Jump to content
co4ie

Debdroid - Multi-Device Chroot Solution

By co4ie, in Mobile security

Recommended Posts

co4ie Newbie

co4ie

Posted
Posted

Debdroid supports any Android device with loopback devices and ext2, flashable zip works on ICS/GB.

Succesfully tested on Samsung Galaxy SII, Epic 4G Touch, Motorola Atrix, HTC EVO, HTC Incredible.

Contents

  • 1 Overview
  • 1.1 Uses
  • 2 Backtrack 5
  • 2.1 How-To
  • 2.2 Manual Install Method
  • 2.3 Uses
  • 3 Downloads
  • 3.1 Distro Images
  • 4 Screenshots
  • 5 Updates
  • 5.1 03/23/2012
  • 6 Workaround for devices that have locked bootloader and/or no loop.ko


Overview

The flashable zip contains the shell scripts, conf and apk. If you are unable to flash, mount /system as rw and place the the files manually.

BEFORE TRYING ANY OF THESE SCRIPTS MAKE SURE YOU HAVE A ROOT SH SHELL

su sh

Scripts:

  • debdroid - starts the debdroid chroot without the apk wrapper.
  • debshell - wrapper for passing commands to the chroot. Example - "debshell "apt-get update"
  • debkill - kills the chroot in case anything goes wrong

Conf:

/etc/debdroid.conf contains options such as img location, dns servers, loop number and shared directory.

Note: The shared directory is mounted to /mnt/share in the chroot environment.

Apk: com.afrosec.debdroid.apk - apk wrapper that essentially launches "bash debshell"

Known Bugs: Exit deployment does not work, you must kill the application by holding the back button or hitting exit deployment until it allows you to FC

Uses

Debdroid comes preinstalled with nmap, ettercap, ssh, g++ and gcc. With a chroot environment you are able to install software with the native package manager and completely avoid cross-compiling.

You are able to drop to a bash shell in the chroot by executing "debshell bash"

In order to get ssh up execute "debshell sshup"

In the previous release of Debdroid I showed its capabilities of WLAN sniffing using your device, this is still an applicable use.

Script Manager Compatibility:

Because debshell can pass commands directly to the chroot sub-system you can use a script manager app to launch commands as well.

Debdroid provides the user with a full Linux environment you can ssh into. This may cater to the needs of the of the individuals who need to perform device-related linux tasks without an actual linux workstation.

Backtrack 5

Penetration testing from your pocket.

Backtrack 5 released with an ARM image compatible with the Motorola Xoom.

FAT32 has a file size limit of 4gb, bt5's img size was over 5gb, therefore unable to work with any other Android device booting the chroot of off an external SD-Card. The attached img files are downsized to 3.25GB.

How-To:

  • Flash the debdroid installer zip
  • Download either the custom .img or the original .img
  • Create a folder called debdroid on your sdcard.
  • Copy the .img to /sdcard/debdroid and rename to linux.img
  • Start up the APK (or debdroid from shell), Deploy, pentest from your pocket.

Manual Install Method

For certain devices if the flashable zip does not work*

Mount device on computer, extract flashable zip to /sdcard/debdroid

Copy the directories of /sdcard/debdroid to /system (/sdcard/debdroid/bin to /system/bin)

(If copy does not work use cat - (cat /sdcard/debdroid/debdroid >> /system/bin/debdroid)

chmod +x contents in the /sdcard/bin (debdroid, debkill, debshell)

Our custom .img changes:

Replaced gnome with xfce4 and fixed startvnc

Uses

NMAP internal networks from WIFI AP without a laptop.

All the functionality of Backtrack 5 in your pocket.. scan any network your device can connect to.

Donload:

Flashable ZIP

Torrent with Flashable ZIP and BackTrack 5 ARM

Distro Images

These custom images are resized to 3.25gb to fit on all FAT32 sdcards. 4GB is the file size limit.

Note: Rename all .img to linux.img unless you specify otherwise in your conf.

Backtrack 5 ARM 3.5gb Original img

Backtrack 5 ARM 3.5gb Custom img

Debian Squeeze ARM 1gb img

Debian Squeeze ARM 2gb img

Debian Squeeze ARM 3gb img

Debian Squeeze ARM 4gb img

Debian Squeeze ARM 5gb img

Debian Lenny ARM 750mb img

Workaround for devices that have locked bootloader and/or no loop.ko

For devices that can't create a loopback interface to an image, we need another solution. The following is a rough outline to create a partition on your locked device and install (copy) the debian/ubuntu/backtrack image to your SD card.

On your linux box:

1) Shrink the partition on your SD card by 4GB.

2) Create an ext3 partition in the free space.

3) Create a loopback interface to the image you wish to run.

  losetup /dev/loop0 /home/usernamehere/distributionnamehere.img
  mount -t ext2 /dev/loop0 /home/usernamehere/somemountfoldername

4) Copy all files from the image to the 4GB SD partition.

  cp -r pathtoloopiface/* pathto4gbmount/*

5) ^ takes about 2.5 hrs let it finish completely.

6) adb push and chmod 777 this modified bootubuntu script to /system/bin on your phone boothatshite.sh

6.1) if you get read-only filesystem: "adb shell mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system" This (mtdblock3 & yaffs2) probably differ for devices other than DroidX.

7) make sure there is a path to /data/local/mnt on the device

8) run the script and it will put you into a chroot jail. if you are using the lakia ubuntu image, vnc will autostart. To quit the chroot just type exit at the shell.

Sursa

Have Fun !!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...