Kali Linux Live USB Persistence23 Jul 2015 • Leave Comments
This post introduces making a bootable Kali USB stick while making changes persistent.
Don't forget to verify SHA1Sum befere proceding.
- Create a bootable Kali Live USB drive. My current working system is Gentoo. Refer to Making a Kali Bootable USB Drive.
- Make sure USB flash at least 8GB. Plug USB into PC.
# parted -l
Find the correct USB device name. In my system it is
ddcommand is magical, you would lost all the data if you provided the wrong device name to
- The blocksize parameter can be increased, and while it may speed up the operation of the
ddcommand, it can occasionally produce unbootable USB drives, depending on your system and a lot of different factors. The recommended value,
bs=512k, is conservative and reliable.
# dd if=/path/to/kali-linux-1.1.0a-amd64.iso of=/dev/sdb bs=512k
You don't need to format Live USB.
ddwill handle it.
- Image the USB drive can take a good amount of time, over ten minutes or more is not unusual, as the sample output below shows. Be patient!
partedcommand to see what happens to your USB flash
# parted -a optimal /dev/sdb
This is my system output:
zhtux ~ # parted -a optimal /dev/sdb
GNU Parted 3.2 Using /dev/sdb Welcome to GNU Parted! Type 'help' to view a list of commands. (parted) unit MiB
(parted) print free
Model: SanDisk Cruzer Edge (scsi) Disk /dev/sdb: 15267MiB Sector size (logical/physical): 512B/512B Partition Table: msdos Disk Flags:
Number Start End Size Type File system Flags 0.02MiB 0.03MiB 0.02MiB Free Space 1 0.03MiB 2858MiB 2858MiB primary boot, hidden 2 2858MiB 2921MiB 63.0MiB primary fat16 2921MiB 15267MiB 12346MiB Free Space
- Several points from the output.
MiBshows you the exact value (at Bytes) at the exact disk position, while
MBmight round up and the actual position might be 500KB ahead or 500KB after the
MBvalue. Similarly, we have
partedmanual and arch wiki rounding.
You can find dd creates two primary partitions 1 (2858MiB, with boot flag) and 2 (63.0 MiB). Why
ddcreates two partitions? This is due to kali-linux-1.1.0a-amd64.iso itself a copy of two partitions.
# fdisk -l /path/to/kali-linux-1.1.0a-amd64.iso or # parted /path/to/kali-linux-1.1.0a-amd64.iso print
This is the ouput of from parted:
zhtux mnt # parted /media/WLShare/kali-linux-1.1.0a-amd64/kali-linux-1.1.0a-amd64.iso print Model: (file) Disk /media/WLShare/kali-linux-1.1.0a-amd64/kali-linux-1.1.0a-amd64.iso: 3063MB Sector size (logical/physical): 512B/512B Partition Table: msdos Disk Flags:
Number Start End Size Type File system Flags 1 32.8kB 2997MB 2997MB primary boot, hidden 2 2997MB 3063MB 66.1MB primary fat16
ddis a stupid command only copy bytes by bytes fromm
of. We can find there are a lot of free space untouched after partition 2. We can make use of the reamaining free space. My Gentoo Live USB has only one partion consuming the whole flash storage.
- Adding USB Persistence with
LUKSEncryption, refer to Kali persistence USB.
- persistence means changes to Kali system on Live USB remains accross reboots. Basically just create an extra primary partition on Live USB to store persistent files.
Create and format an additional partition on the USB drive. Continue from step 2.6, use
partedtool to create an
ext3primary partition from the remaining free space.
(parted) mkpart primary 2921MiB 100% Warning: You requested a partition from 2921MiB to 15267MiB (sectors 5982208..31266815). The closest location we can manage is 2921MiB to 15267MiB (sectors 5983104..31266815). Is this still acceptable to you? Yes/No? Yes Warning: The resulting partition is not properly aligned for best performance. Ignore/Cancel?
The Kali Doc recommends Ignore. Here I want to try the disk alignment for better performance. Refer to arch wiki warnings. This alignment means the start position is not aligned. The end position 100% or -1s will align itself automatically.
Enter Ignore to go ahead anyway, print the partition table in sectors to see where it starts, and remove/recreate the partition with the start sector rounded up to increasing powers of 2 until the warning stops.
I have tried 2^8, 2^9, 2^10, 2^11. Finally, 2^11 works.
5983104s % 2048 = 896s; 2048s - 896s = 1152s; 5983104s + 1152s =
Warning: The resulting partition is not properly aligned for best performance. Ignore/Cancel? Ignore (parted) unit s (parted) print free Model: SanDisk Cruzer Edge (scsi) Disk /dev/sdb: 31266816s Sector size (logical/physical): 512B/512B Partition Table: msdos Disk Flags: Number Start End Size Type File system Flags 32s 63s 32s Free Space 1 64s 5854015s 5853952s primary boot, hidden 2 5854016s 5983103s 129088s primary fat16 3 5983104s 31266815s 25283712s primary lba (parted) rm 3 (parted) mkpart primary 5983232s 100% Warning: The resulting partition is not properly aligned for best performance. Ignore/Cancel? Cancel (parted) mkpart primary 5984256s 100% (parted) print free Model: SanDisk Cruzer Edge (scsi) Disk /dev/sdb: 31266816s Sector size (logical/physical): 512B/512B Partition Table: msdos Disk Flags: Number Start End Size Type File system Flags 32s 63s 32s Free Space 1 64s 5854015s 5853952s primary boot, hidden 2 5854016s 5983103s 129088s primary fat16 5983104s 5984255s 1152s Free Space 3 5984256s 31266815s 25282560s primary lba (parted) q Information: You may need to update /etc/fstab.
From the final output, we can see there is a big free space (1152 * 512B = 576 MB) between partition 2 and 3. Of course, you can just leave 3rd partition unaligned considering the limited flash storage.
LUKSencryption on the newly-created partition. You’ll be warned that this will overwrite any data on the partion. When prompted whether you want to proceed, type YES (all upper case). Enter your selected passphrase (use kali currently) twice when asked to do so.
# cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb3 # cryptsetup luksOpen /dev/sdb3 my_usb
Format the persistence partition 3 as
ext4(the official reference use
# mkfs.ext4 -L persistence /dev/mapper/my_usb # e2label /dev/mapper/my_usb persistence, this step might be optional.
This might take several minutes. Don't touch the keyboard!
Create a mount point, mount our new encrypted partition there, set up the persistence.conf file, and unmount the partition.
# mkdir -p /mnt/usb # mount /dev/mapper/my_usb /mnt/usb # echo "/ union" > /mnt/usb/persistence.conf # umount /dev/mapper/my_usb
Close the encrypted channel to our persistence partition.
# cryptsetup luksClose /dev/mapper/my_usb