) for Hammerhead: https://s.basketbuild.com/filedl/devs?dev=Tassadar&dl=Tassadar//multirom/hammerhead/TWRP_multirom_hammerhead_20160210.img

• Nethunter OS (based on CM 14.1): https://build.nethunter.com/nethunteros/CM14_1/hammerhead/nethunteros-nethunter-hammerhead-cm-14.1-hammerhead.zip

• (If you get an error about updating your radio image then download latest radio image): http://www.mediafire.com/file/ld8vvfj774sx6xy/NEXUS5_M4B30X_RADIO.zip

Nexus 6P

• TWRP for Angler: https://dl.twrp.me/angler/twrp-3.0.2-2-angler.img.html

• Nethunter OS (based on CM 14.1): https://build.nethunter.com/nethunteros/CM14_1/hammerhead/cm-14.1-angler-nethunteros.zip

All devices

• kalifs-full.tar.xz: https://images.offensive-security.com/kalifs-full.tar.xz

SHA512 for Nethunter OS Nexus 5: 2da699575ffdf5310c498f526f8570f3594d89e5bbcf32d648fb4cd5d0dfb04d8b9a6e282e51a05bbbe63247e0037fe9aaf364ccdc393dfe54c5a531cc23aad2

SHA512 for Nethunter OS Nexus 6P:a2352000cc468888c515ae0c71fa7673542c1387fbff1e2682109da496b407c4a23f889a12434cd30f9dae8542e3b6a25c2c266be7e8a59f673314a312004eba

SHA512 for kalifs is updated and should match https://images.offensive-security.com/version.txt or version.txt on github https://github.com/offensive-security/kali-nethunter/blob/master/version.txt

How to unlock device & flash recovery

Have you flashed Cyanogenmod before? If you can flash CM or a ROM its exactly the same way.

There is the easy way:using the Nexus Root Toolkit

There is the harder way:

1. Download ADB and fastboot (depends on OS/distro)
2. Put phone into fastboot by holding down vol down + power
3. Warning this will wipe device In terminal on computer: fastboot oem unlock && fastboot reboot
4. Reboot back into fastboot
5. In terminal on computer: fastboot flash recovery TWRP_multirom_hammerhead_20160210.img
6. Now boot into recovery by either using menu in fastboot or holding volume up + power.

Flashing in TWRP

If you have made into recovery you will want to copy the NethunterOS zip file to your device and maybe also the radio zip file.

• Always make a backup of a working OS under the backup tab. Select system/data/boot
• Wipe any previous ROMs by going to wipe tab. Select Advanced Wipe & system/data/cache
• Finaly go to install button and select NethunterOS zip file.

Setting Up

Reboot your device. When it starts up the first time it will reboot once, don't be nervours.

After your device loads go through the normal CM set up. Copy the kalifs-full.tar.xz from your computer to your device. Then:

1. Go to the Nethunter app
2. Go to "Kali Chroot Manger" after accepting permissions. If previous Chroot was found click "Remove Chroot" first.
3. Click on "Install Chroot" > Use SDCARD > Use Full
4. Exit out of app and run Nethunter terminal app and launch into Kali terminal

Monitor mode specifics

There is a specific binary file for loading mointior mode inside chroot. To run it inside Kali terminal:

source monstart-nh

To stop run:

source monstop-nh

Since we are using LD_PRELOAD the monitor mode is essentialy tied to the terminal window. So if you open a new window make sure you rerun script.

The technical explanation is we need to set LD_PRELOAD to our ioctl intercept that was compiled inside chroot. When the chroot is run we have to unset LD_PRELOAD and we are essentially telling the terminal to run LD_PRELOAD before each command.

It's a simple bash script and you can view it in /system/xbin/monstart-nh

Updating ROM

If new versions come out you can flash ROM without having to go through most of the early steps. You can just go straight into recovery and install the zip file over ROM.

Todo

Here are things that need to be done for Nethunter OS:

• Add extra apks to Nethunter OS (drivedroid etc)
• Add a native updater
• Fix wallpaper offset

Sources

Source files can be found @:

https://github.com/nethunteros

Kernel Source

Device Source

Is it works on OnePlus one (nethunter os bacon) ?

I have installed Nethunter OS successfully on Nexus 6P (running Android Nougat 7.1.2) but I didn't find the monstart.nh or monstop.nh script to start the monitor mode. Can anyone please tell me how to find it? (I searched it in /system/xbin)

@sm0k3y13, have u make it for Nexus 6P?

Hi,

First of all a bin compliment and thanks für your Guide.
I have an Nexus 5, made Like your explanation via The Nexus rootkit.
The remaining Problem is that The Monitor Mode is Not working, Similar to some mentioned, exactly like sanjustar (3.12).
Strange Enough wifite worked a Little Bit, everything Else Semester not to. I tried some Stufe, didn‘t work on in this Problem, Now Not Even wifite accepts The Monitor mode. I made some Gries aber preload und nexutil and fixed The repository/metapackages links(was that maybe wrong )
My guess is The Radio Image, because I forget about The Radio Image Weile Setting the phone up, andThe phone Never asked, but Right now thats my Favoriten guess about The Problem.
The question is if and how/wehre i can install The Radio.zip, couldnt find good Details about that.

