kali-on-arm

Although you can download Kali ARM images from our Download area, some prefer building their own updated boostraped Kali rootfs. The following procedure shows an example of building a Kali armhf rootfs. Change to armel if needed.

The easiest way to generate these images is from within a pre existing Kali Linux environment.

Install Required Tools and Dependencies

apt-get install debootstrap qemu-user-static

Define Architecture and Custom Packages

This is where you define some environment variables for your required ARM architecture (armel vs armhf) and list the packages to be installed in your image. These will be used throughout this article, so make sure to modify them to your needs.

export packages="xfce4 kali-menu wpasupplicant kali-defaults initramfs-tools uboot-mkimage nmap openssh-server"
export architecture="armhf"

Build the Kali rootfs

We create a standard directory structure and bootstrap ARM rootfs from the Kali Linux repositories. We then copy over qemu-arm-static from our host machine into the rootfs in order to initiate the 2nd stage chroot.

cd ~
mkdir -p arm-stuff
cd arm-stuff/
mkdir -p kernel
mkdir -p rootfs
cd rootfs

debootstrap --foreign --arch $architecture kali kali-$architecture http://archive.kali.org/kali
cp /usr/bin/qemu-arm-static kali-$architecture/usr/bin/

2nd Stage chroot

This is where we configure base image settings such as keymaps, repositories, default network interface behavior (change if needed), etc.

cd ~/arm-stuff/rootfs
LANG=C chroot kali-$architecture /debootstrap/debootstrap --second-stage

cat << EOF > kali-$architecture/etc/apt/sources.list
deb http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free
EOF

echo "kali" > kali-$architecture/etc/hostname

cat << EOF > kali-$architecture/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
EOF

cat << EOF > kali-$architecture/etc/resolv.conf
nameserver 8.8.8.8
EOF

3rd Stage chroot

This is where your customization comes in. Your $packages are installed and a default “toor” root password is set as well as other configuration changes and fixes.

export MALLOC_CHECK_=0 # workaround for LP: #520465
export LC_ALL=C
export DEBIAN_FRONTEND=noninteractive

mount -t proc proc kali-$architecture/proc
mount -o bind /dev/ kali-$architecture/dev/
mount -o bind /dev/pts kali-$architecture/dev/pts

cat << EOF > kali-$architecture/debconf.set
console-common console-data/keymap/policy select Select keymap from full list
console-common console-data/keymap/full select en-latin1-nodeadkeys
EOF

cat << EOF > kali-$architecture/third-stage
#!/bin/bash
dpkg-divert --add --local --divert /usr/sbin/invoke-rc.d.chroot --rename /usr/sbin/invoke-rc.d
cp /bin/true /usr/sbin/invoke-rc.d

apt-get update
apt-get install locales-all
#locale-gen en_US.UTF-8

debconf-set-selections /debconf.set
rm -f /debconf.set
apt-get update
apt-get -y install git-core binutils ca-certificates initramfs-tools uboot-mkimage
apt-get -y install locales console-common less nano git
echo "root:toor" | chpasswd
sed -i -e 's/KERNEL\!=\"eth\*|/KERNEL\!=\"/' /lib/udev/rules.d/75-persistent-net-generator.rules
rm -f /etc/udev/rules.d/70-persistent-net.rules
apt-get --yes --force-yes install $packages

rm -f /usr/sbin/invoke-rc.d
dpkg-divert --remove --rename /usr/sbin/invoke-rc.d

rm -f /third-stage
EOF

chmod +x kali-$architecture/third-stage
LANG=C chroot kali-$architecture /third-stage

Manual Configuration Within the chroot

If needed, you can perform any final modifications in your rootfs environment by manually chrooting into it and making any necessary last changes.

LANG=C chroot kali-$architecture
{make additional changes within the chroot}
exit

Cleanup

Lastly, we run a cleanup script in our chroot to free up space used by cached files and run any other cleanup jobs we may require:

cat << EOF > kali-$architecture/cleanup
#!/bin/bash
rm -rf /root/.bash_history
apt-get update
apt-get clean
rm -f cleanup
EOF

chmod +x kali-$architecture/cleanup
LANG=C chroot kali-$architecture /cleanup

umount kali-$architecture/proc
umount kali-$architecture/dev/pts
umount kali-$architecture/dev/

cd ..

Congratulations! Your custom Kali ARM rootfs is located in the kali-$architecture directory. You can now tar up this directory or copy it to an image file for further work.