Better Mobile App

[SM-G9750] Random root reboot fix (Snapdragon S10 & S10e probably, too)

WARNING: This won't work currently for the SM-G9730. I need a recovery.img(.lz4) from the latest firmware.
Here's a not-so-widely-tested fix for the spontaneous reboot that occurs after rooting the SM-G9750 and other Snapdragon S10 models.
tulth located this patch. If you read the description of that patch, it mentions a NULL pointer getting dereferenced in find_get_entry (such a thing tends to cause crashes in your average program, so when this happens in the kernel, it's not surprising that a crash and reset is the response). If you look at tulth's last_kmsg, my last_kmsg and G-ThGraf's last_kmsg from a G9730, you'll notice they all have one thing in common: SHTF at smaps_pte_range+0x29c. What's at that location on those devices' kernel? Why it's only find_get_entry(vma->vm_file. So yeah, it's the same bug, already known to Google and it's been fixed in their kernel tree since January. The bug is triggered externally by reading /proc/<pid>/smaps_rollup under certain conditions. You might be able to workaround this by disabling programs to get more free RAM, but The Only Way To Fix the Underlying Kernel Bug Is To Fix the Kernel Itself™.
We're probably not going to see a new kernel update until (if?) we get an update for the next major version of Android. We Snapdragon S10* users already have an older kernel compared to Exynos S10 owners (our 4.14.78 vs. their 4.14.85) and it's probably because of that they don't see this bug. So I think the idea of Samsung fixing this is a non-starter. While I did manage to build an SM-G9750 kernel from source (their instructions leave a lot to be desired) with that patch applied, I could not get my phone to boot the result.
I am not a programmer, but I do know just slightly enough to get the ball rolling and provide the fix that that aforementioned patch does in the opcode form that can be applied onto the existing kernel on the phone.
While I've not half-arsed it in the sense I took the easy way out (always having mss->check_shmem_swap set to zero is an easy one-liner workaround; however, freeing of unneeded SHM pages wouldn't happen, eventually causing your phone to crawl to a halt), I am not familiar with assembly language for any platform at all and, as such, I could not find a way to free up enough space in the show_smap function. So I jump quite far out into a chunk of the .text section where it's full of zeroes. I don't know anything about the ELF format to be able to tell you why this section of zeroes exists - I make the probably-wrong assumption it's perhaps a requirement of the ELF format if a linker that's very good at producing optimised code still bothers to output that or it's optimisation by alignment - but it's there and it's a good place to add extra code to on account of, you know, being empty and marked executable.
As far as I can see, where I have placed the code isn't referenced by anything else at all in the kernel but I can't be 100% certain on that. Nevertheless, I've been testing this on and off (I've had to manually initiate reboots in between for various reasons) myself for the past seven days or so and I've not noticed any adverse effects.
EDIT: Saying that, I think I'll try and move the code into load_module() when I get time because this kernel can't actually load modules (see below) thus much of the code there is pointless.The risk is yours, should you choose to apply this fix.
I would've liked to wrote this as a kernel module, being far easier to maintain, and hooked the relevant smap functions (in a similar vein to flar2's wp_mod and AleksJ's ric_mod) but thanks to the geniuses at Samsung, load_module() will always return early and the compiler accordingly realises it can optimise the function by excising all the code needed to actually load a module - there's no point in keeping unreachable code. Why Samsung bothered turning on mandatory module signing is beyond me because modules will never load! You can see this for yourself: insmod /system/vendor/lib/modules/wil6210.ko will always fail with "Exec format error", and that's a signed module built and shipped by Samsung themselves for their kernel. Anyway.
As long as the kernel version remains the same, it's likely, but not guaranteed, the same patches will work for future software updates from Samsung and all I'll have to do is update the compatibility list. If you try this on any other kernel version, the chances of not being able to boot are very high. The task of maintaining this doesn't enthuse me, but I'll continue to do so out of necessity, for I like having a rooted phone but not one that restarts at the worst of times.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I know people have reported longer uptimes than that on their phone before having a forced restart, but in my case, my phone has AOD enabled, the latest stable Magisk version installed and is running EdXposed. Before this fix, I've never seen an uptime longer than about 16 hours (usually less), regardless of whether the phone was in use or not, as getting multiple restarts in a day tends to have that effect.
As long as you only write to the recovery partition (and that's the only block device that this guide tells you to write to ), you should always be able to use Odin to reflash it to reverse this, the process being somewhat similar to flashing Magisk in the first place but with the notable exception of not needing to factory reset anything. The following flashing routine was adapted from Magisk, so my thanks to topjohnwu.
If someone has the bright idea of sharing their already-patched recovery.img because typing copy and pasting commands is hard, I'll point out the following: anybody flashing such an image should really make sure they're running the same firmware and Magisk version the image was designed for. (And after reading ianmacd's posts, topjohnwu supposedly doesn't like pre-patched images with Magisk being shared. I'll respect that, and so should you.)
I won't take any responsibility if this damages your phone. Perform the following at your own risk. If you agree, then:
If you haven't already, root the phone with Magisk. Make sure to keep a copy of the magisk_patched.tar somewhere on your computer so you can reflash it with ODIN if something goes wrong here. Always make sure Magisk is installed before modifying the recovery partition yourself. If you have a pending software update, install that with Odin and root that first before doing the following.
Set up ADB on your phone and computer
From your computer, adb shell into the phone
Run
Code:
uname -r
Only attempt to apply these patches if you get 4.14.78-16509050 back. For an older version, the bottom of this post has previous patches that may or may not apply. Or just update your phone.
Run
Code:
su
and then
Code:
rm -rf /data/local/tmp/q12kpwrk ; mkdir /data/local/tmp/q12kpwrk && cd /data/local/tmp/q12kpwrk
Run
Code:
mkdir recovery && cd recovery
Find the recovery partition on your phone by running:
Code:
recovery_blk="`readlink -f /dev/block/by-name/recovery`" ; [ -b "$recovery_blk" ] || echo "Eh, something's off here. Don't continue"
Dump it to a file by running:
Code:
dd if="$recovery_blk" of=recovery.img
Extract the kernel by running:
Code:
/data/adb/magisk/magiskboot unpack recovery.img || echo "Stop! Do not continue!"
If you see the warning message again on a new line, then stop.
Otherwise, if all went well with the step above (the message "Kernel is uncompressed or not a supported compressed type!" can be safely disregarded), then note that for any of these patches, if you don't get any matches or get more than one, then do not continue any further. Don't selectively apply any of these patches; it's all or nothing.
Apply the first patch by running:
Code:
/data/adb/magisk/magiskboot hexpatch kernel F7030032895240F9F64F00F9 F7030032FD10F997F64F00F9
Run
Code:
/data/adb/magisk/magiskboot hexpatch kernel 02000014C02E00F9E1630191 02000014ED10F997E1630191
If you have an SM-G9750/Snapdragon S10+: run
Code:
/data/adb/magisk/magiskboot hexpatch kernel F30300AAA1010035F40313AA750640F9890E41F83F7500F103010054AA02098BC10501B0407100D121B83191 F30300AA0D000014895240F9DF420239C0035FD600000000D22E40F94E02008BCE2E00F9C0035FD621B83191
OR if you have an SM-G9730/Snapdragon S10: there is currently no patch. Feel free to send me a recovery.img from the latest firmware and I'll adapt it
OR if you have an SM-G9700/Snapdragon S10e (thanks to Laikar_ for the recovery.img and testing): run
Code:
/data/adb/magisk/magiskboot hexpatch kernel F30300AAA1010035F40313AA750640F9890E41F83F7500F103010054AA02098BA10501D0407100D121B81D91 F30300AA0D000014895240F9DF420239C0035FD600000000D22E40F94E02008BCE2E00F9C0035FD621B81D91
Have the patched kernel placed into a new recovery image, new-boot.img, by running:
Code:
/data/adb/magisk/magiskboot repack recovery.img || echo "Stop! Do not continue!"
Check to see if new-boot.img isn't somehow larger than the recovery partition itself by running
Code:
[ `stat -c '%s' "new-boot.img"` -gt `blockdev --getsize64 "$recovery_blk"` ] && echo "Do not continue!"
Flash the new recovery image by running
Code:
cat new-boot.img /dev/zero >"$recovery_blk" 2>/dev/null
Run
Code:
sync ; sync ; sync ; reboot recovery
If the phone boots again, great! If you're stuck at the Samsung-only logo that fades in and out for many minutes, just restart the phone again whilst holding the recovery button combo to boot into Android with Magisk activated like normal.
You can rm -rf the /data/local/tmp/q12kpwrk folder afterwards to get some space back.
If your phone keeps restarting, or you automatically get put into semi-bootloader flashing mode, hold the bootloader button combo to get to the blue-background downloading mode and reflash magisk_patched.tar (and HOME_CSC) with Odin. If you didn't keep said file or a Magisk-patched recovery.img you can tar up with 7-Zip and get Odin to flash as AP, you'll need to download the latest firmware for your SM-G9750 with Frija or similar, reflash that and then follow the instructions to root your phone again with Magisk.
If you do get a reboot after applying this, looking at /proc/last_kmsg will indicate if it's something to do with this patch or something else entirely.
Q&A:
Q: Will I have to reapply this if I update Magisk from Magisk Manager with a direct install?
A: No.
Q: Will I have to reapply this if I update the phone's firmware?
A: Yes, but check the new kernel's version first and see if it's listed in the compatibility section. If not, then you'll need to wait for an update to this fix. And remember to make sure that Magisk is installed first before modifying the recovery partition yourself.
Q: I don't want to wait hours to see if my phone will restart out of the blue. How can I test for this bug?
A: A variation on the steps to reproduce here, you can do this:
Code:
su
dd if=/data/media/0/AP_G9750ZHU1ASF1_CL16082828_QB24224470_REV00_user_low_ship_MULTI_CERT_meta_OS9.tar.md5 of=/dev/shm # or any very large file (3-4 GB, /dev/urandom might work). This fills up the allocated space for shared memory
cat /proc/*/smaps_rollup
If your kernel isn't patched, restart your phone certainly does. (Of course, you should probably run reboot recovery anyway if not because a full SHM isn't really conducive to a well-running Android session.)
Q: Do you have any other kernel patches?
A: Just the one, only tested on the SM-G9750, and it seems to not be needed at all - it has no bearing on this specific reboot issue anyway. This one disables one aspect of RKP. Again, I don't think this is actually needed on the S10+ , but Magisk still attempts to patch for this issue indiscriminately (probably for the benefit of older devices), although its patch will not apply to our kernel.
Code:
/data/adb/magisk/magiskboot hexpatch kernel 1FA50F7143010054491540B93FA50F71E30000544B0940B97FA50F71830000544A1940B95FA10F7168090054 1FA10F71810A0054491540B93FA10F71200A00544B0940B97FA10F71C00900544A1940B95FA10F7161090054
Q: Are you a dirty GPL violator, qwerty12?
A: No! What I am providing is the compiled form of the patch linked to in the beginning of this thread. If you want to understand what this does in lovely C, just look at that patch. Of course, I have to deal with this on the assembler level, so there is no source per se, just dump all the hex strings into an online disassembler. The first two magiskboot hexpatch invocations replace two existing instructions with jumps into the new code I add. The third hexpatch invocation adds the additional code implementing the patch - the original replaced instruction is executed, along with the code I added to set mss->check_shmem_swap to zero before vma->vm_file is checked for != NULL and for shmem_swapped to be added to mss->swap instead of replacing it.
Patches for older kernels:
4.14.78-16082828:
Use Magisk Manager to install the Busybox Magisk module. No, this is not optional. You can use a version of Busybox from another source, but note that this is the version I have personally tested all this with. Restart your phone anyway if you already have it installed; you want your phone's running state to be as fresh as possible to avoid the possibility of running into this bug while attempting to fix it.
Code:
/data/adb/magisk/magiskboot hexpatch kernel F7030032895240F9F64F00F9 F70300327ED15494F64F00F9
Code:
/data/adb/magisk/magiskboot hexpatch kernel 02000014C02E00F9E1630191 020000146ED15494E1630191
Code:
printf '\x89\x52\x40\xF9\xDF\x42\x02\x39\xC0\x03\x5F\xD6\x00\x00\x00\x00\xD2\x2E\x40\xF9\x4E\x02\x00\x8B\xCE\x2E\x00\xF9\xC0\x03\x5F\xD6' | busybox dd of=kernel bs=1 seek="$((0x017F9AAC + 20))" conv=notrunc
The magiskboot hexpatch equivalent of this was too large, so I settled for writing to a hard coded offset.

