howto install backtrack 4 blackhat on a encrypted usb drive
get a laptop, (2) usb thumb drive(s) (& internet) (tip: you might already have a computer and internet, when you can read this text)
on the first usb (TMP) [the one where you do NOT want to have your final backtrack on] we do a
howto live install can be found here: live install
now prepare your other, at least 8GB USB stick [16GB recommend],to install the encrypted bt4-blackhat on, and open a konsole.
press Alt+F2, and write
konsole
then click run to execute
we clean our usb stick like shown here
meanwhile
mplayer http://santa.fnord.cx/mu51c/Hexstatic-Exactshit_-_Bootleg_2003/09-excorcist-soup.mp3
for partitioning your usb we will take fdisk
fdisk /dev/sdc
i am not going to explain how to use fdisk, cause i already did it in this howto: how to use fdisk
when u are finished, it should look somehow like this:
(values can be different from the ones i used …)
overview
Command (m for help): p Disk /dev/sdc: 16.3 GB, 16324231168 bytes 64 heads, 32 sectors/track, 15568 cylinders Units = cylinders of 2048 * 512 = 1048576 bytes Disk identifier: 0x000d9b11 Device Boot Start End Blocks Id System /dev/sdc1 * 1 2201 2253823+ b W95 FAT32 /dev/sdc2 2202 7784 5716992 83 Linux /dev/sdc4 7785 15568 7970816 b W95 FAT32
create filesystems
mkdosfs /dev/sdc1 -n h00dy mkfs.ext3 /dev/sdc2 -L casper-rw
and mount them …
mkdir /mnt/h00dy -v mkdir /mnt/bt_tmp -v mount /dev/sdc1 /mnt/h00dy -v mount /dev/sdc2 /mnt/bt_tmp -v
Depending on what distro you are using, you may have to load a kernel module. It doesn't hurt anything if it is already loaded.
install lvm2 and hashalot.
apt-get install hashalot lvm2
or
wget http://ftp.de.debian.org/debian/pool/main/h/hashalot/hashalot_0.3-5_i386.deb sudo dpkg -i hashalot_0.3-5_i386.deb
and load the modules you need for your encryption
modprobe aes-i586 modprobe sha512
or if you want other cyphers ….
modprobe twofish modprobe serpent modprobe xts
see if all is loaded, and list your encryption possibilities with
cat /proc/crypto | grep name
Now we can start encrypting things.The first thing we need to encrypt is the filesystem.squashfs file. To do this we will create a luks container that is slightly bigger than the filesystem.squashfs file. I will use 2 GB but you are free to choose any size, as long as it is larger than the filesystem.squashfs size of course, and create it in am temp. directory. i used /mnt/bt_tmp.
We will first make the container. The size is dictated by the count parameter in the dd command (in megabytes). Feel free to use /dev/random or /dev/zero instead of urandom.
Note that this will take a few minutes.
dcfldd if=/dev/urandom of=/mnt/bt_tmp/cryptosys bs=1M count=2200
then
losetup /dev/loop2 /mnt/bt_tmp/cryptosys -v
Choose a strong passPHRASE here. It's pointless to go through all this trouble to encrypt everything and then choose a weak password.
cryptsetup -y -i 2351 --cipher aes-cbc-plain:sha512 --key-size 256 -T 5 luksFormat /dev/loop2
Now that we have our container lets open it, put a filesystem in it, and put the filesystem.squashfs file in.
cryptsetup luksOpen /dev/loop2 blackhat mkfs.ext3 /dev/mapper/blackhat -L "blackhat" mkdir /mnt/blackhat -v mount /dev/mapper/blackhat /mnt/blackhat -v cp -v /media/cdrom0/casper/filesystem.squashfs /mnt/blackhat
umount /mnt/blackhat -v rm -rfv /mnt/blackhat cryptsetup luksClose /dev/mapper/blackhat losetup -d -v /dev/loop2
Now we have the filesystem.squashfs file encrypted inside the blackhat crypto container.
