Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

CYBER WEAPONS LAB #$ FOLLOW US & %

NULL BYTE

A N D R O I D FO R H AC K E R S

How to Turn an
Android Phone into a
Hacking Device
Without Root
BY DISTORTION ! 01/31/2019 5:12 PM " 03/05/2019 3:55 PM
ANDROID FOR HACKERS

W ith just a few taps, an Android phone can be

weaponized into a covert hacking device capable of
running tools such as Nmap, Nikto, and Netcat — all
without rooting the device.

UserLAnd, created by UserLAnd Technologies, is a

completely free Android app that makes installing Linux
distributions quick and effortless, without any rooting.
With this, it's possible to run an ARM64 Debian operating
system alongside the current Android OS. Sometimes
referred to as "AARCH64," this ARM architecture is the
same used by the Kali Linux Raspberry Pi ARM images,

1 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

which makes it easy to import Kali's tool repository. And

best of all, the UserLAnd team recently added a dedicated
Kali filesystem so importing repositories won't be
necessary for all users.

All of the created filesystems are easily disposable. While

many Kali tools work without issues, UserLAnd is still a
new project and may cause some tools (like Nmap) to
break or fail when executing certain commands. It's worth
mentioning, these issues will likely be resolved in the near
future.

D o n ' t M i s s : H o w t o H a c k a M a c Pa s s w o r d W i t h o u t
Changing It

For the technically inclined, UserLAnd utilizes custom

scripts and executables that allow it to create the Debian
and Ubuntu filesystems. One example of this is PRoot, an
open-source software that implements functionalities
similar to chroot. PRoot allows you to execute programs
with an alternative root directory, no root needed.
Normally, a user-space application will communicate
directly with the Kernel through system calls. With
UserLAnd, PRoot is running in the background, interpreting
these system calls, and it will perform and manipulate
them when necessary to emulate users and permissions in
the filesystem.

We'll start by installing an SSH client, which will be the

primary app for interacting with the Debian OS. Then, I'll
walk through some OS setup tips and importing the Kali
Linux repository to really turn Android into a hacking
device. As some readers may know, Kali Linux is based on
the Debian operating system, so importing their repository
won't cause anything to break or become unreliable.

2 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

Run the Kali Linux Hacking OS on an Unrooted Android Phone [Tutorial]

Step 1 Install the ConnectBot App

(Optional)
UserLAnd recently added a built-in SSH functionality, so
this step is no longer required. However, third-party SSH
clients can still be used if preferred.

ConnectBot is an open-source SSH client designed for

Android smartphones, which allows you to securely
connect with SSH servers. This will be the primary way of
interacting with the new UserLAnd Debian operating
system. If you don't use or have access to Google Play,
ConnectBot is available via the F-Droid repository.

Play Store Link: ConnectBot (free)

F-Droid Link: ConnectBot (free)

3 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

JuiceSSH is also a very good option to use instead of

ConnectBot since it has more features, so you can use that
if you'd rather. ConnectBot is more regularly updated and
easier for beginners, so we went with that.

Step 2 Install the UserLAnd App

I've already covered what UserLAnd is and does above, so
I won't go over anything else in detail here. The important
thing is that you install it, and you can do so using either
Google Play or F-Droid.

Play Store Link: UserLAnd (free)

F-Droid Link: UserLAnd (free)

Disclaimer: UserLAnd does have limitations. Without root

access, Android's Wi-Fi interface can't be switched into
monitor mode, so traditional Wi-Fi hacking tools like
Aircrack-ng won't work. However, there's still a lot that
can be done with UserLAnd, as you'll see in future guides,
and running Kali without rooting or wiping the Android OS
is no easy achievement. So be sure to give the UserLAnd
app a good rating on Google Play — the developers totally
deserve some positive feedback.

Step 3 Create a New Filesystem

When the installation is complete, open UserLAnd, and

4 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

view the "Apps" tab. Refresh the tab and wait a few
minutes for the distributions to populate.

The Kali Linux OS has recently been added to the list of

available distributions. Select "Kali" or "Debian" and the
UserLAnd app will prompt for credentials. Create a
username, password, and VNC password. The "Password"
will allow access to the SSH server started when the
filesystem is finished installing. The "VNC Password" won't
be used in this tutorial but is required to proceed with the
installation.

UserLAnd will then download the necessary executables

and scripts from its GitHub repository that are used to
create the filesystems. The time it takes to download and
extract the required assets will vary based on the Android
CPU and internet connection speed. The installation
process took up to 20 minutes to complete in some tests,
so be patient.

