Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Nethunter ROM on Nexus 5 & 6P with Nexmon (testing only)

Nethunter OS on Nexus 5/Nexus 6P

Here are instructions to install Nethunter (as a ROM) with working native monitor mode in the chroot using Nexmon. The ROM is a modified CM 14.1 (nougat) base with custom kernel which supports: HID, Drivedroid, Kexec, and external wireless.

What you need

You will need the following 3 items (maybe 4):

Nexus 5 Devices:

Nexus 6P

All devices

SHA512 for Nethunter OS Nexus 5: 2da699575ffdf5310c498f526f8570f3594d89e5bbcf32d648fb4cd5d0dfb04d8b9a6e282e51a05bbbe63247e0037fe9aaf364ccdc393dfe54c5a531cc23aad2

SHA512 for Nethunter OS Nexus 6P:a2352000cc468888c515ae0c71fa7673542c1387fbff1e2682109da496b407c4a23f889a12434cd30f9dae8542e3b6a25c2c266be7e8a59f673314a312004eba

SHA512 for kalifs is updated and should match https://images.offensive-security.com/version.txt or version.txt on github https://github.com/offensive-security/kali-nethunter/blob/master/version.txt

How to unlock device & flash recovery

Have you flashed Cyanogenmod before? If you can flash CM or a ROM its exactly the same way.

There is the easy way:using the Nexus Root Toolkit

There is the harder way:

  1. Download ADB and fastboot (depends on OS/distro)
  2. Put phone into fastboot by holding down vol down + power
  3. Warning this will wipe device In terminal on computer: fastboot oem unlock && fastboot reboot
  4. Reboot back into fastboot
  5. In terminal on computer: fastboot flash recovery TWRP_multirom_hammerhead_20160210.img
  6. Now boot into recovery by either using menu in fastboot or holding volume up + power.

Flashing in TWRP

If you have made into recovery you will want to copy the NethunterOS zip file to your device and maybe also the radio zip file.

  • Always make a backup of a working OS under the backup tab. Select system/data/boot
  • Wipe any previous ROMs by going to wipe tab. Select Advanced Wipe & system/data/cache
  • Finaly go to install button and select NethunterOS zip file.

Setting Up

Reboot your device. When it starts up the first time it will reboot once, don't be nervours.

After your device loads go through the normal CM set up. Copy the kalifs-full.tar.xz from your computer to your device. Then:

  1. Go to the Nethunter app
  2. Go to "Kali Chroot Manger" after accepting permissions. If previous Chroot was found click "Remove Chroot" first.
  3. Click on "Install Chroot" > Use SDCARD > Use Full
  4. Exit out of app and run Nethunter terminal app and launch into Kali terminal

Monitor mode specifics

There is a specific binary file for loading mointior mode inside chroot. To run it inside Kali terminal:

source monstart-nh

To stop run:

source monstop-nh

Since we are using LD_PRELOAD the monitor mode is essentialy tied to the terminal window. So if you open a new window make sure you rerun script.

The technical explanation is we need to set LD_PRELOAD to our ioctl intercept that was compiled inside chroot. When the chroot is run we have to unset LD_PRELOAD and we are essentially telling the terminal to run LD_PRELOAD before each command.

It's a simple bash script and you can view it in /system/xbin/monstart-nh

Updating ROM

If new versions come out you can flash ROM without having to go through most of the early steps. You can just go straight into recovery and install the zip file over ROM.

Todo

Here are things that need to be done for Nethunter OS:

  • Add extra apks to Nethunter OS (drivedroid etc)
  • Add a native updater
  • Fix wallpaper offset

Sources

Source files can be found @:

https://github.com/nethunteros

Kernel Source

Device Source

@oltyx

This comment has been minimized.

Copy link

@oltyx oltyx commented Nov 28, 2016

Very nice OS for smartphone/tablet pentesting, but, there is a problem: when you open NetHunter Terminal and activate monitor mode (source monstart-nh) and type "airodump-ng wlan0" everything is fine, but when you open another kali tab and type the same command it freezes and reboots itself.

@nethunteros

This comment has been minimized.

Copy link

@nethunteros nethunteros commented Dec 7, 2016

@oltyx - When you ld_preload its tied to that terminal window. So ioctl intercept will only work in that terminal.

There's also issues with trying to run both wlan1 and and wlan0 at same time. (needs more testing)

@AutinMitra

This comment has been minimized.

Copy link

@AutinMitra AutinMitra commented Dec 9, 2016

If I wanted to compile a kernel that has wlan0 monitor mode (let's say aosp 7.1 for nexus 5), what steps would I need to go through to build it?

@gaaden

This comment has been minimized.

Copy link

@gaaden gaaden commented Jan 24, 2017

Hi,
I just came across this the other night and I have been trying to follow your install instructions, but I keep getting lost at the 'Setting Up' part.
What are you suppose to do with kalifs-full.tar.xz after you copy it too /sdcard.

@webcoderz

This comment has been minimized.

Copy link

@webcoderz webcoderz commented Jan 27, 2017

in sd card directory before download directory

@binkybear

This comment has been minimized.

Copy link
Owner Author

@binkybear binkybear commented Jan 29, 2017

@gaaden - After you copy kalifs-full.tar.xz to the card you start your device like normal. Load the nethunter app and go to chroot manager. Install kali and pick the sdcard option. That's when you select kalifs-full.tar.xz. What it does is decompress the chroot (kali) to your device.

I can go into more detail if you need.

@krptg

This comment has been minimized.

Copy link

@krptg krptg commented Mar 22, 2017

Hi, monitor mode is working absolutly perfectly but there seems to be a lack of HID drivers onto this system. Maybe i've missed a step but ls /dev/hd* returns nothings, and Kali managers says the same. Is that anything to do with the chroot or ...? If anybody has some insights :)

@Kirball

This comment has been minimized.

Copy link

@Kirball Kirball commented Apr 18, 2017

What is different between this build and the one on the offensive security website?

@dciphr

This comment has been minimized.

Copy link

@dciphr dciphr commented Apr 26, 2017

Does this work when using the generic ROM in the nightly builds (instead of the CM14.1)? I actually generated my own build from the GitHub repository for angler (flashed stock 7.1.2, flashed twrp, ran build.py and installed generated generic ROM and angler kernel via twrp) but appears the nexmon patch isn't included. How would I go about building nexmon into the ROM generated by build.py ? Sorry if this is the wrong forum to ask this in, but I haven't had much luck.

I also tried manually compiling the nexmon patch using instructions at https://github.com/seemoo-lab/nexmon however monstart-nh doesn't exist and it appears I can't manually execute nexutil -m2 from the nethunter kali terminal only the adb shell.

Any direction would be much appreciated.

Thanks!

@nethunteros

This comment has been minimized.

Copy link

@nethunteros nethunteros commented May 8, 2017

Sorry I don't monitor this well enough:
@Kirball - These are "ROM" builds so you don't need to flash over a factory image. Also this supports nexmon.
@dciphr - This was built into the ROM so it wouldn't work a "generic" build. It also is specific to the Nexus 5 (nexmon) so it wouldn't work with angler. Monstart-nh exists only in my hammerhead repo under this account.

@thatguy987

This comment has been minimized.

Copy link

@thatguy987 thatguy987 commented Jun 16, 2017

So far the nethunterOS has some bugs but works spot on on nexus 5. Brilliant work been watching from the background. Hopefully more updates for the ROM at a future date. Much respect to all devs

@BearChavez

This comment has been minimized.

Copy link

@BearChavez BearChavez commented Jul 6, 2017

Is this still under development?

@mirkorobocop

This comment has been minimized.

Copy link

@mirkorobocop mirkorobocop commented Jul 25, 2017

Hi @binkybear,
In old zip cm-14.1-hammerhead-nethunteros.zip hid attacks are working but with the new version nethunteros-nethunter-hammerhead-cm-14.1-hammerhead.zip i get info "no hid interfaces detected". Can you help me fix this?

@nethunteros

This comment has been minimized.

Copy link

@nethunteros nethunteros commented Aug 24, 2017

@mirkorobocop - The kernel was not changed so the HID attacks "should" still work. I would enable/disable adb and try different cables to see if you get different results. Also, sometimes main menu doesn't update with correct HID interface so its possible its still working.

This is a bit dated now (ROM).

@dbjergins

This comment has been minimized.

Copy link

@dbjergins dbjergins commented Sep 3, 2017

Hi and thanks. The link above for the 6p points to hammerhead under cm14.1 should it not be angler. Also my phone no longer sees my sim. Just curious if you have seen this before

@acesirmen

This comment has been minimized.

Copy link

@acesirmen acesirmen commented Sep 4, 2017

Is this still updating?
because I'm so excited with the new Update[IF there is an update of this OS :( ]

@sk3kk3

This comment has been minimized.

Copy link

@sk3kk3 sk3kk3 commented Sep 10, 2017

Does not work pixiewps on the native adapter, does not work DuckHunter HID

@sk3kk3

This comment has been minimized.

Copy link

@sk3kk3 sk3kk3 commented Sep 10, 2017

In the last version, at least DukkHunter worked

@mirkorobocop

This comment has been minimized.

Copy link

@mirkorobocop mirkorobocop commented Sep 18, 2017

@nethunteros @binkybear guys can you compile libkfakeioctlkali without these lines:

	printf("####################################################\n");
	printf("## nexmon ioctl hook active\n");
	printf("## sa_family = %s\n", sa_family_str);
	printf("## to change sa_family, set NEXMON_SA_FAMILY\n");
	printf("## environment variable to ARPHRD_IEEE80211\n");
	printf("####################################################\n");

This causes problems with scripts like wifite, for example:

    def clear_entire_line():
        import os
        (rows, columns) = os.popen('stty size', 'r').read().split()
        Color.p("\r" + (" " * int(columns)) + "\r")

so os.popen('stty size', 'r') should return something like this: 53 83 ( two numbers ) but because libfakeoctlkali.so executes before each command and printing info the output of stty size is:

 root@kali:/system/xbin# stty size
 ####################################################
 ## nexmon ioctl hook active
 ## sa_family = ARPHRD_IEEE80211_RADIOTAP
 ## to change sa_family, set NEXMON_SA_FAMILY
 ## environment variable to ARPHRD_IEEE80211
 ####################################################
 53 83
 root@kali:/system/xbin#

this is ridiculous and that is why many scripts can not work properly

@zjarral

This comment has been minimized.

Copy link

@zjarral zjarral commented Oct 5, 2017

printf("####################################################\n");
printf("## nexmon ioctl hook active\n");
printf("## sa_family = %s\n", sa_family_str);
printf("## to change sa_family, set NEXMON_SA_FAMILY\n");
printf("## environment variable to ARPHRD_IEEE80211\n");
airodump-ng start wlan 0 gives this and ask me to run as a su means as root...but i am already in root....any help would be great and sorry for wrong pasting

@mstrmnn

This comment has been minimized.

Copy link

@mstrmnn mstrmnn commented Oct 8, 2017

EDIT: Everything works fine now, great! The problem I mentioned before (below) is rather a LG problem than one related to Binkybears packages.


@binkybear: I admire your work and your contribution to the community, thanks a million!

I installed your nethunter package from above without problems, it's running fine. But my Nexus 5 has 32GB and after flashing "nethunteros-nethunter-hammerhead-cm-14.1-hammerhead.zip" it's only 16GB.

There is a solution at Kali-Forums: https://forums.kali.org/showthread.php?23818-32GB-Nexus-7-2013-only-16GB-seen

I have not tried yet, but I will just after this post.

My question: Do you have a smarter solution? Is your Image only für 16GB devices? Is there one for 32GB devices?

@mirkorobocop

This comment has been minimized.

Copy link

@mirkorobocop mirkorobocop commented Oct 17, 2017

@nethunteros @binkybear, I repeat my request. Please compile libkfakeioctlkali.so without the lines I wrote earlier and share on github

@rajeshdubey293

This comment has been minimized.

Copy link

@rajeshdubey293 rajeshdubey293 commented Oct 20, 2017

wpspixie is not working..what to do

@nethunteros

This comment has been minimized.

Copy link

@nethunteros nethunteros commented Nov 4, 2017

Sorry I dont check the comments here very often. Time is not something I have much of. I've made some newer versions of lineageos but haven't updated nexmon since earlier this year and I know this is all due for an update.

