With just a few taps, an Android phone can be armed to a hidden hacking device with weapons like Nmap, Nikto and Netcat – all without rooting the device.
UserLAnd, created by UserLAnd Technologies, is an Android app that installs Linux distributions quickly and easily without rooting. This makes it possible to run an ARM64 Debian operating system alongside the current Android operating system. This ARM architecture is sometimes referred to as "AARCH64" and is also used by the ARM images of Kali Linux Raspberry Pi. This makes it easy to import the tool repository from Kali. Best of all, the UserLAnd team has recently added their own Kali file system so importing repositories is not required for all users.
All created file systems are readily available. While many Kali tools work well, UserLAnd is still a new project and may cause some tools (like Nmap) to be corrupted or fail to execute certain commands. It is worth noting that these problems will be resolved in the near future.
For advanced users, UserLAnd uses custom scripts and executable files that can be used to build the Debian and Ubuntu file system. An example of this is PRoot, an open source software that implements features similar to chroot. With PRoot you can run programs with an alternative root directory, no root is required. Normally, a user space application communicates directly with the kernel via system calls. With UserLAnd, PRoot runs in the background to interpret these system calls, and executes and manipulates them when needed to emulate users and permissions in the file system.
We will start installing an SSH client primary app for interacting with the Debian operating system. Then I'll go through some operating system setup tips and import the Kali Linux repository to make Android a hacking device. As some readers know, Kali Linux is based on the Debian operating system, so importing your repository will not cause anything to break or become unreliable.
: Install the ConnectBot App
ConnectBot is an open source source SSH client for Android smartphones that allows you to securely connect to SSH servers. This is the main way of interacting with the new operating system UserLAnd Debian. If you can not access Google Play or access Google Play, ConnectBot is available through the F-Droid repository.
Step 2: Install the UserLAnd App
I've already covered what UserLAnd is and what's running above. The important thing is that you install it, and you can do it with either Google Play or F-Droid.
After completing the installation, open UserLAnd and show the tab " Apps ". Refresh the tab and wait a few minutes for the distributions to fill up.
The Kali Linux operating system has recently been added to the list of available distributions. Select "Kali" or "Debian" and the UserLAnd app will prompt for credentials. Create a username, password, and VNC password. The "password" allows access to the SSH server, which was started after the installation of the file system. The "VNC password" is not used in this tutorial but is required to proceed with the installation.
UserLAnd then downloads the necessary executables and scripts from the GitHub repository used to create the file systems (see below). The time it takes to download and extract the required assets depends on the Android CPU and Internet connection speed. The installation process took up to 20 minutes in some tests, so be patient.
In my first attempt, UserLAnd returned the following error: "File system could not be extracted. Something went wrong." Removing and reinstalling the UserLAnd application seemed to fix the problem. If this error persists, open a new GitHub issue.
Step 4: Interact with the file system
When the installation is complete, go to the Sessions tab and select the newly created option. UserLAnd automatically tries to open ConnectBot and asks "Do you really want to continue the connection?" Tap Yes and enter the password created in the previous step.
At this point, it is not necessary to set up the operating system by synchronizing a Bluetooth keyboard with the phone. If you do not use a Bluetooth keyboard, I recommend installing Hacker's Keyboard from the Play Store. If you continue, you will see the reason.
Recommended at Amazon: FAVI Mini Bluetooth Keyboard with Laser Pointer and Backlit Buttons
Step 5: Updating the Operating System
After installing a new operating system on your Android phone, you must first make sure that the system is up to date. This can be accomplished by first using su to create a root shell. Then use the command apt-get update && apt-get dist-upgrade .
distortiion @ localhost: ~ $ su root @ localhost: / home / distortion # apt-get update && apt-get dist-upgrade Ign: 1 http://cdn-fastly.deb.debian.org/debian stable InRelease Get 2 http://cdn-fastly.deb.debian.org/debian stable-updates InRelease [91.0 kB] Hit: 3 http://cdn-fastly.deb.debian.org/debian stable release Get 4 http://cdn-fastly.deb.debian.org/debian stable Release.gpg [2434 B] Get: 5 http://cdn-fastly.deb.debian.org/debian stable-updates / main arm64 Packages [5096 B] Get 6 http://cdn-fastly.deb.debian.org/debian stable-updates / main Translation-de [4512 B] Get: 7 http://cdn-fastly.deb.debian.org/debian stable / main Translation-de [5393 B] Get: 8 http://cdn-fastly.deb.debian.org/debian stable / contrib arm64 packages [29.9 kB] Get: 9 http://cdn-fastly.deb.debian.org/debian stable / contrib Translation-de [45.9 kB] Get: 10 http://cdn-fastly.deb.debian.org/debian stable / non-free arm64 package [50.8 kB] Get: 11 http://cdn-fastly.deb.debian.org/debian stablenon-free Translation-de [80.6 kB] 5714 kB in 31s (183 kB / s) Read package lists ... Done Read package lists ... Done Building Dependency Tree ... Done Upgrade is calculated ... Done The following packages are being updated: tzdata 1 updated, 0 reinstalled, 0 removed and 0 not updated. 270 kB archives are needed. After this process, 1024 B of additional memory is needed. Would you like to continue? [Y/n]
In the case of the above issue, only one package needs updating, but this may not always be the case.