In my first attempt, UserLAnd returned the following

5 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

"Could not extract filesystem. Something went wrong"

error. Removing and reinstalling the UserLAnd application
seemed to resolve the issue. If this error persists, open a
new GitHub issue.

Step 4 Interact with the Filesystem

When the installation is complete, head over to the
"Sessions" tab, and select the newly created option.
UserLAnd will automatically attempt to open ConnectBot
and ask "Are you sure you want to continue connecting?"
Tap "Yes," and enter the password created in the previous
step.

At this point, syncing a Bluetooth keyboard to the phone

will make setting up the OS easier, but isn't required. If
you don't use a Bluetooth keyboard, I recommend
installing Hacker's Keyboard from the Play Store, and
you'll see why as we continue.

6 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

Recommended on Amazon: FAVI Mini

Bluetooth Keyboard with Laser Pointer
& Backlit Keys

Step 5 Update the OS

The first thing to do after installing a new operating system
on your Android phone is making sure the system is fully
up to date. This can be done by first using s u to create a
root shell. Next, use the a p t - g e t u p d a t e & & a p t - g e t d i s t -
u p g r a d e command.

distortion@localhost:~$ su
root@localhost: /home/distortion# apt-get update && apt-get dist-u
Ign:1 http://cdn-fastly.deb.debian.org/debian stable InRelease
Get:2 http://cdn-fastly.deb.debian.org/debian stable-updates InRel
Hit:3 http://cdn-fastly.deb.debian.org/debian stable Release
Get:4 http://cdn-fastly.deb.debian.org/debian stable Release.gpg [
Get:5 http://cdn-fastly.deb.debian.org/debian stable-updates/main
Get:6 http://cdn-fastly.deb.debian.org/debian stable-updates/main
Get:7 http://cdn-fastly.deb.debian.org/debian stable/main Translat
Get:8 http://cdn-fastly.deb.debian.org/debian stable/contrib arm64
Get:9 http://cdn-fastly.deb.debian.org/debian stable/contrib Trans
Get:10 http://cdn-fastly.deb.debian.org/debian stable/non-free arm
Get:11 http://cdn-fastly.deb.debian.org/debian stablenon-free Tran
Fetched 5714 kB in 31s (183 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Calculating upgrade... Done
The following packages will be upgraded:
tzdata
1 upgraded, 0 newly intalled, 0 to remove and 0 not upgraded.
Need to get 270 kB of archives.
After this operation, 1024 B of additional disk space will be used
Do you want to continue? [Y/n]

In the case of the above output, there's only one package

that needed updating, but this might not always be true.

D o n ' t M i s s : To p 1 0 T h i n g s t o D o A f t e r I n s t a l l i n g
Kali Linux

Step 6 Install Essential Software

7 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

This new filesystem is extremely bareboned and doesn't

include very much software by default. Below are a few
packages recommended for everyday Debian and Kali
users. Some packages aren't required but will make it
easier to follow along in future articles where Android is
used as the primary hacking device.

1. s c r e e n — Screen is a terminal multiplexer that allows

users to run and alternate between several terminal
sessions simultaneously. This is one of the most vital
packages to install when using UserLAnd. Android
phones don't handle prolonged SSH sessions well and
tend to break connections for no apparent reason.
Such breakage can cause running commands to fail
with no way of reconnecting to the session to view
the progress. Use Screen to maintain persistent shell
sessions.
2. n e t - t o o l s — Net-tools is a suite of tools containing
ifconfig, netstat, route, and several other useful
networking applications.
3. n e t c a t — Netcat is a feature-rich UNIX utility
designed to be a reliable tool for creating TCP and
UDP connections. Netcat can be used to create and
interact with simple macOS backdoors.
4. n e o f e t c h — Neofetch (shown in the cover photo of
this article) is a cross-platform system information
gathering tool. It conveniently displays system
specifications alongside the distribution logo. There's
no real function for this package other than showing-
off the distribution to coworkers and friends or
creating cover photos for WonderHowTo. Neofetch is a
little buggy with UserLAnd distros, but you may want
to know how I created the cover photo, so I'm
including it here.
5. g n u p g — GnuPG (sometimes referred to as gpg) is
generally used for encrypting files and securing email
communications. Some installer scripts (like
Metasploit) use gpg in order to import their software
signing keys. It's possible to manually install
Metasploit without gpg, but it will make the process
less complicated.
6. c u r l — cURL is a command line tool capable of

8 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

downloading files over HTTP and other popular

protocols. This is a useful tool to have for
downloading files from the internet.
7. w g e t — Like cURL, wget is a command line tool used
to download files from the internet. Some developers
prefer wget over cURL, so it's helpful to keep both
installed and available.
8. g i t — Git is a popular version control software and is
commonly used to clone (download) GitHub projects.
Git is often recommended by Null Byte users.
9. n a n o — Nano is a command line text editor. Nano
will make editing files via SSH more convenient. If
Vim or Emacs is preferred, download those text-
editors instead (or in addition to nano).

