Instructions on building your own PwnPhone running the Kali operating system and AOPP (Android Open Pwn Project) image
The company has
Our focus now will be on the Android Open Pwn Project (AOPP), a hacking variant of the Android Open Source Project that we released last year (www.pwnieexpress.com/aopp). It has everything you need in order to keep using these devices, download the ROMs or build them for yourself, modify them and contribute back to the project.
If you are a fan of Mr.Robot you must have seen Elliot uses the PwnPhone in one of the episodes where he creates and sends a payload to the victims Sim card. Now let’s get started!
Flashing the Phone
-
Download the Recovery image for your device:
https://twrp.me/Devices - Connect the device to the host machine via USB cable.
-
Power off the device and boot into the Bootloader:
Press and hold the Power & Volume-Down buttons -
Confirm the device is recognized by the host machine:
(a device should be listed when the command returns)$ fastboot devices -
Unlock the device:
$ fastboot oem unlock -
Once unlocked, flash the Recovery image:
$ fastboot flash recovery <name-of-recovery-image>.img -
Once the Recovery image has been flashed, boot into Recovery from the Bootloader:
Use the Volume-Down/Up buttons to cycle through the Bootloader options and then the Power button to select - If prompted, swipe “Swipe to Allow Modifications”.
-
Once in Recovery, wipe the device:
Tap Wipe > Advanced Wipe > tap: Dalvik/ART cache, System, Cache, Data > swipe “Swipe to Wipe” - Once wiped, do NOT boot into System (You don’t have one; you just wiped it). Tap the Home button to return to the Recovery home screen.
-
Confirm again the device is recognized by the host machine:
(a device should be listed when the command returns)$ adb devices -
From the host machine, push the downloaded AOPP ROM zip to the device sdcard:
$ adb push <name-of-rom-zip>.zip /sdcard/ - On device, tap Install and then select the AOPP ROM zip from /sdcard.
- Swipe “Swipe to Confirm Flash”
- Once installed, tap “Reboot System”
OK Now Let’s Build the Phone
Downloading the Source
-
Refer to “Downloading and Building Requirements” before proceeding:
https://source.android.com/source/requirements.html -
Refer to “Downloading the Source” before proceeding:
https://source.android.com/source/downloading.html -
Create a directory for the build system to live in and cd into that directory:
$ mkdir <WORKING_DIR>$ cd <WORKING_DIR> -
Initialize a local repository using this source tree, use the command:
$ repo init -u [email protected]:aopp/android_platform.git -b px-0.1 -
Sync the repository, use:
$ repo sync
Building
Devices are referred to by codename (e.g. hammerhead). Make sure to use this when substituting <device-codename> in the following instruction set.
-
Refer to “Building the System” before proceeding:
https://source.android.com/source/building.html -
To initialize the build environment, use the following command:
$ . build/envsetup.sh -
Prepare the build environment (download device-tree and dependencies) for your specific device:
$ breakfast <device-codename> - Connect the device running a working AOPP/AOSP ROM to the host machine via USB.
-
Make sure it is booted into system and confirm the device is recognized by the host machine:
(a device should be listed when the command returns)$ adb devices -
Enter the device directory:
$ cd <WORKING_DIR>/device/<vendor>/<device-codename>/ -
Extract the proprietary binaries from your device:
$ ./extract-files.sh -
Return to the root of the build system:
$ croot -
Start a build run for your device:
$ brunch <device-name> -
Once complete, the ROM zip can be found in the out/ directory:
$ cd /out/target/product/<device-codename> -
The flashable ROM zip (product of the build run) will be located in the out/ directory as:
aopp-0.1-<build-date>-UNOFFICIAL-<device-codename>.zip
Flashing
- Download and install the command line tools for your OS: https://developer.android.com/studio/index.html#downloads
- Download the AOPP ROM for your device:https://wiki.pwnieexpress.com/index.php/Official_devices
-
Download the Recovery image for your device:
https://twrp.me/Devices - Connect the device to the host machine via USB cable.
-
Power off the device and boot into the Bootloader:
Press and hold the Power & Volume-Down buttons -
Confirm the device is recognized by the host machine:(a device should be listed when the command returns)
$ fastboot devices -
Unlock the device:
$ fastboot oem unlock -
Once unlocked, flash the Recovery image:
$ fastboot flash recovery <name-of-recovery-image>.img -
Once the Recovery image has been flashed, boot into Recovery from the Bootloader:
Use the Volume-Down/Up buttons to cycle through the Bootloader options and then the Power button to select - If prompted, swipe “Swipe to Allow Modifications”.
-
Once in Recovery, wipe the device:
Tap Wipe > Advanced Wipe > tap: Dalvik/ART cache, System, Cache, Data > swipe “Swipe to Wipe” - Once wiped, do NOT boot into System (You don’t have one; you just wiped it). Tap the Home button to return to the Recovery home screen.
-
Confirm again the device is recognized by the host machine:
(a device should be listed when the command returns)$ adb devices -
From the host machine, push the downloaded AOPP ROM zip to the device sdcard:
$ adb push <name-of-rom-zip>.zip /sdcard/ - On device, tap Install and then select the AOPP ROM zip from /sdcard.
- Swipe “Swipe to Confirm Flash”
-
Download SuperSU from Chainfire here:
https://download.chainfire.eu/969/SuperSU/UPDATE-SuperSU-v2.76-20160630161323.zip -
Push the SuperSU zip to /sdcard/:
$ adb push <SuperSU-zip-name>.zip /sdcard/ - Once installed, tap “Reboot System”
- Hack the Gibson…and remember…hugs are worth more than handshakes
