How To: Rooted Android = Your New PenTesting Tool

Rooted Android = Your New PenTesting Tool

Rooted Android = Your New PenTesting Tool

No more carrying around heavy laptops and thousands of Linux Live CDs and USBs to always be ready for pentesting on the fly!

I hope you had a good Christmas and happy new year!

Update1: Added the section "weaponizing your Android" where I talk about apps and fundamental Kali tools on Android!

Update2 06/26/15: Added the some troubleshooting regarding different common errors and more useful tools. Also provided links to Complete Linux Installer and Install or Mount from XDA developers. Now has link to Null Byter FEAR's guide about NetHunter installation.

If you remember, about six months ago we talked about how to install pentesting tools on your jailbroken iDevice, and in that same article I said I would have posted about the same topic but for Android devices, if the feedback would have been positive. Since it was, here I am, a little bit late maybe.

A great feature iDevices don't have but Android ones do is being open source! This leads to lots of cool stuff like custom firmwares ecc... and we know that.

The great thing that this allows you to do, speaking about linux portability, is booting Linux both in your Android and from your Android, by physically plugging the USB cable in your computer and using an app called DriveDroid, but we'll get there later.

Edit: I have to make a little clarification here. You can with an iPhone too with tools like USB Drive and robyUSb from Cydia. I'll eventually write something about it, though switching between USB and iPhone connection is more complicated and takes more time and you'll have to install your distro with external tools (as explained in my Kali Portability guide). But with some struggles, it is possible.

Our smartphones are slowly turning into little computers, in terms of speed and processors. Because of Android being open source, more and more smartphone vendors can use Android as their product's OS. This means that Android can be found in devices that are slowly increasing their capabilities to the star. New Androids can reach 2.5 GHz of processor. And obviously, this opens the gate to Linux when talking about ARM processors.

Note: if you have a Nexus or OnePlus One device, consider installing Offensive Security's Kali Linux NetHunter. The topic is discussed after Linux Deploy and DriveDroid.

Let's give it a closer look, the requirements for today's topic are:

-Rooted Android device: although this being probably the hardest step of this article, I obviously won't be explaining this. Instead, I will be referring to WonderHowTo always updated rooting guide for any phone and tablet. I also strongly recommend you to read this lifehacker's guide to rooting, it explains quite well a few things and gives even more informations about rooting and where to find help for rooting. A few effective ways are not in the article although being very difficult and risky. If you can't root your device (probably most recent ones) with the above guide, try looking on XDA developers forum.

Disclaimer: I'm not responsible for the damage you make to your Android device by rooting it or attempting to root it. Although usually this is a pretty straight forward and secure process, it's not bug-free. If you'll be using an alternative way to root your Android device, be sure of what you are doing. If you don't know how to do this you probably don't need this, so just DON'T DO IT.

NOTE FOR NON-ROOT USERS: you might try to use a PC emulator to run Linux ISOs. Although not being the best way, everyone should first give a look to this, just to see if you are happy with that, you can stop here. Note: this did not work for me with Kali Linux and most of other OSes, all fail on boot.

The odds of successfully rooting your Android device are higher with older models. Same thing goes for the processes I'll be writing in this guide. I'll try to troubleshoot the problems that I solved while doing this, but I'm not an expert. Just know this: the more your device is recent, the more errors you'll get. I told you.

-"Linux Deploy" application (booting Linux on your Android).
-VNC or SSH client (booting Linux on your Android).
-"DriveDroid" application (booting Linux from your Android).

-"BusyBox" installed on your device. This can be accomplished in a few ways, I'll be writing them down (booting Linux on your Android).

-Optional: USB Mass Storage support (UMS). Again, if you don't know what it is, look it up. If you don't get this, you don't need to boot Linux with your Android. I'll talk about it later.

Setup done. I hope you got that this is not quite straight forward and you shouldn't do this if you don't need this.

Boot Linux Within Your Android Device (Chroot Environment)

I'll be breaking this down in steps, to make it more eye-friendly.

-A few recommendations first:

1) Be sure you have enough space on your device. Although we are going to install a very minimalistic version of Kali in this example (you can go with Ubuntu, Fedora, Arch, Debian and a few others), this is going to create a .img file. You can install the Linux distro either on your internal memory or your external SD card, we'll go trough it later. Just to be sure, 5GBs should be enough, though we are not going to use them all.

2) There will be a lot of troubleshooting along with the mainstream way to do it.

3) For those who will follow the guide installing Kali: Linux Deploy will NOT install the entire OS, but only the minimal base system. This means: you'll have to download the tools yourself. I'll be talking about some alternative ways, although the "Linux Deploy" one is the recommended one. I'll be doing a mini-tutorial on how to install metasploit. Again, if you don't need this, do't do it.

4) What does Chroot mean anyway?: Chroot means that the entire base system will be installed on your phone and Linux Deploy will only start the system. You'll need log into the SSH or VNC server started with it to actually use it.

