Saturday, 31 May 2014

Add Kali linux v1.0.7 + LUKS encrypted persistence to your E2B USB multiboot drive

Kali is the follow on from BackTrack for penetration testing. It provides a full linux development environment as well as pen-test tools. You can add Kali v 1.0.7 ISOs to your E2B USB drive and boot them with a LUKS encrypted persistence volume.

'A few days ago, we added an awesome new feature to Kali allowing users to set up a Live Kali USB with encrypted persistence. What this means is that you can now create a bootable Kali USB drive allowing you to either live boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, allowing you to securely save your changes on the USB drive between reboots. If you add our LUKS nuke feature into this mix together with a 32GB USB 3.0 thumb drive, you’ve got yourself a fast, versatile, and secure “Penetration Testing Travel Kit”.'

Default Desktop background changed (persistent) 'Unrecognised' is the LUKS persistent volume

Here is how to do add it to E2B:

1. Download the Kali v1.0.7 ISO (32-bit or 64-bit or both) and copy to the E2B \_ISO\LINUX\MNU folder (or any menu folder).
2. Use RMPrepUSB to create an ext2 persistent filesystem.
    Name = kali32-rw   (or kali64-rw if using the 64-bit Kali version)
    Volume Name = persistence
    Size = it's up to you! It should be large enough for your files.
3. Add the kali-linux-1.0.7_Persistent.mnu file to the same folder (if the link is broken, the file will also be in the E2B download in the \_ISO\docs\Sample mnu files folder)
4. Boot to Kali from the E2B linux menu (choose the Live USB persistence option, NOT the Encrypted Persistence menu entry or it will mount the persistence file) and start a shell, type the following commands (the persistent partition will be sdx3, where x must be substituted for the E2B drive letter):

These instructions are based on the site's instructions here.

fdisk -l  (-l = list, use lowercase L not the number one - you should determine which device is the E2B drive, the mount and blkid commands may also be useful - sdx4 on the E2B drive should have a label of "Kali Live" and type of "iso9660" - I will assume it is sdb for the commands below).

FAT32 E2B drive with 200MB persistence on sdb3 and ISO on sdb4

If Kali has mounted the ext2 file, there will be a 'persistence' icon on the Desktop - you can use type mount to see what volumes have been mounted. You may need to dismount the volume first:
umount /media/persistence
now we can run cryptsetup...
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb3  (you will be prompted for a passphrase) - the partition number will always be 3 (e.g. sdb3, sdc3, sdd3, etc. - make sure you select the E2B drive!)
cryptsetup luksOpen /dev/sdb3 my_usb
mkfs.ext3 -L persistence /dev/mapper/my_usb
e2label /dev/mapper/my_usb persistence
mkdir -p /mnt/my_usb
mount /dev/mapper/my_usb /mnt/my_usb
echo "/ union" > /mnt/my_usb/persistence.conf  (note the space after /)
umount /dev/mapper/my_usb
cryptsetup luksClose /dev/mapper/my_usb

Now Restart Kali and choose the Live USB Encrypted Persistence menu option.

This time, you should be prompted for the passphrase during booting....

You should now see the persistent volume on the Desktop (mine was labelled as 'Unrecognized' - see top screenshot). If you don't choose the Live USB Encrypted Persistence menu option, you won't get persistence.

As you may have guessed from the pictures, this worked under VBox too!

P.S. The persistence file(s) don't have to live in the root of the E2B drive, you can put them anywhere on the E2B drive as long as you also change the path in the .mnu file - e.g. copy it to the same folder as the .mnu file and use this line in the .mnu file
set PERS=$HOME$/kali64-rw