1. Download terminal emulator,android vnc and arm version of backtrack.
2. Extract the content of img file and transfer it in to memory of android devices.
3. Install BusyBox and start it.
4. Open terminal emulator. use "cd" command to get in backtrack directory where extracted content is saved on memory card of device. In this case command is
cd /sdcard/BT5
5. Type "sh bootbt" and we will be in Backtrack.
commend
su
cd/sdcard/bt5
sh bootbt
startvnc
download from torrent
BackTrack 5 ARM Edition Quick Start
This image has been developed and tested on the you yureka. Your mileage may vary on other devices.
As this image runs in a chroot, you will need to have your device rooted. There are numerous tutorials on the subject online and are not included here.
***Rooting your device will potentially void its warranty and we are not in any way resposible if you brick your device while rooting it.***
### IMPORTANT POINTS ###
1. Since the image runs in a chroot, there is no root password set.
2. There are 2 scripts under /usr/bin/ 'startvnc' and 'stopvnc' that are set to start with the Xoom's default resolution.
3. The current vnc password is set to 'toortoor' and can be changed by running 'vncpasswd'
4. This image is a work in progress and suggestions/tips from the community are always welcome.
### GETTING STARTED ###
1. Once you have downloaded the ARM BT package, save the files in a convenient location. The steps below assume they are in the platform-tools folder of the Android SDK.
2. Go to your platform-tools directory and proceed to make a directory on the device to store BT5:
./adb shell
mkdir /sdcard/BT5
exit
3. Copy over the busybox install files:
./adb push busybox /sdcard/
./adb push installbusybox.sh /sdcard
4. Install busybox on the device:
./adb shell
cd /sdcard/
sh installbusybox.sh
exit
5. Transfer the required BT5 files to the device:
./adb push fsrw /sdcard/BT5/
./adb push mountonly /sdcard/BT5/
./adb push bootbt /sdcard/BT5/
./adb push bt5.img.gz /sdcard/BT5/
./adb push unionfs /sdcard/BT5/
6. Uncompress the image and start BT5:
./adb shell
su
cd /sdcard/BT5
gunzip bt5.img.gz
sh bootbt
If all goes well, you'll be in the BT5 chroot:
# sh bootbt
net.ipv4.ip_forward = 1
[email protected]:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip
cisco enumeration forensics python sniffers tunneling web
[email protected]:/#
Related
1. How can I root my phone?
1.1 General information/Basic adb-commands
Rooting a phone enables you to do things, which normally aren't possible for the average user like:
- Removing apps which were preinstalled by the provider (like Orange, Vodafone, etc.). My Tattoo had Vodafone apps for buying music and other sh*t, which was installed on the system partition (to which a "normal" user has no rights to write to, including deleting).
The Tattoo was successfully rooted by a bunch of guys here, namely -bm-, mainfram3 and Coburn64 (maybe, I don't remember quite correctly ). Also the Tattoo was the first phone having a security mechanism hindering a user to mount the filesystems as read/write, which had to be overridden by remapping the read only memory region to a read/write one. This is done by the module Tattoo-hack.ko, also made by mainfram3. He also created the first boot.img, which enabled su directly from adb and loading Tattoo-hack directly from boot on.
A few words about adb:
ADB is a tool for communicating from the PC with the mobile phone. For this a service is running on the phone enabling the communication via Terminal Emulator. Here are the most useful adb-commands:
Code:
adb push localFileFromPC /path/on/mobilephone
-> pushes a file "localFileFromPC" to a specified location on the phone
adb pull /path/to/file pathFromPC
-> receives a file from the phone and stores it to "pathFromPC"
adb remount
-> This is only possible in custom ROMs, remounts the file system to r/w automatically
adb shell "command"
-> executes "command" and returns to the computer shell
adb shell
-> opens a shell session on the phone (from here on you have to be very careful! Also you can execute now normal linux commands like rm, mv, ls, chmod and so on, but not cp (this can done through busybox)). You will have to use this more often, so get used to it
1.2 Do I have to create a goldcard?
I read this question quite often. For rooting, you don't need it, but for SIM-locked phones you can't flash custom unbranded ROMs (I think).
A guide to create a goldcard follow this link: http://forum.xda-developers.com/show...88&postcount=1 (thanks to MiSSigNNo to this point)
1.3 Tools you need
A complete set of tools can be found here Feel free to mirror it:
http://rapidshare.com/files/403766494/Tattoo.rar.html
Mirror(s):
http://www.bild-ton.net/Tattoo.rar
http://www.megaupload.com/?d=CI9AW83F
This package contains:
- adb binaries for Windows (sorry Linux users )
- su (Please note: use the su-binary attached in this post, not the one in the archive!!!!!)
- m7 exploit
- Amon_RA recovery.img
- mainfram3 boot.img
- flash_image binary
- tattoo-hack.ko
1.4 The automated way
This method was created by maverixx and can be found here. This basically consists of a package doing everything you need by itself. It roots the phone and flashes maverixx recovery.img, which (no offense) I don't like as much as I like Amon_RA's one!). Just click the batchfile and it does the rest (you have to connect your phone via USB to your PC though ).
If you want to use the automated way, but flashing Amon_RA's recovery, just replace the recovery.img from maverixx' package with the recovery.img provided in my archive file (see 1.3 for the link).
In my time here I noticed quite a few users experiencing problems either with a fully functional su or with the recovery image not flashing certain update.zip packages. It seems to be a matter of luck.
1.5 The manual way (recommended by the author)
I personally like what is done when and how, that's why I recommend the manual way. So let's get down to business Let's see if you know all the adb-commands I wrote here:
1. Let's say you have everything unpacked into C:\Tattoo
2. In your terminal (on your PC) type:
- adb shell "mkdir /data/local/bin" (if it returns an error it means that the directory already exists, just proceed)
- adb push m7 /data/local/bin/
- adb push su /data/local/bin/
- adb push flash_image /data/local/bin/
- adb push tattoo-hack.ko /data/local/bin/
- adb push recovery.img /sdcard
- adb push boot.img /sdcard
3. We have every needed file on the phone now. Type now (we are still in your terminal):
- adb shell
$ cd /data/local/bin
$ chmod 766 m7 (I don't retain this step as mandatory, so if this process fails, just proceed)
$ while ./m7 ; do : ; done
lots of text until you see something like "wrote shell code", press enter 2 or 3 times enter to see:
#
4. Then perform this:
- # export LD_LIBRARY_PATH=/system/lib
- # export PATH=/system/bin
- # insmod ./tattoo-hack.ko
- # mount -o rw,remount /dev/block/mtdblock5 /data
- # mount -o rw,remount /dev/block/mtdblock3 /system
- # cat ./su > /system/bin/su
- # chmod 4755 /system/bin/su
- # chmod 755 ./flash_image
Questions?
1.6 Problems and (hopefully good) solutions
Q: How do I execute my command line tool?
A: On your Windows host, go to Start->Run...->type "cmd"
Q: Where is my adb? When I type it in my shell it says that it was not found!
A: The adb binary is found in the archive I supplied above or in the Google SDK. As my archive-file is quite smaller than the Google SDK you should take mine. Let's suppose your adb binary is unpacked in C:\Tattoo, then type:
Code:
Your\Current\Location> cd C:\Tattoo
C:\Tattoo> adb <command>Q: adb says "error: device not found" when I try to launch the shell on the phone!
A: Connect the phone with the usb cable and make sure the sd card is not mounted as drive on your PC!!!
Q: When I want to copy something the phone returns that "cp" is not found! Also when I try to move a file, it says "cross-link device".
A: Well, copying from one partition to another is only possible either via busybox or via
Code:
cat file > /location/filename
Example:
cp /data/su /system/bin
is realized by typing
cat /data/su > /system/bin/suAlso make sure that system is r/w!!!
Q: flash_image returns write errors when flashing recovery/boot image!
A:
For boot: Try to redo the flash procedure
For recovery: Note that you can't flash the same recovery.img as the one already installed, so install another recovery.img first (like maverixx) and then Amon_RA's again. If it still doesn't work reboot, remount the partitions r/w, insmod tattoo-hack.ko and retry flashing.
Q: How can I unroot my device?
A: Just delete su from /system/xbin and restore the old boot.img. Alternatively see here for retrieving a stock ROM to flash it on your phone.
i hope someone try this i don't have time
I couldn't reply to the [ROOT][EG30/31] Automated root of your existing stock ROM (w/o ODIN or ROM Flash)
post in the dev forums because I'm a noob, so I figured I'd post it here.
The OP's Mac instructions were a bit vague for noobs like me, but I figured it out, hope it helps others.
1. Download the eg30auto.zip listed in step 1 of the original post. Unzip it.
2. Follow step 2 in the original post for hooking up your phone
3. Download the platform tools here and unzip
4. Copy the adb file from the platform tools folder, to your eg30auto folder
5. Open a Terminal, cd to the eg30auto folder
6. Use these commands to open an adb shell, copy the needed files:
./adb shell
./adb push copy2tmp /data/local/tmp/
./adb push copy2sd /sdcard/
Click to expand...
Click to collapse
7. Run the exploit (do not type the $ symbols)
$ cd /data/local/tmp
$ /system/bin/sh install-zerg.sh
Click to expand...
Click to collapse
8. The previous step will take a few minutes. Assuming it is successful, it will kick you out of "adb shell". Restart "adb shell"
./adb shell
Click to expand...
Click to collapse
9. Your adb shell should now have the # prompt indicating temporary root. Proceed to install persistent root and cleanup the temp rooting files, followed by rebooting the phone (do not type the # symbols)
# cd /sdcard/000root
# /system/bin/sh install-root.sh
# /system/bin/sh install-cleanup.sh
# reboot
Click to expand...
Click to collapse
If you get an error during the install, consult the original post. Otherwise, you should be rooted now! Mad props to the hardworking devs that blessed us with this early christmas gift!
Let's pretend you're running Mac OS X or Linux. You might have your adb and fastboot files in a directory such as:
Code:
~/Android/
Which means to execute the command you have to
Code:
cd ~/Android/
then execute
Code:
./adb
You must be thinking, "There has to be a similar way!" Well, there is!
Code:
sudo cp ~/Android/adb /usr/bin
followed by
Code:
sudo cp ~/Android/fastboot /usr/bin
Now, all you have to do, no matter what you're present location in your file system is to simply type whichever command you want. This will probably speed up using the commands and make your time in terminal a little easier.
It is much more efficient to add the ~Android dir to PATH.
If you ever update your android sdk you'd have to copy the files again.
so better:
Code:
export PATH=~/Android:$PATH
if you want it persistent just change your ~/.profile file (depending on your distribution)
same would work in Windows, there you have to set PATH in the system settings.
So I am trying to manually root my S3 without flashing a rom. I am able to get through most of the steps in these instructions up to the point where it requires you to put phone into download mode. I get phone into download mode, but when I connect to the PC, it doesn't see the phone.
This step worked:
To confirm your device is properly detected, in the command prompt, run
Code:
adb devices
Now copy busybox, su, superuser.apk to /data/local/tmp/ using adb.
Code:
adb push busybox /data/local/tmp adb push su /data/local/tmp adb push Superuser.apk /data/local/tmp
These steps worked:
Now run adb shell
Code:
adb shell
Note that you see a "$" sign in the command prompt. That means you are not rooted.
Next run the following commands in the shell to change permissions and get some limited privileges for the Superuser files:
Code:
chmod 6755 /data/local/tmp/su chmod 755 /data/local/tmp/busybox chmod 644 /data/local/tmp/Superuser.apk
Note that the names of the files are case sensitive.
Files are there and are verified when I ls /data/local/tmp. All three files are there.
This is where I have a stumbling block:
Once in download mode, connect the Android device using the microusb cable to the computer.
Now using the open Nautilus window, navigate to /UserData/local/tmp/ folder and verify that you have the files you sent to the device viz. su, busybox and Superuser.apk
So if I am able to push files to the phone, why won't it recognize it when in download mode?
Using Fedora Linux and have the full Android SDK installed.
Firstly, Merry Christmas!
Note: This worked on version 10.2.4
I received a Kindle Fire 2 today and since then I've been trying to get it rooted, now that I have I though I'd share it here for other people who might be in the same situation.
This is really just a remixing of the tool made by Bin4ry (http://forum.xda-developers.com/show....php?t=1886460) but I couldn't get the script to run on my Mac...
Step 0 - Preparing
You must enable ADB and Unknown App sources from Settings.
