#!/bin/bash set -e # This is the Raspberry Pi Kali ARM build script - https://www.kali.org/downloads # A trusted Kali Linux image created by Offensive Security - https://www.offensive-security.com if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" exit 1 fi if [[ $# -eq 0 ]] ; then echo "Please pass version number, e.g. $0 2.0, and (if you want) a hostname, default is kali" exit 0 fi basedir=`pwd`/rpi-hyperpixel-$1 # Custom hostname variable hostname=${2:-kali} # Custom image file name variable - MUST NOT include .img at the end. imagename=${3:-kali-linux-$1-rpi-hyperpixel} # Size of image in megabytes (Default is 4500=4.5GB) size=4500 # Suite to use. # Valid options are: # kali-rolling, kali-dev, kali-bleeding-edge, kali-dev-only, kali-experimental, kali-last-snapshot # A release is done against kali-last-snapshot, but if you're building your own, you'll probably want to build # kali-rolling. suite=kali-rolling # Generate a random machine name to be used. machine=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) # Package installations for various sections. # This will build a minimal XFCE Kali system with the top 10 tools. # This is the section to edit if you would like to add more packages. # See http://www.kali.org/new/kali-linux-metapackages/ for meta packages you can # use. You can also install packages, using just the package name, but keep in # mind that not all packages work on ARM! If you specify one of those, the # script will throw an error, but will still continue on, and create an unusable # image, keep that in mind. arm="abootimg cgpt fake-hwclock ntpdate u-boot-tools vboot-utils vboot-kernel-utils" base="apt-transport-https apt-utils console-setup e2fsprogs firmware-linux firmware-realtek firmware-atheros firmware-libertas firmware-brcm80211 ifupdown initramfs-tools iw kali-defaults man-db mlocate netcat-traditional net-tools parted psmisc rfkill screen snmpd snmp sudo tftp tmux unrar usbutils vim wget zerofree" desktop="kali-menu fonts-croscore fonts-crosextra-caladea fonts-crosextra-carlito kali-desktop-xfce kali-root-login lightdm network-manager network-manager-gnome xfce4 xserver-xorg-video-fbdev xserver-xorg-input-evdev xserver-xorg-input-synaptics" tools="aircrack-ng crunch cewl dnsrecon dnsutils ethtool exploitdb hydra john libnfc-bin medusa metasploit-framework mfoc ncrack nmap passing-the-hash proxychains recon-ng sqlmap tcpdump theharvester tor tshark usbutils whois windows-binaries winexe wpscan wireshark" services="apache2 atftpd openssh-server openvpn tightvncserver" extras="bluez bluez-firmware i2c-tools python3-configobj python3-evdev python3-pip python3-requests python3-rpi.gpio python3-smbus xfonts-terminus triggerhappy wpasupplicant xfce4-terminal" # Git commit hash to check out for the kernel #kernel_commit=20fe468 packages="${arm} ${base} ${services}" architecture="armel" # If you have your own preferred mirrors, set them here. # After generating the rootfs, we set the sources.list to the default settings. mirror=http.kali.org # Check to ensure that the architecture is set to ARMEL since the RPi is the # only board that is armel. if [[ ${architecture} != "armel" ]] ; then echo "The Raspberry Pi cannot run Debian armhf binaries" exit 0 fi # Set this to use an http proxy, like apt-cacher-ng, and uncomment further down # to unset it. #export http_proxy="http://localhost:3142/" mkdir -p "${basedir}" cd "${basedir}" # create the rootfs - not much to modify here, except maybe throw in some more packages if you want. debootstrap --foreign --keyring=/usr/share/keyrings/kali-archive-keyring.gpg --include=kali-archive-keyring --arch ${architecture} ${suite} kali-${architecture} http://${mirror}/kali cp /usr/bin/qemu-arm-static kali-${architecture}/usr/bin/ LANG=C systemd-nspawn -M ${machine} -D kali-${architecture} /debootstrap/debootstrap --second-stage mkdir -p kali-${architecture}/etc/apt/ cat << EOF > kali-${architecture}/etc/apt/sources.list deb http://${mirror}/kali ${suite} main contrib non-free EOF # Set hostname echo "${hostname}" > kali-${architecture}/etc/hostname # So X doesn't complain, we add $hostname to hosts cat << EOF > kali-${architecture}/etc/hosts 127.0.0.1 ${hostname} localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters EOF mkdir -p kali-${architecture}/etc/network/ cat << EOF > kali-${architecture}/etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp EOF cat << EOF > kali-${architecture}/etc/resolv.conf nameserver 8.8.8.8 EOF cat << EOF > kali-${architecture}/debconf.set console-common console-data/keymap/policy select Select keymap from full list console-common console-data/keymap/full select en-latin1-nodeadkeys EOF mkdir -p kali-${architecture}/usr/lib/systemd/system/ cat << 'EOF' > kali-${architecture}/usr/lib/systemd/system/regenerate_ssh_host_keys.service [Unit] Description=Regenerate SSH host keys Before=ssh.service [Service] Type=oneshot ExecStartPre=-/bin/dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096 ExecStartPre=-/bin/sh -c "/bin/rm -f -v /etc/ssh/ssh_host_*_key*" ExecStart=/usr/bin/ssh-keygen -A -v ExecStartPost=/bin/sh -c "for i in /etc/ssh/ssh_host_*_key*; do actualsize=$(wc -c <\"$i\") ;if [ $actualsize -eq 0 ]; then echo size is 0 bytes ; exit 1 ; fi ; done ; /bin/systemctl disable regenerate_ssh_host_keys" [Install] WantedBy=multi-user.target EOF chmod 644 kali-${architecture}/usr/lib/systemd/system/regenerate_ssh_host_keys.service cat << EOF > kali-${architecture}/usr/lib/systemd/system/smi-hack.service [Unit] Description=shared-mime-info update hack Before=regenerate_ssh_host_keys.service [Service] Type=oneshot Environment=DEBIAN_FRONTEND=noninteractive ExecStart=/bin/sh -c "rm -rf /etc/ssl/certs/*.pem && dpkg -i /root/*.deb" ExecStart=/bin/sh -c "dpkg-reconfigure shared-mime-info" ExecStart=/bin/sh -c "dpkg-reconfigure xfonts-base" ExecStart=/bin/sh -c "rm -f /root/*.deb" ExecStartPost=/bin/systemctl disable smi-hack [Install] WantedBy=multi-user.target EOF chmod 644 kali-${architecture}/usr/lib/systemd/system/smi-hack.service cat << EOF > kali-${architecture}/usr/lib/systemd/system/rpiwiggle.service [Unit] Description=Resize filesystem After=regenerate_ssh_host_keys.service [Service] Type=oneshot ExecStart=/root/scripts/rpi-wiggle.sh ExecStartPost=/bin/systemctl disable rpiwiggle [Install] WantedBy=multi-user.target EOF chmod 644 kali-${architecture}/usr/lib/systemd/system/rpiwiggle.service cat << EOF > "${basedir}"/kali-${architecture}/usr/lib/systemd/system/enable-ssh.service [Unit] Description=Turn on SSH if /boot/ssh is present ConditionPathExistsGlob=/boot/ssh{,.txt} After=regenerate_ssh_host_keys.service [Service] Type=oneshot ExecStart=/bin/sh -c "update-rc.d ssh enable && invoke-rc.d ssh start && rm -f /boot/ssh ; rm -f /boot/ssh.txt" [Install] WantedBy=multi-user.target EOF chmod 644 "${basedir}"/kali-${architecture}/usr/lib/systemd/system/enable-ssh.service cat << EOF > "${basedir}"/kali-${architecture}/usr/lib/systemd/system/copy-user-wpasupplicant.service [Unit] Description=Copy user wpa_supplicant.conf ConditionPathExists=/boot/wpa_supplicant.conf Before=dhcpcd.service [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/mv /boot/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant.conf ExecStartPost=/bin/chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf [Install] WantedBy=multi-user.target EOF chmod 644 "${basedir}"/kali-${architecture}/usr/lib/systemd/system/copy-user-wpasupplicant.service # Download the hyperpixel's service files here so we can enable them in the third stage with the rest of the services wget https://raw.githubusercontent.com/pimoroni/hyperpixel/master/requirements/usr/lib/systemd/system/hyperpixel-touch.service -O kali-${architecture}/usr/lib/systemd/system/hyperpixel-touch.service wget https://raw.githubusercontent.com/pimoroni/hyperpixel/master/requirements/usr/lib/systemd/system/hyperpixel-init.service -O kali-${architecture}/usr/lib/systemd/system/hyperpixel-init.service wget https://raw.githubusercontent.com/pimoroni/hyperpixel/master/requirements/usr/bin/hyperpixel-init -O kali-${architecture}/usr/bin/hyperpixel-init chmod 755 kali-${architecture}/usr/bin/hyperpixel-init wget https://raw.githubusercontent.com/pimoroni/hyperpixel/master/requirements/usr/bin/hyperpixel-touch -O kali-${architecture}/usr/bin/hyperpixel-touch chmod 755 kali-${architecture}/usr/bin/hyperpixel-touch cat << EOF > kali-${architecture}/third-stage #!/bin/bash set -e dpkg-divert --add --local --divert /usr/sbin/invoke-rc.d.chroot --rename /usr/sbin/invoke-rc.d cp /bin/true /usr/sbin/invoke-rc.d echo -e "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d chmod 755 /usr/sbin/policy-rc.d apt-get update apt-get --yes --allow-change-held-packages install locales-all debconf-set-selections /debconf.set rm -f /debconf.set apt-get -y install git-core binutils ca-certificates initramfs-tools u-boot-tools apt-get -y install locales console-common less nano git echo "root:toor" | chpasswd rm -f /etc/udev/rules.d/70-persistent-net.rules export DEBIAN_FRONTEND=noninteractive # This looks weird, but we do it twice because every so often, there's a failure to download from the mirror # So to workaround it, we attempt to install them twice. apt-get --yes --allow-change-held-packages -o dpkg::options::=--force-confnew install ${packages} || apt-get --yes --fix-broken install apt-get --yes --allow-change-held-packages -o dpkg::options::=--force-confnew install ${packages} || apt-get --yes --fix-broken install apt-get --yes --allow-change-held-packages -o dpkg::options::=--force-confnew install ${desktop} ${extras} ${tools} || apt-get --yes --fix-broken install apt-get --yes --allow-change-held-packages -o dpkg::options::=--force-confnew install ${desktop} ${extras} ${tools} || apt-get --yes --fix-broken install apt-get --yes --allow-change-held-packages -o dpkg::options::=--force-confnew dist-upgrade apt-get --yes --allow-change-held-packages -o dpkg::options::=--force-confnew autoremove # Because copying in authorized_keys is hard for people to do, let's make the # image insecure and enable root login with a password. echo "Making the image insecure" sed -i -e 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config # Resize FS on first run (hopefully) systemctl enable rpiwiggle # Enable copying of user wpa_supplicant.conf file systemctl enable copy-user-wpasupplicant # Regenerated the shared-mime-info database on the first boot # since it fails to do so properly in a chroot. systemctl enable smi-hack # Generate SSH host keys on first run systemctl enable regenerate_ssh_host_keys systemctl enable ssh # Enable the hyperpixel display systemctl enable hyperpixel-init systemctl enable hyperpixel-touch # Copy over the default bashrc to root cp /etc/skel/.bashrc /root/.bashrc cd /root apt download ca-certificates apt download libgdk-pixbuf2.0-0 apt download fontconfig # Fix startup time from 5 minutes to 15 secs on raise interface wlan0 sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/lib/systemd/system/networking.service" # Try and make the console a bit nicer # Set the terminus font for a bit nicer display. sed -i -e 's/FONTFACE=.