Results 1 to 8 of 8

Thread: BT5 on Atrix 4g

Threaded View

  1. #1
    Good friend of the forums spawn's Avatar
    Join Date
    Jan 2010

    Default BT5 on Atrix 4g

    Hello there,
    Last week, I bought an Atrix 4g and I would wanted run bt5 arm.
    Now I'm here, writing a little tutorial to do this. Basically it is easy, but need some tricks.
    Let's go ...

    First, if you is beginner on droid's world , read a little. ( in my first day with my droid, I do on Power Up the cellphone : -> BOOT FAILED ) LoL .
    A good place is XDA DEVELOPERS

    In this link ->

    Step 1 -> Download BT5 ARM from
    Step 2 -> You need ROOT your DROID, ->
    Step 3 -> Unpack your BT ARM IMAGE and enter into directory.

    # cd BT5-GNOME-ARM
    # ls 
    README  bootbt   bt5.img.gz  busybox  fsrw  mountonly  unionfs
    -> Unpack bt5.img.gz

    # gunzip bt5.img.gz
    By default Internal memory is VFAT filesystem and SDCARD, if you use the droid to format too, so we need resize the image ( bt5.img ) to put at VFAT, because the image cannot be bigger than 4GB ( vfat filesystem not permit this )

    -> Create another "disk" less than 4GB

    # dd if=/dev/zero of=bt5-new.img bs=1M count=3600
    -> Create 2 directories

    # mkdir OLD && mkdir NEW
    -> Mount the original image

    # mount -o loop bt5.img OLD
    # df -i 
    Filesystem            Inodes   IUsed   IFree IUse% Mounted on
    /dev/loop0            320000  266729   53271   84% /home/chaos/BT5-GNOME-ARM/OLD
    -> Now format the new "disk"

    # mke2fs -N 320000 bt5-new.img
    -> Note that I used the same number os INODES that THE ORIGINAL IMAGE *

    -> Mount the "disk" and copy the content of ORIGINAL IMAGE TO NEW IMAGE, umount images, delete original image, rename new image, gzip it and delete bootbt script

    # mount -o loop bt5-new.img NEW
    # cp -R -f OLD/* NEW/
    # umount OLD
    #umount NEW
    # rm bt5.img
    # mv bt5-new.img bt5.img
    #gzip bt5.img
    # rm bootbt
    -> Create a new bootbt file with this content:

    perm=$(id|cut -b 5)
    if [ "$perm" != "0" ];then echo "This Script Needs Root! Type : su";exit;fi
    busybox sysctl -w net.ipv4.ip_forward=1
    export kit=/sdcard/BT5
    export bin=/system/bin
    export mnt=/data/local/mnt
    export PATH=$bin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:$PATH
    export TERM=linux
    export HOME=/root
    losetup /dev/block/loop2 $kit/bt5.img
    mount -o noatime -t ext2 /dev/block/loop2 $mnt
    mount -t devpts devpts $mnt/dev/pts
    mount -t proc proc $mnt/proc
    mount -t sysfs sysfs $mnt/sys
    echo "nameserver" > $mnt/etc/resolv.conf
    echo " localhost bt5" > $mnt/etc/hosts
    busybox chroot $mnt /bin/bash
    echo "Stopping Backtrack on Atrix"
    umount $mnt/dev/pts
    umount $mnt/proc 
    umount $mnt/sys
    umount $mnt/root/.gvfs
    sleep 2
    umount $mnt
    losetup -d /dev/block/loop2
    # chmod +x bootbt
    -> From README FILE <-

    -> Go to your platform-tools directory and proceed to make a directory on the device to store BT5:

    # ./adb shell
    # mkdir /sdcard/BT5
    # exit

    -> If you ROOTED your droid with ONE CLICK, You ALREADY HAVE BUSYBOX

    -> Transfer the required BT5 files to the device:
    # ./adb push fsrw /sdcard/BT5/
    # ./adb push mountonly /sdcard/BT5/
    # ./adb push bootbt /sdcard/BT5/
    # ./adb push bt5.img.gz /sdcard/BT5/
    # ./adb push unionfs /sdcard/BT5/
    -> Uncompress the image and start BT5:
    # ./adb shell
    # su
    # cd /sdcard/BT5
    # gunzip bt5.img.gz
    # sh bootbt
    -> If all goes well, you'll be in the BT5 chroot:

    root@localhost:/# ls /pentest/
    backdoors database exploits passwords scanners stressing voip
    cisco enumeration forensics python sniffers tunneling web

    root@localhost:/# passwd

    -> change your root password

    -> change startvnc script

    root@localhost:/# vi /usr/bin/startvnc
    -> THE CONTENT must be

    rm -rf /tmp/.X1*
    export USER=root 
    vncserver -geometry 960x540
    -> change stopvnc script

    root@localhost:/# vi /usr/bin/stopvnc
    -> the content MUST be

    export USER=root
    vncserver -kill :1

    root@localhost:/# vncpasswd
    -> Start your GUI and connect it

    root@localhost:/# startvnc
    -> USE ANDROID VNC FROM MARKET and connect to localhost and port 5901

    Last edited by spawn; 12-07-2011 at 05:08 AM.
    "If you aim the gun at your foot and pull the trigger, it's
    UNIX's job to ensure reliable delivery of the bullet to
    where you aimed the gun (in this case, Mr. Foot)."

Similar Threads

  1. BT5 on Atrix Webtop
    By Barry in forum BackTrack 5 ARM topics
    Replies: 1
    Last Post: 08-18-2011, 12:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts