Category Archives: Re4son’s Blog


Kali Linux on Raspberry Pi 1/2/3(+)/Zero(W) with touch optimized interface in a ready-to-go image
(Refreshed 17-June-2018)

Sticky Finger’s Kali-Pi – The pocket size, finger friendly, lean mean hacking machine
Need practice targets? Checkout Sticky Finger’s DV-Pi



Sticky Finger’s Quick Start Guide:

Sticky Finger’s Kali-Pi image comes with the following features out of the box:

  • 2GB image ready to go with all common touch screens.
  • Kali Linux Rolling edition with MSF meta package and all other essential tools
  • Re4son Kali-Pi Kernel 4.9 with bluetooth, touch screen support and wifi injection patch
  • “re4son-pi-tft-setup” tool to set up all common touch screens, enable auto-logon, etc.
  • “kalipi-config” tool to set up the raspberry pi (improved raspi-config for kali)
  • Apache, Pure-FTP, SDR-Scanner, Screenshot Tool, ntop, darkstats, mana-toolkit,
    Kismet classic, Kismet development, Remote Access AP, Sticky Finger’s Kali-Pi Launcher
  • Boots into vanilla kali gui but comes with user “pi” pre-configured to launch
    the “Sticky Finger’s Kali-Pi Launcher” (touch screen interface) after login
  • Just run “re4son-pi-tft-setup” tool for your particular screen and you are up and running.
  • Out of the box support for on-board Bluetooth & wifi with nexmon patches


  • 8GB for Kali-Pi MSF – basic Kali MSF package (this image)
  • 16GB for Kali-Pi Full –  install kali-linux-full and OpenVAS (very tight)
  • 32GB  for Kali-Pi Complete – Install the above plus Snort and other goodies
  • Boot up your Pi and ssh into it with user root and password toor
  • Change passwords (default: root=toor, pi=raspberry, ftp/pi=raspberry, vnc/root=toortoor)
  • Set up the screen with the re4son-pi-tft-setup tool:
    cd /usr/local/src/re4son-kernel_4*
    mount /dev/mmcblk0p1 /boot
    ./re4son-pi-tft-setup -u    #(updates re4son-pi-tft-setup to the latest version)
    ./re4son-pi-tft-setup -h    #(lists all options - pick your screen from the list)
    ./re4son-pi-tft-setup -t <your screen> -d /home/pi      # Say "Y" when asked if you want the console to be displayed on the TFT screen
  • Optional: setup wifi and enable “Automatic boot into Sticky Finger’s Touch Interface”:
    # Configure wifi
    # Configure boot into command line interface for user pi
    # Change passwords for users "pi" and "root"
    # Set location settings, etc.
  • Edit “/home/pi/Kali-Pi/menu” to define your screensize, enable/disable screensaver and PIN:
    ## Adjust these:
    export KPSCREENSIZE=2.8   ## Screensize in inch, Options= 5.0, 3.5, 2.8
    export KPLAYOUT=9         ## Number of buttons - Currently only 9 is supported
    export KPPIN=0            ## Set to "1" to enforce PIN authentication, run ./set-pin to change PIN from "1337"
    #export KPTIMEOUT=2       ## Minutes before screensaver kicks in, comment out for screensaver off
    export KISMETVER=1        ## Set to "2" to launch kismet github version, "1" to use classic stable version
    export TFT=1              ## Set to "0": no TFT screen,
                              ##        "1": TFT touchscreen,
                              ##        "2": TFT screen with external mouse,
                              ##        "3": resistive HDMI touchscreen, or
                              ##        "4": Raspberry Pi 7" Touchscreen 
    ## End adjustments

Reboot and enjoy 🙂

For updates

Head over to the forums for more information about the menus and tools.

To pair Bluetooth devices, just start the bluetooth services:

systemctl enable bluetooth
service bluetooth start
systemctl enable hciuart
systemctl start hciuart.service

You are now ready to pair your devices, just like this:


[bluetooth]# agent on
Agent registered
[bluetooth]# default-agent
Default agent request successful
[bluetooth]# scan on
Discovery started
[bluetooth]# pair 00:1F:xx:xx:xx:xx
Attempting to pair with 00:1F:xx:xx:xx:xx
Pairing successful
[bluetooth]# trust 00:1F:xx:xx:xx:xx
[CHG] Device 00:1F:xx:xx:xx:xx Trusted: yes
[bluetooth]# connect 00:1F:xx:xx:xx:xx
Attempting to connect to 00:1F:xx:xx:xx:xx
Connection successful

Voila – there it is, Bluetooth device connected.

