Tuesday, June 11, 2013

Kali Linux 1.0.3 Persistent Encrypted USB Drive

Preface


Back in the Backtrack days, I really liked to create an encrypted, persistent, USB thumb drive of my favorite penetration testing distribution. It comes really handy during an engagement, where you can boot from a USB drive, but since you will still work in your client's environment you want to store your findings securely, on an encrypted drive.

With Backtrack, I was basically always following the most recent howto of Kevin Riggins [1].

Now that Kali is out and it has the encrypted drive installation option, I was like:



...because after you boot up your installed USB drive... nothing happens.... it just won't boot! :P

Fixing this is not difficult, but it's quite annoying, so I decided to write this howto for those who would like to find the whole solution in one place, until a fixed ISO is released by the Offensive Security guys.

Installation Steps


The installation steps are basically the same as described in the official documentation [2], so just follow these steps.

You can use a virtual machine (using VirtualBox for example), load the Kali ISO into the virtual CD/DVD, and adding a USB filter on your USB drive (you can find the details explained by Jeremy Druin in [3]). Personally, I used a Live CD, plugged in a USB drive and did the installation on a laptop.

Just a few important remarks:
  1. Erasing a 32 GB thumb drive takes a few hours, but even a 8 GB drive would require some time. Either get prepared for it (I chose to wait and erase it while I was asleep), or skip it.
  2. When you are asked to install GRUB to MBR or first hard disk, choose "No" (or "Cancel", I don't remember the name of the button, but just say decline it). After this, you will be asked to define where to install GRUB. Choose you USB drive. For me, it was /dev/sdb.

Once you are finally done with the installation, boot from the USB drive. I ended up with the following screen (sorry for the poor quality, I made it with my phone):


No worries, we will fix this quickly, based on what I found on the Kali forums [4].

In order to boot Kali from the USB drive, first we have to mount the crypted drive (mine is still sdb5):

(intramfs) cryptsetup luksOpen /dev/sdb5 sdb5_crypt

Here, you have to enter the passphrase you gave during the installation. Then,

(intramfs) lvm vgchange -ay
(intramfs) exit

Once you hit Enter on the exit command, Kali should boot up. :)

However, we are not done yet, since if you reboot, you would have to enter the above again. To make these changes persistent, we need to edit the /etc/crypttab file.

First, you need to get the UUID of your encrypted partition. Run the following command (again, my crypted drive is /dev/sdb5, your's can be different!):

root@kaliusb:~# blkid /dev/sdb5
/dev/sda5: UUID="2cfee723-b12a-49e1-8c1d-a481112c12d0" TYPE="swap"

The above UUID is obviously bogus, it only shows the format. Copy your UUID that you got as output, and open up the /etc/crypttab file. Add one line, so it will look something like this:

# <target name=""> <source device=""> </source> <key file=""> <options>
sdb5_crypt UUID=2cfee723-b12a-49e1-8c1d-a481112c12d0 none luks

OK, we are almost there... save the file and run:

root@kaliusb:~# update-initramfs -u

If you have done everything right, you shouldn't get any error messages and once you reboot, the encrypted drive will be automatically mounted and Kali will boot up from you USB thumb drive.

Happy hacking! :)


References


[1] http://www.infosecramblings.com/backtrack/

[2] http://docs.kali.org/installation/kali-linux-encrypted-disk-install

[3] http://www.irongeek.com/i.php?page=videos/kali-linux-live-boot-usb-flash-drive-jeremy-druin-webpwnized

[4] http://forums.kali.org/showthread.php?5753-Encrypted-LVM-install-fails-to-boot

2 comments :

  1. Worked a treat. Most excellent. Thank you for the information.

    ReplyDelete