The following tutorial will demonstrate how to run Backtrack Linux in an Android chroot environment. It should work on most Android devices that support at least ARMv7 architecture or newer.

Download BackTrack ARM edition

http://www.backtrack-linux.org/downloads/

You can download via torrent or direct, the rest of the settings should look like this:

Image Name: BT5-GNOME-ARM [.torrent | .7z] Size (MB): 1060 Desktop: GNOME Architecture: arm Image: IMG Download: [Direct | Torrent] MD5sum: a66bf35409f4458ee7f35a77891951eb

Extract the contents using 7zip (apt-get install p7zip if you don’t have it installed)

cd BT5-GNOME-ARM/ 7z x BT5-GNOME-ARM.7z

The output should look like this:

Processing archive: BT5-GNOME-ARM.7z Extracting BT5-GNOME-ARM/bootbt Extracting BT5-GNOME-ARM/busybox Extracting BT5-GNOME-ARM/fsrw Extracting BT5-GNOME-ARM/mountonly Extracting BT5-GNOME-ARM/README Extracting BT5-GNOME-ARM/unionfs Extracting BT5-GNOME-ARM/bt5.img.gz Extracting BT5-GNOME-ARM/installbusybox.sh Extracting BT5-GNOME-ARM Everything is Ok Folders: 1 Files: 8 Size: 1165198387 Compressed: 1142317778

Next we will shell into the device and create a directory on the external storage to hold  the image and scripts

cd BT5-GNOME-ARM/ ./adb shell mkdir /sdcard/bt exit

DO THIS IF YOU DONT HAVE BUSYBOX

If you have a custom ROM like Cyanogenmod installed, its VERY likely you can skip this step. What to know for sure? ADB shell into the device, and type ‘which busybox’ at the terminal prompt. If it shows a path, like ‘/system/xbin/busybox’ its already installed. Otherwise, copy over the busybox install files with ADB:

./adb push busybox /sdcard/ ./adb push installbusybox.sh /sdcard

Run the busybox install script on the device:

./adb shell su cd /sdcard/ sh installbusybox.sh exit

END BUSYBOX INSTALL

Use ADB to push the compressed BackTrack image to the sdcard:

./adb push bt5.img.gz /sdcard/bt/

Clone the scripts from my github repo:

git clone git://github.com/mitchtech/chroot_android.git -b bt cd chroot_android tar -cvf bt.tar * ./adb push bt.tar /sdcard/bt/

Install BackTrack

ADB shell into the device

./adb shell

Get root and change into the BackTrack directory

su cd /sdcard/bt

Uncompress the image and scripts:

gunzip bt5.img.gz mv bt5.img bt.img tar -xvf bt.tar

Next run the installer script.

sh ./installbt.sh

Now, to start BackTrack type ‘startbt’. Once BackTrack started, to gain shell type ‘bt’. To shutdown type ‘stopbt’.

startbt bt

If all goes well, you’ll be in the BackTrack chroot. If you get ‘root@localhost:/#’ then you know it’s working!

root@localhost:/# ls /pentest/ backdoors database exploits passwords scanners stressing voip cisco enumeration forensics python sniffers tunneling web

Post-Install

To start networking in Backtrack 4 final issue the following command:

/etc/init.d/networking start

This will attempt to start all the interfaces in the /etc/network/interfaces file. Now we can update the system with apt-get

apt-get update apt-get dist-upgrade

Finally, add the following to .bashrc. For example, vi ~/.bashrc

cd ~ PATH=$PATH:/root/bin export USER=root

Connect to the chroot install with VNC

You will need to download any VNC client to connect to the Backtrack session. I use androidVNC, but any VNC client should work as long as the settings are correct.  Start a vncserver session with the geometry of the device

vncserver -geometry 850x480

Then connect to the session with the following settings.

Nick : bt (or whatever you want) address : localhost port : 5901 password : 12345678 Touch Mouse; D-Pad Pan; Mouse pointer control mode: TouchPad

Bug Fixes

If you encounter an error from upstart like this:

start: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused invoke-rc.d: initscript resolvconf, action “start” failed. dpkg: error processing resolvconf (–configure): subprocess installed post-installation script returned error exit status 1

Issue these two commands:

dpkg-divert --local --rename --add /sbin/initctl ln -s /bin/true /sbin/initctl

Then re-configure dpkg:

dpkg --configure -a