After repository Updates Armin-ne Shows at least driver of wlano
4335/4339 chipset

@binkybear what steps are required to make a kernel that supports monitor mode lime hammerheadmon of yours.I can enable it in chroot using libfakeioctlkali but the device reboots after that.

@Sinf0r0s0

Did your steps, i believe succesfully but when i source monstart-nh i still have the prints :(
BTW, how you moved to the system folder ? since its RO

Ok. Found the problem. You need to move it to system/lib not system/xbin.

Finally wifite works again :)

Thanks all!

Has anyone been able to get HID stuff working on this nexus 5 ROM? I have basically everything else working, but just can't get any of the HID stuff working. I'm using the kernel that came with the ROM, so it's not like I changed kernels and that broke it... I also don't want to try using a different kernel either, because this setup is the first time I've gotten a working Nethunter install on my Nexus 5 (I've tried countless other installs with official nightly builds and kernels and everything was always broken with those installs).

Edit: also, not sure if this is an issue or just something that won't ever work, but when I try to change the Mac address of the internal wlan0, it seems to change but WIFI can't connect to any access points until I set it back to default.

Have there been any updates to the hammerhead version of nethunterOS in the OP? Or is this still the most recent version?

@melissa200
This seems to be the most recent version as far I can tell. Definitely could use an update but it seems most of the developers have been inactive for quite some time.
@mirzaatifbaig You can try using the Nethunter installer here https://github.com/offensive-security/kali-nethunter/wiki/Building-Nethunter to build a hammerheadmon kernel for your device. Otherwise you will need to learn how to make a new kernel from the ground up.

@bluegizmo83 Try using the Nethunter installer to build a fresh image and/or kernel(s) for your nexus 5 device.
https://github.com/offensive-security/kali-nethunter/wiki/Building-Nethunter

@b10ch1p All I could suggest is using a different kernel and no you do not need Gapps but it is still useful for other apps such as cSploit and Router Keygen. If you have privacy concerns I would suggest using Lineage OS.

I'm guessing there's a problem with the latest kalifs-full.tar.xz? After installing NethunterOS, I'm having problems with monitor mode. If I run 'start monstart-nh', and then run wifite, Wifite fails with:

Looking for wireless interfaces...
error too many values to unpack
And then a few trace lines indicating a possible monitor mode issue.

I'm guessing there's a problem with the latest kalifs-full.tar.xz? After installing NethunterOS, I'm having problems with monitor mode. If I run 'start monstart-nh', and then run wifite, Wifite fails with:

Looking for wireless interfaces...
error too many values to unpack
And then a few trace lines indicating a possible monitor mode issue.

Same with me: using kernel-nethunter-hammerheadmon-nougat-2019.03-13-0514 and the corresponding kalifs. Besside-ng appears to work fine, though.

@melissa200 @RChadwick7 Rebuilding libfakeioctl.so in chroot works for me.

1. In the kali chroot terminal, pasting this monitormode.h header to: /usr /local/include    (just like you did)
   https://github.com/seemoo-lab/nexmon/blob/master/patches/include/monitormode.h

2. Use this branch  https://github.com/seemoo-lab/nexmon/blob/ct-artikel/utilities/libfakeioctl/fakeioctl.c
   edit fakeioctl.c, erase printf's, add Library <string.h>:
   `#include <string.h>`

3. and the most important **add -ldl at the end of the command to compile**, exactly like this:
   `gcc -shared -o libfakeioctlkali.so -fPIC fakeioctl.c -ldl`

4. Back up the original end replace the file in /system/xbin/libfakeioctlkali.so.

5. Enjoy.
   This helped me: https://stackoverflow.com/questions/4385155/setting-my-lib-for-ld-preload-makes-some-processes-produce-loader-errors

Thanks! @Sinf0r0s0

Plz proviede some more support for the nexus 6p devices. I would even pay for that :3
PS. im getting no bssids when i run airodump-ng -i wlan0???

@melissa200 @RChadwick7 Rebuilding libfakeioctl.so in chroot works for me.

Will give it a shot. Thanks @46736f6369657479 @Sinf0r0s0

I apologize in advance beginner here any help would be greatly appreciated
I have searched and cant find any info please could someone explain in more detail how to complete these steps:

1. In the kali chroot terminal, pasting this monitormode.h header to: /usr /local/include (just like you did)
   https://github.com/seemoo-lab/nexmon/blob/master/patches/include/monitormode.h

2. Use this branch https://github.com/seemoo-lab/nexmon/blob/ct-artikel/utilities/libfakeioctl/fakeioctl.c
   edit fakeioctl.c, erase printf's, add Library <string.h>:
   #include <string.h>

3. and the most important add -ldl at the end of the command to compile, exactly like this:
   gcc -shared -o libfakeioctlkali.so -fPIC fakeioctl.c -ldl

4. Back up the original end replace the file in /system/xbin/libfakeioctlkali.so.

5. Enjoy.
   This helped me: https://stackoverflow.com/questions/4385155/setting-my-lib-for-ld-preload-makes-some-processes-produce-loader-errors

Hi there I'm getting__nex_driver_io: error on nexus 5.. someone else? Any help?

@mirkorobocop

I am a linux user not a developer but I have successfully compiled this way:

1. In the kali chroot terminal, pasting this monitormode.h header to: /usr /local/include    (just like you did)
   https://github.com/seemoo-lab/nexmon/blob/master/patches/include/monitormode.h

2. Use this branch  https://github.com/seemoo-lab/nexmon/blob/ct-artikel/utilities/libfakeioctl/fakeioctl.c
   edit fakeioctl.c, erase printf's, add Library <string.h>:
   `#include <string.h>`

3. and the most important **add -ldl at the end of the command to compile**, exactly like this:
   `gcc -shared -o libfakeioctlkali.so -fPIC fakeioctl.c -ldl`

4. Back up the original end replace the file in /system/xbin/libfakeioctlkali.so.

5. Enjoy.
   This helped me: https://stackoverflow.com/questions/4385155/setting-my-lib-for-ld-preload-makes-some-processes-produce-loader-errors

Please, @binkybear this ROM needs an update :)

I am running into all sorts of 'null character ignored' warnings when trying to compile inside chroot, and i don't end up with a compiled file...

UPDATE
Had to change encoding to UTF-8, then it compiled. Silly oversight.

cannot use monstart-nh because of the following error: CANNOT LINK EXECUTABLE "nexutil": library "libdl.so.2" not found. I have this library on my Nexus 5 and I've installed Nexmon as well and I don't know what is wrong

I am having the exact same issue. This was asked in 2018 and there's no answer, so I'm hoping someone can help me. I'm using the nexus 5 with Blinkbears OS and the official chroot package. There seems to be a lot of errors no mater what I do which is making me think that a standard PI would be better.

@arcticmunkii try installing the hijacker app from the nethunter store and installing nexmon drivers through that. Worked for me on my Nexus 5. Monitor mode working great.

I followed the directions from 46736f6369657479, and yes I got Wifite working! However, the nexmon driver seems very flaky. I can get it working for a minute or two (Both in Wifite, and besside-ng), then it stops seeing nearby hotspots. I used a 2017 chroot, as that appeared to be the most stable for me. Could the issue be combining parts of Nexmon from different versions? Is there a more stable kernel?

@RChadwick7 If you want a more stable kernel you pretty much have to make one yourself. I do not have the ability to do this at the moment for reasons I wont go into but I am wondering if you can make the driver as a module in the kernel itself. Even so I doubt this would help with injection support though. For the Nexus 5 you can look at the native monitor mode patch and start here:
https://github.com/ruleh/misc/blob/master/monitor/bcmdhd_enable_monitor.patch

Also take a look at this new repo for a new nethunter kernel builder as well:
https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-kernel#building-a-test-kernel-package

Also check the latest and greatest about nethunter here, such as monitor mode support on Qualcomm chipsets as seen in the OnePlus 7 and Xiaomi Mi 9T!:
https://www.kali.org/news/kali-nethunter-updates/

Thanks for all your help with this. I just got a 6P, and tried the new Nethunter you linked to, but it doesn't appear to have Nexmon nor do any of the Nethunters I've tried past 2018, In the past, I had besside-ng working pretty good, but that was many flashes and wipes ago. I'm hoping someone might have guidance on which Nethunter/chroot combinations work best

Where found monstart-nh or monstop-nh script any one have correct link

Hello @binkybear
Thanks a lot for your great contribution.
I was asking that I couldn't find realtek drivers in kernel source , but they were present in your rom.
I was able to use my external wifi (tenda w322u) only with the help of your rom.
I was asking if you can tell that how can I get it.

TWRP (Multirom) for Hammerhead: https://s.basketbuild.com/filedl/devs?dev=Tassadar&dl=Tassadar//multirom/hammerhead/TWRP_multirom_hammerhead_20160210.img

link broken

kalifs-full.tar.xz: https://images.offensive-security.com/kalifs-full.tar.xz link broken

kalifs-full.tar.xz: https://images.offensive-security.com/kalifs-full.tar.xz link broken

This is ancient af and don't think it's maintained nemore, recent kali nethunter has nexmon ting integrated already.
here's anyway, from my own archives https://we.tl/t-fYMZURAhjA

Hi I was wondering if u cud help at all I'm running andrax v4 on nexus 5 an would like the nexmon app to work with andrax to get native monitor mode an injection I had it working last year but accidentally deleted the rom iv tried moving libfakeioctl.so an libfakeioctlksli.so into different folders if anyone's interested in helping me figure this out again would be much appreciated I can upload a backup of andrax with the nethunter hammerheadmon kernel