@mstrmnn - There is no easy solution that I know of. I'm unsure if there is a fix with installer that can easily change that.

@mirkorobocop - I used the libfakeioctl which can be built inside chroot. You can compile pretty easy with gcc if you need to make changes.
https://github.com/seemoo-lab/nexmon/blob/e1d39d1e19599d3c6968652c8e6d566ae256be06/utilities/libfakeioctl/fakeioctl.c

@mirkorobocop

This comment has been minimized.

Copy link

@mirkorobocop mirkorobocop commented Nov 5, 2017

@nethunteros

root@kali:~# cp monitormode.h /usr/local/include/
root@kali:~# gcc fakeioctl.c -o fakekaliioctl
fakeioctl.c: In function 'ioctl':
fakeioctl.c:105:22: warning: implicit declaration of function 'strncmp' [-Wimplicit-function-declaration]
                 if (!strncmp(p_ifr->ifr_ifrn.ifrn_name, ifname, strlen(ifname))) {                      ^~~~~~~
fakeioctl.c:105:65: warning: implicit declaration of function 'strlen' [-Wimplicit-function-declaration]
                 if (!strncmp(p_ifr->ifr_ifrn.ifrn_name, ifname, strlen(ifname))) {                                                                 ^~~~~~
fakeioctl.c:105:65: warning: incompatible implicit declaration of built-in function 'strlen'
fakeioctl.c:105:65: note: include '<string.h>' or provide a declaration of 'strlen'fakeioctl.c:121:65: warning: incompatible implicit declaration of built-in function 'strlen'
                 if (!strncmp(p_wrq->ifr_ifrn.ifrn_name, ifname, strlen(ifname))) {                                                                 ^~~~~~
fakeioctl.c:121:65: note: include '<string.h>' or provide a declaration of 'strlen'fakeioctl.c:136:65: warning: incompatible implicit declaration of built-in function 'strlen'
                 if (!strncmp(p_wrq->ifr_ifrn.ifrn_name, ifname, strlen(ifname))) {                                                                 ^~~~~~
fakeioctl.c:136:65: note: include '<string.h>' or provide a declaration of 'strlen'/usr/lib/gcc/arm-linux-gnueabihf/7/../../../arm-linux-gnueabihf/Scrt1.o: In function `_start':
(.text+0x44): undefined reference to `main'
/tmp/cceNpr20.o: In function `_libfakeioctl_init':
fakeioctl.c:(.text+0xa): undefined reference to `nex_init_ioctl'
/tmp/cceNpr20.o: In function `ioctl':
fakeioctl.c:(.text+0x42): undefined reference to `dlsym'
fakeioctl.c:(.text+0xcc): undefined reference to `nex_ioctl'
fakeioctl.c:(.text+0x15a): undefined reference to `nex_ioctl'
fakeioctl.c:(.text+0x1e6): undefined reference to `nex_ioctl'
collect2: error: ld returned 1 exit status
@d4ma7or

This comment has been minimized.

Copy link

@d4ma7or d4ma7or commented Nov 23, 2017

is there any hope for getting this working on my Nexus 6p? it works great on my Nexus 5 but I would love to see it work for my bigger better device.

I flashed the build for cm14.1-angler (from the index/nethunteros page) but it wont open without crashing. please help! (i think the kernel isn't installing to the right place, system/vendor instead of system/etc/firmware.

@Tyrell777

This comment has been minimized.

Copy link

@Tyrell777 Tyrell777 commented Nov 24, 2017

I am Agreeing to d4ma7or is this working flawless in chroot on Nexus 6p ?

@Tyrell777

This comment has been minimized.

Copy link

@Tyrell777 Tyrell777 commented Dec 1, 2017

I successfully flashed the TWRP image on my Nexus 6P
And I flashed the "hammerhead/cm-14.1-angler-nethunteros.zip"
But when i reboot the device after i flashed the ROM im stuck in Google Boot Logo.

I first thought i should let it load longer, i left it for over 30 minutes.
So I cannot boot up the system. I repeated each step with the same resulting problem.

How can I troubleshoot this ?
Or is there a Problem with the "hammerhead/cm-14.1-angler-nethunteros.zip" ?

So i face the same problem as d4ma7or.

@d4ma7or

This comment has been minimized.

Copy link

@d4ma7or d4ma7or commented Dec 2, 2017

@Tyrell777 you need 'angler', not 'hammerhead'.

i have tried everything and can't get it to work on a Nexus 6p. What am i doing wrong?

12-2-17 -
I can get the cm-14.1-angler-nethunteros.zip flashed and booted up, it just doesn't function with the internal wifi like it should. (I see through the Nexmon app that the basic firmware for Nexmon was built into nethunteros. Also note i did not install anything from the Nexmon app.) "source monstart-nh" runs but does not produce native monitor mode. If anyone has had any success with the Nexus 6p please lend a helping hand here.

@Sanjustar

This comment has been minimized.

Copy link

@Sanjustar Sanjustar commented Dec 3, 2017

(After sourcesmonstart-nh)When I command airmon-ng start wlan0 then show

##ioctl hook active
##Sa family=ARPHRD IEER80211 RADIOTAP
##to change sa family,set NEXMON SA Family
##environment variabel to ARPHRD IEEE80211
####################################
Run it as root
My phone Nexus5.and I installed CyanogenMod14.1 and I use internal wifi.

@d4ma7or

This comment has been minimized.

Copy link

@d4ma7or d4ma7or commented Dec 4, 2017

no need to run airmon-ng, 'source monstart-nh' has already enabled internal monitor mode

@Tyrell777

This comment has been minimized.

Copy link

@Tyrell777 Tyrell777 commented Dec 4, 2017

@d4ma7or
I know i already used
14.1-angler-nethunteros.zip
But without success.

Hammerhead is Just the Provider Directory in the First Post. Both zips are in it. Well so even i used the right zip for the 6p it didnt Boot up.

But so you say you successfully booted it but Monitor Mode + injection dies Not work with the internal Card now ?

If you get it Wirkung somehow please confirm it.

@Tyrell777

This comment has been minimized.

