joubin/rpi.sh

## rpi.sh
#!/bin/bash

# This is the Raspberry Pi Kali ARM build script - http://www.kali.org/downloads
# A trusted Kali Linux image created by Offensive Security - http://www.offensive-security.com

if [[ $# -eq 0 ]] ; then
    echo "Please pass version number, e.g. $0 1.0.1"
    exit 0
fi

basedir=`pwd`/rpi-$1

# Package installations for various sections.
# This will build a minimal XFCE Kali system with the top 10 tools.
# This is the section to edit if you would like to add more packages.
# See http://www.kali.org/new/kali-linux-metapackages/ for meta packages you can
# use. You can also install packages, using just the package name, but keep in
# mind that not all packages work on ARM! If you specify one of those, the
# script will throw an error, but will still continue on, and create an unusable
# image, keep that in mind.

arm="abootimg cgpt fake-hwclock ntpdate vboot-utils vboot-kernel-utils uboot-mkimage"
base="kali-menu kali-defaults initramfs-tools sudo parted e2fsprogs usbutils"
desktop="xfce4 network-manager network-manager-gnome xserver-xorg-video-fbdev"
tools="passing-the-hash winexe aircrack-ng hydra john sqlmap wireshark libnfc-bin mfoc nmap ethtool usbutils"
services="openssh-server apache2"
extras="iceweasel wpasupplicant"
size=3000 # Size of image in megabytes

export packages="${arm} ${base} ${desktop} ${tools} ${services} ${extras}"
export architecture="armhf"
# If you have your own preferred mirrors, set them here.
# You may want to leave security.kali.org alone, but if you trust your local
# mirror, feel free to change this as well.
# After generating the rootfs, we set the sources.list to the default settings.
export mirror=http.kali.org
export security=security.kali.org

# Check to ensure that the architecture is set to ARMEL since the RPi is the
# only board that is armhf.
if [[ $architecture != "armhf" ]] ; then
    echo "The Raspberry Pi cannot run the Debian armel binaries"
    exit 0
fi

# Set this to use an http proxy, like apt-cacher-ng, and uncomment further down
# to unset it.
#export http_proxy="http://localhost:3142/"

mkdir -p ${basedir}
cd ${basedir}

# create the rootfs - not much to modify here, except maybe the hostname.
debootstrap --foreign --arch $architecture kali kali-$architecture http://$mirror/kali

cp /usr/bin/qemu-arm-static kali-$architecture/usr/bin/

LANG=C chroot kali-$architecture /debootstrap/debootstrap --second-stage
cat << EOF > kali-$architecture/etc/apt/sources.list
deb http://$mirror/kali kali main contrib non-free
deb http://$security/kali-security kali/updates main contrib non-free
EOF

# Set hostname
echo "kali" > kali-$architecture/etc/hostname

# So X doesn't complain, we add kali to hosts
cat << EOF > kali-$architecture/etc/hosts
127.0.0.1       kali    localhost
::1             localhost ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
EOF

cat << EOF > kali-$architecture/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
EOF

cat << EOF > kali-$architecture/etc/resolv.conf
nameserver 8.8.8.8
EOF

export MALLOC_CHECK_=0 # workaround for LP: #520465
export LC_ALL=C
export DEBIAN_FRONTEND=noninteractive

mount -t proc proc kali-$architecture/proc
mount -o bind /dev/ kali-$architecture/dev/
mount -o bind /dev/pts kali-$architecture/dev/pts

cat << EOF > kali-$architecture/debconf.set
console-common console-data/keymap/policy select Select keymap from full list
console-common console-data/keymap/full select en-latin1-nodeadkeys
EOF

cat << EOF > kali-$architecture/third-stage
#!/bin/bash
dpkg-divert --add --local --divert /usr/sbin/invoke-rc.d.chroot --rename /usr/sbin/invoke-rc.d
cp /bin/true /usr/sbin/invoke-rc.d
echo -e "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d
chmod +x /usr/sbin/policy-rc.d

apt-get update
apt-get install locales-all

debconf-set-selections /debconf.set
rm -f /debconf.set
apt-get update
apt-get -y install git-core binutils ca-certificates initramfs-tools uboot-mkimage
apt-get -y install locales console-common less nano git
echo "root:toor" | chpasswd
sed -i -e 's/KERNEL\!=\"eth\*|/KERNEL\!=\"/' /lib/udev/rules.d/75-persistent-net-generator.rules
rm -f /etc/udev/rules.d/70-persistent-net.rules
apt-get --yes --force-yes install $packages

update-rc.d ssh enable

rm -f /usr/sbin/policy-rc.d
rm -f /usr/sbin/invoke-rc.d
dpkg-divert --remove --rename /usr/sbin/invoke-rc.d

rm -f /third-stage
EOF

chmod +x kali-$architecture/third-stage
LANG=C chroot kali-$architecture /third-stage

cat << EOF > kali-$architecture/cleanup
#!/bin/bash
rm -rf /root/.bash_history
apt-get update
apt-get clean
rm -f /0
rm -f /hs_err*
rm -f cleanup
rm -f /usr/bin/qemu*
EOF

chmod +x kali-$architecture/cleanup
LANG=C chroot kali-$architecture /cleanup

umount kali-$architecture/proc/sys/fs/binfmt_misc
umount kali-$architecture/dev/pts
umount kali-$architecture/dev/
umount kali-$architecture/proc

# Create the disk and partition it
echo "Creating image file for Raspberry Pi"
dd if=/dev/zero of=${basedir}/kali-$1-rpi.img bs=1M count=$size
parted kali-$1-rpi.img --script -- mklabel msdos
parted kali-$1-rpi.img --script -- mkpart primary fat32 0 64
parted kali-$1-rpi.img --script -- mkpart primary ext4 64 -1

# Set the partition variables
loopdevice=`losetup -f --show ${basedir}/kali-$1-rpi.img`
device=`kpartx -va $loopdevice| sed -E 's/.*(loop[0-9])p.*/\1/g' | head -1`
device="/dev/mapper/${device}"
bootp=${device}p1
rootp=${device}p2

# Create file systems
mkfs.vfat $bootp
mkfs.ext4 $rootp

# Create the dirs for the partitions and mount them
mkdir -p ${basedir}/bootp ${basedir}/root
mount $bootp ${basedir}/bootp
mount $rootp ${basedir}/root

echo "Rsyncing rootfs into image file"
rsync -HPavz -q ${basedir}/kali-$architecture/ ${basedir}/root/

# Enable login over serial
echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> ${basedir}/root/etc/inittab

cat << EOF > ${basedir}/root/etc/apt/sources.list
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free

deb-src http://http.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
EOF

# Uncomment this if you use apt-cacher-ng otherwise git clones will fail.
#unset http_proxy

# Kernel section. If you want to use a custom kernel, or configuration, replace
# them in this section.
git clone --depth 1 https://github.com/raspberrypi/linux ${basedir}/kernel
git clone --depth 1 https://github.com/raspberrypi/tools ${basedir}/tools

cd ${basedir}/kernel
mkdir -p ../patches
wget https://raw.github.com/offensive-security/kali-arm-build-scripts/master/patches/kali-wifi-injection-3.12.patch -O ../patches/mac80211.patch
patch -p1 --no-backup-if-mismatch < ../patches/mac80211.patch
touch .scmversion
export ARCH=arm
export CROSS_COMPILE=${basedir}/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-
cp p12_kernel.config .config
make -j $(grep -c processor /proc/cpuinfo)
make modules_install INSTALL_MOD_PATH=${basedir}/root
git clone --depth 1 https://github.com/raspberrypi/firmware.git rpi-firmware
cp -rf rpi-firmware/boot/* ${basedir}/bootp/
cp arch/arm/boot/zImage ${basedir}/bootp/kernel.img
cd ${basedir}

# Create cmdline.txt file
cat << EOF > ${basedir}/bootp/cmdline.txt
dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 elevator=deadline root=/dev/mmcblk0p2 rootfstype=ext4 rootwait
EOF

rm -rf ${basedir}/root/lib/firmware
cd ${basedir}/root/lib
git clone --depth 1 https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git firmware
rm -rf ${basedir}/root/lib/firmware/.git

# rpi-wiggle
mkdir -p ${basedir}/root/scripts
wget https://raw.github.com/dweeber/rpiwiggle/master/rpi-wiggle -O ${basedir}/root/scripts/rpi-wiggle.sh
chmod 755 ${basedir}/root/scripts/rpi-wiggle.sh

cd ${basedir}

# Unmount partitions
umount $bootp
umount $rootp
kpartx -dv $loopdevice
losetup -d $loopdevice

# Clean up all the temporary build stuff and remove the directories.
# Comment this out to keep things around if you want to see what may have gone
# wrong.
echo "Cleaning up the temporary build files..."
rm -rf ${basedir}/kernel ${basedir}/bootp ${basedir}/root ${basedir}/kali-$architecture ${basedir}/boot ${basedir}/tools ${basedir}/patches

# If you're building an image for yourself, comment all of this out, as you
# don't need the sha1sum or to compress the image, since you will be testing it
# soon.
echo "Generating sha1sum for kali-$1-rpi.img"
sha1sum kali-$1-rpi.img > ${basedir}/kali-$1-rpi.img.sha1sum
# Don't pixz on 32bit, there isn't enough memory to compress the images.
MACHINE_TYPE=`uname -m`
if [ ${MACHINE_TYPE} == 'x86_64' ]; then
echo "Compressing kali-$1-rpi.img"
pixz ${basedir}/kali-$1-rpi.img ${basedir}/kali-$1-rpi.img.xz
rm ${basedir}/kali-$1-rpi.img
echo "Generating sha1sum for kali-$1-rpi.img.xz"
sha1sum kali-$1-rpi.img.xz > ${basedir}/kali-$1-rpi.img.xz.sha1sum
fi
	#!/bin/bash

	# This is the Raspberry Pi Kali ARM build script - http://www.kali.org/downloads
	# A trusted Kali Linux image created by Offensive Security - http://www.offensive-security.com

	if [[ $# -eq 0 ]] ; then
	echo "Please pass version number, e.g. $0 1.0.1"
	exit 0
	fi

	basedir=`pwd`/rpi-$1

	# Package installations for various sections.
	# This will build a minimal XFCE Kali system with the top 10 tools.
	# This is the section to edit if you would like to add more packages.
	# See http://www.kali.org/new/kali-linux-metapackages/ for meta packages you can
	# use. You can also install packages, using just the package name, but keep in
	# mind that not all packages work on ARM! If you specify one of those, the
	# script will throw an error, but will still continue on, and create an unusable
	# image, keep that in mind.

	arm="abootimg cgpt fake-hwclock ntpdate vboot-utils vboot-kernel-utils uboot-mkimage"
	base="kali-menu kali-defaults initramfs-tools sudo parted e2fsprogs usbutils"
	desktop="xfce4 network-manager network-manager-gnome xserver-xorg-video-fbdev"
	tools="passing-the-hash winexe aircrack-ng hydra john sqlmap wireshark libnfc-bin mfoc nmap ethtool usbutils"
	services="openssh-server apache2"
	extras="iceweasel wpasupplicant"
	size=3000 # Size of image in megabytes

	export packages="${arm} ${base} ${desktop} ${tools} ${services} ${extras}"
	export architecture="armhf"
	# If you have your own preferred mirrors, set them here.
	# You may want to leave security.kali.org alone, but if you trust your local
	# mirror, feel free to change this as well.
	# After generating the rootfs, we set the sources.list to the default settings.
	export mirror=http.kali.org
	export security=security.kali.org

	# Check to ensure that the architecture is set to ARMEL since the RPi is the
	# only board that is armhf.
	if [[ $architecture != "armhf" ]] ; then
	echo "The Raspberry Pi cannot run the Debian armel binaries"
	exit 0
	fi

	# Set this to use an http proxy, like apt-cacher-ng, and uncomment further down
	# to unset it.
	#export http_proxy="http://localhost:3142/"

	mkdir -p ${basedir}
	cd ${basedir}

	# create the rootfs - not much to modify here, except maybe the hostname.
	debootstrap --foreign --arch $architecture kali kali-$architecture http://$mirror/kali

	cp /usr/bin/qemu-arm-static kali-$architecture/usr/bin/

	LANG=C chroot kali-$architecture /debootstrap/debootstrap --second-stage
	cat << EOF > kali-$architecture/etc/apt/sources.list
	deb http://$mirror/kali kali main contrib non-free
	deb http://$security/kali-security kali/updates main contrib non-free
	EOF

