RPi2, Kali & a Motorola Atrix Lapdock for Fun & Pentesting

Since starting the Kali section of this blog and putting in a crazy amount of effort to get Kali installed and working correctly on the Raspberry Pi 2 I really could have been doing things a lot faster if I had a nice visual display to plug into rather than having to use the TV every time I wanted a visual on the box whether it was to see if a new error had been displayed while testing or just to see if X was failing again upon boot.

I have a friend who for the longest time wanted to work with me and do some soldering to get the Motorola Atrix Lapdock and the Raspberry Pi working (Yes the raspberry Pi “1” as this is nothing new), I figured there had to be an easier way as I did not really fancy soldering, don’t get me wrong I had enough practice recently over Christmas but surely some non soldering setup existed out there to simplify this process.

What follows is just a few pictures of my setup now since removing the back panel on the Atrix itself which is easier than you think at first as you honestly will feel like you are going to smash it to pieces!

What you will need:

1) Motorola Atrix Lapdock
2) Raspberry Pi 2
3) Screwdriver
4) Raspberry Pi to Lapdock Cable
5) Micro HDMI Female Adapter Type A to Type D
6) USB Male to Female Cable
7) Gadgets of your choosing for me this was wireless and bluetooth cards.

So after you have taken the back off you will be able to disassemble the casing around the cables for connecting the Motorola phone and you then have two naked cables which I am not sure what I am going to do with them yet as they are quite vulnerable to wear and tear, I may put the casing back on but for now everything is working nicely with my current setup.

20150325_192254_sizeWireless Gadget’s

20150325_192922_sizeBluetooth

20150329_114106As you can see I now have a portable laptop that does not look suspicious in the slightest!

20150325_191405_sizeLogging in20150325_191811Graphical menu with tools installed

20150325_191928

I have been having some fun with wireless in my home lab recently, I recently brought the bluetooth dongle outside to see what I could detect and bluetooth is everywhere these days and you find plenty of random devices including TV’s and some that I will not mention due to the nature of the devices but I don’t think this is a good thing and with the price of sticking a Low Energy bluetooth (BLE) chip in devices these days I can see this becoming a problem down the road. As things become popular they become targets, best not include bluetooth in our critical infrastructure, oh wait, too late…

 

4 – Kali PI 2 – Configure SSH with Custom Banner

If you have gone down the route of creating your own custom image of Kali for the Pi you will need to enable SSH for yourself to make life a bit easier for experimenting with ideas.

Remove the SSH run levels first

update-rc.d -f ssh remove

Load the default SSH run levels

update-rc.d -f ssh defaults

0 - Kali runlevels
Backup and move the default SSH keys and generate some fresh ones to prevent a MITM attack against your Pi.
1 - Kali SSH Configuration
Want a Message of the Day banner? Why the hell not! Install figlet.
apt-get install figlet
2 - Figlet for custom kali banner
Usage is simply
figlet followed by words you wish to have modified
3 - Figlet custom words use
Just copy the text from the teminal and then open up /etc/motd and paste in your new message
4 - modify banner
Add in whatever you want here and save
5 - Changed Banner
SSH into your box to see your new message
ssh root@your_pi_ip_address
6 - Kali SSH configured
 

Kali Linux 1.1.0 Git install Kernel Cross Compilation with Wireless Injection “Working” v2

OK so after some time of playing around and trying different things I have finally managed to simplify the process of installing Kali Linux on the Raspberry Pi 2 with “armhf” architecture and compiling the kernel with wi-fi injection working! Follow the the tutorial below and I will guide you step by step through each section and hopefully very soon you will also have your own custom image compiled with patched drivers for wireless injection 🙂

To follow along with this tutorial you will need the following items:
1) Raspberry Pi 2
2) Micro SD Card 8GB’s or more
3) Kali linux either installed on a physical machine or in a Virtual Machine
4) Time & patience
Step 1:
So as before you need to first create a directory and navigate to it.
mkdir name_of_your_choice (Remember it as you will need this later)
1 - Kali make dir
cd name_of_your_choice
1.1 - Kali change dir
Step 2:
git clone https://github.com/offensive-security/gcc-arm-linux-gnueabihf-4.7 to pull down for the “armhf” image creation
2 - Kali Git Clone
Output once finished it should look as follows
2.1 - Kali Git Clone Finish

Step 3:

Check your working directory with “pwd” and then “ls” to check the gcc-arm directory is there and use this information to export the path

3 - Check pwd and directory

Step 4:

Export the path with /root/Kali-Git being the working directory and gcc-arm-linux-gnueabihf-4.7/bin being the directory and bin directory contained within that you have just cloned from git

export PATH=${PATH}:/root/Kali-Git/gcc-arm-linux-gnueabihf-4.7/bin

4 - Export Kali

Step 5:

Clone the kali-arm-build-scripts from github

git clone https://github.com/offensive-security/kali-arm-build-scripts

5 - Clone Kali Arm Scripts

Output once finished it should look as follows

5.1 - Clone Kali Arm Scripts finish

Step 6:

Now as the Pi has a different architecture you need to modify the rpi.sh script in the cloned repository with the editor of your choice

6 - Change to Kali arm scripts dir

Step 7:

Don’t want to have to re-partition your Micro SD card afterwards? Don’t worry there is a place to make your life easier hidden within this script! If you have an 8GB card for example just calculate by 8 x 1000 and you get your size, my card in this case is a 16GB so unless you are using 16GB’s or higher do not copy in 16000 like below. Note however your card may not be the correct advertised size so make sure the size is what you think it is prior to setting it here. I however prefer to just re-size with gparted once finished as it takes far less time to be perfectly honest than to transfer a 16GB.img to my Micro SD card. You can also use the wiggle script afterwards to if you want an alternative method. Use whatever you are comfortable with.