Copy link

@Tyrell777 Tyrell777 commented Dec 16, 2017

Okay Managed to Boot into it on Nexus 6p, When i Run

source monstart-nh
airodump-ng wlan0

I get no results shown (Bssids - Networks)
Any solutions ?

@Aranadin

This comment has been minimized.

Copy link

@Aranadin Aranadin commented Dec 16, 2017

Hi all, I'm having a bit of a problem with the Nexus 6p rom, and I'm wondering if anyone else has had the same error. I cannot access the NH terminal, when I click on the terminal, it pops up with the window where you can choose which terminal you'd like to use. But when I click on the kali shell it simply shows in the middle of the screen '1) no title' and then the whole thing disappears. Clicking on the normal shell or su both work as expected

@arti2525

This comment has been minimized.

@arti2525

This comment has been minimized.

Copy link

@arti2525 arti2525 commented Dec 17, 2017

Please upgrade the version, nexmon came out with more support nexus 6p supports inject and is excellent this rom THX

@Aranadin

This comment has been minimized.

Copy link

@Aranadin Aranadin commented Dec 17, 2017

@arti2525 Thanks for the quick response, I tried the reinstall, sadly the same thing keeps happening.

@Tyrell777

This comment has been minimized.

Copy link

@Tyrell777 Tyrell777 commented Dec 17, 2017

Airmon-ng does "work" It scans BUT
Does Nobody know why airmon-ng is not showing any bssids ?

@arti2525

This comment has been minimized.

Copy link

@arti2525 arti2525 commented Dec 18, 2017

Tyrell777
yes, same happens to me but in androidsu, if it works
airodump-ng -i wlan0 , (airmon-ng no need)

@d4ma7or

This comment has been minimized.

Copy link

@d4ma7or d4ma7or commented Dec 19, 2017

@arti2525
the terminal apk worked, thanks for that link!
still having trouble with monitor mode inside of nethunter. I downloaded the latest nightly kernel (angler-oreo) and generic arm64 fs, as well as above-mentioned terminal fix. i get an error that goes somthing like nexmon_io_error. any ideas?

@Aranadin

This comment has been minimized.

Copy link

@Aranadin Aranadin commented Dec 19, 2017

@arti2525 Whilst the reinstall of of that link didn't help me, it did however help when I blanked my phone, and reinstalled the stock 8.0 rom. It too had the same problem which your link fixed, so thanks for that.
I'm more than willing to give the nethunter os another whirl, I'm just wondering if someone can give me an updated nexus 6p build link please, just incase the dl I'm using is my problem. thanks. :)

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Dec 22, 2017

Hi I have followed every instructions to install on my Nexus 5, but my nh doesn't seem to detect my network interfaces and hid interfaces.

In nh app it says "no network interfaces detected" and "no hid interfaces detected", any solutions for this?

@Tyrell777

This comment has been minimized.

Copy link

@Tyrell777 Tyrell777 commented Dec 22, 2017

@arti2525

Oh well nevermind. I will test it again in AndroidSu. Is it possible to run aireplay and deauth on AndroidSu ?
Even Capturing handshake ? Never came to the idea to run it in AndroidSu

@ghanimlk

This comment has been minimized.

Copy link

@ghanimlk ghanimlk commented Jan 3, 2018

hi.
I have a problem with fluxion tool, its not starting up with wlan0 when I run the script "source monstart-nh" can you help me please?!

@cegi

This comment has been minimized.

Copy link

@cegi cegi commented Jan 3, 2018

@ghanimlk Fluxion and others similar tools (airgeddon) won't work inside nethunter terminal because you need X window system. You can use Wifite though. Fluxion and Airgeddon need to open multiples terminal windows to work and so can't start on your phone.

@cegi

This comment has been minimized.

Copy link

@cegi cegi commented Jan 4, 2018

Also there is a bug, when using nethunter terminal, if i try to type commands with my phone rotated, the keyboard disappear. Only works without rotating.

And Mana doesn't work, it always start on wlan1 even if i change the source code and configuration file to wlan0(it should work fine with only 1 wireless card, it's either monitor or ap)

@arti2525

This comment has been minimized.

Copy link

@arti2525 arti2525 commented Jan 4, 2018

Hello, I know you do not have time, but I wanted to ask you if you are going to continue supporting this rom and if you are going to launch a new one, I really like this rom but several users of nexus 6p have many problems. Thank you

@davidfifth

This comment has been minimized.

Copy link

@davidfifth davidfifth commented Jan 7, 2018

im on nexus 5 and monitoring mode is not working when i use "source monstart-nh". i looked for the file that you said was in my files, and it is not there. i guess i did something wrong?

@a7ent

This comment has been minimized.

Copy link

@a7ent a7ent commented Jan 8, 2018

Binky bear! Binky bear! Binky bear! (Loud chanting in praise)! Keep it going man! Don't let these devices die! Still holding on to my nexus 10 out of love but went out and bought a burner 6p just to get this rolling.
ON the real though, even if you went on to never update a piece of code after today, I am still so appreciative for all you do, have done, and will hopefully continue to go on to do! You keeping a lot of people happy and excited with the work you do. Cheers to you muthaaaaa Fucka! Happy new year to you and you're people.

@a7ent

This comment has been minimized.

Copy link

@a7ent a7ent commented Jan 8, 2018

But on a side note, and in the real, I cat get nethunteros to boot on my nexus 6p, I've done fresh factory resets, wipes, non wipes, with no Success. All paths lead to stuck bootoader on the google logo. @Tyrell777. I saw you had this problem too but ended up being able to eventually boot. But you never posted how. Would probably help people having the same issues to post when you have any success. What did you do? any insight? State secret? Fluke? I'm gonna go home tonight and try to compile my own build tonight, possible with the updated nexmon. On the outside chance of a mirracle, I'll be sure to report back with either sorrows or a link and a success story. But anything else anyone may have in the ways of suggestions or idea to try, let me know!

@a7ent

This comment has been minimized.

Copy link

@a7ent a7ent commented Jan 9, 2018

Got it booted. I was trying to flash this over a stock oreo rom like a dummy, flashed a cm14.1 vendor.img and it fired right up.

@geek-str1k3

This comment has been minimized.

Copy link

@geek-str1k3 geek-str1k3 commented Jan 11, 2018

Somebody update this for angler oreo and for injection support patch made by nexmon please

@Tyrell777

This comment has been minimized.

Copy link

@Tyrell777 Tyrell777 commented Jan 14, 2018

@a7ent
I Wiped everything on the Nexus 6P with the Nexus Root Toolkit and flashed the stock firmware 7.1.1. After that i Flashed the Custom ROM with Nexmon compiled "hammerhead/cm-14.1-angler-nethunteros.zip" for 6P. So I got it firing up. But i cant use airodump inside of chroot.

@d4ma7or

This comment has been minimized.

Copy link

@d4ma7or d4ma7or commented Jan 17, 2018

well, i gave up on the 6p and sold it in a fit of rage.
Nexus 5 still works like a charm though. Has anyone had issues with random reboots?

@ozsteyr

This comment has been minimized.

Copy link

@ozsteyr ozsteyr commented Jan 30, 2018

I too am keen on NethunterOS for the 6P. But Binky must be extremly busy with his own life. For those that are TRULY wanting NethunterOS I think we should look at some way of funding Binky ie: (Patreon). It may not work, but no harm in trying?

@arti2525

This comment has been minimized.

Copy link

@arti2525 arti2525 commented Jan 31, 2018

I agree with ozsteyr .
I participate, but how is it done?

@glitxh

This comment has been minimized.

Copy link

@glitxh glitxh commented Feb 5, 2018

Instructions are sort of unclear but I figured it out. This doesn't seem to work. Not able to flash the ROM with the TWRP recovery provided. On nexus 5 32GB hammerhead, I get an error code 7 or something like that. So I used the latest version of TWRP got it to flash. Setup nexmon updated Nethunter, when I ran 'source monstart - nh' bash not found....

I see 2 people with forks, do those forks work?

I am very interested in this project. Did I do something wrong here? Thank you in advance everyone.

@arti2525

This comment has been minimized.

Copy link

@arti2525 arti2525 commented Feb 5, 2018

glitxh : 1 FLASH ANDROID 7.1 STOCK
2 FLASH CM14-1 ROM
3 FLASH NETHUNTEROS

@glitxh

This comment has been minimized.

Copy link

@glitxh glitxh commented Feb 6, 2018

Hey arti2525 thank you. Still kind of confused please bare with me here. Stock Android 7.1 on a Nexus 5?
My Nexus 5 only goes up to Android 6.0.1 build number M4B30Z.
If I am to downgrade, what Android Stock Build Number do I downgrade too?

I'll give my Nexus 6P a shot. If I can get clarification on specifics such as what build of android 7.1?
When I get there, how do I install the provided apk to upgrade nethunteros?

@davidfifth

This comment has been minimized.

Copy link

@davidfifth davidfifth commented Feb 7, 2018

So, I'm on Nexus 5 and followed the instructions for said device. I have two problems, and I think fixing one might also fix the other. Not sure, but here's what I'm running into: My Kali terminal won't open. I assume it's because I haven't installed the chroot, but that's when I run into the other problem. The chroot manager has the option to remove chroot, so I did just to make sure there wasn't an existing one. When I booted back up, it still had the 'remove chroot' option. So I ignored it, and proceeded to attempt to install the chroot given on this post. I'm assuming 'add metapackages' is what I'm supposed to do? That's the only other option in the chroot manager menu, so I do it and there isn't an option to add from SD card. I've reinstalled the nethunter rom twice and that didn't work :(

@AhmedMFathy

This comment has been minimized.

Copy link

@AhmedMFathy AhmedMFathy commented Feb 14, 2018

@davidfifth
You need to delete any folder/file in /data/local/nhsystem/ with your file explorer then go to the chroot and do the normal steps

@Sinf0r0s0

This comment has been minimized.

Copy link

@Sinf0r0s0 Sinf0r0s0 commented Feb 19, 2018

@mirkorobocop

I am a linux user not a developer but I have successfully compiled this way:

  1. In the kali chroot terminal, pasting this monitormode.h header to: /usr /local/include (just like you did)
    https://github.com/seemoo-lab/nexmon/blob/master/patches/include/monitormode.h

  2. Use this branch https://github.com/seemoo-lab/nexmon/blob/ct-artikel/utilities/libfakeioctl/fakeioctl.c
    edit fakeioctl.c, erase printf's, add Library <string.h>:
    #include <string.h>

  3. and the most important add -ldl at the end of the command to compile, exactly like this:
    gcc -shared -o libfakeioctlkali.so -fPIC fakeioctl.c -ldl

  4. Back up the original end replace the file in /system/xbin/libfakeioctlkali.so.

  5. Enjoy.

    This helped me: https://stackoverflow.com/questions/4385155/setting-my-lib-for-ld-preload-makes-some-processes-produce-loader-errors

Please, @binkybear this ROM needs an update :)

@astrayal

This comment has been minimized.

Copy link

@astrayal astrayal commented Feb 26, 2018

Hi everyone, I've got a nexus 5 hammerhead 16gb ,
I'm reading through this stuff and want to know before I flash this ROM , is everything working for the hammerhead?
and I read that it's nougat based, That's sweet, will I be able to flash Gapps and then update apps over wifi as usual?

@JoshuaM45

This comment has been minimized.

Copy link

@JoshuaM45 JoshuaM45 commented Mar 12, 2018

Hi, I cannot use monstart-nh because of the following error: CANNOT LINK EXECUTABLE "nexutil": library "libdl.so.2" not found. I have this library on my Nexus 5 and I've installed Nexmon as well and I don't know what is wrong

@cegi

This comment has been minimized.

Copy link

@cegi cegi commented Mar 12, 2018

After using for a while this ROM, two main problems i encountered

1 : as some said, the HID attacks can't be used, its not recognised anymore

2 : It's not possible to update/install anything with apt, even though the sources.list is fine, using kali rolling repository.

@JoshuaM45, installing the application Nexmon on top of this ROM will break it, you can't use both, either you install the official nethunter and Nexmon after it, or this ROM only.

@astrayal, CM is open source and so does not use google applications, so you won't have the playstore anymore, or any google related apps.

@daliboss

This comment has been minimized.

Copy link

@daliboss daliboss commented Mar 13, 2018

@cegi to fix the apt-get install/update ...etc problem your sources.list need to look like this:

deb [trusted=yes] http://http.kali.org/kali kali-rolling main contrib non-free
#deb-src [trusted=yes] http://http.kali.org/kali kali-rolling main contrib non-free
deb [trusted=yes] http://security.debian.org/debian-security wheezy/updates main

[trusted=yes] between deb and http is necessary for apt-get to work.

-Nexmon (tools/firmware/driver) already installed

-After flashing the nethunter os you need to flash google GAPPS.

@arti2525

This comment has been minimized.

Copy link

@arti2525 arti2525 commented Mar 19, 2018

@casperFabio
hi
I did what you posted and everything went well only I do not know what steps to follow ??

1 In the kali chroot terminal, pasting this monitormode.h header to: /usr /local/include (just like you did)

2 edit fakeioctl.c, erase printf's, add Library <string.h>:
#include <string.h>

3 and the most important add -ldl at the end of the command to compile, exactly like this:
gcc -shared -o libfakeioctlkali.so -fPIC fakeioctl.c -ldl
4???
next step????
PD
the links are down and sorry for my english

@Nethunterlover

This comment has been minimized.

Copy link

@Nethunterlover Nethunterlover commented Mar 23, 2018

@binkybear
Help me
In my Nexus 5 when I use wifite it start for while then it's says
Airodump-ng exited with status 1
And airodump-ng seperately it say network is down can't open wlan1
No such device
I'm using Nexus 5
WiFi adapter I use - wn722n V1
Waiting for your reply
Thanks

@arti2525

This comment has been minimized.

Copy link

@arti2525 arti2525 commented Mar 23, 2018

@a7ent

This comment has been minimized.

Copy link

@a7ent a7ent commented Mar 24, 2018

@arti2525 cheese and rice! I bailed on trying to nethunteros working a month ago! But even trying to go back on stock 7.1.1 and flashing nethunter, no mater what combination of flashing orderr, differnt kernels, and rom builds,i couldnt get any external device to nOt crash upon modprobe. tHe kernel you linked to finally did the trick! happen to know what the differences are? Many thanks!

@Nethunterlover

This comment has been minimized.

Copy link

@Nethunterlover Nethunterlover commented Mar 25, 2018

@arti2525 I have tried the kernel but still no luck
When I run Airodump-ng
It says read failed : network is down
No such device
Can't re-open wlan1mon

@Nethunterlover

This comment has been minimized.

Copy link

@Nethunterlover Nethunterlover commented Mar 25, 2018

@arti2525
Thanks for reply
I have discovered the problem
Is
With aireplay-ng
Because I have tried the airodump-ng
It's scans network (By chance)
I try to deauth the client to capture WPA handshake obviously
Then aireplay-ng stop and give output ----
network is down
Please help me anyone
Please
Btw the adaptor work fine with my rn3
And desktop (Kali)
It's not original wn722n V1 it's ar9271 chipset adapter for China
Thanks
Waiting for your help

@arti2525

This comment has been minimized.

Copy link

@arti2525 arti2525 commented Mar 25, 2018

@Nethunterlover

try this install cm14.1 nethunteros and the kernel that happens to you, clean install and do not update anything in terminal

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Mar 25, 2018

would it be possible to use NetHunter on Marshmallow stock (6.0.1) and to be able to include "source monstart-nh" and "source monstop-nh"? if so which kernel to use on nexus 5 ? Thanks (sorry for my bad english)

@Nethunterlover

This comment has been minimized.

Copy link

@Nethunterlover Nethunterlover commented Mar 26, 2018

Tried but don't help
I have issue with aireplay-ng
But when I install for first time it works like charm
But now it can't work
I don't know why
I don't have official wn722n V1
I have ar9271 chipset from AliExpress

https://m.aliexpress.com/item/32642224170.html
Have a look
Thanks for reply
Waiting for your reply

@b10ch1p

This comment has been minimized.

Copy link

@b10ch1p b10ch1p commented Apr 7, 2018

Hi to all!
Very new to nethunter.
Many thanks to binkybear for this great Os.
I'm on N5, mon mode work well. Fixed apt issue. Mana and SearchExploit wont work. any ideas?
Ps. Are Gapps really needed? Sorry for the stupid questions but i'm really new to this mod

@WarrenHood

This comment has been minimized.

Copy link

@WarrenHood WarrenHood commented Apr 22, 2018

Hi... I have an s4(jfltexx) with nexmon firmware installed, Kali nethunter kernel 3.4.112 for marshmallow, and LineageOS14.1. I have two questions:

Question 1: Since the chroot is sharing the same kernel, processor etc can I just use the same libraries from android in the chroot? ( I have used nexutil from android in there and it worked, but by worked I mean if I used nexutil -m after using nexutil -m2 it said monitor: 2)... So would libfakeioctl.so work as well if I used it instead of compiling it in the chroot?

Question 2:
If I use the monstart-nh script and I rename the libfakeioctl.so to libfakeioctlkali.so and put it in my chroot /lib folder will it work as it works for nexus 5?

@Sinf0r0s0

This comment has been minimized.

Copy link

@Sinf0r0s0 Sinf0r0s0 commented May 4, 2018

@arti2525

4???
next
step????

hello.

You need to replace the file in /system/xbin/libfakeioctlkali.so.

Back up the original.

I fixed the links

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented May 10, 2018

to make HID appear type in the androidsu shell : setprop sys.usb.config hid

@sm0k3y13

This comment has been minimized.

Copy link

@sm0k3y13 sm0k3y13 commented Jun 4, 2018

Error 404 on the nexus 6p link?

@sm0k3y13

This comment has been minimized.

Copy link

@sm0k3y13 sm0k3y13 commented Jun 11, 2018

Thank you keysersoze930.

@ghanimlk

This comment has been minimized.

Copy link

@ghanimlk ghanimlk commented Jul 15, 2018

Is it works on OnePlus one (nethunter os bacon) ?

@spaul13

This comment has been minimized.

Copy link

@spaul13 spaul13 commented Jul 27, 2018

I have installed Nethunter OS successfully on Nexus 6P (running Android Nougat 7.1.2) but I didn't find the monstart.nh or monstop.nh script to start the monitor mode. Can anyone please tell me how to find it? (I searched it in /system/xbin)

@sm0k3y13, have u make it for Nexus 6P?

@stevenilll

This comment has been minimized.

Copy link

@stevenilll stevenilll commented Aug 5, 2018

Hi,

First of all a bin compliment and thanks für your Guide.
I have an Nexus 5, made Like your explanation via The Nexus rootkit.
The remaining Problem is that The Monitor Mode is Not working, Similar to some mentioned, exactly like sanjustar (3.12).
Strange Enough wifite worked a Little Bit, everything Else Semester not to. I tried some Stufe, didn‘t work on in this Problem, Now Not Even wifite accepts The Monitor mode. I made some Gries aber preload und nexutil and fixed The repository/metapackages links(was that maybe wrong )
My guess is The Radio Image, because I forget about The Radio Image Weile Setting the phone up, andThe phone Never asked, but Right now thats my Favoriten guess about The Problem.
The question is if and how/wehre i can install The Radio.zip, couldnt find good Details about that.

After repository Updates Armin-ne Shows at least driver of wlano
4335/4339 chipset

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Oct 4, 2018

@binkybear what steps are required to make a kernel that supports monitor mode lime hammerheadmon of yours.I can enable it in chroot using libfakeioctlkali but the device reboots after that.

@pixeldublu

This comment has been minimized.

Copy link

@pixeldublu pixeldublu commented Oct 28, 2018

@Sinf0r0s0

Did your steps, i believe succesfully but when i source monstart-nh i still have the prints :(
BTW, how you moved to the system folder ? since its RO

@pixeldublu

This comment has been minimized.

Copy link

@pixeldublu pixeldublu commented Oct 28, 2018

Ok. Found the problem. You need to move it to system/lib not system/xbin.

Finally wifite works again :)

Thanks all!

@bluegizmo83

This comment has been minimized.

Copy link

@bluegizmo83 bluegizmo83 commented Nov 25, 2018

Has anyone been able to get HID stuff working on this nexus 5 ROM? I have basically everything else working, but just can't get any of the HID stuff working. I'm using the kernel that came with the ROM, so it's not like I changed kernels and that broke it... I also don't want to try using a different kernel either, because this setup is the first time I've gotten a working Nethunter install on my Nexus 5 (I've tried countless other installs with official nightly builds and kernels and everything was always broken with those installs).

Edit: also, not sure if this is an issue or just something that won't ever work, but when I try to change the Mac address of the internal wlan0, it seems to change but WIFI can't connect to any access points until I set it back to default.

@melissa200

This comment has been minimized.

Copy link

@melissa200 melissa200 commented Dec 1, 2018

Have there been any updates to the hammerhead version of nethunterOS in the OP? Or is this still the most recent version?

@46736f6369657479

This comment has been minimized.

Copy link

@46736f6369657479 46736f6369657479 commented Dec 13, 2018

@melissa200
This seems to be the most recent version as far I can tell. Definitely could use an update but it seems most of the developers have been inactive for quite some time.
@mirzaatifbaig You can try using the Nethunter installer here https://github.com/offensive-security/kali-nethunter/wiki/Building-Nethunter to build a hammerheadmon kernel for your device. Otherwise you will need to learn how to make a new kernel from the ground up.

@46736f6369657479

This comment has been minimized.

Copy link

@46736f6369657479 46736f6369657479 commented Dec 13, 2018

@bluegizmo83 Try using the Nethunter installer to build a fresh image and/or kernel(s) for your nexus 5 device.
https://github.com/offensive-security/kali-nethunter/wiki/Building-Nethunter

@46736f6369657479

This comment has been minimized.

Copy link

@46736f6369657479 46736f6369657479 commented Dec 13, 2018

@b10ch1p All I could suggest is using a different kernel and no you do not need Gapps but it is still useful for other apps such as cSploit and Router Keygen. If you have privacy concerns I would suggest using Lineage OS.

@RChadwick7

This comment has been minimized.

Copy link

@RChadwick7 RChadwick7 commented Mar 14, 2019

I'm guessing there's a problem with the latest kalifs-full.tar.xz? After installing NethunterOS, I'm having problems with monitor mode. If I run 'start monstart-nh', and then run wifite, Wifite fails with:

Looking for wireless interfaces...
error too many values to unpack
And then a few trace lines indicating a possible monitor mode issue.

@melissa200

This comment has been minimized.

Copy link

@melissa200 melissa200 commented Mar 19, 2019

I'm guessing there's a problem with the latest kalifs-full.tar.xz? After installing NethunterOS, I'm having problems with monitor mode. If I run 'start monstart-nh', and then run wifite, Wifite fails with:

Looking for wireless interfaces...
error too many values to unpack
And then a few trace lines indicating a possible monitor mode issue.

Same with me: using kernel-nethunter-hammerheadmon-nougat-2019.03-13-0514 and the corresponding kalifs. Besside-ng appears to work fine, though.

@46736f6369657479

This comment has been minimized.

Copy link

@46736f6369657479 46736f6369657479 commented Apr 3, 2019

@melissa200 @RChadwick7 Rebuilding libfakeioctl.so in chroot works for me.

1. In the kali chroot terminal, pasting this monitormode.h header to: /usr /local/include    (just like you did)
   https://github.com/seemoo-lab/nexmon/blob/master/patches/include/monitormode.h

2. Use this branch  https://github.com/seemoo-lab/nexmon/blob/ct-artikel/utilities/libfakeioctl/fakeioctl.c
   edit fakeioctl.c, erase printf's, add Library <string.h>:
   `#include <string.h>`

3. and the most important **add -ldl at the end of the command to compile**, exactly like this:
   `gcc -shared -o libfakeioctlkali.so -fPIC fakeioctl.c -ldl`

4. Back up the original end replace the file in /system/xbin/libfakeioctlkali.so.

5. Enjoy.
   This helped me: https://stackoverflow.com/questions/4385155/setting-my-lib-for-ld-preload-makes-some-processes-produce-loader-errors

Thanks! @Sinf0r0s0

@seyo-IV

This comment has been minimized.

Copy link

@seyo-IV seyo-IV commented May 2, 2019

Plz proviede some more support for the nexus 6p devices. I would even pay for that :3
PS. im getting no bssids when i run airodump-ng -i wlan0???

@melissa200

This comment has been minimized.

Copy link

@melissa200 melissa200 commented Jul 2, 2019

@melissa200 @RChadwick7 Rebuilding libfakeioctl.so in chroot works for me.

Will give it a shot. Thanks @46736f6369657479 @Sinf0r0s0

@BlankavsRyu

This comment has been minimized.

Copy link

@BlankavsRyu BlankavsRyu commented Jul 4, 2019

I apologize in advance beginner here any help would be greatly appreciated
I have searched and cant find any info please could someone explain in more detail how to complete these steps:

  1. In the kali chroot terminal, pasting this monitormode.h header to: /usr /local/include (just like you did)
    https://github.com/seemoo-lab/nexmon/blob/master/patches/include/monitormode.h

  2. Use this branch https://github.com/seemoo-lab/nexmon/blob/ct-artikel/utilities/libfakeioctl/fakeioctl.c
    edit fakeioctl.c, erase printf's, add Library <string.h>:
    #include <string.h>

  3. and the most important add -ldl at the end of the command to compile, exactly like this:
    gcc -shared -o libfakeioctlkali.so -fPIC fakeioctl.c -ldl

  4. Back up the original end replace the file in /system/xbin/libfakeioctlkali.so.

  5. Enjoy.
    This helped me: https://stackoverflow.com/questions/4385155/setting-my-lib-for-ld-preload-makes-some-processes-produce-loader-errors

@seyo-IV

This comment has been minimized.

Copy link

@seyo-IV seyo-IV commented Jul 4, 2019

Hi there I'm getting__nex_driver_io: error on nexus 5.. someone else? Any help?

@xorloser

This comment has been minimized.

Copy link

@xorloser xorloser commented Aug 15, 2019

@mirkorobocop

I am a linux user not a developer but I have successfully compiled this way:

1. In the kali chroot terminal, pasting this monitormode.h header to: /usr /local/include    (just like you did)
   https://github.com/seemoo-lab/nexmon/blob/master/patches/include/monitormode.h

2. Use this branch  https://github.com/seemoo-lab/nexmon/blob/ct-artikel/utilities/libfakeioctl/fakeioctl.c
   edit fakeioctl.c, erase printf's, add Library <string.h>:
   `#include <string.h>`

3. and the most important **add -ldl at the end of the command to compile**, exactly like this:
   `gcc -shared -o libfakeioctlkali.so -fPIC fakeioctl.c -ldl`

4. Back up the original end replace the file in /system/xbin/libfakeioctlkali.so.

5. Enjoy.
   This helped me: https://stackoverflow.com/questions/4385155/setting-my-lib-for-ld-preload-makes-some-processes-produce-loader-errors

Please, @binkybear this ROM needs an update :)

I am running into all sorts of 'null character ignored' warnings when trying to compile inside chroot, and i don't end up with a compiled file...

UPDATE
Had to change encoding to UTF-8, then it compiled. Silly oversight.

@arcticmunkii

This comment has been minimized.

Copy link

@arcticmunkii arcticmunkii commented Jan 9, 2020

cannot use monstart-nh because of the following error: CANNOT LINK EXECUTABLE "nexutil": library "libdl.so.2" not found. I have this library on my Nexus 5 and I've installed Nexmon as well and I don't know what is wrong

I am having the exact same issue. This was asked in 2018 and there's no answer, so I'm hoping someone can help me. I'm using the nexus 5 with Blinkbears OS and the official chroot package. There seems to be a lot of errors no mater what I do which is making me think that a standard PI would be better.

@skluthe

This comment has been minimized.

Copy link

@skluthe skluthe commented Jan 19, 2020

@arcticmunkii try installing the hijacker app from the nethunter store and installing nexmon drivers through that. Worked for me on my Nexus 5. Monitor mode working great.

@RChadwick7

This comment has been minimized.

Copy link

@RChadwick7 RChadwick7 commented Apr 7, 2020

I followed the directions from 46736f6369657479, and yes I got Wifite working! However, the nexmon driver seems very flaky. I can get it working for a minute or two (Both in Wifite, and besside-ng), then it stops seeing nearby hotspots. I used a 2017 chroot, as that appeared to be the most stable for me. Could the issue be combining parts of Nexmon from different versions? Is there a more stable kernel?

@46736f6369657479

This comment has been minimized.

Copy link

@46736f6369657479 46736f6369657479 commented Apr 10, 2020

@RChadwick7 If you want a more stable kernel you pretty much have to make one yourself. I do not have the ability to do this at the moment for reasons I wont go into but I am wondering if you can make the driver as a module in the kernel itself. Even so I doubt this would help with injection support though. For the Nexus 5 you can look at the native monitor mode patch and start here:
https://github.com/ruleh/misc/blob/master/monitor/bcmdhd_enable_monitor.patch

Also take a look at this new repo for a new nethunter kernel builder as well:
https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-kernel#building-a-test-kernel-package

Also check the latest and greatest about nethunter here, such as monitor mode support on Qualcomm chipsets as seen in the OnePlus 7 and Xiaomi Mi 9T!:
https://www.kali.org/news/kali-nethunter-updates/

@RChadwick7

This comment has been minimized.

Copy link

@RChadwick7 RChadwick7 commented Apr 12, 2020

Thanks for all your help with this. I just got a 6P, and tried the new Nethunter you linked to, but it doesn't appear to have Nexmon nor do any of the Nethunters I've tried past 2018, In the past, I had besside-ng working pretty good, but that was many flashes and wipes ago. I'm hoping someone might have guidance on which Nethunter/chroot combinations work best

@ssofiian

This comment has been minimized.

Copy link

@ssofiian ssofiian commented Jul 17, 2020

Where found monstart-nh or monstop-nh script any one have correct link

@not-so-vishal

This comment has been minimized.

Copy link

@not-so-vishal not-so-vishal commented Sep 29, 2020

Hello @binkybear
Thanks a lot for your great contribution.
I was asking that I couldn't find realtek drivers in kernel source , but they were present in your rom.
I was able to use my external wifi (tenda w322u) only with the help of your rom.
I was asking if you can tell that how can I get it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.