Hacking via your Android device without root.

Hacking via your Android device without root.

·

8 min read

Without having to root the device, an Android phone may be converted into a covert hacking tool with just a few clicks, running programs like Nmap, Nikto, and Netcat.

UserLand, developed by UserLAnd Technologies, is a root-free Android software that makes it simple and quick to install Linux distributions. Using this, the current Android OS can coexist with an ARM64 Debian operating system. This ARM architecture, sometimes known as "AARCH64," is the same one used by the Kali Linux Raspberry Pi ARM images, making it simple to import Kali's tool collection. The best part is that since the UserLAnd team has built a special Kali filesystem, not every user will need to import repositories.

The created filesystems can all be readily discarded. While many Kali tools operate without any problems, UserLAnd is a very young project and may cause some tools (like Nmap) to malfunction or stop working when specific commands are run. It's important to note that these problems will probably be fixed soon.

The Debian and Ubuntu filesystems can be created by UserLAnd using special scripts and executables, for the technically minded. PRoot, an open-source program that provides features similar to chroot, is one example of this. PRoot enables rootless application execution using a different root directory. System calls are the typical method of direct communication between a user-space application and the Kernel. In order to simulate users and permissions in the filesystem, PRoot, which is running in the background with UserLAnd, interprets these system calls. When necessary, it will execute and modify them.

Installing an SSH client, which will be our main tool for dealing with the Debian OS, will be our first step. Then, in order to truly transform Android into a hacking device, I'll go over some OS setup advice and import the Kali Linux repository. As Kali Linux is based on the Debian operating system, as some readers may already be aware, importing their repository won't result in anything breaking or becoming unstable.

Step 1. Install the ConnectBot App (Optional)

This step is no longer necessary because UserLAnd has provided built-in SSH capabilities. But, if preferred, third-party SSH clients can still be used.

For Android cellphones, ConnectBot is an open-source SSH client that enables safe connections to SSH servers. The new UserLAnd Debian operating system will primarily be accessible in this manner. ConnectBot is accessible through the F-Droid repository if you don't use or have access to Google Play.

Step 2. Install the UserLAnd App

UserLAnd's characteristics and functions have already been discussed, so I won't go into further depth. Installing it is crucial, and you can do it by using either Google Play or F-Droid.

Please note that UserLAnd has some restrictions. Traditional Wi-Fi cracking tools like Aircrack-ng won't function on Android without root access since the Wi-Fi interface can't be put into monitor mode. But, as you'll see in subsequent instructions, UserLAnd still has a lot of potentials, and running Kali without rooting or deleting the Android OS is no simple task. Thus, make sure to give the UserLAnd app a good review on Google Play because the creators deserve some encouraging words.

Step 3. Create a New Filesystem

View the "Apps" tab in UserLAnd after the installation is complete. Wait a few minutes as you refresh the tab for the distributions to appear.

The list of available distributions recently included the Kali Linux operating system. The UserLAnd app will ask for credentials when you choose "Kali" or "Debian." A username, password, and VNC password should be created. When the filesystem installation is complete, the SSH server will be started, and access will be granted with the "password." Although it won't be used in this guide, the "VNC Password" is necessary to continue with the installation.

The required scripts and executables for creating the filesystems will subsequently be downloaded by UserLAnd from its GitHub repository. The Android CPU and internet connection speed will determine how long it takes to download and extract the necessary components. Be patient; in some tests, the installation procedure took up to 20 minutes to finish.

UserLAnd responded to my initial attempt with the following: "Filesystem extraction failed. Something was incorrect". The problem seems to be solved after uninstalling and then installing the UserLAnd application. Open a new GitHub issue if the error still occurs.

Step 4. Interact with the Filesystem

After the installation is finished, choose the newly added option under the "Sessions" menu. Are you sure you want to continue connecting? UserLAnd will automatically try to launch ConnectBot. Enter the password you created in the previous step after tapping "Yes."

Currently, linking a Bluetooth keyboard to the phone will ease OS setup but is not necessary. You'll see why as we go on if you download Hacker's Keyboard from the Play Store if you don't use a Bluetooth keyboard.

Step 5. Update the OS

Ensure your Android phone's operating system is completely up-to-date. This should be your first step after installing a new operating system. To accomplish this, first create a root shell with su. Next, run the commands apt-get update and apt-get dist-upgrade.

