Hello there,
Last week, I bought an Atrix 4g and I would wanted run bt5 arm.
Now I’m here, writing a little tutorial to do this. Basically it is easy, but need some tricks.
Let’s go …
First, if you is beginner on droid’s world , read a little. ( in my first day with my droid, I do on Power Up the cellphone : -> BOOT FAILED ) LoL .
A good place is XDA DEVELOPERS 
In this link -> http://forum.xda-developers.com/show….php?t=1154600
Step 1 -> Download BT5 ARM from www.backtrack-linux.org/downloads
Step 2 -> You need ROOT your DROID, -> http://forum.xda-developers.com/show….php?t=1255548
Step 3 -> Unpack your BT ARM IMAGE and enter into directory.
# cd BT5-GNOME-ARM # ls README bootbt bt5.img.gz busybox fsrw installbusybox.sh mountonly unionfs
-> Unpack bt5.img.gz
# gunzip bt5.img.gz
By default Internal memory is VFAT filesystem and SDCARD, if you use the droid to format too, so we need resize the image ( bt5.img ) to put at VFAT, because the image cannot be bigger than 4GB ( vfat filesystem not permit this )
-> Create another “disk” less than 4GB
# dd if=/dev/zero of=bt5-new.img bs=1M count=3600
-> Create 2 directories
# mkdir OLD && mkdir NEW
-> Mount the original image
# mount -o loop bt5.img OLD # df -i Filesystem Inodes IUsed IFree IUse% Mounted on ..... ..... ..... /dev/loop0 320000 266729 53271 84% /home/chaos/BT5-GNOME-ARM/OLD
-> Now format the new “disk”
# mke2fs -N 320000 bt5-new.img
-> Note that I used the same number os INODES that THE ORIGINAL IMAGE *
-> Mount the “disk” and copy the content of ORIGINAL IMAGE TO NEW IMAGE, umount images, delete original image, rename new image, gzip it and delete bootbt script
# mount -o loop bt5-new.img NEW # cp -R -f OLD/* NEW/ # umount OLD #umount NEW # rm bt5.img # mv bt5-new.img bt5.img #gzip bt5.img # rm bootbt
-> Create a new bootbt file with this content:
perm=$(id|cut -b 5) if [ "$perm" != "0" ];then echo "This Script Needs Root! Type : su";exit;fi busybox sysctl -w net.ipv4.ip_forward=1 export kit=/sdcard/BT5 export bin=/system/bin export mnt=/data/local/mnt export PATH=$bin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:$PATH export TERM=linux export HOME=/root losetup /dev/block/loop2 $kit/bt5.img mount -o noatime -t ext2 /dev/block/loop2 $mnt mount -t devpts devpts $mnt/dev/pts mount -t proc proc $mnt/proc mount -t sysfs sysfs $mnt/sys echo "nameserver 8.8.8.8" > $mnt/etc/resolv.conf echo "127.0.0.1 localhost bt5" > $mnt/etc/hosts busybox chroot $mnt /bin/bash echo "Stopping Backtrack on Atrix" umount $mnt/dev/pts umount $mnt/proc umount $mnt/sys umount $mnt/root/.gvfs sleep 2 umount $mnt losetup -d /dev/block/loop2
# chmod +x bootbt
-> From README FILE <-
-> Go to your platform-tools directory and proceed to make a directory on the device to store BT5:
# ./adb shell # mkdir /sdcard/BT5 # exit
-> If you ROOTED your droid with ONE CLICK, You ALREADY HAVE BUSYBOX
-> Transfer the required BT5 files to the device:
# ./adb push fsrw /sdcard/BT5/ # ./adb push mountonly /sdcard/BT5/ # ./adb push bootbt /sdcard/BT5/ # ./adb push bt5.img.gz /sdcard/BT5/ # ./adb push unionfs /sdcard/BT5/
-> Uncompress the image and start BT5:
# ./adb shell # su # cd /sdcard/BT5 # gunzip bt5.img.gz # sh bootbt
-> If all goes well, you’ll be in the BT5 chroot:
root@localhost:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip
cisco enumeration forensics python sniffers tunneling web
root@localhost:/# passwd
-> change your root password
-> change startvnc script
root@localhost:/# vi /usr/bin/startvnc
-> THE CONTENT must be
#!/bin/bash rm -rf /tmp/.X1* export USER=root vncserver -geometry 960x540
-> change stopvnc script
root@localhost:/# vi /usr/bin/stopvnc
-> the content MUST be
#!/bin/bash export USER=root vncserver -kill :1
-> CHANGE VNC PASSWORD
root@localhost:/# vncpasswd
-> Start your GUI and connect it
root@localhost:/# startvnc
-> USE ANDROID VNC FROM MARKET and connect to localhost and port 5901
ENJOY YOUR BACKTRACK-LINUX in your ATRIX
Awesome document. 100% accurate, saved a lot of research!
Thank’s a lot, keep the good work
[]‘s
Is this basically virtualizing a linux kernel on top of Android? I’m assuming you are issuing all these commands from a Linux host computer and using adb to interface with the Atrix and then booting the filesystem from the host PC while still booted to Android on the phone.
No, it is chrooted