At the time of this writing, 02SEP2012, the only ARM release of Backtrack 5 is the original one that came out in May of 2011. If any of you have tried running this on an Android phone or tablet, then you will have noticed that it is lacking some functionality.
You will need a rooted Galaxy S3. You will also need to install Busybox and android-vnc-viewer(free from the Market/Google Play Store).
First download the ARM processor version of Backtrack 5 from the Backtrack 5 website. http://www.backtrack-linux.org/downloads/
With your rooted Galaxy S3, load the following files to /sdcard/bt5
This is the phone's internal memory.
(notice that we are transferring everything except bootbt)
(we are going to edit the bootbt that comes with the Backtrack 5 install to suit our purposes)
Edit bootbt to look like the following:
#Back Track boot script V5 for Android #
#Built by Zachary Powell (zacthespack) #
#Modded for Galaxy S3 by Michael Lee on 01SEP2012 #
#Thanks to everyone at XDA! #
perm=$(id|cut -b 5)
if [ "$perm" != "0" ];then echo "This script requires root! Type: su"; exit; fi
mount -o remount,rw /dev/block/mmcblk0p5 /system
if [ ! -d "$mnt" ]; then
if [ -b /dev/block/loop255 ]; then
echo "Loop device exists"
busybox mknod /dev/block/loop255 b 7 255
#mount -o loop,noatime -t ext2 $kit/bt5.img $mnt
losetup /dev/block/loop255 $kit/bt5.img
mount -t ext2 /dev/block/loop255 $mnt
mount -t devpts devpts $mnt/dev/pts
mount -t proc proc $mnt/proc
mount -t sysfs sysfs $mnt/sys
mount -o bind /mnt/sdcard $sdcard
mount -o bind /mnt/extSdCard $extsd
if [ ! -d "/data/local/mnt/sdcard" ]; then
busybox mount -o bind /sdcard /data/local/mnt/sdcard
busybox sysctl -w net.ipv4.ip_forward=1
echo "nameserver 22.214.171.124" > $mnt/etc/resolv.conf
echo "nameserver 126.96.36.199" >> $mnt/etc/resolv.conf
echo "127.0.0.1 localhost bt5" > $mnt/etc/hosts
echo "Back Track is configured with SSH and VNC servers that can be accessed from the IP:"
echo " "
busybox chroot $mnt /bin/bash
echo "Shutting down BackTrack ARM"
losetup -d /dev/block/loop255
Copy bootbt over to your phone to /sdcard/bt5
Now, make sure that you are connected to local Wifi hotspot with your phone's wifi. The interface will eventually show up from inside BackTrack as wlan0.
Next, launch a terminal window from the Terminal Emulator app (available from the Market/Google Play Store).
Type the following:
# the unzipping/decompressing of the image will take a few minutes
*Backtrack 5 will start*
Now, you have two options. You can launch android-vnc-viewer from within the Android OS or you can connect remotely to Backtrack 5 running on the phone.
127.0.0.1:5901 (for android-vnc-viewer on Android)
(Optionally, 192.168.1.XXX:5901 if connecting from a Windows machine with VNC Viewer. This assumes that you have connected to your LAN via the phones wifi connection.)
#DO ALL OF THE FOLLOWING FROM A TERMINAL WINDOW FROM WITHIN BACKTRACK 5
#IGNORE ALL OF THE OPTIONS FROM THE APPLICATIONS MENU IN THE UPPER LEFT FOR NOW
#ESPECIALLY AND SPECIFICALLY, DO NOT RUN msfupdate FROM THE APPLICATIONS MENU, IT WILL RESULT IN ERRORS
#I HAVE NOT SCRIPTED ALL OF THIS YET, BUT YOU ARE CERTAINLY WELCOME TO
#Open a terminal window and run:
#(this may take a while)
