Results 1 to 10 of 11

Thread: Backtrack 5 on the Galaxy S3

Threaded View

  1. #1
    Just burned his ISO
    Join Date
    Aug 2012
    Posts
    1

    Default Backtrack 5 on the Galaxy S3

    At the time of this writing, 02SEP2012, the only ARM release of Backtrack 5 is the original one that came out in May of 2011. If any of you have tried running this on an Android phone or tablet, then you will have noticed that it is lacking some functionality.

    You will need a rooted Galaxy S3. You will also need to install Busybox and android-vnc-viewer(free from the Market/Google Play Store).

    First download the ARM processor version of Backtrack 5 from the Backtrack 5 website. http://www.backtrack-linux.org/downloads/

    With your rooted Galaxy S3, load the following files to /sdcard/bt5

    This is the phone's internal memory.

    bt5.img.gz
    busybox
    fsrw
    installbusybox.sh
    mountonly
    README
    unionfs

    (notice that we are transferring everything except bootbt)

    (we are going to edit the bootbt that comes with the Backtrack 5 install to suit our purposes)

    Edit bootbt to look like the following:

    ##########################################
    #Back Track boot script V5 for Android #
    #Built by Zachary Powell (zacthespack) #
    #Modded for Galaxy S3 by Michael Lee on 01SEP2012 #
    #Thanks to everyone at XDA! #
    ##########################################
    perm=$(id|cut -b 5)
    if [ "$perm" != "0" ];then echo "This script requires root! Type: su"; exit; fi
    mount -o remount,rw /dev/block/mmcblk0p5 /system
    export kit=/sdcard/bt5
    export bin=/system/bin
    export mnt=/data/local/mnt
    export sdcard=/mnt/sdcard
    export extsd=/mnt/extSdCard
    export USER=root
    if [ ! -d "$mnt" ]; then
    mkdir $mnt
    fi
    export PATH=$bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:$PATH
    export TERM=linux
    export HOME=/root
    if [ -b /dev/block/loop255 ]; then
    echo "Loop device exists"
    else
    busybox mknod /dev/block/loop255 b 7 255
    fi
    #mount -o loop,noatime -t ext2 $kit/bt5.img $mnt
    losetup /dev/block/loop255 $kit/bt5.img
    mount -t ext2 /dev/block/loop255 $mnt
    mount -t devpts devpts $mnt/dev/pts
    mount -t proc proc $mnt/proc
    mount -t sysfs sysfs $mnt/sys
    mount -o bind /mnt/sdcard $sdcard
    mount -o bind /mnt/extSdCard $extsd

    if [ ! -d "/data/local/mnt/sdcard" ]; then
    mkdir /data/local/mnt/sdcard
    fi
    busybox mount -o bind /sdcard /data/local/mnt/sdcard
    busybox sysctl -w net.ipv4.ip_forward=1
    echo "nameserver 8.8.8.8" > $mnt/etc/resolv.conf
    echo "nameserver 8.8.4.4" >> $mnt/etc/resolv.conf
    echo "127.0.0.1 localhost bt5" > $mnt/etc/hosts
    echo "Back Track is configured with SSH and VNC servers that can be accessed from the IP:"
    ifconfig wlan0
    echo " "
    busybox chroot $mnt /bin/bash

    echo "Shutting down BackTrack ARM"
    umount $sdcard
    umount $extsd
    umount $mnt/dev/pts
    umount $mnt/proc
    umount $mnt/sys
    umount $mnt
    losetup -d /dev/block/loop255


    Copy bootbt over to your phone to /sdcard/bt5

    Now, make sure that you are connected to local Wifi hotspot with your phone's wifi. The interface will eventually show up from inside BackTrack as wlan0.

    Next, launch a terminal window from the Terminal Emulator app (available from the Market/Google Play Store).

    Type the following:

    su
    cd /sdcard/bt5
    gunzip bt5.img.gz
    # the unzipping/decompressing of the image will take a few minutes
    sh bootbt
    *Backtrack 5 will start*

    startvnc

    Now, you have two options. You can launch android-vnc-viewer from within the Android OS or you can connect remotely to Backtrack 5 running on the phone.

    127.0.0.1:5901 (for android-vnc-viewer on Android)

    (Optionally, 192.168.1.XXX:5901 if connecting from a Windows machine with VNC Viewer. This assumes that you have connected to your LAN via the phones wifi connection.)
    user:root
    password:toortoor

    #DO ALL OF THE FOLLOWING FROM A TERMINAL WINDOW FROM WITHIN BACKTRACK 5
    #IGNORE ALL OF THE OPTIONS FROM THE APPLICATIONS MENU IN THE UPPER LEFT FOR NOW
    #ESPECIALLY AND SPECIFICALLY, DO NOT RUN msfupdate FROM THE APPLICATIONS MENU, IT WILL RESULT IN ERRORS
    #I HAVE NOT SCRIPTED ALL OF THIS YET, BUT YOU ARE CERTAINLY WELCOME TO

    #Open a terminal window and run:

    msfupdate
    #(this may take a while)
    #go make a sandwich
    #take a break
    #seriously
    # and if it fails, then you will have to restart this process from a freshly decompressed image from 'gunzip bt5.img.gz'
    # so make sure you have a good wireless connection. If it gets interrupted, then same thing.
    # The easiest thing is to start from a freshly decompressed image from 'gunzip bt5.img.gz'

    Next run:

    gem install json
    #(Ruby needs this for scrutinizer_add_user.rb for use the Metasploit)
    gem install msgpack
    #(Ruby needs this for proper startup of armitage with metasploit)

    Run:

    msfconsole

    # to test Metasploit (it will complain about not being able to connect to a database, but you should still get the console prompt)
    # don't worry about the database issue for now, it will be fixed later

    apt-get update

    Next, we are going to install the aircrack suite. The following script will perform all of the necessary steps. Edit it to suit your needs. If your bootbt script is in good order, then you don't need to execute the PATH commands at the end.

