Security | Backtrack 5 on a Galaxy S Phone blog.l-lacker.

com

http://blog.l-lacker.com/security-backtrack-5-on-a-galaxy-s-phone/

blog.l-lacker.com
Search
May 2011

12

Security | Backtrack 5 on a Galaxy S Phone

Android, backtrack, Root, Security Add comments

I just finished a Backtrack 5 install on my Samsung Galaxy S phone. I will detail out the steps to get it running most Android phones. While this method was ONLY testing on my Galaxy S (Vibrant) but should work with other devices.

README.winning!
I have split this guide into two sections. The first section titled Quick Version is a simple set of steps to get this working on your phone. All the work in the full version has already been completed by using the quick version. The Full Version goes into process detail if you would like to perform all the steps or it may help if you get stuck at any time during the process. This guide will continually be updated to include any feedback or changes.

Quick Version:
1. Download the complete set of files you need from here: http://l-lacker.com/bt5/BT5_ARM_Joined.zip Extract BT5.zip to your phones internal SDcard in a directory called BT5 (cAsE sEnSiTiVe) 2. Launch terminal emulator from your phone and type (everything after the $: or #: is user input): $: su #: cd sdcard #: cd BT5 #: sh bootbt 3. While Backtrack is loaded (when you see a red root@localhost) start the VNC server by typing:root@localhost:~#: startvnc (stopvnc kills it) 4. Launch VNC (im using this)from your phone and point it at 127.0.0.1:5901 VNC pass: toortoor 5. Welcome to Backtrack on your Phone!

Full Version
1. Download a copy of Backtrack 5 for ARM from : http://www.backtrack-linux.org/downloads/ (Be nice and register)
Name: Size: Flavor: Arch: Image: Download: MD5: Update!!! Complete package files that you need to install on your phone can be found here: http://l-lacker.com /bt5/BT5_ARM_Joined.zip Instructions are included. BT5-GNOME-ARM.torrent 1060 GNOME arm IMG Torrent a66bf35409f4458ee7f35a77891951eb

1 din 6

22.02.2013 18:25

Security | Backtrack 5 on a Galaxy S Phone blog.l-lacker.com

http://blog.l-lacker.com/security-backtrack-5-on-a-galaxy-s-phone/

2. Extract and review the README file.

I have posted the readme file here for quick reference, and have just added my notes to during the process. urge you to read the official read me included with the release prior to reading the below with comments. My notes are in bold. I would HIGHLY recommend following busybox instructions for your specific rom. Most of the time this means updating to the latest version, but that is not always the case. The Vibrant comes with 16gig NON removable internal storage. The phone mounts this as the sdcard and the external SD card is removable. I will be using the internal mass storage device to install BT5. Without wasting more time, onto the readme. I

BackTrack 5 ARM Edition Quick Start This image has been developed and tested on the Motorola Xoom. Your mileage may vary on other devices. As this image runs in a chroot, you will need to have your device rooted. There are numerous tutorials on the subject online and are not included here. ***Rooting your device will potentially void its warranty and we are not in any way resposible if you brick your device while rooting it.*** ### IMPORTANT POINTS ### 1. Since the image runs in a chroot, there is no root password set. 2. There are 2 scripts under /usr/bin/ startvnc and stopvnc that are set to start with the Xooms default resolution.

Once Backtrack5 is running off your phones internal storage you will need to edit the scripts to match your phone or devices resolution. In my case, the Vibrant uses 480800. Details on this step later in the instructions.
3. The current vnc password is set to toortoor and can be changed by running vncpasswd 4. This image is a work in progress and suggestions/tips from the community are always welcome. ### GETTING STARTED ###

ADB is a veristile tool when it comes to Android development and interacting with the device and while the below WILL indeed work, and is independent of any OS (assuming you have the Android SDK installed). I felt it was overkill for this task and simply mounted my SDcard and moved the files through OSX finder. I also made changes via another machine using Windows explorer. Again, choose your comfort level, steps 1-5 are simply a means to an end. That end is getting the files onto your SDcard.
1. Once you have downloaded the ARM BT package, save the files in a convenient location. The steps below assume they are in the platform-tools folder of the Android SDK. 2. Go to your platform-tools directory and proceed to make a directory on the device to store BT5: ./adb shell mkdir /sdcard/BT5 exit 3. Copy over the busybox install files: ./adb push busybox /sdcard/ ./adb push installbusybox.sh /sdcard 4. Install busybox on the device: ./adb shell cd /sdcard/ sh installbusybox.sh exit

