Back to the Future: Pwn Pad Review


Operating System

The hardware components of the Pwn Pad, while certainly an impressive collection, isn’t really the star of the show. Anyone could go out and buy those particular devices, but it’s the Pwn Pad’s software that turns a box of off-the-shelf hardware into a respectable security tool.

To begin with the Nexus 7 runs, obviously, Android. Being a Nexus device, it has the benefit of getting upstream updates essentially as soon as they happen; which is particularly important for a device geared towards the security industry, as it means it will pick up any upstream security fixes much faster than anything else on the market. In the past, we’ve seen devices from other manufacturers languish behind with even critical Android updates, and had Pwnie Express decided to go with one of those devices, they could have ended up putting themselves in a rather embarrassing situation down the line.

While there are a number of impressive security tools available for Android, they aren’t quite enough to warrant calling Android a proper pentesting platform. Beyond that, you need a lot more capability in the core OS to really be taken seriously as a legitimate pentesting tool. For example, if you were investigating a possible exploit against a particular daemon, it would be helpful to download and compile the latest release of that daemon so you can run tests against it and see what makes it tick. That kind of thing really isn’t possible on stock Android, at least not without jumping through a lot of hoops.

To address this, Pwnie Express has done something very clever. They’ve included an entire Ubuntu 12.04 installation along side of Android, and with it, brought all the software and capability that a full Linux distribution offers. You can download new packages, build from source, even develop new software, right on the Nexus 7.

Of course, this in itself is nothing new. There have been projects to bridge the gap between Linux distributions (Ubuntu especially) and Android, but nobody has ever released a commercial device based on the concept before.

How it Works

Experienced Linux users likely already know how this system works just from the description, but for those who might not delve as deeply into the world of *nix, Pwnie Express is making use of a core Unix component: chroot.

Linux and Android tools on Pwn Pad
Linux and Android tools on Pwn Pad

When you use chroot, you are telling the kernel about a new root filesystem, complete with its own programs and configuration. The kernel will then go into this new root fileystem and essentially “boot” it as if it was an installed system. All the while, the original system (in this case, Android) is still running merrily along as if nothing ever happened. Using chroot is technically a form of virtualization, but there is no emulation going on, so there is much less strain on the hardware.

When the Pwn Pad uses chroot to start up the Ubuntu environment, there is no functional impact to the Android side. Everything still works as expected, and performance is unchanged. But the user can now open up a terminal, or start a Linux program directly, and they will run just as if they were on a regular computer.

With some clever scripting, Pwnie Express has managed to wrap this functionality up so well that you could be excused for thinking Linux-only applications installed on the Pwn Pad are native to Android. All of the Linux tools have their own icons right on the home screen, and the starting of the chroot environment is done automatically when you select one. You just tap the icon for something like “SET” (The Social-Engineer Toolkit), and away it goes, just as if was an Android application.

Included Tools

The Pwn Pad includes mainly Linux applications out of the box; while there are a number of interesting native Android security applications out there, Pwnie Express has decided to leave the installation of those up to the end user.

Many of of the tools on the Pad are geared towards wireless scanning and attacks, such as Kismet, Airodump, wifite, Bluelog, and the ubertooth suite. There are also network agnostic tools such as SSLstrip, Ettercap, tcpdump, and Dsniff, as well as the comprehensive SET and Metasploit suites.


With a fully functional Linux distribution on board, the limits are really lifted on the Nexus 7, and you can do pretty much anything you want on the device. You could download new tools from the Internet just as easily as you could write up and compile a totally new one right from the Nexus 7.

If you’re a developer thinking of getting onboard with the Pwn Pad, it’s extremely easy to bring over existing Linux applications. In fact, there is a good chance you won’t have to do anything at all to get them running, though you might want to make some Pwn Pad specific changes to your user interface to make them a bit more palatable for the Nexus 7’s display and input capability.

I connected the Nexus 7 up to my computer via Android’s ADB (though SSH would work just as well) and got to work on its Ubuntu environment just as I would on any other headless machine. I was able to pull in the latest version of my code with Git, edit it, and compile a new build with absolutely no problems.

I was especially impressed with the performance of the Linux side of the Pwn Pad. The raw power of the Nexus 7 really does the Ubuntu environment justice, compiling software on the tablet was much faster than I was expecting. I wouldn’t want to compile a new kernel on it, but the tools I tried were all built within a reasonable amount of time.

Its yet to be seen how Pwnie Express intends to handle allowing developers to submit new applications and improvements for the Pwn Pad, but if I had to guess, I would think that they’ll put some part of the Pad’s Linux environment up on their GitHub account.

Hopefully the details on community involvement will be sorted out soon, as I’d very much like to see what kind of Pad Pad optimized tools people will come up with.

About Tom Nardi

Tom is a Network Engineer with focus on GNU/Linux and open source software. He is a frequent submitter to "2600", and maintains a personal site of his projects and areas of research at: .