I have random reboot... will try this patch tomorrow.
Sent from my SM-G9750 using Tapatalk

Hi... already doing your patches... i thinks succesfully, because i dont have any error, and boot normally after last command.
So.... i have to wait if random reboot appear right ? *to test*
Thank you... will report in about 3 days

Hi,
Vuska said:
So.... i have to wait if random reboot appear right ? *to test*
Click to expand...
Click to collapse
You can run the commands under "Q: I don't want to wait hours to see if my phone will restart out of the blue. How can I test for this bug?" in the first post. If your phone restarts automatically when running cat, then your phone is still susceptible to restarting itself during use.
If it doesn't restart, then you need to run reboot recovery yourself immediately, but it means the fix was successfully applied.

PS D:\S10+\ADB platform-tools> ./adb devices
List of devices attached
R28M31K3DNZ device
PS D:\S10+\ADB platform-tools> ./adb shell
beyond2q:/ $ su
Permission denied
1|beyond2q:/ $
?????

N1ldo said:
PS D:\S10+\ADB platform-tools> ./adb devices
List of devices attached
R28M31K3DNZ device
PS D:\S10+\ADB platform-tools> ./adb shell
beyond2q:/ $ su
Permission denied
1|beyond2q:/ $
?????
Click to expand...
Click to collapse
do you already install busybox via magisk ? also there will be a pop up in your device to request access from computer. accept it
already enable usb debugging in developer menu ?
permission denied .... [emoji848] .. strange... already rooted right ?
Sent from my SM-G9750 using Tapatalk

Vuska said:
do you already install busybox via magisk ? also there will be a pop up in your device to request access from computer. accept it
already enable usb debugging in developer menu ?
permission denied .... [emoji848] .. strange... already rooted right ?
Sent from my SM-G9750 using Tapatalk
Click to expand...
Click to collapse
Yes.
As you can see in the prints below.
i try install another busybox to.

N1ldo said:
beyond2q:/ $ su
Permission denied
1|beyond2q:/ $
?????
Click to expand...
Click to collapse
Check your Magisk settings to see if you haven't turned off ADB superuser access and your apps list for a denied Shell entry.

qwerty12 said:
Check your Magisk settings to see if you haven't turned off ADB superuser access and your apps list for a denied Shell entry.
Click to expand...
Click to collapse
Thank you all ...:good::good:
Yes Shell was unauthorized root on Magisk application list :victory:

3 days now.... i can say it successfully fixed.... [emoji106][emoji106]
Thank you.
hope you will update too when new firmware arrives....
because i dont understand some code mean.... just follow and copy paste
Sent from my SM-G9750 using Tapatalk

*ASG7 firmware is out

I can provide a recovery.img from s10e (smg9700), also any way i can contact you for some help about building the kernel? I have been trying to do with s10e's one and i'm not having much success

FlatOutRU said:
*ASG7 firmware is out
Click to expand...
Click to collapse
Downloading...
is ASG7 can use this patches ?
Sent from my SM-G9750 using Tapatalk

FlatOutRU said:
*ASG7 firmware is out
Click to expand...
Click to collapse
Vuska said:
s ASG7 can use this patches ?
Click to expand...
Click to collapse
I'll download the update later and give it a once-over; however, I'll quote myself:
qwerty12 said:
As long as the kernel version remains the same, it's likely, but not guaranteed, the same patches will work for future software updates from Samsung and all I'll have to do is update the compatibility list.
Click to expand...
Click to collapse
Laikar_ said:
I can provide a recovery.img from s10e (smg9700), also any way i can contact you for some help about building the kernel? I have been trying to do with s10e's one and i'm not having much success
Click to expand...
Click to collapse
That would be appreciated, thanks. I can move the S10e into the "Patch not tested" section of the compatibility list.
I wish you'd have asked me this a few days ago, I deleted the kernel tree I had on my disk because I thought a new source ZIP from Samsung would be forthcoming for the new firmware. I'd've just attached a diff...
I did get the kernel to build but I could not get the result to boot. Some of the compiler warnings displayed during build didn't make it seem like I was going to get a working kernel image. I'll get back to you soon with some steps

qwerty12 said:
That would be appreciated, thanks. I can move the S10e into the "Patch not tested" section of the compatibility list.
I wish you'd have asked me this a few days ago, I deleted the kernel tree I had on my disk because I thought a new source ZIP from Samsung would be forthcoming for the new firmware. I'd've just attached a diff...
I did get the kernel to build but I could not get the result to boot. Some of the compiler warnings displayed during build didn't make it seem like I was going to get a working kernel image. I'll get back to you soon with some steps
Click to expand...
Click to collapse
I can't post links yet, tinyurl(dot)com/y537462u for the drive download link

Does EdXposed work for G9750?

qwerty12 said:
I'll download the update later and give it a once-over; however, I'll quote myself:
Click to expand...
Click to collapse
Its changed a bit

kakahoho said:
Does EdXposed work for G9750?
Click to expand...
Click to collapse
Yes.
FlatOutRU said:
Its changed a bit
Click to expand...
Click to collapse
Good call; there's now code at 0x017F9AAC + 20, probably not a good idea to overwrite that...
I was hoping the newer build date might have meant that Samsung applied the patch, meaning I could abandon this thread, but no such luck: I did the quick writing to /dev/shm test and my phone kernel panicked. Lovely.
I've updated the first thread with an updated patch. I followed through with my plan of moving my extra code into load_module() instead of the empty section of zeros as, thanks to Samsung's kernel developers' ineptness, that function will always fail - may as well make it early return and then use the extra space gained to store my code in.
Laikar_ said:
I can't post links yet, tinyurl(dot)com/y537462u for the drive download link
Click to expand...
Click to collapse
Thanks for the S10e recovery image, Laikar_. I've checked the recovery image's kernel and moved the S10e into the "Patch not tested" section. I'll write up some steps soon on building a kernel that won't boot
Anyway,
The S10 and S10e recovery images are not from ASG7, however, so I don't know if my newer patch applies to it but my old ones do. I think my newer one will do, too, but that's an educated guess.
Just like with the S10, anybody's welcome to try this on their S10e and let me know of the result.

qwerty12 said:
Yes.
Good call; there's now code at 0x017F9AAC + 20, probably not a good idea to overwrite that...
I was hoping the newer build date might have meant that Samsung applied the patch, meaning I could abandon this thread, but no such luck: I did the quick writing to /dev/shm test and my phone kernel panicked. Lovely.
I've updated the first thread with an updated patch. I followed through with my plan of moving my extra code into load_module() instead of the empty section of zeros as, thanks to Samsung's brainiac developers, that function will always fail - may as well make it early return and then use the extra space gained to store my code in.
Thanks for the S10e recovery image, Laikar_. I've checked the recovery image's kernel and moved the S10e into the "Patch not tested" section. I'll write up some steps soon on building a kernel that won't boot
Anyway,
The S10 and S10e recovery images are not from ASG7, however, so I don't know if my newer patch applies to it but my old ones do. I think my newer one will do, too, but that's an educated guess.
Just like with the S10, anybody's welcome to try this on their S10e and let me know of the result.
Click to expand...
Click to collapse
so the first post already update to 050 kernel right ?
mean after i updated my s10+ magisk etc.. i can do that all steps right ?
cool...
still not yet finished my download since yesterday... my internet down.. [emoji2357]
Sent from my SM-G9750 using Tapatalk

Vuska said:
so the first post already update to 050 kernel right ?
mean after i updated my s10+ magisk etc.. i can do that all steps right ?
Click to expand...
Click to collapse
Yep, the first post is updated for ASG7. Those steps are working on my SM-G9750 running it, anyway
Laikar_ said:
[...]any way i can contact you for some help about building the kernel? I have been trying to do with s10e's one and i'm not having much success
Click to expand...
Click to collapse
I'll mention again that I couldn't get the result to boot. If you work it out, please let me know. I hate loading kernel images into a disassembler
I did this on a Ubuntu 18.04.2 minimal installation. I figure that if you want to build a kernel then you, like me, have at least a working familiarity with GNU/Linux, so I won't go too in-depth.
First, install the packages needed to build:
Code:
sudo apt install git-core gnupg flex bison gperf build-essential zip zlib1g-dev libxml2-utils xsltproc unzip python bc libssl-dev
Download the toolchain mentioned in README_kernel.txt:
Code:
git clone --depth=1 https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9
Download Snapdragon LLVM Compiler for Android v6.0.9 - Linux64 from https://developer.qualcomm.com/software/snapdragon-llvm-compiler-android/tools and untar it somewhere on your system. (This isn't actually the exact compiler Samsung use - if you look at /proc/version on your phone, you'll see it says 6.0.10 - but this is the closest we mere mortals will get.)
Download the source code zip from Samsung and untar Kernel.tar.gz into a newly-created folder. Inside said folder, run chmod 644 Makefile ; chmod 755 build_kernel.sh.
Open build_kernel.sh in your favourite editor. Make the following changes:
Set BUILD_CROSS_COMPILE to the folder where aarch64-linux-android-gcc, aarch64-linux-android-ld etc. are after cloning from git. Make sure to leave the aarch64-linux-android- suffix at the end. For me, this line looks like this:
Code:
BUILD_CROSS_COMPILE=/home/fp/x/aarch64-linux-android-4.9/bin/aarch64-linux-android-
KERNEL_LLVM_BIN needs to be set to the location of the Clang binary downloaded from Qualcomm. For me, this line looks like this:
Code:
KERNEL_LLVM_BIN=/home/fp/x/93270/toolchains/llvm-Snapdragon_LLVM_for_Android_6.0/prebuilt/linux-x86_64/bin/clang
After both REAL_CC=$KERNEL_LLVM_BIN instances add
Code:
CFP_CC=$KERNEL_LLVM_BIN
(although I think this is the wrong way to do it, consider just disabling CONFIG_RKP_CFP)
Open the Makefile in your favourite editor. Find the following line
Code:
@echo Cannot use CONFIG_CC_STACKPROTECTOR_$(stackp-name): \
$(stackp-flag) not supported by compiler >&2 && exit 1
Remove the "&& exit 1". The proper way to fix this would be to set CONFIG_CC_STACKPROTECTOR_STRONG to n in the config file; however if you run clang --help, you'll see that -fstack-protector-strong is actually supported. Why turn off a useful security feature?
Run build_kernel.sh and the kernel should build (albeit with a metric crap-ton of warnings, which is just one reason why it's not surprising the resulting kernel won't boot)

[UPDATED][ROM OVERLAY][OnePlus One][Pie]Kali Nethunter[2020.1][22 Feb][Unofficial]

​
A Project By​
Code:
[FONT=Garamond][COLOR=Red][B][SIZE=4][CENTER]*** Disclaimer***[/CENTER][/SIZE][/B][/COLOR][/FONT]
[CENTER][FONT=System]The warranty of this device has ended ages ago but still, [B]please[/B] read this disclaimer.
This thing will break your device [B]HARD[/B] and possibly [B]HURT[/B] you if you don't follow instructions properly.
I [B][URL="https://en.wikipedia.org/wiki/Brick_(electronics)"][COLOR=Red]HARD BRICK[/COLOR][/URL][/B] my device 4 times before getting it right.
So please, if you follow these instructions, it [URL="https://en.wiktionary.org/wiki/should"][B]SHOULD[/B][COLOR=Gray][SIZE=1](3)[/SIZE][/COLOR][/URL] be safe for you to flash it without worries
since I have solved almost all of the problems that occur.
BUT nevertheless [B]myself, [URL="https://forum.xda-developers.com/member.php?u=6857433"]FiveO[/URL], [URL="https://www.kali.org/"]Kali Linux[/URL], [URL="https://www.offensive-security.com/"]Offensive Security[/URL], [URL="https://forum.xda-developers.com"]XDA[/URL][/B] and its staff, members and crew
and/or any of the [B]developers credited[/B] on this [B][URL="https://www.kali.org/kali-linux-nethunter/"]project[/URL][/B] will [B][COLOR=red][URL="https://dictionary.cambridge.org/dictionary/english/never"]NEVER[/URL][/COLOR][/B] be held responsible.
The tools provided in this thread are to be used in a legal context only.
Thank you.[/FONT][/CENTER]
PLEASE DO NOT QUOTE THE ENTIRE THREAD​Introduction
The Kali NetHunter is an Android penetration testing platform targeted towards Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features.
Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there. We've incorporated some amazing features into the NetHunter OS which are both powerful and unique. From pre-programmed HID Keyboard (Teensy) attacks, to BadUSB, Man In The Middle attacks, to one-click MANA Evil Access Point setups, access to the Offensive Security Exploit(1) Database(2)...
And yes, NetHunter natively supports wireless 802.11info frame(1) injection(2) with a variety of supported USB NICs.​
Click to expand...
Click to collapse
NetHunter Editions
NetHunter can be installed on every Android device under the sun using one of the following editions:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The following table illustrates the differences in functionality:
The NetHunter-App specific chapters are only applicable to the NetHunter & NetHunter Lite editions.
The Kernel specific chapters are only applicable to the NetHunter edition.
Click to expand...
Click to collapse
Images
NetHunter Apps
NetHunter Companion Apps
Nethunter Kex
Kex Docs
Nethunter Store
Nethunter Store F-Droid and others repo add-on
Nethunter Terminal
Click to expand...
Click to collapse
NetHunter and NetHunter Lite ROM compatibility test result on Android PIE
[ROM][9.0][BACON][OFFICIAL]Syberia Project
syberia_bacon-v2.6-20190622-1327-OFFICIAL = Pending
syberia_bacon-v2.9-20190921-0756-OFFICIAL = Pending
[ROM][9.0][OFFICIAL][bacon] LineageOS 16.0 for OnePlus One
lineage-16.0-20190620-nightly-bacon-signed = Success
lineage-16.0-20190701-nightly-bacon-signed = Success
lineage-16.0-20191130-nightly-bacon-signed = Failed
[ROM][9][Pie][Bacon][UNOFFICIAL] crDroid 5.5 (6/16/2019)
crDroidAndroid-9.0-20190616-bacon-v5.5 = Pending
[ROM][9.0.0][PIE] ViperOS 6.1 [BACON][UNOFFICIAL]
Viper-bacon-20190219-v6.1-UNOFFICIAL = Pending
[ROM][9.0.0][WEEKLIES] CarbonROM | cr-7.0 [bacon]
CARBON-CR-7.0-OPAL-RELEASE-bacon-20191120-0302 = Pending
[ROM] [OFFICIAL] [AOSP] Arrow OS [Pie] [9.0.0_r44] | Bacon [2019-07-21]
Arrow-v9.0-bacon-OFFICIAL-20190613 = Pending
Arrow-v9.0-bacon-OFFICIAL-20191016 = Pending
[ROM][9.0][OFFICIAL]Superior OS Nemesis[Bacon][16-09-2019]
SuperiorOS-Nemesis-bacon-OFFICIAL-20190630-0838 = Failed
SuperiorOS-Nemesis-bacon-OFFICIAL-20191012-0637 = Failed
Will do 2nd test for SuperiorOS
[ROM]-[bacon]-[OFFICIAL]-Havoc-OS-[9.0.0]
Havoc-OS-v2.6-20190626-bacon-Official = Success
Havoc-OS-v2.9-20190912-bacon-Official = Success
[ROM][9.0.0_r37] POSP v2.3 - bacon [OFFICIAL][WEEKLIES]
potato_bacon-9-20190719.Baked-v2.3.WEEKLY = Pending
[ROM][LineageOS][Android 9.0.0r40][OMS]TugaPower™ 19.0
TugaPowerP21_OP1 = Failed
TugaPowerP22_OP1 = Failed
TugaPowerP23_OP1 = Failed
Result on TWRP
twrp-3.3.1-0-bacon = Nethunter Flashable
TWRP 3.3.1-K1 = Nethunter Unflashable
Unofficial TWRP 3.2.1-1 by TugaPower = Nethunter Flashable(Stable)
Click to expand...
Click to collapse
SELinux Issues
SELinux will effect HID Interface functionality as well as SafetyNet, please download SELinux mod changer to solve this problem.
Click to expand...
Click to collapse
Download
NetHunter
Nethunter 2020.1 Stable
NetHunter Lite
Nethunter Lite 2020.1 Stable
Gapps
MindTheGapps
F-Droid Store
F-Droid
Click to expand...
Click to collapse
NetHunter Rootless Editions
Maximum flexibility with no commitment
Usage
Note: The command nethunter can be abbreviated to nh.
Tip: If you run kex in the background (&) without having set a password, bring it back to the foreground first when prompted to enter the password, i.e. via fg <job id> - you can later send it to the background again via Ctrl + z and bg <job id>
To use KeX, start the KeX client, enter your password and click connect
Tip: For a better viewing experience, enter a custom resolution under “Advanced Settings” in the KeX Client
Tips
Run apt update && apt full-upgrade first thing after installation. If you have plenty of storage space available you might want to run apt install kali-linux-full as well.
Firefox won’t work on unrooted devices. Just replace it with Chromium via: apt remove firefox-esr apt install chromium Next: ~ Find the “Chromium Web Browser” item in the application menu ~ right click and select “Edit Application” ~ Change the “Command” to /usr/bin/chromium --no-sandbox %U
All of the penetration testing tools should work but some might have restrictions, e.g. metasploit works but doesn’t have database support. If you discover any tools that don’t work, please post it in our forums.
Some utilities like “top” won’t run on unrooted phones.
Non-root users still have root access in the chroot. That’s a proot thing. Just be aware of that.
Galaxy phone’s may prevent non-root users from using sudo. Just use “su -c” instead.
Perform regular backups of your rootfs by stopping all nethunter sessions and typing the following in a termux session: tar -cJf kali-arm64.tar.xz kali-arm64 && mv kali-arm64.tar.xz storage/downloads That will put the backup in your Android download folder. Note: on older devices, change “arm64” to “armhf”
Please join us in our forums to exchange tips and ideas and be part of a community that strives to make NetHunter even better.
Click to expand...
Click to collapse
Instructions
NetHunter & NetHunter Lite
Skip this step if device already rooted
Preparation
Backup everything including internal storage.
Download Bacon Root Toolkit
Unlock bootloader and root(+flash custom recovery) your device.
Reboot to recovery
Flash TWRP use TugaPower
Reboot back to recovery and continue with flashing instruction
Flashing
Please make sure batteries are above 90%
Backup everything including internal storage,
Erase everything, Advance Wipe tick on cache, dalvik, system, data and internal storage, after that Format Data type YES.
(you can proceed without wiping internal storage but it can cause unknown problem)
Reboot back to TWRP
Flash ROMs
(Please choose ROM that already tested if possible)
Flash Magisk 20.3
Flash Gapps
(Please use MindTheGappps version instead of OpenGapps since it's has BusyBox pre install that could cause problems after flashing)
Reboot System and proceed with the start-up, after start-up completed, enable developer’s mode.
Reboot back to TWRP and flash Nethunter 2020.1
Reboot back to system.
NetHunter Rootless
Android Device (Stock unmodified device, no root or custom recovery required)
Installation
Install the NetHunter-Store app from https://store.nethunter.com
From the NetHunter Store, install Termux, NetHunter-KeX client, and Hacker’s keyboard
Note: The button “install” may not change to “installed” in the store client after installation - just ignore it. Starting termux for the first time may seem stuck while displaying “installing” on some devices - just hit enter.
Open Termux and type:
Code:
[LIST=1]
[*]termux-setup-storage pkg
[*]install wget
[*]wget -O install-nethunter-termux https://offs.ec/2MceZWr
[*]chmod +x install-nethunter-termux
[*]./install-nethunter-termux
[/LIST]
Happy Hunting​
Click to expand...
Click to collapse
Post Installation Setup
Open the NetHunter App and start the Kali Chroot Manager.
Install the Hacker Keyboard from the NetHunter Store using the NetHunter Store app.
Install any other apps from the NetHunter app store as required.
Configure Kali Services, such as SSH.
Set up custom commands.
Initialize the Exploit Database.
Click to expand...
Click to collapse
Frequently Asked Questions
Q - Documentation and Attack Descriptions
A- Attack descriptions as well as some documentation to get you started with the installation and setup of Kali NetHunter can be found at Nethunter Wiki
Q - Is Kali NetHunter an Android ROM?
A- Kali Linux NetHunter is not a ROM but is meant to be installed over an existing stock factory image of Android. It can also be installed over some Cyanogenmod based ROMs depending on device support. It is heavily based on using custom kernels and only supports a select number of devices. We're relying on you, the community, to port your devices for the full Kali NetHunter experience.
Q - Does NetHunter support Marshmallow, or Nexus 9 devices?
A - Yes, check our wiki for more information on supported devices and ROMs wiki
Q - What kind of attacks does NetHunter support?
A - Our wiki has a list of included attack tools wiki
Q - NetHunter is awesome! How do I install it?
A - Follow the instructions on the Installation wiki
Q - What is the best wireless card for NetHunter?
A - A list of supported devices and chipsets wiki
Click to expand...
Click to collapse
Thanks To/Credits/Source Code
Code:
[FONT="Franklin Gothic Medium"]# [URL="https://www.gsmarena.com/oneplus_one-6327.php"]OnePlusOne[/URL]
[oneplus1]
author = "[URL="https://twitter.com/_binkybear?lang=en"]binkybear[/URL] & [URL="https://twitter.com/yesimxev/with_replies"]yesimxev[/URL]" for the [URL="https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-devices/tree/master/pie/oneplus1"]zImage-dtb and Module[/URL]
version = "2.2"
devicenames = bacon A0001 one OnePlus
block = /dev/block/platform/msm_sdcc.1/by-name/boot
[URL="https://forum.xda-developers.com/member.php?u=4544860"]osm0sis [/URL]for the [URL="https://github.com/osm0sis/AnyKernel3/"]AnyKernel3 Ramdisk Mod Script [/URL]Customized for NetHunter
[URL="https://forum.xda-developers.com/member.php?u=5672995"]jcadduono [/URL]for the [URL="https://github.com/jcadduono/lazyflasher"]lazyflasher[/URL]
[URL="https://twitter.com/re4sonkernel?lang=en"]re4son [/URL]for the [URL="https://gitlab.com/kalilinux/nethunter/apps/kali-nethunter-app"]Nethunter App[/URL], [URL="https://www.kali.org/docs/nethunter/"]Documentation[/URL] and [URL="https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-project/-/tree/master/nethunter-rootless"]NetHunter Rootless[/URL]
[URL="https://www.kali.org/"]Kali Linux[/URL] for the [URL="https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-project"]Nethunter Project[/URL]
[URL="https://lineageos.org/"]LineageOS[/URL] for the [URL="https://github.com/LineageOS/android_kernel_oppo_msm8974"]Kernel Source Code[/URL]
[URL="https://forum.xda-developers.com/member.php?u=4841620"]Timmmmaaahh[/URL] for Proofreading[/FONT]
​

Hello XDA Members,
This is Official Nethunter 2019.4 Originally for OnePlus One Android Marshmallow that i port with Android PIE Boot-Patcher.
It's a stable build if you flash with a suitable ROM, so please check the Test Results before flashing,
The ROM compatibility test is still ongoing, and i will update it regularly.
Nethunter 2019 has some issue with Older Devices on latest ROM build, For example on Lineage 16, Nethunter will not work after July build, it will cause boot loop or error on Lineage newer build,
but this problem is not the same with all ROM,
example Havoc-OS work with Nethunter 2019 without any issues, even with September build.
I still finding a way to fix this issues, and i intend to solve this before i release Nethunter 2020.1 next year.
That all update i have for now.
Thank You for participating, have a great day.
Sent from my OnePlus One using XDA Labs

Heck yeah, nice to see seething like this finally ported to pie

Glad to see you finally releasing! Looking forward to testing it on my sweet old Bacon (when I ever find some time, lol)!

wow really nice, any idea why Kex only show blue screen with pointer? now menu or something else? sorry its been a year since lastime im try kali net hunter/

ender1324 said:
Heck yeah, nice to see seething like this finally ported to pie
Click to expand...
Click to collapse
Thanks, I'm happy to see you like it.
Timmmmaaahh said:
Glad to see you finally releasing! Looking forward to testing it on my sweet old Bacon (when I ever find some time, lol)!
Click to expand...
Click to collapse
Thank you Timmy and thanks for all the help too, hope you do find some time to try it:good:.
xsetiadi said:
wow really nice, any idea why Kex only show blue screen with pointer? now menu or something else? sorry its been a year since lastime im try kali net hunter/
Click to expand...
Click to collapse
If this what you meant(refer attachment) then it's the new Kali Desktop Xfce user interface.

Not like that. There's no start menu. Only blank screen with pointer like this

Installation tips.
Hello FairuzOnn and thank you very much for your hard work, it is appreciated.
I like the way your post is written, it's easy to read.
I am preparing my OPO for Nethunter install over a new ROM (lineage-16.0-20190701-nightly-bacon-signed) and I have a question for you. You mentionned at point #2:
"Erase everything, Advance Wipe tick on cache, dalvik, system, data and internal storage, after that Format Data type YES".
That means there will nothing left on the OPO except TWRP. So my understanding is that I should use adb sideload to install the ROM.ZIP from my computer. If not, can you tell me more about this?
Normally, I download the ROM to my OPO and then flash it with TWRP but I think it's better to "clean" the phone and start fresh.
Can you run EDXposed and Multirom? If not, I'll backup after the ROM/Nethunter install before I install those.
Again, thank you very much.

xsetiadi said:
Not like that. There's no start menu. Only blank screen with pointer like this
Click to expand...
Click to collapse
Hi xsetiadi sorry for the very late reply.
Try update chroot
on nethunter terminal
Code:
apt-get update
apt-get dist-upgrade
That should solve the problem.
2643625 said:
Hello FairuzOnn and thank you very much for your hard work, it is appreciated.
I like the way your post is written, it's easy to read.
I am preparing my OPO for Nethunter install over a new ROM (lineage-16.0-20190701-nightly-bacon-signed) and I have a question for you. You mentionned at point #2:
"Erase everything, Advance Wipe tick on cache, dalvik, system, data and internal storage, after that Format Data type YES".
That means there will nothing left on the OPO except TWRP. So my understanding is that I should use adb sideload to install the ROM.ZIP from my computer. If not, can you tell me more about this?
Normally, I download the ROM to my OPO and then flash it with TWRP but I think it's better to "clean" the phone and start fresh.
Can you run EDXposed and Multirom? If not, I'll backup after the ROM/Nethunter install before I install those.
Again, thank you very much.
Click to expand...
Click to collapse
Hello
Thank you for the compliment
You can use adb sideload or adb push, but the best way to flash ROM is by using USB Pendrive or USB OTG.
By the way I recommend using Havoc ROM, it's currently the most stable for nethunter.
You can use EDXposed but it will break safety net,
As for Multirom, I'm still working on it, the current build i made for android pie has lot of issues and can cause hard brick.
I will update you if Multirom android pie build stable to use.

This looks so impressive. Wish I were smart enough to find use for it lol

Hi! How to fix? I'm using I am using TWRP from the developer Kutep0v. (TWRP 3.2.1-K2).

thoiloidainhan said:
This looks so impressive. Wish I were smart enough to find use for it lol
Click to expand...
Click to collapse
Hi thoiloidainhan,
You can visit offensive security to learn about ethical hacking, please try it if you got the time.
Бахрам Байрамза said:
Hi! How to fix? I'm using I am using TWRP from the developer Kutep0v. (TWRP 3.2.1-K2).
Click to expand...
Click to collapse
Hello Бахрам Байрамза,
You can solve this problem, by using stock TWRP or Unofficial TWRP 3.2.1-1 by TugaPower.
For some reason all KutepOv TWRP not compatible to flash NetHunter.
HAPPY HUNTING

FairuzOnn said:
Hi thoiloidainhan,
You can visit offensive security to learn about ethical hacking, please try it if you got the time.
Hello Бахрам Байрамза,
You can solve this problem, by using stock TWRP or Unofficial TWRP 3.2.1-1 by TugaPower.
For some reason all KutepOv TWRP not compatible to flash NetHunter.
HAPPY HUNTING
Click to expand...
Click to collapse
Thanks!

Бахрам Байрамза said:
Thanks!
Click to expand...
Click to collapse
Your Welcome:good:

Hi there, thanks for all your hard work. I'm about to install but which base rom would you recommend as some time has passed.

amd-dude said:
Hi there, thanks for all your hard work. I'm about to install but which base rom would you recommend as some time has passed.
Click to expand...
Click to collapse
Hi sorry for the late reply,
Right now I recommend HACOV ROM,
anyway I currently compile new update, version 2020.1,
I'm planing to finish it and upload it the latest by tomorrow,
batter wait for this update.

FairuzOnn said:
Hi sorry for the late reply,
Right now I recommend HACOV ROM,
anyway I currently compile new update, version 2020.1,
I'm planing to finish it and upload it the latest by tomorrow,
batter wait for this update.
Click to expand...
Click to collapse
Will do, I'll download all the other files in the meantime.

FairuzOnn, wondering if you completed the new version yet?

nickkilla said:
FairuzOnn, wondering if you completed the new version yet?
Click to expand...
Click to collapse
Hi sorry for the late reply, i Have finish most of it, got some problem with NetHunter App I'm working on it, I'm really sorry for the delay. I'm at Gaylord California right now, i have to attend a conference here, i think i will post the new update in 2 or 3 days time.
Sent from my OnePlus One using XDA Labs

FairuzOnn said:
Hi sorry for the late reply, i Have finish most of it, got some problem with NetHunter App I'm working on it, I'm really sorry for the delay. I'm at Gaylord California right now, i have to attend a conference here, i think i will post the new update in 2 or 3 days time.
Sent from my OnePlus One using XDA Labs
Click to expand...
Click to collapse
No worries. Thanks for the update.

[ROM][Official] Kali NetHunter for the TicWatch Pro 3 WearOS

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I present to you: Kali NetHunter for the TicWatch Pro 3 WearOS
Kali NetHunter is an Android ROM overlay that turns an ordinary phone into the ultimate Mobile Penetration Testing Platform. Now it's available for your smartwatch with some limitations.
The overlay includes a custom kernel, a Kali Linux chroot, an accompanying Android application, which allows for easier interaction with various security tools and attacks.
Beyond the penetration testing tools arsenal within Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, WPS attacks, and much more. For more information about the moving parts that make up NetHunter, check out our NetHunter Components page.
NetHunter is an open-source project developed by Offensive Security and the community.
All variants are supported (TicWatch Pro 3 GPS/LTE/Ultra GPS/Ultra LTE) with a generic installer as of now. This means there's no custom kernel yet, however all the features work from the TicWatch Pro, except BadUSB.
## 1. Unlock the bootloader
- Connect your watch to your PC with a DIY USB cable or a 3D printed data dock, and fire up a terminal.
- If you have set up your watch on the phone you can access settings, otherwise hold both buttons for a few seconds on the welcome screen.
- Enable developer settings by going to System -> About -> tap Build number 10 times
- Enable ADB, re-plug USB and accept debug from PC
- Reboot into bootloader with `adb reboot bootloader` from the terminal
- Unlock bootloader with `fastboot oem unlock`
## 2. Flash TWRP, WearOS image, Magisk, dm-verity disabler
Please note Magisk 24.3 is recommended.
- Again enable ADB, and reboot to bootloader with `adb reboot bootloader`
- Disable vbmeta verification: `fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img`
- Flash recovery `fastboot flash recovery recovery.img`
- Boot into recovery by selecting it with the side buttons (switch with bottom one, select with upper button)
- Select Wipe -> Advanced Wipe -> select Format Data
- Reboot to recovery
- Select "Install -> ADB Sideload"
- Flash OneOS with `adb sideload`
- Flash Ultra addon with `adb sideload` only if you have an Ultra watch
- Flash Mobvoi Apps with `adb sideload`
- Make a copy of your Magisk apk file to Magisk-v24.3.zip
- Flash Magisk with `adb sideload`
- Flash Disabler with `adb push Disable_Dm-Verity_ForceEncrypt_11.02.2020.zip /sdcard/` and Install via TWRP
- Reboot & do initial setup (pair with your phone through WearOS app)
## 3. Finalise Magisk app to finish the rooting process
- Finalise Magisk installation with app `adb install Magisk-v24.3.apk`
- Launch Magisk Manager
- You might want to disable auto-update, set grant access in auto response, and disable toast notifications for easier navigation in the future
## 4. Install NetHunter
- Reboot to recovery
- Select Install -> ADB Sideload
- Flash NetHunter image with `adb sideload`
- Reboot
- Start NetHunter app & chroot
- Reboot
## 5. Set NetHunter watch face
- Install Facer onto your phone and watch from Play Store
- Search for NetHunter
- Select & Sync
### Enjoy Kali NetHunter on the TicWatch Pro 3
## Downloads
- Magisk
- TWRP images
- OneOS ROM, Mobvoi apps, Ultra addon
- vbmeta image
- dm-verity and forceencrypt disabler
- NetHunter zip
## Additional recommended apps
- TotalCommander: useful for selecting eg. a Ducky script, use "adb install" method
Download link: https://www.totalcommander.ch/android/tcandroid323-armeabi.apk
## Supported features
- Kali services
- Custom Commands
- MAC Changer
- HID Attacks
- DuckHunter
- Nmap Scan
- WPS Attacks
## Upcoming features (not guaranteed)
- Nexmon, as the chipset is supported, needs some time
- Bluetooth Arsenal (internal bluetooth via blueblinder, as carwhisperer fails to r/w when SCO channel is connected)
- Router Keygen (to be optimised)
- Hijacker (if nexmon succeeds)
- Mifare Classic Tool (need to build OS with android.hardware.nfc enabled)
## Hardware limitations
- Power resource is not enough for any external adapters, although this kernel might support Y cable in the future!
WearOS version:
XDA: DevDB Information
Kali Nethunter, Kernel & ROM for the TicWatch Pro 3
Contributors
@yesimxev
Source Code: https://gitlab.com/kalilinux/nethunter/