    # install dependency for libssl-dev
    # this is optional as it should already be in the default BT5 install
    apt-get install zlib1g-dev

    # install libssl-dev
    # this link for wget will need to be updated at some future time as new releases come out
    wget http://launchpadlibrarian.net/644124...u8.6_armel.deb
    # This could be an acceptable substitute
    # wget http://security.debian.org/debian-se...ze13_armel.deb
    dpkg --install libssl-dev_0.9.8k-7ubuntu8.6_armel.deb
    rm libssl-dev_0.9.8k-7ubuntu8.6_armel.deb

    # get and install aircrack-ng
    apt-get install source-aircrack-ng
    cd /var/backtrack/sources/aircrack-ng/1.1/bt9/upstream-sources/
    tar -xzf aircrack-ng.tar.gz
    cd aircrack-ng/
    # if you want to add support for airolib-ng support, then you will run the following:
    # make sqlite=true
    # make sqlite=true install
    # otherwise, just run the next two commands
    make
    make install

    airodump-ng-oui-update

    # set path variable
    # optional as it should have already been done
    echo "export PATH=$PATH:/usr/local/sbin" >> ~/.bashrc
    export PATH=$PATH:/usr/local/sbin

    Now, for SslStrip installation:

    # These python modules should already be installed
    apt-get install python
    apt-get install python-web-twisted

    cd /var/backtrack/sources
    wget http://www.thoughtcrime.org/software...rip-0.9.tar.gz
    tar -xzf sslstrip-0.9.tar.gz
    rm sslstrip-0.9.tar.gz
    cd sslstrip-0.9
    python ./setup.py install

    When you are all done, you can return to the Terminal Emulator window and type:

    stopvnc

    exit

    Reboot your phone to completely clear Backtrack 5 from memory. Your changes to the image should remain even after a reboot.

    #I found all of the above installs to be necessary since whenever I tried to run them from a terminal window, they would not run. Even if that was correctable via a $PATH setting, I opted for these installs.

    With all of that said, I have been having a hell of a time trying to get Metasploit working properly. I have come to find out that the ARM release of Backtrack does not come with either MySQL or PostgreSQL. Having either PostgreSQL or MySQL is necessary for use with msfconsole (Metasploit). There is nothing to indicate the presence of either of these in /etc/init.d. Similarly, when a 'service --status-all' is run, nothing of significance is in that list. No postgres, sql, framework, or anything else.

    This means that postgresql has to be installed manually, but "apt-get install postgresql" or "apt-get install postgresql-8.4" doesn't work either. They aren't in the default repositories. This further means you have two options if you want postgresql.

    You can install the packages manually (I have already written a script that does this) or you can edit /etc/apt/sources.list. Uncomment the first two lines in /etc/apt/sources.list and then add "universe multiverse" to the ends of those two lines. Save, close. Run "apt-get update" and then "apt-get install postgresql-8.4".

    The problem is that the installer can't seem to bind to an IP version 4 loopback (I think). This might be correctable via an edit to /etc/sysctl.conf, but I'm not sure.

    *Edit on September 7th, 2012*
    Metasploit has done away with the db_driver command within msfconsole which forces the use of postgresql. Using mysql or sqlite3 are no longer options within msfconsole. So if there is no postgresql installed, then it must be installed. This seems to be the only obstacle now. I am still trying to find a solution. A higher version of postgresql might be the answer.

    In short, this is still being worked on.


    Now, the final challenge, as most of you know, is how to get the wlan0 interface into monitor mode. This is not possible yet afaik.

    *IF ANY OF YOU BACKTRACK DEVELOPERS READ THIS, THEN PLEASE CONSIDER RELEASING A MORE UPDATED AND FUNCTIONAL ARM VERSION OF BT5 SO ALL OF THIS IS NOT NECESSARY*
    *I DON'T NEED MONITOR MODE, BUT CONSIDER FIXING THE POSTGRESQL/MSFCONSOLE ISSUE*

    That is all for now.
    File allegati File allegati
    Last edited by michaellee213; 09-07-2012 at 01:55 PM.

Similar Threads

  1. Installing BT5 on Samsung Galaxy Tab intl.
    By SherifEldeeb in forum BackTrack 5 Beginners Section
    Replies: 3
    Last Post: 07-13-2012, 08:32 AM
  2. Trying to install livewallpaper galaxy by ilap
    By amadeuscito in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 04-01-2012, 06:07 PM
  3. bt5 on samsung galaxy s
    By cypher86 in forum BackTrack 5 Beginners Section
    Replies: 3
    Last Post: 09-25-2011, 10:11 AM
  4. BT5 on samsung galaxy s2 [gconf issues]
    By td8f4 in forum BackTrack 5 ARM topics
    Replies: 3
    Last Post: 08-19-2011, 07:07 PM
  5. Installing BT5 ARM on Samsung Galaxy S (Captivate)
    By aldorm in forum BackTrack 5 How-To's
    Replies: 1
    Last Post: 05-25-2011, 11:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •