Rooting My Old Phone for "Educational" Purposes

on under homelab
5 minute read

I’m going to level with you, I had no idea what I was doing when I started this process earlier today. I just happened to google “<my old phone model> nethunter install”, saw a specific thread, and jumped right in.

Basic Overview of Rooting

Or rather, what I’ve learned about it so far:

Phone goes into Developer Mode.
Phone USB Debugging is enabled.
Phone is connected to a toolkit called ADB (Android Debugging Bridge) via a PC. (Think of this as a simple hardware serial interface.)
ADB is used to place phone into Bootloader mode. (Think of this as a BIOS Boot handoff environment.)
ADB is used to unlock the phone.
ADB is used to flash a recovery image to the phone. (This will be the new second stage BIOS environment.)
The phone is then booted into the recovery environment, to install new packages or flavors of Android.
Among new packages installed, install SuperSu, which roots the phone.
I performed the steps above without much issue.
Now comes the annoying and fun stuff.
I only rooted this phone to install Kali Nethunter on it. So, on to the next task.

Kali Nethunter Install

I found a custom Kernel for Nethunter builds on the LG K20 on a random forum. (
I mean, literally, I found this one single Kernel build.
The Nethunter Build requires a flashed and unlocked phone that already has an amd64 OS on it, ie. a 64-bit build.
I flashed TWRP firmware to the phone to root it. Ok, so that part is completed. After poking around, I learned how to navigate around to various images on internal storage or the SD Card.
So, I plastered a bunch of 64-bit images to the SD Card so that I could rapidly install them on top of each other in case some work and some don’t.
I immediately began testing installs, and kept getting the same failed output of ERROR:255.
“255” sounded like a suspicious number for an error code (bits are maxed out like hex FF:FF:FF, so it must be THE most general error) so I went ahead and googled it once I confirmed that at least 2 images were outputing the same error code.
Turns out, ERROR:255 is the result of attempting to install a 64 bit OS with firware that can only install/compile 32-bit images. Ugh.
I tracked down firmware (bootloader in “phone rooting” terminology) named PBRP, which handles 64-bit images.
So I flashed PBRP to the phone’s bootloader, then successfully installed LineageOS 15 and GoogleApps 8.1. Ok, so that part is completed (again).
I then immediately attempted an install of the Nethunter Kernel, and a generic version of nethunter itself, in that order.
The Kernel compiled just fine, but Nethunter exited with an error, stating explicitly (nice!) that I need to set up the phone first. Roger that.
I went through initial set up, then booted back to the bootloader and installed Kernel and Nethunter itself again, rebooted.
My phone’s LG splash image at boot came up and…stayed up. For over 30min. I did a hard reboot and had same effect.
After close examination of the above linked XDA Thread, I saw that the author was using LineageOS 14. Okay.
I went ahead and re-flashed LineageOS 14.1 and GoogleApps 7.1 Micro (I’m catching on).
I then waited for LineageOS to initialize, went through the initial setup, and booted back into the new PBRP environment.
I held my breath, installed the custom Kernel, then the Nethunter build, watching apprehensively as the Nethunter terminal output progressed BEYOND where it was erroring out and just kept continuing on.
“IT’S WORKING,” I exclaimed to my wife. My poor wife, at this point, has endured my interrupting her periodically for multiple hours while I’ve tried to make headway on this phone thing.
“Oh that’s good”, she tells me. No. No no no. This is excellent.
I have been purposelessly installing Kali Linux on everything for maybe 6 years now, similar to those who install Doom on everything. (
I have been dreaming of installing Nethunter on a phone since nethunter came out, and have just not yet had the clear willingness or resources to accomplish this task.
Now that I have nethunter on a phone, I can place it back in a drawer and feel truly accomplished.


The day I posted this, which is the day after installing Nethunter, I have been updating and playing with it.
Good Lord this is awesome. I have been playing with cSploit.
I will probably update PGP keys and upgrade to the newest version this week so that I can access and download apps from the Nethunter App Store, or download the latest generic image and install it.
I want to access the Nethunter App store and see what new stuff is in there.
Is there a Responder port??? That would be so great!
Is there an OWASP ZAP Proxy port???
Can I do vlan hopping with this thing???
Can I install and properly use Wifi Pumpkin???
The possible applications of this innoculous phone are very exciting!

Update to the Update

I downlaoded the latest generic Nethunter release and reinstalled it.
Nethunter App Store is working now.
Re-transferred and installed SuperSu via PBRP.
I have upgraded all Kali packages, installed other apps, and updated them.
I went ahead and installed the standard non-root WiFi apps and some http intercept apps.
Have not yet found a Responder app for Nethunter, maybe regular install would work.

homelab, pwned
comments powered by Disqus