topamax once a day

Android + BackTrack Chroot

The following tutorial will demonstrate how to run Backtrack Linux in an Android chroot environment. It should work on most Android devices that support at least ARMv7 architecture or newer.

Download BackTrack ARM edition

http://www.backtrack-linux.org/downloads/

You can download via torrent or direct, the rest of the settings should look like this:

Image Name: BT5-GNOME-ARM [.torrent | .7z]

Size (MB): 1060

Desktop: GNOME

Architecture: arm

Image: IMG

Download: [Direct | Torrent]

MD5sum: a66bf35409f4458ee7f35a77891951eb

Extract the contents using 7zip (apt-get install p7zip if you don’t have it installed)

cd BT5-GNOME-ARM/

7z x BT5-GNOME-ARM.7z

The output should look like this:

Processing archive: BT5-GNOME-ARM.7z

Extracting BT5-GNOME-ARM/bootbt

Extracting BT5-GNOME-ARM/busybox

Extracting BT5-GNOME-ARM/fsrw

Extracting BT5-GNOME-ARM/mountonly

Extracting BT5-GNOME-ARM/README

Extracting BT5-GNOME-ARM/unionfs

Extracting BT5-GNOME-ARM/bt5.img.gz

Extracting BT5-GNOME-ARM/installbusybox.sh

Extracting BT5-GNOME-ARM

Everything is Ok

Folders: 1

Files: 8

Size: 1165198387

Compressed: 1142317778

Next we will shell into the device and create a directory on the external storage to hold  the image and scripts

cd BT5-GNOME-ARM/

./adb shell

mkdir /sdcard/bt

exit

### DO THIS IF YOU DONT HAVE BUSYBOX ###
If you have a custom ROM like Cyanogenmod installed, its VERY likely you can skip this step. What to know for sure? ADB shell into the device, and type ‘which busybox’ at the terminal prompt. If it shows a path, like ‘/system/xbin/busybox’ its already installed. Otherwise, copy over the busybox install files with ADB:

./adb push busybox /sdcard/

./adb push installbusybox.sh /sdcard

Run the busybox install script on the device:

./adb shell

su

cd /sdcard/

sh installbusybox.sh

exit

### END BUSYBOX INSTALL ###

Use ADB to push the compressed BackTrack image to the sdcard:

./adb push bt5.img.gz /sdcard/bt/

Clone the scripts from my github repo:

git clone git://github.com/mitchtech/chroot_android.git -b bt

cd chroot_android

tar -cvf bt.tar *

./adb push bt.tar /sdcard/bt/

Install BackTrack

ADB shell into the device

./adb shell

Get root and change into the BackTrack directory

su

cd /sdcard/bt

Uncompress the image and scripts:

gunzip bt5.img.gz

mv bt5.img bt.img

tar -xvf bt.tar

Next run the installer script.

sh ./installbt.sh

Now, to start BackTrack type ‘startbt’. Once BackTrack started, to gain shell type ‘bt’. To shutdown type ‘stopbt’.

startbt

bt

If all goes well, you’ll be in the BackTrack chroot. If you get ‘root@localhost:/#’ then you know it’s working!

root@localhost:/# ls /pentest/

backdoors database exploits passwords scanners stressing voip cisco enumeration forensics python sniffers tunneling web

 

Post-Install

To start networking in Backtrack 4 final issue the following command:

/etc/init.d/networking start

This will attempt to start all the interfaces in the /etc/network/interfaces file.

Now we can update the system with apt-get

apt-get update

apt-get dist-upgrade

Finally, add the following to .bashrc. For example, vi ~/.bashrc

cd ~

PATH=$PATH:/root/bin

export USER=root

Connect to the chroot install with VNC

You will need to download any VNC client to connect to the Backtrack session. I use androidVNC, but any VNC client should work as long as the settings are correct.  Start a vncserver session with the geometry of the device

vncserver -geometry 850×480

Then connect to the session with the following settings.