#go make a sandwich
#take a break
# and if it fails, then you will have to restart this process from a freshly decompressed image from 'gunzip bt5.img.gz'
# so make sure you have a good wireless connection. If it gets interrupted, then same thing.
# The easiest thing is to start from a freshly decompressed image from 'gunzip bt5.img.gz'
gem install json
#(Ruby needs this for scrutinizer_add_user.rb for use the Metasploit)
gem install msgpack
#(Ruby needs this for proper startup of armitage with metasploit)
# to test Metasploit (it will complain about not being able to connect to a database, but you should still get the console prompt)
# don't worry about the database issue for now, it will be fixed later
Next, we are going to install the aircrack suite. The following script will perform all of the necessary steps. Edit it to suit your needs. If your bootbt script is in good order, then you don't need to execute the PATH commands at the end.
# install dependency for libssl-dev
# this is optional as it should already be in the default BT5 install
apt-get install zlib1g-dev
# install libssl-dev
# this link for wget will need to be updated at some future time as new releases come out
# This could be an acceptable substitute
# wget http://security.debian.org/debian-se...ze13_armel.deb
dpkg --install libssl-dev_0.9.8k-7ubuntu8.6_armel.deb
# get and install aircrack-ng
apt-get install source-aircrack-ng
tar -xzf aircrack-ng.tar.gz
# if you want to add support for airolib-ng support, then you will run the following:
# make sqlite=true
# make sqlite=true install
# otherwise, just run the next two commands
# set path variable
# optional as it should have already been done
echo "export PATH=$PATH:/usr/local/sbin" >> ~/.bashrc
Now, for SslStrip installation:
# These python modules should already be installed
apt-get install python
apt-get install python-web-twisted
tar -xzf sslstrip-0.9.tar.gz
python ./setup.py install
When you are all done, you can return to the Terminal Emulator window and type:
Reboot your phone to completely clear Backtrack 5 from memory. Your changes to the image should remain even after a reboot.
#I found all of the above installs to be necessary since whenever I tried to run them from a terminal window, they would not run. Even if that was correctable via a $PATH setting, I opted for these installs.
With all of that said, I have been having a hell of a time trying to get Metasploit working properly. I have come to find out that the ARM release of Backtrack does not come with either MySQL or PostgreSQL. Having either PostgreSQL or MySQL is necessary for use with msfconsole (Metasploit). There is nothing to indicate the presence of either of these in /etc/init.d. Similarly, when a 'service --status-all' is run, nothing of significance is in that list. No postgres, sql, framework, or anything else.
This means that postgresql has to be installed manually, but "apt-get install postgresql" or "apt-get install postgresql-8.4" doesn't work either. They aren't in the default repositories. This further means you have two options if you want postgresql.
You can install the packages manually (I have already written a script that does this) or you can edit /etc/apt/sources.list. Uncomment the first two lines in /etc/apt/sources.list and then add "universe multiverse" to the ends of those two lines. Save, close. Run "apt-get update" and then "apt-get install postgresql-8.4".
The problem is that the installer can't seem to bind to an IP version 4 loopback (I think). This might be correctable via an edit to /etc/sysctl.conf, but I'm not sure.
*Edit on September 7th, 2012*
Metasploit has done away with the db_driver command within msfconsole which forces the use of postgresql. Using mysql or sqlite3 are no longer options within msfconsole. So if there is no postgresql installed, then it must be installed. This seems to be the only obstacle now. I am still trying to find a solution. A higher version of postgresql might be the answer.
In short, this is still being worked on.
Now, the final challenge, as most of you know, is how to get the wlan0 interface into monitor mode. This is not possible yet afaik.
*IF ANY OF YOU BACKTRACK DEVELOPERS READ THIS, THEN PLEASE CONSIDER RELEASING A MORE UPDATED AND FUNCTIONAL ARM VERSION OF BT5 SO ALL OF THIS IS NOT NECESSARY*
*I DON'T NEED MONITOR MODE, BUT CONSIDER FIXING THE POSTGRESQL/MSFCONSOLE ISSUE*
That is all for now.