Do all the steps with you risk!!!!.
1. Download rooting file and transfer it to the tab
- http://forum.xda-developers.com/attachment.php?attachmentid=593613&d=1305168395
2. Go into the recovery mode with hold
"Power Button and Low Volumn Button" for rebooting and when you see the 2
icon press "Low Volumn" and press "High Volumn" or "Power Button" for
go to recovery mode.
3. Choose "apply the update from sdcard" and choose "rooting file"
After this step, you're tab was rooted now.
4. Download requirement files
- P7500DXKH4_P7500OLBKH1_P7500XWKG1_HOME.tar.MD5 http://www.megaupload.com/?d=S6HSZL8H
- 001001-P7500_KI1_Restock.zip http://www.multiupload.com/5RMKLEFCTA
- 001003-Overcome_10.1_Series_v1.1.0_P7500_Full.zip http://www.multiupload.com/CRBRV18830
- 002001-Overcome_CWM_Recovery_v4.1.1.5.tar http://www.multiupload.com/REAMDK5J7U
- Overclock Kernel
http://droidbasement.com/galaxy/kernels/2636/20/p4-ux/boot-cm_2636.4_p4_ux-oc-xtra-vfpv3-d16_fp-091311.zip
*** you can change Overcome_10.1_Series_v1.1.0_P7500_Full.zip to another Custom ROM just like Starburt or something like that.
5. Extract 001001-P7500_KI1_Restock.zip
6. Go into the recovery mode with hold "Power Button and
Low Volumn Button" for rebooting and when you see the 2 icon press "High Volumn" or "Power Button" for go to download
mode.
7. Open Odin3_v1.85 and click PDA -> P7500OXAKI1_P7500XXKI1_P7500XXKI1_HOME.tar.MD5 -> start
The tab will restart after this step is done.
8. Copy file Overcome_10.1_Series_v1.1.0_P7500_Full.zip and boot-cm_2636.4_p4_ux-oc-xtra-vfpv3-d16_fp-091311.zip to the tab
9. Go to the download mode again.
10. In the Odin, click PDA -> Overcome_CWM_Recovery_v4.1.1.5.tar -> start
11. Go to the recovery mode
12. Go to install menu -> choose zip from internal storage with data
wipe -> Overcome_10.1_Series_v1.1.0_P7500_Full.zip -> install menu
-> choose zip from internal storage ->
boot-cm_2636.4_p4_ux-oc-xtra-vfpv3-d16_fp-091311.zip
13. Now you're root and get the new custom ROM. So install Android SDK and download Backtrack5 ARM version.
- Android SDK http://developer.android.com/sdk/index.html#top
- Backtrack 5 ARM http://www.backtrack-linux.org/downloads/
14. Copy Backtrack into your tab or use the adb for install busybox and upload Backtrack into the tab.
- Go to C:\Program Files\Android\android-sdk\platform-tools
- adb.exe shell
- mkdir /sdcard/BT5
- exit
- adb.exe push busybox /sdcard/
- adb.exe push installbusybox.sh /sdcard
- adb.exe push fsrw /sdcard/BT5/
- adb.exe push mountonly /sdcard/BT5/
- adb.exe push bootbt /sdcard/BT5/
- adb.exe push bt5.img.gz /sdcard/BT5/
- adb.exe push unionfs /sdcard/BT5/
***If you use SSHDroid to enable SSHD in your tab.[Default SSH User: root and Password: admin]
15. Go to the terminal of Tab with
ConnectBot and choose local to connect in your Tab. I don't know you can
use sshd to complete this step or not but you can try it for easy
typing.
16. Remove the Tab from PC.
17. Go to /sdcard/BT5 and unzip bt5.img.gz
- cd /sdcard/BT5
- gunzip bt5.img.gz
18. Start BT5
- sh bootbt
19. So now you're in the chroot of Backtrack5
net.ipv4.ip_forward = 1
root@localhost:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip
cisco enumeration forensics python sniffers tunneling web
19. Run the startvnc
- startvnc
*** You can change resolution of vnc with nano /usr/bin/startvnc
20. Now vnc is running, you can check what is the port number that was use by vnc with
- netstat -napt
21. Now you can connect vnc server with androidVNC or whatever that you can find in the Android Market.
*** Default password of vnc server is "toortoor"
22. Finally you can do anything that you can do in Backtrack5 on your Tab, have a nice hack :)
References
- http://www.droidsans.com/node/31129
- http://pauldotcom.com/2011/05/backtrack-5-install-on-samsung.html
0 comments:
Post a Comment