Reserved

Thank you so much for this
Is it working on twp3ultra?
And which stockrom img incase anything went wrong.
Thank you in advance

nelikp said:
Thank you so much for this
Is it working on twp3ultra?
And which stockrom img incase anything went wrong.
Thank you in advance
Click to expand...
Click to collapse
Yes it is, use rover for Ultra LTE and rubyfish for Ultra GPS. Link for stock ROMs is above in the OneOS dowbload page, scroll down for stock

yesimxev said:
Yes it is, use rover for Ultra LTE and rubyfish for Ultra GPS. Link for stock ROMs is above in the OneOS dowbload page, scroll down for stock
Click to expand...
Click to collapse
Thank you so much
Waiting my cable from alixpress
May i have the oneos download page sir

nelikp said:
Thank you so much
Waiting my cable from alixpress
May i have the oneos download page sir
Click to expand...
Click to collapse
Everything is there. Just scroll

Achi Shukuteki said:
Everything is there. Just scroll
Click to expand...
Click to collapse
Thanks sir
I found it
Here
Download •OneOS Wear•
wear.revtechs.me

any chance we’ll see a more vanilla rom for those of us that aren’t interested in network penetration etc, would be awesome to see a rom that could re-enable the compass in the ticwatch pro 3 ultra for example

kerode said:
any chance we’ll see a more vanilla rom for those of us that aren’t interested in network penetration etc, would be awesome to see a rom that could re-enable the compass in the ticwatch pro 3 ultra for example
Click to expand...
Click to collapse
I think the general forum would be more appropriate for that question. I was interested in the same thing, though.

kerode said:
any chance we’ll see a more vanilla rom for those of us that aren’t interested in network penetration etc, would be awesome to see a rom that could re-enable the compass in the ticwatch pro 3 ultra for example
Click to expand...
Click to collapse
Well that goes onto my list next to the enable android.hardware.nfc + android.hardware.sensor.compass in the ROM for building OneOS if it's not disabled in kernel

Edited:
My bad, kali chroot needs to be run first. Succes now
Just flashed nethunter to my twp3 but when i start nethunter app somehow there was a pop up saying "chroot is not yet installed".
Should i sideload nethunter zip again?
Can i flash zip file via twrp after push the file to the watch?.
Thanks

enter2explore said:
Edited:
My bad, kali chroot needs to be run first. Succes now
Just flashed nethunter to my twp3 but when i start nethunter app somehow there was a pop up saying "chroot is not yet installed".
Should i sideload nethunter zip again?
Can i flash zip file via twrp after push the file to the watch?.
Thanks
Click to expand...
Click to collapse
If all the steps were followed correctly, then show me /tmp/recovery.log after flashing again. Use pastebin please

yesimxev said:
If all the steps were followed correctly, then show me /tmp/recovery.log after flashing again. Use pastebin please
Click to expand...
Click to collapse
Hi @yesimxev
Already solved, it just the matter i forgot to start chroot. Work normally now.
Thanks

yesimxev said:
Well that goes onto my list next to the enable android.hardware.nfc + android.hardware.sensor.compass in the ROM for building OneOS if it's not disabled in kernel
Click to expand...
Click to collapse
awesome mate, looking forward to it!!

managed to install and chroot
but how to wps attack?
any guide would appreciate
TIA

Im stuck when running command fastboot oem unlock all I get it waiting for any device and thats it.

nemzzy668 said:
Im stuck when running command fastboot oem unlock all I get it waiting for any device and thats it.
Click to expand...
Click to collapse
Check the connection.

Achi Shukuteki said:
Check the connection.
Click to expand...
Click to collapse
Connewction is fine, ADB works, windows then also detects it when it reboots. Just fastboot that sticks. Using Windows 11

nemzzy668 said:
Connewction is fine, ADB works, windows then also detects it when it reboots. Just fastboot that sticks. Using Windows 11
Click to expand...
Click to collapse
Oh hmmm. Im on Win10. I'll leave it to the forum with that one. Unless you want to use a live Linux distro, grab the tools, you already have the files, and try that way.

Run fastboot devices first after reboot to bootloader..make sure ur watch detected.
Otherwise check ur driver

General [Kernel][Kali-NetHunter]Pixel 6/Pixel 6Pro Oriole/Raven[Kernel][Kali-NetHunter]

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
With Great power comes great responsibility.
Disclaimer::
Please use this Kernel in accordance with local law and with the privacy of yourself and others in mind. Not responsible for any charges you might accrue, bail money or fines if you choose to use it for unlawful reasons
Warning your warranty is now void. Do this at your own risk. The mad clown is in no way responsible for the chaos, worldwide disease, nuclear destruction, laughing fish, costumed caped crusaders or damage caused to your device by performing the steps involved.
The mad tech clown is back with another Kernel for all of the Kali-linux-nethunter users wanting the portability of kali-nethunter for their Pixel 6 and 6Pro devices codenamed Oriole and Raven .
I now bring you the
Mad-Kali-Maxhunter kernel for raviole
Some of the features include:
-power efficient workqueues
-fsync switch
-boeffla wake lock blocker
-force usb fastcharge
-mm: oom_kill: Reduce some verbose logging
-cpufreq: add cleanslate battery optimizer feature
-/dev/tmp and /dev/tmp/ mount
-full bluetooth support
-Wifi injection
-dvb / sdr support
Plus:
-Everything neeeded to use kali properly on your device plus some systemd stuff
-dns resolver support
-full usb/otg support
See source commits for more
This is not a super fancy pot luck kernel with every allowable feature. This is tuned out quite effeciently and ive found that adding certain features or too many causes heat to rise and we all know thats not good with this device.
Source
GitHub - Biohazardousrom/android_kernel_google_raviole
Contribute to Biohazardousrom/android_kernel_google_raviole development by creating an account on GitHub.
github.com
Download
16.68 GB folder on MEGA
74 files and 20 subfolders
mega.nz
How to Flash:
pre-requisites:
Franco Kernel Manager & root
Download zip to the internal storage of your device.
Open FKM and tap 3 line menu and choose flasher.
Choose manual flash and navigate to the zip file, select it and choose reboot after flash.
Enjoy
For more support
gs101 and gs201 development/support
Pixel 6/pro & 7/pro discussion group for general support and development
t.me
Thanks to
acuicultor
freak07
tbalden
arter97
andip71
for all your development

reserved

Some notes to help you get the Kali-nethunter system set up on your device.
1. Please install the Kali-nethunter magisk modules. These will have the firmwares needed to use the various USB dongles for wifi/bluetooth.
2. Visit this site to download and install the Kali-nethunter store https://store.nethunter.com/en/
3. After installing the store app let it update and then install these 3 apps
-Kali-nethunter installer updater and interface (aka kali-nethunter gui)
-Kali-nethunter terminal
-Kali-nethunter bvnc and kex manager
once installed open the kali gui app and ok any permissions it asks for. it will then force close.
Note:: Since android 12 the gui quit asking for several permissions needed for running scripts in the terminal so you will need to download the attached file kadb.sh to your pc then connect your device to the pc and open a command prompt and run
./kadb.sh
this will grant the missing permissions and allow the gui to open again without it force closing. script was written for linuxed based pc's. if you use windows just open it up and copy and paste the comnands one by one.
or if you have another rooted device you can connect the two via otg and run from the extra rooted device
4. open the gui app once more and navigate to install and start chroot. if you have your own just add the location to the given box when you choose install. for everyone else let the app download it and install from the Kali repository.
Note:: this will take some time please do not exit the app while in the process of downloading or installing
5. to make it easier to enter the kali nethunter terminal app create a custom comnand in the gui. it can be anuthing ls, apt-get update just what ever. then save it to kali and use it when ever you want to use the terminal
Note:: If you want to use the Kex manager/vnc you will need the root password to run programs as root. That password is toor.
Also you can activate wlan0 and wlan1 without a usb dongle. But for some reason it wont allow use of bluetooth without a dongle. i never could find a rhyme or reason for this but i have found when using bluetooth on my pc that kali would not use the built in bluetooth either and i would have to use a dongle. this is probably by design for stealth reasons but dont quote me.
I have found dual wifi and bluetooth adapters in the past and they work simultaneously

