Hello there,
Last week, I bought an Atrix 4g and I would wanted run bt5 arm.
Now I’m here, writing a little tutorial to do this. Basically it is easy, but need some tricks.
Let’s go …
First, if you is beginner on droid’s world , read a little. ( in my first day with my droid, I do on Power Up the cellphone : -> BOOT FAILED ) LoL .
A good place is XDA DEVELOPERS 
In this link -> http://forum.xda-developers.com/show….php?t=1154600
Step 1 -> Download BT5 ARM from www.backtrack-linux.org/downloads
Step 2 -> You need ROOT your DROID, -> http://forum.xda-developers.com/show….php?t=1255548
Step 3 -> Unpack your BT ARM IMAGE and enter into directory.
# cd BT5-GNOME-ARM # ls README bootbt bt5.img.gz busybox fsrw installbusybox.sh mountonly unionfs
-> Unpack bt5.img.gz
# gunzip bt5.img.gz
By default Internal memory is VFAT filesystem and SDCARD, if you use the droid to format too, so we need resize the image ( bt5.img ) to put at VFAT, because the image cannot be bigger than 4GB ( vfat filesystem not permit this )
-> Create another “disk” less than 4GB
# dd if=/dev/zero of=bt5-new.img bs=1M count=3600
-> Create 2 directories
# mkdir OLD && mkdir NEW
-> Mount the original image
# mount -o loop bt5.img OLD # df -i Filesystem Inodes IUsed IFree IUse% Mounted on ..... ..... ..... /dev/loop0 320000 266729 53271 84% /home/chaos/BT5-GNOME-ARM/OLD
-> Now format the new “disk”
# mke2fs -N 320000 bt5-new.img
-> Note that I used the same number os INODES that THE ORIGINAL IMAGE *
-> Mount the “disk” and copy the content of ORIGINAL IMAGE TO NEW IMAGE, umount images, delete original image, rename new image, gzip it and delete bootbt script
# mount -o loop bt5-new.img NEW # cp -R -f OLD/* NEW/ # umount OLD #umount NEW # rm bt5.img # mv bt5-new.img bt5.img #gzip bt5.img # rm bootbt
-> Create a new bootbt file with this content:
perm=$(id|cut -b 5) if [ "$perm" != "0" ];then echo "This Script Needs Root! Type : su";exit;fi busybox sysctl -w net.ipv4.ip_forward=1 export kit=/sdcard/BT5 export bin=/system/bin export mnt=/data/local/mnt export PATH=$bin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:$PATH export TERM=linux export HOME=/root losetup /dev/block/loop2 $kit/bt5.img mount -o noatime -t ext2 /dev/block/loop2 $mnt mount -t devpts devpts $mnt/dev/pts mount -t proc proc $mnt/proc mount -t sysfs sysfs $mnt/sys echo "nameserver 8.8.8.8" > $mnt/etc/resolv.conf echo "127.0.0.1 localhost bt5" > $mnt/etc/hosts busybox chroot $mnt /bin/bash echo "Stopping Backtrack on Atrix" umount $mnt/dev/pts umount $mnt/proc umount $mnt/sys umount $mnt/root/.gvfs sleep 2 umount $mnt losetup -d /dev/block/loop2
# chmod +x bootbt
-> From README FILE <-
-> Go to your platform-tools directory and proceed to make a directory on the device to store BT5:
# ./adb shell # mkdir /sdcard/BT5 # exit
-> If you ROOTED your droid with ONE CLICK, You ALREADY HAVE BUSYBOX
-> Transfer the required BT5 files to the device:
# ./adb push fsrw /sdcard/BT5/ # ./adb push mountonly /sdcard/BT5/ # ./adb push bootbt /sdcard/BT5/ # ./adb push bt5.img.gz /sdcard/BT5/ # ./adb push unionfs /sdcard/BT5/
-> Uncompress the image and start BT5:
# ./adb shell # su # cd /sdcard/BT5 # gunzip bt5.img.gz # sh bootbt
-> If all goes well, you’ll be in the BT5 chroot:
root@localhost:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip
cisco enumeration forensics python sniffers tunneling web
root@localhost:/# passwd
-> change your root password
-> change startvnc script
root@localhost:/# vi /usr/bin/startvnc
-> THE CONTENT must be
#!/bin/bash rm -rf /tmp/.X1* export USER=root vncserver -geometry 960x540
-> change stopvnc script
root@localhost:/# vi /usr/bin/stopvnc
-> the content MUST be
#!/bin/bash export USER=root vncserver -kill :1
-> CHANGE VNC PASSWORD
root@localhost:/# vncpasswd
-> Start your GUI and connect it
root@localhost:/# startvnc
-> USE ANDROID VNC FROM MARKET and connect to localhost and port 5901
ENJOY YOUR BACKTRACK-LINUX in your ATRIX