We had done quite some stuff without playing nasty with our phone. There are still a couple of things we can do but, in order to keep the awesomeness level we really have to go and root our device. You may have had read many horror histories about rooting. You might be frightened... You are right. I have heard histories of devices coming back from the Smart Cemetery and claim for revenge on those users that profaned their firmwares.....heresy!!!.
Well, actually, for me, rooting my phone is something I always do immediately after unboxing the device. Being able to root the phone is one of the requirements to chose it. It use to be a safe process but it is true that there is a chance of bricking the phone, specially if you are blindly following instructions.
We will not explain how to root your device. It is often a device dependent process and there are too many different cases to be covered there. Just search the Internet and look for the instructions for your model. Read everything you can and try to understand the process so you can react if something goes wrong. Yes, this is basically a disclaimer... root your device at your own risk.
You can play later with the different option. Right now just press the "Device Definitions" tab and chose a device... for example Nexus 5. Press "Create AVD", select one skin and then press OK. If you feel brave enough you can try to change some parameters.... At least the AVD Name.
Once created, your test device should look like this (more or less)
The new created Virtual Device is now available and a "Start..." button is now enabled.... you do know what to do, don't you?
Booting your emulated Android will take a while, but you can login in your just created virtual machine, before the Android screen is shown.
Now you have to set a couple of options:
Target Options
The next thing to select is the toolchain
Toolchain
Finally, you may want to go into the Target packages option and select some application that you want to have in your phone. Note that all the applications you select will be downloaded from Internet and compiled. In other words, if you select a lot of applications, the first compilation will take quite a long time.
For the first build we will just select nmap to convert our phone in a basic penetration testing tool :).
Go into networking applications and select nmap.
Now we are done. Just leave the interface selecting Exit as many times as required until you are asked to save your configuration. Save it and get back to the bash prompt.
Now type make and wait. If you have many cores in your box you might want to run make -j N_cores.
Buildroot will do its magic. The first time it has to download/build quite some stuff (including the toolchain) so to you better go and grab some coffee or take a walk in the park
...
Some coffees later....
Awesome Wells
Awesome Android eXtreme Hacking. Part II (Sensors)
Awesome Android eXtreme Hacking. Part II. More sensors
Awesome Android eXtreme Hacking. Part III. What a Shell!
Android Development for Web Programmers
Add a Remote Shell to your Android App
■
SAFE ROOTING
Before continuing two more words on rooting Android devices. There are actually two safe ways to get root on Android. The first one is to buy a Google Device. Google devices allows unlocking the bootloader (that is something you need to do in order to use fastboot and flash new firmware) and Google provides factory images for all their devices. In other words, even when they do not officially support the process there is a good support to go ahead in a safe way. They maybe other companies providing this kind of support. If you are aware of any, please add a comment. The second one is to use the Android SDK emulator. Yep, the emulator you use for developing your Android Java apps emulates a whole (almost) rooted device. So for those of you who do not want to risk its "precious", let's go for the emulator. First thing to do is to create a device to run your Android system. Setup your PATH environmental variable to point to your Android SDK tools folder and type~aaxh $ android avdAVD stands for Android Virtual Device. Basically it is a tool to define tour "virtual hardware". OK, do not worry, you will get a nice user interface to work with

AVD. Android Virtual Device

AVD. Android Virtual Device Manager. Device Definitions

AVD Virtual Device for AAXH testing
~aaxh $ adb shell root@generic:/ #And Voila!... you are root Now, you should install buildroot... we will need it a bit later. (http://papermint-designs.com/community/node/422)
POCKET LINUX
Now that you can feel the power is time to install GNU/Linux on your phone. Actually Linux is already there. In a way, Android is just another Linux distribution, but really stripped down... and we want to have GNU/Linux in there, not just regular Linux. There are different option on how to deploy your preferred application on your phone. We will talk about one, Buildroot (http://buildroot.uclibc.org/download.html). Just go there, download it and uncompress the tar somewhere in your disk. Buildroot follows the same approach that busybox and the Linux kernel so you should already know what to do. But in case you are feeling lazy.~aaxh $ tar xzvf buildroot-2015.05.tar.gz ~aaxh $ cd buildroot-2015.05 ~aaxh/buildroot-2015.05 $ make menuconfigThere you go. You should see something like this