*/FONTFACE="Terminus"/' /etc/default/console-setup sed -i -e 's/FONTSIZE=.*/FONTSIZE="6x12"/' /etc/default/console-setup # Fix startup time from 5 minutes to 15 secs on raise interface wlan0 sed -i 's/^TimeoutStartSec=5min/TimeoutStartSec=15/g' "/lib/systemd/system/networking.service" rm -f /usr/sbin/policy-rc.d rm -f /usr/sbin/invoke-rc.d dpkg-divert --remove --rename /usr/sbin/invoke-rc.d rm -rf /root/.bash_history apt-get update apt-get clean rm -f /0 rm -f /hs_err* rm -f cleanup rm -f /usr/bin/qemu* rm -f /third-stage EOF export MALLOC_CHECK_=0 # workaround for LP: #520465 export LC_ALL=C export DEBIAN_FRONTEND=noninteractive #mount -t proc proc kali-$architecture/proc #mount -o bind /dev/ kali-$architecture/dev/ #mount -o bind /dev/pts kali-$architecture/dev/pts chmod 755 kali-${architecture}/third-stage LANG=C systemd-nspawn -M ${machine} -D kali-${architecture} /third-stage if [[ $? > 0 ]]; then echo "Third stage failed" exit 1 fi #umount kali-$architecture/dev/pts #umount kali-$architecture/dev/ #umount kali-$architecture/proc # Enable login over serial echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> "${basedir}"/kali-${architecture}/etc/inittab # Uncomment this if you use apt-cacher-ng otherwise git clones will fail. #unset http_proxy # Kernel section. If you want to use a custom kernel, or configuration, replace # them in this section. # Kernel section. If you want to use a custom kernel, or configuration, replace # them in this section. git clone --depth 1 https://github.com/raspberrypi/firmware.git rpi-firmware cp -rf rpi-firmware/boot/* "${basedir}"/kali-${architecture}/boot/ # copy over Pi specific libs (video core) and binaries (dtoverlay,dtparam ...) cp -rf rpi-firmware/opt/* "${basedir}"/kali-${architecture}/opt/ rm -rf rpi-firmware git clone --depth 1 https://github.com/nethunteros/re4son-raspberrypi-linux.git -b rpi-4.14.80-re4son "${basedir}"/kali-${architecture}/usr/src/kernel cd "${basedir}"/kali-${architecture}/usr/src/kernel export ARCH=arm export CROSS_COMPILE=arm-linux-gnueabi- make re4son_pi1_defconfig # Build kernel make -j $(grep -c processor /proc/cpuinfo) make modules_install INSTALL_MOD_PATH="${basedir}"/kali-${architecture} # Copy kernel to boot perl scripts/mkknlimg --dtok arch/arm/boot/zImage "${basedir}"/kali-${architecture}/boot/kernel.img cp arch/arm/boot/dts/*.dtb "${basedir}"/kali-${architecture}/boot/ cp arch/arm/boot/dts/overlays/*.dtb* "${basedir}"/kali-${architecture}/boot/overlays/ cp arch/arm/boot/dts/overlays/README "${basedir}"/kali-${architecture}/boot/overlays/ make mrproper make re4son_pi1_defconfig cd "${basedir}" # Fix up the symlink for building external modules # kernver is used so we don't need to keep track of what the current compiled # version is kernver=$(ls "${basedir}"/kali-${architecture}/lib/modules/) cd "${basedir}"/kali-${architecture}/lib/modules/${kernver} rm build rm source ln -s /usr/src/kernel build ln -s /usr/src/kernel source cd "${basedir}" # Create cmdline.txt file cat << EOF > "${basedir}"/kali-${architecture}/boot/cmdline.txt dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 elevator=deadline root=/dev/mmcblk0p2 rootfstype=ext3 rootwait net.ifnames=0 EOF # systemd doesn't seem to be generating the fstab properly for some people, so # let's create one. cat << EOF > "${basedir}"/kali-${architecture}/etc/fstab # proc /proc proc nodev,noexec,nosuid 0 0 /dev/mmcblk0p2 / ext3 errors=remount-ro 0 1 # Change this if you add a swap partition or file #/dev/SWAP none swap sw 0 0 /dev/mmcblk0p1 /boot vfat noauto 0 0 EOF # Re4son's rpi-tft configurator wget https://raw.githubusercontent.com/Re4son/RPi-Tweaks/master/kalipi-tft-config/kalipi-tft-config -O "${basedir}"/kali-${architecture}/usr/bin/kalipi-tft-config chmod 755 "${basedir}"/kali-${architecture}/usr/bin/kalipi-tft-config # rpi-wiggle mkdir -p "${basedir}"/kali-${architecture}/root/scripts wget https://raw.github.com/steev/rpiwiggle/master/rpi-wiggle -O "${basedir}"/kali-${architecture}/root/scripts/rpi-wiggle.sh chmod 755 "${basedir}"/kali-${architecture}/root/scripts/rpi-wiggle.sh cd "${basedir}" # Copy a default config, with everything commented out so people find it when # they go to add something when they are following instructions on a website. cp "${basedir}"/../misc/config.txt "${basedir}"/kali-${architecture}/boot/config.txt cat << EOF >> "${basedir}"/kali-${architecture}/boot/config.txt # HyperPixel LCD Settings dtoverlay=hyperpixel overscan_left=0 overscan_right=0 overscan_top=0 overscan_bottom=0 framebuffer_width=800 framebuffer_height=480 enable_dpi_lcd=1 display_default_lcd=1 dpi_group=2 dpi_mode=87 dpi_output_format=0x6f016 display_rotate=2 hdmi_timings=800 0 50 20 50 480 1 3 2 3 0 0 0 60 0 32000000 6 # Use a basic GPIO backlight driver with on/off support dtoverlay=hyperpixel-gpio-backlight EOF cp "${basedir}"/../misc/zram "${basedir}"/kali-${architecture}/etc/init.d/zram chmod 755 "${basedir}"/kali-${architecture}/etc/init.d/zram echo "Running du to see how big kali-${architecture} is" du -sh "${basedir}"/kali-${architecture} echo "the above is how big the sdcard needs to be" # Create the disk and partition it echo "Creating image file ${imagename}.img" dd if=/dev/zero of="${basedir}"/${imagename}.img bs=1M count=${size} parted ${imagename}.img --script -- mklabel msdos parted ${imagename}.img --script -- mkpart primary fat32 0 128 parted ${imagename}.img --script -- mkpart primary ext3 128 -1 # Set the partition variables loopdevice=`losetup -f --show "${basedir}"/${imagename}.img` device=`kpartx -va ${loopdevice} | sed 's/.*\(loop[0-9]\+\)p.*/\1/g' | head -1` sleep 5 device="/dev/mapper/${device}" bootp=${device}p1 rootp=${device}p2 # Create file systems mkfs.vfat ${bootp} mkfs.ext3 ${rootp} # Create the dirs for the partitions and mount them mkdir -p "${basedir}"/root mount ${rootp} "${basedir}"/root mkdir -p "${basedir}"/root/boot mount ${bootp} "${basedir}"/root/boot # We do this down here to get rid of the build system's resolv.conf after running through the build. cat << EOF > kali-${architecture}/etc/resolv.conf nameserver 8.8.8.8 EOF echo "Rsyncing rootfs into image file" rsync -HPavz -q "${basedir}"/kali-${architecture}/ "${basedir}"/root/ # Unmount partitions # Sync before unmounting to ensure everything is written sync umount -l ${bootp} umount -l ${rootp} kpartx -dv ${loopdevice} losetup -d ${loopdevice} # Don't pixz on 32bit, there isn't enough memory to compress the images. MACHINE_TYPE=`uname -m` if [ ${MACHINE_TYPE} == 'x86_64' ]; then echo "Compressing ${imagename}.img" pixz "${basedir}"/${imagename}.img "${basedir}"/../${imagename}.img.xz rm "${basedir}"/${imagename}.img fi # Clean up all the temporary build stuff and remove the directories. # Comment this out to keep things around if you want to see what may have gone # wrong. echo "Cleaning up the temporary build files..." rm -rf "${basedir}"