While we don't release an rpi2 specific build, there are still people out there that build their own because they don't want to use Nexmon. This updates the rpi2 script to keep up with the changes for the rpi3 while leaving out nexmon/rpi3 bluetooth bits. Also update chmod because we don't need it.
347 lines
12 KiB
Bash
Executable File
347 lines
12 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# This is the ODROID-W-DEVKIT Kali ARM build script - http://www.kali.org/downloads
|
|
# A trusted Kali Linux image created by Offensive Security - http://www.offensive-security.com
|
|
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "This script must be run as root"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ $# -eq 0 ]] ; then
|
|
echo "Please pass version number, e.g. $0 2.0"
|
|
exit 0
|
|
fi
|
|
|
|
basedir=`pwd`/odroid-w-devkit-$1
|
|
|
|
# Package installations for various sections.
|
|
# This will build a minimal XFCE Kali system with the top 10 tools.
|
|
# This is the section to edit if you would like to add more packages.
|
|
# See http://www.kali.org/new/kali-linux-metapackages/ for meta packages you can
|
|
# use. You can also install packages, using just the package name, but keep in
|
|
# mind that not all packages work on ARM! If you specify one of those, the
|
|
# script will throw an error, but will still continue on, and create an unusable
|
|
# image, keep that in mind.
|
|
|
|
arm="abootimg cgpt fake-hwclock ntpdate u-boot-tools vboot-utils vboot-kernel-utils"
|
|
base="e2fsprogs initramfs-tools kali-defaults kali-menu parted sudo usbutils"
|
|
desktop="fonts-croscore fonts-crosextra-caladea fonts-crosextra-carlito gnome-theme-kali gtk3-engines-xfce kali-desktop-xfce kali-root-login lightdm network-manager network-manager-gnome xfce4 xserver-xorg-video-fbdev"
|
|
tools="aircrack-ng ethtool hydra john libnfc-bin mfoc nmap passing-the-hash sqlmap usbutils winexe wireshark"
|
|
services="apache2 openssh-server"
|
|
extras="iceweasel xfce4-terminal wpasupplicant"
|
|
size=14000 # Size of image in megabytes
|
|
|
|
packages="${arm} ${base} ${desktop} ${tools} ${services} ${extras}"
|
|
architecture="armel"
|
|
# If you have your own preferred mirrors, set them here.
|
|
# After generating the rootfs, we set the sources.list to the default settings.
|
|
mirror=http.kali.org
|
|
|
|
# Check to ensure that the architecture is set to ARMEL since the ODWK is the
|
|
# only board that is armel.
|
|
if [[ $architecture != "armel" ]] ; then
|
|
echo "The ODROID-W cannot run the Debian armhf binaries"
|
|
exit 0
|
|
fi
|
|
|
|
# Set this to use an http proxy, like apt-cacher-ng, and uncomment further down
|
|
# to unset it.
|
|
#export http_proxy="http://localhost:3142/"
