---------------------------------------
Backtrack5 for HD2 - v0.2
Customized by z3n
My goal: the perfect stealth
tool in your pocket
just one tap away
---------------------------------------
========================
Codename
Squeaky Wheel
========================
Updated, check second post for changelog
========================
DOWNLOAD
========================
Please use the scripts attached at the bottom of this post instead of the packaged ones, and i havent had a change to update the full image zip with it (uploads take a while :P)
V 0.2
Part 1 -
http://www.megaupload.com/?d=D0MQVAS4
Part 2 -
http://www.megaupload.com/?d=M2MRYLAH
MD5 - 06225e18cdbfee6f88daf7e9ee3a1163
SHA1 - eeba19e53565a1643703cf8938be2f8cfc12db9a
V 0.1
Part 1 -
http://www.megaupload.com/?d=83B22Y00
Part 2 -
http://www.megaupload.com/?d=SB98AA19
mirror - (NOT interchangeable)
Part 1 -
http://www.megaupload.com/?d=HU320Z81
Part 2 -
http://www.megaupload.com/?d=QN9C560Z
Checksums of bt5.img
MD5 = 863e6db99e5207a81ad0df7d13998235
SHA1 = c84d8f27df8b9b51059e5a6b09e65853f11de970
7zip required to extract.
Just over 1gb packed, unpacked is 4.9gb.
========================
INFO
========================
This is my first release of a customized, working, mostly stable BT5.
Many things have been added, taken out, and configured to be used within the Android system. For a full list, please see the bottom of this post.
Mounting is different than most other linux .img installations, allowing for a full (and expandable) image.
V 0.2 Now has a swap file created when you run the mkdirectory script. This swap file is necessary, as with all my tests, When you run VNC with most of the major tools, there's a high chance of the phone running out of memory (im running no extra apps, completely stock Hyperdroid)
(if you have a swapfile already, you can say no to creating another, just make sure that the file is located at /data/bt and named btswap.)
**This image is in ext4, make sure your kernel supports it!**
**Everything tested on Hyperdroid-CM7 by pongster**
==============
INSTALLATION
==============
You need:
-Full Nandroid Backup in case something goes batty
-16gb HD2
-ext4 support on your ROM/kernel (lost my ext2 image due to my own stupidity, will create another matching one later)
-Linux on PC (to create the ext4 partition)
-Busybox (from market)
-VNC Viewer (from market) (optional)
FAT32/EXT4 Split card
---------------------
1.
Back up your HD2 and SDCard to safe places (off of the phone and sdcard)
2.
Boot your linux installation and open partition manager. erase all the partitions on yor SDcard. Then create them in this order.
1. FAT32 - size of this is total sdcard size minus 6.5g (for bt image) minus 100mb for aps2sd
2. ext2 - 100mb
3. ext4 - 6.5 gb
3.
Copy the bt5.img to the root of your third partition.
copy the bts folder to the root of your FAT32 partition.
4.
if this is your first time using this script/image, run the mkdirectory script first
Load up your android terminal and type
5.
Now it asks you if you want to log in to the console or start vnc automatically. (check log for port, usually 5901 or 5902)
DEFAULT VNC PASSWORD IS: toortoor
DEDICATED SDCARD
----------------
Same as everything above, minus the FAT32 partition.
"sh ded"
starts for dedicated SDcard instead of
"sh go"
Proper Shutdown Procedure
=====================
Stop script has been modified to shutdown backtrack and all of the (usual) programs that stop things from unmounting properly.
Exit any VNC connection you currently have.
1. Run sh stop (from your scripts location)
2. Reboot phone as a precaution.
One thing i did personally to make this easier was load the scripts onto /data/bt, so switching SDcards or locations doesnt matter.
(I also changed the terminal start directory to my scripts folder :P easy quick access)
=======================
Main Features I've gotten to work
=========================-Clean mount/umount, as long as VNC and MySQL are killed BEFORE exiting the chroot - stop script kills these now
-Apps no longer disappear for good with sdcard removed, only disappear until SDcard is reinserted :P (apps2SD/loop device problem, any ideas?)