-So: the process is, by its own, pretty simple. Start by downloading "Linux Deploy" form the Play Store, obviously after having rooted your device.

-Just for reference, this is the guide I'll be referring to (Kali Linux official website).

-Once started Linux Deploy, you'll face this first screen:

Linux Deploy Main Layout and distro settings menu

-What you need to do is click the second button from the bottom right (down arrow). The second image is the screen you'll be shown.

-Make sure your settings menu looks like mine above. You have to change "Distribution" to "Kali Linux" in order to install Kali Linux, obviously. Here is where you can choose a different distro, if you want. As suggested by Kali developers, make sure you have at least 5 GB of space free. If you want to install the image on your SD external card, just change the "Installation path" to /storage/extSdCard/YOURFOLDERHERE/linux.img (the linux.img will be created by Linux Deploy). Eventually, you can change "Localization" to en_US.UTF-8 instead of ru-'. Here you can also choose what basic tools and Desktop Environment to install (below the screenshot I posted), but the default should be fine. Again: be sure of what you are doing.

-This should be all fine, if you get any error during the next steps, don't worry, I did too, I'll post a little solution below. Click on "Install" and wait for the installation to complete. It depends on your internet connection how much time it is going to take (with a good one, 10 minutes of average). Oh and, for those who don't get it: it is going to install a Linux distro, not an application. It's heavy, DON'T use 3G, be sure you are connected to a Wi-Fi Access Point.

-If you get any error or fail message, do the below steps (not going to upload screens actually):

UPDATE: At the end, I put a troubleshooting section too, if these steps can't help you

1)Go back to main menu (first screenshot), then click the settings button (first bottom right)->Settings.
2)Make sure "ENV Directory" is set to
3)Uncheck "Built-in shell".
4)Click on Update ENV.

5)Download "BusyBox Installer" from the Play Store. Open the application and click "Install". Be sure you are connected to a Wi-Fi eventually, and wait for the installation to complete. If you are not able to accomplish this step, follow other guides that you trust. Else, leave "Built-in shell" checked.

6)Optional: in the distro settings, choose "User name":"root".

And then try to reinstall it by clicking "Install" once again. If you need more help, ask in the comments. I told you this is tricky.

-After an "<< end" message appears, you can now start your Kali minimal system by clicking the "Start" button in the main menu. If there's no error message, we can move on.

-Choose to download either a VNC or SSH client. I prefer SSH, because the VNC GUI looks really fancy on Android, you would have to adjust too many options to get it working. SSH gives you only a terminal, but IMO it is way far better for Linux users. I recommend "JuiceSSH" as SSH client, just the first that worked for my, nothing special about it (and it's eye-candy).

-If you'd like to change the Desktop Environment, for example for the one which mostly resembles the one used by Kali Linux for PCs, go to Distribution Settings-> Desktop Environment-> GNOME (or the one you want to pick). Next time you'll log in trough VNC, the new Desktop Environment will be loaded.

-In your client, make sure type is set to "SSH", Address to "" it is running on your Android device or the IP address of the device (that you can find in the main menu of Linux Deploy) if you are in a LAN. Make sure port is set to 22 (if you can't change it, it is set to 22). When you are asked for credentials, user is "android" if you did not run trough the troubleshooting section or "root" if you changed the user name when I told you. Password is "changeme", you should now be able to run commands on your Kali environment. Same for VNC (excpet for the port obviously), but you'll see it is very annoying, developers themselves say most of the people will be SSHing in it.

-If you want to mount Android places in Linux Deploy (under /mnt), go to Distribution Settings-> check "Custom Mounts"-> Mount Points-> select the one you want to mount in /mnt. This way you can access Android files, external sd card or even save files on your Android storage.

-If there's anything unclear, please refer to this guide on the XDA developers forum.

-Once done, click on "Stop" in Linux Deployer.

-To setup the system, once SSHed in Kali, run the commands: sudo apt-get update, sudo apt-get upgrade, and sudo apt-get install kali-linux -yq to install the tools.

-For example, to install metasploit, simply do apt-get install metasploit, as if you were in Kali on your computer.

-Note for promiscuous mode users: some vendors use promiscuous mode (therefore packet injection and sniffing ecc...) able wireless adapters. If your Android device can, lucky you, you now have someone who publicly hates you, me. Anyway, just figure out with iwconfig which is the wlan0 you will be using, install aircrack-ng like you were sitting in front of your computer and let your imagination fly.

For those who are too lazy to read trough the tutorial and are complaining against me because of my terrifying explanation, I linked these other two guides (except for the little troubleshooting part I added):

XDA forums and official Kali website. Just to let you know.

Whoa, this was long. Gonna take a break. See you in 1 line.

Linux Deploy Troubleshooting

I've learnt how this cool guy of Linux Deploy works now, and after having some troubles which took me very long to solve (no documentation online >.>), here I am, trying to collect all the solutions I found:

First of all, the cause of many issues is that Busybox:

Download any Busybox installer, choose to install it in /system/xbin and uncheck "Built-in-Shell" in Linux Deploy settings (with some very last udpates is seems working, not sure, however doing this is more reliable).

-Issue: sh <stdin> ".../linuxdeploy: no such file or directory":

This error is cause by Linux Deploy trying to find the sh executable in its folders and, for some reason, not finding it.

This can be easily solved by feeding another sh by symlinking:
Open a terminal:
cd /data/data/ru.meefik.linuxdeploy/linux/bin
rm sh (if any)
ln -s /system/bin/sh sh
Or, if you want to use busybox one if you have it:
ln -s /system/xbin/bash sh

-Issue: "Can't check if filesystem is mounted..." -"E: Cannot install into target '/data/data/ru.meefik.linuxdeploy/linux/mnt' mounted with noexec or nodev"

I solved randomly tweaking around and checking the box "Use built-in-shell" and "Create symlink". Not sure if this was actually the solution.

More troubleshooting here at the github issues: #60, #216

Boot Linux Directly from Your Android Device

-We are going to use the application "DriveDroid". This time you won't need BusyBox or else. The process is definitely easier, although you might encounter troubles during it, mostly in terms of compatibility. One thing at the time.

-Download and install DriveDroid from the Play Store. This should be the main layout:

So, what do all these read things mean? Got no skills to explain? Almost.

-You will only have drivedroid.img as available OS here, I have more that I use. The red ones are only examples of what you might be able to do with this.

-However! Before you can access the main page, a wizard setup will pop up. Follow the wizard setup (if you didn't, you can always click on the button marked as 1 and under "Usb Settings" you'll find USB Setup Wizard), with these recommendations and considerations:

1) The first screen tells you if your device is supported. Most are, but if it isn't, forget it.

2) The second tries to acquire root privileges. Your root manager (e.g. SuperSU) will tell you that this application is trying to acquire root. I can tell you that absolutely nothing bad should happen, but you never know, so if you don't trust this, don't do it and abandon the guide here.

3) As the setup will tell you, plug the USB cable in your computer.

4) This is important. Basically, you will be choosing which USB system will manage the USB connection between your device and the computer. As said in the setup, most of the times the first in the list just works fine, but if you encounter any error, you are free to try and use the other ones.

Important: Here is where Usb Mass Storage (UMS) support comes in handy. If this feature comes with your device, you should (even without DrvieDroid or rooting, be able to connect your device to your computer as a USB drive, sharing data storage like the SD Card and your internal memory file archive (not the internal system obviously). If you don't have this feature (so, if you only have MTP and PTP when you click on USB connection notification) you can't use DriveDroid with its greatest potential. Basically:

  • If you have UMS support, you can choose to share DriveDroid files to boot your portable OS (Linux Distro) as either a USB or a non-rewritable device.
  • If you don't have UMS support, you can only share it as non-rewritable device.

What this means is that if you have UMS support you can format that space and install Kali Linux as it was an USB driver as shown here. However if you don't have UMS support you will be able to choose but even if you chose USB, it will always show up as a non-rewritable device (basically, a full CD).

5) Once you have chosen how to share DriveDroid space, your computer will either recognize the device as a USB or a CD or not recognize it anymore (Macs, for example). Don't worry, we can revert back to MTP in a few seconds later, and this doesn't mean that the computer won't recognize it at all, because during the boot process it will. In the next page, choose "I see an USB drive" if you want to share it as USB drive, or "I see a CD drive" if you want to share it as a CD. Since I was not able to use it as an USB drive, I'll go with the CD. now you can either finish the setup or go back to the main page.

-Now: you are given with only one drivedroid.img file. To add your OS, you have three ways: download the image directly within DriveDroid, use an image you have in your internal archive or external Sd card or write your image with any tool you have in your computer on a blank image.

-Press the "+" button (2) and choose your option.

1) If you'd like to Download an image (this can take a few hours, make sure you are connected to a wifi access point), press "Download Image". Choose the OS you'd like to install (e.g. Kali Linux) and choose which image to download. Once the download is finished, the image will appear in the main page (if not, add it as explained in the second step, using as path /storage/0/emulated/downloads/IMAGE.ISO-IMG, you can browse there with a root browser to see how it is called).

2) You can add your own image by "Add image from file", obviously you first have to connect your device as MTP, transfer the ISO or IMG in the shared archive ("Phone") or external SD card ("Card"). Write a title and the path to your image (you can browse there with a root browser, I suggest "Root Browser" in the Play Store). If you have your image in your shared archive, the path is /storage/0/emulated/pathtoyourimage.img-iso, while if you have it in your external SD card, the path is /storage/extSdCard/pathtoyourimage.img-iso (again, you can browse there). Once done, click on "Done" in the right top corner.

