Install BackTrack Live to USB

Backtrack 4 Bootable USB Thumb Drive with Full DiskEncryption

NOTICE FOR BT5The new Backtrack 5 how to is here.

------------------------------------------------------------

UPDATE: Everything that applies to R1, applies to R2. However, I have gone ahead and increasedthe boot partition to 200MB just to make it an even number. I have also removed all references toBacktrack Final. Some other changes are a result of testing for speed and the desire to reducewrites to our USB drive to extend its life. This means we don't create a swap partition and changethe root partition to mount as ext2 instead of ext3. We will use ext3 to build it, but mount asext2 to disable journaling. Finally, there are now two ways to configure the system to use theencrypted volume. Hat tip to Andrew Suffield for the final bit to make the new way work.

If you were working from the R1 version of the how-to, you can still see it here.

This is a step-by-step guide showing how to create a encrypted bootable Backtrack 4 USB thumbdrive.

Before we get started, here are a few housekeeping items:

There is a PDF version of this article available here. ( Slightly out of date. Make sure to use200MB for the boot partition.)I also made a video of the process. It is here. (The video is a bit out of date too)Finally, if you want to be notified of updates to this page, subscribe to my RSS feed here.

I put quotes around full in the title because technically the whole disk isn't encrypted. We use LVMand the native encryption routines included in Ubuntu 8.10 to encrypt all partitions except for asmall boot partition that never contains any data.

This is a fairly involved process, but I have done my best to document each detail. Please let meknow if I missed anything or you have any questions. I can be reached via the contact form on the'About' page of this website or via the comments below.

I strongly recommend you read through this guide at least once before starting. I will be making aPDF available in the near future.

As in all my how-tos, user entered text is bold and comments are preceded by a # sign andgenerally not part of the output of a command.

Finally, a couple of posts from the Ubuntu Community Documentation site were instrumental ingetting this working.

https://help.ubuntu.com/community/EncryptedFilesystemOnIntrepid

https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto

WARNING: Before you start, please be aware that you can cause the system you are using tobuild this with to not boot correctly. During the install process below there is a warning aboutindicating where you want the boot loader to be installed. Be very careful at this point.

To search, type and hit enter

S u b s c r i p t i o n O p t i o n sYou can subscribe via RSS orEmail below.

Subscribe to RSSSubscribe to Infosec

Ramblings by Email

F a c e b o o k

R e c e n t P o s t sEnterprise InformationSecurity Architecture andThreats: Do We Care?Winchester House Security:Why Enterprise SecurityArchitecture MattersSpeaking at RSA: WinchesterHouse Security: WhyEnterprise SecurityArchitecture MattersInfosec and the Value ofTwitterVeterans Day: Thank You!

P a g e sHomeSecurityTwits

Infosec RamblingsH O M EA B O U TB A C K T R A C KE X P L O R I N G

F A I RS E C U R I T Y T W I T SI N T E R E S T I N G

B I T S

indicating where you want the boot loader to be installed. Be very careful at this point.

First we are going to need some stuff.

Tools and Supplies

1. A USB thumbdrive for the install - minimum capacity 8GB for Backtrack Final or 16GB forBacktrack 2

2. A Backtrack 4 DVD or an additional USB thumbdrive (minimum 2GB, must be Backtrack 4)3. Optional: UNetbootin - A tool to transfer an iso image to a USB drive.4. Working internet connection once Backtrack 4 is booted.

Let's get started!

Let's grab a copy of the Backtrack 4 R2 ISO.

BackTrack 4 R2 Release ISOLast Update: 22.11.2010Name:: bt4-r2.iso Size: 2000 MBMD5: 9a94caa0e980a7331e9abc1d4c42c9a9

Now that we have the goods in hand, we can get to cooking. This tutorial is based on bootingBacktrack 4 first. This means that you need some form of bootable Backtrack 4 media. This can bea virtual machine, DVD, or USB drive. Use your favorite method of creating a DVD or USB drive oryou can use UNetBootin to create the thumb drive. Below is a screenshot of using UnetBootin toinstall Backtrack 4 on a USB drive.

It is as simple as selecting the image we want to write to the USB drive, the drive to write it to,and then clicking the 'OK' button. Warning: Make sure you pick the correct destination drive. Youdon't want to shoot yourself in the foot.

Partitioning

The first step is the physical partitioning of the drive.

Boot up Backtrack 4 from your DVD or USB drive. We will need both networking and the graphicalinterface running. The following commands will get us there.

/etc/init.d/networking startstartx

We will also need to figure out which drive is our target drive. The following command will showthe drives available and you can determine from that which is the new USB drive. Open a terminalwindows and execute the following.

About MeBacktrack

Backtrack 5 - BootableUSB Thumb Drive with"Full" Disk Encryption

Exploring FAIRArchives

S p e a k i n g S c h e d u l ePrevious* August 18-19, 2009 -Nebraska Cert Conference,Omaha, NE* October 20-22, 2009 - RSAEurope 2009, London, UK* March 3, 2010 - RSA 2010,San Francisco, USA* April 26th, 2010 - ISSAChapter Meeting, Des Moines,IA* July 26th, 2010 - ISSAChapter Meeting, Des Moines,IA* October 10th, 2010 -Principal Financial Group, DesMoines, IA* April 19th, 2011 - Infotec,Omaha, NE* May 10th, 2011 -Secure360, St. Paul, MN* May 9th, 2012 -Secure360, St. Paul, MNUpcoming* March 1st, 2013 - RSA USA2013, San Francisco, CA

R e c e n t C o m m e n t sDrearNevada4 on Backtrack 5 Bootable USB Thumb Drivewith Full Disk Encryptiong on Backtrack 5 BootableUSB Thumb Drive with FullDisk EncryptionPaul Vincent on EnterpriseInformation SecurityArchitecture and Threats: DoWe Care?yolo on Backtrack 5 Bootable USB Thumb Drivewith Full Disk EncryptionEnterprise InformationSecurity Architecture andThreats: Do We Care? onWinchester House Security:Why Enterprise SecurityArchitecture Matters

C a t e g o r i e sAnnouncementAwarenessBooksCareerConferencesEducationalEnterprise SecurityArchitecture

windows and execute the following.

dmesg | egrep hd.\|sd.

We need to physically partition the target drive as follows:

1. The first partition needs to be a primary partition, 200 MB in size, set to type ext3. Alsoremember to make this partition active when you are creating it. Otherwise you might havesome boot problems.

2. The rest of the drive should be configured as an extended partition and then a logical partitioncreated on top of it.

Below are the steps to take to get the drive partitioned. A '# blah blah' indicates a comment andis not part of the command and user typed commands are bolded. One note, we will need todelete any existing partitions on the drive. Final note, the cylinder numbers below are specific tomy test machines/thumb drives, yours may be different.

fdisk /dev/sdb # use the appropriate drive letter for your system

# delete existing partitions. There may be more than one.

Command (m for help): dPartition number (1-4): 1

# create the first partition

Command (m for help): nCommand actione extendedp primary partition (1-4)pPartition number (1-4): 1First cylinder (1-1044, default 1): Using default value 1Last cylinder, +cylinders or +size{K,M,G} (1-1044, default 1044): +200M

#create the extended partition

Command (m for help): nCommand actione extendedp primary partition (1-4)ePartition number (1-4): 2First cylinder (15-1044, default 15): Using default value 15Last cylinder, +cylinders or +size{K,M,G} (15-1044, default 1044): Using default value 1044

# Create the logical partition.

Command (m for help): nCommand actionl logical (5 or over)p primary partition (1-4)lFirst cylinder (15-1044, default 15): Using default value 15Last cylinder, +cylinders or +size{K,M,G} (15-1044, default 1044): Using default value 1044

# Setting the partition type for the first partition to ext3

Command (m for help): tPartition number (1-4): 1Hex code (type L to list codes): 83

# Setting the first partition active

fairFBI Citizen's AcademyFollow FridayGeneralInteresting BitsInteresting Press ReleasesISSAPrivacyprogrammingRisk ManagementSecurity testingSecurityTwits RecapTILLWTipsToolsUncategorizedWritingWtRW

Command (m for help): aPartition number (1-4): 1

Command (m for help): w

It is now time to get a couple additional packages installed that we need for LVM and encryption.First we need to update the local repositories and then install lvm2 and hashalot. Output has beenommitted.

apt-get updateapt-get install hashalot lvm2

Our next step is to enable encryption on the logical partition we created above and make itavailable for use.

Before we do that though, there is an optional step we can take if we want to make sure no onecan tell where our data is on the drive. It isn't really necessary since anything written will beencrypted, but if we want to be thorough and make sure no one can see where our data even sitson the drive, we can fill the logical partition with random data before enabling encryption on it. Thiswill take some time, as much as a couple hours or more. Execute the following command:

dd if=/dev/urandom of=/dev/sdb5

The following commands will setup encryption services for the partition and open it for use. Thereare several ciphers that can be used, but the one indicated in the command is supposed to be themost secure and quickest for Ubuntu 8.10. Please note that the case of the command luksFormatis required.

cryptsetup -y --cipher aes-xts-plain --key-size 512 luksFormat /dev/sdb5

WARNING!========This will overwrite data on /dev/sdb5 irrevocably.

Are you sure? (Type uppercase yes): YESEnter LUKS passphrase: (enter passphrase) [type passphrase]Verify passphrase: (repeat passphrase) [type passphase]Command successful.

cryptsetup luksOpen /dev/sdb5 pvcryptEnter LUKS passphrase: [type passphrase]key slot 0 unlocked.Command successful.

If you should happen to get a "cannot access device" error when trying to perform the cryptsetupsetup commands above, make sure the USB drive has not been mounted. That can happensometimes.

Now that that's all done, we can create our root and swap partitions using LVM. Again, thecommands below will do so. 7.3 GB was the largest I could make my root partition. Play aroundwith it a little and you may be able to make it a bit larger or you may have to make it a bit smaller.

pvcreate /dev/mapper/pvcryptPhysical "volume /dev/mapper/pvcrypt" successfully createdvgcreate vg /dev/mapper/pvcryptVolume group "vg" successfully createdlvcreate -n root -l 100%FREE vgLogical volume "root" created.

The final step is to format the logical volumes we just created. I have not included the outputbelow for brevity's sake.

mkfs.ext3 /dev/mapper/vg-root

Believe it or not, we are finally ready to start installing Backtrack. To do, click on the install.sh iconon the desktop. This will start the graphical installer.

WARNING: You must click on the advanced tab on the next page and selectyour USB drive as the target for installing the bootloader. You will break yoursystem if you do not.

We have now installed the main distribution to our thumb drive. The next step is to configure thenewly installed system to use LVM and open the encrypted partition.

However, before we do that we need to figure out the UUID of our encrypted volume. We want todo this so that we don't run into problems if the device name of the drive changes from machineto machine. The command vol_id will give us the information we need. So execute vol_id as below.

vol_id /dev/sdb5ID_FS_USAGE=cryptoID_FS_TYPE=crypto_LUKSID_FS_VERSION=2ID_FS_UUID=09330b5a-5659-4efd-8e9d-0abc404c5162ID_FS_UUID_ENC=09330b5a-5659-4efd-8e9d-0abc404c5162ID_FS_LABEL=ID_FS_LABEL_ENC=ID_FS_LABEL_SAFE=

Make a note of the ID_FS_UUID value which is in italics above. We will need it later. Note: youroutput will be different than mine.

Now time to configure our newly installed system. The first thing we have to do is make the newlyinstalled system active so we can make changes to it. We do that by mounting the partitions andchrooting to it.

mkdir /mnt/backtrack4mount /dev/mapper/vg-root /mnt/backtrack4mount /dev/sdb1 /mnt/backtrack4/bootchroot /mnt/backtrack4mount -t proc proc /procmount -t sysfs sys /sys

To make everything truly operational, we can mount /dev/pts, but every time I try I have problemsunless I reboot first. That is a real pain, so I just don't mount /dev/pts. We will get a couplewarnings/errors as we go along, but they do not affect our install.

The magic to making all this work is to rebuild the initrd image that is used to boot our system.We need to include some things, load some modules, and tell it to open the encrypted volume, butfirst we have to go through the whole process of installing software again. We have to do thisbecause we are essentially right back where we started when we booted the live cd. Do thefollowing again.

apt-get updateapt-get install hashalot lvm2

The next step is to configure how initramfs-tools will create our initrd file.

There are two ways to do this, an easy way and a slightly harder way.

The Easy Way

The easy way involves editing two files, the /etc/crypttab file and the /etc/fstab file. I use the vieditor, but you can use your favorite editor.

vi /etc/crypttab

We need to add the following line to the file. If you are new to vi, hit the o key and the type thefollowing:

pvcrypt /dev/disk/by-uuid/ none luks

When you are done typing that line, hit the esc key and then type ':wq' without the quotes tosave and exit vi. The file should look like this. The uuid is unique to my case. Make sure yoursmatches your system.

# pvcrypt /dev/disk/by-uuid/09330b5a-5659-4efd-8e9d-0abc404c5162 none luks

Then we need to edit the /etc/fstab file and replace the line that describes the device name for root. We will also change the mount type at this time to ext2 so we can reduce the number of writes to our USB drive.

Again, use your favorite editor or vi.

vi /etc/fstab

The file will look something like below. The UUIDs will be different though.

# /etc/fstab: static fi le system information.## proc /proc proc defaults 0 0# /dev/mapper/vg-rootUUID=c8d9b9a0-2198-4966-bc3a-39259df6a2c2 / ext3 relatime,errors=remount-ro 0 1# /dev/sdb1UUID=6af425ad-99b8-44a5-9ee1-0349141f9b1f /boot ext3 relatime 0 2/dev/hdc /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0

The only line we need to change is the line for vg-root which is bolded above. For those new to vi, position the cursor on first 'U' of the line using your arrow keys and type 'dd', then move the cursor to the '#' in the line above and type the letter o, then type the line below, hit the esc key and type ':wq' without the quotes to save the file. The line needs to look like below when done:

/dev/mapper/vg-root / ext2 defaults 0 1

Once that is done, execute the following commands.

update-initramfs -u

If all goes well, you are now ready to cross your fingers and reboot. The system will start to boot then ask you for your LUKS passphrase. Type that bad boy in and, if all goes well, your system will boot.

If you have problems, you can use the troubleshooting directions below to get back to the state where you can try to figure out how what went wrong.

System All Booted

Once you have a booting system, you are ready to login. The default userid is root and the default password is toor. You are now ready to login and being playing. Don't forget to change the root password as soon as you login the first time.

That's it. You can make some final tweaks if you want like setting the network to start automatically and starting KDE at boot, but for all intents and purposes you have successfully installed Backtrack 4 to USB drive and don't have to worry about sensitive information being intercepted if it gets lost of stolen.

Slightly Harder Way

This method involves adding two scripts and editing the modules file. I have added the text of the scripts here, but also provided a command that will grab them from my website.

The first script we need to create is /etc/initramfs-tools/hooks/pvcrypt. This script will copy the needed files for the initrd image. Executing the following will get the script where it needs to be.

cd /etc/initramfs-tools/hooks

wget -O pvcrypt http://www.infosecramblings.com/hooks-pvcrypt

The contents of the script should look like this.

PREREQ=""

prereqs(){ echo "$PREREQ"}

case $1 inprereqs) prereqs exit 0 ;;esac

if [ ! -x /sbin/cryptsetup ]; then exit 0fi

. /usr/share/initramfs-tools/hook-functions

mkdir -p ${DESTDIR}/etc/console-setupcp /etc/console-setup/boottime.kmap.gz ${DESTDIR}/etc/consolecopy_exec /bin/loadkeys /bincopy_exec /bin/chvt /bincopy_exec /sbin/cryptsetup /sbincopy_exec /sbin/vol_id /sbin

The next script we need to create is /etc/initramfs-tools/scripts/local-top/pvcrypt. This script tells the system to open the encrypted volume and requests the passphrase. Executing the following will get the script where it needs to be.

cd /etc/initramfs-tools/scripts/local-top

wget -O pvcrypt http://www.infosecramblings.com/local-top-pvcrypt

Unlike the first script, you will need to edit this script to point to your encrypted volume. This is where the UUID we found earlier comes in. Replace the word UUID with the value you noted above.

PREREQ="udev"

prereqs(){ echo "$PREREQ"}

case $1 in# get pre-requisitesprereqs) prereqs exit 0 ;;esac

/bin/loadkeys -q /etc/console-setup/boottime.kmap.gzmodprobe -Qb dm_cryptmodprobe -Qb sha256modprobe -Qb aes_i586modprobe -Qb xts

# The following command wil l ensure that the kernel is aware of# the partition before we attempt to open it with cryptsetup./sbin/udevadm settle

sleep 10

if grep -q splash /proc/cmdline; then /bin/chvt 1fi/sbin/cryptsetup luksOpen /dev/disk/by-uuid/UUID pvcrypt

Both scripts need to be executable.

chmod +x /etc/initramfs-tools/hooks/pvcrypt

chmod +x /etc/initramfs-tools/scripts/local-top/pvcrypt

The final change we need to make before rebuilding initrd is to edit the /etc/initramfs-tools/modules file and add a couple encryption modules. This will make sure they are copied into the initrd image. We can do this one of two ways. We can use our favorite editor and add the following lines to the bottom of the file and save it.

aes_i586

xts

or use a wget command like above.

cd /etc/initramfs-tools

wget -O modules http://www.infosecramblings.com/initramfs-modules

Either way, your /etc/initramfs-tools/modules file should look like this:

# List of modules that you want to inc lude in your initramfs.## Syntax: module_name [args ...]## You must run update-initramfs(8) to effect this change.## Examples:

## raid1# sd_modfbconvesafbaes_i586xts

We still need to make the change to mount the filesystem as ext2 to disable journaling, again to reduce writes to our USB drive.

To do that, we need to edit the /etc/fstab file and replace the line that describes the device name for root. We will also change the mount type at this time to ext2.

Again, use your favorite editor or vi.

vi /etc/fstab

The file will look something like below. The UUIDs will be different though.

