Kali Linux on the new ASUS C302CA

 

I’ve been looking at Chromebooks for some time to use as a nice portable platform not only to run Linux on, and perhaps do some development, but also to use on PenTesting engagements.   With the release of the ASUS C302CA I finally decided to give this a shot.  Not only does it come with the Pentium m3 processor, it has 4GB of onboard ram and 64GB ssd with ChromeOS loaded up.  Combine that with a touch screen, Android Apps, and tablet mode and the Chromebook already looks like a really attractive platform.

 

The following guide should help you get up and running with Kali, or maybe even a different distribution of your choice. Of course the disclaimers come first.

  • Developer mode is “insecure”

Yeah, you’ll hear that a lot.  Running ChromeOS is marginally more insecure than running a regular Linux distribution and you can probably harden it a bit to make up for those issues such as guest mode having full sudo access.  Also, it’s important to know that Developer mode and the Developer Channel are two different things.  Developer mode refers to running the Chromebook without OS verification turned on while the Developer Channel is the ChromeOS repo for the bleeding edge tested versions of Chromium which may still have bugs.

  • You’ll wipe all your data in Developer mode

Yeah, that can happen too, and will happen when you enable Developer mode the first time.   This is why I’ve chosen to run Kali from a good, fast SD card instead of using Crouton or side loading Linux on the main SSD.  The biggest issue with Developer mode erasure is at the OS Verification page it may not be clear to you at first, or to someone borrowing your Chromebook, whether the space-bar is the right or wrong key to push.  Long story short is that clicking that space-bar instead of CTRL-L or CTRL-D does a powerwash of the Chromebook, setting it back to an out-of-the box state with all local data erased.  I ended up wiping a few times as I was learning my way around the OS and trying to get the Google Android App store working.

So, lesson learned, if you want to run in Developer mode make a backup of anything you want in ChromeOS before you do, otherwise it’s gone forever.  There’s not much point in doing any customization or downloads until after you’re in Dev mode.

  • This guide is a best effort

And I’m not responsible if you lose all your data, if the instructions are wrong, or any of the sources change and you get pwned.  Use at your own risk.

Entering Developer Mode

So, to get started you’ll want to

  1. Power off the Chromebook
  2. While holding down the ESC and REFRESH keys, press the power button to boot in recovery mode
  3. As soon as revocery mode is active, release the keys and press CTRL-D to start developer mode
  4. Read what’s there if you want, or just press enter to start the powerwash and developer mode setup
  5. Wait until it’s done.  It’ll take 10 or 15 minutes for the first setup

When the setup completes it’ll return to the OS Verification Page.  Here’s where from here on out you NEVER want to hit the space bar.   Press CRTL-D at this point to enter the developer mode desktop and start personalizing ChromeOS.  Now might even be a good time to let ChromeOS do all of its updates and set it to the Beta Channel if you want Android App support if the current stable branch doesn’t already have it enabled.

Preparing the SD card

When you’re ready to load Kali, or another distro, read on.   I’m covering Kali here so follow instructions by your favorite distro if they’re provided, but these may work as well.

Things you’ll need:

  • A good 8GB or larger SD card that will be wiped clean
  • An appropriate version of Kali Linux

You’ll want to download the version of Kali that interests you the most.  Make sure you get one of the X86_64 images and stay away from the ARM images.  The C302 is running an Intel Pentium processor so 32 or 64 bit X86 versions should work.  The biggest difference in the available downloads, outside of compatible processors, are the available desktops.   Fossbytes has a few screenshots of the available desktops.  There are also some “light” editions that probably don’t have all the tools installed by default.  Until you’re ready to enable persistence you could always get them all and try them out on separate SD cards, or one at a time on the same card.

Once you’ve got that downloaded you’ll want to open a shell in ChromeOS.   You can do this by

  • Press ctrl-alt-t to open crosh
  • type shell then press enter
  • type sudo bash and press enter

You’ll now be at a root shell in ChromeOS.  Next you’ll want to

  • enter fdisk -l to list all partitions
  • Insert the SD card
  • enter fdisk -l to list all partitions again
  • Take a note of which partition is new

In my case /dev/mmcblk1 was the new partition and may have also been referenced as an existing partition like /dev/mmcblk1p1.  It doesn’t matter, once you’re sure of the right disk you can write Kali to it.

  1. cd to where you downloaded Kali, probably /home/user/{somelongstring}/Downloads
  2. Run the following command to write Kali to the sd card (using your path to sd card

e.x. using the e17 iso

dd if=kali-linux-e17-2016.2-amd64.iso of=/dev/mmcblk1 bs=512k

Give it a bit, it could take 10 minutes or longer to write to the SD card.  But, once it’s completed you’ll be ready to move on to the next step

Upgrading SeaBios

Out of the box the C302 comes with SeaBIOS already loaded.  You don’t have to flash any ROMS or disable write protect to take advantage of USB booting.  But, you will need to upgrade the BIOS so it will search for the SD card.  Out of the box my C302 would only list the primary MMC/SD at the SeaBIOS boot prompt.

To upgrade the BIOS you’ll want to use the script from MrChromebox.  The instructions there are really great but here’s the summary:

  1. Exit from the root shell if you’re still there, otherwise CTRL-ALT-T to open crosh then shell to get a prompt
  2. Run cd; curl -L -O https://mrchromebox.tech/firmware-util.sh && sudo bash firmware-util.sh
  3. Select Option 1 to upgrade the RW_LEGACY firmware
  4. Wait a while for that to download and install

Once that is complete, you can select r to reboot.

Boot your shiny new distro

At the OS Verification screen press CTRL-L to load the SeaBIOS boot menu.  Press esc to load the menu.  You should now see two options.  One for MMC/SD and the other for an SD card with a capacity listed that matches your SD card.  Most likely you’ll press #2 here and congratulations, you are now running Kali Linux.

I’ve essentially just got started with this myself, so there are some more things I want to check out like touch support and some benchmarks.  I’ll update this post if/when I get touch support enabled and I post separately regarding benchmarks.

So, go forth, and do no evil!

 

Kevin

 

Credits and References:

Wallpaper by Martin Driver

SeaBIOS Firmware updates by MrChromebox

Making a Kali Live USB

Adding persistence to Kali Live USB