3) Alternatively, you can "Create a Blank Image" (make sure you give it enough space!) as explained in this XDA forum article and in this SoftwareBackery article. NOTE: this is the way I recommend, as it is the less error-full way, however, this CAN'T be done if you don't have UMS support (so I didn't try it). If you don't know what you are doing, then simply follow the first or the second way, or just don't do it. This is harmless, but you could end up filling random space on your precious device.

-Note that with this process you should also be able to boot Windows and Mac OSX directly from your android. Pretty interesting, I guess?

-Once done, you simply have to click on the image in the main page and choose how to host it (if you chose CD, then you'll be given with only one option, if you chose USB, you can choose both writable and read-only USB). Then reboot your computer, plug in the USB cable, enter the boot menu and you should be able to boot in your OS.

-Personal experience and sad considerations: If you want some practical examples, take this: I have a Samsung Galaxy S5 (formally known as SM-G900F) without UMS support (and every application that promises UMS support failed), so I can't write my own ISO to a Blank Image. So far, I've tried: Kali Linux 1.0.9a (did not even start), Kali Linux 1.0.9 (both 32 and 64 bits gave me a squashfs system error at boot and I wasn't able to go any further), BackBox Ubuntu (worked with BIOS and should probably work with UEFI, but Mac's EFI boot holding C returned a strange error that could be solved by using the boot command line but I wasn't able to type anything because of Mac's awfulness), Ubuntu 14 (works in BIOS, UEFI and Mac's EFI perfectly, although not supporting, as far as I can see, Mac's wireless adapter) and some smaller distros that worked almost anywhere (but didn't even have drivers for my computers, so they were pretty useless).

-If you want to revert back to MTP or PTP (or any file USB file sharing system you used to use on your Android device), try to close DriveDroid and click on the USB share notification by DriveDroid (a restore message in the notification bar should appear). If that doesn't work, you can try to force the device to restore USB settings by rebooting it or simply (this works) activating developers settings by Settings->About phone->tap 7 times "Build number", and then Settings->Developer settings-> check or uncheck "Debug USB".

Kali Linux NetHunter for Nexus and OnePlus One

Alternatively, if you have got a Nexus or OnePlus One device, you can install Offensive Security's NetHunter. The process to install it is completely explained in the mentioned link.

Update: the user F.E.A.R. made a guide about installing it!How to flash Kali Nethunter oneplus and nexus devises most as secondary rom.

"Complete Linux Installer" or "Linux-on-Android" and "Install or Mount"

These two projects are also very useful in terms of chrooted linux in Android, along with some others Debian related.

Complete Linux Installer XDA page: where you can also find some clarifications about chroot environments. I honestly found a lot of problems with this project, however I don't feel like putting it down, because it seems a very good one. If anyone can get it working, report please! Also, these guys from XDA host a huge amount of chroot Linux images for ARM, so if Linux Deploy is not enough for you, check this out!

Install or Mount XDA Page: this project if simpler than the other ones, however still buggy and deprecated. Again, couldn't manage to make it work, but still pretty interesting. It was aimed to be a fast bootstrap ubuntu and kali installer. If you need it, you can check it out. It is terminal based and offers a very simple interface.

Update: Weaponizing Your Android!

Constantly updating
Now that you setup everything, is time to have fun.

Linux Deploy Kali Tools
Tools that can be used in Kali Chroot

-Exploitation: Metasploit.
Metasploit obviously needs no introduction. You can get the latest version by installing it with apt-get.

-Man-In-The-Middle: Ettercap, Wireshark, SSLStrip...
A long list of tools in this category, which can all be obtained by installing them via apt-get.

Android Application

This is a very large category, is you have any suggestion please post in the comments. Here I posted some of the most interesting and common tools


Zanti is basically dSploit legacy. With Zanti you can perform MITM, Port Scanning, Session Hijacking, Password Sniffing, SSLStrip sessions, code injection... is, in my opinion, one of the best suites (if not the best) for MITM on Android.

-Bcmon: a tool that, if supported, can put your wireless card into monitor mode.

-Pcap Capture: Very awesome tool that allows you to capture packets to then analyze with wireshark with 0x0bda and 0x8187 external adapters devices and an OTG cable(for example, awus036h, also known as alfa!). Unfortunately, it is only a standalone application, and doesn't actually put your adapter in monitor mode globally, so you still can't use it, for example, with aircrack.

-Wigle Wifi: tool for wardriving which keeps track of all the APs that your phone catches and saves the details, with the incorporated use of map and GPS. Very cool to check out!

More can be found in this infosec institute article.

Capturing Packets and Analyzing Them with Wireshark

If your phone's wireless adapter can't go in monitor mode, you can always use an external wireless adapter and use the application "pcap capture" to capture packets trough the air. You can the save the files in a place that is mounted in Kali on your Android, install Wireshark and analyze them.


As you can see this is a very comprehensive guide full of references and troubleshooting. I think that there isn't much documentation about this topic (mostly for troubleshooting), so that's why I like to share the ways I solved the problems that I encountered, so that this is public on the internet and not vague anymore (most of the times I solved these problems by looking at the comments section trying out what people did).

And let me repeat this once again: some of these steps can be troublesome, specifically in newer devices. For instance, with a S3 you should be able to enjoy any aforementioned capabilities without any problem. So do it only if you really need it or you are a very troublemaker security enthusiast.

As always, I'm very, very sorry about any unclear part or explanation due to lack of english language knowledge. If you have any suggestion to improve this guide, please comment. Also, please share your experiences with this, so that people who come here can make sure this is a safe thing to do and that they can do it on their device. If any link in the guide is considered spam or illegal, delete this immediately (I doubt, but I don't know).

Thank you for reading and hope this helped.

Cover image: android+kali linux+linux logos with windows lurking in the back. In case you didn't notice, my cover images are supposed to be easter eggs. I know I am not funny, but give me satisfaction at least (does this seriousness work?). Oh you read it this time because it's longer ah?


I've always been interested in smart phone hacking devices; even well before Watch_Dogs came onto the scene...

*shakes fist at Ubisoft*

Very nice article Ciuffy; I found it very easy to work through.


Thanks! Researching about Nethunter right now, forgot about it, I'll add a little paragraph about it probably.
Edit: done, right before conclusion.

can you port nethunter to lenovo k3 note or to redmi?

Nice you realeased it!

It'll surely help when I'll get my android phone back, I never really thought you could do so many things with a phone, it'll but fun to try it out!

you can try bugtroid on it has the most important pentesting tools for android

Also! Thanks for the reference, I'll probably be adding this to the article, now that dsploit developers joint another team...

Love your guides. Detailed and concise as always.

Keep it up! Sounds easy enough with some persistence

Keep it up man Love the way you explain and solve issues
Appreciate your help !!!

Hello , thanks

i have a question i finished installing kali distribution from start GNU/Linux installation using linux deploy and then moved on and reconfigure after that and as you suggested i installed JuiceSSH and applied the info that you said about , made a new connection with a random nickname port :22 as it is

type is SSH
but im getting an error
Connection Failed
failed to connect to / (port 22 ) : connect failed ECONNREFUSED(Connection refused)
i think im getting the same error in VNC Viewer which i have it also installed

Same as answered under jailbroken iDevice tutorial.

Ya sorry for not posting in the appropriate section , anyway i was getting this error a while ago the error mentioned above , but now i bought a new sd card with a bigger capacity for trying again forget about the previous issue . Because i think it might happen again !

I want to ask about the image size limitation because an image size with 7128 gb is failing , i was just following this guide in this article :

and they mentioned we have to set the image size to 7128 MB , but some people are saying the FAT maximum image file size 4095 MB

so should i stick with it or what or keep it to automatic , just tell me so i can proceed and I'll inform you guys with the results

It depends on how your sd card is partitioned. FAT is probably too obsolete, you might have FAT32, which allows partitions up to 1TB. Set it to 7128, that's what I did, and no error showed.

Alright that makes sense so what do you recommend me to do stick with 4092 or do something else so i can set install the image with 7128 ?

because now im trying with 7128 and it's failing . P.S before when i had it set to 4092 or maybe automatic the installation went normally

Man you're awesome thanks for your help and your quick replies

since you said partition should the installation type be file or partition
Please reply ASAP! :D

File. So you mean 7128 doesn't work? What's the error? Try with 4092 if you want.

installing now with image size (4092)

the installation is in process right now, after it's done i have to press reconfigure right then follow your guide ... hope that issue comes again so we can figure it out and help others too solving this issue

No it says Creating image size (7128) : fail
so it's fine to go with it (4092)
there is no way to make 7128 work? in case i want to go for more tools ... or is it just fine
tell me and i'll proceed

4092 are way more than enough anyway.
I'll try to reproduce it tomorrow.

Just pulling that out from a far away memory: a max of 4 GBs per file on Fat 32 because of very few bytes dedicated to file lenght.

The installation finally comes to an end

but ... at the end of the installation lines there is a line that caught my eyes " E: Couldn't download packages : coreutils "

proceed to reconfigure or else ?
pausing and waiting for your feedback

Oh thanks for the clarification!!
After i finish the installation i should click on reconfigure right ?? then follow your guide with Juice SSH

Two more issues !! when i reconfigure one line at the bottom ... Chroot :Cant do a apt-get update : no file or such directory ...

one more : when lunching vnc or ssh : connection failed failed to connect to / connect failed : ECONNREFUSED(Connection refused) do you want to retry ?