# /etc/fstab: static fi le system information.## proc /proc proc defaults 0 0# /dev/mapper/vg-rootUUID=c8d9b9a0-2198-4966-bc3a-39259df6a2c2 / ext3 relatime,errors=remount-ro 0 1# /dev/sdb1UUID=6af425ad-99b8-44a5-9ee1-0349141f9b1f /boot ext3 relatime 0 2/dev/hdc /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0

The only line we need to change is the line for vg-root which is bolded above. For those new to vi, position the cursor on first 'U' of the line using your arrow keys and type 'dd', then move the cursor to the '#' in the line above and type the letter o, then type the line below, hit the esc key and type ':wq' without the quotes to save the file. The line needs to look like below when done:

/dev/mapper/vg-root / ext2 defaults 0 1

Now it's time to rebuild our initrd image.

update-initramfs -u

If all goes well, you are now ready to cross your fingers and reboot. The system will start to boot then ask you for your LUKS passphrase. Type that bad boy in and, if all goes well, your system will boot.

System All Booted

Once you have a booting system, you are ready to login. The default userid is root and the default password is toor. You are now ready to login and being playing. Don't forget to change the root password as soon as you login the first time.

That's it. You can make some final tweaks if you want like setting the network to start automatically and starting KDE at boot, but for all intents and purposes you have successfully installed Backtrack 4 to USB drive and don't have to worry about sensitive information being intercepted if it gets lost of stolen.

Troubleshooting

If you run into any problems, you don't have to start over. As long as your encrypted volume is built correctly and you have the correct LUKS passphrase, you can get back to the place you were with the Live CD. Simply boot with the original Live CD/USB drive and enter the following.

/etc/init.d/networking start

apt-get update

apt-get instal hashalot lvm2

cryptsetup luksOpen /dev/[your logical partition] pvcrypt

mkdir /mnt/backtrack4

mount /dev/mapper/vg-root /mnt/backtrack4

mount /dev/[boot partition] /mnt/backtrack4/boot

chroot /mnt/backtrack4

Share this:

Leave a Reply

455 Replies 441 Comments 0 Tweets 0 Facebook 14 Pingbackslast reply was 3 months ago

mount -t proc proc /proc

mount -t sysfs sys /sys

mount -t devpts devpts /dev/pts

You can now do any trouble shooting you need to do and try to reboot again. One note, if you want to check the UUID of your partition, do it before you chroot.

-Kevin

Backtrack 4 Bootable USB Thumb Drive with Full Disk Encryption by Kevin Riggins is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

Permissions beyond the scope of this license may be available at http://www.infosecramblings.com/about/.

Enter your comment here...Enter your comment here...

K,This walk-through is exquisite. The details are enough that anyone can get this right the firsttime. I enjoyed the read and will soon proceed to follow and recommend this guide.Thanks,usr

reply

@usr_local,Thanks! Please let me know if you run into any problems or have any suggestions for makingit better.Kevin

reply

About to give this a go, will let you know how it goes.reply

# Setting the partition type for the first partition to ext3Command (m for help): tPartition number (1-4): 1Hex code (type L to list codes): 83Changed system type of partition 1 to b (W95 FAT32)

only differences to the guide that i experienced were that at this step:lvcreate -n swap -L 512M vg/dev/cdrom3: open failed: Read-only file system. # this is normal

Trying this on my EEEPC, failed the first time, trying again.reply

@Didier,Well blargh. You are completely right. Corrected now.Kevin

reply

@Sam,I apologize. I misread your comment. You were correct that there was a typo in that secondwget file. Thought your were referring to the -O pvcrypt and not the http part.Kevin

reply

I gave it a second try and it failed again, but I believe I know why now.In the second pvscript you show a sleep 10 command. This sleep command is missing fromthe script I download with wget.

reply

@Didier,Sheesh. Fixed that now too. It could be the culprit. The sleep 10 is to give udev a chance tosettle down. Different systems and technologies need different times.What specifically is failing? Maybe I can help.Kevin

reply

@KevinIt is working now, thanks to the sleep 10 command I can boot and enter the disk password.Now need to get the Wifi working.Thanks for this howto!

reply

@Didier,Awesome. You are welcome and thanks for helping make it better.Kevin

reply

Ok, so I just finished my first attempt at following your (excellent) guide, but have hit a snagsomewhere. After booting up the drive, I get the following error:modprobe: FATAL: Could not load /lib/modules/2.6.29.4/modules.dep: No such file ordirectoryThen, it attempts to mount the drive, prompting for my LUKS passphrase. However, afterentering the pass 3 times, I am dropped to a shell. The only thing I figure I may have donewrong when performing the installation was inserting the UUID into the the script withoutincluding "ID_FS_UUID=". This was meant to be included, correct? Anyways, how might Irebuild the initrd image without starting over? Or am a little screwed at this point? Thanks forthe great tutorial--I'm sure I'll get it working, even if I have to start all over again.

