I recently purchased an LG V20 H910, and, being a nerd/geek, I immediately wanted to root it. I was looking at Kali Linux Nethunter, and I wanted to install that on my device. I purchased the phone from eBay, and the seller said that it would be US unlocked. I was disappointed to find that it was an H910. H910s do not support Nethunter.
In case you don't know, Kali Linux Nethunter is like a mini, mobile-sized version of kali linux. You can run cSploit, Metasploit, linux terminal programs, and you still get the android stuff. It's made for penetration testing.
I was successful in installing Nethunter, and I wanted to share the experience and write a guide.
Ok. First, a small disclaimer:
None of these things should brick your phone. If it does, I should not be responsible. The main part that could brick your phone is the rooting section, and I'm just going to give you a link to a better guide. Most of the content here is about what to do once your phone is rooted. In short, I am not responsible for any "brickage" that may occur.
First, you'll need to root your phone. This is the scary part.
Follow this thread: https://forum.xda-developers.com/v20/how-to/root-h910-v10m-t3664500
It's a pretty amazing guide.
Install superSU:
After rooting, boot into your OS and enable USB debugging. Connect your phone to your computer, and allow the USB debugging, with "always allow" checked.
Swipe down from the top of the home screen and set the USB connection to MTP. On your computer, download this zip for superSU: https://download.chainfire.eu/696/supersu/
(I know it looks SUPER sketchy, but I haven't had problems with this download)
Open up your LG V20 in file explorer and drop the zip into your external SD card. (If your phone doesn't show up, you can put the zip directly onto the card and re-insert it).
Change the USB connection type to PTP.
Open a command prompt and type:
adb reboot recovery
It will take you into TWRP, if you've done the rooting correctly.
Flash the superSU zip, and don't wipe the cache afterwards. Reboot to system, and you should see the superSU app there. If not, try flashing the zip again.
Stop AT&T auto-updates: (Do this step right after installing superSU)
I had my phone here, and I left it alone for an hour. When I came back, it was in TWRP. AT&T had tried to auto update, but because TWRP was there, the update didn't happen. Every time I booted back to the system, I would get the message that I had an update, and it would be forcibly installed. It then would try to update, fail, and boot back to TWRP.
On the google play store, find an app called "service disabler".
Download it.
When you launch it, it should ask for root permissions, and superSU will give you a notification. You will have to accept a request.
In the search bar, type "Software Update". It should come up. Tap on it. There should be 4 services associated with it. Disable all of them.
In developer options, disable Automatic System Updates.
Ok, your phone shouldn't try to auto-update now.
Install Kali Nethunter:
Go here, and download the app APK file: https://store.nethunter.com/en/
Also go here: https://github.com/binkybear/busybox/releases/download/1.24.3/busybox.apk
Move both APKs to a place where you can run adb from, and open a command prompt in that location.
Run the command:
adb install [Whatever the busybox APK is called].apk
adb install [Nethunter APK].apk
Find the busybox app that was just installed. Click install. It will request root access, and then it will install busybox on your system.
Open Nethunter Store. Go to Settings->Repositories, and turn on all.
Download the following apps from the Nethunter Store:
Nethunter terminal
Nethunter
I know more things will look very interesting, but don't download them now.
Go to: https://build.nethunter.com/kalifs/kalifs-latest/
Get kalifs-armhf-full.tar.xz
Rename it to kalifs-full.tar.xz
Put it on to the micro SD card, and insert it into the phone.
Using the android file browser, copy the file from the SD card into your internal storage.
Open up the nethunter app. It should identify the busybox version. Open up the menu (three lines on the left), and go to Kali Chroot manager.
Go to "add chroot" and choose install from SD Card. Click on the "kalifs-full.tar.xz" option to select the full kali option (You can't select minimal, otherwise it won't work).
NOTE: If you can just hit "Download Latest", then good for you. I was having problems with it, as described in this thread: https://forums.kali.org/showthread.php?38526-quot-Error-in-the-Chroot-download-quot
It should detect the file and ask for the metapackages you want to install. Choose the ones that you want, and install the chroot. Wait for it to finish.
When it is done, you should have access to more menu options in the nethunter app. When you open up the Nethunter terminal app, it will ask you for Kali, Android, or AndroidSU. You can choose one of them, and have fun.
Aside from a terminal, there are more apps you can use. Go back into Nethunter store, and pick some. I would recommend the following:
cSploit
Hijacker
SnoopSnitch
Intercepter-NG
LTE Discovery
OONI probe
RF Analyzer (If you have the hackRF / RTL-SDR)
aLogcat
HashDroid
Rucky will not work. You need the US unlocked LG V20 for that, sadly.
Now, you will have a rooted LG V20 with pentesting tools on it, and superSU! Enjoy!
Great write-up.
I believe that "Titanium Backup" can also do the disabling that "Service Disabler" does (and it's alittle more up to date).
Also, Busybox and kali nethunter can both be installed through Magisk, if you would like.
Related
I bartered for a cheap chinese tablet this past weekend. It is an Ematic EGM003BL with Jellybean 4.2.2. I got it with the intention of trying to install the google play store and other related apps.
I have a tiny bit of experience with hacking android, mainly I managed to install Cyanogenmod on my wife's old Nook Color.
So at this point I have the tablet with a barebones install of 4.2.2.
I used SRSroot to root the tablet but it said that the tablet was already rooted. If I tried to click on the build number in the About tablet setttings, it told me that I'm already a developer.
I also installed Rom Manager, clockwork on the tablet (side loaded I think).
I downloaded the appropriate Gapps package from the goo link. I copied the gapps package to the device and that is where I'm at.
I really can't use Rom Manager to doanything because the tablet is an unsupported device.
I searched for info on installing the Google Play store and related apps on unsupported devices and the main results show how to install it on a rooted kindle fire.
The key that those instructions show is to put the tablet into recovery mode but I can't seem to do that.
When I turn on the tablet while holding the volume down button, I get a display on the screen shown in the attached picture.
use cmw or twrp to installing gapps from recovery
iwjosi said:
use cmw or twrp to installing gapps from recovery
Click to expand...
Click to collapse
I have the clockwordmod rom manager program installed on the tablet but because its an unsupported device, it won't allow me to make a recovery. So I'm not sure where to go from there.
Were you able to find any solution for this. I have chinese tabled and want to install Google Apps on it. What is the process and/or way to do that.
Have a good root but no Gapps
anshumangoyal said:
Were you able to find any solution for this. I have chinese tabled and want to install Google Apps on it. What is the process and/or way to do that.
Click to expand...
Click to collapse
After many hours of searching and trying different solutions I have actually got mine rooted and booted up with the procedure below:
thanks DVD2955
Forum thread: Is the Ematic Genesis tablet from Walmart rootable?
Update: The following is for your information I can not be held liable if you "Brick" your tablet as this worked for me, but try at your own risk!!
Read this page: Universal Root
Use this utility: Root_with_Restore
Then download the GAPPS from the above link and extract and find the folder "SYSTEM"
Open a dos command prompt window.
Now connect your tablet via USB and be sure that you have it set for USB DEBUGGING in the system / development
DO NOT TURN IN USB STORAGE.
Go to the folder where you extracted the download "Root_with_Restore" go to the folder 'STUFF' and from the command box type " adb device " you should see your tablet connected.
Run the "BAT" file from "Root_with_Restore" [I do not remember for sure but I know that "Other" did not work so I choose the option above it.]
Then find where you extracted the GAPPS system folder and type: adb push <if needed type in the full drive+folder listing>system /system : now wait.. you should see allot of screen messages. till you get a message saying complete.
Unplug the USB cable and turn off your tablet.
Turn on your tablet... this may take longer than in the past.. but you should have a working "GOOGLE PLAY STORE" once your system comes up.
It fails at the push for GAPPS
From my folder where ADB is located I run this command in the CMD window:
adb push C:\gapps\system /system
it returns this:
Push: c:\gapps\system/addon.d/70-gapps.sh -> /system/addon.d/70-gapps.sh
failed to copy 'c:\gapps\system/addon.d/70-gapps.sh -> /system/addon.d/70-gapps.sh' : Read only file system.
Need clarification whether mounting the sysem folder and setting permissions to rw will correct the failure. I am not the expert and have only rooted and modded Coby Kyros, Craig and Pandigital tablets.
Hi, first of all this is my first contribution to the forum. I've been using the resources until now but i wanted to contribute with something. This is not my development, and only gathered the information and put it here, so thanks to all the guys who help me in the first place.
