仅用于信息安全、网络安全的教学和演示,请勿用于其他用途,请遵守中华人民共和国刑法。
Kali-Linux官网有详细的教程,我在这里用中文简要的翻译一下,并参考了隔壁Ubuntu教程。
如果我写的有问题,请联系我,我会及时进行修改。
分区相关教程在这里不再赘述,相关教程很多.
0.从Linux-Snapdragon项目获取perseus_defconfig文件
进入Kali-Linux系统进行操作
1.安装依赖包
sudo apt install -y build-essential libncurses5-dev fakeroot xz-utils
2.获取Kali-Linux源代码
sudo apt install -y linux-source
3.解压源代码
tar -xaf /usr/src/linux-source-5.10.tar.xz
4.从Linux-Snapdragon项目复制perseus_defconfig文件到Kali-Linux源代码文件夹
cp arch/arm64/configs/perseus_defconfig .config
5.编译Kali-Linux deb包 下载交叉编译器
make -j[线程数:填入整数] ARCH=arm64 CROSS_COMPILE=交叉编译器/bin/aarch64-none-linux-gnu- deb-pkg
6.rootfs准备阶段——安装依赖包
sudo apt install -y debootstrap qemu-user-static
7.制作rootfs
mkdir ~/rootfs && cd ~/rootfs
debootstrap --foreign --arch arm64 kali-rolling kali-arm64 http://http.kali.org/kali
cd ~/rootfs
8.写入相关文件
LANG=C chroot kali-arm64 /debootstrap/debootstrap --second-stage
cat <<EOF > kali-arm64/etc/apt/sources.list
deb http://http.kali.org/kali kali-rolling main non-free contrib
EOF
echo "kali" > kali-arm64/etc/hostname
cat <<EOF > kali-arm64/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
EOF
cat <<EOF > kali-arm64/etc/resolv.conf
nameserver 114.114.114.114
EOF
9.设置相关环境变量
export packages="xfce4 kali-menu wpasupplicant kali-defaults initramfs-tools u-boot-tools nmap openssh-server"
export MALLOC_CHECK_=0
export LC_ALL=C
export DEBIAN_FRONTEND=noninteractive
10.挂载相关目录
mount -t proc proc kali-arm64/proc
mount -o bind /dev/kali-arm64/dev/
mount -o bind /dev/pts kali-arm64/dev/pts
11.写入控制台相关
cat <<EOF > kali-arm64/debconf.set
console-common console-data/keymap/policy select Select keymap from full list
console-common console-data/keymap/full select en-latin1-nodeadkeys
EOF
12.写入最终安装脚本
cat <<EOF > kali-arm64/third-stage
#!/bin/sh
dpkg-divert --add --local --divert /usr/sbin/invoke-rc.d.chroot --rename /usr/sbin/invoke-rc.d
cp /bin/true /usr/sbin/invoke-rc.d
apt-get update
apt-get install -y locales-all
#locale-gen en_US.UTF-8
debconf-set-selections /debconf.set
rm -f /debconf.set
apt-get update
apt-get install -y locales-all
apt-get install -y git-core binutils ca-certificates initramfs-tools u-boot-tools
apt-get install -y locales console-common less vim git zsh
echo "kali:kali" | chpasswd
sed -i -e 's/KERNEL\!=\"eth\*|/KERNEL\!=\"/' /lib/udev/rules.d/75-persistent-net-generator.rules
rm -f /etc/udev/rules.d/70-persistent-net.rules
apt-get install -y --force-yes ${packages}
rm -f /usr/sbin/invoke-rc.d
dpkg-divert --remove --rename /usr/sbin/invoke-rc.d
rm -f /third-stage
EOF
13.授予安装脚本权限
chmod +x kali-arm64/third-stage
14.启动安装
LANG=C chroot kali-arm64 /third-stage
14.1进入rootfs并安装内核deb包
cp 内核编译目录/*.deb kali-arm64/
LANG=C chroot kali-arm64
dpkg -i *.deb
14.2配置boot目录
cd /boot
ln -s initrd.img-相关版本号-xiaomi-sdm845 initrd.img
ln -s vmlinuz-相关版本号-xiaomi-sdm845 vmlinuz
ln -s /usr/lib/linux-image-相关版本号-xiaomi-sdm845/qcom/[选择对应你设备的dtb] device.dtb
14.3手动安装grub并创建grub.cfg
apt install grub2 -y
mkdir /boot/grub/ && vim /boot/grub/grub.cfg
[此处引用隔壁Ubuntu教程]
建议通过安卓系统内Termux的blkid指令,查询相关UUID
将下列代码粘贴进grub.cfg
set menu_color_normal=white/black
set menu_color_highlight=black/light-gray
if background_color 44,0,30,0; then
clear
fi
insmod gzio
set timeout=1
menuentry 'Kali' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-[linux分区UUID:填入]' {
set gfxpayload=keep
devicetree /boot/device.dtb
search --no-floppy --fs-uuid --set=root [linux分区UUID:填入]
linux /boot/vmlinuz root=UUID=[linux分区UUID:填入] rw pd_ignore_unused clk_ignore_unused efi=novamap loglevel=7 splash --
initrd /boot/initrd.img
}
menuentry 'Boot from next volume' {
exit 1
}
menuentry 'UEFI Firmware Settings' {
fwsetup
}
__EOF__
14.4修改fstab
vim /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/nvme0n1p2 during installation
UUID=[linux分区UUID:填入] / ext4 errors=remount-ro 0 1
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID="[esp分区UUID:填入] /boot/efi vfat umask=0077 0 1
15.写入清理脚本
cat <<EOF > kali-arm64/cleanup
#!/bin/sh
rm -rf /root/.bash_history
apt-get update
apt-get clean
rm -f cleanup
EOF
16.授予清理脚本权限
chmod +x kali-arm64/cleanup
17.启动清理
LANG=C chroot kali-arm64 /cleanup
18.解除相关挂载
umount kali-arm64/proc
umount kali-arm64/dev/pts
umount kali-arm64/dev/
19.通过mksquashfs打包
mksquashfs kali-arm64 kali.squashfs
[以下内容参考了隔壁Ubuntu教程]
20.进入安卓系统,通过Termux安装
pkg update && pkg upgrade
pkg install squashfs-tools-ng
su
mount /dev/block/sda[linux分区ID:输入整数] /mnt
/data/data/com.termux/files/usr/bin/rdsquashfs -O -C -T -X -u / -p /mnt /sdcard/kali.squashfs
umount /mnt
从隔壁帖子获取EFI文件
修改EFI文件夹中的/efi/EFI/ubuntu/grub.cfg
search.fs_uuid [linux分区UUID:填入] root
set prefix=($root)'/boot/grub'
configfile $prefix/grub.cfg
__EOF__
mount /dev/block/sda[ESP分区数字ID:输入整数] /mnt
cp -r /sdcard/efi/* /mnt
umount /mnt
22.启动
下载相关boot文件
fastboot boot boot-xxx(机型代号).img