More details can be found here:


TIP: How to mount the img file in linux

If you are curious to see what’s in the image file before you write it to the SD card, here is how you can mount it in linux:

  1. Check the file system table with fdisk:
     fdisk -l StickyFingers-Kali-Pi-Small-160827.img
  2. Create a mount point for each image
    mkdir img1 img2
  3. Mount each image
    mount StickyFingers-Kali-Pi-Small-160827.img -o loop,offset=$(( 512 * 1)) img1/
    mount StickyFingers-Kali-Pi-Small-160827.img -o loop,offset=$(( 512 * 125001)) img2/

For questions or comments please join the discussion in our forum:

For updates



NEW: Damn Vulnerable Raspberry Pi runs on all Pi’s

The touch friendly “driving range” for IoT penetration testing with your Kali-Pi.

Sticky Finger's Kali-Pi
Sticky Fingers DV-Pi – pre-configured with vulnerabilities for penetration and privilege escalation.
All DV-Pi’s can be operated with a touch friendly interface or headless via ssh.
Ideal tool for practicing, competitions and live-hacking events.

Need a penetration testing platform? Check out Sticky Fingers Kali-Pi

Sticky Fingers Quick Start Guide:

Sticky Fingers DV-Pi images come with the following features out of the box:

  • 3GB image ready to go with all common TFT screens
  • Re4son Kali-Pi Kernel 4.4 with touch screen support
  • Supports Raspberry Pi 0/0W/1/2/3
  • “re4son-pi-tft-setup” tool to set up all common touch screens, enable auto-logon, etc.
  • “dv-pi” command line tool for headless operation
  • Each image comes with one vulnerability to get in and one vulnerability to get root
  • Each image has two proof.txt with a hash to proof successful compromise:
    • /proof.txt
    • /root/proof.txt
  • Just run “re4son-pi-tft-setup” tool for your particular screen and you are up and running.
  • Don’t forget to change the password for user “pi” (default: “raspberry”)

“Damn Vulnerable Pi” images:

Name Difficulty Host name Size Size and link
Sticky Finger’s DV-Pi 2 medium dv-pi2.local 2.5GB sticky-fingers-dv-pi2
Sticky Finger’s DV-Pi 3
easy (ish)
dv-pi3.local 2.5GB sticky-fingers-dv-pi3
More to come

Anyone interested in creating DV-Pi images can send an e-mail to re4son <at> and I’ll share my template image to add some interesting vulnerabilities.



  • Download a dv-pi image and image your microSD card (min 8GB)
  • Extend the file system if your card is > 8GB
  • Assemble your touch screen (only if you have one, it’s not required)
  • Boot up your Pi and ssh into it with user “pi” and password “raspberry”
  • Change password
  • Set up the screen with the re4son-pi-tft-setup tool:
    <span style="font-size: 8pt;">cd /usr/local/src/re4son_kali-pi-tft_kernel_4*
    sudo mount /dev/mmcblk0p1 /boot
    sudo ./re4son-pi-tft-setup -d    #(updates re4son-pi-tft-setup to the latest version)
    sudo ./re4son-pi-tft-setup -h    #(lists all options - pick your screen from the list)
    sudo ./re4son-pi-tft-setup -t <your screen> -u /root
    sudo reboot</span>
  • Sticky Fingers interface is designed for 3.5″ screens. You can adjust it for 2.8″ via:
    cd /home/pi/DV-Pi-Menu
    git checkout 2.8      #for 2.8" screen



Sticky Fingers Touch interface

Press “DV-Pi” to start the vulnerable applications (might take a few seconds):

Headless using dv-pi command line tool

Sticky Fingers DV-Pi can be operated in headless mode using the “dv-pi” tool:

dv-pi status    # Show status of vulnerable applications
dv-pi start     # Start vulnerable applications
dv-pi stop      # Stop vulnerable applications

pi@dv-pi: ~_010


Add dv-pi2 to /etc/hosts on the attacker’s machine

Find the IP address of the dv-pi and add the hostname of the image with the ip address in you /etc/hosts”, e.g.    dv-pi2.local

Burn the password for user “pi” and start hacking …

Easter egg

 Customer Database

Sticky Fingers DV-Pi contains a database for demonstration purposes, containing 10,000 fake e-mail addresses and credit card details to add an exciting climax to live hacking sessions.

For questions or comments please join the discussion in our forum:


Sticky Finger’s Kali-Pi

Check out Sticky Finger’s Kali-Pi if you are in need of a 1337 penetration testing platform.