I bought the Homesync waiting more from the device, and i now the device has so much potential but has been wasted for samgsung, they havent give a real update to the device and they left it at Android 4.2.2, with little support to apps in the store, with no suppor for multiwindow, and other things they could make for this device to success. Well, what we can do i to root it so we can gain access to other apps, and apps from independent markets or developers.
Requeriments:
1) Set your devide to a MJ3 ROM, either updating it or downgrading it from a stock ROM. You can get it from sammobile here http://www.sammobile.com/firmwares/3/?download=24442. I had to use Odin to downgrade to Stock Rom MJ3. If you dont know how to use Odin, in the same link you can read how to do it. Why MJ3? Because that ROM is working with root process im doing here.
2) After with the MJ3 ROM up and running. From your PC, do the following: download the superuser folder from the attachment below.
3) This part is thanks to the user K1MU, you can see his work here http://forum.xda-developers.com/showthread.php?t=2565758 ,before you try using this rooting program, you'll need to have the USB drivers installed for the homesync. Download here if you cant see your homesync when connected to the microUSB port.
http://developer.samsung.com/android/tools-sdks/Samsung-Android-USB-Driver-for-Windows;jsessionid=1cG8Jw2NLJgzwXpG3RhBjQ5tQLGMQTVw2xwJxQld0yyKlG6psQ1W!-2096422745
4) The next thing you must do is to enable USB debugging on your phone. Go to "Settings", "More...", then "Developer Options".
If "Developer Options" doesn't appear, then you'll need to enable it - go to "Settings", "More", "About Phone". Scroll down so the "Build Number" is visible, then tap on that several times until developer mode is enabled. In Developer Options, make sure "USB Debugging" is checkmarked.
5) Make sure that your computer is allowed to use USB debugging on your homesync. To do this, unplug your phone and unlock it. Then, plug in the USB cable. If you see an "Alllow USB debugging?" window pop up, tap on the "Always allow from this computer" to check it, then tap OK. If you don't see that popup, it's OK, you should be OK to proceed. This is going to appear in the Homesync.
6) Then you need to unpack the attached ZIP file somewhere onto your PC. You should have the following when done:
- a file called "install.bat"
- a file called "install.sh"
- a folder called "files"
7) Double click on the "install.bat" to run the root. It will root and reboot your phone. Once that's done, you're rooted!
The first thing that the install script will ask you is whether or not to install Busybox. Busybox is a program that provides a fairly extensive set of Linux shell utilities that a Unix user would expect to see. If you're not going to be using the shell (terminal emulator or adb shell) then you may not want to install Busybox. You may, however, find that some root-required utilities assume that Busybox is installed. If SuperSU asks you to update the su binary, choose the "Normal" method. If SuperSU asks you about disabling Knox, allow it. This exploit will NOT set the Knox Warranty Void flag. It will set the "Custom" flag, but that's nothing to worry about. While you're running this, you'll need to keep the phone awake and watch both the computer running the rooting script and your phone. You shouldn't unplug the phone unless you're prompted by the rooting script. Leave it connected until it's done.
8) In this point you will be rooted and ready to boom your Homesync.
I think i will be expanding this post, but for now this is it. Everything works fine with the phone using the homesync app.
Root Samsung Homesync gt-b9150
Hi everybody, Samsung homesync is root with Kingroot, that´s all, thanks/Hola a todos, el Samsung Homesync se rootea con Kingroot, es todo, gracias.
TVPad 4 is fourth in a series of Android-based IPTV settop boxes targeting the worldwide Chinese communities at large, although it seems to work well as a basic Android TV box. Support for all its predecessors (TVPad 1-3) have been discontinued. This guide will only focus on TVPad 4, model M418. Also this device have been banned from US and upgrading it may "brick" it - more on this later.
The method I used below is gathered from various sources elsewhere but not much on rooting and ADB. This is a compilation of all the most important info in one place. I am not sure if its bootloader is locked or not, but the Android 4.4 kernel sources can be found at openlinux.amlogic.com.
