“Kali Linux Raspberry Pi Image Updated!” That was supposed to be the “tweet” we would release, telling everyone our new Kali Linux Raspberry Pi image was better than our old one. We often update our followers with news like this on Twitter and this tweet would be no different. However, this time, we thought it would be interesting to tell you about the mechanics of updates like these and shed some light on how these “news items” come about. This post will also give us the opportunity to describe the process of running our custom Kali Linux ARM build scripts, by way of a story. If you couldn’t care less about the story and just want the updated image – head straight to our Kali Linux Custom Image page!
Our Kali Linux dev team lurks around in the #kali-linux IRC channel on a regular basis, looking for interesting cases to support. Many times, these support sessions help uncover bugs or otherwise allow us to test hardware which we otherwise do not have access to. A few days ago, someone in the channel asked about the process of upgrading the Offsec generated Raspberry Pi kernel as their Netgear WNDA4100 (RT3573 chipset) USB wireless adapter was not supported by the current kernel. The driver for this chipset was apparently introduced in kernel 3.12.
Unfortunately, I was in a place with a slow Internet connection and without my development environment…bummer. If only I could somehow quickly set up a remote machine with a good Internet connection as my build environment….but wait… I can! Hurray for Kali Amazon Images.
About 30 seconds later, i was SSH’d into a multiple CPU Amazon Image instance of Kali Linux. Now, my task is to rebuild the Kali Linux image using our Offsec build scripts and make the changes I need to in order to have an upgraded kernel in this image. I git cloned the Offsec ARM image scripts to the Amazon build machine and ran the build-deps.sh script, which installs all the dependencies needed for cross building our ARM images.
Looking at Raspberry Pi rpi.sh script, I could see that this kernel upgrade would require a one line change – the line that git clones the stock Raspberry Pi kernel. So this line in the script:
Would change to this:
With that change made, I could now re-run the rpi.sh script and generate a new Raspberry Pi image with a new, updated kernel.
Our previous Raspberry Pi image had an image size of 7GB with only 1.2 GB of data on it (as we stripped down the ARM images to bare minimum). What this means is that people with 4GB storage devices would not be able to use them, for no good reason. To deal with this, we can decrease the original image size and introduce a script such as rpi-wiggle, which expands the image and filesystem to the full size of the SD card. To implement these changes, we simply need to alter the hard-coded size of the image in the rpi.sh script:
…and then introduce the rpi-wiggle script into the /scripts directory inside the Raspberry Pi image.
Once a user has dd’ed the image and booted the Raspberry Pi, they can run the script in /scripts/ to automatically resize their partitions:
Once the updated image was rebuilt and kernel updated, the Netgear WNDA4100 still would not work – how annoying! A quick look at the kernel configuration file revealed the reason – the RT3573 kernel module was not selected. In fact, it seems that the default kernel configuration can be improved and have our Kali Linux Raspberry Pi image include a larger variety of wireless adapters.
The easiest way to generate a new kernel config is probably through the ncurses menu configuration interface. The quickest way to do this would be to SSH to someones Raspberry Pi and generate a better config there…but would anyone agree? Surprisingly, yes. Some brave and trusting souls exist in #kali-linux and a few minutes later, I had a quick and dirty patch which included a few more wireless drivers into the default config. This patching routine was added to the rpi.sh build script and an hour or so later, a new image was ready – with added support for several wireless drivers.
Once these changes were well tested, we included these updates in the current rpi.sh script and pushed it to Github. The new Raspberry Pi image is available for download as a 1.0.6a release on the Offensive Security Custom Kali Image Download Page. Try it out!