- Base Images
- Kali On ARM
- Acer Tegra Chromebook 13"
- ASUS Chromebook Flip
- BeagleBone Black
- Cubieboard 2
- Galaxy Note 10.1
- Gem PDA
- HP Chromebook
- ODROID U2
- Raspberry Pi
- Raspberry Pi - Disk Encryption
- Raspberry Pi 2
- Samsung ChromeBook
- Samsung Chromebook 2
- USB Armory
- Utilite Pro
- Kali NetHunter Documentation
- NetHunter KeX Manager
- Building a New Device File
- Building NetHunter
- Installing NetHunter from Windows
- Installing NetHunter On the Gemini PDA
- Modifying the Kernel
- NetHunter Application - Csploit
- NetHunter Application - DriveDriod
- NetHunter Application - Keyboard
- NetHunter Application - Router Keygen
- NetHunter Application - Shodan
- NetHunter Application - Terminal
- NetHunter Application Update
- NetHunter BadUSB Attack
- NetHunter Chroot Manager
- NetHunter Components
- NetHunter Custom Commands
- NetHunter DuckHunter Attacks
- NetHunter Exploit Database SearchSploit
- NetHunter HID Keyboard Attacks
- NetHunter Home Screen
- NetHunter Kali Services
- NetHunter MAC Changer
- NetHunter Man In The Middle Framework
- NetHunter MANA Evil Access Point
- NetHunter Metasploit Payload Generator
- NetHunter Nmap Scan
- NetHunter VNC Manager
- Porting NetHunter to New Devices
- Testing Checklist
- Wireless Cards and NetHunter
- Kali Linux on Android
- The Android Hacking Landscape
- General Use
- Kali Development
- Building Custom Kali ISOs
- Generate an Updated Kali ISO
- Live Build a Custom Kali ISO
- Public Packaging
- ARM Cross-Compilation
- Custom Beaglebone Black Image
- Custom Chromebook Image
- Custom CuBox Image
- Custom EfikaMX Image
- Custom MK/SS808 Image
- Custom ODROID X2 U2 Image
- Custom Raspberry Pi Image
- Preparing a Kali Linux ARM chroot
- Rebuilding a Source Package
- Recompiling the Kali Linux Kernel
Preparing a Kali Linux ARM chroot
Although you can download pre-rolled Kali ARM images from our Download area, there may be applications which will require building your own custom bootstrapped Kali rootfs for ARM.
The following procedure shows an example of building a fairly generic Kali armhf rootfs. If you wish to build for armel, use that value rather than “armhf” when you export the architecture environment variable.
Some Notes on This Procedure
The intention in this article is more to provide a high-level overview of how the build scripts work than an actual manual procedure (although it’s completely possible to walk through this example at the command line). The style mimics that used in the build scripts used to create the pre-rolled images. Specifically, you’ll see a construct in several places that looks like:
cat << EOF > kali-$architecture/etc/apt/sources.list deb http://http.kali.org/kali kali-rolling main non-free contrib #deb-src http://http.kali.org/kali kali-rolling main non-free contrib EOF
This simply amounts to creating a new file, ~/arm-stuff/rootfs/kali-armhf/etc/apt/sources.list, with the contents
deb http://http.kali.org/kali kali-rolling main non-free contrib #deb-src http://http.kali.org/kali kali-rolling main non-free contrib
Real-World Custom Kali Linux Builds for ARM Devices
Before we walk through our example, it’s probably good to see how a custom ARM build would actually be accomplished. Typically, to do a local build of an image for, e.g., Raspberry Pi, the process would be something like the following. As an initial one-time set-up, clone the ARM build scripts repository on GitHub and install the build prerequisites:
cd ~ git clone https://gitlab.com/kalilinux/build-scripts/kali-arm.git dpkg --add-architecture i386 apt update apt -y install debootstrap qemu-user-static device-tree-compiler lzma lzop u-boot-tools libncurses5:i386 pixz
To do an ARM build, you must enable cross-compilation for your current shell session:
export ARCH=arm mkdir -p arm-stuff/kernel/toolchains cd arm-stuff/kernel/toolchains git clone git://gitlab.com/kalilinux/packages/gcc-arm-eabi-linaro-4-6-2.git export CROSS_COMPILE=~/arm-stuff/kernel/toolchains/gcc-arm-eabi-linaro-4.6.2/bin/arm-eabi-
Then simply invoke the build script for the specific platform. So, for a Raspberry Pi build of Kali Linux 2016.2, execute the commands:
cd ~ kali-arm-build-scripts/rpi.sh 2016.2
The ARM build scripts are all completely self-contained, aside from the initial one-time installation of the build prerequisites. The first time you run one of the ARM build scripts, it is extremely important that you inspect the output for any errors such as missing tools, etc., correct them, and then re-run the script until you get a clean build. Only at that point can you go ahead to make any customizations you want to the basic build script to create the specific “recipe” you’re after.
It’s possible to speed up your builds by caching the packages you download using apt-cacher-ng, as described in the previous article. Note that this can break some of the standard build scripts unless you uncomment certain lines before building — they’re noted in the scripts themselves. If you’re using apt-cacher-ng, make sure you check your scripts for any necessary changes.
For reliable and predictable results, build your Kali Linix ARM chroot from within a pre-existing and up-to-date Kali Linux environment. This guide assumes that you have already set up your ARM cross-compilation environment.
An Annotated Example of a Generic ARM Build of Kali Linux
The build described here is both minimal and generic. A small number of basic packages are included, and the fuller configuration needed for a real-world platform is omitted for the sake of clarity. Use this example as a reference for understanding what’s going on in the official ARM build scripts and as a high-level guide for writing your own build scripts. It can be successfully followed as a stand-alone tutorial from the command line, but the image produced is not likely to run on any particular device. Use the pre-rolled build scripts, either as-is or with your own customizations, to produce working images for concrete hardware.
Install Required Tools and Dependencies
This is a general set-up task, and should only ever need to be done once.
apt install debootstrap qemu-user-static
In order to enable the Linaro cross-compilation, you will need to set these environment variable at the beginning of every session.
export ARCH=arm export CROSS_COMPILE=~/arm-stuff/kernel/toolchains/gcc-arm-eabi-linaro-4.6.2/bin/arm-eabi-
Define Architecture and Custom Packages
This is where you define some environment variables for your required ARM architecture (armel vs armhf) and list the packages to be installed in your image. These will be used throughout this article, so make sure to modify them to your needs.
export packages="xfce4 kali-menu wpasupplicant kali-defaults initramfs-tools u-boot-tools nmap openssh-server" export architecture="armhf"
Build the Kali rootfs
Set Up the Base rootfs
As our starting point, we’ll create a standard directory structure and use debootstrap to install a base ARM rootfs from the Kali Linux repositories. We then copy over qemu-arm-static, an ARM emulator, from our host machine into the rootfs in order to initiate the 2nd stage chroot.
cd ~ mkdir -p arm-stuff # should have already been created when setting up x-compilation cd arm-stuff/ mkdir -p kernel # should have already been created when setting up x-compilation mkdir -p rootfs cd rootfs debootstrap --foreign --arch $architecture kali-rolling kali-$architecture http://http.kali.org/kali cp /usr/bin/qemu-arm-static kali-$architecture/usr/bin/
2nd Stage chroot
First, we’ll chroot into our newly-created base rootfs, use debootstrap a second time to construct our second-stage rootfs, and configure base image settings such as repositories (in /etc/apt/sources.list), host name (in /etc/hostname), default network interfaces and behavior (in /etc/network/interfaces and /etc/resolv.conf), etc. Change these to suit your requirements.
cd ~/arm-stuff/rootfs LANG=C chroot kali-$architecture /debootstrap/debootstrap --second-stage cat << EOF > kali-$architecture/etc/apt/sources.list deb http://http.kali.org/kali kali-rolling main non-free contrib # deb-src http://http.kali.org/kali kali-rolling main non-free contrib EOF echo "kali" > kali-$architecture/etc/hostname cat << EOF > kali-$architecture/etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp EOF cat << EOF > kali-$architecture/etc/resolv.conf nameserver 22.214.171.124 EOF
Now, we’re ready to assemble our third-stage chroot.
3rd Stage chroot
This is where your specific customizations come in. Your $packages list is installed, as are keymaps, a default root password of “toor” is set, and other configuration changes and fixes are applied.
export MALLOC_CHECK_=0 # workaround for LP: #520465 export LC_ALL=C export DEBIAN_FRONTEND=noninteractive mount -t proc proc kali-$architecture/proc mount -o bind /dev/ kali-$architecture/dev/ mount -o bind /dev/pts kali-$architecture/dev/pts cat << EOF > kali-$architecture/debconf.set console-common console-data/keymap/policy select Select keymap from full list console-common console-data/keymap/full select en-latin1-nodeadkeys EOF
Here, we’ll create the script to do the third-stage chroot
cat << EOF > kali-$architecture/third-stage #!/bin/bash dpkg-divert --add --local --divert /usr/sbin/invoke-rc.d.chroot --rename /usr/sbin/invoke-rc.d cp /bin/true /usr/sbin/invoke-rc.d apt update apt install locales-all #locale-gen en_US.UTF-8 debconf-set-selections /debconf.set rm -f /debconf.set apt update apt -y install git-core binutils ca-certificates initramfs-tools u-boot-tools apt -y install locales console-common less nano git echo "root:toor" | chpasswd sed -i -e 's/KERNEL\!=\"eth\*|/KERNEL\!=\"/' /lib/udev/rules.d/75-persistent-net-generator.rules rm -f /etc/udev/rules.d/70-persistent-net.rules apt-get --yes --force-yes install $packages rm -f /usr/sbin/invoke-rc.d dpkg-divert --remove --rename /usr/sbin/invoke-rc.d rm -f /third-stage EOF
Now, we’ll run it from within our second-stage chroot.
chmod +x kali-$architecture/third-stage LANG=C chroot kali-$architecture /third-stage
Manual Configuration Within the chroot
If you need to make any further modifications in your rootfs environment, you can do so by manually chrooting into it with the following command and making any needed changes.
LANG=C chroot kali-$architecture
Once you’ve completed your modifications, leave the chroot’ed rootfs with the command
Lastly, we create and run a cleanup script in our chroot to free up space used by cached files and run any other cleanup jobs we may require, and unmount the directories we were using in our rootfs.
cat << EOF > kali-$architecture/cleanup #!/bin/bash rm -rf /root/.bash_history apt update apt clean rm -f cleanup EOF chmod +x kali-$architecture/cleanup LANG=C chroot kali-$architecture /cleanup umount kali-$architecture/proc umount kali-$architecture/dev/pts umount kali-$architecture/dev/ cd ..
Congratulations! Your custom Kali ARM rootfs is located in the ~/arm-stuff/rootfs/kali-$architecture directory. You can now tar up this directory or convert it to an image file for further work.