Settings > More > Security > Enable ADB
Settings > More > Device > Allow Installation of Applications
Step 1 is to get that tool from here. and extract it somewhere you'll remember.
Step 2 (you can skip this if you already have the android SDK platform-tools in your PATH)
If you don't have the android SDK or adb installed just add the 'stuff' folder from the tool to your path.
In terminal run
Code:
export PATH=$PATH:/path/to/extracted/tool/stuff/
Step 3 - Push the required files
It's probably easiest if you change into the stuff folder first...
Code:
cd /Users/x/Downloads/Root_with_Restore_by_Bin4ry_v18.7z\ Folder/stuff
Then run the following...
Code:
adb push busybox /data/local/tmp/.
adb push su /data/local/tmp/.
adb push Superuser.apk /data/local/tmp/.
adb push ric /data/local/tmp/ric
Then you need to run an adb shell to set some permissions
Code:
adb shell
(you should get a prompt like [email protected]:/)
Run
Code:
chmod 755 /data/local/tmp/busybox
exit
Step 4 - Rooting
This requires another terminal window. Check that you can run adb from there as well (running adb should print the usage information)
In the first window run:
Code:
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" > /dev/null
In the other run
Code:
adb restore fakebackup.ab
You should get a prompt on your Kindle, hit the restore my data button. As you do so the command in the first window should stop (or a few seconds later - if it doesn't stop it and re-run both commands again.)
You can now close the second window!
Run
Code:
adb reboot
, your Kindle should reboot though the screen will be blinking repeatedly (flashing between the lockscreen and the boot animation) don't worry about that as it will be fixed in a sec.
Step 5 - Cleaning Up
Run
Code:
adb shell
If all was successful you should see the prompt change to [email protected]:/
If it did, continue otherwise go back to step 4.
Run these
Code:
/data/local/tmp/busybox mount -o remount,rw /system
/data/local/tmp/busybox mv /data/local/tmp/su /system/xbin/su
/data/local/tmp/busybox mv /data/local/tmp/ric /system/bin/ric
chmod 755 /system/bin/ric
/data/local/tmp/busybox mv /data/local/tmp/su /system/xbin/su
/data/local/tmp/busybox mv /data/local/tmp/Superuser.apk /system/app/Superuser.apk
/data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin/busybox
chown 0.0 /system/xbin/su && chmod 06755 /system/xbin/su
chmod 655 /system/app/Superuser.apk
chmod 755 /system/xbin/busybox
rm /data/local.prop
reboot
Your Kindle will restart and SuperSU will be available under Apps, your now free to do as you please, though you could follow with Step 3 on this thread to get Google Apps etc working.
Update: a short guide to installing the Play store can be found here.
This worked almost perfect for me but I couldn't get it to run adb commands from the stuff folder so I dumped its contents (minus the adb stuff) into the platform-tools in the android SDK and from then on everything went great. Thanks so much.
didthis work for 10.2.4 users out there
does this work for 10.2.4
worked!
Great work, congratulations and thanks! I'd like to make some comments tho regarding some typos and suggestions.
1.- I'd suggest to install the android SDK as, in fact, adb commands didn't work from the stuff folder. Add a line to .bash_profile with the export PATH command to make permanent access to the adb shell.
2.- Push files from the Root_with_Restore_by_Bin4ry_v18 folder, not the .7z file.
3.- The command is, e.g., adb push busybox /data/local/tmp/ instead of adb push busybox /data/local/tmp/.
4.- In Step 5 the command /data/local/tmp/busybox mv /data/local/tmp/su /system/xbin/su is twice so you'll get an error the second time you execute it.
Also congratulations for instructions on how to install PlayStore - here pay attention to the names playstore.apk and servicesframework.apk which in fact are plstore3.10.10.apk and GoogleServicesFramework.apk respectively -
Once again thanks for your work.
gorganzolia said:
does this work for 10.2.4
Click to expand...
Click to collapse
Yes this worked for 10.2.4
10.2.6
Does this work with 10.2.6?
it worked
Tried it this morning on 10.2.6 and it worked woohoo now how do you stop it from automatically updating
Found out how to stop those automatic updates here http://forum.xda-developers.com/showthread.php?t=2086450