Step 6: Installing the Essential Software
This new file system is extremely barebones and does not contain a lot of software by default. Below are some packages recommended for everyday Debian and Kali users. Some packages are not required, but are more easily tracked in future articles that use Android as their primary hacking device.
- screen – Screen is a terminal multiplexer that allows users to run and switch between multiple terminal sessions simultaneously. This is one of the most important packages to install when using UserLAnd. Android phones do not handle long SSH sessions well and tend to disconnect for no apparent reason. Such a break may cause running commands to fail without reconnecting to the session to indicate progress. Use Screen to manage persistent shell sessions.
- net-tools – Net-tools is a suite of tools that includes ifconfig, netstat, route and several other useful networking applications.
- netcat – Netcat is a powerful UNIX utility designed to be a reliable tool for creating TCP and UDP connections. Netcat can be used to create and interact with simple macOS backdoors.
- neofetch – Neofetch (shown in the cover image of this article) is a cross-platform system for gathering information. It conveniently displays system specifications beside the sales logo. There is no real function for this package except showing the distribution to colleagues and friends or creating cover photos for WonderHowTo. Neofetch is a bit buggy with UserLAnd distributions, but you may want to know how I created the cover photo. I add it here.
- gnupg – GnuPG (sometimes referred to as gpg) is commonly used to encrypt files and secure e-mail communication. Some installation scripts (such as Metasploit) use gpg to import their software signature keys. It is possible to manually install Metasploit without gpg, which makes the process less complicated.
- curl – cURL is a command-line utility that downloads files over HTTP and other popular protocols. This is a useful tool for downloading files from the internet.
- wget – Like cURL, wget is a command-line utility for downloading files from the Internet. Some developers prefer wget over cURL, so it's helpful to have them installed and available.
- git – Git is a popular version control software and is often used to clone (download) GitHub projects. Git is often recommended by zero-byte users.
- nano – Nano is a command-line text editor. Nano makes it easier to edit files via SSH. If Vim or Emacs is preferred, download these text editors (or in addition to Nano) instead.
The above packages can be installed with the command apt-get apt-get update & net -tools netcat neofetch gnupg curl wget git nano screen
Step 7: Import the potash Linux Repository (Conditional)
If you installed Kali OS in step 3, this step can be skipped. For users of Debian operating systems, importing the potash repository into your distribution is not mandatory. However, this allows for quick installation of applications such as sqlmap, Commix, Bettercap, Nikto, dnsmap, and hundreds of packages that are not included in the standard Debian repositories.
Starting Importing Kali Linux Use nano to add the Kali repository to /etc/apt/sources.list.
nano /etc/apt/sources.list[19659047*Continuethefollowingfollowingthefollowingfile(seebelow)then stop Ctrl + X and save the changes. ConnectBot has on-screen buttons for keys such as ctrl and shift . Alternatively, a Bluetooth keyboard or the apps of the Hacker's Keyboard can be useful for terminating the Nano-Terminal.
deb http://http.kali.org/kali kali-rolling main post non-free
Then add the Kali signature key to the following wget ] command.
wget -q -O - https://www.kali.org/archive-key.asc | apt-key add -
If the command was successful, the terminal returns "OK" (see below). Finally, update the APT cache with the command apt-get update .
root @ localhost: / home / distortion # wget -q -O - https://www.kali.org/archive-key.asc | Add apt-key - OK root @ localhost: / home / distortion # apt-get update Ign: 1 http://cdn-fastly.deb.debian.org/debian stable InRelease Hit: 3 http://cdn-fastly.deb.debian.org/debian Stable Updates InRelease Hit: 4 http://cdn-fastly.deb.debian.org/debian stable release Ign: 2 http://ftp.halifax.rwth-aachen.de/kali kali-rolling InRelease Get: 6 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling release [29.6 kB] Get: 7 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling Release.gpg [833 B] Get: 8 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling / main arm64 packages [16.4 MB] 64% [8 Packages 9415 kB/16.4 MB 57%] 546 kB / s 13s
More Weaponized Android coming soon
With UserLAnd, converting Android devices into hacking devices is easy. While Android's processing speed is slower than Raspberry Pis, it's still a great, easy-to-hide offensive tool that can run Kali software.
In the following articles I will show how to popular install, debug and use applications like Aircrack, Empire, Metasploit and Nmap only with Android. If you have questions about the Kali software that you would like to run on Android, enter a comment below.
Do not Miss: The 5 Most Exciting Nmap Scripts Hackers Should Know