Android pentensting lab

Android pentensting lab#

Unlocking bootdloader#

Warning: This will wipe data

TBD

Flashing TWRP custom recovery#

  1. Find the TWRP(...).img

  1. Make sure to have adb & fastboot tools (either via platform-tools on windows, or via standard apt install in linux).

Additional drivers may be needed for Windows (you’ll find them).

  1. Make sure to have usb debugging enabled.

  2. Reboot into fastboot

adb reboot bootloader  # or recovery, depends

If this don’t work try, start your phone with power + volume up (or volume down). Depending of the phone model, this will boot either in recovery or in fastboot

  1. Flash both recovery slots with TWRP.

fastboot flash recovery_a .\TWRP(...).img
fastboot flash recovery_b .\TWRP(...).img

  1. Reboot into recovery

Installing Magisk#

Download Magisk from official github repo only !!!

topjohnwu/Magisk

There are a lot of fake Magisk with embedded malwares.

Install it via TWRP (put the apk at the root of your phone).

Once rebooted, go to the installed app, this will ask to finish the installation. Choose from the standard application.

You are now rooted.

Important note, when root rights are lost for whatever reason#

This can be seen for example if you can’t get any root access, and in the magisk app, you see that this is not fully installed. Magisk can ask for ways of installing it fully. BUT, if the “standard application install” is not available, this means that you have to go instead into the following steps:

At the root of the phone, copy the magisk apk, but rename it uninstall.zip.

Installing this zip via TWRP will actually properly remove magisk.

From this you can reinstall magisk like said before.

Installing Kali Nethunter#

Download nethunter (full version is prefered), NOT the nethunter pro, which is a full OS. We want to only have access to features via container. This is Kali nethunter (not pro), scroll down a bit.

General full version works fine for my Oneplus 11.

https://www.kali.org/get-kali/#kali-mobile

Put it on your phone.

Install it via magisk, as a magisk module.

It may not resolve correctly http.kali.org which is needed for various apt things, due to bad dns. You will need to change the DNS at /etc/resolv.conf. Cloudflare works fine (1.1.1.1, 1.0.0.1)

Oneplus termux not asking for su privileges#

Go to settings, battery, battery optimization, find per app, and disable battery optimization of termux