[DEV] Backtrack 5 on T-mobile SGS2 3/5/2012 (NEED KERNEL DEVS!!!)

DISCLAIMER:
I am not responsible for you bricking your device.

BOTTOM LINE

WHAT IS BACKTRACK?
Ok ladies and gentlemen. I guess I should have started with this. But, as another poster stated, if you don't know what Backtrack is, then you don't need this. But, I have to clarify some misconceptions as well. No one has stated correctly what Backtrack is. Backtrack is more than a tool to crack wifi passwords. Its an entire security distro. It it literally packed with thousands of tools to do everything a security tester or "hacker" needs. It is packed with metasploit (google it), sslstrip, nmap,wireshark, just to name a few. Why would they make an entire linux distro just to hack wifi routers? If you have questions, just ask.


Now with that out of the way. Backtrack runs on an image that is never mounted to your system. Nothing is replaced. It is basically a side load which can be turned on or off whenever you want while the phone is on. There is no flashing involved what-so-ever. It is so easy a caveman can do it.

This is a persistant version.

Finally on our device. Everything is fully functional with the exception of using anything that involves packet injection and setting your adapter to monitor mode (yes, this means you cannot crack WEP/WPA yet). The concept is just that we have to modify the wifi adapter driver to accept monitor mode as well as allowing packet injection. Everything else works perfectly.

NEEDED APPS
7zip PC ONLY

Terminal Emulator (Free)
AndroidVNC (Free)

(Optional)
Tasker (Paid)

NOTE: You will need approximately 3.5GB of free space on your internal SDcard (not the removable SD Card at /sdcard/external_sd/)

FOLLOW THESE DIRECTIONS SPECIFICALLY

INITIAL SETUP (only needs to be completed once)

1. Create a folder called "bt" on the base of your Internal sdcard (directory should look like it does below:

/sdcard/bt

2. Download the following scripts and put them directly to the new "bt" folder you just created. The directory should look like it does below:

bt
installbt.sh
startbt
stopbt

/sdcard/bt/bt
/sdcard/bt/installbt.sh
/sdcard/bt/startbt
/sdcard/bt/stopbt

3. Download this version of busybox for temp use and put it in the following directory shown below (you may need Root Explorer to change permissions to create the directory tree and upload the file):

busybox

/data/local/tmp/bt/busybox

NOTE: /data/local/ should already be there as well as tmp. You will have to create the "bt" folder in that tree. You must have the directory tree and file shown exactally as shown: /data/local/tmp/bt/busybox . If you don't, you can't complain to me why you are getting errors.


4. After you verify that those 5 files are in that directory, then you can proceed to downloading the bt.img file below and put it in the "bt" directory as shown below:

Update
Download each of these and use 7zip to extract the bt.img from them.

bt.7z.001
bt.7z.002
bt.7z.003
bt.7z.004
bt.7z.005
bt.7z.006
bt.7z.007
bt.7z.008
bt.7z.009
bt.7z.010

NOTE: these files total approximately 3.3GB

Extract on your PC and upload to:

/sdcard/bt/bt.img

5. After you have completed the above steps, reboot your phone and re-verify all the above files are in their correct directories:

/sdcard/bt/bt.img
/sdcard/bt/bt
/sdcard/bt/installbt.sh
/sdcard/bt/startbt
/sdcard/bt/stopbt
/data/local/tmp/bt/busybox

6. Open Terminal Emulator and type the following commands. If you recieve any errors then the above steps were not completed correctly, so go back to setp 1.

$ su
# cd sdcard
# cd bt
# sh installbt.sh
# startbt
# bt

7. At this point you have installed Backtrack and have a Backtrack 5 shell.

8. Now the good part. To open the GUI of Backtrack, enter the following command:

# ui

9. Nothing? Be patient. Look at the output and take note of the number "X" located at "localhost:X" from the X desktop line of the output. The VNC server is running at port 5900 so you must add "X" to get the new server port for Backtrack, ie. X=1, then 5900 + 1 would give you 5901 as the new server port.

10. Open AndroidVNC and enter the following info:

Nickname: whatever you want
Password: 12345678
Address: 127.0.0.1
Port: whatever you got from your little math problem above
Username: leave blank

Change Color Format to 24-bit color (4 bpp)

11. Now all you have to do is connect after you have created the connection.

START EACH TIME

1. Open Terminal Emulator and type the following commands.

$ su
# cd sdcard
# cd bt
# startbt
# bt
# ui

2. Open up AndroidVNC and connect to the privously created connection.

SHUTDOWN

1. Tap the settings softkey and tap disconnect (to disconnect you from the VNC server).

2. In Terminal Emulator, type the following commands:

root@localhost: # killui
root@localhost: # exit
# stopbt
# exit
# exit

3. This will close it all out for you, but to ensure a full shutdown, reboot your phone.

Thats all!!!!

Optional Automation

If you have Tasker, then you can add some automation that will automatically execute the Terminal commands and open AndroidVNC.

