jiang/kali-arm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8df66aa7b84b27bbc9905d62ef3a8f865df253a4
kali-arm/rpi0w-nexmon-p4wnp1.sh
Steev Klimaszewski 8df66aa7b8 Update rpi2 and formatting changes. 
While we don't release an rpi2 specific build, there are still people
out there that build their own because they don't want to use Nexmon.
This updates the rpi2 script to keep up with the changes for the rpi3
while leaving out nexmon/rpi3 bluetooth bits.

Also update chmod because we don't need it.
2018-06-22 20:38:19 -05:00

411 lines
14 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# This is the Raspberry Pi Kali 0-W Nexmon ARM build script - http://www.kali.org/downloads
# A trusted Kali Linux image created by Offensive Security - http://www.offensive-security.com
# Maintained by @binkybear
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
if [[ $# -eq 0 ]] ; then
echo "Please pass version number, e.g. $0 2.0"
exit 0
fi
basedir=`pwd`/rpi0w-nexmon-p4wnp1-$1
TOPDIR=`pwd`
# Package installations for various sections.
# This will build a minimal XFCE Kali system with the top 10 tools.
# This is the section to edit if you would like to add more packages.
# See http://www.kali.org/new/kali-linux-metapackages/ for meta packages you can
# use. You can also install packages, using just the package name, but keep in
# mind that not all packages work on ARM! If you specify one of those, the
# script will throw an error, but will still continue on, and create an unusable
# image, keep that in mind.
arm="abootimg cgpt fake-hwclock ntpdate vboot-utils vboot-kernel-utils u-boot-tools"
base="kali-menu kali-defaults initramfs-tools sudo parted e2fsprogs usbutils firmware-linux firmware-realtek firmware-atheros firmware-libertas"
#desktop="fonts-croscore fonts-crosextra-caladea fonts-crosextra-carlito gnome-theme-kali gtk3-engines-xfce kali-desktop-xfce kali-root-login lightdm network-manager network-manager-gnome xfce4 xserver-xorg-video-fbdev xserver-xorg-input-evdev xserver-xorg-input-synaptics"
tools="passing-the-hash winexe aircrack-ng hydra john sqlmap libnfc-bin mfoc nmap ethtool usbutils net-tools curl"
services="openssh-server apache2"
extras=" wpasupplicant python-smbus i2c-tools python-requests python-configobj python-pip bluez bluez-firmware"
# kernel sauces take up space
size=7000 # Size of image in megabytes
packages="${arm} ${base} ${tools} ${services} ${extras}"
architecture="armel"
# If you have your own preferred mirrors, set them here.
# After generating the rootfs, we set the sources.list to the default settings.
mirror=http.kali.org
# Check to ensure that the architecture is set to ARMEL since the RPi is the
# only board that is armel.
if [[ $architecture != "armel" ]] ; then
echo "The Raspberry Pi cannot run the Debian armhf binaries"
exit 0
fi
# Set this to use an http proxy, like apt-cacher-ng, and uncomment further down
# to unset it.
#export http_proxy="http://localhost:3142/"
