OnePlus 3 Hacking Platform

March 09, 2018

Intro:

I have always been a fan of Kali Linux, even when they started as Auditor CD, then became Backtrack, and later Kali project was born.
In the beginning they were only available on a Live cd, afterwards i installed it on many platforms and devices, from VM machines to raspberry pi's.
But never had it installed on a smartphone. Recently i was able to get an old OnePlus 3. These days the OnePlus is compatible with the Kali Nethunter suite.
I was curious to use it and how to flash a phone.
It wasn't without frustration as some things failed because i found different things on different sites and they all say something else.
The descriptions below is for my reference to future projects,  I completely bricked my device and managed to recover it back.
At the end i managed to install a clean version of Nethunter onto the phone and is now working.

I will describe the process, and some extra info what was not clear to me in the beginning.
At the bottom i will also describe a method that worked for me when i totally bricked my device.

 

The correct Hardware with the correct Android.

It is very important to get compatible hardware with compatible Android version. I had the correct hardware and not the correct Android version, and my phone was totally bricked. So here the description on putting the correct android version onto your device.

You can check the wiki page, but i will describe the procedure for the OnePlus 3 & OnePlus 3T versions.
For this type of hardware you need to have Android version 6.0.1 or 7.0.0.
Before you proceed you need to check this, if its not the correct version you will brick your device.

OxygenOS:
Version 3.2.1 Based on Android Marshmallow 6.0.1, Default install on OnePlus 3
Version 4.0.2 Based on Android Nougat 7.0

 

Installing the correct Android Version.

If you have files on your phone that you need you can back them up now. The phone will be completely wiped.
Go to the download page of the OnePlus site, and select the version you want. Version 3.2.1 or 4.0.2.
Download it and put the ZIP file on the storage. Shut down the phone so its completely off.
Now boot into recovery mode by pressing the power button and the volume down button.

Select the option "install from internal storage" and select your ZIP file, the clean installation will begin.
When its done, go trough the initial device setup. Now we have the correct hardware with the correct Android version.
Ready for our Nethunter installation.

 

Installing Nethunter.

First we need to download a couple of files. Go to the developer builds and select the latest builds directory.
Here you need to get the correct versions.
Nethunter Generic: nethunter-generic-arm64-kalifs-full-rolling
Kernel-Nethunter: kernel-nethunter-oneplus3-marshmallow or kernel-nethunter-oneplus3-nougat depending on your Android version.
Put both files onto the device.

Then we need to get and install TWRP:
This will make it easy to flash our device and install custom ROMs. Here the link for the OnePlus 3
Download this file, we will need it in a second.

Onto your phone, go to Settings -> About device. Tap 7 times on Build number to enable Developer options.
Now go to Settings -> Developer options.
You need to enable OEM unlock.

Download and install ADB en fastboot. These are tools to communicate with your phone over cli.
Copy your TWRP file into the same directory and open a cmd prompt.

Reboot your device into fastboot mode. To do this, select reboot from the power menu and hold the [Volume Up] + [Power] buttons while your device reboots.
In the command prompt type the following commands:

fastboot oem unlock
fastboot flash recovery twrp.img

Where twrp.img the twrp image file.
Let it install and boot into TWRP. Now you also have a custom bootloader were you can easily boot into fastboot or recovery mode.

Now lets flash our nethunter to the phone.
Still inside TWRP, select FIRST the nethunter-generic-arm64-kalifs zip file and install it.
Afterwards DON'T reboot the phone, While still in TWRP select and install now the kernel-nethunter zip  file.
Let it install, and afterwards reboot your phone. The Nethunter kernel and app are installed.
Now we need to root your phone.

 

Rooting your device.

Download SuperSU.zip File and transfer it to your phone. Reboot your phone into recovery mode so you get the TWRP console.
Press again on install, and select the SuperSU.zip file. Let it install and reboot your phone.
Now the phone is rooted and you can start initializing the nethunter app.
This will install additional applications.

Ready to Rock.

 

Recovery procedure for totally bricked devices.

Well, if you'r reading this, something went wrong. Don't worry it happened to me.
Here the procedure to recover your device when its completly broken. I mean doesn't even give a vibrate when trying to boot.
Original links i found:
Oneplus.net Forum
XDNA forum

Step 1: Download the correct drivers, and recovery software.
Step 2: Extract Drivers and Recovery Tool files in any folder.
Step 3: Turn off Driver Signature Enforcement. To do so, Paste the following command into the Command Prompt window and press Enter:
bcdedit /set testsigning on
And after that just restart your pc and test mode will show up.
Step 4: Press the power button for 40 seconds to turn off the phone.
Step 5: Press only volume up button for a few seconds and while keeping it pressed,connect your phone to PC.Keep volume up pressed till your device shows in device manager as [Unknown Device,QHUSB_BULK (under Unknown Devices) or Qualcomm HS USB (under COMs and Ports)].
Step 6: Right Click on your device in the device manager and select Update Device Software. Choose the .inf file and select Qualcomm 9008 from the listed devices.
Step 7: When the device shows as Qualcomm 9008 ,go to the extracted Recovery Package and run the MSM Download Tool as administrator.
Step 8: Click start at top left corner and wait for it to finish (green text will come).
Step 9: Disconnect phone from PC and boot into system when download is complete

It took me several times to do it correctly.
Important is that you install the drivers, and follow the correct procedure booting the phone.
I got a few boot failures, but eventually got it working.