This project provides a custom Kali NetHunter kernel (Linux 4.14.336) tailored specifically for the Xiaomi "Miatoll" unified family. Built exclusively for LineageOS 22.2 (Android 15), it natively supports advanced penetration testing, SDR, and wireless auditing. The release is packaged as a single ZIP file intended strictly for flashing via custom recovery.
Caution
Flash At Your Own Risk:
Modifying your device's kernel inherently carries risks. I am not responsible for bricked devices, dead SD cards, data loss, or hardware damage. By choosing to flash this release, you assume full responsibility for your hardware. Always back up your boot and dtbo partitions before proceeding!
Warning
Educational & Authorized Use Only: This kernel and its included drivers are intended strictly for educational purposes, ethical hacking, and authorized security auditing. You are solely responsible for compliance with all local, state, and federal laws. I absolutely do not condone or support illegal activities, and I assume no liability for the misuse of this software.
Important
Strict ROM Requirement: This kernel is compiled exclusively for LineageOS 22.2 (Android 15). Do not attempt to flash this over stock HyperOS, MIUI, or generic AOSP ROMs, as it will almost certainly result in a bootloop. Please verify your current ROM and Android version before installing.
While "Miatoll" is a unified tree, I have personally only tested this on the Redmi Note 9 Pro (joyeuse). Other devices marked as tested have been verified by the community.
| Device Name | Codename | Status | Notes |
|---|---|---|---|
| Redmi Note 9 Pro | joyeuse |
☑ Tested & Working | Fully supported. |
| Redmi Note 9S | curtana |
☐ Untested | May bootloop. Flash with caution. |
| Redmi Note 9 Pro Max | excalibur |
☑ Tested & Working | Fully supported (Community Verified). |
| POCO M2 Pro | gram |
☐ Untested | May bootloop. Flash with caution. |
If you successfully test this on curtana or gram, please open an Issue to let me know so I can update this list!
- mac80211 Patched: The core wireless stack is modified with the
add-wifi-injection-4.14.patchto allow raw frame injection and MAC spoofing. Generic IEEE 802.11 stack (mac80211) and cfg80211 wireless extensions compatibility are fully enabled. - Built-in Wireless Auditing: Native monitor mode and raw packet injection are fully enabled on the internal Qualcomm chip (
qcacld-3.0) via theadd-qcacld-3.0-injection-4.14-sm6125-v2.patch. - USB Arsenal (Gadgets & HID): Full ConfigFS support is enabled for USB attacks. This includes modules for Generic serial, CDC ACM, CDC ECM, OBEX, and RNDIS. It also features Mass Storage for CDROM emulation and HID function for acting as a keyboard/mouse.
- SDR (Software Defined Radio): The kernel includes multimedia and software-defined radio support. Drivers are enabled for AirSpy, HackRF, Mirics MSi2500, and Realtek RTL2832 DVB-T/SDR devices.
- External Bluetooth Auditing: Added native kernel support for external Bluetooth 5.0/5.3 adapters like the TP-Link UB500 (Realtek RTL8761B/BU chipset) via the
add-ub500-to-btusb.patch. - Bluetooth Arsenal: Bluetooth subsystem support is expanded with HCI USB/UART drivers. This includes specific protocol support for Broadcom, Realtek, and Virtual HCI devices.
- Network & NFS: USB Network Adapters are supported, specifically RTL8150 and RTL8152/RTL8153 based ethernet devices. Additionally, Network File Systems (NFS) v2, v3, and v4 client and server support are enabled.
- Compiler Tweaks:
LTO_CLANGis explicitly disabled. This ensures compatibility with legacy wireless tools (likeiwconfig) and prevents the modern AOSP Clang compiler from breaking out-of-tree custom wireless drivers. - Wi-Fi Drivers Built as Modules (
=m): Custom drivers are built as loadable modules. The kernel is configured with module unloading and versioning support to manage these dynamically. - CAN Bus Routing (CARsenal): CAN bus subsystem support is enabled. Per custom configuration, this includes specific support for the ISO 15765-2 Driver CAN-ISOTP and the Hlcan driver via the usb-can-2-module.
While the internal Wi-Fi chip now fully supports monitor mode and injection, you may still want to use external adapters for better range or specific frequency targeting. This kernel integrates the latest out-of-tree pentesting drivers alongside classic native Linux kernel drivers.
Compatibility is determined by your adapter's internal chipset, not the brand name. This kernel integrates the latest out-of-tree pentesting drivers alongside classic native Linux kernel drivers.
Important: The custom drivers below are built as loadable modules. You must manually load the corresponding
.kofile (see instructions below) when plugging in your adapter.
| Target Chipsets | Module Name | Popular Hardware Examples |
|---|---|---|
| RTL8812AU / 21AU / 14AU | 88XXau.ko |
ALFA AWUS036ACH, ACS, 1900 |
| RTL8188EUS / 8188EU | 8188eu.ko |
TP-Link TL-WN722N (V2/V3), ALFA AWUS036NHV |
| RTL8812BU / 8822BU | 88x2bu.ko |
ALFA AWUS036ACU, generic 802.11ac AC1200 |
| RTL8192EU | 8192eu.ko |
TP-Link TL-WN821N (V6), TL-WN822N (V4/V5), TL-WN823N (V2/V3) |
* I do not own these specific RTL8812AU adapters (88XXau.ko), so they are currently untested. Please open an issue if you can verify they work!
Because the custom Realtek drivers are built as modules, they must be manually loaded when you plug in your external adapter.
Method 1: NetHunter App (Recommended & Easy)
- Open the Kali NetHunter App.
- Navigate to the Modules section in the side menu.
- Change the default module path to exactly:
/data/adb/modules/ak3-helper/system_root/lib/modules/ - Hit the Refresh button and your drivers will appear. You can easily toggle them on or off with a tap.
Method 2: Terminal (Manual) If you prefer the command line, open a NetHunter Root Terminal and run:
cd /data/adb/modules/ak3-helper/system_root/lib/modules/
insmod 8188eu.ko # For TL-WN722N v2/v3
insmod 88XXau.ko # For ALFA AWUS036ACH
insmod 8192eu.ko # For RTL8192EU based adapters
insmod 88x2bu.ko # For RTL8812BU/RTL8822BU based adaptersTo successfully run this kernel and the NetHunter environment, you must use the following specific tools:
- Recovery: OrangeFox Recovery
- CRITICAL: Make sure you download the FBEv2 Variant to properly handle Android 15 file-based encryption.
- Root: Magisk
- Tested on version 30.7 (older versions should also work).
- NetHunter Userland: Generic Arm64 Full (Weekly)
Tip
NetHunter Userland: I strongly advise downloading the Weekly Release instead of Stable. The Weekly image consistently includes crucial bug fixes and patched applications that are often missing or broken in the older Stable releases.
- Download the latest release zip (e.g.,
AnyKernel3-Miatoll-LOS22.2-vX.X.zip) from the Releases Page to your device. - Boot your device into OrangeFox Recovery (FBEv2 variant).
- Create a backup of your current
bootanddtbopartitions. - Flash the downloaded
AnyKernel3zip file. - Reboot to system.
- Open the NetHunter App and verify that the kernel version matches something similar to
4.14.336-Nethunter-Miatoll-LOS22.
Note
Building from source is NOT required! A ready-to-flash zip is always available on the Releases Page. These instructions are specifically for developers who want to modify the kernel, change configurations, or compile it themselves.
The custom drivers and injection patches are already integrated into the source. Here are the compiling instructions:
- Install Build Dependencies: Before compiling, ensure your system has all the required packages installed. See the LineageOS Build Guide for Miatoll.
- Clone this repository with all submodules:
git clone --recurse-submodules --depth 1 https://github.com/petros402/android_kernel_xiaomi_sm6250.git
cdinto thekali-nethunter-kernel-builder/directory and run./build.sh.- Run option
Sto Set up the environment & download toolchains. - Run option
2to Configure & compile the kernel from scratch.- The builder will ask which defconfig to use, choose
miatoll_nethunter_defconfig. - It will ask if you wish to edit the config. Type
n(everything is already configured).
- The builder will ask which defconfig to use, choose
- After compilation ends successfully, generate the flashable zip by choosing option
6("Create Anykernel zip"). - Your flashable
anykernel-NetHunter.zipwill be in thekali-nethunter-kernel-builder/output/directory.
- NetHunter Team: Huge thanks to Kali Linux & the NetHunter team for the NetHunter Kernel Builder architecture and porting guides.
- Base Kernel: LineageOS (android_kernel_xiaomi_sm6250) & Xiaomi
- Flashing Mechanism: AnyKernel3 by osm0sis for the robust kernel flashing backend.
- Wi-Fi Drivers:
- The Aircrack-ng Team for the heavily patched
rtl8188eusandrtl8812ausource code. - Mange for the integrated out-of-tree rtl8192eu Linux driver.
- morrownr for the 88x2bu Linux driver source code.
- The Aircrack-ng Team for the heavily patched
- CAN Bus Drivers:
- V0lk3n for the out-of-tree usb-can-2-module and can-isotp integrations used for CARsenal.
- This kernel is licensed under the GNU General Public License v2.0 (GPL-2.0).