Latest Kali Linux on Raspberry Pi with Touch Screen, Bluetooth and touch optimised interface (New: Bluetooth, Rogue AP, Remote access AP, more tools)

Sticky Fingers Kali-Pi – The pocket size, finger friendly, lean mean hacking machine.

Need practice targets?
Checkout Sticky Fingers DV-Pi

Content

1. Overview
2. Installation
   
   1. Quick install using pre-configured  image
      

      Manual installation:

   2. Vanilla Kali with TFT Touch Screen
      1. Kali Linux
      2. TFT Touch Screen
      3. Applications
      4. House keeping
   3. Sticky Finger’s Menu & Accessories
      1. Boot into console
      2. Create low privilege user
      3. Setup FTP server
      4. VNC Server
      5. SDR-Scanner
      6. Sticky Finger’s menu
         • Fix Pygame compatibility issue (libsdl1.2 and above cause trouble)
      7. Enable auto logon
      8. Screenshot tool
      9. Snort
3. Tips
4. Discussion (new discussion forum available)

Ingredients:

• Raspberry Pi 3 (also compatible with Raspberry Pi/0/2)
• Adafruit PiTFT Plus 3.5″ (Other TFT’s also supported)
• TP-Link TL-WN722N  (for wireless sniffing)
• RTL-SDR Receiver RTL2832U (for radio frequency work)
• Pibow PiTFT+ case
• Rii mini i8+ wireless keyboard
• Kali Linux for Raspberry Pi 2/3, or Kali Linux for Raspberry Pi / Pi Zero
• Re4son-Kernel with TFT and Wifi injection support (Updated in April-2018)
• Reason’s Kali Menu for 3.5″ & 2.8″ screens (thanks JPearn & ArmyGuy255a).

Features:

Kali-Pi always returns to the touch menu after quitting an application or X.
After turning the screen off, just press anywhere to wake it back up.

When PulledPork is done, just tap anywhere on the screen and you’ll return to the main menu

Once the WWW-Server, MySQL server and Snort are running, we can access BASE:

Clicking “Open-VAS” starts the OpenVAS services and the Greenbone Security Assistant which we can access via web browser:

Kali-Pi mounted on a TBS discovery providing aerial support during a pen test.

Installation

Quick Install:

You can follow this guide to download a pre-configured disk image and to configure it for your specific touch screen model in only a few short steps.

Or you can take the red pill and do the
Manual Installation:

Install Kali:

1. Get kali linux for raspberry pi 3 here
2. Image your sd card (run “sudo fdisk -l” to get device name):

   sudo dd if=kali-2.1.2-rpi2.img of=/dev/mmcblk1 bs=512k

3. If you have an sd card larger than 8GB, this is the best time to extend the partition using gparted or fdisk (see fdisk howto). Don’t forget to run “resize2fs /dev/mmcblk0p2” on your Pi afterwards to extend the filesystem to match the new partition size.
4. Boot the Pi, change the root password and generate new ssh keys:

   passwd
   dpkg-reconfigure openssh-server

5. update time zone via:

   dpkg-reconfigure tzdata

6. If you want a swap file, it’s the quickest if you create it at this stage according to tip 4. (thanks to RFA in the forum for pointing this out).
7. Update it:

   apt-get update && apt-get upgrade

   If you receive an error, you might want to try another mirror (see tip no 12)

8. A recent Kali update introduced a bug causing the LightDM to not render properly resulting in a black screen with an arrow in the top left corner. The latest update should have fixed that but if the problem persists, we can resolve that by switching to SLiM:

   apt-get install slim

   This will install it and prompt you to select the new display manager.
   Just select “slim” and you are all set.
   Once the bug is fixed you can switch back via:

   dpkg-reconfigure slim

9. Edit “/etc/hostname” and “/etc/hosts” if you wish to change the hostname

Voila – you are now running the latest and greatest version of Kali-Linux

Install the TFT touch screen:

1. Assemble the screen, boot up and install the TFT enabled kernel with wifi injection patch and Re4son universal TFT setup tool.
   NOTE: You don’t have to reboot immediately. Just press “N” when prompted and continue setting up the screen

   sudo bash
   mount /dev/mmcblk0p1 /boot
   cd /usr/local/src
   wget  -O re4son-kernel_current.tar.xz https://whitedome.com.au/re4son/downloads/11299/
   tar -xJf re4son-kernel_current.tar.xz
   cd re4son-kernel_4*
   ./install.sh