The above packages can be installed using the a p t - g e t

command.

apt-get update && apt-get install net-tools netcat neofetch gnupg

Step 7 Import the Kali Linux Repository

(Conditional)
If you installed the Kali OS in Step 3, this step can be
skipped. For Debian OS users, importing the Kali repository
into your distribution isn't mandatory. However, doing so
will allow for quick installations of applications such as
sqlmap, Commix, Bettercap, Nikto, dnsmap, and hundreds
of packages that can't be found in Debian's default
repositories.

To start importing the Kali Linux repository, use n a n o to

add Kali's repository to the /etc/apt/sources.list file.

nano /etc/apt/sources.list

Add the below line to the bottom of the file (shown

below), then use Ctrl + X to exit and save the changes.
ConnectBot has on-screen buttons for keys like Ctrl and
Shift. Alternatively, a Bluetooth keyboard or the Hacker's

9 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

Keyboard app will come in handy for exiting the nano

terminal.

deb http://http.kali.org/kali kali-rolling main contrib non-free

Then, add the Kali signing key using the following w g e t

command.

wget -q -O - https://www.kali.org/archive-key.asc | apt-key add -

If the command was successful, the terminal will return

"OK" (shown below). Finally, update the APT cache using
the a p t - g e t u p d a t e command.

root@localhost:/home/distortion# wget -q -O - https://www.kali.org

OK
root@localhost:/home/distortion# apt-get update
Ign:1 http://cdn-fastly.deb.debian.org/debian stable InRelease
Hit:3 http://cdn-fastly.deb.debian.org/debian stable-updates InRel
Hit:4 http://cdn-fastly.deb.debian.org/debian stable Release
Ign:2 http://ftp.halifax.rwth-aachen.de/kali kali-rolling InReleas

10 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

Get:6 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling Rele

Get:7 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling Rele
Get:8 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling/main
64% [8 Packages 9415 kB/16.4 MB 57%]

Don't Miss: How to Create an Undetectable

Pa y l o a d

More Weaponized Android Coming Soon

With UserLAnd, turning Android's into hacking devices is
easy. While Android is slower at processing data than
Raspberry Pis, it still makes a great, easily concealed
offensive tool capable of running Kali software.

In upcoming articles, I'll show how to hack websites, Wi-Fi

passwords, and Windows 10 using only Kali on Android. If
you have any requests for Kali software you'd like to see
running in Android, be sure to leave a comment below.

Next Up: How to Scan Websites for

Vulnerabilities Using an Android Phone
Without Root

Wa n t t o s t a r t m a k i n g m o n e y a s a w h i t e h a t h a c k e r ?
Jump-start your white-hat hacking career with our 2020
Premium Ethical Hacking Certification Training Bundle
from the new Null Byte Shop and get over 60 hours of
training from ethical hacking professionals.

Buy Now (90% off ) >

Cover photo and screenshots by distortion/Null Byte

Our Best Hacking &

Security Guides
New Null Byte posts — delivered straight to your
inbox.

11 of 12 8/17/20, 8:59 PM
Android for Hackers: How to Turn an Android Phone into a Ha... https://null-byte.wonderhowto.com/how-to/android-for-hackers-...

Your Email

' SUBSCRIBE NOW

WonderHowTo.com About Us Terms of Use Privacy Policy

Don't Miss:
New iOS 13 Features — The 200+ Best, Hidden & Most Exciting New Changes for iPhone
20+ Features in iOS 13's Safari You Don't Want to Miss
31 New Features for Camera & Photos in iOS 13
22 New Features in iOS 13's Mail App to Help You Master the Art of the Email
How to Request Desktop or Mobile Web Pages in iOS 13
iOS 13 Changes How to Edit & Select Text, Move Selections, & Place the Cursor
How to Change Your iMessage Profile Picture & Display Name in iOS 13

By using this site you acknowledge and agree to our terms of use & privacy policy.
We do not sell personal information to 3rd parties.

12 of 12 8/17/20, 8:59 PM