|\ __________                          __   __                         __
         | |   __     |          _____ __    __\__/_|  |_ __ ___   _____   ___ |  |\_____     
         | |  /  \    |         /  _  \  \  /  /  |_    _|  /   \ /  _  \ /  _ \  |/  _  \    
         | |  \  /___ |        /  /_\  \  \/  /|  | |  |\|   /\  \  / \  \  / \   |  /_\  \   
         | |__/    _ \|        |  _____||    |\|  | |  | |  |\|  |  |\|  |  |\|   |  _____|\  
         | |___/\  \\_\        \  \____/  /\  \|  | |  | |  | |  |  \_/  /  \_/   |  \___ \|  
         | |    /   \_|         \_____/__/ /\__\__| |__| |__| |__|\_____/ \____/__|\_____/\   
         | |   / / \___|         \____\__\/  \__\__\|\__\|\__\|\__\\____\/ \___\\__\\____\/   
         | |__/_/_____|     
         |/

Last changed: 30.01.2017

Turning your Nexus7 into a pwnpad

The company Pwnie Express is selling a mobile pentesting device called Pwn Pad on their website. The firmware consists of a modified CyanogenMod front end and a modified Kali Linux back end as a chroot environment.

Aside from selling the device the Team of Pwnie Express also offers to download the commuity edition and flash your own Nexus 7. You can download the images for either the Nexus 7 (both 2012 and 2013 version) or the Nexus 5 as well as the documentation of how to flash your device on www.pwnieexpress.com/community/

pwnpad screenshot

installation

To install the image you just need to boot your Nexus into the bootloader (by holding volume down while turning it on) and run the shell script included in the download. The shell script needs the tools adb and fastboot installed on your machine. If you want to install the image from a windows host it should be no rocket science to modify and run the commands from the skript manually.

adb start-server
./imagev2.sh

The script unlocks the bootloader, flashes the Team Win Recovery Mod and restores the backup files of the Pwnpad image. If the restore process fails you can do this manually from the TWRM menu.

what you will get

Basically you won't get more than a CyanogenMod 10.2 with a modified kernel 3.1.10 along with some preinstalled Kali tools. The Kali tools consist mostly of commandline tools which will be started in the chroot of the folder /data/local/kali.

The modified kernel will allow you to connect certain usd devices to the Nexus 7 like the ubertooth one or some WLAN-devices by using an USB On-The-Go cable. You won\'t be able to use the internal WLAN or bluetooth hardware for the monitoring and wireless attack tools. If you want to use an usb device which is not supported by the kernel you will need to compile the CyanogenMod kernel (cm-12.1) yourself.

The following table will show some of the included tools and if you will need additional hardware to use them.

pentesting tools
nmap network scanner
tshark traffic analyser
bluelog bluetooth scanner
ubertooth bluetooth sniffing tools ubertooth device needed
ettercap mitm tool
metasploit exploitation framework
set social engineering toolkit
aircrack suite WLAN attack tools supported WLAN device needed
kismet WLAN detection tool supported WLAN device needed
EvilAP WLAN access point supported WLAN device needed

conclusions

The installation is quick and easy and you will get some cool hacking tools into your Nexus 7 with small effort. In addition all your android apps will still be usable as the google apps are included in the image.

However, if you need drivers not included in the kernel or want to have a more customized version of the pwnpad I recommend installing cyanogenmod with your own cyanogenmod kernel and install Kali Linux with an app like Linux Deploy.