   For Raspberry Pi 3 and Pi Zero W:
   – Press “Y” when prompted to install bluetooth and wifi drivers (not required on Raspbian)
   – Say “Y” when prompted to enable bluetooth services (you can still disable them later)

2. Run the Re4son Universal Pi-TFT Setup tool, located in the same directory as the kernel.
   It’s always a good idea to run an update first – I tend to update this tool frequently:

   ./re4son-pi-tft-setup -u

   Next you can run it for real to setup your screen (type “Y” when prompted).
   Example command to set up Adafruit PiTFT 3.5″:

   ./re4son-pi-tft-setup -t 35r -d /root

   Type “./re4son-pi-tft-setup -h” for a list of all supported displays:

   Usage: ./re4son-pi-tft-setup -t [pitfttype]
       -h            Print this help
       -v            Print version information
       -a [user]     Enable autologon for [user], use [user] 'disable' to disable autologon
       -b [bootpref] Set boot preference:
                       'cli' for boot to command line
                       'gui' for boot to desktop
       -u            Update Re4son Pi-TFT Setup
       -r            Remove TFT configuration (undo setup)
       -d [dir]      Specify path of user's home directory to back up and restore some files (defaults to /home/pi)
       -t [type]     Specify the type of TFT:
                                                '28r'      (Adafruit 2.8" PID 1601)
                                                '28c'      (Adafruit 2.8" PID 1983)
                                                '35r'      (Adafruit 3.5")
                                                '22'       (Adafruit 2.2")
                                                '4dpi'     (4D Systems 2.4",3.2" and 3.5")
                                                'elec22'   (Elecfreak 2.2")
                                                'hy28b'    (Hotmcu HY28B 2.8")
                                                'jb35'     (JBTek 3.5")
                                                'kum35'    (Kuman 3.5")
                                                'pi70'     (Raspberry Pi 7")
                                                'sain32'   (Sainsmart 3.2")
                                                'sain35'   (Sainsmart 3.5")
                                                'wave32'   (Waveshare 3.2")
                                                'wave35'   (Waveshare 3.5")
                                                'wave35o'  (Waveshare 3.5" Overclocked)
                                                'wave35c'  (Waveshare 3.5" Clones, such as:
                                                                            Elecrow 3.5"
                                                                            KeDei 3.5"
                                                                            Osoyoo 3.5")
                                                'wave40'   (Waveshare 4")
                                                'wave50'   (Waveshare 5" HDMI)

   NOTE: The Universal TFT Setup tool does it’s best to fully configure all screens based on the manufacturers specifications but has only been tested extensively with Adafruit, Raspbery and Waveshare screens. For all other displays, you may have to edit the following files manually to tweak the settings according to your screen:
   /usr/share/X11/xorg.conf.d/99-fbturbo.conf
   /usr/share/X11/xorg.conf.d/99-calibration.conf
   You can use the xinput-calibrator tool in the tools directory to calibrate the touch screen if required.

   1. The default font is a bit chunky. Check out my tip at the bottom of this blog to change it to Terminus 6×12. Looks much better.
   2. reboot
      The screen should be working now.
   3. To get the internal bluetooth working, refer to this forum post

Install Applications:

1. Install some additional packages:

   apt-get install aptitude curl cmake build-essential mailutils python-dev python-pip libusb-1.0-0-dev python-numpy htop ftp locate screen kismet pure-ftpd tightvncserver mysql-server darkstat ntopng mana-toolkit beef-xss resolvconf mitmf dns2proxy dnsmasq hostapd

2. If you have a 16GB sd card or larger and want to have kali in all it’s glory, get yourself a coffee and install the full kali suite (Note: 16GB is very tight, better to use 32GB. Run df -h to make sure you didn’t forget to extend your file system earlier 😉 ):

   apt-get install kali-linux-full

   The installation might hang during the wvdial setup. It can happen whilst sitting on “setting up wvdial”. Just kill the “wvdialconf” process and follow this guide.

3. If not, install only the metasploit edition:

   apt-get install metasploit-framework

4. Disable autostart of MySQL (we’d rather start it manually when needed):

   systemctl disable mysql

House keeping items:

1. Update locate db:

   updatedb

2. Setup OpenVAS:

   apt-get install openvas
   openvas-setup
   mkdir -p /etc/systemd/system/greenbone-security-assistant.service.d/

   allow web access to gsa by creating the file “/etc/systemd/system/greenbone-security-assistant.service.d/local.conf” with this content

   [Service]
   ExecStart=
   ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390

   you can change the automatically generated admin password with the following commands:

   openvasmd --user=admin --new-password=<new password>
   history -c

   The “history -c” command clears the bash history – important after entering a password on the command line.