Nick : bt (or whatever you want)

address : localhost

port : 5901

password : 12345678

Touch Mouse; D-Pad Pan;

Mouse pointer control mode: TouchPad

Bug Fixes

If you encounter an error from upstart like this:

start: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused
invoke-rc.d: initscript resolvconf, action “start” failed.
dpkg: error processing resolvconf (–configure):
subprocess installed post-installation script returned error exit status 1

Issue these two commands:

dpkg-divert –local –rename –add /sbin/initctl

ln -s /bin/true /sbin/initctl

Then re-configure dpkg:

dpkg –configure -a


			

Android + Linux Chroot + Common Problems

Corrupted Filesystem

Problem: ext2 Distribution Image
Explanation: If you formated the distribution partition as ext2 then chances are you will have a filesystem corruption. The trouble is fsck doesn’t come with busybox and it’s hard to run fsck on your root filesytem while mounted. The solution is to mount the distribution image from another linux machine and run fsck.
Solution:

Disable USB debugging on your phone.
Plug your phone into a linux box.
Enable USB storage.
losetup /dev/loop0 /media//debian/debian.img
losetup /dev/loop0 /media//ubuntu/ubuntu.img
fsck /dev/loop0
losetup -d /dev/loop0
Eject the phone

OpenSSH Server

Problem: After installing openssh-server bash ./bootdebian or ./bootubuntu console displays I have no name!@localhost:/etc#
Explanation: openssh-server crashed in the middle of installing. Part of the installation process involves moving /etc/passwd to /etc/passwd-.
Solution: The device might reboot after running dpkg.

mv /etc/passwd- /etc/passwd
mv /etc/shadow- /etc/shadow
dpkg –configure -a

Problem: Starting sshd reboots phone (G1)
Explanation: Android doesn’t like ipv6
Solution: Add the below line to both /etc/ssh/ssh_config and /etc/ssh/sshd_config

AddressFamily inet

Problem: PTY allocation request failed on channel 0
Explanation: sshd reports:

openpty: No such file or directory
session_pty_req: session 0 alloc failed

Solution:

/sbin/MAKEDEV pts
mount /dev/pts

Problem: sshing to the phone simply hangs (G1)
Explanation: Something to do with if proc doesn’t exist then selinux is used and selinux doesn’t really exist on android.
Solution: Add the below line to /root/.bashrc

mount -t proc proc /proc

Alternative Solution: Add the below line to /root/.bashrc

none /proc proc defaults

 

Android + Linux Chroot + Node.js

This article will walk you through how to compile, from source, node.js on Android.  After installing node.js on about 4 different devices (Thunderbolt, Incredible, two G1’s, Galaxy S) I decided to compile this tutorial.

Prerequisites

  • Android running Debian in a chroot(ed) environment.
  • Environment contains the necessary path(s)

vim /etc/bashrc
PATH=$PATH:/usr/local/bin

Swap File (G1 only?)

The RAM in both the Incredible and Thunderbolt are sufficient to compile node.js.  The G1 however, requires a swap file to supplement the small amount of RAM to successfully compile node.js.  The gcc compilation failed when I tried a swap fall as small as 64 MB.  512MB swap file was used for a successful compilation.

524388 MB swap file
dd if=/dev/zero of=/swapfile1 bs=1024 count=524388

mkswap /swapfile1
chmod 0600 /swapfile1
swapon /swapfile1

vim /etc/fstab
/swapfile1 swap swap defaults 0 0

Node.js and Dependencies

  1. Download dependencies
  2. Download the node.js source and checkout a version known to work
  3. Patch, configure, and make

apt-get install git-core
apt-get install python g++ libssl-dev make pkg-config
./configure
make
make install

git clone https://github.com/joyent/node.git
cd node
git checkout v0.6.8

To patch node.js source create a file in the node root directory called patch and paste one of the following diff’s.  Next, run patch < patch.

