Ok check it out I just checked out www(DOT)nexmon(DOT)org and they have monitor mode working on the nexus 5 I have tried it and it works I was wondering if I could get this driver ported on 5.1.1 instead of having to use this on 6.0 I enjoy using my nethunter
Is nexmon a way to temporarily boot the phone to use it as a wifi interface in monitor mode, or is nexmon installed onto the phone and then you boot the phone normally and use nethunter?
m52 power! said:
Is nexmon a way to temporarily boot the phone to use it as a wifi interface in monitor mode, or is nexmon installed onto the phone and then you boot the phone normally and use nethunter?
Click to expand...
Click to collapse
nexmon is a project to enable monitor mode on the Nexus 5 smartphone. It consists of a kernel module, which is a modified bcmdhd driver, and a modified firmware that is executed on the ARM microcontroller inside the BCM4339 wifi chip. As module loading is disabled in stock kernels for the Nexus 5, we deliver a boot.img containing a kernel with enabled module loading and the modified driver module. The boot.img also disables the wpa_supplicant and p2p_supplicant services in the init.hammerhead.rc so that they are not starting automatically. This was necessary as those services interfered with our driver testing, for example, by automatically setting up an interface (ifconfig wlan0 up). The boot.img is also relatively large, as it contains a couple of tools in the /nexmon/bin directory. If size is not a problem, you can also flash the image to your phone, but then, you cannot use it for regular wifi operations anymore. In the future, we might fix this issue to make nexmon more user friendly.
If you want to report bugs or have feature requests, then feel free to contact us.
---------- Post added at 02:05 PM ---------- Previous post was at 02:02 PM ----------
BLACKHATN5 said:
Ok check it out I just checked out www(DOT)nexmon(DOT)org and they have monitor mode working on the nexus 5 I have tried it and it works I was wondering if I could get this driver ported on 5.1.1 instead of having to use this on 6.0 I enjoy using my nethunter
Click to expand...
Click to collapse
Did you try running the 6.0.1 kernel with a 5.1.1 system image? Even though there might be some stability issues, it could work – at least temporarily for playing with monitor mode. If you require a 5.1.1 kernel image, you can simply compile a 5.1.1 hammerhead kernel with enabled module support and bcmdhd enabled as a module. Then you can insmod whichever driver you want to use with your bcm4339 chip.<
Yes it is only temporary and its still in the works. I am not a said developer for the program I was just testing it
didn't work for me..
need help.
thephoenix0707 said:
didn't work for me..
need help.
Click to expand...
Click to collapse
Then explain us, what you tried to do and what failed to work. Btw. we are currently working on the project and I just saw that you have to load the nexmon.ko module instead of the bcmdhd.ko module. We intend to keep the unmodified bcmdhd driver while being able to activate monitor mode by loading the nexmon.ko.
Actually i am running nethunter 3.0 on Android M 6.0.1 on my nexus 5,then I came to know about the nexmon project so I tried enabling monitor mode by following the steps as per the website, and I guess the whole process went on perfectly.But still when I use the command airmon-ng I get an error "unable to detect for sdio".
thephoenix0707 said:
Actually i am running nethunter 3.0 on Android M 6.0.1 on my nexus 5,then I came to know about the nexmon project so I tried enabling monitor mode by following the steps as per the website, and I guess the whole process went on perfectly.But still when I use the command airmon-ng I get an error "unable to detect for sdio".
Click to expand...
Click to collapse
http://www.aircrack-ng.org/doku.php?id=airmon-ng said:
This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status.
Click to expand...
Click to collapse
airmon-ng is a script to setup a monitor interface, but our nexmon driver automatically starts with a monitor interface that delivers frames prepended by a radio-tap header. So you do not need to run airmon-ng to start the monitor interface. You can simply try to run tcpdump to dump the received frames. Currently, injection is not working, so you will not be able to use any tools that require this feature.
i think that's why i couldn't use it with airodump too,would wait for the features to be added...
thanks for the help..
hello, can now normal use phone with this kernel ?
adorex97 said:
hello, can now normal use phone with this kernel ?
Click to expand...
Click to collapse
You can normally use your phone with this kernel, but regular wifi operation does not work with the monitor mode firmware. We also offer a lot of other firmware pathches, including frame injection. Additionally, there will be a demo on this years WiSec conference https://www.securityweek2016.tu-darmstadt.de/wisec/program/.
normally flase boot.img after root and not working monitor mode ,no flashing n hunter
I am flase nexmon on my nexus 5 .but not enabled monitor mode and not installing nethunter..after flashing boot.img ,I am flash boot.img normally...but not working bcmon..and not installing any kernel after flase boot.img...please help me..how to enabled monitor mode....please say me steps by step..
vicky80800 said:
I am flase nexmon on my nexus 5 .but not enabled monitor mode and not installing nethunter..after flashing boot.img ,I am flash boot.img normally...but not working bcmon..and not installing any kernel after flase boot.img...please help me..how to enabled monitor mode....please say me steps by step..
Click to expand...
Click to collapse
There is a step by step instruction online:
Code:
Download the boot.img (this project is still in heavy development, the monitor mode should work on the boot.img in this commit though: 1171d135)
adb reboot bootloader
fastboot boot boot.img
without the flash parameter, this boot image will be reset to the previous one on the next reboot
fastboot reboot
adb shell
su -
insmod /nexmon/nexmon.ko
ifconfig wlan0 up
do whatever you want, e.g. run tcpdump: /nexmon/bin/tcpdump -i wlan0 -s0
If you simply want monitor mode, use the boot.img from commit 1171d135. We are also developing new patches. To run those you need to clone the git repo and run:
Code:
make boot
to compile everything and load the modified boot image onto your phone.
Then you can choose and load one of the patches from the firmware_patching directory on your phone by executing:
Code:
make reloadfirmware FWPATCH=monitor_mode_example
Then you can setup the interface
Code:
adb shell su -c 'ifconfig wlan0 up'
And run tcpdump
Code:
tcpdump -i wlan0 -s0
In the self build image, there are a lot of pentesting tools that are all built from source, such as aircrack-ng. Using aufs as overlay filesystem, you will find them overlayed over your system binaries, so that you can directly run them. We also patched the kernel to be able to create raw sockets without root priviledges, which allows you to access interfaces directly from Java code in Android apps, without the need of a binary that runs as root.
After installing boot.img not working WiFi network..no network found.. Can you say why ??
vicky80800 said:
After installing boot.img not working WiFi network..no network found.. Can you say why ??
Click to expand...
Click to collapse
Yes, because we disable wpa_supplicant and p2p_supplicant as they hinder development and always pull up the wifi interface when it is not intended to be pulled up.
To reenable the two services, comment the following lines in the Makefile and recompile your own boot.img:
Code:
&& sed -i '/service wpa_supplicant/,+11 s/^/#/' init.hammerhead.rc \
&& sed -i '/service p2p_supplicant/,+14 s/^/#/' init.hammerhead.rc \
Thanks ..for help
Hi @matthiasschulz,
thanks for your great work. I'm having two questions:
1. Is it possible to use your developed kernel driver with an other handset? I'm thinking of my LG G3 which also has the BCM4339 chipset.
2. It seems that one needs a specially built kernel to use your driver. Are you planing to do it like bcmon where no kernel compile is needed as they work with LD_PRELOAD to hook the C Library syscalls ?
3. Can your driver somehow be used from within a running android phone without the need to reboot into fastboot mode?
thank you very much!
hack_rid said:
1. Is it possible to use your developed kernel driver with an other handset? I'm thinking of my LG G3 which also has the BCM4339 chipset.
Click to expand...
Click to collapse
The kernel always depends on the device you use, however, you can take our modified bcmdhd driver for the BCM4339 and compile it for the LG G3.
hack_rid said:
2. It seems that one needs a specially built kernel to use your driver. Are you planing to do it like bcmon where no kernel compile is needed as they work with LD_PRELOAD to hook the C Library syscalls ?
Click to expand...
Click to collapse
We needed to rebuild the kernel, as the original Marshmallow kernel for the Nexus 5 stock firmware has module loading disabled. Hence, the WiFi driver is directly included in the kernel. As long as other devices do not have module loading activated, you cannot simply load our modified driver. Just replacing the WiFi firmware binary and using the LD_PRELOAD hack might work however.
hack_rid said:
3. Can your driver somehow be used from within a running android phone without the need to reboot into fastboot mode?
Click to expand...
Click to collapse
Not yet. Currently, we disable the wpa_supplicant and p2p_supplicant services during boot as they always try to activate the WiFi interface, which is annoying when developing new firmware patches. If someone would figure out how to stop and start the two services while the device is running, one could switch between a working original firmware version and our patches.
Hi Matthias,
thanks for your answer!
I'm digesting it!
I'm sure you closely followed the development of bcmon. If not, you can find some slides here where the devs explain how they achieved what is there:
dropbox...com/sh/le8zeczpddf3nx0/fdXn4LSxGI
link source:
bcmon.blogspot...de/2013/07/monitor-mode-reloaded_14.html
they reached a pretty portable solution. the only thing they need as a pre-requirement is root and the matching chipset
looking forward to your progress
Hey, @matthiasschulz can you tell me please why i can't get monitor mode (ex:in airodump-ng) in kali Terminal Emulator([email protected] 3.1). I have a Nexus 5 with Android 6.0.1 M0B30Y with Nethunter 3.1 on top of it and I booted nexmon (boot.img) from fastboot (command: fastboot boot boot.img).I didn't forget to insert the kernel module and bring the wlan0 interface up. The nice thing is that I can use only your tools from /nexmon/bin, like airodump-ng, but not in kali terminal, just in root android. It's something, for example,a simlink or a little bit more complicated than that?
Related
This may have been posted some where in the past but I have been searching for some time and found nothing but others looking for this information. So I though I would document what I did to get everything up and running on my note 3 and share it here.
Requirements
Rooted Note 3
Recommended
Bluetooth keyboard and mouse
From a PC
1. Download kali from the LOA website kalilinux.FULL.ext4.20131031 (5.8 GB Uncompressed) (2.0GB Download)
2. Once the download is complete extract the contents of the folder so you have a folder named “kali” then an .img and .md5 file in it then copy that to the Note 3 device storage root. I strongly recommend using USB 3.0.
On the Note 3
1. First Download Linux on Android It might be called Complete Linux Installer now
2. Then Download androidVNC and Terminal Emulator
3. Download the modified bootscript.sh from attchments and extract
4. Copy to /data/data/com.zpwebsites.linuxonandroid/files/bootscript.sh
5. Start Linux on Android
6. Swipe from the left of the screen to the right and open the menu
7. Select “Launch”
8. Using the drop down box select “Kali”
9. Press the “Settings” button on the top right
10. Select “Edit”
11. On the line that says “Image” click the “…” button
12. Select the img file you copied to the storage in the kali folder
13. Click the “Save Changes” button
14. Then you are ready to click the “Start Linux” button
15. There will be a question if you want to check the img with the MD5 I would go ahead and type “y” and do this step to verify your download was not messed up.
16. Then it will ask you to create a new password. Type it in. And again. Make it 6 char alpha numeric.
17. If all is good it will ask if you would like to start vnc and ssh servers. Select yes to both.
18. Next it will ask you if you would like to save as default settings. I would select yes.
19. After things finish loading and you have a prompt. We will have to configure ssh
20. Type “ssh-keygen –R localhost”
21. Then you will be able to connect to the linux shell via ssh
22. Type "ssh localhost"
23. It will ask you if you want to add localhost to the list of allowed hosts
24. Type "yes" then press enter
25. Type in your password
26. Once connected to the emulator you will need to setup the VNC password
27. Type "vncpasswd" then press enter
28. Type your password in. And again. I would use the same 6 char password from before
29. Then you are ready to connect to the desktop
30. Open androidVNC from them the main menu leaving the terminal running in the background
31. Create a new connection from the dropbox
32. Name it kalilinux
33. Fill in the password you created
34. Use localhost for the address and the default port
35. Select 24-bit color (4 bpp) for the color format
36. Click connect...
Great guide. My device isn't rooted (yet) but this makes me really start considering a root in near future. THIS^ is a the best reason why we need knox free devices.
Damn you Sammy with your Knox mumbo jumbo! I should start looking for an older FW/rootable SGN3....
This will not trigger the Knox bit it is running in an emulator on top of android. there are a couple of ways to root without tripping the Knox bit. And this does not need a custom rom or kernel.
Does it really work for you? I wasted almost a full day trying to get linux to run on my note 3 yesterday, I even began suspecting kitkat prohibits running linux...
On a side note, is there some smaller distro? 5+ gigs is an awful lot, I only need GCC and a few static libraries on my image...
good guide! Thanks!
Does it support packet injection out the box, or are you awaiting the modded driver as well?
Sent from my SAMSUNG-SM-N900A using XDA Premium 4 mobile app
melaniel said:
Does it support packet injection out the box, or are you awaiting the modded driver as well?
Sent from my SAMSUNG-SM-N900A using XDA Premium 4 mobile app
Click to expand...
Click to collapse
not by default i could not start monitor mode on the adapter but you can use an external wifi adapter as long as you provide external power via usb splitter
this guide should work with other distors just download one to your likeing from the linux on android site
bruce303lee said:
not by default i could not start monitor mode on the adapter but you can use an external wifi adapter as long as you provide external power via usb splitter
this guide should work with other distors just download one to your likeing from the linux on android site
Click to expand...
Click to collapse
ill wait out the driver then. bcmon is working on the nexus 5, same driver so should theoretically work on note 3
melaniel said:
ill wait out the driver then. bcmon is working on the nexus 5, same driver so should theoretically work on note 3
Click to expand...
Click to collapse
+1
I don't think there will be a driver, but let's hope and pray... Maybe a developer take some time to port the driver for the bcm 4339 chipset to get monitor mode working .
For informations about development status for the driver you can follow my link
http://forum.xda-developers.com/showthread.php?t=2602710
Greetings Tyler
TylerDurben said:
+1
I don't think there will be a driver, but let's hope and pray... Maybe a developer take some time to port the driver for the bcm 4339 chipset to get monitor mode working .
For informations about development status for the driver you can follow my link
http://forum.xda-developers.com/showthread.php?t=2602710
Greetings Tyler
Click to expand...
Click to collapse
Well its the same driver as the Nexus 5, so here's hoping!
melaniel said:
Well its the same driver as the Nexus 5, so here's hoping!
Click to expand...
Click to collapse
This project is much more interesting!!
http://w11.zetaboards.com/Pwnie_Express/forum/3714106/
I am using it with my nexus 7 (2012) witch is bcmon supported
Sent from my SM-N9005 using XDA Premium 4 mobile app
Error: Unable to create loop device!
Hello,
I installed the 4.4.2 version on Note 3 (N9005) ... when I boot Kali I receive the error below:
Code:
[email protected]:/ $
[email protected]:/ $ cd /storage/extSdCard/Linux/KaliFull
[email protected]:/storage/extSdCard/Linux/KaliFull $ su
sh /data/data/com.zpwebsites.linuxonandroid/files/bootscript.sh /storage/extSdCard/Linux/KaliFull/kalilinux.FULL.ext4.v2.img
sh /data/data/com.zpwebsites.linuxonandroid/files/bootscript.sh /storage/extSdCard/Linux/KaliFull/kalilinux.FULL.ext4.v2.img
Full/kalilinux.FULL.ext4.v2.img <
Checking loop device... MISSING
Creating loop device... /data/data/com.zpwebsites.linuxonandroid/files/bootscript.sh[130]: /data/data/com.zpwebsites.linuxonandroid/files/busybox: can't execute: Permission denied
FAILED
Error: Unable to create loop device!
1|[email protected]:/storage/extSdCard/Linux/KaliFull #
does anyone know how to fix it?
Thanks,
Error: Unable to create loop device!
yea, me too, galaxy note3
Error: Unable to create loop device!
help,
Loop device error
My device also has that loop error.
I think that this has something to do with the kernel...
Here is my kernel version:
http://i.imgur.com/C6yF4DB.png
Can anyone confirm that this is the kernel issue?
P.S. here are the instructions for setting up Kali on Galaxy S4 with Linux Deploy app (I'll try install it using these methods...):
http://forum.xda-developers.com/showthread.php?t=2400638
EDIT:
I had no luck installing it with Linux Deploy. It just fails... It says it cannot find the directory that actually exist... xD
P.S. i think this is a kernel issue according to this (and other posts I found):
http://forum.xda-developers.com/showpost.php?p=50746675&postcount=5
You can find custom kernels and ROMs here:
http://forum.xda-developers.com/showthread.php?t=2439633
I heard that the LEAN kernel has "loop devices" setting enabled.
Also, you can modify your current kernel. Instructions here:
http://forum.xda-developers.com/showthread.php?t=1818871
Is there a easier method for enabling loop devices?
access
how can I access all kali files and folders when I usee explorer root is my sd card root and I can't see a single kali file
I tried your method and still received the same errors.
I have a rooted note 3 (I think I used the chainfire method) the device is still pretty new to me.
First it won't create the loop255
I've manged to get around that by making the loop255 device myself in terminal with the play store version of bbox (for some reason there seems to be an issue with the installer calling it's own busybox)
But then it (that is the loop device) won't mount, I'm over my head with that stuff so I haven't been able to work around this.
Some guidance would be much appreciated.
On a side note I got linux running on my old LG Motion with linux deploy and it works like a dream but for some reason there are no programs on it! I've found this odd but there are (or at least I cant find them) none of the preloaded hacking programs that are the entire point of the kali project. It's possible I just didn't find them yet but it's so hard to work with a desktop OS on a 320x480 screen, that's why I'm trying to get it on my note! I'm in love with this new 1080x1900 res!
Sent from my SM-N900T using XDA Free mobile app
---------- Post added at 11:15 PM ---------- Previous post was at 10:57 PM ----------
Okay I've seen in a few places that it has to do with the stock kernel of the note 3 can anyone either confirm or deny this and if so what do I do?
Sent from my SM-N900T using XDA Free mobile app
Root Folder
I was just wondering how you were able to copy files and folders from your pc to your root folder. Do you use a program or cmd line?
Circumventing the loop device mounting problem on the Note 3
Vinniecap974 said:
I tried your method and still received the same errors.
I have a rooted note 3 (I think I used the chainfire method) the device is still pretty new to me.
First it won't create the loop255
I've manged to get around that by making the loop255 device myself in terminal with the play store version of bbox (for some reason there seems to be an issue with the installer calling it's own busybox)
But then it (that is the loop device) won't mount, I'm over my head with that stuff so I haven't been able to work around this.
Some guidance would be much appreciated.
On a side note I got linux running on my old LG Motion with linux deploy and it works like a dream but for some reason there are no programs on it! I've found this odd but there are (or at least I cant find them) none of the preloaded hacking programs that are the entire point of the kali project. It's possible I just didn't find them yet but it's so hard to work with a desktop OS on a 320x480 screen, that's why I'm trying to get it on my note! I'm in love with this new 1080x1900 res!
Sent from my SM-N900T using XDA Free mobile app
---------- Post added at 11:15 PM ---------- Previous post was at 10:57 PM ----------
Okay I've seen in a few places that it has to do with the stock kernel of the note 3 can anyone either confirm or deny this and if so what do I do?
Sent from my SM-N900T using XDA Free mobile app
Click to expand...
Click to collapse
I ran up against the same problem and the only way I could get around it was to flash with a "permissive" ROM.
Device: Galaxy Note 3 N9005 running stock Android 4.4.2 (KitKat).
Main steps I followed were:
(1) Rooted the phone using the excellent Towelroot method;
(2) Downloaded and deployed the various files mentioned in the Kali install guide in this thread (Kali image, bootscript, busybox, etc.);
(3) Flashed a bootloader. I used Mobile Odin (from Play Store) to install the latest CWM bootloader;
(4) Downloaded and flashed the Omega V21 ROM using the CWM bootloader. I opted for "no wipe" and it seems to have worked OK.
(5) Used the Complete Linux Installer app (Play Store) to load and run the Kali image;
(6) Fixed some permissions problems with the rooted version of the FX file explorer app (Play Store);
(7) Accessed Linux using the RealVNC app (Play Store) rather than the recommended android-vnc-viewer.
Found the former worked better for me;
Of course, the ROM flash voided my warranty, but that's not an issue for me.
Hope this helps,
Ronan
As I understand it , you need to flash a permissive kernel to make this work properly.
Im on 4.4.2 with knox 0x0 and really dont want to set it to 0x1.
I managed to get linux to install but its limited in what you can do with it.
Xposed didnt set mine to permissive , neither did the playstore app .
If anyone knows of a way to set a stock kernel to permissive on a rooted device plz pm me.
I set up a Debian chroot on my CM11 Note 3 and have been using it for a long time with great success. Here's a tip, don't bother with the loopback-mounted images, it's pointless on a phone with a datamedia partition layout (where /data and /sdcard are the same partition, which the Note 3 is). Instead, just dump the root filesystem directly into the /data directory in a folder, i.e. /data/debian (or /data/arch, /data/ubuntu, /data/kali, etc). This way you don't have to have loopback device support in your kernel, you can install as much crap as you want and not have to resize your image/partition, and you can delete crap you don't want to free up space for Android apps or user storage because all of them share the same space.
Another tip, instead of VNC server which is not accelerated and pretty crap overall, use XServer XSDL. This implements an X-server at the Android app level so it can take advantage of some acceleration (not 3D but possibly 2D) and is drawing with native Android surfaces rather than rendering into a VNC buffer and such. To use it, simply run a command such as:
Code:
# env 127.0.0.1:0 mate-session
from a chroot terminal. This particular one will open a MATE desktop session in XServer XSDL (make sure you either open the app right before or right after running the command, leave it too long and it times out). There's also a libandroid_shmem.so or something library you can use to speed up the chroot->xserver memory performance. Best thing is you can configure the touchscreen to act as a trackpad like on a laptop, then use the left and right (up and down, but landscape) volume keys as left and right click.
On CM11 you can even write a script and add it to /data/local/userinit.sh to automatically start the chroot (bind mount all the devices and set up networking) and even start services if you want. I have mine automatically fire up a samba server and an SSH server on boot so I can access files remotely as well as remote in and use my Note 3 as an ARM build box for compiling stuff.
Finally, I'm looking into booting Debian natively. I've already got it working on my Note 1 and my HP TouchPad. Booting natively means you get full access to run an X server with full graphics hardware access, and with the Freedreno driver you can get actual GL and GLES acceleration. The Adreno 330 should be able to handle this pretty well. The first step towards this goal is getting dual-booting kernels to work as the native Debian kernel will need some stuff that Android doesn't want and vice-versa. I'm working towards porting Kexecboot and the kexec-hardboot patches which will allow booting of multiple kernels without reflashing. Then you can boot Debian (or other Linux) natively or you can boot Android and use services from that Linux install in chroot and easily switch back and forth by rebooting. I already have this working on the Note 1 (HP TouchPad has kexecboot but it isn't really necessary as the main bootloader supports multiple kernels already).
Hey What is on Developers Vineet Alpha Here.Today i am gona be showing you how to run Kali-Linux with aircrack-ng on MI4I.And i will also provide my custom built kernel for MI4I with Atheros Wifi Chipset Support.I use TP-Link WN722N and Works perfectly.It Took 9 Month To Complete this Project.Remember it only works on Cyanogen Mod. It won't work on MIUI.So Strictly Follow the Steps Or you end by Bricking up your phone.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
So, Let's get started
First Download The Things Below [ Essential's ]
Cyanogen-Mod 12.1 -> CM12.1-ferrari
G.aaps 5.1-> Gaaps5.1-Micro
T.W.R.P Recovery IMG-> Twrp 2.8.7.0.img
Kernel-> Vineet-Kernel-RebornV1.zip
Kernel2-> Default_Kernel.zip
Busy-box APK-> Busybox.apk
Juice SSH APK-> Juicessh.apk
KMOD Manager APK-> Kmod.apk
Linux Deploy-> Linuxdeploy.apk
And the Last thing a good Internet Connection So, that Linux deploy could download the kali linux image.
Step 1.
First Flash Twrp.img on your MI4I by putting it on Fastboot Mode.
Step 2.
Then Flash Cyanogen Mod 12.1 and Gaaps Using TWRP recovery.(Before Flashing Advance Wipe All the Data.)
Step 3.
Then Setup your Cyanogen Mod 12.1 Google account and Reboot Once.
Step 4.
Then Install All the apps Stated above in the essentials.
Now, Open Busy box and let it install automatically.
Then open Linux Deploy app.And go to the settings.
Leave the architecture as it is.
Then Select Install and it will take around 30 minutes to download the image and install Kali linux.
Step 5.
Then after installation click on start in linux deploy.
The output will be something like this.
Then Open Juice SSH And add a new connection to it and Add
Username= android
Password= changeme
Address as = localhost:22
and then save it.
After that Click on connect in Juice SSH and enter password if asked as = changeme
Now, you will be into the localhost i mean kali linux terminal server.
Step 6.
Now Configure the kali linux follow my commands
type these commands
A) sudo passwd (To set your SU password in the kali linux so that you can run Aircrack-ng with admin access).
B) sudo apt-get update (necessary files and binaries to install)
C) sudo apt-get install aircrack-ng
D) sudo apt-get install wifite
C) sudo apt-get install rfkill (OPTIONAL)
Almost there my friends,
Step 7.
Now reboot the phone to TWRP recovery and Flash My Kernel (Vineet_Kernel_Reborn)
Remember after installing this Kernel Internal wifi won't work. That is the reason i told you to install and download everything before on phone.If you want to use the internal wifi again the flash the default kernel i have provided.On my kernel only external wifi adapter will work.And i'll fix this soon.
Now, after flashing the custom Kernel on CM12.1 Reboot your Phone.
Step 8.
Now open the app Kmod Manager and Load all the modules. Its very easy just switch on everything in the app.
Step 9.
Again open the Linux deploy and click on start
then open the Juice SSH app and connect to the Linux Shell(I mean to the terminal localhost of kali linux)
Step 10.
Connect you Wifi adapter using
Voila Rocking moment here-------(LAst STEp)\
Type these command to put Wifi Card (My is TP-Link WN722N Atheros AR9271) on Monitor Mode And Run Aircrack-ng on it.
A) airmon-ng (Remember it show question mark on driver just ignore it and it will give a statement just ignore all that.)
Output would be something like this.
B) airmon-ng start wlan1
or ( Depend on your wifi interface)
B) airmon-ng start wlan0
Remember after putting it on monitor mode the interface you will use on the commands will be something like this wlan1mon or wlan0mon
C) airodump-ng wlan1mon
or
C) airodump-ng wlan0mon
Output will be like this
----------------------Enjoy Guys---------------------
-------You Can download additional Wifi tools and use it guys. Enjoy Folks.---
-------ENJOY MI-Hackers This is the first time aircrack-ng on MI Phone---------
----------------------Enjoy Guys-----------------------
yes!!! finaly!!! thx vineet
Share my post. If you feel thanked.
First thing - thanks for sharing your hard work!
Second: I am familiar with Kali, it is a one of four installed Linux distros on my laptop. I am also familiar with Linux Deploy app, but I have two questions:
-Will this work with Alfa AWUS036H, Realtek rtl8187L chipset (I have no TP-LINK.... )
-Will this work on Ressurection Remix LP, or we should use strict CM?
Yeah, yeah, I will try in any case, probably.
stiw47 said:
First thing - thanks for sharing your hard work!
Second: I am familiar with Kali, it is a one of four installed Linux distros on my laptop. I am also familiar with Linux Deploy app, but I have two questions:
-Will this work with Alfa AWUS036H, Realtek rtl8187L chipset (I have no TP-LINK.... )
-Will this work on Ressurection Remix LP, or we should use strict CM?
Yeah, yeah, I will try in any case, probably.
Click to expand...
Click to collapse
I am sorry bro Alfa AWUS036H and Realtek rtl8187L wont work on current kernel i have provided. Don't worry ill compile the kernel for you with Alfa AWUS036H, Realtek rtl8187L chipset soon and inform you.I think it may work with Ressurection Remix LP.
vineetdev said:
I am sorry bro Alfa AWUS036H and Realtek rtl8187L wont work on current kernel i have provided. Don't worry ill compile the kernel for you with Alfa AWUS036H, Realtek rtl8187L chipset soon and inform you.I think it may work with Ressurection Remix LP.
Click to expand...
Click to collapse
Thanks anyway, and thanks for your effort.
Sent from my MI 4i using Tapatalk
Please tell what is the use of kali linux on mi4i ?:what:
Can you please post the necessary changes required in the kernel?
I'm assuming it is enabling the ath9k drivers in kernel for the TP-LINK TL-WN722N, however, I might be mistaken and more changes might be required?
Well ,i make the flashable but not with patched kernel ,will upload today ,and everyone need to flash ur kernel
Rajat Naik said:
Please tell what is the use of kali linux on mi4i ?:what:
Click to expand...
Click to collapse
Have you ever heard BackTrack ?? It's new generation of that OS, Uses for Penetration Testing, Security parameters check, Ethical hacking stuff.
here
www.kali.org
Open that link bro
thewisenerd said:
Can you please post the necessary changes required in the kernel?
I'm assuming it is enabling the ath9k drivers in kernel for the TP-LINK TL-WN722N, however, I might be mistaken and more changes might be required?
Click to expand...
Click to collapse
see i have not mistaken . the changelog is verybig to provide and time consuming.everythings works fine till now.
Toruk.Makto said:
Have you ever heard BackTrack ?? It's new generation of that OS, Uses for Penetration Testing, Security parameters check, Ethical hacking stuff.
here
Click to expand...
Click to collapse
HA HA backtrack is the older version dude.LOL.....kali linux is the upgraded version of backtrack. Don't tell me ..........4 yrs of experience on pentesting.
thewisenerd said:
Can you please post the necessary changes required in the kernel?
I'm assuming it is enabling the ath9k drivers in kernel for the TP-LINK TL-WN722N, however, I might be mistaken and more changes might be required?
Click to expand...
Click to collapse
the changelog is verybig however ....very time consuming
vineetdev said:
see i have not mistaken . the changelog is verybig to provide and time consuming.everythings works fine till now.
Click to expand...
Click to collapse
okay, could you push your changes to github or a similar service?
vineetdev said:
HA HA backtrack is the older version dude.LOL.....kali linux is the upgraded version of backtrack. Don't tell me ..........4 yrs of experience on pentesting.
Click to expand...
Click to collapse
That's what I said, friend.
-_-
use multi quote please
thewisenerd said:
okay, could you push your changes to github or a similar service?
Click to expand...
Click to collapse
i will shortly push my sourcecode to github
vineetdev said:
Hey What is on Developers Vineet Alpha Here.Today i am gona be showing you how to run Kali-Linux with aircrack-ng on MI4I.And i will also provide my custom built kernel for MI4I with Atheros Wifi Chipset Support.I use TP-Link WN722N and Works perfectly.It Took 9 Month To Complete this Project.Remember it only works on Cyanogen Mod. It won't work on MIUI.So Strictly Follow the Steps Or you end by Bricking up your phone.
So, Let's get started
First Download The Things Below [ Essential's ]
Cyanogen-Mod 12.1 -> CM12.1-ferrari
G.aaps 5.1-> Gaaps5.1-Micro
T.W.R.P Recovery IMG-> Twrp 2.8.7.0.img
Kernel-> Vineet-Kernel-RebornV1.zip
Kernel2-> Default_Kernel.zip
Busy-box APK-> Busybox.apk
Juice SSH APK-> Juicessh.apk
KMOD Manager APK-> Kmod.apk
Linux Deploy-> Linuxdeploy.apk
And the Last thing a good Internet Connection So, that Linux deploy could download the kali linux image.
Step 1.
First Flash Twrp.img on your MI4I by putting it on Fastboot Mode.
Step 2.
Then Flash Cyanogen Mod 12.1 and Gaaps Using TWRP recovery.(Before Flashing Advance Wipe All the Data.)
Step 3.
Then Setup your Cyanogen Mod 12.1 Google account and Reboot Once.
Step 4.
Then Install All the apps Stated above in the essentials.
Now, Open Busy box and let it install automatically.
Then open Linux Deploy app.And go to the settings.
Leave the architecture as it is.
Then Select Install and it will take around 30 minutes to download the image and install Kali linux.
Step 5.
Then after installation click on start in linux deploy.
The output will be something like this.
Then Open Juice SSH And add a new connection to it and Add
Username= android
Password= changeme
Address as = localhost:22
and then save it.
After that Click on connect in Juice SSH and enter password if asked as = changeme
Now, you will be into the localhost i mean kali linux terminal server.
Step 6.
Now Configure the kali linux follow my commands
type these commands
A) sudo passwd (To set your SU password in the kali linux so that you can run Aircrack-ng with admin access).
B) sudo apt-get update (necessary files and binaries to install)
C) sudo apt-get install aircrack-ng
D) sudo apt-get install wifite
C) sudo apt-get install rfkill (OPTIONAL)
Almost there my friends,
Step 7.
Now reboot the phone to TWRP recovery and Flash My Kernel (Vineet_Kernel_Reborn)
Remember after installing this Kernel Internal wifi won't work. That is the reason i told you to install and download everything before on phone.If you want to use the internal wifi again the flash the default kernel i have provided.On my kernel only external wifi adapter will work.And i'll fix this soon.
Now, after flashing the custom Kernel on CM12.1 Reboot your Phone.
Step 8.
Now open the app Kmod Manager and Load all the modules. Its very easy just switch on everything in the app.
Step 9.
Again open the Linux deploy and click on start
then open the Juice SSH app and connect to the Linux Shell(I mean to the terminal localhost of kali linux)
Step 10.
Connect you Wifi adapter using
Voila Rocking moment here-------(LAst STEp)\
Type these command to put Wifi Card (My is TP-Link WN722N Atheros AR9271) on Monitor Mode And Run Aircrack-ng on it.
A) airmon-ng (Remember it show question mark on driver just ignore it and it will give a statement just ignore all that.)
Output would be something like this.
B) airmon-ng start wlan1
or ( Depend on your wifi interface)
B) airmon-ng start wlan0
Remember after putting it on monitor mode the interface you will use on the commands will be something like this wlan1mon or wlan0mon
C) airodump-ng wlan1mon
or
C) airodump-ng wlan0mon
Output will be like this
----------------------Enjoy Guys---------------------
-------You Can download additional Wifi tools and use it guys. Enjoy Folks.---
-------ENJOY MI-Hackers This is the first time aircrack-ng on MI Phone---------
----------------------Enjoy Guys-----------------------
Click to expand...
Click to collapse
Bro I are really great
But I used kali Linux on android all things are good but VNC is showing black and grey plz help I am really crazy about this plz help me
I ma using mi4
i think its great though i dont know much about it. Can u tell what are the benifits bcz of these?
After having a really good tester @mrbtree98 I was convinced that everyone is really that good but after seeing some people on #twrp and some close friends telling their situations of their tester , and believe me its not good
So this read would explain a bunch of including :
[*]Attitude
[*]Basic Stuff
[*]Debugging
[*]Talking skills
[*]Patience
Lets start with attitude
Attitude
People may hear your words
But people feel your attitude
Click to expand...
Click to collapse
Attitude while talking to developer is very important it even sometimes decides your respect on a forum !
People on very forums highly respect the devs even if he is new to the forums , same applies to xda
IF you show your attitude then things will absolutely go wrong
What do I include when I talk about attitude ?
You throw sarcasm or even bad abuse him ! becuase his program messed anything with or phone or anything
You say you are tired of this testing stuff
You try to tell him that he is slow and inferior to other devs
I know this may seem hypothetical but its true , this does happens !
When Talking to dev always keep your temp down remember that he is doing all the work for you all guys and he wants your satisfaction
Basic Stuff
lets Boil down to basic stuff that you need to learn before testing anything in android
Adb
Adb :
Android Debug Bridge (adb) is a versatile command line tool that lets you communicate with an emulator instance or connected Android-powered device.
In order to use adb with a device connected over USB, you must enable USB debugging in the device system settings, under Developer options.
On Android 4.2 and higher, the Developer options screen is hidden by default. To make it visible, go to Settings > About phone and tap Build number seven times. Return to the previous screen to find Developer options at the bottom.
On some devices, the Developer options screen may be located or named differently.
Note: When you connect a device running Android 4.2.2 or higher to your computer, the system shows a dialog asking whether to accept an RSA key that allows debugging through this computer. This security mechanism protects user devices because it ensures that USB debugging and other adb commands cannot be executed unless you're able to unlock the device and acknowledge the dialog. This requires that you have adb version 1.0.31 (available with SDK Platform-tools r16.0.1 and higher) in order to debug on a device running Android 4.2.2 or higher.
Click to expand...
Click to collapse
fastboot : fastboot is a small tool that comes with the Android SDK (software developer kit) that can be used to re-flash partitions on your device. It is an alternative to the recovery mode for doing installations and updates.
Kernel :
A kernel is critical component of the Android and all operating systems. It can be seen as a sort of bridge between the applications and the actual hardware of a device. Android devices use the Linux kernel, but it's not the exact same kernel other Linux-based operating systems use. There's a lot of Android specific code built in, and Google's Android kernel maintainers have their work cut out for them. OEMs have to contribute as well, because they need to develop hardware drivers for the parts they're using for the kernel version they're using. This is why it takes a while for independent Android developers and hackers to port new versions to older devices and get everything working. Drivers written to work with the Gingerbread kernel on a phone won't necessarily work with the Ice Cream Sandwich kernel. And that's important, because one of the kernel's main functions is to control the hardware. It's a whole lot of source code, with more options while building it than you can imagine, but in the end it's just the intermediary between the hardware and the software. So basically if any instruction is given to mobile it first gives the command to kernel for the particular task execution.
Flashing a kernel :
adb reboot bootloader
fastboot flash boot boot.img
Bootloader :
The bootloader is code that is executed before any Operating System starts to run. Bootloaders basically package the instructions to boot operating system kernel and most of them also have their own debugging or modification environment. Think of the bootloader as a security checkpoint for all those partitions. Because if you’re able to swap out what’s on those partitions, you’re able to break things if you don’t know what you’re doing. So basically it commands the kernel of your device to Boot the Device properly without any issues.
Flash a kernel :
adb reboot bootloader
fastboot flash boot boot.img
Recovery :
Recovery is defined in simple terms as a source of backup. Whenever your phone firmware is corrupted, the recovery does the job in helping you to restore or repair your faulty or buggy firmware into working condition. It is also used for flashing the Rom’s , kernel and many more things.
Flash a recovery :
adb reboot bootloader
fastboot flash boot recovery.img
Radio
The lowest part of software layer is the radio: this is the very first thing that runs, just before the bootloader. It control all wireless communication like GSM Antenna, GPS etc.
taken by @jackeagle
You should know this basic stuff :good:
Debugging
Developer dont breath oxygen they breath logs
When he says recovery.log
If in normal mode (in the Operating System)
Using the phone itself :
Open a file manager app or textviwer
Navigate to /sdcard
Open the recovery.log
copy its content
paste it to paste.omnirom.og
Give him the link
If in the recovery itself :
Open up cmd or Terminal
Navigate to where adb is installed (Only windows )
Type
Code:
adb pull /tmp/recovery.log
The file would be at your folder where u navigated earlier or if on linux it would in the /home/{user}/recovery.log (if you didnt cd)
open it using a text viwer
Copy and Paste on paste.omnirom.org
Give him the link
[/INDENT
When he says last_kmsg
Open cmd
Type
Code:
adb pull /proc/last_kmsg
The file would be at your folder where u navigated earlier or if on linux it would in the /home/{user}/last_kmsg
(if you didnt cd)
open it using a text viwer
Copy and Paste on paste.omnirom.org
Give him the link
Talking skills
Dont ever give your thoughts !
Yes thats true the dev doesnt needs to know what he needs to do or not
But always report even a small change
My tester @mrbtree98 always tells me whether when booting the light is dimming or not he is getting the connect sound or not tell everything
Always talk with respect !
Patience
A rom build takes around 2 hours [highly approx , diff for everyone]
A boot.img takes me 20 mins [highly approx , diff for everyone]
So always be Patience
Even when you submit a log wait
A kmsg is around 5000 lines he / she needs to carefully see it to reach a conclusion so be patient
WIP
Flash a recovery :
adb reboot bootloader
fastboot flash boot recovery.img
Click to expand...
Click to collapse
Shouldn't there be "fastboot flash recovery recovery.img"?
Hi.
I want to install NetHunter on my OnePlus One phone.
Will probably flash a CM12 or 13 rom with NetHunter 2.0.
I have external adapter TP-Link-TL-WN722N, currently used for Linux kali rolling on my PC laptop. Since my OPO chip-set doesn't support monitor mode, I would like to use TP-Link-TL-WN722N.
My problem is finding the wifi drivers to install on a Android.
(Q) If you are currently using TP-Link TL-WN722N for NH or Linux Deploy, how did you download the drivers?
(Q) Is there an existing kernal to install having these drivers?
Or a set of instructions I could follow.
(Q) There is a linux package (firmware-atheros) in linux repository. Will this have the drivers?
Currently using ROM Lineage os 14.1.2, 64gb. Rooted phone with SuperSu 2.82 TWRP 3.1.1
I have an OTG host cable I tested with a mouse.
I'm fairly new at this so please explain.
Thanks.
TC.
Not working for me
@tomx2x I have the same question, the TL-WN722N doesn't want to work with the firmware-atheros package altough it should work with that. Did you manage to solve it?
Rooted, Cm13, android 6.0.1 twrp super su and flashed nethunter full 2017.10 with kernel 3.4.110. Installed firmware-atheros in terminal. Lsusb kind of shows something but not really recognising the adapter
This is a v2
Turned out that this is a v2 with r8188eu chipset.. no monitor mode
yesimxev said:
@tomx2x I have the same question, the TL-WN722N doesn't want to work with the firmware-atheros package altough it should work with that. Did you manage to solve it?
Rooted, Cm13, android 6.0.1 twrp super su and flashed nethunter full 2017.10 with kernel 3.4.110. Installed firmware-atheros in terminal. Lsusb kind of shows something but not really recognising the adapter
Click to expand...
Click to collapse
This is where I stand.
@yeseximv.
I am running TP-Link-TL-WN722N V1 but still cannot connect.
Newbie with Linux, so maybe you can assist me.
Trying Nethunteros rom.
Flashed Nethunteros successfully. Install Kali Chroot-full.
Using Bvnc app as VNC client to connect via ssh.
Firmware-atheros drivers are part of the Nethunteros kernal. Installed in /system/etc/firmware.
I am trying to connect to the internet w/o using a Network Manager app.
Here are the steps I performed.
1. Started Dbus service
2. Ifconfig Wlan0 up (Interface I am using).
3. Entered linux command: iw dev wlan1 connect “BayBreeze Hotel”
Terminal Message returned stated “connected”
TL-WN722N (wlan0 interface) starts blinking.
4. Launch Firefox.
I should see the hotel's Login page.
Received message “Problem loading page”
I know the essid “BayBreeze Hotel” is a active wireless wifi network. When not using Linux, I can launch & connect wifi (BayBreeze Hotel)on my OnePlus phone by going to settings.
There must be some commands/steps I am missing. Can you or anyone in this thread help?
If I cannot get this going, my next step will be to use Network-Manager apps.
In terms of your V2 TP-Link.
In GitHub forum there is NetHunter kernal (LKernel491.zip} I tried and was successful in Monitor mode.
Firmware is part of the kernal (no need to install firmware atheros manually).
You can go to the link I provided below, ask the Programmer (Bkr32) whether it supports V2.
My only issue using Lkernel491 patch is getting “Device Not Managed” error connecting to Network_Manager app. Tried Set*managed=true*in*/etc/NetworkManager/NetworkManager.conf.
But still unsuccessful.
Instructions to install are part of the link provided.
Here is the link:
https://github.com/offensive-security/kali-nethunter/issues/962#issuecomment-330428124
Thanks.
TC.
Got it
Newbie here too so can't help you with that, sorry. I finally got an AWUS036NEH and it all works flawlessly
tomx2x said:
@yeseximv.
I am running TP-Link-TL-WN722N V1 but still cannot connect.
Newbie with Linux, so maybe you can assist me.
Trying Nethunteros rom
...
Thanks.
TC.
Click to expand...
Click to collapse
yesimxev said:
Newbie here too so can't help you with that, sorry. I finally got an AWUS036NEH and it all works flawlessly
Click to expand...
Click to collapse
@yesimxev.
Can you provide the steps/commands you use to connect and launch the internet with AWUS036NEH wifi dongle. This may help me with my problem.
Thanks.
tomx.
I haven't used for connecting the internet, will test if works. I was interested in the monitor mode.
As before: Rooted, flashed twrp, super su, Cm13 with android 6.0.1 (stock firmware) and flashed nethunter (nightly) full 2017.10, then kernel 3.4.110. Installed firmware-atheros in terminal. Updated metapackages. Downloaded wifi metapackages, not sure if it's needed though. Then starting monitor mode works from the nethunter custom commands. Try making this config, then you can add the custom command to run after you plugged in the adapter.
https://forum.xda-developers.com/showthread.php?t=2121791
tomx2x said:
@yesimxev.
Can you provide the steps/commands you use to connect and launch the internet with AWUS036NEH wifi dongle. This may help me with my problem.
Thanks.
tomx.
Click to expand...
Click to collapse
Find drivers no problem
they are on tplink website with some manuals
but i think git is better..
have Nexus 7 .. for some reason it not detecting WN722N v3
but can see OTG (Running nethunter 2020)
so found this manual
download the driver , extract it in a folder , right click in folder and choose Open in termianl
and then enter these commands :
make clean
make all
cp realtek_blacklist.conf /lib/modprobe.d/
make install
reboot
to activate monitor mode :
ifconfig down
iwconfig mode monitor
ifconfig up
Hope it will work !!!!
shame on nethunter for not preloading drivers !!!!
Read this whole guide before starting.
This is for the 8th gen Fire HD8 (karnak).
Current version: amonet-karnak-v3.0.1.zip
This is based on @xyz`s original work, but adds some features such as reboot to hacked BL.
It also intends to simplify the installation process.
If you are already unlocked you can simply update by flashing the ZIP-file in TWRP.
NOTE: If you are on a firmware lower than 6.3.1.2 this process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
What you need:
A Linux installation or live-system
A micro-USB cable
Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-karnak-v3.0.1.zip" and open a terminal in that directory.
NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder
2. Enable ADB in Developer Settings
3. Start the script:
Code:
sudo ./fireos-step.sh
NOTE: If you are on a firmware newer than 6.3.0.1, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
WARNING: There have been numerous reports that would indicate a hardware-change that doesn't allow access to the bootrom.
When bricking these devices there is currently no known way to unbrick.
This makes the hardware-method currently the safest option.
To brick firmware 6.3.1.2 use the attached brick-karnak.zip, boot into fastboot
Code:
adb reboot bootloader
and run
Code:
./brick-6312.sh
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step.sh
Then plug the device back in.
The device will reboot into TWRP.
You can now install Magisk from there.
Going back to stock
Extract the attached zip-file "amonet-karnak-return-to-stock.zip" into the same folder where you extracted "amonet-karnak-v3.0.1.zip" and open a terminal in that directory.
Then run:
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 6.3.0.0 or newer, otherwise you may brick your device)
Important information
Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).
It is still advised to disable OTA.
Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Thanks to @Kaijones23 for testing.
Unbricking / Unlocking with Firmware 6.3.1.2+
If Recovery OR FireOS are still accessible (or your firmware is below 6.3.1.2) there are other means of recovery, don't continue.
If your device shows one of the following symptoms:
It doesn't show any life (screen stays dark)
You see the white amazon logo, but cannot access Recovery or FireOS.
If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
Make sure the device is powered off, by holding the power-button for 20+ seconds
Start bootrom-step.sh
Plug in USB
In all other cases you will have to open the device.
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
NOTE: If you have issues running the scripts, you might have to run them using sudo.
