First, I am not resposible for anything you do, and what works for me may not work for you. To start I am running Cyanogenmod 10 on a Galaxy s III sprint, rooted, busybox, and whatever else you may need.
I've been working on this for about a week and now its working, I just installed the android-sdk via apt-get over adb without chroot'ing into Kali.
All I did was create a custom image using the instructions I found at the Kali documentation and instead of chrooting I mounted the directories into Android's root ('/') directory. I didn't install a desktop as its not needed and if you can get or make a list of apps to install during the process that only includes the cli apps, that helps, I tried to make one and will post it here, alternatively one can run apt-get install and then copy and past the list into the command line over ADB.
I am working on a script thats started as a spin off of the usual chroot script but kinda changed over time as I tried to get the commands to work over a script, I ended up with the following saved as "/system/bin/test.sh" (I'm on a galaxy s III, may be different filesystems on different phones so things may need to be modified for your situation)
Please don't hesitate to improve on this with sanity checks and error handling, poting the improvments would be great. Ultimately I am going to get this all set up in the boot.img effectively making the mod persistant across reboots. As it is, a reboot will clean the changes, which is a good thing for now, some config, .rc, and other types of files clash in the etc folder but for now I havn't noticed too much harm form mounting the etc directory to androids root (again, this is my experience) but for safty's sake each device will eventually need to have those clashing files patched up to allow both systems the configurations they need to be in synch. Also the "linker" I think may not be right, to get it seamless I think the systems need to be built from scratch together. But hey, I thik this is a great place to start.
EDIT: IMPORTANT, (maybe), I placed a copy of the 'adbd' file that was in my '/sbin' directory into the '/data/local/mnt/sbin' (the /sbin dir of the kali.img when mounted to its usual place, or it can be done on pc but get it in there just in case it gets knocked out during the mounting processes, this is one of the clashes, at least for me this was the only file found in Android's '/sbin' directory.)
I had a bit of confustion with the bash interpreter as there are prolly gonna be two, one that was on the phone and the other that got brought over from kali, I suppose which you choose is up to you, but don't forget to export you PATH variables if you need to, I just copy and past it from a file on my desktop for now (over ADB).
I guess a lill proof...
And another example of when the filesystem is mounted properly over adb...
I've been working on this for about a week and now its working, I just installed the android-sdk via apt-get over adb without chroot'ing into Kali.
All I did was create a custom image using the instructions I found at the Kali documentation and instead of chrooting I mounted the directories into Android's root ('/') directory. I didn't install a desktop as its not needed and if you can get or make a list of apps to install during the process that only includes the cli apps, that helps, I tried to make one and will post it here, alternatively one can run apt-get install and then copy and past the list into the command line over ADB.
I am working on a script thats started as a spin off of the usual chroot script but kinda changed over time as I tried to get the commands to work over a script, I ended up with the following saved as "/system/bin/test.sh" (I'm on a galaxy s III, may be different filesystems on different phones so things may need to be modified for your situation)
Please don't hesitate to improve on this with sanity checks and error handling, poting the improvments would be great. Ultimately I am going to get this all set up in the boot.img effectively making the mod persistant across reboots. As it is, a reboot will clean the changes, which is a good thing for now, some config, .rc, and other types of files clash in the etc folder but for now I havn't noticed too much harm form mounting the etc directory to androids root (again, this is my experience) but for safty's sake each device will eventually need to have those clashing files patched up to allow both systems the configurations they need to be in synch. Also the "linker" I think may not be right, to get it seamless I think the systems need to be built from scratch together. But hey, I thik this is a great place to start.
EDIT: IMPORTANT, (maybe), I placed a copy of the 'adbd' file that was in my '/sbin' directory into the '/data/local/mnt/sbin' (the /sbin dir of the kali.img when mounted to its usual place, or it can be done on pc but get it in there just in case it gets knocked out during the mounting processes, this is one of the clashes, at least for me this was the only file found in Android's '/sbin' directory.)
Code:
#! /system/bin/sh
busybox mount -wo remount rootfs /
busybox mount -wo remount systemfs /system
export subset="/data/local/mnt"
export kali="/storage/sdcard0/kali"
busybox mount -o loop $kali/kali.img $subset
mkdir /bin
busybox mount --rbind $subset/bin /bin
busybox mount --rbind $subset/etc /etc
mkdir /home
busybox mount --rbind $subset/home /home
mkdir /lib
busybox mount --rbind $subset/lib /lib
mkdir /media
busybox mount --rbind $subset/media /media
mkdir /opt
busybox mount --rbind $subset/opt /opt
mkdir /run
busybox mount --rbind $subset/run /run
busybox mount --rbind $subset/sbin /sbin
mkdir /srv
busybox mount --rbind $subset/srv /srv
mkdir /tmp
busybox mount --rbind $subset/tmp /tmp
mkdir /usr
busybox mount --rbind $subset/usr /usr
mkdir /var
busybox mount --rbind $subset/var /var
export PATH="/sbin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:${PATH}"
export TERM=linux
export HOME="/root"I guess a lill proof...
Code:
localhost / # export PATH=/sbin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:$PATH
localhost / # set
ANDROID_ASSETS=/system/app
ANDROID_BOOTLOGO=1
ANDROID_CACHE=/cache
ANDROID_DATA=/data
ANDROID_PROPERTY_WORKSPACE=8,49152
ANDROID_ROOT=/system
ANDROID_SOCKET_adbd=9
ANDROID_STORAGE=/storage
ASEC_MOUNTPOINT=/mnt/asec
BASH=/system/xbin/bash
BASHOPTS=checkwinsize:cmdhist:expand_aliases:extquote:force_fignore:histappend:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_CMDS=()
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="4" [1]="1" [2]="0" [3]="1" [4]="release" [5]="arm-android-eabi")
BASH_VERSION='4.1.0(1)-release'
BOOTCLASSPATH=/system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/telephony-common.jar:/system/framework/mms-common.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar
COLUMNS=80
DIRSTACK=()
EMULATED_STORAGE_SOURCE=/mnt/shell/emulated
EMULATED_STORAGE_TARGET=/storage/emulated
EUID=0
EXTERNAL_STORAGE=/storage/emulated/legacy
GROUPS=()
HISTFILE=//.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOME=/sdcard
HOSTNAME=android
HOSTTYPE=arm
IFS=$' \t\n'
LD_LIBRARY_PATH=/vendor/lib:/system/lib
LINES=24
LOOP_MOUNTPOINT=/mnt/obb
MACHTYPE=arm-android-eabi
MAILCHECK=60
MKSH=/system/bin/sh
OPTERR=1
OPTIND=1
OSTYPE=android-eabi
PATH=/sbin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin:/bin:/sbin:/usr/bin:/usr/sbin
PIPESTATUS=([0]="0")
PPID=4242
PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] '
PS2='> '
PS4='+ '
PWD=/
SECONDARY_STORAGE=/storage/sdcard1
SHELL=/system/bin/sh
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
SHLVL=1
TERM=linux
TERMINFO=/system/etc/terminfo
UID=0
USER=shell
_=PATH
localhost / # ls
acct init.target.rc
bin init.trace.rc
cache init.usb.rc
charger initlogo.rle
config lib
d lpm.rc
data media
default.prop mnt
dev opt
efs persist
etc proc
extSdCard res
firmware root
fstab.qcom run
home sbin
init sdcard
init.cm.rc srv
init.goldfish.rc storage
init.qcom.class_core.sh sys
init.qcom.class_main.sh system
init.qcom.early_boot.sh tmp
init.qcom.lpm_boot.sh tombstones
init.qcom.rc ueventd.goldfish.rc
init.qcom.sh ueventd.qcom.rc
init.qcom.syspart_fixup.sh ueventd.rc
init.qcom.usb.rc usbdisk0
init.qcom.usb.sh usr
init.rc var
init.recovery.qcom.rc vendor
localhost / # which apt-get
/usr/bin/apt-get
localhost / # which python
/usr/bin/python
localhost / # python
Python 2.7.3 (default, Jan 4 2013, 13:44:41)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> exit()
localhost / # which msfconsole
/usr/bin/msfconsole
localhost / # apt-get install reaver
Reading package lists... Done
Building dependency tree
Reading state information... Done
reaver is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
localhost / # apt-get install android
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package android
localhost / # apt-get install android-sdk
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
android-sdk
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 106 MB of archives.
After this operation, 131 MB of additional disk space will be used.
Get:1 http://http.kali.org/kali/ kali/main android-sdk all 22.0.1-1kali0 [106 MB]
Fetched 106 MB in 7min 3s (250 kB/s)
Selecting previously unselected package android-sdk.
(Reading database ... 145372 files and directories currently installed.)
Unpacking android-sdk (from .../android-sdk_22.0.1-1kali0_all.deb) ...
Setting up android-sdk (22.0.1-1kali0) ...
localhost / # exit
exit
shell@android:/ # exit
shell@android:/ $ exit
edge-case@edge-case:~$ adb pull /storage/sdcard0/Download/test.sh ~/Downloads
11 KB/s (946 bytes in 0.077s)
edge-case@edge-case:~$And another example of when the filesystem is mounted properly over adb...
Code:
edge-case@edge-case:~$ adb shell
$ su
# export PATH="/sbin:/usr/bin:/usr/local/bin:/usr/sbin:/bin:/usr/local/sbin:/usr/games:$PATH"
# which msfconsole
/usr/bin/msfconsole
# msfconsole
______________________________________________________________________________
| |
| METASPLOIT CYBER MISSILE COMMAND V4 |
|______________________________________________________________________________|
\ / /
\ . / / x
\ / /
\ / + /
\ + / /
* / /
/ . /
X / / X
/ ###
/ # % #
/ ###
. /
. / . * .
/
*
+ *
^
#### __ __ __ ####### __ __ __ ####
#### / \ / \ / \ ########### / \ / \ / \ ####
################################################################################
################################################################################
# WAVE 4 ######## SCORE 31337 ################################## HIGH FFFFFFFF #
################################################################################
http://metasploit.pro
Large pentest? List, sort, group, tag and search your hosts and services
in Metasploit Pro -- type 'go_pro' to launch it now.
=[ metasploit v4.7.0-2013071701 [core:4.7 api:1.0]
+ -- --=[ 1131 exploits - 638 auxiliary - 180 post
+ -- --=[ 309 payloads - 30 encoders - 8 nops
msf >