Created on Sun. 19 Nov 2023
During covid I discovered some cool projects since I wanted to change phones the pine phone and also it's dedicated operating systems specifically ubuntu touch. Trying it out two years ago was a lot of fun and I always wanted to revisit the project once I had more time.
Last week-end I was with a friend of mine on holiday and discussing about red team and breaking into buildings a lot of time we where stuck because with just our phones we always wanted to just do quick scans and other things. I also wanted to maybe run commands like psexec or use the automated bash scripts that I use during my pentest. All of this would just be easier for me with just a linux phone ^^.
I switched phones earlier this year so that phone that I tested ubuntu touch was left unused at the back of a draw in my flat and since xmass is coming soon and I was going to get a pinephone to start looking on how to port p3ng0s on a phone I thought I could start testing out the concept of a pentesting phone before getting a pine phone using my old oneplus.
Already in the past I had messed around with modifying my android with custom roms. Which is why for the install of ubuntu touch it actually was quite easy. In the past I remember I had to compile it and load it in the phone manually using adb. Now with the new ubports installer I just had to plug it in and run the installer:
If you wish to follow along you can use this website to see if your device is supported and how to install.
Now the UI of ubuntu touch is a bit like unity the old ubuntu desktop. I used to love that desktop and hated when canonycal dropped it's official support since it was my favourite user interface at the time.
You can use the phone in either vertical or horizontal mode. I also discovered that there was a floating window mode so that when you plugged a HDMI cable in you would be able to use the phone as a mini laptop. I did not get that working I was only able to do the keyboard sadly.
After right around 30min I had ubuntu touch installed on my phone which was absolutely insane to me since last time it took me a whole evening! So going through the OS I found already some really cool apps that I'd like to showcase. One of them is ISODrive which I thought was amazing!
An other great one is the NFC editor! Which allows you to read and write on NFC tags. I was not able to get the write one working but read was working great!
After messing about in the app store i then obviously wanted to use apt the package manager and install a bunch of stuff like python-impacket and nmap to see if I could get my phone to upload through psexec a Havoc implant on a windows host! I was then confronted by a road block basically packages are all installed through this container system called libertine. Because of such I was not able to edit directly the rootfs since it is set as read only. It is possible to change that through the following command but is definitely not recommended:
# mount -o remount,rw /
After some fiddling with libertine I was then able to get the following working somewhat:
I think this was mentioned before in this post but basically there is a sort of desktop mode support where you can use ubuntu touch like a sort of mini laptop which is hilarious in practice:
Now that is pretty much what I did for the past two days as an experiment but I can see myself mess around with this so much more and this was just my first impression of playing with this for 24hours ish. Will probably do one if I can make it to run Havoc client for a laught, I might also make my own app for it this OS is missing a rubber ducky parser so that it could run ducky scripts. I also thought of having widget / shortcuts to run scripts that do recon and whatnot.
I hope you enjoyed this blog post please give me a quick follow on github I am close too 100 followers and check out my arch linux distro p3ng0s for all your pentesting needs!