This is great! Will it be possible for you to share the kernel build instructions here? I cloned you repo into private/gs-google and ran BUILD_KERNEL=1 ./build_slider.sh -j$(nproc) after that. I do see the kernel files in out/mixed/dist. I flashed them, and it gave me boot loops.
It would be awesome if you could share some build instructions as well.

you can find more info on building kernels here....
Building Kernels | Android Open Source Project
source.android.com
but the steps i took were to initialize and sync the repo listed in the link above. then from there i made my cherry picks. next i went to /arch/arm64/configs and edited the gki_defconfig to match the needed configs i needed for kali linux. after that i ran build/build.sh.
it will error after that because the abi_symbol_allowlist in /android/abi_gki_aarch64_generic file will need updated with the new symbols now compiled in the newly customized kernel.
then after you have corrected all the errors and its built a kernel you will have 4 items to flash..
boot.img
dtbo.img
vendor_boot.img
vendor_dlkm.img
dtbo and boot are flashed in fastboot while vendor_boot and vendor_dlkm are flashed in fastbootd.
but the easiest way to flash is by making an anykernel.zip
also need to point out that some custom roms will not allow you to flash custom kernels so i would hop on tg and ask the maintainer if that rom permits flashing kernels else your gonna have a hard time

thanks for the build @Duhjoker. I managed to flash it on a Pixel 6 and install NetHunter but wifi monitoring mode doesn't work. This is the output from `airmon --debug`

Hey Duhjoker! Thanks for your work on this! Its a dream come true! I just have one question. Is there any chance we will see a pixel 6a version of this kernel with wifi injection? Or is this a pipedream?

evansfromza said:
thanks for the build @Duhjoker. I managed to flash it on a Pixel 6 and install NetHunter but wifi monitoring mode doesn't work. This is the output from `airmon --debug`
View attachment 5705665
Click to expand...
Click to collapse
i am aware of the problem and im looking into it. to be honest i never could get airmon-ng to work on any android.
im thinking monitor mode may need to be enabled first through /sys/ like qualcomm but i could be wrong. this is my first exynos kernel and im having to relearn stuff.

gahndii said:
Hey Duhjoker! Thanks for your work on this! Its a dream come true! I just have one question. Is there any chance we will see a pixel 6a version of this kernel with wifi injection? Or is this a pipedream?
Click to expand...
Click to collapse
I can but i dont own a pixel 6a. The build would have to completely blind but if your willing to test i can try. i did the same for the pixel 3 so it shouldnt be a problem but read next post to see whats up on the current state of building

ok so i dont know whats up with android 13 kernel source but so far none of the builds are booting. ive been at it since release and no go.
but be assured i am working on stuff

Duhjoker said:
I can but i dont own a pixel 6a. The build would have to completely blind but if your willing to test i can try. i did the same for the pixel 3 so it shouldnt be a problem but read next post to see whats up on the current state of building
Click to expand...
Click to collapse
Though I wouldn't mind testing something like that, however would not consider myself a reliable tester. I'm more of a tinkerer honestly. I haven't flashed a rom in 4-5 years haha I gave up years ago on a kernel with wifi packet injection drivers baked in. (for a model I owned) I would not be able to give you solid reliable feedback but id happily try it out for fun. From what ive been reading looks like im staying on Android 12 for a bit longer.

The ramdisk provided by Google for A13 is the issue, you must extract it from vendor_boot and replace it inside prebuilts folder, thanks to freak07 for the solution.
Here's the commit from him.

acuicultor said:
The ramdisk provided by Google for A13 is the issue, you must extract it from vendor_boot and replace it inside prebuilts folder, thanks to freak07 for the solution.
Here's the commit from him.
Click to expand...
Click to collapse
Thank you so much for that. it was driving me crazy and couldnt understand what the problem was.
so now we have kali coming for a13 in a couple days

ok guys Mad-Kali-MaxHunter-Raviole-T for android 13 is now live and linked in op.

I have been researching the wifi monitor mode and packet injection properties on the wlan and heres the state of the driver from my google searches
The bcm4389 wifi 6e client set of chips was announced in 2020 by broadcom and can be found in the Samsung galaxy s21 and google pixel 6, 6pro and 6a models along with some xiaome phones.
For us that means that the drivers and firmware are so new that theres been very little development for it. i myself was only able to find a bluetooth patch that im sure has already been picked up by the google source kernel devs.
from what i can tell of the other drivers by looking at the nexmon github page and further reading the previous wlan modules needed patched firmware to enable airmon-ng.
im still doing research into how to fix this but if anyone has any clues please speak up.
but for now if you should be able to get by using a usb wifi dongle.

Hi, @Duhjoker I was able to install everything successfuly but it seems like the kernel is missing some features not directly related to Kali but that would be nice to add.
HID attack support from Rucky, and ISO usb host from DriveDroid.
I'm using a Pixel 6 Pro on A13
Thanks for your work

Unfortunately, usb wifi dongles aren't working even if they're supported, even after installing their firmwares. Something's wrong with the kernel.

I have good news. Seems google did the hard work for us on hacking the firmware for monitor mode and it looks like we can now use monitor mode to catch packets "NATIVELY".
please read here for the details.
Get BCM4389 into monitor mode for WIFI sniffing
Hey all, I was trying to watch beacon frames transmitted by my access point, but had no capable hardware in my house to sniff it. Or did I? Turns out, Pixel 6 / Pixel 6 Pro can do it. Here's my howto...
forum.xda-developers.com
i havent tested this fully yet but a friend in my tg chat helped me snag the binaries rc files and best of all the firmware.
i dont currently have a magisk module yet but with root copy the vendor folder in the zip to /data/adb/modules pick any module for example
/data/adb/modules/busybox-ndk/system
reboot and enjoy
edit: you made need to chmod the binaries after placing them

deleted

tried that, it doesn't work.
also, wifi dongles are recognized by lsusb but not mounted (airmon-ng only shows phy0 - internal wlan interfaces)

[KERNEL] Nethunter For Pixel 4a 5G Android 12L

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
ALYNX Nethunter Kernel for Pixel 4a 5G - [Android 12L]
What is Nethunter ?
Kali NetHunter is a free & Open-source Mobile Penetration Testing Platform for Android devices, based on Kali Linux.​
Click to expand...
Click to collapse
Code:
I'm not responsible for bricked devices, dead SD cards.
Do some research if you have any concerns about features included in this Kernel.
About the kernel :
Kernel is based on fsociety kernel sources.
Features:
Internal Wifi Monitor Mode Support (packet injection doesn't work as it is based on qcacld-3.0 which is not capable of packet injection yet)
HID gadget keyboard/mouse
USB WiFi, mac80211 (Monitor mode, packet capture, packet injection) [Compatibility List]
RTL88XXAU USB WIFI Support
RTL8188EUS USB WIFI Support
ATH9K_HTC USB WIFI Support
Ethernet Support
Bluetooth USB Support
SDR Support
BadUSB
warning: please do not update magisk after flashing the kernel, you can update the magisk before flashing the kernel.
Installation:
Download the zip file containing the kernel from below
Flash the zip using franco kernel manager if franco doesn't work use EX kernel manager (Flashing the kernel/zip will preserve the root)
Install Busybox
Download Wireless_firmware.zip open Magisk and install the zip as Magisk module
Install Nethunter store
Install Nethunter app & Nethunter terminal from Nethunter store
Open Nethunter app & Download the full chroot kalifs within the app and let the app setup everything. After it finishes it'll start the chroot automatically.
Update the sources with apt-get update && apt-get upgrade in the chroot using nethunter terminal
Reboot the device
Note: if nethunter app crashes open any android terminal in su environment and paste the following.
Code:
pm grant com.offsec.nethunter android.permission.ACCESS_FINE_LOCATION
pm grant com.offsec.nethunter android.permission.ACCESS_COARSE_LOCATION
pm grant com.offsec.nethunter android.permission.READ_EXTERNAL_STORAGE
pm grant com.offsec.nethunter android.permission.WRITE_EXTERNAL_STORAGE
pm grant com.offsec.nethunter com.offsec.nhterm.permission.RUN_SCRIPT
pm grant com.offsec.nethunter com.offsec.nhterm.permission.RUN_SCRIPT_SU
pm grant com.offsec.nethunter com.offsec.nhterm.permission.RUN_SCRIPT_NH
pm grant com.offsec.nethunter com.offsec.nhterm.permission.RUN_SCRIPT_NH_LOGIN
Extra:
if you want to replace nethunter terminal with termux (not completely nethunter main app will still launch nethunter terminal everytime for any operation but you can access kali chroot environment from termux.
(i know nethunter terminal sucks)
Follow these steps to access the environment from termux:
Install termux from f-droid or from nethunter store
Open termux and install root repo using pkg update && pkg install root-repo tsu wget
Download the script from termux using wget https://raw.githubusercontent.com/name-is-cipher/boot-nethunter/main/install_boot-kali.sh
chmod +x install_boot-kali.sh && ./install_boot-kali.sh
let it setup everything.
restart termux and type boot-kali to access the nethunter chroot environment
if you like my work give this post a like : )
Credits:
Team Kali For Nethunter
momojura For fsociety kernel.
XDA:DevDB Information
Alynx Nethunter For Pixel 4a 5G Bramble
Contributors: V3rB0se
Source Code: https://github.com/V3rB0se/redbull
Version Information
Status: Stable
Stable Release Date: 02/08/2022
Created 02/08/2022
Last Updated 27/07/2022

Reserved​

Hey! Slight problem.
I just flashed the kernel through Franco's, and it's loaded correctly, but I don't have usb.hid for some unknown reason. I'm not sure if I've messed up or you have, so I thought I'd ask? See below for further info.

