howto install backtrack 4 final on a encrypted usb drive
get a laptop, a usb thumb drive (& internet) (tip: you might already have a computer and internet, when you can read this text)
download the backtrack 4 final iso, or wget it
cd /tmp && wget http://www.backtrack-linux.org/download.php?fname=bt4f
(if does not work try a torrent)
cd /tmp && wget http://www.backtrack-linux.org/bt4-final.iso.torrent
copy the image to a usb using unetbootin,
1. Plug in your USB Drive (Minimum USB Drive capacity 2 GB) 2. Format the USB drive to FAT32 3. Download Unetbootin from http://unetbootin.sourceforge.net/ 4. Start Unetbootin and select diskimage (use the backtrack-final ISO) 5. Select your USB drive and click “OK” for creating a bootable BackTrack USB drive 6. Log into BackTrack with the default username and password root / toor.
and prepare at least another 8GB USB stick [16GB recommend],to install the bt4-final on it.
we insert our USB we want to install bt4 on,
and open a terminal to look up the name of our drive
cat /proc/partitions
should output s.th. like (depends on your stick)
8 48 15663104 sdc
to cleanup the stick, and overwrite the data with a random pattern you can make
dd if=/dev/urandom of=/dev/sdc
if you want to check for bad blocks while writing you can use badblocks. the badblocks command will check your disk for bad blocks while writing random data. the pseudorandom algorithm used by this command is faster (although “less random”) than /dev/urandom, so it can be useful for large disks.
badblocks -s -w -t random -v /dev/sdc
or you can use wipe to be really sure
wipe /dev/sdc
now our usb drive should be clean …
for partitioning your usb we will take fdisk
fdisk /dev/sdc
to take a look at our usb we do “p”, which prints out our partitiontable.
normally it should be empty, when you followed the cleaning instructions right. if not, delete all partitions until the table is empty, using “d”.
to create a new partition we do “n”,we take primary “p”, choose the partition number “1”, and size it to 100mb
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-15296, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-15296, default 15296): +100M
make partition 1 bootable
Command (m for help): a Partition number (1-4): 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
e
Partition number (1-4): 2
First cylinder (102-15296, default 102):
Using default value 102
Last cylinder, +cylinders or +size{K,M,G} (102-15296, default 15296): +14G
Command (m for help): n
Command action
l logical (5 or over)
p primary partition (1-4)
l
First cylinder (102-14438, default 102):
Using default value 102
Last cylinder, +cylinders or +size{K,M,G} (102-14438, default 14438):
Using default value 14438
Command (m for help): n
Command action
l logical (5 or over)
p primary partition (1-4)
p
Partition number (1-4): 3
First cylinder (14439-15296, default 14439):
Using default value 14439
Last cylinder, +cylinders or +size{K,M,G} (14439-15296, default 15296):
Using default value 15296
Command (m for help): t Partition number (1-5): 3 Hex code (type L to list codes): b Changed system type of partition 3 to b (W95 FAT32)
Command (m for help): p Disk /dev/sdc: 16.0 GB, 16039018496 bytes 64 heads, 32 sectors/track, 15296 cylinders Units = cylinders of 2048 * 512 = 1048576 bytes Disk identifier: 0x18833657 Device Boot Start End Blocks Id System /dev/sdd1 * 1 101 103408 83 Linux /dev/sdd2 102 14438 14681088 5 Extended /dev/sdd3 14439 15296 878592 b W95 FAT32 /dev/sdd5 102 14438 14681072 83 Linux
looks good, now lets write it on our stick
Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. WARNING: If you have created or modified any DOS 6.x partitions, please see the fdisk manual page for additional information. Syncing disks.
It is now time to get a couple additional packages installed that we need for LVM and encryption. First we should update the local repositories [only if your system survives it ;)]
apt-get update
install lvm2 and hashalot.
apt-get install hashalot lvm2
and load the modules you need for your encryption
modprobe twofish modprobe sha512 modprobe xts
or if you want aes
modprobe aes-i586 modprobe serpent
list your encryption possibilities with
cat /proc/crypto | grep name
Our next step is to enable encryption on the logical partition we created above and make it available for use.
