Never Ending Security

It starts all here

Kali USB – Multiple Persistent Stores

Multiple Persistent Usb Stores

Kali USB – Multiple Persistent Stores

One of the markings of the 1.0.7 Kali release was the introduction of Kali Live USB LUKS encrypted persistent storage, on which we further elaborated in one of our previous blog posts. However, we’re not done yet with USB persistent storage as more features in Kali remain to be explored. The feature we will discuss today boasts the ability to have multiple persistent USB storages which you can choose from at boot time. These multiple persistent storages can be either encrypted, or unencrypted, and can be chosen at boot time using the persistence-label boot parameter.

Multiple Persistent USB Profiles

This persistence feature is extremely useful to us, as we can create profile based persistence storages. For example, we could choose to have a regular persistence partition where all our casual work with Kali is done, as well as a separate persistent partition where we do our malware research. Finally, we also have a third encrypted persistence store, where our confidential documents are kept.

kali-multi-usb-persistence

Down to business

Let’s see what it takes to set up a Kali USB switchblade such as this. We’ll start by imaging the Kali ISO onto your USB stick (ours was /dev/sdb). Once done, you can inspect the USB partition structure using parted /dev/sdb print.

dd if=kali-linux-1.0.9a-amd64.iso of=/dev/sdb bs=1M

As we do for normal persistence, we’ll create and format an additional partition on the USB stick. In our example, we create a persistent partition of about 7 GB in size:

root@kali:~# parted
GNU Parted 2.3
Using /dev/sda
Welcome to GNU Parted! Type ‘help’ to view a list of commands.

(parted) print devices
/dev/sda (480GB)
/dev/sdb (31.6GB)

(parted) select /dev/sdb
Using /dev/sdb

(parted) print
Model: SanDisk SanDisk Ultra (scsi)
Disk /dev/sdb: 31.6GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start   End     Size    Type     File system  Flags
1      32.8kB  2988MB  2988MB  primary               boot, hidden
2      2988MB  3053MB  64.9MB  primary  fat16

(parted) mkpart primary 3053 10000
(parted) quit
Information: You may need to update /etc/fstab.

We’ll encrypt the partition we created using LUKS, then mount, format and label it:

cryptsetup –verbose –verify-passphrase luksFormat /dev/sdb3
cryptsetup luksOpen /dev/sdb3 my_usb
mkfs.ext3 /dev/mapper/my_usb
e2label /dev/mapper/my_usb persistence

We then create our persistence.conf on that partition so changes persist across reboots:

mkdir -p /mnt/my_usb
mount /dev/mapper/my_usb /mnt/my_usb
echo “/ union” > /mnt/my_usb/persistence.conf
umount /dev/mapper/my_usb
cryptsetup luksClose /dev/mapper/my_usb

Up to now, we’ve completed the procedure of setting up a regular, encrypted persistence store. Now we can proceed to create a second persistence store – we’ll call it “work” and assign it 5 GB of space.

root@kali:~# parted /dev/sdb
GNU Parted 2.3
Using /dev/sdb
Welcome to GNU Parted! Type ‘help’ to view a list of commands.
(parted) print
Model: SanDisk SanDisk Ultra (scsi)
Disk /dev/sdb: 31.6GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start   End     Size    Type     File system  Flags
1      32.8kB  2988MB  2988MB  primary               boot, hidden
2      2988MB  3053MB  64.9MB  primary  fat16
3      3053MB  10.0GB  6947MB  primary

(parted) mkpart primary 10000 15000
(parted) quit
Information: You may need to update /etc/fstab.

Next, we format the fourth partition and label it “work”.

mkfs.ext3 /dev/sdb4
e2label /dev/sdb4 work
mkdir -p /mnt/usb
mount /dev/sdb4 /mnt/usb
echo “/ union” > /mnt/usb/persistence.conf
umount /mnt/usb

That’s it! Boot the computer, and set it to boot from USB. When the boot menu appears, edit the persistence-label parameter to point to your preferred persistence store as shown below:

persistence-work

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s