Physical specs:
AmLogic S805 SoC: ARM Cortex-A5, quad-core 1.5Ghz, Mali450 graphics, 1080p H.265 support
~1GB RAM
microSD card slot
HDMI out
USB-A port
Hardware needed:
To fully complete the process you'll need:
Monitor/TV with HDMI port
USB hub
microSD card
USB drive (optional)
USB keyboard
USB mouse
The remote that came with your box
Files needed:
* TVPad 4 5.054 firmware + TWRP 2.8.1.0: https://tvpadtalk.ca/discussion/1071/downgrading-tvpad-4-to-5-054/p1
The TWRP seems to be the modified from the one for AmLogic k200. Only the one from above work; the one from TWRP themselves do not.
* TVPad 4 5.066 OTA update: http://www.phoneunlock.com/forum/viewtopic.php?f=5&t=590
If you have this box and are in the US, do NOT do 5.066 update; your box is going to be banned. Might as well go all out and repurpose it into a general purpose Android TV box; but for the rest of the world, this update directs your box to different servers where it's mostly business as usual. You should be able to go direct from 5.054 to 5.066 following this guide, despite what others say.
* Root zip: http://www.freak-tab.de/finless/s89_root_update.zip
* APK install hint file:
Create a file named batchinstall.banana with contents below:
Code:
directory=
checkapp=no
Preparation
1. Download the 5.054 firmware and unzip into root of your microSD card. You should have recovery.img and TWRP folder. They are the TWRP recovery and a 5.054 TWRP backup respectively. Devices boots from recovery.img on root of microSD card if detected.
2. NON-US ONLY: Download the 5.066 OTA update to microSD root.
3. Download root zip to microSD root.
4. Put batchinstall.banana and any APKs you want to install on your USB drive or microSD. There is a APK pack of 23 apps for Cantonese speakers or 29 apps for Manadarin speakers available out there, but I haven't bothered. I included an updated SuperSU, ES File Explorer (preferably an older version; I used 4.0.4.9; newer ones are heavily loaded with ads), VLC, Firefox, AdAway, Terminal Emulator (by Jack Palevich). The last 4 being open source should also be available from F-Droid. Substitutions can be made to taste but Terminal Emulator is required to enable ADB (see below).
Enter Recovery
You will need to use stock recovery for OTA update AND TWRP for 5.054 firmware and root.
1. Connect HDMI monitor and USB hub to device. Connect USB keyboard and mouse to the hub. Leave power disconnected.
2. Look for a hole on the underside. If you have one, stick an iPhone/iPad SIM ejector pin in it and feel for a button. If able, this is the recovery button and you may skip to step 6.
3. Pull off the 4 rubber feet on the bottom and remove 4 screws under them.
4. Pry around the seams and lift the bottom cover off.
5. You either have a recovery button on the PCB or an empty spot for it. If no button, you'll have to short the bottom two contacts where the button is supposed to be (with all ports on the top edge).
6. Insert microSD card into "TF" slot. IMPORTANT: Leave popped out to enter stock recovery; fully insert to enter TWRP.
7. Press and hold the recovery button (or short the contacts) while plugging it in. Keep it pressed (or contacts shorted) until the recovery or TWRP appears.
8. Operate stock recovery with keyboard and TWRP with mouse.
Re-flash 5.054 - Downgrade/Unbrick
People do this to recover from "use restricted" or some other server errors after this thing is sued out of the States. I have also used it to recover from a soft brick situation.
1. Fully insert microSD card. Enter TWRP.
2. Select Restore. Choose External SD for storage.
3. Select the only available package to restore.
4. Swipe to Restore.
5. When complete, do not reboot yet. Return to main menu and select Wipe. Swipe to Factory Reset.
6. US ONLY: Remain in TWRP and proceed to step 2 of rooting.
7. NON-US ONLY: Return to main menu and select Reboot, Recovery. Immediately after screen go blank, push the microSD card again to eject it. It will pop out half way. Leave it hanging there. Proceed to update 5.066 next.
Update to 5.066 - NON-US ONLY! New server and Play Store support.
1. Enter stock recovery.
2. Fully insert microSD card.
3. Select Apply update from EXT and press Enter.
4. Select your 5.066 update file and press Enter.
5. When update complete, unplug power. Proceed to rooting.
Rooting
This is too easy with TWRP.
1. Fully insert microSD card. Enter TWRP.
2. Select Install, then the root zip file. Swipe to install.
3. Reboot into system and proceed with initial setup.
Kingroot also works but leaves some very persistent crap and questionable apps on the system so I do not recommend rooting using it.
