Download and install the build scripts, build dependencies, and cross compiler.
mkdir /root/arm-stuff
cd /root/arm-stuff
Next, we need a cross-compiler for armhf. This package contains pre-built versions of Linaro GCC and Linaro GDB, a gdbserver (a program that allows you to run GDB on a different machine than the one which is running the program being debugged), a system root (with all the headers and libraries to link programs against) and manuals under share/doc:
git clone https://gitlab.com/kalilinux/packages/gcc-arm-linux-gnueabihf-4-7
Kali will need the files under bin/ for the build:
export PATH=${PATH}:/root/arm-stuff/gcc-arm-linux-gnueabihf-4.7/bin
Next, the real magic. We will grab the Kali Linux ARM build scripts. We use these to build our official Kali Linux ARM images at http://www.kali.org/downloads.
git clone https://gitlab.com/kalilinux/build-scripts/kali-arm
cd ~/arm-stuff/kali-arm-build-scripts
Next, install the required dependencies. This will take a few minutes:
./build-deps.sh
Next, edit the ARM build script, and change your required fields. We are editing the Raspberry Pi3 Kali ARM script. It's got nexmon built in: a C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips that enables Monitor Mode, Frame Injection and much more.
In our case we can remove desktop, most of tools and extras. Additionally, we want to set up the Raspberry Pi IP address to be a static IP so we can SSH to it later on. Of course, SSH should start at boot time, and have our public key.
nano rpi3-nexmon.sh
First, we will comment out the desktop and extras sections, and make changes to the tools and services sections:
#desktop="fonts-croscore fonts-crosextra-caladea fonts-crosextra-carlito gnome-theme-kali gtk3-engines-xfce kali-desktop-xfce kali-root-login lightdm network-manager network-manager-gnome xfce4 xserver-xorg-video-fbdev xserver-xorg-input-evdev xserver-xorg-input-synaptics"
#tools="aircrack-ng ethtool hydra john libnfc-bin mfoc nmap passing-the-hash sqlmap usbutils winexe wireshark net-tools"
tools="aircrack-ng nmap hostapd"
#services="apache2 openssh-server gnupg"
services="openssh-server gnupg"
#extras="iceweasel xfce4-terminal wpasupplicant python-smbus i2c-tools python-requests python-configobj python-pip"
We will also make changes to the packages section, leaving out desktop and extras:
#packages="${arm} ${base} ${desktop} ${tools} ${services} ${extras}"
packages="${arm} ${base} ${tools} ${services}"
Further down we will pull eth0 off of dhcp and set a static address:
auto eth0
iface eth0 inet static
address 192.168.1.12
netmask 255.255.255.0
gateway 192.168.1.1
EOF
The changes we've made can be shown in another way with the diff tool, which compares files. Here we see a before-and-after. White lines show lines that match between the files (but have been moved in this case because we've inserted some lines). Red lines show deletions, and green lines show additions. Note that in this diff, we have deleted configuration lines instead of commenting them:
Once the changes are made, we can run the build script with a nifty identifier (a lame "1.0" in this example). Note that this can take over an hour, based on your CPU, memory and bandwidth:
./rpi3-nexmon.sh 1.0
Once this is finished, you should have three files:
root@kali:~/arm-stuff/kali-arm-build-scripts# ls -l rpi3-nexmon-bh-1.0/
total 553496
-rw-r--r-- 1 root root 91 Aug 5 12:14 kali-1.0-rpi3-nexmon.img.sha256sum
-rw-r--r-- 1 root root 566765348 Aug 5 12:23 kali-1.0-rpi3-nexmon.img.xz
-rw-r--r-- 1 root root 94 Aug 5 12:23 kali-1.0-rpi3-nexmon.img.xz.sha256sum
Now, you can burn the ISO to an SD to test the image. As always, be sure to select the correct device ID. In our case, it happens to be /dev/sdb. This can take 20 minutes or more, when run from a properly configured VM:
root@kali:~# cd /root/arm-stuff/kali-arm-build-scripts/rpi3-nexmon-bh-1.0/
root@kali:~/arm-stuff/kali-arm-build-scripts/rpi3-nexmon-bh-1.0# ls
kali-1.0-rpi3-nexmon.img.sha256sum kali-1.0-rpi3-nexmon.img.xz kali-1.0-rpi3-nexmon.img.xz.sha256sum
root@kali:~/arm-stuff/kali-arm-build-scripts/rpi3-nexmon-bh-1.0# xzcat kali-1.0-rpi3-nexmon.img.xz | dd of=/dev/sdb bs=1M
Next, boot up the Kali Pi. You should find it at 192.168.1.12, and ssh should be open. Oh, and bonus! ifconfig works!