2 din 6

22.02.2013 18:25

Security | Backtrack 5 on a Galaxy S Phone blog.l-lacker.com

http://blog.l-lacker.com/security-backtrack-5-on-a-galaxy-s-phone/

5. Transfer the required BT5 files to the device: ./adb push fsrw /sdcard/BT5/ ./adb push mountonly /sdcard/BT5/ ./adb push bootbt /sdcard/BT5/ ./adb push bt5.img.gz /sdcard/BT5/ ./adb push unionfs /sdcard/BT5/ 6. Uncompress the image and start BT5: ./adb shell su cd /sdcard/BT5 gunzip bt5.img.gz sh bootbt

My internal SDcard is formated as FAT32 and this file system is required for the phone to interact with the contents on the sd card. I have tried formating the internal card with EXT3, EXT4, exFAT and was greeted each time with a Damaged SD card message. Because of this the installation stops when trying to extract the official bt5.img file from the ARM package as it ends up being >5 gigs. Since there is a 4 gig file limitation on the FAT32 filesystem, we should just give up. Right? Nope, Lets Try Harder.
I have tried splitting the bt5.img and resembling on the device which obviously failed. There is only one thing left to do. Modify the bt5.img file to fit into 4 gigs. What can we remove? 1. Looks like someone over at XDA had the same idea. Therefore, I am going to revisit this section at a later day on how to manually create the image file. I started the process, but decided in my end goal for this post was to have a working Backtrack 5 install on my Vibrant. 2. Since the heavy lifting is done, Its time to grab the files (or contact me for a mirror) , join them together and place this file into the BT5 directory of our sdcard. To join the 3 files from the XDA post together, simply put them all in the same directory and use the cat command to join them: cat bt.7z.* > bt.7z 3. 4. Extract the joined bt.7z file Rename bt.img to bt5.img and grab on that file and move it to your sd cardss BT5 directory. This is what you should end up with in your phones BT5 directory.

Starting BackTrack 5
Once all the files have been transfered, test the installation by trying to start Backtrack from terminal emulator. Success!

3 din 6

22.02.2013 18:25

Security | Backtrack 5 on a Galaxy S Phone blog.l-lacker.com

http://blog.l-lacker.com/security-backtrack-5-on-a-galaxy-s-phone/

If all goes well, youll be in the BT5 chroot:# sh bootbtnet.ipv4.ip_forward = 1root@localhost:/ # ls /pentest/backdoors database exploits passwords scanners stressing voipcisco enumeration forensics python sniffers tunneling webroot@localhost:/#

3. ???? (or is this one profit?) 4. VNC

Here is the fun part, sure the shell is pretty to look at however I want a gui to interact with. Note: Prior to starting the VNC server, you MUST perform this step to alter the screen resolution to match your device by modifying the /usr/bin/startvnc file. If you do not alter the geometry you may encounter the error below.

I modified /usr/bin/startvnc by starting an SSH daemon on my phone and doing the work from a computer.

1. Start the VNC server running on the BT5 phone install.

4 din 6

22.02.2013 18:25

Security | Backtrack 5 on a Galaxy S Phone blog.l-lacker.com

http://blog.l-lacker.com/security-backtrack-5-on-a-galaxy-s-phone/

2. Check the VNC log! BT5 is listening on 5901. Then click connect.

3. Welcome to Backtrack 5!

At the beginning of April I tweeted: Wouldnt this just bring tears to your eyes if it was true? #metasploitonandroid http://twitpic.com/4hfqgz , and now its true. <tear> Huge thanks to the backtrack team for providing an Android version of Backtrack. Great work!

5 din 6

22.02.2013 18:25

Security | Backtrack 5 on a Galaxy S Phone blog.l-lacker.com

http://blog.l-lacker.com/security-backtrack-5-on-a-galaxy-s-phone/

Special thanks to : anantshri at XDA for the advice and doing the hard work of creating the image files so quickly. Be sure to check out his other work.

Posted by admin at 11:32 am

Tagged with: android, backtrack, infosec, Security

Leave a Reply
Name (required)

E-mail

(required)

URI

Your Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Submit Comment

Security | Heeeere Phishy Phishy Phishy

Android | Must have root apps

_ _ _ | | | | | | | |______| | __ _ _ __| | _____ _ __ ___ ___ _ __ ___ | |______| |/ _` |/ __| |/ / _ \ '__/ __/ _ \ | '_ ` _ \ | | | | (_| | (__| < __/ | | (_| (_) | | | | | | |_| |_|\__,_|\___|_|\_\___|_| (_)___\___/|_| |_| |_|

Suffusion theme by Sayontan Sinha

6 din 6

22.02.2013 18:25