How-To: Setup Kali NetHunter Marshmallow on Nexus 6 (Motorola)

This How-To guide walks you through setting up Kali NetHunter on Nexus 6 Motorola Android. We will be using the Marshmallow stock image. Be sure to grab the correct images/files when downloading them from the sources included in this guide. This is not a 100% comprehensive guide as there is an assumption that if you’re embarking on this adventure, you should already have the drive and means to do some research on your own and troubleshoot if you get stuck somewhere. Follow this guide at your own risk because anytime you’re working with flashing or replacing the existing OS (Android), you run the risk of something going wrong and not being able to recover. You have been warned!

For this How-To, you will need the following:

  • Nexus 6 Android Phone
  • A host computer such as a MAC, Windows, or Linux
  • Apple Xcode installed
  • tar & unzip installed and present in  your $PATH
  • Several downloads referenced below required for the setup

STEP BY STEP GUIDE


  1. Download and Install the Motorola USB device drivers. If your Nexus 6 hardware is not Motorola, find out if there are available USB drivers for your OS to make sure you have good and smooth connectivity between your OS and the Nexus device.

    Direct Link: http://www.motorola.com/getmdmmac


  2. Connect the Android phone to the MAC OS using the provided USB cable (preferably, use a powered USB 2.0 hub)

  3. Enable USB Debugging by tapping 7 times on the “Build Number” under [Settings –> About Phone] until you see a pop up message stating You are now a developer!
    Reference Link: http://developer.android.com/tools/device.html\
    NH-Devption_on

  4. Go back one screen and enter “Developer options” under the Settings menu. Slide swipe the slider right to Allow OEM Unlock and Enable USB debugging.
    NH-AllowUSB_OEM

    Note: When you turn on USB debugging, You must Accept the RSA key fingerprint

    NH-USB_RSA


  5. In order to allow the bootloader to be unlocked, you first need to boot into the bootloader by holding down the “Vol UP + Vol Down + Power” buttons simultaneously until you see the boot loader options. Note that the button combination may vary depending on your hardware, google it if you don’t know

    IMPORTANT: IF YOU DON’T SUCCESSFULLY GET PAST THIS STEP, AND UNLOCK IT,  NOTHING ELSE WILL WORK. BE SURE TO ULOCK THE BOOTLOADER BEFORE PROCEEDING


  6. In your OSX terminal, run the following command and follow the instructions directing you to press certain keys on your phone:

    # fastboot oem unlock
    NH-fastboot_oem_unlock


  7. Reboot the phone using the up/down arrow keys to select reboot on the bootloader menu and press the power button to reboot. If they are stuck, go back to the OSX terminal and type:

    # fastboot reboot

    Note: Validate that the Device is UNLOCKED and Status Code is 3. If it still says LOCKED, you need to fix that before going any further!
    NH-Unlocked


  8. Once you access the phone again, go back again into the [Settings –> About Phone] menu, and tap the build number 7 times to turn on Developer options. Once you do that, go back into the Developer options and turn on USB debugging again

  9. Download Only: The ZIP from Kali NetHunter Linux Root Toolkit
    Instructions: https://github.com/offensive-security/kali-nethunter/wiki
    Download: https://github.com/offensive-security/nethunter-LRT/archive/master.zip


  10. Download Only: TWRP for Motorola 6 Nexus
    General URL: https://twrp.me
    Direct Link: https://dl.twrp.me/shamu/twrp-3.0.2-0-shamu.img.html


  11. Download Only: Nethunter from Kali Linux
    General URL: https://www.offensive-security.com/kali-linux-nethunter-download/ Direct Link: https://images.offensive-security.com/nethunter-release/nethunter-shamu-marshmallow-3.0.zip


  12. Download Only: Android Factory Image (mine is LMY47D as I have updated Android to Marshmallow before proceeding, but later found out I could’ve just used the Marshmallow stock image when going through the setup)

    General URL: https://developers.google.com/android/nexus/images?hl=en#ryu Direct Links: https://dl.google.com/dl/android/aosp/shamu-lmy47d-factory-6c44d402.tgz https://dl.google.com/dl/android/aosp/shamu-mmb29x-factory-ef4cbb75.tgz


  13. Download Only: Google SDK, we need to setup a case-sensitive volume for the android environment before we proceed so we can install the SDK Library there.
    General URL: https://developer.android.com/sdk/index.html
    Direct Link: https://developer.android.com/sdk/index.html#mac-bundle


  14. Download Only: SuperSU
    General Link: http://forum.xda-developers.com/showpost.php?p=64161125&postcount=3
    Direct Link: http://download.chainfire.eu/897/SuperSU/BETA-SuperSU-v2.67-20160121175247.zip


  15. Download AND Install MAC ports for your OS version
    Direct Link: https://www.macports.org/install.php


  16. Setting up the MAC build environment.
    Reference Link: https://source.android.com/source/initializing.html
    1. Create a case sensitive disk for Android SDK Library and rest of our setup
      # hdiutil create -type SPARSE -fs ‘Case-sensitive Journaled HFS+’ -size 40g ~/android.dmg
    2. Put the following lines in your .bash_profile or .bashrc

      #=======================================================
      export PATH=/opt/local/bin:$PATH
      # mount the android file image
      function mountAndroid { hdiutil attach android.dmg.sparseimage -mountpoint /Volumes/android; }
      #unmount the android file image
      function umountAndroid() { hdiutil detach /Volumes/android; }
      # set the number of open files to be 1024
      ulimit -S -n 1024
      #=======================================================

    3. Now execute the following two commands to read and populate your environment variables and mount your newly created case sensitive disk
      # . .bashrc
      # mountAndroid
    4. Install xcode command tools
      # xcode-select –install
    5. Execute the following command to get make, git, and GPG packages from MacPorts: You need to have installed the Mac ports software first!
      # POSIXLY_CORRECT=1 sudo port install gmake libsdl git gnupg
    6. Install the Android SDK you downloaded in step 13 and perform a custom install which will put the Library in the disk you crated under /Volumes/adroid
    7. In your MAC shell, navigate to the /Volumes/android/Library/sdk/platform-tools directory and run the following command to make sure the computer sees your USB device
      # adb devices
    8. Unzip the Nethunter LRT master zip file you downloaded in Step 9 in the /Volumes/android directory

      NH-LRT_DirMake sure that your PATH is setup correctly, again, don’t forget to to run [# dot .bashrc]
      # . .bashrc

    9. Put the following images in their respective directories under the LRT-master directory where the script will look for them.
      – Android stockimage under stockImage
      – twrp under twrpImage
      – superSu under superSU
      – Kali Nethunter under kaliNuthnter

  17. To begin the NetHunter setup process, navigate to the LRT-master directory and run the following command

    # ./stockNexusFlash.sh

    WARNING: This will essentially WIPE the device and install a base stock image that you put in the stockImage directory as listed in the instructions on https://github.com/offensive-security/nethunter-LRT

    NH-StockFlash


  1. After flashing is successful, you will need to go in and enable Developer Mode and USB debugging again

  2. Now, for the most important part, installing Nethunter. On the command line inside the nethunter-LRT-master directory, execute the following:

    # ./twrpFlash.sh

    This will transfer the Kali Nethunter Marshmallow image to the phone and install it
    NH-Twrp_install


  1. During the install, it will pause at the Aroma version and you will need to interact with it a bit
    NH-Aroma_install

  2. Finishing installation on the Phone
    1. Accept the Security Warning

      NH-Phone_install_start

    2. Choose Custom Installation

      NH-Phone_custom_install

    3. Select the Applications you want installed.

      IMPORTANT: DO NOT INSTALL THE SuperSU THAT COMES WITH TWRP

      NH-AppsToInstall

    4. Confirm the Lists of Applications you elected and tap “Yes”

      NH-App_Selected_Confirm

    5. If you have the Promxmark3 toolkit, you can chose to install the optional Proxdroid software in the next step. I do, so I elected to install it. Tap the blue right arrow to move to next step and begin the install

      NH-Phone_install_Proxdroid


  3. After a while, the install may pause at various percentages. If it gets stuck on 40 for a long time, you will have an issue and may need to go back and start all over. Although it may boot fine if you unplug it or turn it off, it will have all kinds of issues. Usually it means you’ve selected to install something that it’s getting stuck on.

    NH-install_finished_next


  4. Once the installation finishes, tap the blue right arrow to finalize the install.

    NH-Phone_Congrats


  5. Once you’re done, don’t forget to check out the Nethunter Post Installation tips at https://github.com/offensive-security/kali-nethunter/wiki#50-post-installation-setup


  6. First time you run Nethunter, it will ask you for permissions to access all kinds of stuff, accept to continue

  7. Run the Nethunter update

  8. Go into the chroot environment and tap to install the metapakcages. When you first do this, the terminal screen may flash and you will sit at a prompt, that’s a good thing! Now execute the following command to get missing packages

    # apt-get install –fix-missing


  9. Now go back and install the metapackages you want, one by one to make sure you find/track/troubleshoot issues if needed. You may be asked to configure services such as setting passwords etc, so pay attention!

    Enjoy, and remember, with great power, comes great responsibility! 🙂

Leave a Comment