WoodenPlankGames said:
Hey! Slight problem.
I just flashed the kernel through Franco's, and it's loaded correctly, but I don't have usb.hid for some unknown reason. I'm not sure if I've messed up or you have, so I thought I'd ask? See below for further info.
View attachment 5711105View attachment 5711107
Click to expand...
Click to collapse
try installing some older versions of nethunter.

I found a setting to enable it, but now I'm having another problem: Your kernel appears to have entirely disabled OTG Game controller support.

WoodenPlankGames said:
I found a setting to enable it, but now I'm having another problem: Your kernel appears to have entirely disabled OTG Game controller support.
Click to expand...
Click to collapse
please post the logs. i have no idea what you're talking about. was it enabled before in the stock kernel?

V3rB0se said:
please post the logs. i have no idea what you're talking about. was it enabled before in the stock kernel?
Click to expand...
Click to collapse
I don't have any logs. It's not complicated. I plugged in my razer Kishi, and it didn't work. It did on (and still does when i reflash my backup of) the stock kernel.
Edit: Interestingly, the HID feature this kernel reports (Once you enable it in the nethunter app) adding still works after reflashing stock. I was under the impression that needed a kernel patch. Odd.

WoodenPlankGames said:
I found a setting to enable it, but now I'm having another problem: Your kernel appears to have entirely disabled OTG Game controller support.
Click to expand...
Click to collapse
I'll make sure to fix this in the upcoming update. but i need logs to find the problem.

WoodenPlankGames said:
I don't have any logs. It's not complicated. I plugged in my razer Kishi, and it didn't work. It did on (and still does when i reflash my backup of) the stock kernel.
Edit: Interestingly, the HID feature this kernel reports (Once you enable it in the nethunter app) adding still works after reflashing stock. I was under the impression that needed a kernel patch. Odd.
Click to expand...
Click to collapse
everything else is working i guess?

Sup fellas, it's been almost 10 years since I've unlocked a Bootloader and now it looks like there is all this Github and Backtrack ports around... Soo can someone refresh me...
After I unlock the BootLoader can I go str8 to installing a custom Rom or do i gotta put the Bloat free + ROOTED rom on first for some reason....?
What Custom Roms are compatible with this kernel? I doubt the stock android 12 rom this probably needs will have the Radio Tower mods i need.... (what rom is good for the Radio tower exploits again? uh.. you know.. the ones that offer Data Wells .. of course for research / education / pentesting purposes only... lol Maybe that Resurrection rom i seen on here yesterday/? LOL) [i srsly dont know why i cant find it in the pixel 4a forums anymore along with pages of discontinued roms... = / hmm ]
AND if a rom requires a different kernel than this can I flash this one on there afterwards and still expect the Rom will function and i wont be bricked..?

BrawnyPaperTowelHead said:
Sup fellas, it's been almost 10 years since I've unlocked a Bootloader and now it looks like there is all this Github and Backtrack ports around... Soo can someone refresh me...
After I unlock the BootLoader can I go str8 to installing a custom Rom or do i gotta put the Bloat free + ROOTED rom on first for some reason....?
What Custom Roms are compatible with this kernel? I doubt the stock android 12 rom this probably needs will have the Radio Tower mods i need.... (what rom is good for the Radio tower exploits again? uh.. you know.. the ones that offer Data Wells .. of course for research / education / pentesting purposes only... lol Maybe that Resurrection rom i seen on here yesterday/? LOL) [i srsly dont know why i cant find it in the pixel 4a forums anymore along with pages of discontinued roms... = / hmm ]
AND if a rom requires a different kernel than this can I flash this one on there afterwards and still expect the Rom will function and i wont be bricked..?
Click to expand...
Click to collapse
i think you should ask such question here but yeah you can go straight to install custom roms after unlocking the bootloader.

V3rB0se said:
i think you should ask such question here but yeah you can go straight to install custom roms after unlocking the bootloader.
Click to expand...
Click to collapse
Thank You sir, Compliments to the CHef!

NEWEST EDIT: GOT KALI.apk running finally by pasting the provided codefix in 'Nethunter Terminal' thanstead of TERMUX!!! ! : But now I Cant get CHROOT to install whether from the server installer or Manual Patching...! appears that lots of users are having the same problem... https://www.zerodaysnoop.com/articles/install-problems-with-nethunter-lite/
EDIT AGAIN!: Found The "If Kali .apk doesnt start.. paste the following:..." section on bottom... but now I cant get that to even work... First it seems Termux needs root ... but I try sudo and Tsudo..but it only gives the same error I believe...??? see below!:
EDIT: 'BUSY BOX INSTALLER from fDroid client said busybox was actually installed now after i probably rebooted the phone... so I moved on to downloading Nethunter.. and Nethunter Terminal... tried opening nethunter app wuthout terminal installed... it gave an error.. went and installed Nethunter terminal... tried choosing KALI layout and it gace an error... then I chose Android SU Terminal mode and it works....
So I try opening Nethunter to Download the chroot and Khalifs... Nethunter keeps stalling and giving errors and wont let me find these chroots, etc....???? wtf?
---- gonna try reinstalling kali stuff in the right order (ALL OVER) in the meantime to see if these alleviates anything...
Followed instructions perfectly... thought i needed a JSON configuration file for an hour until I noticed FRANCO MANAGER had a MANUAL INSTALL option...
Made my way to the busy box install part.... now NONE (ABSOLUTELY NONE) of the BusyBox apps on F-Droid are working with my phone! below is the error i Get with the best looking app...
gonna try my luck with using termux to create the directory it says it can't install Busybox in.. and also try Play Store versions in the meantime.... -___-;
ANY IDEAS?

BrawnyPaperTowelHead said:
NEWEST EDIT: GOT KALI.apk running finally by pasting the provided codefix in 'Nethunter Terminal' thanstead of TERMUX!!! ! : But now I Cant get CHROOT to install whether from the server installer or Manual Patching...! appears that lots of users are having the same problem... https://www.zerodaysnoop.com/articles/install-problems-with-nethunter-lite/
EDIT AGAIN!: Found The "If Kali .apk doesnt start.. paste the following:..." section on bottom... but now I cant get that to even work... First it seems Termux needs root ... but I try sudo and Tsudo..but it only gives the same error I believe...??? see below!:
EDIT: 'BUSY BOX INSTALLER from fDroid client said busybox was actually installed now after i probably rebooted the phone... so I moved on to downloading Nethunter.. and Nethunter Terminal... tried opening nethunter app wuthout terminal installed... it gave an error.. went and installed Nethunter terminal... tried choosing KALI layout and it gace an error... then I chose Android SU Terminal mode and it works....
So I try opening Nethunter to Download the chroot and Khalifs... Nethunter keeps stalling and giving errors and wont let me find these chroots, etc....???? wtf?
---- gonna try reinstalling kali stuff in the right order (ALL OVER) in the meantime to see if these alleviates anything...
Followed instructions perfectly... thought i needed a JSON configuration file for an hour until I noticed FRANCO MANAGER had a MANUAL INSTALL option...
Made my way to the busy box install part.... now NONE (ABSOLUTELY NONE) of the BusyBox apps on F-Droid are working with my phone! below is the error i Get with the best looking app...
gonna try my luck with using termux to create the directory it says it can't install Busybox in.. and also try Play Store versions in the meantime.... -___-;
ANY IDEAS?
Click to expand...
Click to collapse
Do not download termux from playstore download it from fdroid. for chroot you can download it manually and use backup option in nethunter app to install the zip. and install the tsu package from root-repo.

V3rB0se said:
Do not download termux from playstore download it from fdroid. for chroot you can download it manually and use backup option in nethunter app to install the zip. and install the tsu package from root-repo.
Click to expand...
Click to collapse
Okay.. I DID manually download it and had to code a github program to download the chroot from the official repo for me without timing out and causing a hash error with my terrible Internet.... then it seeded it for a Torrent that wont fail during Download....
But the whole problem turned out to be how ANDROID 12L breaks the install with it's SCREEN TIMEOUT/Sleep mode thing... which was only warned about in some youtube video for the Pixel 4a version that i seen listed before finding this guide....
Oh well... now wondering if I need the massive 1gb chroot file on my system for kali to function properly or if i could delete it now... : /