G1 Patch

diff –git a/deps/v8/SConstruct b/deps/v8/SConstruct
index 1dcdce4..a5aaf50 100644
— a/deps/v8/SConstruct
+++ b/deps/v8/SConstruct
@@ -79,7 +79,7 @@ LIBRARY_FLAGS = {
},
‘gcc’: {
‘all’: {
–      ’CCFLAGS’:      [‘$DIALECTFLAGS’, ‘$WARNINGFLAGS’],
+      ’CCFLAGS’:      [‘$DIALECTFLAGS’, ‘$WARNINGFLAGS’,’-march=armv5t’,’-mno-thumb-interwork’],
‘CXXFLAGS’:     [‘-fno-rtti’, ‘-fno-exceptions’],
},
‘visibility:hidden’: {
@@ -154,12 +154,12 @@ LIBRARY_FLAGS = {
},
‘armeabi:softfp’ : {
‘CPPDEFINES’ : [‘USE_EABI_HARDFLOAT=0’],
–        ’vfp3:on’: {
–          ’CPPDEFINES’ : [‘CAN_USE_VFP_INSTRUCTIONS’]
–        },
–        ’simulator:none’: {
–          ’CCFLAGS’:     [‘-mfloat-abi=softfp’],
–        }
+#        ’vfp3:on’: {
+#          ’CPPDEFINES’ : [‘CAN_USE_VFP_INSTRUCTIONS’]
+#        },
+#        ’simulator:none’: {
+#          ’CCFLAGS’:     [‘-mfloat-abi=softfp’],
+#        }
},
‘armeabi:hard’ : {
‘CPPDEFINES’ : [‘USE_EABI_HARDFLOAT=1’],

Galaxy S Patch

diff –git a/deps/v8/SConstruct b/deps/v8/SConstruct
index 1dcdce4..a5aaf50 100644
— a/deps/v8/SConstruct
+++ b/deps/v8/SConstruct
@@ -79,7 +79,7 @@ LIBRARY_FLAGS = {
},
‘gcc’: {
‘all’: {
–      ’CCFLAGS’:      [‘$DIALECTFLAGS’, ‘$WARNINGFLAGS’],
+      ’CCFLAGS’:      [‘$DIALECTFLAGS’, ‘$WARNINGFLAGS’,’-march=armv5t’],
‘CXXFLAGS’:     [‘-fno-rtti’, ‘-fno-exceptions’],
},
‘visibility:hidden’: {
@@ -154,12 +154,12 @@ LIBRARY_FLAGS = {
},
‘armeabi:softfp’ : {
‘CPPDEFINES’ : [‘USE_EABI_HARDFLOAT=0’],
–        ’vfp3:on’: {
–          ’CPPDEFINES’ : [‘CAN_USE_VFP_INSTRUCTIONS’]
–        },
–        ’simulator:none’: {
–          ’CCFLAGS’:     [‘-mfloat-abi=softfp’],
–        }
+#        ’vfp3:on’: {
+#          ’CPPDEFINES’ : [‘CAN_USE_VFP_INSTRUCTIONS’]
+#        },
+#        ’simulator:none’: {
+#          ’CCFLAGS’:     [‘-mfloat-abi=softfp’],
+#        }
},
‘armeabi:hard’ : {
‘CPPDEFINES’ : [‘USE_EABI_HARDFLOAT=1’],

Node.js Libraries

Installing the below libraries are optional. This section is included for users that wish to setup node.js to control an arduino powered laser turret.

npm install express
npm install socket.io
npm install jquery

Android + Ubuntu Chroot

Here is a quick overview of the process to create a Ubuntu system image that is bootable with Android chroot. It uses the rootstock utility to setup the initial image, including release version, username/password, image size, as well as to seed the desired packages to be pre-installed with the distro. For complete options with rootstock, consult the man pages.

Quickstart:

mkdir ubuntu

cd ubuntu

sudo rootstock \

–fqdn ubuntu \

–login ubuntu \

–password ubuntu \

–imagesize 4G \

–dist maverick \

–seed linux-image-omap,build-essential,mysql-server,tightvncserver,lxde,\

mysql-server-core-5.5,mysql-server-5.5,libmysqlclient16,mysql-common,\

mysql-client-core-5.5

dd if=/dev/zero of=ubuntu.img bs=1MB count=0 seek=4096

mke2fs -F ubuntu.img

mkdir ubuntumnt

sudo mount -o loop ubuntu.img ubuntumnt

sudo tar -C ubuntumnt -zxf armel-rootfs-XXXXXXXXXXXX.tgz

sudo umount ubuntumnt

sudo rm armel-rootfs-XXXXXXXXXXXX.tgz

sudo rm -rf ubuntumnt

cd ..

adb push ubuntu/ /sdcard/ubuntu

NOTE: XXXXXXXXXXXX is the timestamp for the file creation, for example: armel-rootfs-201203201350.tgz

Steps explained:

First, make a directory to store the ubuntu image and scripts

mkdir ubuntu

cd ubuntu

Next, execute rootstock as root. The options can be configured to create the image of your choosing. For example, if you wont be using a GUI in the chroot, you may want to omit the ‘lxde’ and ‘tightvncserver’ packages. You can also modify the image size if you desire as well, but remember that the maximum filesize on a FAT32 filesystem is 4GB (and your sdcard is very likely formatted as FAT32).

sudo rootstock \

–fqdn ubuntu \

–login ubuntu \

–password ubuntu \

–imagesize 4G \

–dist oneiric \

–seed linux-image-omap,build-essential,mysql-server,tightvncserver,lxde,\

mysql-server-core-5.5,mysql-server-5.5,libmysqlclient16,mysql-common,\

mysql-client-core-5.5

Now we need to create a blank filesystem image to extract the rootstock onto. For this task, we use the dd command. Remember to set the seek paramater to match the imagesize you created in the previous step.

dd if=/dev/zero of=ubuntu.img bs=1MB count=0 seek=4096

Use mke2fs to create a new filesystem on the created image file.

mke2fs -F ubuntu.img

Make a directory to serve as a mountpoint for the ubuntu image.

mkdir ubuntumnt

Next we need access to the filesystem we just created. This is accomplished by mounting the image file as a disk using the loopback device.

sudo mount -o loop ubuntu.img ubuntumnt

Now we use tar to extract the contents of the created ARM root filesystem to the image mounted on the loopback. Replace XXXXXXXXXXXX with the timestamp that was created with rootstock. E.g. armel-rootfs-201104151837.tgz

sudo tar -C ubuntumnt -zxf armel-rootfs-XXXXXXXXXXXX.tgz

Now that were finished with the extraction, we can unmount the system image.

sudo umount ubuntumnt

Were now finished with the desktop portion of the install, so can safely remove the tar of the image, and its mountpoint.

sudo rm armel-rootfs-XXXXXXXXXXXX.tgz

sudo rm -rf ubuntumnt

Switch to the parent directory, then use ADB to push the contents of the chroot install to the sdcard.

cd ..

adb push ubuntu/ /sdcard/ubuntu

Clone the scripts from my github repo:

git clone git://github.com/mitchtech/chroot_android.git -b ubuntu

cd chroot_android

tar -cvf ubuntu.tar *

./adb push ubuntu.tar /sdcard/ubuntu/

ADB shell into the device

./adb shell

Get root and change into the Ubuntu directory

su

cd /sdcard/ubuntu

Uncompress the image and scripts:

tar -xvf ubuntu.tar

Next run the installer script.

sh ./installubuntu.sh

Now, to start Ubuntu type ‘startubuntu’. Once Ubuntu started, to gain shell type ‘ubuntu’. To shutdown type ‘stopubuntu’.

startubuntu

ubuntu

If all goes well, you’ll be in the Ubuntu chroot:

If you get ‘root@localhost:/#’ then you know it’s working!