	# Set hostname
	echo "kali" > kali-$architecture/etc/hostname

	# So X doesn't complain, we add kali to hosts
	cat << EOF > kali-$architecture/etc/hosts
	127.0.0.1 kali localhost
	::1 localhost ip6-localhost ip6-loopback
	fe00::0 ip6-localnet
	ff00::0 ip6-mcastprefix
	ff02::1 ip6-allnodes
	ff02::2 ip6-allrouters
	EOF

	cat << EOF > kali-$architecture/etc/network/interfaces
	auto lo
	iface lo inet loopback

	auto eth0
	iface eth0 inet dhcp
	EOF

	cat << EOF > kali-$architecture/etc/resolv.conf
	nameserver 8.8.8.8
	EOF

	export MALLOC_CHECK_=0 # workaround for LP: #520465
	export LC_ALL=C
	export DEBIAN_FRONTEND=noninteractive

	mount -t proc proc kali-$architecture/proc
	mount -o bind /dev/ kali-$architecture/dev/
	mount -o bind /dev/pts kali-$architecture/dev/pts

	cat << EOF > kali-$architecture/debconf.set
	console-common console-data/keymap/policy select Select keymap from full list
	console-common console-data/keymap/full select en-latin1-nodeadkeys
	EOF

	cat << EOF > kali-$architecture/third-stage
	#!/bin/bash
	dpkg-divert --add --local --divert /usr/sbin/invoke-rc.d.chroot --rename /usr/sbin/invoke-rc.d
	cp /bin/true /usr/sbin/invoke-rc.d
	echo -e "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d
	chmod +x /usr/sbin/policy-rc.d

	apt-get update
	apt-get install locales-all

	debconf-set-selections /debconf.set
	rm -f /debconf.set
	apt-get update
	apt-get -y install git-core binutils ca-certificates initramfs-tools uboot-mkimage
	apt-get -y install locales console-common less nano git
	echo "root:toor" \| chpasswd
	sed -i -e 's/KERNEL\!=\"eth\*\|/KERNEL\!=\"/' /lib/udev/rules.d/75-persistent-net-generator.rules
	rm -f /etc/udev/rules.d/70-persistent-net.rules
	apt-get --yes --force-yes install $packages

	update-rc.d ssh enable

	rm -f /usr/sbin/policy-rc.d
	rm -f /usr/sbin/invoke-rc.d
	dpkg-divert --remove --rename /usr/sbin/invoke-rc.d

	rm -f /third-stage
	EOF

	chmod +x kali-$architecture/third-stage
	LANG=C chroot kali-$architecture /third-stage

	cat << EOF > kali-$architecture/cleanup
	#!/bin/bash
	rm -rf /root/.bash_history
	apt-get update
	apt-get clean
	rm -f /0
	rm -f /hs_err*
	rm -f cleanup
	rm -f /usr/bin/qemu*
	EOF

	chmod +x kali-$architecture/cleanup
	LANG=C chroot kali-$architecture /cleanup

	umount kali-$architecture/proc/sys/fs/binfmt_misc
	umount kali-$architecture/dev/pts
	umount kali-$architecture/dev/
	umount kali-$architecture/proc

	# Create the disk and partition it
	echo "Creating image file for Raspberry Pi"
	dd if=/dev/zero of=${basedir}/kali-$1-rpi.img bs=1M count=$size
	parted kali-$1-rpi.img --script -- mklabel msdos
	parted kali-$1-rpi.img --script -- mkpart primary fat32 0 64
	parted kali-$1-rpi.img --script -- mkpart primary ext4 64 -1

	# Set the partition variables
	loopdevice=`losetup -f --show ${basedir}/kali-$1-rpi.img`
	device=`kpartx -va $loopdevice\| sed -E 's/.(loop[0-9])p./\1/g' \| head -1`
	device="/dev/mapper/${device}"
	bootp=${device}p1
	rootp=${device}p2

	# Create file systems
	mkfs.vfat $bootp
	mkfs.ext4 $rootp

	# Create the dirs for the partitions and mount them
	mkdir -p ${basedir}/bootp ${basedir}/root
	mount $bootp ${basedir}/bootp
	mount $rootp ${basedir}/root

	echo "Rsyncing rootfs into image file"
	rsync -HPavz -q ${basedir}/kali-$architecture/ ${basedir}/root/

	# Enable login over serial
	echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> ${basedir}/root/etc/inittab

	cat << EOF > ${basedir}/root/etc/apt/sources.list
	deb http://http.kali.org/kali kali main non-free contrib
	deb http://security.kali.org/kali-security kali/updates main contrib non-free

	deb-src http://http.kali.org/kali kali main non-free contrib
	deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
	EOF

	# Uncomment this if you use apt-cacher-ng otherwise git clones will fail.
	#unset http_proxy

	# Kernel section. If you want to use a custom kernel, or configuration, replace
	# them in this section.
	git clone --depth 1 https://github.com/raspberrypi/linux ${basedir}/kernel
	git clone --depth 1 https://github.com/raspberrypi/tools ${basedir}/tools

	cd ${basedir}/kernel
	mkdir -p ../patches
	wget https://raw.github.com/offensive-security/kali-arm-build-scripts/master/patches/kali-wifi-injection-3.12.patch -O ../patches/mac80211.patch
	patch -p1 --no-backup-if-mismatch < ../patches/mac80211.patch
	touch .scmversion
	export ARCH=arm
	export CROSS_COMPILE=${basedir}/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-
	cp p12_kernel.config .config
	make -j $(grep -c processor /proc/cpuinfo)
	make modules_install INSTALL_MOD_PATH=${basedir}/root
	git clone --depth 1 https://github.com/raspberrypi/firmware.git rpi-firmware
	cp -rf rpi-firmware/boot/* ${basedir}/bootp/
	cp arch/arm/boot/zImage ${basedir}/bootp/kernel.img
	cd ${basedir}

	# Create cmdline.txt file
	cat << EOF > ${basedir}/bootp/cmdline.txt
	dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 elevator=deadline root=/dev/mmcblk0p2 rootfstype=ext4 rootwait
	EOF

	rm -rf ${basedir}/root/lib/firmware
	cd ${basedir}/root/lib
	git clone --depth 1 https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git firmware
	rm -rf ${basedir}/root/lib/firmware/.git

	# rpi-wiggle
	mkdir -p ${basedir}/root/scripts
	wget https://raw.github.com/dweeber/rpiwiggle/master/rpi-wiggle -O ${basedir}/root/scripts/rpi-wiggle.sh
	chmod 755 ${basedir}/root/scripts/rpi-wiggle.sh

	cd ${basedir}

	# Unmount partitions
	umount $bootp
	umount $rootp
	kpartx -dv $loopdevice
	losetup -d $loopdevice

	# Clean up all the temporary build stuff and remove the directories.
	# Comment this out to keep things around if you want to see what may have gone
	# wrong.
	echo "Cleaning up the temporary build files..."
	rm -rf ${basedir}/kernel ${basedir}/bootp ${basedir}/root ${basedir}/kali-$architecture ${basedir}/boot ${basedir}/tools ${basedir}/patches

	# If you're building an image for yourself, comment all of this out, as you
	# don't need the sha1sum or to compress the image, since you will be testing it
	# soon.
	echo "Generating sha1sum for kali-$1-rpi.img"
	sha1sum kali-$1-rpi.img > ${basedir}/kali-$1-rpi.img.sha1sum
	# Don't pixz on 32bit, there isn't enough memory to compress the images.
	MACHINE_TYPE=`uname -m`
	if [ ${MACHINE_TYPE} == 'x86_64' ]; then
	echo "Compressing kali-$1-rpi.img"
	pixz ${basedir}/kali-$1-rpi.img ${basedir}/kali-$1-rpi.img.xz
	rm ${basedir}/kali-$1-rpi.img
	echo "Generating sha1sum for kali-$1-rpi.img.xz"
	sha1sum kali-$1-rpi.img.xz > ${basedir}/kali-$1-rpi.img.xz.sha1sum
	fi