The following tutorial will demonstrate how to run Backtrack Linux in an Android chroot environment. It should work on most Android devices that support at least ARMv7 architecture or newer.

Download BackTrack ARM edition

You can download via torrent or direct, the rest of the settings should look like this:

Image Name: BT5-GNOME-ARM [.torrent | .7z]
Size (MB): 1060
Desktop: GNOME
Architecture: arm
Image: IMG
Download: [Direct | Torrent]
MD5sum: a66bf35409f4458ee7f35a77891951eb

Extract the contents using 7zip (apt-get install p7zip if you don’t have it installed)

7z x BT5-GNOME-ARM.7z

The output should look like this:

Processing archive: BT5-GNOME-ARM.7z
Extracting BT5-GNOME-ARM/bootbt
Extracting BT5-GNOME-ARM/busybox
Extracting BT5-GNOME-ARM/fsrw
Extracting BT5-GNOME-ARM/mountonly
Extracting BT5-GNOME-ARM/unionfs
Extracting BT5-GNOME-ARM/bt5.img.gz
Extracting BT5-GNOME-ARM/
Extracting BT5-GNOME-ARM
Everything is Ok
Folders: 1
Files: 8
Size: 1165198387
Compressed: 1142317778

Next we will shell into the device and create a directory on the external storage to hold  the image and scripts

./adb shell
mkdir /sdcard/bt


If you have a custom ROM like Cyanogenmod installed, its VERY likely you can skip this step. What to know for sure? ADB shell into the device, and type ‘which busybox’ at the terminal prompt. If it shows a path, like ‘/system/xbin/busybox’ its already installed. Otherwise, copy over the busybox install files with ADB:

./adb push busybox /sdcard/
./adb push /sdcard

Run the busybox install script on the device:

./adb shell
cd /sdcard/


Use ADB to push the compressed BackTrack image to the sdcard:

./adb push bt5.img.gz /sdcard/bt/

Clone the scripts from my github repo:

git clone git:// -b bt
cd chroot_android
tar -cvf bt.tar *
./adb push bt.tar /sdcard/bt/

Install BackTrack

ADB shell into the device

./adb shell

Get root and change into the BackTrack directory

cd /sdcard/bt

Uncompress the image and scripts:

gunzip bt5.img.gz
mv bt5.img bt.img
tar -xvf bt.tar

Next run the installer script.

sh ./

Now, to start BackTrack type ‘startbt’. Once BackTrack started, to gain shell type ‘bt’. To shutdown type ‘stopbt’.


If all goes well, you’ll be in the BackTrack chroot. If you get ‘root@localhost:/#’ then you know it’s working!

root@localhost:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip cisco enumeration forensics python sniffers tunneling web


To start networking in Backtrack 4 final issue the following command:

/etc/init.d/networking start

This will attempt to start all the interfaces in the /etc/network/interfaces file. Now we can update the system with apt-get

apt-get update
apt-get dist-upgrade

Finally, add the following to .bashrc. For example, vi ~/.bashrc

cd ~
export USER=root

Connect to the chroot install with VNC

You will need to download any VNC client to connect to the Backtrack session. I use androidVNC, but any VNC client should work as long as the settings are correct.  Start a vncserver session with the geometry of the device

vncserver -geometry 850x480

Then connect to the session with the following settings.

Nick : bt (or whatever you want)
address : localhost
port : 5901
password : 12345678
Touch Mouse; D-Pad Pan;
Mouse pointer control mode: TouchPad

Bug Fixes

If you encounter an error from upstart like this:

start: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused invoke-rc.d: initscript resolvconf, action “start” failed. dpkg: error processing resolvconf (–configure): subprocess installed post-installation script returned error exit status 1

Issue these two commands:

dpkg-divert --local --rename --add /sbin/initctl
ln -s /bin/true /sbin/initctl

Then re-configure dpkg:

dpkg --configure -a

comments powered by Disqus