Download the following file and put it in the following directory which should look like this after it is added:

bt.prj.xml

/sdcard/Tasker/tasks/bt.prj.xml

Then open Tasker. Then go to Settings > Preferences > UI and uncheck "Beginner Mode" and touch the gree checkmark.

Now under the buttons across the top (Profiles, Tasks, Scenes, Variables), you will see a very faint arrow pointing down. Touch and drag down and a tab(s) will be seen across the top. touch and hole the tab with the house. Touch "Import". A "Project File Select" window will pop up. If the file does not show up, then touch the back arrow, and click on the "tasks" folder. Then click on the file "bt". Then a tab at the top will be created that is labled "bt". At the bottom right of the app, make sure that the button says "on". Now exit out of the app. Go to your favorite screen and long click the screen. Next, add a widget, the touch tasker. A window will pop up with alot of entries. Go to the bottom and find "bt on" and touch it. After that, another window will pop up. At this point you could just click the green checkmark and be done. But another thing you can do (optional) is touch the button to add an icon, then check the green checkmark.

Now you will have an icon on your screen that will automatically boot up backtrack and bring you straight to the UI. The next step you want to do is have an icon that will turn it off. To do this, Go to your favorite screen and long click the screen. Next, add a widget, the touch tasker. A window will pop up with alot of entries. Go to the bottom and find "bt off" and touch it. After that, another window will pop up. At this point you could just click the green checkmark and be done. But another thing you can do (optional) is touch the button to add an icon, then check the green checkmark.

Now you will have an on and off button for Backtrack!!!

Please thank me if you like this and donate if it helped you!!!

If you are also a DEV that would like to help on modifying the wifi drivers to allow injection and adding monitoring, please contact me ASAP.

elceedub said:

Well I'm not so sure you fellas read the info under the link I posted above, so I'll paraphrase: Broadcom has not developed firmware for the adapter yet to support monitor mode, so even if you found someone who wanted to implement these things in the host driver, the ain't gonna work until Broadcom releases firmware for the adapter that supports it.

Click to expand...

Click to collapse

Um, You guys know I have been running Backtrack5 and xubuntu on my phone with Yaldak's ICS [and should work with any ROM taht has Loop file support [all custom ROMs should it is pretty general usage].

All I did is on market searched install backtrack or ubuntu and downloaded two free Guides [apps]
and they had me download a script and a backtrack or ubuntu image and a boot script.

Place both in a directory on say internal sd then run the given boot script with terminal emulator and it asks for resolution [use suggested 800x480 and it starts ssh daemon, and VNC server with loop mounted and ready then go to android vnc and input localhost and connect [default 5900 port but no need to specify a default] and change graphics to 24 bit and when connected password is linux or backtrack [backtrack script gave password I had to look around for ubuntu one but it is easy like linux or user or ubuntu.

It all fully runs with no issues. I will try to track down URLs and post here


Here you go found it:
This is a sourceforge repo with 3 flavors of linux to choose from click on the one you want download file in image dir and file in script dir ectract both to same dir [800M image download <1M script BUT 3.1G exctracted so if using phone I used Ghost Commander to extract and you will need like 4G to download and extract each image on your phone or just 3.1G if extracted on computer and copied to phone]

Then use Script Manager or Terminal Emulator [I used this but Script Manager can do widgets so either way]
to run the boot script with the image in same exact directory and follow directions ]set resolution then open AndroidVNC, then set host to: Localhost Change Color to 24-Bit [scroll down] and save and connect when asked the script should have password or open script in text editor and should have it there I believe if needed open app dir on sourceforge for particular version you downloaded and install the apk and read the guide should have it too.

It really is as simple as download script and boot script
extract both to same directory
set script manager to run script as root and set widget if lazy
run script and set resolution [script asks and states default it suggests which was good by me]
Open AndroidVNC and connect to Localhost making sure to set color to [24-bit] just for best graphics and no data usage as you are connecting to your own phone
specify the password the script [backtrack script for sure had it in boot script], the guide [or just guess it is user, linux, ubuntu or something easy for the other] saving it once you know for sure what it is [just hit edit in AndroidVNC and edit connection details anytime].

Only issue I have seen is when I go back when done to exit the script it fails to nicely unload the loop image so I dunno if it stays using memory, processor time, etc. as I can either restart the phone or use just "mount -l in terminal to list mounts and "unmount /blah/image" myself so not a real deal breaker for me.

Oh I did poke around and play with them a bit and was able to load things from the menu and run commands in terminal and it all looked good but I have yet to spend hours testing it all so dunno if there are any issues but it all lookied very stable and the performance was not bad at all I LOVE it I have Backtrack and Ubuntu both on my phone and can load them at will! YAY!

Heres Sourceforge Site: Linux on Android!

Hope that helps

Okay folks, running backtrack is one thing.......

Cracking wifi is another entirely and not something that we will allow discussion of here on XDA.
Please refrain from discussing it. Thanks.

@ the OP, can you please edit the original post to reflect this and remove anything that may lead to numerous "OMG how I can stealz teh wifi plz??" posts...