reply

@Dark_Matter(s),The modprobe error is "normal" and doesn't affect boot. I think I have figured out how to fixit, but need to test it before including it in the how-to.When you enter the UUID, you only want the part after the = sign. I need be a little moreclear in the how-to. I will be adding that update as well. If you feel that the UUID bit iscausing you a problem, you can replace it with /dev/sdx where sdx is your logical volume.This works well for testing, but can cause problems if you move from machine to machine.Finally, you don't have to start over. Boot with the original Live CD or UBS drive, do thefollowing:/etc/init.d/networking startapt-get updateapt-get instal hashalot lvm2cryptsetup luksOpen /dev/[your logical partition] pvcryptmkdir /mnt/backtrack4mount /dev/mapper/vg-root /mnt/backtrack4

kriggins January 2, 2010


Didier Stevens January 2, 2010


Didier Stevens January 2, 2010


Dark_Matter(s) January 3, 2010


mount /dev/[boot partition] /mnt/backtrack4/bootchroot /mnt/backtrack4mount -t proc proc /procmount -t sysfs sys /sysmount -t devpts devpts /dev/ptsYou will be back to the place where you can check things out and re-run update-initramfs ifyou need to.-Kevin

reply

@Dark_Matter(s),Oops. Lovely WordPress took some of my comment above as html. The cryptsetup lineshould be:cryptsetup luksOpen /dev/[your logical partition] pvcryptI fixed it in the comment above too.Kevin

reply

@krigginsThanks for the reply. I was able to mount the device last night following some reading on theUbuntu forums--but I may have made the problem a little worse, as I can no longer mountthe drive. I think I'll just give it another try, and let you know how it goes. Again, thanks forthe quick response.

reply

Holy cow Batman!! Nice job. I am also going to use this for a HDD install, it appears that isexactly what you did here vs the "persistent live CD" on USB in your previous writeups.Thanks for your time and best wishes for the New Year!BTW, any idea on the samdump2 update error via apt-get upgrade (repositories)? I supposeyou could recompile from source, however I may have to look into doing that...Gm

reply

@greg,Thanks and best wishes for you in the New Year too!I should mention in the how-to that this method can be used for an HDD install too.I haven't looked any further into the upgrade error. I should really look at that.Kevin

reply

@krigginsRegarding the modprobe fatal error on boot, i used this solution from the forums.-------------------------------------------------------------------------cd /bootcp initrd.img-2.6.29.4 initrd-2.6.29.4.old (Just making a backup)depmod -aupdate-initramfs -k 2.6.29.4 -ccd /tmpgzip -dc /boot/initrd.img-2.6.29.4| cpio -idtouch lib/modules/2.6.29.4/modules.depfind ./ | cpio -H newc -o > /boot/initrd.img-2.6.29.4.newgzip /boot/initrd.img-2.6.29.4.newcd /bootmv initrd.img-2.6.29.4.new.gz initrd.img-2.6.29.4Reboot and it should be gone.----------------------------------------------------------------------Source: http://forums.remote-exploit.org/backtrack-4-bugs-fixes/23688-modprobe-fatal.html

reply

I just rebooted and the problem is gone.Also i forgot to mention that i ran the above commands after i booted using my usb thumbdrive.I didnt run them using the original live cd, and chrooting to the usb, mounting etc..By the way, in your guide before we rebuilt initrd, you said doing depmod -a would solve anannoying error on boot. Was this the error it was supposed to solve? (For the record i runyour depmod -a during the installation)


Dark_Matter(s) January 3, 2010

Greg January 7, 2010


Shockrates January 8, 2010

Shockrates January 8, 2010

P.S.: One of the most informative guides i have read. reply

@shockrates,Thanks for the compliment on the how-to. Much appreciated.Thanks for the tip above. I thought my method worked, but I was probably doing threethings at once and got things mixed up. That being said, I think I have another way to fix itusing the built scripts function of initramfs. I will be testing that this weekend and will updatethe how-to appropriately if it pans out. If it doesn't I will add your comments to the how-to.-Kevin

reply

After everything is finished, should we update&upgrade the system normally using aptitude?I had this error:Starting PostgreSQL 8.3 database server: main* The PostgreSQL server failed to start.Please check the log output: EST FATAL: could not load server certificate file "server.crt": Nosuch file or directory.I think this is a common problem. A good idea would be to do say in the guide how to solvethe problem, and then put an aptitude update etc.P.S.: Maybe it would be a good idea, to copy the Nessus section and tweaks section from theother article here, so most people dont have the mixed up. (The tweaks part in the otherarticle contains stuff about truecrypt which here we dont use etc). And maybe put in the titleof the original article, backtrack 4, on usb using truecrypt for encryption, and here backtrack4, on usb with persistant changes with "full" encryption.