3. add to “/etc/kismet/kismet.conf”:

   ncsource=wlan1
   logprefix=/home/ftp/pi/kismet

   This makes wlan1 the default capture device and all log files are being written to the ftp directory for easy remote retrieval (skip this if you are not installing the ftp server below).
   Use a kismet compatible USB dongle like the TP-Link TL-WN722N.
   To make thinks more predictable, you might want to assign wlan1 to your dongle permanently, e.g. via adding the following to “/etc/udev/rules.d/70-persistent-net.rules”:

   # USB device 0x:0x (ath9k_htc)
   SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan1"

4. Speed up booting without eth0 by adding to “/etc/dhcp/dhclient.conf”:

   timeout 10;

STOP HERE TO STICK WITH VANILLA KALI.

KALI-PI CUSTOM LAUNCHER:

Boot into text mode

1. Disable display manager with the Re4son Pi-TFT Setup tool :

   cd /usr/local/src/re4son-kernel_4*
   sudo ./re4son-pi-tft-setup -b cli

   • To change it back, just run:

     cd /usr/local/src/re4son-kernel_4*
     sudo ./re4son-pi-tft-setup -b gui

Create a low privilege user

1. Create standard user to drive the launcher, etc.:

   groupadd ftp
   adduser pi
   usermod -a -G sudo,ftp,kismet pi

2. Adjust the user profile by adding to “/home/pi/.profile”:

   export FRAMEBUFFER=/dev/fb1

3. remove sudo password from some standard commands by adding to sudoers via visudo (run “visudo” and insert the following line after “%sudo”):

   %pi	ALL=(ALL:ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown, /home/pi/Kali-Pi/menu

   If you have never worked with the legendary vi editor then you may be stuck here 😉
   Don’t fear, this is what you have to do:

   Navigate to the spot you would like to edit.
   Press “<ESC>” then “i” to switch to “insert mode”
   paste the above line
   Press “<ESC>” then “x” then “<ENTER>” to save the file and exit.
   If you’ve made a mistake, just press “<ESC>” then “q!” then “<ENTER>” to exit without saving, then try it again.

   Don’t forget to “man vi” and to get one of these if you want to become a hardcore unix hacker.

FTP Server

1. Setup pure-ftpd :

   mkdir -p /home/ftp/pi/kismet
   chgrp ftp /home/ftp
   chown pi:pi -R /home/ftp/pi
   chown pi:kismet -R /home/ftp/pi/kismet
   pure-pw useradd pi -u pi -d /home/ftp/pi
   pure-pw mkdb
   cd /etc/pure-ftpd/auth
   ln -s ../conf/PureDB 60pdb

2. If you ever want to change the ftp password, just type:

   pure-pw passwd pi
   pure-pw mkdb

Configure VNC Server:

1. A bug in xfce4 might prevent a vnc session if an active desktop session already exists, and log the following error in ~/.xsession-errors:
   xfce4-session: Another session manager is already running
   To fix that, type:

   wget -O ~/.vnc/xstartup https://github.com/Re4son/vncservice/raw/master/xstartup
   mkdir /home/pi/.vnc/
   cp ~/.vnc/xstartup /home/pi/.vnc/
   chown pi:pi /home/pi/.vnc/
   chown pi:pi /home/pi/.vnc/xstartup

2. Set a vnc server password:

   vncpasswd
   sudo pi vncpasswd

3. Optional: to install vncserver as a service type:

   wget -O /lib/systemd/system/vncserver@.service https://github.com/Re4son/vncservice/raw/master/vncserver@.service

   To enable and start the service, type:

   systemctl enable vncserver@1 && systemctl start vncserver@1

Install SDR-Scanner:

1. Login as user Pi and install the touch friendly SDR-Scanner:

   cd ~
   git clone git://git.osmocom.org/rtl-sdr.git
   cd rtl-sdr
   mkdir build
   cd build
   cmake ../ -DINSTALL_UDEV_RULES=ON -DDETACH_KERNEL_DRIVER=ON
   make
   sudo make install
   sudo ldconfig
   sudo pip install pyrtlsdr
   cd ~
   git clone https://github.com/adafruit/FreqShow.git
   cd FreqShow

2. To run the SDR-Scanner just type:

   python /home/pi/FreqShow/freqshow.py

Kali-Pi Launcher:

1. 1. Pygame is broken in Jessie because of libsdl1.2-15-10, so we remove it and install the one from from Wheezy.
      • Comment everything out in your /etc/apt/sources.list and temporarily add:

        deb http://archive.raspbian.org/raspbian wheezy main contrib non-free

      • Run the following commands:

        gpg --keyserver keys.gnupg.net --recv-key 9165938D90FDDD2E
        gpg -a --export 9165938D90FDDD2E | sudo apt-key add -
        sudo apt-get update

      • Remove the offending packages and replace them with the ones from wheezy:

        sudo apt-get remove libsdl1.2debian python-pygame
        sudo apt-get install libsdl-image1.2 libsdl-mixer1.2 libsdl-ttf2.0-0 libsdl1.2debian libsmpeg0 python-pygame
        sudo apt-mark hold libsdl1.2debian

      • Restore /etc/apt/sources.list to it’s original state and re-run:

        sudo apt-get update

   2. Install Kali-Pi Launcher:

sudo apt-get install fbi
sudo pip install pbkdf2 RPi.GPIO
cd ~
git clone https://github.com/re4son/Kali-Pi

1. Adjust the menu launch script to fit your screen, enable PIN and screensaver if desired

   cd ~/Kali-Pi
   nano menu

2. Allow “Anybody” to start the X server:

   sudo dpkg-reconfigure xserver-xorg-legacy

3. Start Kali-Pi launcher after login by adding at the end of ~/.profile:

   ## Sticky-Finger's Kali-Pi
   if [ ! -n "$SSH_CONNECTION" ]; then
       export FRAMEBUFFER=/dev/fb1
       /usr/bin/clear &
       sudo /home/pi/Kali-Pi/menu
   fi

Reboot.
Kali-Pi launcher will open automatically after you log in.

Start X as root (if desired):

Out of the box, X is started as user root.

You can change that by editing /home/pi/Kali-Pi/Menus/menu-1.py and replacing the lines:

run_cmd("/usr/bin/sudo FRAMEBUFFER=/dev/fb1 startx")
run_cmd("/usr/bin/sudo FRAMEBUFFER=/dev/fb0 startx")

With

run_cmd("/usr/bin/sudo -u pi FRAMEBUFFER=/dev/fb1 startx")
run_cmd("/usr/bin/sudo -u pi FRAMEBUFFER=/dev/fb0 startx")

Enable Auto Login (if desired):

1. Enable autologon with the Re4son Pi-TFT Setup tool :

   cd /usr/local/src/re4son-kernel_4*
   sudo ./re4son-pi-tft-setup -a pi

   • To change it back, just run:

     cd /usr/local/src/re4son-kernel_4*
     sudo ./re4son-pi-tft-setup -a disable

      

Reboot and enjoy.

Optionally: Install screenshot tool

1. Login as user pi, go to terminal and install zlib:

   cd ~
   wget http://zlib.net/zlib-1.2.11.tar.gz
   tar -xzf zlib-1.2.11.tar.gz
   cd zlib-1.2.11
   ./configure
   make test
   sudo make install

2. Install libpng:

   cd ~
   wget https://whitedome.com.au/download/libpng-1.6.18.tar.xz
   tar -xf libpng-1.6.18.tar.xz
   cd libpng-1.6.18
   ./configure
   make check
   sudo make install
   sudo ldconfig

3. Install fbgrab:

   cd /opt
   sudo wget http://fbgrab.monells.se/fbgrab-1.3.tar.gz
   sudo tar -zxvf fbgrab*gz
   sudo mv fbgrab-1.3 fbgrab
   cd fbgrab
   sudo make
   sudo ln -s /opt/fbgrab/fbgrab /usr/bin/fbgrab

   • To take a screenshot and save the picture in the ftp directory, simply type (as root):

     fbgrab -d /dev/fb1 /home/ftp/pi/screenshot.png

Tips:

1. Don’t use Sandisk Extreme Pro micro SD cards -they don’t work well with kali
2. I use Sandisk Extreme 32GB and Sandisk Extreme 32GB Plus and my Kali-Pi’s are lightning fast
3. To enable ethernet gadget mode with bonjour support without having to logon to configure it at all, install the avahiswitch daemon and follow these steps:
   https://github.com/Re4son/avahiswitch
4. If you use the PiTFT screen with Vanilla Kali, you can output the GUI via HDMI by entering:

   mv /etc/X11/xorg.conf.d/99-fbdev.conf ~

   Reboot and you’ll have X on your big screen
   To switch back, just copy the file across again:

   cp ~/99-fbdev.conf /etc/X11/xorg.conf.d/

5. Swap – Swap space on flash memory is a religious topic.
   I don’t want to get into that discussion. I use swap because I’ve got plenty of sd cards to burn but not enough memory in my Pi ;-)This is how you can enable it:

   sudo dd if=/dev/zero of=/swapfile.img bs=1M count=1024
   sudo mkswap /swapfile.img
   chmod 0600 /swapfile.img
   sudo swapon /swapfile.img

   add this at the end of /etc/fstab

   /swapfile.img none swap sw 0 0

6. archive.raspbian.org is not very reliable. Try this mirror instead when downgrading packages:

   deb http://mirror.aarnet.edu.au/pub/raspbian/raspbian/ wheezy main contrib non-free

7. Persistent interfaces (was fixed in kali the last time I looked) – To avoid having persistent interface names and revert back to the classic interface naming convention (wlan0, eth0, etc.), simply add to the 1st command line in the file /boot/cmdline.txt the following keywords:

   net.ifnames=0 biosdevname=0

   Don’t forget to mount /boot first via:

   sudo mount /dev/mmcblk0p1 /boot

8. OpenVAS interface choice
   Don’t run an OpenVAS scan via the internal WiFi interface. I would always run my scans via eth0.
   If you have both interfaces connected, specify “Network Source Interface: eth0” in the “task” settings.
9. Raspberry Pi 3 WiFi drop outs
   Turn off power saving for the internal wifi card.
   Check the status via:

   sudo iwconfig

   to turn off power saving permanently, add the following lines to “/etc/rc.local”

   ## Fix WiFi drop out issues
   iwconfig wlan0 power off

   reboot and confirm via “sudo iwconfig” that it worked.

10. The Kali menu items are missing because of a .png extension bug in the desktop configuration. We’ll fix that by removing that extension in all files via:

    cd /usr/share/desktop-directories/
    sed -i 's/trans.png/trans/g' *.directory

11. The default console font looks too chunky on a small screen. I suggest running

    sudo dpkg-reconfigure console-setup

    And select UTF-8 -> Guess optimal character set -> Terminus -> 6×12 (framebuffer only)

12. To enable the on-screen keyboard in the greeter/login screen, add to /etc/lightdm/lightdm-gtk-greeter.conf

    show-indicators=~language;~a11y;~session;~power
    keyboard=florence --focus

    This will add an “On Screen Keyboard” entry to the indicator menu:

    

13. The repository ‘http://http.kali.org/kali kali-rolling Release’ does not have a Release file.
    When getting this error during an “apt-get update”, try another mirror from this list:
    http://http.kali.org/README.mirrorlist
    The following entry in “/etc/apt/sources.list” usually works for me:

    deb  http://kali.mirror.garr.it/mirrors/kali kali-rolling main non-free contrib
    deb-src http://kali.mirror.garr.it/mirrors/kali kali-rolling main non-free contrib

14. Expanding partition to fill SDCard
    The main partition can be extended to use larger cards in either a different linux system using GParted or in the Raspberry Pi itself whilst the partition is mounted. To do the later you can use fdisk:

    sudo fdisk /dev/mmcblk0
    Command (m for help): p
    
    Device Boot Start End Sectors Size Id Type
    /dev/mmcblk0p1 1 125000 125000 61M c W95 FAT32 (LBA)
    /dev/mmcblk0p2 125001 15523839 15398839 7.4G 83 Linux
    

    This will give you the start of the old partition (e.g. “mmcblk0p2 125001”)

    Command (m for help): d
    Partition number (1,2, default 2): 2
    Command (m for help): n
    Select (default p): p
    Partition number (2-4, default 2): 2
    First sector (125001-31116287, default 126976): 125001 
    Last sector, +sectors or +size{K,M,G,T,P} (125001-31116287, default 31116287):
    Do you want to remove the signature? [Y]es/[N]o: N
    Command (m for help): w
    

    Reboot and use resize2fs to extend the filesystem

    sudo resize2fs /dev/mmcblk0p2
    

    Done.

For those who would like to see the drone in action, following this link.

Comments, suggestions and help is very much appreciated. You can e-mail me on < re4son [at] whitedome.com.au >

Please use the discussion forums for discussions:
https://whitedome.com.au/re4son/forums

the comments section got a bit too long and has been transferred.