Over the past year I have been independently working on own Linux pen test environment as proof of concept for security policies. Pretty sure a lot of people will find this useful for their own use so dumping it here for others to use (just attribute). The AndroidClone dev team was inspired by the concepts behind bootubuntu, but we had ideas on another way to script and implement them to overcome the limitations experienced by chrooting into a mobile environment. Hence, the bootLaika bootscript was born. This post describes the results and shares the awesomeness…

The main benefit of this script are these:

1 Minimized to core needs
2 Removes redundant and defunct items
3 Able to define mount points to call up and mount different images
4 If following the proper cycle, endless ability for loop devices
5 Allows larger file directory size for saving scans, network captures, and pen test results to bring back to home base

To use this bootscript for other Linux distributions adopted to ARM devices using the chroot method, you will need to adapt file names and file directories. Please do make mention of the bootlaika bootscript for Laika Linux if you decide to use our method.

Here’s the script:
Code:
    # This didn’t work out, oh well. !/bin/bash
    mkdir /mnt/laika
    mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
    # You can make other loop devices and pair them with the image files following this example
    # I left in a commented out usr.img if you wanted to make your own
    # first make a loop device, then pair it to an image, and then mount it last in the chain.
    # Don’t forget to add it to the end to unmount it
    mknod /dev/loop0 b 7 0
    mknod /dev/loop1 b 7 1
    # mknod /dev/loop2 b 7 2
    losetup /dev/loop0 /sdcard/laika/laika.img
    losetup /dev/loop1 /sdcard/laika/var.img
    # losetup /dev/loop2 /sdcard/laika/usr.img
    export bin=/system/bin
    export PATH=$bin:/usr/bin:/usr/sbin:/bin:$PATH
    export TERM=linux
    export HOME=/root
    mount -o noatime -t ext2 /dev/loop0 /mnt/laika
    mount -o noatime -t ext2 /dev/loop1 /mnt/laika/var
    # mount -o noatime -t ext2 /dev/loop2 /mnt/laika/usr
    mount -t devpts devpts /mnt/laika/dev/pts
    mount -t proc none /mnt/laika/proc
    mount -t sysfs sysfs /mnt/laika/sys
    echo ” “
    echo ” Fancy Ascii Art for Laika edited out!”
    echo ” To save space!”
    echo ” “
    echo “Laika Linux – Brought to you by AndroidClone.com”
    echo ” “
    echo “Lead Developer – jus…@androidclone.com”
    echo “Project Coordinator – jay…@jaycehaliwell.com”
    echo ” “
    echo “Enter cat README to view the readme file”
    echo ” “
    chroot /mnt/laika /bin/bash
    echo ” “
    echo “Shutting down Laika Linux….”
    # umount /mnt/laika/usr
    umount /mnt/laika/var
    umount /mnt/laika/dev/pts
    umount /mnt/laika/proc
    umount /mnt/laika/sys
    fuser -k /mnt/laika
    umount /mnt/laika
With this script, there are more loop devices to increase the overall image file size and organization. If done properly, it’s possible to have multiple assigned loop devices instead of just one randomly created one. The key here is assigned. During the load up process, each loop device needs to be created and assigned a proper mount point. Here’s a portion of the bootscript in more detail and relevant information:

Code:
    mknod /dev/loop0 b 7 0
    mknod /dev/loop1 b 7 1
    mknod /dev/loop2 b 7 2
    losetup /dev/loop0 /sdcard/laika/laika.img
    losetup /dev/loop1 /sdcard/laika/var.img
    losetup /dev/loop2 /sdcard/laika/usr.img
    mount -o noatime -t ext2 /dev/loop0 /mnt/laika
    mount -o noatime -t ext2 /dev/loop1 /mnt/laika/var
    mount -o noatime -t ext2 /dev/loop2 /mnt/laika/usr
In this example there are three loop devices with an assigned image file to mount, they are:

loop 0 = laika.img
loop 1 = var.img
loop 2 = usr.img
Each loop and assignment has three parts:

mknod /dev/loop0 b 7 0

This makes the loop0 block device (the ‘b’), our first block device. Remember, counting starts at 0.

If you want to add more, each loop is incremental, meaning add one to these two areas:

mknod /dev/loop1 b 7 1

The second loop device is now loop1, and the 0 at the end is now a 1, 7 stays the same.

The next part is to make sure each loop device is assigned an appropriate image file, to ensure load order and proper load. Do that with the following:

losetup /dev/loop0 /sdcard/laika/laika.img

This says loop0 is paired with the laika.img from the SD Card.

The next part actually mounts the image files:

mount -o noatime -t ext2 /dev/loop0 /mnt/laika

The assigned loop device is then mounted to mount location as the chroot (Change root) image is built up directory by directory.

Each successive mount increases the size of the file directory and structure as it builds up. It’s like creating a different partition for each file. We had some problems compiling and building packages due to size limitations. This bootscript fixes those problems by increasing dedicated size for images.

The only remaining limitation is the SD Card size; 8 GB seems to be fairly common now for usage. I personally run 12 GB for the images I use off of a 16 GB sd-card. That allows for a lot more room to save network scans and capture results while I’m at one of the branch offices.