reply

@Insomniac,Thank you for the comment and suggestions.Yes, you can use apt-get or aptitude to update and upgrade after you are done. I haven'texperienced the PostgreSQL error, but I also haven't done a full update recently.The existing how-to with Nessus is going to be updated to include this method of install.That url is popular enough that I leave it as the main url with each subsequent update. Thishow-to stands on it's own for those that only wish to install Backtrack to a USB key. I alsofound a way to do the changes partition in an encrypted fashion on the remote-exploitforums that I may include in the main how-to.-Kevin

reply

Nice tutorial. But I am having problem when I apt-get update as I am behind a proxy. Howcan I configure proxy in terminal?Thanks

reply

Never mind. I got it sorted out. But I got another problem. After doing all the instructionsand reboot my USB, I got this error messages:modprobe: FATAL: could not load /lib/modules//2.6.29.4/modules.dep no such file ordirectory.aes_generic: unknown parameter 'i586'aes_i586: unknown parameter 'i586'Any help?

reply

@Max,The modules.dep error is normal and won't cause any problems. I am working on making itso that isn't an issue.The aes_generic and aes_i586 errors lead me to believe there is a problem with the/etc/initramfs/modules file. We need to have the aes_i586 and xts lines added to that file sothat the modules are included in the initrd image. Double check that spelling is correct andthat each is on its own line.Kevin

reply

Thanks. I started the whole process and it worked this time. My mistake. I apologize.Great howto though.Max


Insomniac January 8, 2010


Max January 9, 2010

Max January 10, 2010


Max January 11, 2010

reply

@Max,No apology necessary and thanks for the compliments.Kevin

reply

Hi, first of all, very nice guide.but souldn't the boot partition be sdb1 in your example?

reply

@Hedin,Thanks and you are absolutely correct. That's what I get for installing to sda and sdb.Grabbed the screen shot from the wrong session. I have added a note to warn about thatand will update the image as soon as I can.Thanks for noticing and letting me know.Kevin

reply

Hey, Great work first of all. I myself appreciate the time you put into this. That being said willthis process work on BT4 Final (released yesterday). I just downloaded it and started thisprocess. I received no errors and everything seemed to go very smoothly however when Iboot up my USB stick and I enter the password it tells me that no matching passphrase wasfound. I am entering the correct passphrase I checked by booting back into the LiveCD andmounting it with "cryptsetup luksOpen /dev/sdb5 pvcrypt" and it accepts the key. I've donethis enough to assure myself I am not making typos at boot lol. Was just wondering ifanyone else had this problem?

reply

I am having this same problem, and i have tested it the same way you did. Find a solution?reply

@obito,I tested the how-to last night, which also resulted in a couple edits and it worked just fine.Double check your /etc/initramfs/scripts/local-top script. Often the culprit is that the device itis referencing in the cryptsetup line at the end is entered incorrectly. You can try with/dev/sd[x][y] where x is your disk and y is the logical partition. Be aware that boot order anddrive enumeration can make it fun trying to figure out which /dev/sd[y] to use.Kevin

reply

I have just installed bt4 final on an 16GB usb stick and it worked nearly perfect... only minorissue is that i wasn't asked about user settings or root password.and a cosmetic one: it says Ubuntu in the grub menu.Agen, Very nice guide / howto

reply

Doh... just saw the passwd in your guide:)reply

I just made a fresh install on BT4 final on my 8gb USB stick, I also noticed the user accountcreation screen was gone, after I was done and rebooted from the USB the root account wasalready unlocked (unlike the BT4-pre and Ubuntu defaults). Normal login "root" and pw"toor". There is no longer a need to userdel any user accounts.

reply

@Greg,I updated the How-to the same day the final release happened to include the things youmention. The PDF didn't get updated until last night though. Sorry. BTW - I still owe you anemail and I haven't forgotten. Kevin

reply


Hedin January 12, 2010


Obito January 12, 2010

Nick February 1, 2011




Greg January 13, 2010


Hey kevin:I followed you tut, but upon reboot I am getting the following error:...DoneGave up waiting for root device. common problems:-Boot args (cat /proc/cmdline)-check rootdelay= (did the system wait long enough? Note: I could not download yourscripts so I entered the scripts manually!!Check root=(did the system wait for the right device?)ls /dev)Alert! /dev/mapper/vg-root does not exist. Dropping to a shell!! (I definitely created/dev/mapper/vg-root!!-Missing modules (cat /proc/modules;What might I be missing?