Sideload apps
Plug the USB drive with your apps and batchinstall.banana file into the device or hub. Batch installer will appear. Select Batch Install and check that all apps you are installing are there and checked, then select Install.
Enable ADB
TVPad 4 does not have a USB slave port so ADB is only through TCP/IP. Steps below assume you have adb working on your computer.
1. Connect a USB mouse if not already.
2. Move mouse to right half of top of screen then drag down. Click on the gear to enter regular Android Settings app.
3. Enable Developer Options - About Mediabox, click Build Number 7 times.
4. Enable USB Debugging in Developer Options.
5. Open Terminal Emulator (sideload it if you haven't already).
6. Type in the following:
Code:
$ su
(Grant root if prompted)
# setprop service.adb.tcp.port 5555
# mount -o remount,rw /system
(Make the same setprop change in /system/build.prop - uncomment or add the line)
# stop adbd
# start adbd
7. Find the IP address of your TVPad from its own over-simplified settings page.
8. Open a command prompt/terminal on your computer and do this:
Code:
> adb connect <TVPAD IP ADDRESS>
(Authorize your computer on the TVPad.)
> adb devices
(confirm its IP is listed and not "unauthorized")
> adb shell
$ su
(grant root if prompted)
#
(success!)
# chmod 660 /data/misc/adb/adb_keys
(Double check permissions the public key file of authorized ADB clients)
9. Reboot and check that the change stays.
You're done! Now you have full control of this little TV box even after its server go under for good.
Additional apps
Kodi 15.2 seems to work on this box. 16.1 is untested. 17.x will not work since it requires Lollipop. Download from kodi.tv.
If all you want out of TVPad is TVB programming, the official app TVBAnywhere works on this box. About US$100/yr subscription for its own original programming only. Oh and it doesn't serve the States either. Go figure.
The gapps framework added with 5.066 is very minimal and doesn't work for eg. maps. You'll need to get it from apkpure. Use version 11.0.38-030-155006848.
I'm still looking for a decent launcher.
Credits:
https://www.youtube.com/watch?v=6evvWebosnU
https://www.youtube.com/watch?v=ZtY_qdYzmPs
https://www.youtube.com/watch?v=W2heIbUdZVE
can we flash any other rom on TVPad 4 since we can install TWRP??
I rooted easily with kingroot apk. to get shell, I just used my laptop as proxy between wifi and lan, created a meterpreter reverse_tcp metaploit payload, connected back to my laptop, shell and then su...
3vilhomer said:
can we flash any other rom on TVPad 4 since we can install TWRP??
Click to expand...
Click to collapse
To be honest, I'm more interested in if we can get Lollipop on this thing, for that is required for Kodi 17.
For whatever reason I can't boot into the TWRP. I have all the recovery.img and TWRP folder located in the root directory of the SDcard and my SDcard is FAT32 formatted. What did I do wrong?
Suppport has been officially terminated for this box so, it will only be a normal TVbox.
I'm kinda wondering if the SoC supports at least lollipop. A custom rom would be cool to run Leanback apps with a few modifications
ya, is there anything we can do with this box now since most live tv apps doesnt work on it anymore
Do you know where I can grab the file for TVPAD1? I am not sure which model I have, is only written TVPAD on top and there is no 2S, Plus or anything else.
TvChina, a subsidiary pay TV app after TvPad 4 ceased operating on June 1st. TvPad, the parent company, together with its Blue TV etc, have gone bust due to lack of funds from global dwindling sales. Now that the box is useless, can someone upload a root file so we can wipe then reuse it for other purposes? Found a related message on Google but it's has been blocked. Thanks in advance. Wonder if someone can get hold of firmwares for UnBlock or evPad etc so we can tune this into other sites.
did anyone ever put a different android OS on this and got the IR blaster to work too??
3vilhomer said:
did anyone ever put a different android OS on this and got the IR blaster to work too??
Click to expand...
Click to collapse
They were able to upgrade to android lollipop here:
tvpad.ca/discussion/1993/tvpad4-upgrade-to-android-lollipop-5-1
The root file "s89_root_update.zip" link is not working anymore. Does anyone has a copy > please post it here.
I tried when it was stock and it didn't work, then have put a couple different ROMs and it doesn't work. I does connect so I would think it's not a provision issue but something internally maybe? Currently I have Ephemeral Mate 9 rom. I checked the internet on the phone while the laptop is connected and it is working on the phone just fine. Is there something I can check with Root Explorer or SQLite Editor? I have a nexus 6 that works fine so maybe there is a value I can compare and see if something needs to be changed.
Did it wooooo hoooooo!!! Found an article and followed step by step and it worked great. I guess the custom rom doesn't have it baked in.
a. Setup ADB and fastboot drivers on your PC
b. Download TWRP recovery for your device
c. Download stable version of Systemless SuperSU [HERE]
Instruction
1. Flash TWRP recovery image
2. Flash Systemless SuperSU in TWRP recovery
3. While still in TWRP recovery, select Mount and check system. Make sure you allow changes.
4. Connect your phone to your PC and issue the below commands:
adb shell
echo "net.tethering.noprovisioning=true" >> /system/build.prop
adb reboot
5. Now, install Terminal Emulator app from the Play Store and launch it.
6. In Terminal Emulator, enter below code one by one:
su
settings put global tether_dun_required 0
exit
7. Now, open SuperSu, scroll to the bottom and tap on Full unroot. You do not need to patch you back to the stock recovery. If it hangs, just reboot and try doing it again.
You have now unlocked tethering and being an unrooted device, you can continue to use Android Pay. And, to get OTA update on your Nexus phone, do the following.
The OnePlus 7 Pro Mclaren EU HD1913 edition is perfect for Nethunter and PenTesters, 256GB storage, 12GB RAM, 2 sim cards, 48MP camera, etc. Here is everything you need to get a fully functional Nethunter Mclaren, with all wifi modules compiled in the kernel for external wifi cards.
Spoiler
The Nethunter Kernel included in the .tar file is for Android OS 10 & will work on the OnePlus 7 Pro, OP 7 Pro Mclaren & OP 7T. Packet wifi injection works also. but be sure you download these drivers after kernel install & reboot: apt install realtek-rtl88xxau-dkms, realtek-rtl8188eus-dkms, realtek-rtl8814au-dkms. So if you just need a kernel compiled with external wifi & usb modules, you can download the .tar file & just use the kernel. Flash it in TWRP per install button. You're welcome.
Some say you must get an "unlock token" from oneplus to unlock bootloader BUT I did not have this issue, it was straight without any token.Here is the download link: This one contains all files except MSM tool. The MSM link is after. MSM is not needed unless you brick the phone.
Also NOTE: Some of the files have been compressed with "xz".
You must decompress them first, then use the "zip" version of the file for the installation instructions. To decompress these "xz" files do this command:
xz -d name_of_file.zip.xz
THE ONLY FILE TO NOT DECOMPRESS is the Kalifs-arm64-full.tar.xz. You will use the whole file as is, with the "xz" to install the kali chroot. The below download is for the Nethunter bundle not the MSM tool.
Mclaren_Nethunter
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Open: tar -xvf Mclaren_Nethunter.tar
The following download is the MSM tool with the stock Android 10 version. This is in case you brick the phone, this will reset it.
In case you brick your phone, but are still able to boot into TWRP, the MSM tool included can reinstall the Oxygen Os
On windows computer, transfer & extract the MSM tool.
Click on MSM tool, click "run as administrator" it'll open up the dialog.
In upper left, choose EU version then set your cursor over the "start" button
Have a usb cable connected to the Windows machine ready to connect the Mclaren
On Mclaren, in TWRP mode, choose Reboot option, then click EDL
Plug phone in immediately to Windows, it'l recognize it, click Start
The phone will then reinstall the OS, & wipe it clean. Then you must repeat all the steps to reinstall TWRP, Nethunter, Magisk, etc.
MSM_Oneplus7_AndroidOS_10.0.13
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
The files are:
1. TWRP -> for the EU version
2. Dm-verity -> disable Dm-verity encryption.
3. System_rwBundle zip -> Make read/write System, Product, Vendor.
4. NetHunter Kernel -> Compiled with all the wifi modules for external wifi cards, Alfa cards.
5. Magisk -> Root manager
6. Nethunter Apps -> Nethunter GUI, Terminal, Kex-client, Store.
7. MSM download tool -> In case you brick your phone, restore it thru MSM. This needs a windows computer tho.
Starting on the Mclaren:
1. Settings -> About Phone:
a....tap "Build Number" 7 times to enable "Developer Mode".
2. Settings -> System -> Developer Options:
a.Turn on "OEM unlocking", "USB debugging" & turn off "Automatic system Updates"
b. Scroll to "Default USB configuration", select "File Transfer"
c. You can also turn off "Verify apps over USB"
3. Once those are set, plug in phone to Linux computer, "allow usb debugging"
a. Type without quotes "adb reboot bootloader"
b. This will put phone in "Fastboot mode", then in fastboot mode..
c. Type "fastboot flashing unlock"
d. Agree to unlock the bootloader, phone WIPES YOUR DATA then reboots.
4. Go thru motions to set up phone, then REPEAT steps 1 & 2.
5. Now, we are gonna boot into TWRP to install it.
6. Plug phone back into Linux, type again "adb reboot bootloader"
7. This will put you in "Fastboot mode" again:
a. Make sure your in the TWRP directory on Linux: Type "fastboot boot twrp.img" //This boots the image to the Mclaren
b. Now push the "twrp.zip" onto the Mclaren: Type "adb push twrp.zip sdcard/"
c. In TWRP app, go to install, choose "twrp.zip", install.
d. IMPORTANT!!!! AFTER TWRP INSTALL, BOOT BACK INTO RECOVERY not into system.
e. TWRP is installed, now you can boot into system
8. Next, power off phone, boot into TRWP recovery by holding volume down & power key till you see TRWP logo.
9. Plug phone into laptop, push Disable-DM-verity to phone.
adb push Disable_Dm-Verity_ForceEncrypt_11.02.2020.zip /sdcard/
In TWRP, choose install Disable-Dm-verity.
Reboot into system.
10. Next, we make the "vendor, product & system" directories writable. You need this bcuz by default they are read only"
a. In TWRP, push the systemrw_1.32_BUNDLE_proper.zip onto the Mclaren to /data/local/tmp directory.
b. In TWRP, choose "Advanced->Terminal" navigate to /data/local/tmp
c. Unzip the bundle, then -> unzip systemrw_1.32_flashable.zip -> cd to the systemrw_1.32 dir
d. Make file executable: type "chmod +x systemrw.sh"
e. You can specify a size for each directory, the programs op says 15mb is good, but I chose 150MB which works.
Type " ./systemrw.sh size=150 "
f. This will automatically make all the directories read/write... Make sure you got battery on your phone
g. Reboot into system
11. Now we'll install the Nethunter Kernel. It has the wifi modules already compiled.
a. Be in TWRP recovery mode:
b. Push the kernel onto Mclaren: -> adb push anykernel-NetHunter.zip /sdcard/
c. Click install & install the zip, then reboot to system.
d. Go to Settings->About Phone->Android Version to check the Nethunter kernel install
12. Next, reboot into TRWP to install Magisk
a. Push Magisk to Mclaren: "adb push Magisk-v23.0.zip /sdcard/
b. Install Magisk.
c. After Magisk is installed, still in TWRP, go to "Wipe" -> Format Data -> type "yes", then reboot into system.
13. At this point, you'll need to set up the phone again. I refuse all the analytics, & unset all the Google options in the phone.
a. Important!! BEFORE YOU CONNECT TO WIFI to update Magisk, you have to disable "Automatic Updates" on the Mclaren.
I also disable "Find my Device" & all of the Google features including Google Play Scanner.
b. Settings -> System -> System Updates -> Uncheck the "Automatic Updates over wifi" button.
c. Repeat steps 1 & 2 again, especially uncheck the "automatic updates" in "developer options"
d. Turn off "Find my Device" -> Settings -> Google -> Find my Device check to off
e. In Settings, search for Google play, Turn off Google scan.
f. I turn off all the Google features in Settings->Google. Its all spyware crap
14. Once that is done, connect to wifi, and click Magisk app to update. It'll update the app, then in Magisk, click Install-> Direct Install -> Reboot.
15. Now you have Magisk ready, & can install Nethunter.
a. Push "update-nethunter" file to Mclaren in system mode, not TWRP.
adb push update-nethunter-20220211_172614-oneplus7-oos-ten.zip /sdcard/
b. Open Magisk->Modules->Install from Storage-> choose "update-nethunter" file, and done.
16. Nethunter & the Nethunter apps will be installed, but you must update Nethunter thru the Nethunter Store first
a. Open Nethunter Store app -> Updates -> Refresh till update appears, Update then reboot.
17. Nethunter is installed but the chroot kali is not.
a. Push the kalifs-arm64-full.tar.xz onto the Mclaren to the /storage/emulated/0/ directory
adb push kalifs-arm64-full.tar.xz storage/emulated/0/
b. Go to Nethunter GUI -> Kali Chroot Manager -> Install chroot, -> choose to install from backup.
c. The file that shows up is not the one you just pushed so backspace & change the name to "kalifs-arm64-full.tar.xz
d. Click install. Once its done, ready to go.
18. There will be some issues at first, but easy to solve following these instructions. The Nethunter terminal may throw an error for kali term
because of some 'security key' function.
a. Open Nethunter terminal, select "AndroidSU".
b. Type "bootkali_bash" //this will put you into Kali linux shell inside Android shell.
c. To fix the perms, navigate to /etc/pam.d/ & Comment out the following line in each of these files
# session optional pam_keyinit.so force revoke
Files: su-l, login, runuser-l, and sshd. This will solve the Kali terminal issue.
19. Next, lets fix the permissions on the Postgresql directories. Use the following command on all of the directoris
chown -R postgresostgres postgresql/
Directories: "/var/lib/postgresql", "/etc/postgresql", & "/usr/lib/postgresql" Now postgresql will work.
20. Lets fix the iptables legacy error to have iptables working: In Kali shell type:
update-alternatives --config iptables
Choose the iptables-legacy option
Same for ipv6
update-alternatives --config ip6tables
The android firewalls are complex, check them: iptables -n -v -L
I delete all default android firewalls, up to you. iptables -F; iptables -Z; iptables -X //do same with ipv6
21. IMPORTANT there is a program that uses high CPU usage that has to be disabled immediately. Its the @brain-service. You can use "top" process monitor to check this. Don't panic, use the command below to stop it.
a. Lets make this command start at boot. Navigate to NetHunter GUI -> Custom Commands -> ADD
Name: whatever, can be "stop_brain".
Command: su -c resetprop ctl.stop oneplus_brain_service
Send to: android
Exec: background
Run on boot: yes
b. That command will bring the cpu down to 2%. There are more program/services to stop, based on not wanting oneplus spy stuff. here are a few. Use the same command above:
soter-1-0
oneplus.engineer-1-0
opdiagnose
22. There are many programs to uninstall, some are mandatory, others optional. There are numerous lists of bloatware to uninstall, located on the Internet, one link at end of post.
But, think before you uninstall, you may want or still need the package. But the following programs you have to uninstall-> spyware
a. The way to uninstall these is in the AndroidSu shell. Don't use the '-k' flag, bcuz it keeps cache & data of uninstalled pkges.
b. Some commands:
pm list packages // lists pkges. Tack a "-d" to the end to see disabled pkges.
pm uninstall --user 0 com.package.name //uninstalls the package
pm clear --user 0 com.package.name //clears data left from package
c. Necessary uninstall:
net.oneplus.odm
net.oneplus.odm.provider
com.oneplus.ses
d. Necessary Disable: // You can disable or uninstall, but must disable to avoid being updated by Oneplus
Command: pm disable --user 0 com.oneplus.backup
com.oneplus.backup
cn.oneplus.nvbackup
23. After all that, you can go to Nethunter GUI, -> chroot Manager -> Add Metapackage
Choose "kali-linux-nethunter" & "kali-linux-default" to update to base installation. After install all you want.
24. Here is a link to remove some bloatware:
OnePlus Bloatware List | Remove Bloatware on OnePlus
Using our bloatware list you can safely remove OnePlus bloatware. You can also use Oxygen OS Debloater to uninstall system apps on OnePlus devices.
technastic.com
Does Kali NetHunter also work well for OnePlus 7T Pro? I used Google and tried to find on different web pages Installation Guides for this Phone but I only found 7, 7 Pro, 7T but not a ****ing OnePlus 7T Pro!
Can´t believe nothing was posted about 7T Pro since its launch years ago.
Thank you for this detailed guide. Worked like a charm <3 .
botsec said:
Thank you for this detailed guide. Worked like a charm <3 .
Click to expand...
Click to collapse
Hey can you share your experience with nethunter, Im tempted to buy this device only for this