distortion@localhost:~$ su
root@localhost: /home/distortion# apt-get update && apt-get dist-upgrade
Ign:1 http://cdn-fastly.deb.debian.org/debian stable InRelease
Get:2 http://cdn-fastly.deb.debian.org/debian stable-updates InRelease [91.0 kB]
Hit:3 http://cdn-fastly.deb.debian.org/debian stable Release
Get:4 http://cdn-fastly.deb.debian.org/debian stable Release.gpg [2434 B]
Get:5 http://cdn-fastly.deb.debian.org/debian stable-updates/main arm64 Packages [5096 B]
Get:6 http://cdn-fastly.deb.debian.org/debian stable-updates/main Translation-en [4512 B]
Get:7 http://cdn-fastly.deb.debian.org/debian stable/main Translation-en [5393 B]
Get:8 http://cdn-fastly.deb.debian.org/debian stable/contrib arm64 Packages [29.9 kB]
Get:9 http://cdn-fastly.deb.debian.org/debian stable/contrib Translation-en [45.9 kB]
Get:10 http://cdn-fastly.deb.debian.org/debian stable/non-free arm64 Package [50.8 kB]
Get:11 http://cdn-fastly.deb.debian.org/debian stablenon-free Translation-en [80.6 kB]
Fetched 5714 kB in 31s (183 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Calculating upgrade... Done
The following packages will be upgraded:
  tzdata
1 upgraded, 0 newly intalled, 0 to remove and 0 not upgraded.
Need to get 270 kB of archives.
After this operation, 1024 B of additional disk space will be used.
Do you want to continue? [Y/n]

In the case of the above output, there's only one package that needed updating, but this might not always be true.

Step 6. Install Essential Software

This new filesystem is extremely barebones and doesn't include very much software by default. Below are a few packages recommended for everyday Debian and Kali users. Some packages aren't required but will make it easier to follow along in future articles where Android is used as the primary hacking device.

  1. The screen is a terminal multiplexer that allows users to run and alternate between several terminal sessions simultaneously. This is one of the most vital packages to install when using UserLAnd. Android phones don't handle prolonged SSH sessions well and tend to break connections for no apparent reason. Such breakage can cause running commands to fail with no way of reconnecting to the session to view the progress. Use Screen to maintain persistent shell sessions.

  2. net-tools — Net-tools is a suite of tools containing ifconfig, netstat, route, and several other useful networking applications.

  3. netcat — Netcat is a feature-rich UNIX utility designed to be a reliable tool for creating TCP and UDP connections. Netcat can be used to create and interact with simple macOS backdoors.

  4. Neofetch — (shown in the cover photo of this article) is a cross-platform system information-gathering tool. It conveniently displays system specifications alongside the distribution logo. There's no real function for this package other than showing off the distribution to coworkers and friends or creating cover photos for WonderHowTo. Neofetch is a little buggy with UserLAnd distros, but you may want to know how I created the cover photo, so I'm including it here.

  5. Gnupg: (sometimes referred to as GPG) is generally used for encrypting files and securing email communications. Some installer scripts (like Metasploit) use GPG in order to import their software signing keys. It's possible to manually install Metasploit without GPG, but it will make the process less complicated.

  6. CURL: is a command line tool capable of downloading files over HTTP and other popular protocols. This is a useful tool to have for downloading files from the internet.

  7. wget — Like cURL, wget is a command line tool used to download files from the internet. Some developers prefer wget over cURL, so it's helpful to keep both installed and available.

  8. git — Git is a popular version control software and is commonly used to clone (download) GitHub projects. Git is often recommended by Null Byte users.

  9. Nano: is a command line text editor. Nano will make editing files via SSH more convenient. If Vim or Emacs is preferred, download those text editors instead (or in addition to Nano).

The above packages can be installed using the apt-get command.

apt-get update && apt-get install net-tools netcat neofetch gnupg curl wget git nano screen

Step 7. Import the Kali Linux Repository (Conditional)

This step can be bypassed if the Kali OS was installed in Step 3. Debian OS users don't need to import the Kali repository into their distribution. Yet doing so will enable speedy installation of programs like sqlmap, Commix, Bettercap, Nikto, dnsmap, and hundreds of more packages not present in Debian's usual repository.

Use nano to add the Kali Linux repository to the /etc/apt/sources.list file to begin importing it.

nano /etc/apt/sources.list

Add the below line to the bottom of the file (shown below), then use Ctrl + X to exit and save the changes. ConnectBot has on-screen buttons for keys like Ctrl and Shift. Alternatively, a Bluetooth keyboard or the Hacker's Keyboard app will come in handy for exiting the nano terminal.

deb http://http.kali.org/kali kali-rolling main contrib non-free

Then, add the Kali signing key using the following wget command.

wget -q -O - https://www.kali.org/archive-key.asc | apt-key add -

If the command was successful, the terminal will return "OK" (shown below). Finally, update the APT cache using the apt-get update command.

root@localhost:/home/distortion# wget -q -O - https://www.kali.org/archive-key.asc | apt-key add -
OK
root@localhost:/home/distortion# apt-get update
Ign:1 http://cdn-fastly.deb.debian.org/debian stable InRelease
Hit:3 http://cdn-fastly.deb.debian.org/debian stable-updates InRelease
Hit:4 http://cdn-fastly.deb.debian.org/debian stable Release
Ign:2 http://ftp.halifax.rwth-aachen.de/kali kali-rolling InRelease
Get:6 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling Release [29.6 kB]
Get:7 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling Release.gpg [833 B]
Get:8 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling/main arm64 Packages [16.4 MB]
64% [8 Packages 9415 kB/16.4 MB 57%]                               546 kB/s 13s

More Weaponized Android Coming Soon

With UserLAnd, it's simple to hack Android smartphones. Even though Android devices process data more slowly than Raspberry Pis, they nonetheless make excellent, covert attack tools that can run Kali software.