|
|
|
|
mkdir -p ${basedir}
|
|
cd ${basedir}
|
|
|
|
# create the rootfs - not much to modify here, except maybe the hostname.
|
|
debootstrap --foreign --arch $architecture kali-rolling kali-$architecture http://$mirror/kali
|
|
|
|
cp /usr/bin/qemu-arm-static kali-$architecture/usr/bin/
|
|
|
|
LANG=C systemd-nspawn -M devkit -D kali-$architecture /debootstrap/debootstrap --second-stage
|
|
cat << EOF > kali-$architecture/etc/apt/sources.list
|
|
deb http://$mirror/kali kali-rolling main contrib non-free
|
|
EOF
|
|
|
|
# Set hostname
|
|
echo "kali" > kali-$architecture/etc/hostname
|
|
|
|
# So X doesn't complain, we add kali to hosts
|
|
cat << EOF > kali-$architecture/etc/hosts
|
|
127.0.0.1 kali localhost
|
|
::1 localhost ip6-localhost ip6-loopback
|
|
fe00::0 ip6-localnet
|
|
ff00::0 ip6-mcastprefix
|
|
ff02::1 ip6-allnodes
|
|
ff02::2 ip6-allrouters
|
|
EOF
|
|
|
|
cat << EOF > kali-$architecture/etc/network/interfaces
|
|
auto lo
|
|
iface lo inet loopback
|
|
|
|
auto eth0
|
|
iface eth0 inet dhcp
|
|
EOF
|
|
|
|
cat << EOF > kali-$architecture/etc/resolv.conf
|
|
nameserver 8.8.8.8
|
|
EOF
|
|
|
|
export MALLOC_CHECK_=0 # workaround for LP: #520465
|
|
export LC_ALL=C
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
#mount -t proc proc kali-$architecture/proc
|
|
#mount -o bind /dev/ kali-$architecture/dev/
|
|
#mount -o bind /dev/pts kali-$architecture/dev/pts
|
|
|
|
cat << EOF > kali-$architecture/debconf.set
|
|
console-common console-data/keymap/policy select Select keymap from full list
|
|
console-common console-data/keymap/full select en-latin1-nodeadkeys
|
|
EOF
|
|
|
|
cat << EOF > kali-$architecture/third-stage
|
|
#!/bin/bash
|
|
dpkg-divert --add --local --divert /usr/sbin/invoke-rc.d.chroot --rename /usr/sbin/invoke-rc.d
|
|
cp /bin/true /usr/sbin/invoke-rc.d
|
|
echo -e "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d
|
|
chmod 755 /usr/sbin/policy-rc.d
|
|
|
|
apt-get update
|
|
apt-get --yes --allow-change-held-packages install locales-all
|
|
|
|
debconf-set-selections /debconf.set
|
|
rm -f /debconf.set
|
|
apt-get update
|
|
apt-get -y install git-core binutils ca-certificates initramfs-tools u-boot-tools
|
|
apt-get -y install locales console-common less nano git
|
|
echo "root:toor" | chpasswd
|
|
sed -i -e 's/KERNEL\!=\"eth\*|/KERNEL\!=\"/' /lib/udev/rules.d/75-persistent-net-generator.rules
|
|
rm -f /etc/udev/rules.d/70-persistent-net.rules
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get --yes --allow-change-held-packages install $packages
|
|
if [ $? > 0 ];
|
|
then
|
|
apt-get --yes --allow-change-held-packages --fix-broken install
|
|
fi
|
|
apt-get --yes --allow-change-held-packages dist-upgrade
|
|
apt-get --yes --allow-change-held-packages autoremove
|
|
|
|
sed -i -e 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
|
|
update-rc.d ssh enable
|
|
|
|
rm -f /usr/sbin/policy-rc.d
|
|
rm -f /usr/sbin/invoke-rc.d
|
|
dpkg-divert --remove --rename /usr/sbin/invoke-rc.d
|
|
|
|
rm -f /third-stage
|
|
EOF
|
|
|
|
chmod 755 kali-$architecture/third-stage
|
|
LANG=C systemd-nspawn -M devkit -D kali-$architecture /third-stage
|
|
|
|
cat << EOF > kali-$architecture/cleanup
|
|
#!/bin/bash
|
|
rm -rf /root/.bash_history
|
|
apt-get update
|
|
apt-get clean
|
|
rm -f /0
|
|
rm -f /hs_err*
|
|
rm -f cleanup
|
|
rm -f /usr/bin/qemu*
|
|
EOF
|
|
|
|
chmod 755 kali-$architecture/cleanup
|
|
LANG=C systemd-nspawn -M devkit -D kali-$architecture /cleanup
|
|
|
|
#umount kali-$architecture/proc/sys/fs/binfmt_misc
|
|
#umount kali-$architecture/dev/pts
|
|
#umount kali-$architecture/dev/
|
|
#umount kali-$architecture/proc
|
|
|
|
# Create the disk and partition it
|
|
echo "Creating image file for ODROID-W Dev Kit"
|
|
dd if=/dev/zero of=${basedir}/kali-$1-owdk.img bs=1M count=$size
|
|
parted kali-$1-owdk.img --script -- mklabel msdos
|
|
parted kali-$1-owdk.img --script -- mkpart primary fat32 0 64
|
|
parted kali-$1-owdk.img --script -- mkpart primary ext4 64 -1
|
|
|
|
# Set the partition variables
|
|
loopdevice=`losetup -f --show ${basedir}/kali-$1-owdk.img`
|
|
device=`kpartx -va $loopdevice| sed -E 's/.*(loop[0-9])p.*/\1/g' | head -1`
|
|
sleep 5
|
|
device="/dev/mapper/${device}"
|
|
bootp=${device}p1
|
|
rootp=${device}p2
|
|
|
|
# Create file systems
|
|
mkfs.vfat $bootp
|
|
mkfs.ext4 -O ^flex_bg -O ^metadata_csum $rootp
|
|
|
|
# Create the dirs for the partitions and mount them
|
|
mkdir -p ${basedir}/bootp ${basedir}/root
|
|
mount $bootp ${basedir}/bootp
|
|
mount $rootp ${basedir}/root
|
|
|
|
echo "Rsyncing rootfs into image file"
|
|
rsync -HPavz -q ${basedir}/kali-$architecture/ ${basedir}/root/
|
|
|
|
# Enable login over serial
|
|
echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> ${basedir}/root/etc/inittab
|
|
|
|
cat << EOF > ${basedir}/root/etc/apt/sources.list
|
|
deb http://http.kali.org/kali kali-rolling main non-free contrib
|
|
deb-src http://http.kali.org/kali kali-rolling main non-free contrib
|
|
EOF
|
|
|
|
# Uncomment this if you use apt-cacher-ng otherwise git clones will fail.
|
|
#unset http_proxy
|
|
|
|
# Kernel section. If you want to use a custom kernel, or configuration, replace
|
|
# them in this section.
|
|
git clone --depth 1 https://github.com/raspberrypi/linux -b rpi-4.1.y ${basedir}/root/usr/src/kernel
|
|
git clone --depth 1 https://github.com/raspberrypi/tools ${basedir}/tools
|
|
|
|
cd ${basedir}/root/usr/src/kernel
|
|
git rev-parse HEAD > ../kernel-at-commit
|
|
patch -p1 --no-backup-if-mismatch < ${basedir}/../patches/kali-wifi-injection-4.1.patch
|
|
touch .scmversion
|
|
export ARCH=arm
|
|
export CROSS_COMPILE=${basedir}/tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian/bin/arm-linux-gnueabihf-
|
|
cp ${basedir}/../kernel-configs/rpi-4.1.config .config
|
|
cp ${basedir}/../kernel-configs/rpi-4.1.config ../rpi-4.1.config
|
|
make -j $(grep -c processor /proc/cpuinfo)
|
|
make modules_install INSTALL_MOD_PATH=${basedir}/root
|
|
git clone --depth 1 https://github.com/raspberrypi/firmware.git rpi-firmware
|
|
cp -rf rpi-firmware/boot/* ${basedir}/bootp/
|
|
rm -rf rpi-firmware
|
|
rm -rf ${basedir}/root/lib/firmware
|
|
cd ${basedir}/root/lib
|
|
git clone --depth 1 https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git firmware
|
|
rm -rf ${basedir}/root/lib/firmware/.git
|
|
cd ${basedir}/root/usr/src/kernel
|
|
cp arch/arm/boot/zImage ${basedir}/bootp/kernel.img
|
|
mkdir -p ${basedir}/bootp/overlays/
|
|
cp arch/arm/boot/dts/bcm*.dtb ${basedir}/bootp/
|
|
cp arch/arm/boot/dts/overlays/*overlay*.dtb ${basedir}/bootp/overlays/
|
|
make mrproper
|
|
cp ../rpi-4.1.config .config
|
|
make modules_prepare
|
|
cd ${basedir}
|
|
|
|
# Fix up the symlink for building external modules
|
|
# kernver is used so we don't need to keep track of what the current compiled
|
|
# version is
|
|
kernver=$(ls ${basedir}/root/lib/modules/)
|
|
cd ${basedir}/root/lib/modules/$kernver
|
|
rm build
|
|
rm source
|
|
ln -s /usr/src/kernel build
|
|
ln -s /usr/src/kernel source
|
|
cd ${basedir}
|
|
|
|
# Create cmdline.txt file
|
|
cat << EOF > ${basedir}/bootp/cmdline.txt
|
|
dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 elevator=deadline root=/dev/mmcblk0p2 rootfstype=ext4 rootwait fbcon=map:10 net.ifnames=0 rw
