Now we can flash this ROM and Magisk (root app) onto the phone. Assuming the phone has an unlocked bootloader and TWRP recovery installed.
- Power off the phone
- Hold volume-up + power
- TWRP boots
- Go to: Wipe
- Swipe to Factory Reset
- Format Data -> Yes
- Go to: Advanced
- ADB Sideload
- Select wipe cache & dalvik
- Slide to start ADB Sideload
- ADB Sideload
- On the PC side go to the directory of the newly created ROM
- Type: adb sideload PixelExperience_lavender_10.0-20200130-0720-UNOFFICIAL.zip
- When ROM installation finishes go back and sideload Magisk
- Type: adb sideload Magisk.zip
- Now reboot the phone
- First boot could take some time. Be patient
After the phone boots go through the usual setup (wifi, google account etc) then go to magiskmanager.com to download and install Magisk Manager.
So what we’ve achieved so far is that we have a rooted Android phone with the proper modules installed. Next we need to install Termux and the Kali Nethunter chroot to take advantage of the huge pentesting software collection Kali offers. Although i’m only going to use Wifite and Bettercap in this example.
Install Termux through the Google Playstore and start it up
In Termux first update
pkg update
Then install the root-repo
pkg install root-repo
Now we can load the wireless modules
tsudo /system/bin/modprobe -d /vendor/lib/modules/ ath9k-htc
tsudo /system/bin/modprobe -d /vendor/lib/modules/ mt7601u
To load the modules at Termux startup create a script called m.sh
pkg install nano
nano m.sh
Insert the following code into m.sh
#!/bin/bash
export PATH=&PATH:/system/bin/
modules="/vendor/lib/modules/"
tsudo modprobe -d $modules ath9k-htc
tsudo modprobe -d $modules rt2800usb
tsudo modprobe -d $modules mt7601u
Make m.sh executable and edit bashrc
chmod +x m.sh
nano ~/.bashrc
Add this line to bashrc
bash m.sh