-MySQL for metasploit
-Metasploit working
-Armitage working, missing some "Attack" options (looking into it)
-Zenmap installed
-OpenVPN installed
-Traffic analysis possible with tcpdump (local only)
-Enables possibility for FakeAP attacks
-macchanger works (kinda, phone needs a reboot for original MAC to return)
-Armitage Launcher placed on Desktop (takes a while to load, be patient)
-Terminal Launchers in various places (updating may randomly remove your terminal, synaptic placed on desktop as standby to redownload terminals
-guake installed (drop down Terminal, makes commands easier to see while working) (not configured to a key yet)
This probably works with other Android phones too. If you change the scripts, and as long as it has a external SDcard you can partition.
if your using a different phone, this is untested unless specified otherwise.
-boot and shutdown scripts run clean as long as VNC and MySQL are shut off(in almost all cases)
@ XDA
http://forum.xda-developers.com/show....php?t=1152994
PASSWORDS
------------
MySQL - user: root pass: toor
VNC - User: root pass:toortoor
sys pass - user:root pass:toor(I know, standard ones, but this should answer a few questions)
===============================
Thanks
===============================
anantshri - for the original scripts and BT5 img for android
BT dev team - (of course :P)
and all of you 
===============================
Information, bugs, and oddities
===============================
One important thing, While performing heavy operations, its normal for your screen to not turn on for a while if it turns off. Dont panic, just give it some time to finish whatever you were running and your phone will be back to normal again. DO NOT PULL THE BATTERY UNLESS ABSOLUTELY NECESSARY.
To avoid this, get wakelock (known to cause problems) or set your screen timeout to some large number.
Swap file will help with alot of this.
These are the features I've tested out so far.
No major changes to anything, (except new packages) just configuring everything i see.
If you find anything you want added in or that is acting odd, please let me know. Same goes for if you fix something!!
Overall
-------
-Repo's activated, most things work (upstart processes fail, for now)
-startvnc and stopvnc no longer give that pesky USER error
-startvnc starts mysql database for metasploit
-stopvnc stops mysql (mostly, invoke ps -A and look for mysqld. Kill it with fire(-9) if need be)
-network traffic is capture-able with tcpdump, with wifi hotspot activated
-working on adding in a swap partition on sdcard (if possible)
-openoffice installed
-openVPN installed (the quieter you become...)
-Removed Zoho Web services
MySQL
-----
default user - root
default pass - toor
-Starts automatically with startvnc
-stops automatically with stopvnc
-start manually by invoking "mysqld"
-Only runs as root (for now)
-Console hangs when it is manually loaded or shutdown, service continues running though. killall --signal 9 mysqld if needed.
Metasploit
----------
-Loads up alright (45-90 seconds)
-MySQL already set as default DB
-Must manually connect to MySQL DB each instance of metasploit by invoking (from msf) db_connect root:toor@127.0.0.1
-working on a possible way to limit cpu consumption to prevent system hangs(cpulimit does some nasty things)
-So far, this is the only connection string ive been able to get to work: root:toor@127.0.0.1
Armitage
--------
-Takes forever to load (30 seconds for connect screen, 4 minutes or so for main client)
-Causes system hangs frequently (to minimize this, leave the vnc server on your screen, and set the display timeout to 10 minutes-switch it back when done to conserve battery life)
-So far, this is the only connection string ive been able to get to work: root:toor@127.0.0.1
-Can Crash phone if running too big of an operation (Max Phone memory problem, fixed in v.2 with swapfile added)
Zenmap
------
-Slows phone down (incredibly bad with more complex scans, of course)
-Some Complex scanning options can crash phone (Nothing damaging has happened)
-will attempt to throttle cpu usage in the future
-Can Crash phone if running too big of an operation (Max Phone memory problem, fixed in v.2 with swapfile added)
Aircrack-ng suite
-----------------
-Aircrack-ng works
-Airodump-ng doesnt work (needs monitor)
-Airdecap-ng untested
-Airdecloak-ng untested
-Airbase-ng doesnt work (needs monitor)
-Airmon-ng doesnt work (needs monitor)
-Aireplay-ng doesnt work (needs monitor)
-Airdriver-ng doesnt work (yet)
-Airolib-ng works (doesnt do anything yet)
-Airserv-ng doesnt work (needs monitor)
-Airtun-ng doesnt work(needs monitor)
Plus lots of stuff for the future, stay tuned!!
http://forum.xda-developers.com/show....php?t=1152994
In the future
=========
-nessus
-Booting via HD2 Toolbox by d4n14l (sp?)
-Custom kernel (WAYYYY down the road, but working on it)
and more
--Copyrighted by z3n, 2011
(just kidding, but it looks good :P)
