Home > Network > BackTrack 5 in chroot on Android

BackTrack 5 in chroot on Android

I just did something that I still can’t quite believe. I got BackTrack 5 running on my Android phone (a Driod Incredible 2) and tablet (Nook Tablet). Not only that, I can’t believe how easy it was!

Although there is an ARM port of BackTrack (most Android devices use ARM processors), it probably won’t just boot up natively on your phone. But a couple of users on XDA-Developers came up with a convenient script to automate starting BackTrack 5 on Android in a chroot environment, and shrunk the BackTrack image file to make it small enough to fit on a FAT32 partition (the standard BackTrack ARM image is larger than the 4GB single-file limit). This allows BackTrack to run alongside the existing Android system, which I think is actually better than running BackTrack natively since you can still use your phone as a phone when you’re done with BackTrack.

I’m running Cyanogenmod 7 on both devices, and as far as I can tell, this should work as advertised for any CM7 installation that mounts the external SD card as /sdcard. If you aren’t running Cyanogenmod, or your SD card doesn’t mount as /sdcard, your milage may vary. First, a couple of caveats. You must:

*Be rooted
*Have a proper busybox install
*Be able to “su” from the command line
Have a terminal program installed
*Have ext2 support (use “cat /proc/filesystems” at a superuser command
prompt – you should see ext2 listed)
Have a VNC viewer installed
Be connected to a WiFi network (BackTrack won’t see a cellular data
connection as a valid network device)

The items with stars above should come along for the ride by running Cyanogenmod 7. I had previously installed a terminal program (the cleverly named “Terminal Emulator”) and was connected to a WiFi network, so my prep time was about two minutes to find a VNC viewer (the equally well-named androidVNC).

The only hard part was getting the BackTrack 5 files. The original thread from XDA-Developers is here with additional background here. I was only able to get one of the mirror sites to work. If you can’t get any of the mirrors to work, try googling for the filename – BackTrack5forARM-MattsLifeBytesEditionv2.zip.

Once you have the file, decompress it to get the bt5 folder out. It should be about 3.25 gigs. Copy that to your SD card. Open your terminal and type the following:

cd /sdcard/bt5
sh bt

Backtrack should start up and ask you if you want to start a VNC server. Once past that, you are at BackTrack’s command line. You can run command line tools (like Metasploit’s MSF Console) from here, or SSH to it from another system on the network. Even better than that, if you answered yes to the VNC server, you can use the VNC client on your phone or on another system to connect to the Gnome desktop session (address:, port: 5901, user and password are root – change the address as needed for external connections). It couldn’t be much more simple than that.

Categories: Network Tags: , , ,
  1. Anon
    April 24, 2012 at 3:10 AM

    “the standard BackTrack ARM image is larger than the 4GB single-file limit”

    Ive seen that stated elsewhere but the Arm img from the Backtrack site is only 1.06GB, am i missing something?

    • Anon
      April 24, 2012 at 3:20 AM

      My mistake, its compressed in 7z. Extracted file is 4.88GB.

      • April 24, 2012 at 10:44 AM

        You beat me to it!

  2. Kurt
    September 20, 2012 at 10:45 AM

    when i execute the sh bt command i get:
    chroot: can’t change root directory to /data/local/bt: no such file or directory

    any ideas?

    • September 26, 2012 at 1:13 PM

      The only time I’ve seen that is when the 3.5 GB bt5.img filesystem image file was corrupt somehow. At some point I ended up with a 0-bit bt5.img file, and got that same error.

    • October 23, 2012 at 8:59 AM

      I would make sure your bt5.img file is not corrupt. That’s the only time I’ve had problems. You will get those type of “can’t change directory” errors when the file system in the image file couldn’t be mounted.

  3. Jordan curk
    October 4, 2012 at 8:13 AM

    when i type in sh bt, i get can’t open bt

    what gives?

  4. November 16, 2012 at 5:56 AM

    When I type sh bt, I get
    bt[1]: cut: not found
    This script requires root! Type:su

    Any ideas on what is going wrong?

    • November 20, 2012 at 3:25 PM

      It sounds like you don’t have root access to your phone. At the command prompt, when you type su, the prompt should change from $ to #. If you get an error or it doesn’t change to #, you don’t have root and the script won’t be able to mount the file system image and perform other necessary operations.

  5. February 6, 2013 at 8:18 AM

    I done all step perfectly
    but i don’t know backtrack terminal ‘su -‘ password..
    default account is backtrack.. i want to change root account
    if you know ‘su -‘ password please answer me..
    thank you 🙂

    • February 7, 2013 at 2:32 PM

      Debian-based systems use the “sudo” command. If you need to run vi (for example) with root-level access, run “sudo vi”. If you really want to use su, you could change the root password to a password of your choice using “sudo passwd root”.

  6. Stone
    June 29, 2013 at 1:43 AM

    I have a rooted Samsung s3 GT-i9300 international version, busybox, Superuser, etc. I have downloaded the backtrack gnome arm 7zip file, extracted it to the extSdCard, in a folder names BT5. I run the cmd emulator named Terminal Emulator, using:
    cd sdcard/
    says:root@android:/ #
    cd sdcard/BT5
    says: sh: bt5: not found.
    no such file or directory.

    I don’t know whats wrong…. help plz and thx!

    • July 17, 2013 at 3:16 PM

      This usually means the image file was not mounted correctly. Look back farther in the terminal output to see if there are any errors about the mount.

  1. April 19, 2012 at 3:20 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: