Tag: sudo

Weaponizing the Nokia N900 – Part 3.8 – Backtrack 5 on N900

by on May.28, 2011, under Posts

First and foremost I am not taking credit for the act of this. There are other posts on getting Bactrack 5 (ARM) onto the N900. My post mostly pertains to my experience with Backtrack 5 on the N900 and how viable of a offensive information security tool it is.

If you’re curious as to how to get Backtrack 5 running on your N900, you want to thank SuperDumb from the Maemo forums, and take a look at this forum thread. Observe that the default Backtrack 5 (arm) image will not copy over to your vfat microSD external or internal cards. vfat has a file size limit

There are some guides that advocate using ext2/3 on flash devices, but I do not condone you doing this, please see:


To circumvent this issue you can download an image that will work on vfat here, or if you would prefer to re-size the image yourself, follow these steps that SuperDumb graciously gave me via a PM:

Must be done under linux :
Just an example, change the dirs how you want them :

First you need to get the bt5.img out of the downloaded file from backtrack :

gunzip bt5.img.gz

These are the steps to get a img that is small enough :

mv bt5.img bt5.old.img

dd if=/dev/zero of=bt5.img bs=4k count=900000
mke2fs -F -i 8192 bt5.img

mkdir bt5old bt5new
mount -o loop bt5.old.img bt5old
mount -o loop bt5.img bt5new
cd bt5old
cp -rp * ../bt5new

After that just umount bt5old & bt5new and you should have a working img.

Once you have a working img, you will need to have qchroot on your N900 along with gainroot. Then to get Backtrack 5 running on your N900 via the non-GUI way, you simply do as follows:

1.) sudo gainroot

2.) mkdir /mnt/bt5

3.)qchroot /location/to/bt5.img /mnt/bt5

One important note I would like to add with regards to the location of the bt5.img file, is that if you’re like me and you have a bootable linux distro on mmc1, you will not want to have the bt5.img on mmc1. Once your computer mounts the mmc1 card, your mmc1 card will not be accessible via your phone.

You can get VNC up and running, however the N900 keyboard and the Backtrack 5 GUI (at least using gnome) do not get along that well. Additionally, it is resource intensive and if you ask me, to truly utilize Backtrack or almost any Linux distribution, you want to use the command line interface. This is where the power lies. There are a few exceptions to this rule but exceptions don’t necessarily make the rule.

In my humble opinion having Backtrack 5 running on your N900 is not really worth it. My reasoning is due to my experience with it. Here are a couple instances of annoyances that I ran into:

– It is unstable. There were a few times that I would make an attempt to edit sources.list, via:  ‘vi /etc/apt/sources.list’ and my phone would randomly reboot.

– The GUI does not work well at all.

– There are packages that are easily available under the N900, that aren’t easily available under Backtrack 5 (ARM). (kismet for example.)

– Some packages are just broken. For example, miredo does not work at all. (More on miredo later…)

– Nmap’s version under BT5 arm is 5.00 and you can get Nmap for maemo on the N900 at version 5.50.

– easydebian seems like a better alternative and is more stable.

I’m going to go on a bit of a tangent here that I hope is informal and useful.

With miredo not working under BT5 on the N900, that was kind of a big annoyance to myself because miredo for the Maemo even appears to be broken as well.  To get miredo working on your N900 you will want to install and use easydebian.

What is beautiful with miredo, is that you can get an IPv6 address assigned to your N900. You could then use your N900 as a hardware based trojan in a network. The whole concept is very similar to what Mubix did here. You could setup your N900 on a victim network and have ssh listing on your public IPv6 address and then log in to your N900 from an outside network over IPv6. You wouldn’t even have to do any port forwarding on the victim’s firewall/gateway/router.

I will tell you that miredo does not work on all networks and does not appear to work over the gprs0 interface on the N900 (at least with my carrier). Though it works just fine on the wlan0 interface.

Readjusting back from that tangent, summarily I would like to state that the fact that you can get Backtrack 5 working on your N900 is wonderful. Consequently, due to my experience with running BT5 on the N900, I would just advise to use easydebian over BT5 and then customize easydebian to the point that it is essentially a ‘Backtrack’ version. It will be a more stable route to go and you can learn about the tools as you install them, versus having a plethora of tools at your disposal that you may not get around to learning.

14 Comments :, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , more...

Smart Phone Privacy and Steps Towards Anonymizing the Nokia N900

by on May.07, 2011, under Posts

Within current times a lot of people are now using and relying on smart phones. Part of what makes these devices so ‘smart’, is their ability to gather information on the user and use this information to better serve the user. Per contra, the problem with this is that a lot of private information is being gathered which can include longitude and latitude coordinates.

Even when you take pictures with some smart phones, longitude and latitude information can be tagged on as metadata. (See: http://icanstalku.com/ )

What is ironic, is that from my personal experience and information gathering locally, a lot of people seem to not care about this or privacy. I think this is where the government needs to step in and do something. (Which the US government appears to be making steps towards this: http://www.nationaljournal.com/tech/online-privacy-concerns-fuel-drive-for-do-not-track-legislation-20110506 )

My concern with this, is that if people will really care to opt out of tracking and if they do opt out of tracking, then are the services that they use going to be a lot less useful?

Pertaining to the iPhone, I think this video gives you really good technical insight into the tracking issue: http://www.securitytube.net/video/1774

Now onto my beloved Nokia N900. I have taken steps towards anonymizing the N900 and I will show you what I did.

1.) Go to settings and then look for ‘Location’

2.) Disable GPS and disable network positioning.

3.) Under internet connections set ‘Connect automatically’ to ‘Always ask’.

4.) If you’re planning on using the N900 as a tablet and do not want to be tracked via triangulation, to mitigate this you can do as follows:

a.) Pull up the terminal and make sure you are root. (sudo gainroot)

b.) You also want to make sure you have enabled the extra repositories

c.) Install this following application via: apt-get install cell-modem-ui -y

d.) Now to enable the tablet mode and mitigate the possibility of being tracked via triangulation, click the power button on the top of the N900 and a new button should be there that says, ‘Tablet’

e.) Simply tap on this, and your N900 is now just acting as an internet tablet.

5.) tor is available for the N900, you can install this simply via: apt-get install tor -y

6.) You can use proxychains but only under a chroot environment. To use it do as follows:

a.) ssh -D 9050 user@somehost

b.)debbie bash (This is to get into the chroot environment without having to start a GUI session. 🙂 )

c.) proxychains ssh user@someotherhost

7.) You can spoof the MAC address of the wlan0 interface via: (as root) ifconfig wlan0 hw ether 00:12:34:56:78:90

8.) To change MicroB’s user agent string have a look at: http://gerrymoth.co.uk/?p=108

9.) When you first open the lens cover to the camera, you can opt out of adding metadata to your pictures.

10.) Truecrypt is available, however full disk encryption is not available for the N900 or any phone I can think of. I have heard that DARPA is working on a project related to this for iPhones and Androids. ( http://www.infosecurity-us.com/view/17340/darpa-working-on-full-disk-encryption-for-iphone-and-android/ )

This concerns me a bit because I’m a resident of Michigan… ( http://www.thenewspaper.com/news/34/3458.asp )

I hope this information is helpful to you and if you have anymore ideas on anonymizing the Nokia N900 please feel free to send me an e-mail or leave a comment.

1 Comment :, , , , , , , , , , , , , , , , , , , , , , , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!