BACKTRACK-LINUX ON MOTOROLA ATRIX 4G

Hello there,
Last week, I bought an Atrix 4g and I would wanted run bt5 arm.
Now I’m here, writing a little tutorial to do this. Basically it is easy, but need some tricks.
Let’s go …

First, if you is beginner on droid’s world , read a little. ( in my first day with my droid, I do on Power Up the cellphone : -> BOOT FAILED ) LoL .
A good place is XDA DEVELOPERS 

In this link -> http://forum.xda-developers.com/show….php?t=1154600

Step 1 -> Download BT5 ARM from www.backtrack-linux.org/downloads
Step 2 -> You need ROOT your DROID, -> http://forum.xda-developers.com/show….php?t=1255548
Step 3 -> Unpack your BT ARM IMAGE and enter into directory.

Code:
# cd BT5-GNOME-ARM

# ls 
README  bootbt   bt5.img.gz  busybox  fsrw  installbusybox.sh  mountonly  unionfs

-> Unpack bt5.img.gz

Code:
 
# gunzip bt5.img.gz

By default Internal memory is VFAT filesystem and SDCARD, if you use the droid to format too, so we need resize the image ( bt5.img ) to put at VFAT, because the image cannot be bigger than 4GB ( vfat filesystem not permit this )

-> Create another “disk” less than 4GB

Code:
# dd if=/dev/zero of=bt5-new.img bs=1M count=3600

-> Create 2 directories

Code:
# mkdir OLD && mkdir NEW

-> Mount the original image

Code:
# mount -o loop bt5.img OLD
# df -i 
Filesystem            Inodes   IUsed   IFree IUse% Mounted on
.....
.....
.....
/dev/loop0            320000  266729   53271   84% /home/chaos/BT5-GNOME-ARM/OLD

-> Now format the new “disk”

Code:
# mke2fs -N 320000 bt5-new.img

-> Note that I used the same number os INODES that THE ORIGINAL IMAGE *

-> Mount the “disk” and copy the content of ORIGINAL IMAGE TO NEW IMAGE, umount images, delete original image, rename new image, gzip it and delete bootbt script

Code:
# mount -o loop bt5-new.img NEW
# cp -R -f OLD/* NEW/
# umount OLD
#umount NEW
# rm bt5.img
# mv bt5-new.img bt5.img
#gzip bt5.img
# rm bootbt

-> Create a new bootbt file with this content:

Code:
perm=$(id|cut -b 5)

if [ "$perm" != "0" ];then echo "This Script Needs Root! Type : su";exit;fi

busybox sysctl -w net.ipv4.ip_forward=1
export kit=/sdcard/BT5
export bin=/system/bin
export mnt=/data/local/mnt
export PATH=$bin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:$PATH
export TERM=linux
export HOME=/root
losetup /dev/block/loop2 $kit/bt5.img
mount -o noatime -t ext2 /dev/block/loop2 $mnt
mount -t devpts devpts $mnt/dev/pts
mount -t proc proc $mnt/proc
mount -t sysfs sysfs $mnt/sys
echo "nameserver 8.8.8.8" > $mnt/etc/resolv.conf
echo "127.0.0.1 localhost bt5" > $mnt/etc/hosts
busybox chroot $mnt /bin/bash

echo "Stopping Backtrack on Atrix"
umount $mnt/dev/pts
umount $mnt/proc 
umount $mnt/sys
umount $mnt/root/.gvfs
sleep 2
umount $mnt
losetup -d /dev/block/loop2
Code:
# chmod +x bootbt

-> From README FILE <-

-> Go to your platform-tools directory and proceed to make a directory on the device to store BT5:

Code:
    
# ./adb shell
# mkdir /sdcard/BT5
# exit

-> If you ROOTED your droid with ONE CLICK, You ALREADY HAVE BUSYBOX

-> Transfer the required BT5 files to the device:

Code:
# ./adb push fsrw /sdcard/BT5/
# ./adb push mountonly /sdcard/BT5/
# ./adb push bootbt /sdcard/BT5/
# ./adb push bt5.img.gz /sdcard/BT5/
# ./adb push unionfs /sdcard/BT5/

-> Uncompress the image and start BT5:

Code:
# ./adb shell
# su
# cd /sdcard/BT5
# gunzip bt5.img.gz
# sh bootbt

-> If all goes well, you’ll be in the BT5 chroot:

root@localhost:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip
cisco enumeration forensics python sniffers tunneling web

root@localhost:/# passwd

-> change your root password

-> change startvnc script

Code:
root@localhost:/# vi /usr/bin/startvnc

-> THE CONTENT must be

Code:
#!/bin/bash
rm -rf /tmp/.X1*
export USER=root 
vncserver -geometry 960x540

-> change stopvnc script

Code:
root@localhost:/# vi /usr/bin/stopvnc

-> the content MUST be

Code:
#!/bin/bash
export USER=root
vncserver -kill :1

-> CHANGE VNC PASSWORD

Code:
root@localhost:/# vncpasswd

-> Start your GUI and connect it

Code:
root@localhost:/# startvnc

-> USE ANDROID VNC FROM MARKET and connect to localhost and port 5901

ENJOY YOUR BACKTRACK-LINUX in your ATRIX

This entry was posted in Network, Tools and tagged , , , , . Bookmark the permalink.

3 Responses to BACKTRACK-LINUX ON MOTOROLA ATRIX 4G

  1. Fabio Almeida says:

    Awesome document. 100% accurate, saved a lot of research!
    Thank’s a lot, keep the good work :)

    []’s

  2. Question? says:

    Is this basically virtualizing a linux kernel on top of Android? I’m assuming you are issuing all these commands from a Linux host computer and using adb to interface with the Atrix and then booting the filesystem from the host PC while still booted to Android on the phone.

  3. spawn says:

    No, it is chrooted
    :)

Comments are closed.