Phenotyne Silence on the Line

Backtrack 5 on the Optimus 2x/G2x

After reading about the Optimus 2x back in December I felt like I had to wait forever to actually get my hands on one. We finally got it here in the states from T-mobile as the G2x device. Sadly this phone is lacking a bit on ram, but is one of the first phones we can get with a dual core processor. I am not going to sit here and spout stats, that is what google is for, I will just say it is a nice phone.

Honestly getting a chroot environment of Backtrack running on the phone is a pretty simple and straight forward task. I am not going to wow you with any magic here. If you are familiar with the linux operating system this will be a walk in the park. I will say I tend to be lazy, and I am operating on a Mac half the time, so some steps might be a little different. Also you will need to root your phone, and probably be smart to install a rom manager so you can backup the phone before you get started. I used SuperOneClick to root mine and worked like a charm. Also you can use SSH if you install an app, the adb shell, or straight terminal app if you really want. Superuser app will also install busybox which you will need for some steps.

First thing I started with is partitioning the SD card for the device. As I talked about in my the other blog post (Gentoo on the Android), the way the phone handles the card is a bit odd, and there are several ways to partition it. This time I did the lazy man way and pulled the card out of the phone. You can do it on the phone, but I had some data I didn’t want to lose, and there is not an easy non destructive partitioning system on the phone.

So I pulled the MicroSD card, dropped it into an SD adapter, and put that in a USB adapter I had. I used the live iso of gparted, and just booted that up in a VM. Gparted saw the card instantly, and cranked out my partition table with ease. I was using a 16g card. The phone can probably use the ext2/3 file system for app storage, but I didn’t feel like messing with it, so left the partition the phone was using as a vfat. You will need to make you a fairly large ext2 or 3 partition for the BT5 image to sit on. You are going to be mounting the image itself so you are probably wondering why you can’t just drop it on the vfat and mount from there. Well size matters (as if you didn’t know), and the vfat will not support the uncompressed BT5 img file. I also put a SWAP partition on there with this phone so limited on ram. The uncompressed image file comes out to right at 5.3 gig, so make sure you make your partition big enough to handle it and modifications you might make.

Once gparted finishes writing your partition table you can shut it down and throw the microsd back into your phone. Startup the phone and it should initialize the card and give you a message at the top once it is done. I will take a second here to make sure you understand the mounting and storage method LG used with this phone. I am pretty sure this isn’t completely standard among other Android devices because I have seen others complain about it. Your phone has storage built into it that is non removable, and the operating sees it as an SD card also. You will actually see it mounted as /mnt/sdcard in the operating system when you take a look. The removable card is mounted at /mnt/sdcard/_ExternalSD when ever you look at it from the file system prospective. Odd and confusing I know. To make things even clearer they use device ID numbers too. So to find your removable SD card take a look and see what is mounted to /mnt/sdcard/_ExternalSD.


So there is the card mounted just like I said, and you can see the device is actually the device ID. so you have to find it in /dev/block


You can see the vfat on the external card is mounted at 179:17. So in my case the ext3 hosting my BT5 image is actually partition 4. You will need to format the new partition, please double check your partitions, you can just use an fdisk print. I will have little sympathy for you if you don’t double check your layout structure before you format the card.

mke2fs -j /dev/block/mmcblk1p4

You will have to change the rootfs over to rewritable to make some directories in /mnt. You can actually do it with the ‘adb shell sysrw’ command or you can just remount it from the cli:

mount -o rw,remount -t sysfs / /

Then I make my directory to mount my new ext3 partition. You can make it whatever you want, i made mine /mnt/extsd4 just so it was a bit more descriptive for me. The system mount command has issues with ext3, so use the busybox version:

busybox mount -t ext3 /dev/block/mmcblk1p4 /mnt/extsd4

Now we have to get the files over. I took the first layer of compression (the z7) off before transferring files over thinking it would be faster. So I was left with the bt5.img.gz. It is about 1.2gig and takes some time to move over. I thought the ‘adb push’ would be the fastest, but honestly it is about the same as the sftp over wifi. Once you get the file over you have to gunzip it, holy crap take a nap or get some coffee. I didn’t actually time it, but it was the better part of an hour. And the file explodes from 1.2gig to 5.2gig in that time. I honestly don’t know what would be faster, doing that on the phone or transferring that massive image. So once it is inflated we now have our image we can mount. We are going to actually modify the bootbt file that is in there so that we can start it and drop straight to shell. Instead of showing you every thing i changed I am going to post mine. You can just edit as necessary.

perm=$(id|cut -b 5) if [ "$perm" != "0" ];then echo "This Script Needs Root! Type : su";exit;fi mount -o remount,rw -t sysfs / / export kit=/mnt/extsd4/BT5 export bin=/system/bin export mnt=/mnt/BT5 mkdir -p $mnt export PATH=$bin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:$PATH export TERM=linux export HOME=/root if [ -b /dev/loop2 ]; then echo "Loop device exists" else busybox mknod /dev/loop2 b 7 0 fi busybox mount -o loop,noatime -t ext2 $kit/bt5.img $mnt busybox mount -t devpts devpts $mnt/dev/pts busybox mount -t proc proc $mnt/proc busybox mount -t sysfs sysfs $mnt/sys busybox sysctl -w net.ipv4.ip_forward=1 echo "nameserver" > $mnt/etc/resolv.conf echo " localhost bt5" > $mnt/etc/hosts busybox chroot $mnt /bin/bash echo "Shutting down BackTrack ARM For G2x" umount $mnt/dev/pts umount $mnt/proc umount $mnt/sys umount $mnt

TADA! You should now be in the chrooted Backtrack 5 environment!

I am sure I have forgotten something along the way, but that should be a quick little starter. If you have any issues then please post them in the comments and I will do my best to answer them.