|
|
EOF
|
|
|
|
# Create config.txt file
|
|
cat << EOF > ${basedir}/bootp/config.txt
|
|
# uncomment if you get no picture on HDMI for a default "safe" mode
|
|
#hdmi_safe=1
|
|
|
|
# uncomment this if your display has a black border of unused pixels visible
|
|
# and your display can output without overscan
|
|
#disable_overscan=1
|
|
|
|
# uncomment the following to adjust overscan. Use positive numbers if console
|
|
# goes off screen, and negative if there is too much border
|
|
#overscan_left=16
|
|
#overscan_right=16
|
|
#overscan_top=16
|
|
#overscan_bottom=16
|
|
|
|
# uncomment to force a console size. By default it will be display's size minus
|
|
# overscan.
|
|
#framebuffer_width=1280
|
|
#framebuffer_height=720
|
|
|
|
# uncomment if hdmi display is not detected and composite is being output
|
|
#hdmi_force_hotplug=1
|
|
|
|
# uncomment to force a specific HDMI mode (this will force VGA)
|
|
#hdmi_group=1
|
|
#hdmi_mode=1
|
|
|
|
# uncomment to force a HDMI mode rather than DVI. This can make audio work in
|
|
# DMT (computer monitor) modes
|
|
#hdmi_drive=2
|
|
|
|
# uncomment to increase signal to HDMI, if you have interference, blanking, or
|
|
# no display
|
|
#config_hdmi_boost=4
|
|
|
|
# uncomment for composite PAL
|
|
#sdtv_mode=2
|
|
|
|
#uncomment to overclock the arm. 700 MHz is the default.
|
|
#arm_freq=800
|
|
|
|
# for more options see http://elinux.org/RPi_config.txt
|
|
|
|
# Use fbtft_device instead of a DT overlay
|
|
dtparam=spi=on
|
|
EOF
|
|
|
|
# Create /etc/modules based on ODROID-W
|
|
cat << EOF > ${basedir}/root/etc/modules
|
|
# /etc/modules: kernel modules to load at boot time.
|
|
#
|
|
# This file contains the names of kernel modules that should be loaded
|
|
# at boot time, one per line. Lines beginning with "#" are ignored.
|
|
# Parameters can be specified after the module name.
|
|
|
|
snd-bcm2835
|
|
spi_bcm2708
|
|
fbtft_device name=adafruit22a rotate=90
|
|
EOF
|
|
|
|
mkdir -p ${basedir}/root/etc/modprobe.d/
|
|
cat << EOF > ${basedir}/root/etc/modprobe.d/fbtft_device.conf
|
|
options fbtft_device name=adafruit22a rotate=90
|
|
EOF
|
|
|
|
cd ${basedir}
|
|
|
|
cp ${basedir}/../misc/zram ${basedir}/root/etc/init.d/zram
|
|
chmod 755 ${basedir}/root/etc/init.d/zram
|
|
|
|
sed -i -e 's/^#PermitRootLogin.*/PermitRootLogin yes/' ${basedir}/root/etc/ssh/sshd_config
|
|
|
|
# Unmount partitions
|
|
umount $bootp
|
|
umount $rootp
|
|
kpartx -dv $loopdevice
|
|
losetup -d $loopdevice
|
|
|
|
# Clean up all the temporary build stuff and remove the directories.
|
|
# Comment this out to keep things around if you want to see what may have gone
|
|
# wrong.
|
|
echo "Cleaning up the temporary build files..."
|
|
rm -rf ${basedir}/kernel ${basedir}/bootp ${basedir}/root ${basedir}/kali-$architecture ${basedir}/boot ${basedir}/tools ${basedir}/patches
|
|
|
|
# If you're building an image for yourself, comment all of this out, as you
|
|
# don't need the sha1sum or to compress the image, since you will be testing it
|
|
# soon.
|
|
echo "Generating sha1sum for kali-$1-owdk.img"
|
|
sha1sum kali-$1-owdk.img > ${basedir}/kali-$1-owdk.img.sha1sum
|
|
# Don't pixz on 32bit, there isn't enough memory to compress the images.
|
|
MACHINE_TYPE=`uname -m`
|
|
if [ ${MACHINE_TYPE} == 'x86_64' ]; then
|
|
echo "Compressing kali-$1-owdk.img"
|
|
pixz ${basedir}/kali-$1-owdk.img ${basedir}/kali-$1-owdk.img.xz
|
|
rm ${basedir}/kali-$1-owdk.img
|
|
echo "Generating sha1sum for kali-$1-owdk.img.xz"
|
|
sha1sum kali-$1-owdk.img.xz > ${basedir}/kali-$1-owdk.img.xz.sha1sum
|
|
fi
|