Kali Nethunter on OnePlus One Phone

Recently I purchased a, OnePlus One phone with the sole purpose of trying out Kali Linux Nethunter. I bought one from eBay that was already running Cyanogen 12.1. Once I got the phone I started to figure out how to get this to work.

There were quite a few different install guides but nothing that got me all the way there. As a reminder for myself I thought I would write one. Also the steps are more or less the same no matter which support Android device you use.

For this I was using a MacBook, so I needed to download the following items:

ADB Drivers and Commands:
http://developer.android.com/sdk/index.html

Cyanogen 12.1 (bacon):
https://download.cyanogenmod.org/get/jenkins/129290/cm-12.1-20151007-SNAPSHOT-YOG4PAO33I-bacon.zip

TWRP Recovery:
http://techerrata.com/browse/twrp2/bacon

SuperSU:
http://download.chainfire.eu/696/SuperSU/UPDATE-SuperSU-v2.46.zip

Android File Transfer:
https://www.android.com/filetransfer/

Kali Nethunter:
http://images.kali.org/kali_linux_nethunter_2.0.1_bacon_lollipop.zip

Once these have been downloaded, we need to install the ADB Drivers components, which in reality is part of the Android SDK. Just click the install and run through the wizard, nothing special here at all. You may hit an issue about Java, if you do then just install the latest Java components, JDK also. Once this is done follow the default wizard which will setup your Android tools into the following location:

~/Library/Android/sdk/

To start the process, connect your OnePlus One phone to your Mac. First let’s open up the “Android File Transfer” tool and copy the “SuperSU” file and also the “Cyanogen 12.1” zip file to the root of the phone. We will use these later.

Secondly, we need to enabled Developer Options, which is done using the following steps:

  1. Open “Settings” on the Phone
  2. Scroll down to “About Phone

  3. View the phone details, and look for the “Build Number

  4. Tap the “Build Number7 times, it will show you how many taps you have left then let you know when you have enabled it

  5. Now go out of the “About Phone” option and “Developer Options” should be available.

  6. Now we set a few things

Once all this is done we should then be able to connect the phone to the computer and it should prompt for authorization to connect using the “Android Debugging” feature. Once authorized, open up a Terminal and navigate to the Android SDK.

Once in this directory you need to access the “platform-tools” folder. Once here we need to run the first command which will tell us if the device is connected.

./adb devices

Once ran this may return an error saying “Unauthorized” if that is the case, disconnect and reconnect your phone to the computer, and accept the prompt on the phone to authorize. Once done it should list the device.

Now we need to reboot the phone into what’s called “Fastboot” mode. That is done using the following command.

./adb reboot bootloader

The phone should then reboot and sit with the “Fastboot” display on the phone. Once it is in that state, we now need to unlock the phone using the following command:

./fastboot oem unlock

Now we need to flash the phone with a new recovery module called “TWRP“. This done by using the following command:

./fastboot flash recovery {Path to Recovery ROM}

./fastboot flash recovery /Users/Me/Downloads/recovery.img

Once completed you need to turn off the phone using the recovery option. This is done by holding the power button and the volume down until the phone makes a beep noise and you see the OnePlus One log, then let go. It should then boot into the TWRP recovery component.

Once inside of the recovery tool, it should run a little installation a patch your main boot ROM and then probably ask for a reboot, as well as rooting the device, this does not always happen, so don’t worry if it does not do it on your phone. Next we need to select the “Install” option in TWRP, and navigate to the “SuperSU” zip file and choose to “Confirm the Flash“. Once it is done choose to “Wipe Cache and Delvik“, once confirmed and completed, go back to the main menu and choose “Reboot” then select “System

Once it has loaded we need to install an application from Google Play which is called “MultiROM Manager“. This will allow us to run different ROM’s at any point by booting into them.

Now that is installed we should be able to open it and it should ask about granted “SU” permission, accept this and allow the application to load. It may display the following on the screen:

To make this work, we first need to “Install“, the missing components and patches. Firstly, make sure for Cyanogen 12.1 you change the Kernel to Version 5.X. If you do not when you boot after patching, your SIM Card won’t work and the Wi-Fi just won’t switch on at all.

Once it is done it will require a reboot. Complete this, then boot back into the TWRP recovery menu.

Once back at the menu we need to now access the “Advanced” option.

Once here we choose the “MultiROM” option then select the “Add ROM” option.

Now choose the “Next” option leaving everything else as is.

Next we need to select the “ZIP” option.

From the file manager choose the “Cyanogen 21.1” ZIP and then “Swipe to Confirm“.

This will then add this as an alternate ROM, patching as it goes.

Once completed, you can click the reboot button, and then boot back into the recovery menu.

Once it has booted go back to “List ROMs” and click this option, and click on the ROM we just added.

We need to rename it first so it makes sense when we want to boot it. Click the “Rename” option and call it “Kali Nethunter“.

After this is completed reboot the device, and choose from the “MultiROM” selector “Kali Nethunter” and allow it to configure “Cyanogen“. Once completed reboot into recovery so we can patch it with what we need.

Now we need to patch the Cyanogen 12.1 with the Kali Linux zip file we copied to the phone in the beginning.

Now click back on the same image albeit renamed, and choose the “Flash Zip” option. Navigation to the “kali_linux_nethunter_2.0.1_bacon_lollipop.zip” then swipe to confirm the flash.

This process can take some time; it actually says it could be up to 30 minutes. In my tests it has never taken that long.

Once done we should then have Cyanogen 12.1, patched with Kali Nethunter. After this has completed we need to repeat the same process, but this time we select the “SuperSU” zip file.

Now that this is completed we can reboot the phone as normal and then select from the “MultiROM” selector the “Kali Nethunter” image we just added and patched. Now it should boot into “Kali Nethunter“, the wallpaper should be different and the applications that come with it should be installed.

Looking through the menus we can select the “Launch Kali Menu in Terminal“, which will load the core menu to allow access to all the tools.

There it is, an OnePlus One Running Cyanogen 12.1 as the main phone, then a second one patched with Kali Nethunter that can be booted into using MultiROM Manager.

Liam Cleary

I work as an Associate Director for Protiviti in Virginia. My main focus is to ensure that SharePoint can either natively or with minimal customization meet the business requirement securely. I am currently a SharePoint MVP focused on Architecture but also cross the boundary into Development and Security. I am often found at user groups, conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet and sometimes building Lego robots.

You may also like...

  • Bryan

    in the first step, you said to save those two files to the root of the phone, yet i dont see where you are talking about. there isnt a folder or anything labeled root inside the android file transfer app. am i missing something?

    • helloitsliam

      “Root” means to store them at the highest level of the disk for the phone. Not a “root” folder. Simply copy the files to where all the files are and you should be good.