手机通过UEFI运行Kali-Linux的教程

仅用于信息安全、网络安全的教学和演示,请勿用于其他用途,请遵守中华人民共和国刑法。
Kali-Linux官网有详细的教程,我在这里用中文简要的翻译一下,并参考了隔壁Ubuntu教程。
如果我写的有问题,请联系我,我会及时进行修改。
分区相关教程在这里不再赘述,相关教程很多.
0.从Linux-Snapdragon项目获取perseus_defconfig文件
进入Kali-Linux系统进行操作
1.安装依赖包
sudo apt install -y build-essential libncurses5-dev fakeroot xz-utils
2.获取Kali-Linux源代码
sudo apt install -y linux-source
3.解压源代码
tar -xaf /usr/src/linux-source-5.10.tar.xz
4.从Linux-Snapdragon项目复制perseus_defconfig文件到Kali-Linux源代码文件夹
cp arch/arm64/configs/perseus_defconfig .config
5.编译Kali-Linux deb包 下载交叉编译器
make -j[线程数:填入整数] ARCH=arm64 CROSS_COMPILE=交叉编译器/bin/aarch64-none-linux-gnu- deb-pkg
6.rootfs准备阶段——安装依赖包
sudo apt install -y debootstrap qemu-user-static
7.制作rootfs

mkdir ~/rootfs && cd ~/rootfs
debootstrap --foreign --arch arm64 kali-rolling kali-arm64 http://http.kali.org/kali
cd ~/rootfs

8.写入相关文件

LANG=C chroot kali-arm64 /debootstrap/debootstrap --second-stage
cat <<EOF > kali-arm64/etc/apt/sources.list
deb http://http.kali.org/kali kali-rolling main non-free contrib
EOF
echo "kali" > kali-arm64/etc/hostname
cat <<EOF > kali-arm64/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
EOF
cat <<EOF > kali-arm64/etc/resolv.conf
nameserver 114.114.114.114
EOF

9.设置相关环境变量

export packages="xfce4 kali-menu wpasupplicant kali-defaults initramfs-tools u-boot-tools nmap openssh-server"
export MALLOC_CHECK_=0
export LC_ALL=C
export DEBIAN_FRONTEND=noninteractive

10.挂载相关目录

mount -t proc proc kali-arm64/proc
mount -o bind /dev/kali-arm64/dev/
mount -o bind /dev/pts kali-arm64/dev/pts

11.写入控制台相关

cat <<EOF > kali-arm64/debconf.set
console-common console-data/keymap/policy select Select keymap from full list
console-common console-data/keymap/full select en-latin1-nodeadkeys
EOF

12.写入最终安装脚本

cat <<EOF > kali-arm64/third-stage
#!/bin/sh
dpkg-divert --add --local --divert /usr/sbin/invoke-rc.d.chroot --rename /usr/sbin/invoke-rc.d
cp /bin/true /usr/sbin/invoke-rc.d
apt-get update
apt-get install -y locales-all
#locale-gen en_US.UTF-8
debconf-set-selections /debconf.set
rm -f /debconf.set
apt-get update
apt-get install -y locales-all
apt-get install -y git-core binutils ca-certificates initramfs-tools u-boot-tools
apt-get install -y locales console-common less vim git zsh
echo "kali:kali" | chpasswd
sed -i -e 's/KERNEL\!=\"eth\*|/KERNEL\!=\"/' /lib/udev/rules.d/75-persistent-net-generator.rules
rm -f /etc/udev/rules.d/70-persistent-net.rules
apt-get install -y --force-yes ${packages}
rm -f /usr/sbin/invoke-rc.d
dpkg-divert --remove --rename /usr/sbin/invoke-rc.d
rm -f /third-stage
EOF

13.授予安装脚本权限
chmod +x kali-arm64/third-stage
14.启动安装
LANG=C chroot kali-arm64 /third-stage
14.1进入rootfs并安装内核deb包

cp 内核编译目录/*.deb kali-arm64/
LANG=C chroot kali-arm64
dpkg -i *.deb

14.2配置boot目录

cd /boot
ln -s initrd.img-相关版本号-xiaomi-sdm845 initrd.img
ln -s vmlinuz-相关版本号-xiaomi-sdm845 vmlinuz    
ln -s /usr/lib/linux-image-相关版本号-xiaomi-sdm845/qcom/[选择对应你设备的dtb] device.dtb

14.3手动安装grub并创建grub.cfg

apt install grub2 -y
mkdir /boot/grub/ && vim /boot/grub/grub.cfg

[此处引用隔壁Ubuntu教程]
建议通过安卓系统内Termux的blkid指令,查询相关UUID
将下列代码粘贴进grub.cfg

set menu_color_normal=white/black
set menu_color_highlight=black/light-gray
if background_color 44,0,30,0; then
  clear
fi

insmod gzio

set timeout=1
menuentry  'Kali' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-[linux分区UUID:填入]' {
	set gfxpayload=keep
	devicetree /boot/device.dtb
	search --no-floppy --fs-uuid --set=root [linux分区UUID:填入]
	linux	/boot/vmlinuz root=UUID=[linux分区UUID:填入] rw pd_ignore_unused clk_ignore_unused efi=novamap loglevel=7 splash --
	initrd	/boot/initrd.img
}

menuentry 'Boot from next volume' {
	exit 1
}

menuentry 'UEFI Firmware Settings' {
	fwsetup
}
__EOF__

14.4修改fstab
vim /etc/fstab

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/nvme0n1p2 during installation
UUID=[linux分区UUID:填入] /    ext4    errors=remount-ro 0       1
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID="[esp分区UUID:填入] /boot/efi       vfat    umask=0077      0       1

15.写入清理脚本

cat <<EOF > kali-arm64/cleanup
#!/bin/sh
rm -rf /root/.bash_history
apt-get update
apt-get clean
rm -f cleanup
EOF

16.授予清理脚本权限
chmod +x kali-arm64/cleanup
17.启动清理
LANG=C chroot kali-arm64 /cleanup
18.解除相关挂载

umount kali-arm64/proc
umount kali-arm64/dev/pts
umount kali-arm64/dev/

19.通过mksquashfs打包
mksquashfs kali-arm64 kali.squashfs
[以下内容参考了隔壁Ubuntu教程]
20.进入安卓系统,通过Termux安装

pkg update && pkg upgrade
pkg install squashfs-tools-ng
su 
mount /dev/block/sda[linux分区ID:输入整数] /mnt
/data/data/com.termux/files/usr/bin/rdsquashfs -O -C -T -X -u / -p /mnt /sdcard/kali.squashfs
umount /mnt

隔壁帖子获取EFI文件
修改EFI文件夹中的/efi/EFI/ubuntu/grub.cfg

search.fs_uuid  [linux分区UUID:填入] root 
set prefix=($root)'/boot/grub'
configfile $prefix/grub.cfg
__EOF__
mount /dev/block/sda[ESP分区数字ID:输入整数] /mnt
cp -r /sdcard/efi/* /mnt
umount /mnt

22.启动
下载相关boot文件
fastboot boot boot-xxx(机型代号).img

3 Likes

OHHHHHHHHHHHHHHHH

这个usb能用吗
我的gpu,触摸屏,声音,wifi,电池都能用
唯有usb不行
如果usb能用请指导我

1 Like

我用的是ubuntu18.04

1 Like

那你得去问ubuntu项目

我不会 我发这个Ubuntu教程是来debug的

试一下把dts里面的dr_mode改为host

2 Likes

…我试试,谢谢

可以工作,但插hub没反应
工作模式为Ethernet/rndis gadget

…那你的dr_mode应该还是host

image
这个改为host,然后重新编译出dtb