Buildroot make menuconfig. Main Screen
- Target Architecture ► ARM Little endian
- Target Architecture Variant ► cortex-A9

AXH05. Buildroot menuconfig. Architecture Options
- ToolChain Type ► External toolchain

AAXH05. Buildroot menuconfig. Toolchain Options
STARTING OUR BRAND NEW GNU/LINUX
Now we have to dump our brand new GNU/Linux on the phone. Actually what we have to deploy is the root filesystem that buildroot had created for us. This is quite easy Unless you had chose some fancy option (something you shouldn't had done at least the first time :), your root filesystem should be under output/images. So, let's copy it into our emulator:~aaxh/buildroot-2015.05 $ adb push output/images/rootfs.tar /data/local/tmpAnd now let's get into the phone and prepare for starting our linux:
~aaxh/buildroot-2015.05$ adb shell root@generic:/ # cd /data/local/ (configure busybox if you have to... we need tar now) root@generic:/data/local # export PATH=/data/local/bb:$PATH root@generic:/data/local # mkdir linux root@generic:/data/local # cd linux root@generic:/data/local/linux # tar xf ../tmp/rootfs.tarWe are almost done. Now we will start a chroot environment under our buildroot filesystem, and for that we have to mount a couple of pseudo filesystems. We actually have to bind those mounts to the real ones on the device. OK, anyhow, this is what you have to do
root@generic:/data/local/linux # mount -o bind /proc/ /data/local/linux/proc/ root@generic:/data/local/linux # mount -o bind /dev /data/local/linux/dev root@generic:/data/local/linux # mount -o bind /sys /data/local/linux/sysWhen we chroot into our new filesystem we will still have access to the device proc, dev and sys directories... Let's try
root@generic:/data/local/linux # cd .. root@generic:/data/local # chroot /data//local/linux/ /bin/sh / # export PATH=/bin:/sbin:/usr/bin:/usr/sbinWe are just starting a shell without running any initialisation script so nothing is setup. The very minimal thing we have to setup is the PATH variable in order to be able to execute the application in our new Linux. Now we can run nmap from our phone to look for open ports in our device. You should see something like this:
/ # nmap -v localhost Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-21 11:24 UTC mass_dns: warning: Unable to open /etc/resolv.conf. Try using --system-dns or specify valid servers with --dns-servers mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers Initiating SYN Stealth Scan at 11:24 Scanning localhost (127.0.0.1) [1000 ports] Discovered open port 5555/tcp on 127.0.0.1 Completed SYN Stealth Scan at 11:24, 19.22s elapsed (1000 total ports) Nmap scan report for localhost (127.0.0.1) Host is up (0.0011s latency). Not shown: 999 closed ports PORT STATE SERVICE 5555/tcp open freeciv Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 20.11 seconds Raw packets sent: 1289 (56.716KB) | Rcvd: 2579 (108.320KB) / #That.... Is.... Awesome!!!... isn't it? Now you can rerun menuconfig and start adding your own tools to customise your Linux in your pocket. Not all of them will work, but most of the generic, console based applications will just work. Happy Hacking
Awesome Wells
RELATED POSTS
Awesome Android eXtreme Hacking. Part I
Awesome Android eXtreme Hacking. Part II (Sensors)
Awesome Android eXtreme Hacking. Part II. More sensors
Awesome Android eXtreme Hacking. Part III. What a Shell!
Android Development for Web Programmers
Add a Remote Shell to your Android App
■
CLICKS: 3009