I wrote this guide because most of the documentation requires you to know the basics of flashing ROMs and stuff and just generally how to use Android, which I didn’t know. Maybe you don’t know either.
For some reason I thought it would be a good idea to buy a used Oneplus One (got mine for $120) for the sole reason of installing Kali Linux NetHunter, which can be installed over your Android ROM to give you a bunch of nifty penetration tools in a (more) mobile platform.
I specifically chose the OnePlus One because it’s the recommended device for installing NetHunter, and I’m a total noob at anything Android. And sure enough, installing it was simple as heck.
I used the Kali NetHunter Linux Root Toolkit to install everything.
1. Hunting down CyanogenMod 13
The CyanogenMod project has been dead since 2016, which made it super inconvenient to try and find the ROM. Probably doesn’t help that the phone was released in 2014 either.
After much googling, I found this ROM for CM 13.1.2. Whether or not it’s official is anyone’s guess, BUT THE FILENAME SAYS SIGNED, SO I TRUST IT.
Unfortunately the above link appears to be dead, but I’ve got a copy that I’ve put on my Google Drive. I definitely haven’t fucked with it, make sure to run
shell.exe as Administrator or
shell.sh with sudo.
2. Downloading Components
The NetHunter install requires a few different components to work correctly.
TeamWin Recovery Project
TWRP is used as a custom recovery image that lets you flash all sorts of stuff through a handy GUI.
TWRP was found pretty quickly by following the LRT instructions. I downloaded version 3.3.1.
SuperSU lets apps request root permission.
Following the LRT instructions, I downloaded beta version 2.66 (the 2.67 link was dead).
cp adb /usr/local/bin/
cp fastboot /usr/local/bin/
Kali Linux NetHunter
3. Cloning the Kali NetHunter Linux Root Toolkit
Very, very simple. On my Mac, I ran:
git clone https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-lrt
4. Preparing the Phone
Enable USB Debugging
Tons of blogs have written about how to do this, so I’ve linked the first result from Google. Make sure you accept the RSA fingerprint when you plug the phone into your computer.
Unlock the Bootloader
Luckily for me, the bootloader on my phone was already unlocked.
The LRT includes a script to unlock the phone too. After connecting the phone with USB debugging enabled, run this script:
Installing Stock Image
This step is optional, but I did it just for a smoother install.
I copied the CM 13 ZIP file previously downloaded into the stockImage folder of the LRT cloned repository and ran the script for OnePlus One (64GB).
cp ../cm-13.1.2-ZNH2KAS3P0-bacon-signed-fastboot_64GB.zip stockImage/
This takes about 5 minutes.
With a newly flashed ROM, I then setup the phone and re-enabled USB debugging. This step in itself took the longest, as CM 13 is a bag of dicks full of Microsoft and Google bloatware.
5. Flashing NetHunter
I moved all of the components into their respective folders:
cp ../twrp-3.3.1-0-bacon.img twrpImage/
cp ../BETA-SuperSU-v2.66-20160103015024.zip superSu/
cp ../nethunter-oneplus1-marshmallow-kalifs-full-2019.2.zip kaliNethunter/
Then ran the happy little flashing script:
Interaction is required to allow modifications to allow NetHunter to be installed. Otherwise, after about 30 minutes, you’ll boot into a fresh new NetHunter instance!
I’ll be writing another guide on how to flash Kali NetHunter on the top of LineageOS 15.1 if I can ever figure out how to get it working. I’m so so so so close. I think.