Also try using different USB-ports (preferably USB-2.0-ports)
Open the device and short the pin marked in the attached photo to ground while plugging in.
1. Extract the attached zip-file "amonet-karnak-v3.0.zip" and open a terminal in that directory.
2. start the script:
Code:
sudo ./bootrom-step.sh
It should now say Waiting for bootrom.
3. Short the device according to the attached photo and plug it in.
4. When the script asks you to remove the short, remove the short and press enter.
5. Wait for the script to finish.
If it stalls at some point, stop it and restart the process from step 2.
6. Your device should now reboot into unlocked fastboot state.
7. Run
Code:
sudo ./fastboot-step.sh
8. Wait for the device to reboot into TWRP.
9. Use TWRP to flash custom ROM, Magisk or SuperSU
Checking USB connection
In lsusb the boot-rom shows up as:
Code:
Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone
If it shows up as:
Code:
Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader
instead, you are in preloader-mode, try again.
dmesg lists the correct device as:
Code:
[ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00
Reserved #2
Reserved #3
This is very cool @k4y0z!
Now we can use boot-recovery.sh & boot-fastboot no?
Regards!
Rortiz2 said:
This is very cool @k4y0z!
Now we can use boot-recovery.sh & boot-fastboot no?
Regards!
Click to expand...
Click to collapse
Yes, that is also supported.
k4y0z said:
NOTE: If you are on a firmware lower than 6.3.1.2 this process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
NOTE: If you are on a firmware newer than 6.3.0.1, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)[/COLOR]
Click to expand...
Click to collapse
So do you need to open the case to run this exploit on the newest firmware, or can you just brick to install older lk/preloader, and go from there?
Kctucka said:
So do you need to open the case to run this exploit on the newest firmware, or can you just brick to install older lk/preloader, and go from there?
Click to expand...
Click to collapse
On 6.3.1.2 mtk-su has been fixed, so unless you already have root (or another way to get temp-root is found), bricking isn't an option and you will have to open the case.
If you do have root the script will do the bricking for you.
@k4y0z For people who already used the steps in xyz's thread and are running your TWRP and LineageOS, is there anything here that we're missing? Or is this just a new method to arrive at the same results?
jibgilmon said:
@k4y0z For people who already used the steps in xyz's thread and are running your TWRP and LineageOS, is there anything here that we're missing? Or is this just a new method to arrive at the same results?
Click to expand...
Click to collapse
k4y0z said:
This is based on @xyz`s original work, but adds some features such as reboot to hacked BL.
It also intends to simplify the installation process.
If you are already unlocked you can simply update by flashing the ZIP-file in TWRP.
Click to expand...
Click to collapse
Additionally it adds support for the boot-recovery and boot-fastboot scripts.
And a script to enable UART output for the kernel.
So nothing essential if you are already using the updated TWRP.
Ran this pup on a unit that I was keeping unrooted (aside from occational temp root via mtk-su) as a control but was becoming painful to use/maintain. Also missed TWRP. Worked like a champ with zero issues ... aside from stumbling over my own stupidity. Used Lubuntu live 18.04 and Magisk 19.3/7.3.2. Staying on FireOS 6.3.0.1 (w/hijacks) for now until a fully vetted custom ROM becomes available.
Thanks for the great tool and accompanying guidance.
I have added unbricking/bootrom instructions in Post #2
@k4y0z
If I flash your zip, can I then flash Amazon update as is? Will your TWRP manage the bootloaders/etc when flashing the stock ROM?
bibikalka said:
@k4y0z
If I flash your zip, can I then flash Amazon update as is? Will your TWRP manage the bootloaders/etc when flashing the stock ROM?
Click to expand...
Click to collapse
I think yeah:
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
Click to expand...
Click to collapse
So I got a HD8 2018 today and it came with OS version that forced me to connect to WiFi and update itself. I was pretty pissed but I used this guide to get root easily.
I had Arch based linux installed which gave problems while running script, so I made bootable Ubuntu usb and that worked fine. Thank you everyone involved in developing this hack.
madman said:
So I got a HD8 2018 today and it came with OS version that forced me to connect to WiFi and update itself. I was pretty pissed but I used this guide to get root easily.
I had Arch based linux installed which gave problems while running script, so I made bootable Ubuntu usb and that worked fine. Thank you everyone involved in developing this hack.
Click to expand...
Click to collapse
For future reference you can avoid the presumed forced WiFi connect by putting in a bogus password; once authentication fails a 'skip' option will appear.
bibikalka said:
@k4y0z
If I flash your zip, can I then flash Amazon update as is? Will your TWRP manage the bootloaders/etc when flashing the stock ROM?
Click to expand...
Click to collapse
Rortiz2 said:
I think yeah:
Click to expand...
Click to collapse
Yes, exactly.
Rortiz2 said:
I think yeah:
Click to expand...
Click to collapse
k4y0z said:
Quote:
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
Yes, exactly.
Click to expand...
Click to collapse
OK - tried to upgrade to the latest update-kindle-Fire_HD8_8th_Gen-NS6312_user_1852_0002517056644.bin using the suggestions above, and got a hardcore Amazon logo bootloop.
My actions. I had the old unlock, so I flashed the zip in this thread first. New TWRP showed up - so far so good. Then I flashed the Amazon update zip as is, thinking the updated TWRP would do its magic. Flashed Magisk, tried to reboot. No go - Amazon logo bootloop. No recovery either. So it feels that I lost the unlock, and, perhaps LK & preloader & TZ got overwritten with the new versions from the Amazon update zip.
Any recovery here other than opening the case?
bibikalka said:
OK - tried to upgrade to the latest update-kindle-Fire_HD8_8th_Gen-NS6312_user_1852_0002517056644.bin using the suggestions above, and got a hardcore Amazon logo bootloop.
My actions. I had the old unlock, so I flashed the zip in this thread first. New TWRP showed up - so far so good. Then I flashed the Amazon update zip as is, thinking the updated TWRP would do its magic. Flashed Magisk, tried to reboot. No go - Amazon logo bootloop. No recovery either. So it feels that I lost the unlock, and, perhaps LK & preloader & TZ got overwritten with the new versions from the Amazon update zip.
Any recovery here other than opening the case?
Click to expand...
Click to collapse
That is strange, I've had no issues installing that firmware unmodified through TWRP.
So you can't boot neither normal or recovery?
Does it say something in the corner when trying to boot recovery?
You can try the boot-fastboot.sh script to get into hacked fastboot.
k4y0z said:
That is strange, I've had no issues installing that firmware unmodified through TWRP.
So you can't boot neither normal or recovery?
Does it say something in the corner when trying to boot recovery?
You can try the boot-fastboot.sh script to get into hacked fastboot.
Click to expand...
Click to collapse
Cannot boot anywhere - no message about booting recovery either. When you tried installing unmodified firmware, was that on HD8 2018, or some other tablet? I wonder if perhaps there are some differences with HD8 2018 given that it's Nougat.
I will try the hacked fastboot, but most likely - will have to open the case.