2016
11.12

Installing Kali NetHunter on the Nexus 5…

So, the Internet is filled with posts on this subject. Some great, others not so great, yet I still had issues when first trying to get it installed. NetHunter has changed from when I beta tested it many cycles ago. The process has that clean, professional feeling with a hint of home-brew hacker vibe. When the process is finished, the device reboots, and you are greeted with a nice animation unique to the OS. That’s assuming the progress bar didn’t stick on 40% during install.

Hopefully my contribution to the sea of posts on the matter will help a few, so let’s get down to business… cue the Keurig!

Stuff used in this demonstration:
• 1 Google Nexus 5 (LG)
• 1 USB cable to hook it up to you box (in my case Mac OSX)
• Kali NetHunter from Offensive Security (link here)
• Binaries from rootnexus5.com (link here)
• Google Android stock OS (link here) – Choose Marshmallow
• TWRP Recovery image (link here)
• Super-SU 2.78 to root your phone (link here)
• Index finger

Nexus 5 was used for the simple fact it’s pretty cheap, well supported, tested with NetHunter, and easy to find on eBay. If power is what you’re looking for, this phone shouldn’t be your first choice. You want the OnePlus One (1+1), which hopefully I’ll be able to redo using it. If you don’t have the Nexus 5, you can follow along with your chosen device. You will have to adjust the files used to match your particular hardware.

Let’s go over the steps here before we start. One common mistake I’ve seen (and I’m including myself here) is to just dive in, and screw things up because they didn’t fully read the instructions FIRST! So we’ll go over the steps in broad strokes, then proceed to actually doing it. This way we know what & when to do it, we’ll be better prepared, and hopefully avoid any surprises.

Step 1: Download Marshmallow from Google
Step 2: Download nexus 5 rooting files from nexus5root.com
Step 3: Download TWRP Recover image from twrp.me
Step 4: Download Super-SU 2.78
Step 5: Download Kali NetHunter for Marshmallow
Step 6: Plug the phone to your computer
Step 7: OEM unlock the device using fastboot (from nexus5root)
Step 8: Update the “bootloader”, radio & OS to Marshmallow
Step 9: Install TWRP
Step 10: Copy Super-SU & NetHunter files on your device
Step 11: From TWRP install Super-SU
Step 12: From TWRP install NetHunter
I’m going to start from step 7, as I will be assuming downloading files is something most people are able to do.

Step 7: OEM Unlock (this voids your warranty HAHAHA)

With the tools previously download, and the device plugged in. It’s really quite simple.
First off, by pressing volume down, then power, and hold both buttons will bring you to the bootloader. Make sure you can reach your device using the following command:
./fastboot-mac devices

If you don’t see something familiar to the image above, or all you see is “waiting” there may be an issue. Then I suggest you get this figured out before continuing.
For the rest… let us continue.

Unlocking is one simple command:
./fastboot-mac oem unlock
So from the console, you should see something similar to this:


From the device’s perspective, here’s what it will look like.
Before unlocking:

Once command has been issued, you’ll need to confirm the action on your phone. So pick it up, and follow the instructions to trash that warranty. And read it carefully, and fully.

And you’re done, reboot afterwards you’ll be seeing this each time you boot into the loader (lock state):

 

Step 8: Update the “bootloader”, radio & OS to Marshmallow

This step is to update the device you probably purchased used, since it’s an old device. Or downgrade it if it has been fully updated.
From the console, you’ll need to flash the bootloader, and then reboot it.
Flash bootloader:
./fastboot-mac flash bootloader <PATH TO IMG FILE>

After the successful flash, you’ll notice the version has changed. We’re still in business… cool. Next up is the baseband version, or radio.

Pretty much the same process as the bootloader, we use fastboot to flash the radio:
Flash radio:
./fastboot-mac flash radio <PATH TO RADIO IMG FILE>

When doing this, you should see “writing” blinking on the screen. That means it’s working. Once rebooted the baseband version will be updated.

Last thing to do is to update the stock OS. Now I’m not quite sure if all these steps are necessary, I just encountered issues when I didn’t. Which is why I took the added time to update everything.
Update OS:
./fastboot-mac –w update <PATH TO ZIP FILE>

… snip …

Takes a bit over 2 minutes to update the phone. If all went well, once rebooted you’ll be greeted with the latest Google Android splash screen.

Now the moment we’ve all been waiting for, turning our device into a Kali NetHunter device of doom! Next step is flashing the recovery partition with TWRP, which will allow us to root, and then install our custom OS.

 

Step 9: Install TWRP

This is essentially the same command as when we previous updated the bootloader, but this time we will specific “recovery”.
Flash recovery:
./fastboot-mac flash recovery <PATH TO TWRP IMG FILE>

Some explanation here, I was having issues with TWRP so I decided to download the latest version for the phone. But it wasn’t working for me for some reason. So I started by installing version 2.6.3.1 for hammerhead (which is what the Nexus 5 is called) supplied with the Nexus 5 root file downloaded from nexus5root.com. After, I re-flashed it with the newer version downloaded directly from the TWRP website.

After the install, boot into the bootloader then select “Recovery Mode”. Something similar to the this image should appear, and tinder the thing so allow TWRP to do its thing:

 

Step 10: Copy Super-SU file & NetHunter files on your device

Once booted into recovery mode, you’ll have access to the filesystem from your computer. So using your favourite Android file transfer thing, copy the NetHunter zip file, and the SuperSU file to your phone.

 

Step 11: Root the phone!

With TWRP installed, press on the “Install” button; select the appropriate file to install. In this case SuperSU and press “Install Image”, swipe to confirm.

 

Step 12: Installing the beast!

Much like installing SuperSU, simply go into TWRP, select the NetHunter zip file, and install. Confirm the security warning, which you probably didn’t read, and continue on with the installation.

This is where the fun begins. So far so good, most people from what I’ve read online get to this stage without any issues. That goes for me as well. However; many blog posts out there seem to never describe in much detail the issues they’ve encountered. When my first, and fourth, attempt didn’t work. I was determined to get this thing running. Afterwards, a post was in order figuring I wasn’t the first to encounter these problems.

 

Step 12.1: The install process

From this screen select “Custom Installation”

Then you’re greeted with the application list to include on install. This is where I was getting issues.

My first attempt I simply let everything on default not adding, or removing, options.

Everything starts off fine…

…Until you realize it’s been like this for 30 minutes.

Or this…

Unfortunately I’m missing a few screenshots so I’ll do my best to describe what needs to be done.

It could be a fluke, but after many tries what I found to work each time was to install the minimal requirements, and not choose any additional applications when prompted. Just deselect a few of the add-ons, and continue with the installation.

The progress bar “should” stick on 90%, which is exactly what we want.

Is it a bug? Why…yes
https://github.com/offensive-security/nethunter-LRT/issues/6

The bug is with the progress bar, so in theory if you wait long enough NetHunter does eventually install. You just won’t see it get to 100%. However; I’ve noticed (and this could just be me), when it sticks on 40 or 70 percent no matter how long you wait, it won’t boot into Kali. What you’re looking for is 90% completed. Once you see that, wait about 20 minutes then power it off and on again. If it hangs on 40 or 70 go back in recover mode, and start over until it sticks on 90%.

Once booted into NetHunter, navigate to the NetHunter menu and select “Kali Chroot Manager”. From there, you can add packages. Remember the more you add, the more space will be needed. This also means longer will be the wait time. It is slow… so go have a few beers while this is happening. Re-doing the chroot will also solve a few “files not found” errors when attempting to run tools. Which is a good thing.

By default the NetHunter app (which is essentially the menu) will be outdated. Uninstall it like you would any Android application, and download the newer version. From your phone, select and install the APK file the same way you would do any other package. And you should be done…

Hope this helps.

Links:
Google Android Stock image: https://developers.google.com/android/images
Kali Linux NetHunter: https://www.offensive-security.com/kali-linux-nethunter-download/
TWRP for Hammerhead: https://dl.twrp.me/hammerhead/
Nexus 5 root: http://rootnexus5.com/nexus-5-root/how-to-root-nexus-5/
Progress bar bug: https://github.com/offensive-security/nethunter-LRT/issues/6
SuperSU: http://www.androidapksfree.com/apk/supersu-apk-latest-version-download-chainfire/

Comments are closed.