search

jcadduono / lazyflasher

An easy way to patch ramdisks, replace kernels, and install files to your phone through recovery.
BSD 2-Clause "Simplified" License
227 stars 115 forks source link

Question #4

Open 0E800 opened 6 years ago

0E800 commented 6 years ago

If I extract zimage that contains a 3.4 kernel from a grouper-tilapia ROM, and include DTB file; will this tool apply patches / modifications to make the kernel compatible with HID and Wlan1 monitor / injection?

Apologies, I am attempting to create a minimal / universal (if possible) workflow to take a kernel source and make it nethunter ready, with regards to using external wifi and HID.

There are multiple offsec-github issues with related questions, just none seems to have a straight forward process of taking a kernel source and modifying it to work with nethunter.

jcadduono commented 6 years ago

zImage is not sources, you have to actually use the kernel sources to build the kernel zImage for your device and then use Kali NetHunter git to build it (which uses lazyflasher internally) There is a README.md in the kali-nethunter/nethunter-installer page

0E800 commented 6 years ago

Thank you for your response. This is my workflow: (Keep in mind my main focus is wlan1 mon/injection support for Oreo rom- once I can get this down then ill work on HID)

git clone https://github.com/flar2/flo.git -b ElementalX-7.00 flo_kern
cd flo_kern
export ARCH=arm
export SUBARCH=arm
export CROSS_COMPILE=../toolchain/bin/arm-eabi-
make clean
make elementalx_defconfig
make menuconfig

//

Follow examples found here: https://github.com/offensive-security/kali-nethunter/wiki/Modifying-the-Kernel Apply mac-frag patch Skip patching HID Keyboard gadgets as patches fail and not sure how to manually modify

//

make -j4

last few lines of successful build:

 LD [M]  drivers/net/wireless/at76c50x-usb.ko
  LD [M]  drivers/net/wireless/zd1201.ko
  LD [M]  drivers/scsi/scsi_wait_scan.ko
  AS      arch/arm/boot/compressed/piggy.xzkern.o
  LD      arch/arm/boot/compressed/vmlinux
  OBJCOPY arch/arm/boot/zImage
  Kernel: arch/arm/boot/zImage is ready

I then copy zImage to lazyflasher directory and run make

Is this sufficient?

I think I am supposed to put stuff in the modules folder but not sure how or where those modules are.

I cloned kali-nethunter/installer and tried moving the created zimage to devices/marshmallow/flocm and built just the kernel. It booted and I am able to see the TPLink adapter but shortly after I begin collecting packets or if I unplug the adapter, the device reboots itself.

Any feedback would be greatly appreciated.

0E800 commented 6 years ago

I ultimately ended up repo syncing the Unlegacy Android /AOSP 8.1 branch.

I was able to figure out patching the keyboard gadget and ended up getting ath9k working albeit I manually copied over the etc/firmware modules from the nethunter marshmallow official build. One thing I noticed is that the device reboots whenever I remove the tplink adapter.

Do you know if anyone has figured out how to prevent that on Flo?

jcadduono commented 6 years ago

The reboot thing is a bug with prima/pronto kernel driver and net device notifier. We usually get around that be commenting out the code that starts the netdev notifier thread in wlan_hdd_main.c You can find that commit in any kernel repo on my github for a device using prima/pronto drivers.