Before we do that though, there is an optional step we can take if we want to make sure no one can tell where our data is on the drive. It isn't really necessary since anything written will be encrypted, but if we want to be thorough and make sure no one can see where our data even sits on the drive, we can fill the logical partition with random data before enabling encryption on it. This will take some time, as much as a couple hours or more. Execute the following command:
dd if=/dev/urandom of=/dev/sdc3 dd if=/dev/urandom of=/dev/sdc5
The following commands will setup encryption services for the partition and open it for use. There are several ciphers that can be used, but the one indicated in the command is supposed to be the most secure and “quickest” for Ubuntu 8.10. Please note that cryptsetup is caseintensiv.
cryptsetup -y -i 5321 --cipher twofish-xts-plain:sha512 --key-size 512 luksFormat /dev/sdc3 cryptsetup -y -i 2351 --cipher twofish-xts-plain:sha512 --key-size 512 luksFormat /dev/sdc5
open the encrypted partiion
cryptsetup luksOpen /dev/sdc5 abby
Now that that's all done, we can create our root and swap partitions using LVM. Again, the commands below will do so.
[on a 8GB stick 7.3 GB was the largest I could make my root partition. Play around with it a little and you may be able to make it a bit larger or you may have to make it a bit smaller.]
create a physical volume named “abby”
pvcreate /dev/mapper/abby
create a volumegroup
vgcreate vg /dev/mapper/abby -v
create logical swap volume
lvcreate -v -n swap -L 512M vg
/dev/cdrom3: open failed: Read-only file system. # this is normal
create root volume
lvcreate -v -n dharma -L 10235M vg
and create one from the remaining space
lvcreate -v -n larry -l 100%FREE vg
mkswap /dev/mapper/vg-swap -v
mkfs.ext3 /dev/mapper/vg-dharma -L dharma
so we have at least one fat32 partition ;)
mkdosfs /dev/mapper/vg-larry -n larry
Believe it or not, we are finally ready to start installing Backtrack.
click on the install.sh icon on the desktop. This will start the graphical installer. or do
cd /root/ && /root/install.sh
select your language and keyboard layout
we do the fat32 partition “larry” ourself afterwards
& finally click install
after finishing click “using the live the CD” - we have more work to do
We have now installed the main distribution to our thumb drive. The next step is to configure the newly installed system to use LVM and open the encrypted partition.
However, before we do that we need to figure out the UUID of our encrypted volume. We want to do this so that we don't run into problems if the device name of the drive changes from machine to machine. The command vol_id will give us the information we need. So execute vol_id as below.
vol_id /dev/sdb5 | grep ID_FS_UUID=
Make a note of the ID_FS_UUID value which is in italics above. We will need it later.
[Note: your output will be different than mine.]
Now time to configure our newly installed system. The first thing we have to do is make the newly installed system active so we can make changes to it. We do that by mounting the partitions and chrooting to it.
mkdir /mnt/backtrack4 -v mount /dev/mapper/vg-dharma /mnt/backtrack4 -v mount /dev/sdc1 /mnt/backtrack4/boot -v chroot /mnt/backtrack4 mount -t proc proc /proc -v mount -t sysfs sys /sys -v
To make everything truly operational, we can mount /dev/pts, but every time I try I have problems unless I reboot first. That is a real pain, so I just don't mount /dev/pts. We will get a couple warnings/errors as we go along, but they do not affect our install.
The magic to making all this work is to rebuild the initrd image that is used to boot our system. We need to include some things, load some modules, and tell it to open the encrypted volume, but first we have to go through the whole process of installing software again. We have to do this because we are essentially right back where we started when we booted the live cd. Do the following again.
apt-get update apt-get install hashalot lvm2
The next step is to configure how initramfs-tools will create our initrd file. We do this by added two scripts and editing the modules file. I have added the text of the scripts here, but also provided a command that will grab them from a website.
The first script we need to create is /etc/initramfs-tools/hooks/pvcrypt. This script will copy the needed files for the initrd image. Executing the following will get the script where it needs to be.
cd /etc/initramfs-tools/hooks wget -O pvcrypt http://www.infosecramblings.com/hooks-pvcrypt
The contents of the script should look like this.
PREREQ=""
prereqs()
{
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
if [ ! -x /sbin/cryptsetup ]; then
exit 0
fi
. /usr/share/initramfs-tools/hook-functions
mkdir -p ${DESTDIR}/etc/console-setup
cp /etc/console-setup/boottime.kmap.gz ${DESTDIR}/etc/console
copy_exec /bin/loadkeys /bin
copy_exec /bin/chvt /bin
copy_exec /sbin/cryptsetup /sbin
copy_exec /sbin/vol_id /sbin
The next script we need to create is /etc/initramfs-tools/scripts/local-top/pvcrypt. This script tells the system to open the encrypted volume and requests the passphrase. Executing the following will get the script where it needs to be.
cd /etc/initramfs-tools/scripts/local-top wget -O pvcrypt http://www.infosecramblings.com/local-top-pvcrypt
Unlike the first script, you will need to edit this script to point to your encrypted volume. This is where the UUID we found earlier comes in. Replace the word UUID with the value you noted above.
PREREQ="udev"
prereqs()
{
echo "$PREREQ"
}
case $1 in
# get pre-requisites
prereqs)
prereqs
exit 0
;;
esac
/bin/loadkeys -q /etc/console-setup/boottime.kmap.gz
modprobe -Qb dm_crypt
modprobe -Qb sha256
modprobe -Qb aes_i586
modprobe -Qb xts
# The following command will ensure that the kernel is aware of
# the partition before we attempt to open it with cryptsetup.
/sbin/udevadm settle
sleep 10
if grep -q splash /proc/cmdline; then
/bin/chvt 1
fi
/sbin/cryptsetup luksOpen /dev/disk/by-uuid/UUID pvcrypt
vim /etc/initramfs-tools/scripts/local-top/pvcrypt
use “i” to insert and add
modprobe -Qb twofish modprobe -Qb serpent modprobe -Qb sha512
replace
"UUID" with your UUID
hit ESC and type
:wq
The final change we need to make before rebuilding initrd is to edit the /etc/initramfs-tools/modules file and add a couple encryption modules. This will make sure they are copied into the initrd image. Using your favorite editor, add the following lines to the bottom of the file and save it.
vim /etc/initramfs-tools/modules
and add the modules u chose for your encryption
twofish serpent sha512 sha256 aes_i586 xts
and again
:wq
Now it's time to rebuild our initrd image
update-initramfs -u
If all goes well, you are now ready to cross your fingers and reboot. The system will start to boot then ask you for your LUKS passphrase. Type that bad boy in and, if all goes well, your system will boot.
If, however, you run into any problems, you don't have to start over. As long as your encrypted volume is built correctly and you have the correct LUKS passphrase, you can get back to the place you were with the Live CD. Simply boot with the original Live CD/USB drive and enter the following.
/etc/init.d/networking start apt-get update apt-get install hashalot lvm2 cryptsetup luksOpen /dev/[your logical partition] pvcrypt mkdir /mnt/backtrack4 mount /dev/mapper/vg-dharma /mnt/backtrack4 mount /dev/[boot partition] /mnt/backtrack4/boot chroot /mnt/backtrack4 mount -t proc proc /proc mount -t sysfs sys /sys mount -t devpts devpts /dev/pts
You can now do any trouble shooting you need to do and try to reboot again. One note, if you want to check the UUID of your partition, do it before you chroot.
Once you have a booting system, you are ready to login. The default userid is root and the default password is toor. You are now ready to login and being playing. Don't forget to change the root password as soon as you login the first time.
this tutorial was created with help from infoscramblings