mkdir -p ${basedir}
cd ${basedir}
# create the rootfs - not much to modify here, except maybe the hostname.
debootstrap --foreign --arch $architecture kali-rolling kali-$architecture http://$mirror/kali
cp /usr/bin/qemu-arm-static kali-$architecture/usr/bin/
LANG=C systemd-nspawn -M 0wp4np1 -D kali-$architecture /debootstrap/debootstrap --second-stage
cat << EOF > kali-$architecture/etc/apt/sources.list
deb http://$mirror/kali kali-rolling main contrib non-free
EOF
# Set hostname
echo "kali" > kali-$architecture/etc/hostname
# So X doesn't complain, we add kali to hosts
cat << EOF > kali-$architecture/etc/hosts
127.0.0.1 kali localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOF
cat << EOF > kali-$architecture/etc/network/interfaces
auto lo
iface lo inet loopback
EOF
cat << EOF > kali-$architecture/etc/resolv.conf
nameserver 8.8.8.8
EOF
export MALLOC_CHECK_=0 # workaround for LP: #520465
export LC_ALL=C
export DEBIAN_FRONTEND=noninteractive
#mount -t proc proc kali-$architecture/proc
#mount -o bind /dev/ kali-$architecture/dev/
#mount -o bind /dev/pts kali-$architecture/dev/pts
cat << EOF > kali-$architecture/debconf.set
console-common console-data/keymap/policy select Select keymap from full list
console-common console-data/keymap/full select en-latin1-nodeadkeys
EOF
# Create monitor mode start/remove
cat << EOF > kali-$architecture/usr/bin/monstart
#!/bin/bash
echo "Nexutil setting monitoring mode"
/usr/bin/nexutil -m2
EOF
chmod 755 kali-$architecture/usr/bin/monstart
cat << EOF > kali-$architecture/usr/bin/monstop
#!/bin/bash
/usr/bin/nexutil -m0
echo "Monitor mode stopped"
EOF
chmod 755 kali-$architecture/usr/bin/monstop
cat << 'EOF' > kali-$architecture/lib/systemd/system/regenerate_ssh_host_keys.service
[Unit]
Description=Regenerate SSH host keys
Before=ssh.service
[Service]
Type=oneshot
ExecStartPre=-/bin/dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096
ExecStartPre=-/bin/sh -c "/bin/rm -f -v /etc/ssh/ssh_host_*_key*"
ExecStart=/usr/bin/ssh-keygen -A -v
ExecStartPost=/bin/sh -c "for i in /etc/ssh/ssh_host_*_key*; do actualsize=$(wc -c <\"$i\") ;if [ $actualsize -eq 0 ]; then echo size is 0 bytes ; exit 1 ; fi ; done ; /bin/systemctl disable regenerate_ssh_host_keys"
[Install]
WantedBy=multi-user.target
EOF
chmod 644 kali-$architecture/lib/systemd/system/regenerate_ssh_host_keys.service
cat << EOF > kali-$architecture/lib/systemd/system/rpiwiggle.service
[Unit]
Description=Resize filesystem
Before=regenerate_ssh_host_keys.service
[Service]
Type=oneshot
ExecStart=/root/scripts/rpi-wiggle.sh
ExecStartPost=/bin/systemctl disable rpiwiggle
ExecStartPost=/sbin/reboot
[Install]
WantedBy=multi-user.target
EOF
chmod 644 kali-$architecture/lib/systemd/system/rpiwiggle.service
# Bluetooth enabling
mkdir -p kali-$architecture/etc/udev/rules.d
cp ${basedir}/../misc/pi-bluetooth/99-com.rules kali-$architecture/etc/udev/rules.d/99-com.rules
mkdir -p kali-$architecture/lib/systemd/system/
cp ${basedir}/../misc/pi-bluetooth/hciuart.service kali-$architecture/lib/systemd/system/hciuart.service
mkdir -p kali-$architecture/lib/udev/rules.d/
cp ${basedir}/../misc/pi-bluetooth/50-bluetooth-hci-auto-poweron.rules kali-$architecture/lib/udev/rules.d/50-bluetooth-hci-auto-poweron.rules
mkdir -p kali-$architecture/usr/bin
cp ${basedir}/../misc/pi-bluetooth/btuart kali-$architecture/usr/bin/btuart
cp ${basedir}/../misc/pi-bluetooth/pi-bluetooth_0.1.4+re4son_all.deb kali-$architecture/tmp/pi-bluetooth_0.1.4+re4son_all.deb
# Ensure btuart is executable
chmod 755 kali-$architecture/usr/bin/btuart
cat << EOF > kali-$architecture/third-stage
#!/bin/bash
dpkg-divert --add --local --divert /usr/sbin/invoke-rc.d.chroot --rename /usr/sbin/invoke-rc.d
cp /bin/true /usr/sbin/invoke-rc.d
echo -e "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d
chmod 755 /usr/sbin/policy-rc.d
apt-get update
apt-get --yes --allow-change-held-packages install locales-all
debconf-set-selections /debconf.set
rm -f /debconf.set
apt-get update
apt-get -y install git-core binutils ca-certificates initramfs-tools u-boot-tools
apt-get -y install locales console-common less nano git
echo "root:toor" | chpasswd
rm -f /etc/udev/rules.d/70-persistent-net.rules
export DEBIAN_FRONTEND=noninteractive
apt-get --yes --allow-change-held-packages install $packages
if [ $? > 0 ];
then
apt-get --yes --allow-change-held-packages --fix-broken install
fi
apt-get --yes --allow-change-held-packages dist-upgrade
apt-get --yes --allow-change-held-packages autoremove
# Install P4wnP1 (kali version)
git clone https://github.com/nethunteros/P4wnP1.git /root/P4wnP1
chmod 755 /root/P4wnP1/install.sh
cd /root/P4wnP1
git submodule init
git submodule update --recursive --remote &&
./install.sh
echo "dwc2" | sudo tee -a /etc/modules
echo "libcomposite" | sudo tee -a /etc/modules
# Because copying in authorized_keys is hard for people to do, let's make the
# image insecure and enable root login with a password.
echo "Making the image insecure"
sed -i -e 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# Resize FS on first run (hopefully)
systemctl enable rpiwiggle
# Generate SSH host keys on first run
systemctl enable regenerate_ssh_host_keys
systemctl enable ssh
# Install and hold pi-bluetooth deb package from re4son
dpkg --force-all -i /tmp/pi-bluetooth_0.1.4+re4son_all.deb
apt-mark hold pi-bluetooth
# systemd version 232 and above breaks execution of above bluetooth rule, let's fix that
sed -i 's/^RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6.*/RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 AF_BLUETOOTH/' /lib/systemd/system/systemd-udevd.service
# Enable bluetooth
systemctl unmask bluetooth.service
systemctl enable bluetooth
systemctl enable hciuart
# Turn off kernel dmesg showing up in console since rpi0 only uses console
echo "dmesg -D" > /etc/rc.local
echo "exit 0" >> /etc/rc.local
# Copy bashrc
cp /etc/bash.bashrc /root/.bashrc
# libinput seems to fail hard on RaspberryPi devices, so we make sure it's not
# installed here (and we have xserver-xorg-input-evdev and
# xserver-xorg-input-synaptics packages installed above!)
apt-get --yes --allow-change-held-packages purge xserver-xorg-input-libinput
rm -f /usr/sbin/policy-rc.d
rm -f /usr/sbin/invoke-rc.d
dpkg-divert --remove --rename /usr/sbin/invoke-rc.d
rm -f /third-stage
EOF
chmod 755 kali-$architecture/third-stage
LANG=C systemd-nspawn -M 0wp4np1 -D kali-$architecture /third-stage
cat << EOF > kali-$architecture/cleanup
#!/bin/bash
rm -rf /root/.bash_history
apt-get update
apt-get clean
rm -f /0
rm -f /hs_err*
rm -f cleanup
rm -f /usr/bin/qemu*
EOF
chmod 755 kali-$architecture/cleanup
LANG=C systemd-nspawn -M 0wp4np1 -D kali-$architecture /cleanup
#umount kali-$architecture/proc/sys/fs/binfmt_misc
#umount kali-$architecture/dev/pts
#umount kali-$architecture/dev/
#umount kali-$architecture/proc
# Create the disk and partition it
echo "Creating image file for Raspberry Pi"
dd if=/dev/zero of=${basedir}/kali-linux-$1-rpi0w-nexmon.img bs=1M count=$size
parted kali-linux-$1-rpi0w-nexmon.img --script -- mklabel msdos
parted kali-linux-$1-rpi0w-nexmon.img --script -- mkpart primary fat32 0 64
parted kali-linux-$1-rpi0w-nexmon.img --script -- mkpart primary ext4 64 -1
# Set the partition variables
loopdevice=`losetup -f --show ${basedir}/kali-linux-$1-rpi0w-nexmon.img`
device=`kpartx -va $loopdevice| sed -E 's/.*(loop[0-9])p.*/\1/g' | head -1`
sleep 5
device="/dev/mapper/${device}"
bootp=${device}p1
rootp=${device}p2
# Create file systems
mkfs.vfat $bootp
mkfs.ext4 $rootp
# Create the dirs for the partitions and mount them
mkdir -p ${basedir}/bootp ${basedir}/root
mount $bootp ${basedir}/bootp
mount $rootp ${basedir}/root
echo "Rsyncing rootfs into image file"
rsync -HPavz -q ${basedir}/kali-$architecture/ ${basedir}/root/
# Enable login over serial
echo "T0:23:respawn:/sbin/agetty -L ttyAMA0 115200 vt100" >> ${basedir}/root/etc/inittab
cat << EOF > ${basedir}/root/etc/apt/sources.list
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib
EOF
# Uncomment this if you use apt-cacher-ng otherwise git clones will fail.
#unset http_proxy
# Kernel section. If you want to use a custom kernel, or configuration, replace
# them in this section.
cd ${TOPDIR}
# RPI Firmware
git clone --depth 1 https://github.com/raspberrypi/firmware.git rpi-firmware
cp -rf rpi-firmware/boot/* ${basedir}/bootp/
rm -rf rpi-firmware
# Setup build
cd ${TOPDIR}
git clone --depth 1 https://github.com/nethunteros/re4son-raspberrypi-linux.git -b rpi-4.9.y-nexutil ${basedir}/root/usr/src/kernel
cd ${basedir}/root/usr/src/kernel
ln -s /usr/include/asm-generic /usr/include/asm
# Set default defconfig
export ARCH=arm
export CROSS_COMPILE=arm-linux-gnueabihf-
# Set default defconfig
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- bcmrpi_defconfig
# Build kernel
make -j $(grep -c processor /proc/cpuinfo)
# Make kernel modules
make modules_install INSTALL_MOD_PATH=${basedir}/root
# Copy kernel to boot
perl scripts/mkknlimg --dtok arch/arm/boot/zImage ${basedir}/bootp/kernel.img
cp arch/arm/boot/dts/*.dtb ${basedir}/bootp/
cp arch/arm/boot/dts/overlays/*.dtb* ${basedir}/bootp/overlays/
cp arch/arm/boot/dts/overlays/README ${basedir}/bootp/overlays/
# Make firmware and headers
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- firmware_install INSTALL_MOD_PATH=${basedir}/root
# Fix up the symlink for building external modules
# kernver is used so we don't need to keep track of what the current compiled
# version is
kernver=$(ls ${basedir}/root/lib/modules/)
cd ${basedir}/root/lib/modules/$kernver
rm build
rm source
ln -s /usr/src/kernel build
ln -s /usr/src/kernel source
cat << EOF > ${basedir}/bootp/config.txt
dtoverlay=dwc2
EOF
# Create cmdline.txt file
cat << EOF > ${basedir}/bootp/cmdline.txt
dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait
EOF
# systemd doesn't seem to be generating the fstab properly for some people, so
# let's create one.
cat << EOF > ${basedir}/root/etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/mmcblk0p1 /boot vfat defaults 0 2
/dev/mmcblk0p2 / ext4 defaults,noatime 0 1
EOF
# rpi-wiggle
mkdir -p ${basedir}/root/root/scripts
wget https://raw.github.com/offensive-security/rpiwiggle/master/rpi-wiggle -O ${basedir}/root/root/scripts/rpi-wiggle.sh
chmod 755 ${basedir}/root/scripts/rpi-wiggle.sh
# Firmware needed for rpi3 wifi (copy nexmon firmware)
mkdir -p ${basedir}/root/lib/firmware/brcm/
cp ${basedir}/../misc/rpi3/brcmfmac43430-sdio-nexmon.bin ${basedir}/root/lib/firmware/brcm/brcmfmac43430-sdio.bin
cp ${basedir}/../misc/rpi3/brcmfmac43430-sdio.txt ${basedir}/root/lib/firmware/brcm/
# Copy nexutil
cp ${basedir}/../misc/rpi3/nexutil-pi0 ${basedir}/root/usr/bin/nexutil
chmod 755 ${basedir}/root/usr/bin/nexutil
cd ${basedir}
cp ${basedir}/../misc/zram ${basedir}/root/etc/init.d/zram
chmod 755 ${basedir}/root/etc/init.d/zram
sed -i -e 's/^#PermitRootLogin.*/PermitRootLogin yes/' ${basedir}/root/etc/ssh/sshd_config
# Unmount partitions
umount $bootp
umount $rootp
kpartx -dv $loopdevice
losetup -d $loopdevice
# Don't pixz on 32bit, there isn't enough memory to compress the images.
MACHINE_TYPE=`uname -m`
if [ ${MACHINE_TYPE} == 'x86_64' ]; then
echo "Compressing kali-linux-$1-rpi0w-nexmon.img"
pixz ${basedir}/kali-linux-$1-rpi0w-nexmon.img ${basedir}/../kali-linux-$1-rpi0w-nexmon.img.xz
rm ${basedir}/kali-linux-$1-rpi0w-nexmon.img
fi
# Clean up all the temporary build stuff and remove the directories.
# Comment this out to keep things around if you want to see what may have gone
# wrong.
echo "Cleaning up the temporary build files..."
rm -rf ${basedir}
Reference in New Issue View Git Blame Copy Permalink