Hello there,
Last week, I bought an Atrix 4g and I would wanted run bt5 arm.
Now I’m here, writing a little tutorial to do this. Basically it is easy, but need some tricks.
Let’s go …
First, if you is beginner on droid’s world , read a little. ( in my first day with my droid, I do on Power Up the cellphone : -> BOOT FAILED ) LoL .
A good place is XDA DEVELOPERS 
In this link -> http://forum.xda-developers.com/show….php?t=1154600
Step 1 -> Download BT5 ARM from www.backtrack-linux.org/downloads
Step 2 -> You need ROOT your DROID, -> http://forum.xda-developers.com/show….php?t=1255548
Step 3 -> Unpack your BT ARM IMAGE and enter into directory.
Code:
# cd BT5-GNOME-ARM
# ls
README bootbt bt5.img.gz busybox fsrw installbusybox.sh mountonly unionfs
-> Unpack bt5.img.gz
Code:
# gunzip bt5.img.gz
By default Internal memory is VFAT filesystem and SDCARD, if you use the droid to format too, so we need resize the image ( bt5.img ) to put at VFAT, because the image cannot be bigger than 4GB ( vfat filesystem not permit this )
-> Create another “disk” less than 4GB
Code:
# dd if=/dev/zero of=bt5-new.img bs=1M count=3600
-> Create 2 directories
Code:
# mkdir OLD && mkdir NEW
-> Mount the original image
Code:
# mount -o loop bt5.img OLD
# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
.....
.....
.....
/dev/loop0 320000 266729 53271 84% /home/chaos/BT5-GNOME-ARM/OLD
-> Now format the new “disk”
Code:
# mke2fs -N 320000 bt5-new.img
-> Note that I used the same number os INODES that THE ORIGINAL IMAGE *
-> Mount the “disk” and copy the content of ORIGINAL IMAGE TO NEW IMAGE, umount images, delete original image, rename new image, gzip it and delete bootbt script
Code:
# mount -o loop bt5-new.img NEW
# cp -R -f OLD/* NEW/
# umount OLD
#umount NEW
# rm bt5.img
# mv bt5-new.img bt5.img
#gzip bt5.img
# rm bootbt
-> Create a new bootbt file with this content:
Code:
perm=$(id|cut -b 5)
if [ "$perm" != "0" ];then echo "This Script Needs Root! Type : su";exit;fi
busybox sysctl -w net.ipv4.ip_forward=1
export kit=/sdcard/BT5
export bin=/system/bin
export mnt=/data/local/mnt
export PATH=$bin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:$PATH
export TERM=linux
export HOME=/root
losetup /dev/block/loop2 $kit/bt5.img
mount -o noatime -t ext2 /dev/block/loop2 $mnt
mount -t devpts devpts $mnt/dev/pts
mount -t proc proc $mnt/proc
mount -t sysfs sysfs $mnt/sys
echo "nameserver 8.8.8.8" > $mnt/etc/resolv.conf
echo "127.0.0.1 localhost bt5" > $mnt/etc/hosts
busybox chroot $mnt /bin/bash
echo "Stopping Backtrack on Atrix"
umount $mnt/dev/pts
umount $mnt/proc
umount $mnt/sys
umount $mnt/root/.gvfs
sleep 2
umount $mnt
losetup -d /dev/block/loop2
-> From README FILE <-
-> Go to your platform-tools directory and proceed to make a directory on the device to store BT5:
Code:
# ./adb shell
# mkdir /sdcard/BT5
# exit
-> If you ROOTED your droid with ONE CLICK, You ALREADY HAVE BUSYBOX
-> Transfer the required BT5 files to the device:
Code:
# ./adb push fsrw /sdcard/BT5/
# ./adb push mountonly /sdcard/BT5/
# ./adb push bootbt /sdcard/BT5/
# ./adb push bt5.img.gz /sdcard/BT5/
# ./adb push unionfs /sdcard/BT5/
-> Uncompress the image and start BT5:
Code:
# ./adb shell
# su
# cd /sdcard/BT5
# gunzip bt5.img.gz
# sh bootbt
-> If all goes well, you’ll be in the BT5 chroot:
root@localhost:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip
cisco enumeration forensics python sniffers tunneling web
root@localhost:/# passwd
-> change your root password
-> change startvnc script
Code:
root@localhost:/# vi /usr/bin/startvnc
-> THE CONTENT must be
Code:
#!/bin/bash
rm -rf /tmp/.X1*
export USER=root
vncserver -geometry 960x540
-> change stopvnc script
Code:
root@localhost:/# vi /usr/bin/stopvnc
-> the content MUST be
Code:
#!/bin/bash
export USER=root
vncserver -kill :1
-> CHANGE VNC PASSWORD
Code:
root@localhost:/# vncpasswd
-> Start your GUI and connect it
Code:
root@localhost:/# startvnc
-> USE ANDROID VNC FROM MARKET and connect to localhost and port 5901
ENJOY YOUR BACKTRACK-LINUX in your ATRIX