We now just need to rename it.
mv -fv /mnt/bt_tmp/cryptosys /mnt/bt_tmp/filesystem.squashfs mkdir -v /mnt/h00dy/casper cp -fvp /media/cdrom0/casper/filesystem.m* /mnt/h00dy/casper/ mv -fv /mnt/bt_tmp/filesystem.squashfs /mnt/h00dy/casper/
and unmount your 2nd usb partition …
umount -fv /mnt/bt_tmp
Alright. We now have the filesystem.squashfs file encrypted. Half way there.
Now we need to encrypt the changes partition.
Use again a very strong passphrase, and …
cryptsetup -y -i 5321 --cipher aes-cbc-plain:sha512 --key-size 256 -T 5 luksFormat /dev/sdc2
open it
cryptsetup luksOpen /dev/sdc2 changes
make a fs on it
mkfs.ext3 -L "casper-rw" /dev/mapper/changes
and
mkdir /mnt/changes
mount it
mount /dev/mapper/changes /mnt/changes
and create the changes folder
mkdir /mnt/changes/changes
That's it. We don't have anything to put inside yet so there's no need to mount it. However, if you backed up your changes before you started, this is when you want to put your changes back in. The commands would be something like…
Note that this is only for putting backed-up changes back into the changes directoy!
mount /dev/mapper/changes /mnt/changes cp -vfrp /path/to/backed-up/changes /mnt/changes umount /mnt/changes
We now have everything encrypted but this won't do us any good because our initrd doesn't know that what it is looking for is encrypted. Let's fix that. We will be using the initrd.gz that we downloaded and extracted from the BT iso earlier. First lets copy the initrd.gz file to its own directory and extract it.
mkdir ~/initrd -v cp /media/cdrom0/boot/initrd.gz ~/initrd/ -v cd ./initrd gunzip -v ./initrd.gz cpio -idv < ./initrd
While we're at it, delete the archives we just extracted so they don't get in the way when we compress everything again.
rm -v ./initrd
Now we can edit the startup script files.
cd ./scripts
Open “casper-helpers” for editing.
kate ./casper-helpers
Starting on line 122 and ending at line 166 is the “setup_loop” function.
We need to make that function look like below
NOTE: do not forget to change the UUID to the UUID of your hardrive!
setup_loop() {
local fspath=$1
local module=$2
local pattern=$3
local offset=$4
modprobe ${MP_QUIET} -b "$module"
/sbin/udevadm settle
if [ "$module" = loop ]; then
if [ ! -e /dev/loop0 ]; then
# temporary workaround for kernel bug
for i in 0 1 2 3 4 5 6 7; do
mknod "/dev/loop$i" b 7 "$i" || true
done
fi
dev="$(losetup -f)"
if [ "$dev" ]; then
if [ -n "$offset" ]; then
losetup -o "$offset" "$dev" "$fspath"
else
# Encryption squashfs Begin
mkdir /mnt
losetup "$dev" "$fspath"
echo "Password: " >&6
cryptsetup luksOpen "$dev" luksloop >&6
# workaround (part 2):
mount -t ext3 /dev/mapper/luksloop /mnt
dev="$(losetup -f)"
losetup "$dev" /mnt/filesystem.squashfs
# Encryption squashfs End
#encryption changes
echo "Password changes: " >&7
#load encrypted changes
#cryptsetup luksOpen /dev/sdb2 casper-rw >&7
#load encrypted changes via uuid
cryptsetup luksOpen /dev/disk/by-uuid/25017ed5-aab5-your-uuid-0a1b22c23510 casper-rw >&7
fi
echo "$dev"
return 0
else
panic "No loop devices available"
fi
else
for loopdev in $pattern; do
if [ "$(cat $loopdev/size)" -eq 0 ]; then
dev=$(sys2dev "${loopdev}")
if [ -n "$offset" ]; then
losetup -o "$offset" "$dev" "$fspath"
else
losetup "$dev" "$fspath"
fi
echo "$dev"
return 0
fi
done
panic "No loop devices available"
fi
}
My changes are marked between the comments “Encryption changes begin/end”. Either replace the whole function with what I have posted above or just add in my changes between the two comments mentioned.
if you don't know how to find the right uuid, try:
vol_id -u /dev/sdb2
you can change the echo line that says “Password” to something else, like an error so that anyone that tries to boot BT may think it doesn't work and move on. If not, keep the password or remove the line entirely. Whatever works
copy boot
cp -frvp /media/cdrom0/boot /mnt/h00dy
rename the initrd
mv -fv /mnt/h00dy/boot/initrd.gz /mnt/h00dy/boot/initrd.nocrypt.gz
zip your initrd back together, and copy it
cd .. find . | cpio -o -H newc --verbose | gzip -9 > /root/initrd.gz
copy boot
mv -fv /root/initrd.gz /mnt/h00dy/boot/
cp -fvp /media/cdrom0/{l,m,s,u}* /mnt/h00dy/
so far so good, we are nearly there …
copy the grub bootfiles in the right directory
cp -fvp /usr/lib/grub/i386-pc/* /mnt/h00dy/boot/grub/
create the device.map, that grub knows, where the usb stick is
echo '(hd0) /dev/sda' >> /mnt/h00dy/boot/grub/device.map echo '(hd1) /dev/sdb' >> /mnt/h00dy/boot/grub/device.map
install grub to usb
grub-install --recheck --force-lba --root-directory=/mnt/h00dy /dev/sdc
and always remember: every stick is bootable!
open the menu.lst file (in boot/grub)
kate /mnt/h00dy/boot/grub/menu.lst
and add the following as the first entry ..
title Start Persistent Encrypted Mode kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw changes=/dev/sdb2 vga=0x317 initrd /boot/initrd.gz
you can also locate your harddrives via their UUIDS:
blkid
should show you alle the UUIDS.
if you want only the UUID of a device of your choice (e.g. sdb2)
vol_id -u /dev/sdb2
just replace it in the grub menu.lst, and thats it.
kate /mnt/h00dy/boot/grub/menu.lst
old code
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw changes=/dev/sdb2 vga=0x317
new code
UUID_ENC 25017ed5-aab5-your-uuid-0a1b22c23510 kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw changes=UUID_ENC=25017ed5-aab5-your-uuid-0a1b22c23510 vga=0x317
remember, that again you have to use the UUID of your usb …
if you want to make your own bootsplash picture in grub, copy your picture to
cp -v /myfolder/mypic /media/cdrom0/boot/grub/mypic.bmp
and simply
convert -resize 640x480 -colors 14 /media/cdrom0/boot/grub/mypic.bmp /media/cdrom0/boot/grub/mypic.xpm
and add in the file /media/cdrom0/boot/grub/menu.lst the following line:
splashimage=/boot/grub/mypic.xpm
note:the file you want to convert can be any file, that “convert” understands, and does not need to be a .bmp .
if your picture looks really damaged in grub after applying convert, try opening it in kview, and to set the gamma value a little bit of. sometimes it helps to just save the picture again in kview.
some bug fixes, we couldn't really find solid solutions for elsewhere …
edit the /etc/init.d/casper
vim /etc/init.d/casper
and delete the following lines:
echo "Please remove the disc and close the tray (if any) then press ENTER: " > /dev/console
if [ -x /sbin/usplash_write ]; then
/sbin/usplash_write "TIMEOUT 86400"
/sbin/usplash_write "TEXT-URGENT Please remove the disc, close the tray (if any)"
/sbin/usplash_write "TEXT-URGENT and press ENTER to continue"
fi
read x < /dev/console
or replace them with this:
# echo "Please remove the disc and close the tray (if any) then press ENTER: " > /dev/console # if [ -x /sbin/usplash_write ]; then # /sbin/usplash_write "TIMEOUT 86400" # /sbin/usplash_write "TEXT-URGENT Please remove the disc, close the tray (if any)" # /sbin/usplash_write "TEXT-URGENT and press ENTER to continue" # fi # read x < /dev/console
so we get a new mac, everytime we boot.
edit
vim /etc/rc.local
and add the line
iwconfig 2> /dev/null | egrep '^[a-z0-9]+' | cut -d' ' -f1 | xargs macchanger -r
somewhere in:
/etc/ini.d/bla?
or some casper foo
let it look l33t
echo 'alias alsamixer='alsamixer -g'' >> .bashrc