4 -wiggle disk size change

Step 8:

Modifying two separate locations as outlined in the below image to say “armhf” instead of “armel”

 

7 - Change Kali architecture

Step 9:
Comment out the linux git clone like below with a # in front and instead add in the following 3.18 kernel instead
git clone -b rpi-3.18.y –depth 1 https://github.com/raspberrypi/linux ${basedir}/kernel
9 -Change kernel
Step 10:
I added in the following line as I was compiling on a 64bit machine so don’t use unless you need to and leave as is
export CROSS_COMPILE=${basedir}/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin/arm-linux-gnueabihf-
10 - kernel cross compilation
I also changed kernel.img to kernel7.img as per this thread on the raspberry pi forums
11.1 - kernel change
Step 11:
I also chose to comment out the last few lines at the end in order to be able to troubleshoot and not compress or build a sha1sum as you can see below and make sure to save it
8 - rpi script comment out

Step 12:

Copy the following pastebin script from here and create a new file in the kernel directory or alternatively run “wget http://pastebin.com/download.php?i=Rv3zpsiv -O rpi-3.18.config” from the terminal to do this for you and download it straight to the directory for you. I chose not to modify the kernel script in the end and leave as it was. If you don’t want to use the pastebin kernel version your can extract the kernel configuration yourself by simply installing Raspbian, booting up and then running “zcat /proc/config.gz > 3.18.config”  and copying this file onto your system in place of the downloaded or copy and pasted method.

12 - kernel create

Save the file contents

12 .1 - config save

Or with wget just download straight to /Kali-Git/kali-arm-build-scripts/kernel-configs

wget http://pastebin.com/download.php?i=Rv3zpsiv -O rpi-3.18.config

12 - wget raspbian kernel config

Step 13:
Install some dependencies via apt-get
sudo apt-get install linux-source -y
sudo apt-get install bc gcc gcc-4.6 libc-bin libc-dev-bin libc6 libc6-dev linux-libc-dev lib32ncurses5 -y make manpages-dev
Step 14:
I was getting an error on my previous attempt related to GLIBC_2.14 so I did some investigating and it turns out that due to debian being stable it will only use the following version 2.13 as seen below
14 GLIBC_2.14 kali linux
The GLIBC_2.14 error
complie_error_2
OK, so you shouldn’t really do this but I said screw it as I had spent quite some time at this and I wasn’t going to give up easily, I did a bad thing and I installed libc6 from the debian experimental repository something that without would not have made this possible. If you follow through you should backup or create a snapshot of your system as I take no responsibility for you borking your system up! Take this as a warning and be careful.
To install the debian experimental repository I followed the following guide
First run “nano /etc/apt/sources.list” in order to edit the file, alternatively use a different editor if you want like vi or emacs!
15.1 - nano apt sources
Modify with the following two lines and save
deb http://ftp.debian.org/debian experimental main
deb http://ftp.debian.org/debian sid main
15.2 - nano apt sources
Run apt-get update
15.3 - apt-get update kali
Then install libc6
apt-get -t experimental install libc6-dev
15.4 - libc6 install kali
Verify the install went well and a newer version of GLIBC is available to you.
/lib/x86_64-linux-gnu/libc.so.6
15.5 - libc6 installed check
Step 15:

The output should initiate as below when the rpi.sh script is run with the version number or name of your choice and be patient as depending on your internet connection this can take some time to complete

./rpi.sh name_of_custom_image

13 - run rpi script

When finished it should look something like this

13.1 - run rpi script finish

Step 16:
Now that this is done it is time to write the card with dd
dd if=your_image_here.img of=/dev/your_micro_sd bs=1M
14.2 Kali dd to disk - custom 2
Upon ejecting the Micro SD and plugging it into the Pi the kernel was not fully booting and giving me the following error, which was due to my 32GB Micro SD card as my 16GB was fine, but you may encounter similar so this is how I fixed it.
“panic: VFS: Unable to mount root fs on unknown-block”
I ejected the Micro SD card and then ran the following against it
sudo fsck.ext4 -fy /dev/sdc2
16 - fsck kali
Step 17:
I then also increased the size of the ext4 partition with gparted
Run “gparted” & from the terminal
12 - Gparted start
You want to unmount the partitions first so Right Click on the partitions and select Unmount
13 - Gparted unmount
After it should look like this with the key removed beside each partition
14 - Gparted unmounted
Now Right Click on the biggest partition that has data on it which is /dev/sdb in this case and select Resize/Move
15 - Gparted resize select
You will then be presented with the following window
16 - Gparted resize select slider
Simply move the slider along to allocate all the space and then select Resize/Move as it will be highlighted, you will also see the there is now 0 Free Space following the resize
17 - Gparted resize select slider 2
You may now think you are done as the unallocated space is gone but you need to press the green tick to start the process and the click Apply
18 - Gparted resize start and apply
Wait for a moment
19 - Gparted processing
Once finished click Close and eject your Micro SD and put it back into your Pi.
20 - Gparted Finish
Kernel in use:
0 - Kali Pi Kernel
After this the Pi was booting up without error, detecting my Alfa and Netgear card’s and working with wireless injection 🙂 Stay tuned for some follow up’s on testing your wireless injection, getting SSH configured and fully updating your new custom image!