I don't know if it's so obvious or it's tricky im confused

this what comes when i press start in linux deploy:
Mounting partitions:
/proc... done
/sys.. done
/sys/fs/selinux... done
/dev ... done
/dev/pts .. done
/dev/shm .. done
/proc/sys/fs/binfmtmisc ... skip
Updating configuration:
dns .. done
mtab ... done
starting services:
SSH :22 fail
VNC :5900 ... fail
end: start

It's probably related to the fact that apt-get is not finishing properly.

ya i guess Anyway thank you very much i solved the problem i changed the architicutre to armel aaah so abvious then reinstalled the GNU

now the installation is solid and correct JuiceSSH is successfully connected and bVnc as a vnc client KALI is up and Running :D

installing tools now
any idea what's this error : E: unable to fetch some archives, maybe run apt-get update or try with --fix-missing ?
and for people who has the same problem I'm the same guy (Sherlocked) just forgot my password :P
Best Regards

For people who is having trouble with metasploit installation
E: Unable to fetch some archives , maybe run apt-get update or try with --fix-missing

sudo apt-get update will for sure fix your issue try it out and then apt-get install metasploit again and it should work as far as i know it worked for me !! :D

Glad it worked. Thank you for reporting.

Welcome anytime!!

Within minutes of installing Kali on my laptop I eyed my Android phone and Galaxy tablet - both are rooted. After days of frustration I stumbled on your extremely well written how-to install and attempted both devices at the same time (glutton for punishment).

Phone installed without a hitch (Thanks!!!) and able to update, upgrade, and install Kali with JuiceSSH. The tablet installed and SSH got me to android@localhost:~$ but I can't sudo update, upgrade, or install Kali because Permission Denied. Can't su because it wants a password and 'changeme' (and others tried) won't work.

ls -ld gives me "drwxr -xr -x 8" (shouldn't that 8 be "root"?)

sudo -id returns "setresuid(0, -1, -1)

getent passwd | grep ':0:' returns with "root:x:0:0:root/root:/bin/bash

is there an easy fix or do I have start all over?

Username: root
Password: toor

Try that.


Agree, it's a issue I've never faced before.

Thanks to both of you for your responses. I tried your suggestion, GHOST_, but I couldn't get beyond the log-in screen where normally the userid and password are automatically processed. A pop-up kept refusing the toor password. I quit that screen and logged in with userid: android and password: changeme to get to the android@localhost:~$ and then entered su which brought up a request for the password for root: toor didn't work there, either. I've exhausted all passwords I could think of and came to the conclusion that I randomly pressed the keyboard as I snoozed off for a few seconds when the install requested a password - I can't do the all-nighters like I used to!

CIUFFY, I think I'll just reinstall. I really appreciate you both spending time on this.

-rjm m

I did the reinstall and got the same results. any android@localhost:~$ su -i and sudo apt-get install <filename> results in Permission Denied. Meanwhile the android phone install works perfectly. Again, both are rooted, both downloads installed on ExtSDcard.

Make sure you follow the troubleshooting section, and use the right username.


I followed your suggestion for seeking troubleshooting and scrolled through the maze of posts/links and ended up at and found the solution: in the Linux Deploy setup change User Name to root.

Of course, you said the same thing in your post above in step 6 but all I saw was "Optional" and ignored your advice - my bad! For my punishment, I spent a lot of time grubbing around in the root of my androids and learned a lot in the process.

So, for anyone else frustrated with the Permission Denied after a new installation of Linux Deploy:

  1. Follow CIUFFY's advice and don't vary from the path
  2. if all fails, repeat Step 1.

Thanks, Ciuffy.

BTW, DriveDroid is a great tool and I look forward to finding out what its capabilities are. Thanks for highlighting it for us.

Now, time to have some fun. . .

Ah! Gotta remove that optional ;-D

Glad it worked!

Should i buy a nexus device and use nethunter
Or buy another android tablet thats not nexus and get Drive Droid ??

ALSO if i install kali on drive droid on a android device then plug it in a PC will it load up kali(persistence so i can save files as well)

Nethunter and this are two different things.
Linux deploy allows you to run basically a VM of Linux on your smartphone.
Nethunter is a firmware.

Drive droid lets you boot an OS from your android phone, like if it was a live CD, so no persistence (at least on new devices).

But yes, that's what drive droid does. Achieving persistence might be a little more difficult or even impossible with the newest devices.

Going to try NetHunter at last!
But a little problem/confusion here,
Is NetHunter a complete ROMor do we have to flash it to a ROM(as an overlay)?
If yes, why is this(screenshot) making me download so many files, I just need a .zip (i.e. the first file)
If not, even then I need only two files, a firmware/ROM and this
Looks like I am missing something(or maybe everything), maybe the 5th step will make it clear,
But I need to know that before it so that, I can cancel them. (As per requirements, Eg: like I already have TWRP)


Sorry for not answering, Fear:

Quoting from the official FAQ:
"What is NetHunter?

NetHunter is an Android ROM overlay for Nexus and OnePlus devices aimed at providing a portable framework to conduct penetration testing and security auditing. NetHunter is based on Kali Linux."

So it is in fact an overlay ROM.

I've never actually spent too much time on ROM flashing, and I don't have the physical requirements to try it on my own.

Maybe you can find some help in the community forum:

OK, Thanks for the answer Ciuffy!

Hey, thanks for this whole tutorial. I just want to ask a question about this error I keep getting when trying to run, apt-get install metasploit, or something else, like airmon-ng. Regardless, I keep getting this error, "E:Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)

Followed by
"E:Unable to lock the administration directory (/var/lib/dpkg/), are you root?

I do happen to have root access so, I am lost. Can anyone fill me in on what I am doing so very wrong?? Thanks in advance.

While you are waiting for Ciuffy's response, try changing permissions (to read/write), by navigation to the directory, using root explorer.

See if this works.

Ah, another issue. I can't seem to open up my file manager.......... I'm on a oneplus one, currently running Bliss pop, 3.4. If I have to flash a new rom, like MIUI. I certainly wouldn't mind. However, I have ES file manager, and that opens up just fine, I could even go to the root directory. Can I change the preferred file manager for Kali?

If you are using OnePlus then, why not NetHunter!?
(Now, I really think I am going to do a tutorial on it)
And I though you are talking about Nethunter, so I mentioned root explorer.
Edit: thought*

Do a tutorial on nethunter i want to use it but not sure how to
i dont want the noob way becuase i want full functionalty

@Mizanur: this is not noob at all. It's just the best way to deal with Kali installation on Android if you don't have a phone that is supported by net hunter. Anyway, we miss a nethunter tutorial, and since I can't test it, I'd like if @F.E.A.R. made one, good luck with that!

@Irvin [first issue]: "Unable to lock the admin directory- askubuntu"

@Irvin [second issue]: Which of the Window Managers are you using? GNOME? It has its own file mangaer, Nautilus, which works just fine for me. Try going into settings of Linux Deploy-> Desktop Environment-> check GNOME. Next time, VNC will show a desktop environment which is very similar to the one available on PCs.

There you go!
Now let me get some sleep (Zzz)

Some Info on NetHunter:

It was complicated, as even I don't know much about flashing, but I finally installed it with success (after 7 successive fails!) Without wiping any ROM or data (Multi-Rom)

I have checked, many forums, and people are stuck with boot-loops, and their data getting erased.

And the NetHunter Installer (for windows), is for Newbies, and it wipes, all the data TWICE! and flashes a Boring Stock AOSP ROM!. (I would be doomed if I had followed that)

Like I said earlier, I only needed two Files, that's what I did. (Actually 3)
Thank You Ciuffy, As I didn't know it was an overlay, and would have ruined my android, if I had flashed it directly.
(Just wanted you to know) (Maybe I'll do a tutorial on it.)

No problem, looking forward for the tutorial, we need that.
Make sure people understand that windows is not reliable.

And again, sorry for answering so late again, everyone.

All Good

Update: Added Wireshark, pcap capture, mount points and how to change desktop environment.

Will make tutorials on it if needed, but only a very few people use it.
Will wait for high demand.

Update2 06/26/15: Added the some troubleshooting regarding different common errors and more useful tools. Also provided links to Complete Linux Installer and Install or Mount from XDA developers.

Anyone who had some problems, see if now can make it work.
Also, check out the other stuff ;-)
Also added a link to FEARS's guide about NetHunter.

Hi thanks for your neat and good post. I am able to install kali in my mobile. But commands like arpspoof are not working for me. Can you help. Am new and am learning. Sorry if it is a simple question

The version installed is a bootstrap. You may have to actually "apt-get" the missing utilities.

Thanks i got it by doing apt with dsniff. I got to see the utlity names for other commands. Thanks


i am getting an error like this " E:couldnt download dists/kali/main/binary-i386/packages " .. please guide me on what to do ... Thanks .

I've never met this issue. Have you made some strange edit to the configuration or settings?

i have Gionee Elife E7 Device. installed Kali Linux Via Linux Deploy. Using JuiceSSH for SSH Session.

tried to perform the How to Hack Android Using Kali (Remotely) BY F.E.A.R. but stuck at the end where payload handler starts.

Can U Help ME ?

I'm sorry, but that's OT.


Xperia z3, took some noodling but great guide!

Great! Thanks for reporting!

Also to check for promiscuous mode (on xperia z3):

Use of iwconfig requires:
#sudo apt-get install ethtool

Use of airmon-ng required install of lsusb which is now in usbutils:
#apt-get install usbutils

Im still unsure if i can put my xperia z3 in monitor mode?

#iwconfig wlan0 mode monitor

SET failed on device wlan0 ; operation not supported. Is this dependent on my system chip ? Qualcomm Snapdragon 801 8974-AC

Sorry for the late response!
You should check if the chipset is supported by common monitor mode utilities, which is harder in more recent devices.

I had the same problem, with the difference that I didn't get "opeation not supported". At the end, I solved by editing the ROM's kernel to support wireless adapters like alfa and did it that way, as explained here:

Thanks! will investigate now!

I'm running into this error repeatedly, no matter what I do:

11:04:55 Updating configuration file ... done
11:04:56 >>> begin: install
11:04:56 /data/data/ru.meefik.linuxdeploy/linux/bin/linuxdeploy: line 1700: uname: Permission denied

11:04:56 Checking mount points ... /data/data/ru.meefik.linuxdeploy/linux/bin/linuxdeploy: line 1759: grep: Permission denied

11:04:56 sh: bad number
11:04:56 fail
11:04:56 Press STOP and repeat attempt.
11:04:56 <<< end: install

Any ideas for how to fix it?

Seems like you dont have root

No, it's not. Linux Deploy doesn't even start if you are not root.

Chmod 777 /data/data/ru.meefik.linuxdeploy/linux/bin/linuxdeploy

In a root terminal.


I'm having the exact same problem as the person above, I'm running a rooted Samsung galaxy s5 sm-900f. When I try as you said, that's what comes up, any clue about what I should do? thanks a lot!

u0a236@klte:/ $ su
.meefik.linuxdeploy/linux/bin/linuxdeploy <
Usage: chmod OPTION <MODE> <FILE>
-R, --recursive change files and directories recursively
-h, --no-dereference do not follow symlink
--help display this help and exit
10|root@klte:/ #

There is a space between 777 and /data, my bad.

It says enable to open
nuxdeploy : no such file or directory.

Sorry to bother you but I've been trying for a really long time now :
"Please, uncheck the option Settings -> Built-in shell. Also need to install busybox."-Meefik

Also, I have the same device and I am able to cd to /bin and chmod 777 linux deploy with no problems.

Thanks a lot! I finally managed to get kali running on my GS5.
Thank you very very much!

The only thing is, I can't install the tools i'd like to because I'm set as local@host and not root@kali. So when I try to use "sudo" I get "permission denied", apt-get won't thus work, even with sudo -i. I tried "su" and the password "toor" but it doesn't work. Any advice? :)

Oh, that worked? Awesome. It usually never works first try, lol, anyway glad of it.

Try changing the user in linux Deploy settings to "root". If there's a password, it's alwyas " changeme".

Hello again, I'm really doing badly again :D with the update to Kali 2.0 there's now to choose between "moto" and "sana" ; kali isn't an option anymore. I went on their website to check what's the difference but can't seem to find it. So, I tried to re-install everything and new problems appeared : 1) VNC.... chroot can't execute 'su' permission denied

2) dd: /storage/extSdCard/kali/kali.img : invalid argument Like my sdcard isn't the same anymore when I didn't change anything.

I really hope you'll be able to help me, thanks in advance and thank you for you time. :)

Oh, you are right!

Bet it's time for me to have another look around. They might have broken something. Fortunately, I kept the old one and have a working image. I may considerato sharing that too if problema are too bad...

Anyway, it seems like those errors are on linux Deploy side, they may not be linked to Kali 2.

Thanks for your quick answer on both posts,
I'll keep you update if I manage to do download anything.
Have a nice day!

Please help me! If i want to install kali linux with linux deploy it shows an error : couldnt download E:dist/sana/main/binary-armhfpackage . I tried 1000 time but nothing helps! Please ! There is nothing on google about this issue

As an alternative, a solution to problema might be:
-install busybox
-Don't use built-in shell
-chmod 777 linux (the folder under the app folder in data/data)

Don't know what to say about missing packages, I don't think I can really solve it, it's up to meefik, but I'll check.

I really enjoyed your article, but my phone seems a little bottlenecked when it runs in that setup. I have ended up simply mounting a kali .img file and running in the Android Terminal, and it works really well (note, Busybox is required and there are still quite a few annoying issues that need to be worked out like the annoying popups shouting that certain services are not supported and that they have failed or crashed).

So, in conclusion, thanks for a freat article!


I can't seem to install Kali Linux,

Updating configuration file ... done
>>> install
Checking installation path ... done
Making new disk image (4095 MB) ... done
Making file system (ext4) ... done
Mounting partitions:
/ ... done
Installing Debian-based distribution:
E: The selected extractor cannot be found: ar

Found a solution to your problem. I'm assuming you downloaded this once, didn't like your settings, and decided to redownload. That is the most likely cause of this error. The fix is relatively simple: simply go to your settings and click storage. You should see a "miscellaneous files" section. Delete the linux.img file.

This should fix your problem. If not, get Uninstaller from the Play Store and uninstall both linux deploy and VNC Viewer, then, reinstall. I also suggest reading this link

I did the setup wizard in drivedroid and got my device as a G: named drivedroid under this computer in my pc, is there a way to get back my regular phone browser with standard icon? my pc is detecting my phone as a cdrom now :D

how can i mount using the phone internal memory.

Updating configuration file ... done
>>> install
Checking installation path ... done
Making new disk image (4095 MB) ... done
Making file system (ext4) ... done
Mounting partitions:
/ ... fail
Plz help

Share Your Thoughts

  • Hot
  • Latest