reply

Hi again Kevin:I am trying again with the a bt4 cd but am getting error that "no /dev/pts exists". I ran thelast command after running all the others which have been successful upon rebooting withCD. Themount -t devpts devpts /dev/pts command is not working.One other question when including the "ID_FS_UUID=09330b5a-5659-4efd-8e9d-0abc404c5162" in the script, is the value only included or is this whole is this whole numberincluded? I only included the value in the script and left out the ID_FS_UUID= part of thewhole parameter. I don't do much of this scripting so I could be wrong.BTW- I did not use the parameter above, it was taken from this post, I used the value for myUSB which is SDA. I am using a 16G San ScanDisk.

reply

@Stealth,I am going to answer the questions in your second comment first.1. I often find that /dev/pts wont' mount correctly after a chroot. It is not a fatal problem.Just ignore it if that happens.2. Yes, you only want the part after ID_FS_UUID=For trouble shooting purposes, you can change the /dev/disk/by-uuid part to /dev/sda5. Thisshould work in your case since it is enumerating the drive as sda.Now for the questions in your first comments.A couple questions first. Did you get the LUSK Passphrase prompt after you rebooted? Did itopen the device correctly? If the answer to both of those questions is yes, then it looks likemaybe lvm2 didn't get installed after you chrooted to the installed system. This step has tobe redone after the chroot step and before you perform the update-initramfs -u step.If you didn't get the LUKS Passphrase prompt or it didn't open the device correctly, there islikely a problem with your scripts. I am a little concerned that you said you couldn't downloadthe scripts as it shouldn't be a proble, particularly if you successfully perform the apt-getupdate and apt-get install after chrooting.Hope this helps. If it doesn't, write down all the stuff that gets displayed to the screen uponreboot and put it in a comment so I can see the entire boot process.-Kevin

reply

Well hold on a minute...I may have made a stupid errors as to why I couldn't download yourscripts. I tried again and they are downloaded to me just fine. I am doing everything as youstated again and hopefully I will have success upon reboot....Going to reboot now afterupdating the "initramfs" file...Ok so far so good asked me for my luks password ...seems tobe booting...signed in as root...graphical interface is coming on line!!!! Thanks Kevin, yougave me all the information I need to make this work!!! I have success, have a happy andprosperous New Year!!Apparently I made a mistake with my hand generated scripts you identified. Also, I forgotabout the mistakes that were identified in the post.

reply

As I prepared the usb flash drive in a hard drive install of backtrack, I have had to reboot andcontinue the process from the live dvd.Am I correct in thinking that the random data that we filled up the logical drive in the DD stepdoes not need to be redone?btw, thanks for this awesome howto!

reply

@Stealth,

Stealth January 13, 2010




kiamo January 14, 2010


Glad you got it working!@Kiamo,You are correct. Once you have filled the drive with random data, you don't ever need to do itagain.-Kevin

reply

Hey kriggins,thanks for this super tutorial, i've almost finish the whole without problem, exceptly for theend :"update-initramfs -u" i've got an error: "update-initramfs is disabled since running on alive CD, any help ll be really appreciated thanks in advance.

reply

nvm, i solved this prob"mv /usr/sbin/update-initramfs /usr/sbin/update-initramfs.oldln -s /rofs/usr/sbin/update-initramfs /usr/sbin/update-initramfs"After rebooting i've got :"Disabling IRQ 18" - " Missing modules ( cat /proc/modules; ls /dev),any idea maybe ?

reply

As far as I can tell I've completed the steps as stated. However, when I boot up from the usbstick and enter my luks passphrase, i get the following error:device-mapper:table:253:0:crypt:Error allocation crypto tfmcommand failed. No key available with this passphrasethen further down the screen it says:ALERT! /dev/mapper/vg-root does not existI'll keep fiddling with it but any help would be much appreciated

reply

@cryptosond,I suspect the reason you are getting the errors you are getting is because you have notsuccessfully chrooted to the newly installed system before finishing the configuration. Youneed to be chrooted before you setup the pvcrypt files, edit the /etc/initramfs/modules fileand install lvm and hashalot again.-Kevin

reply

@kiamo,Did you make sure and install hashalot and lvm2 after chrooting to the newly installedsystem?-Kevin

reply

yup, iv run through the steps a few times now.chroot /mnt/backtrack4apt-get update (no new updates)apt-get install hashalot lvm2 (hashalot and lvm2 are newest versions)This is so weird...

reply

@kiamo,After chrooting and mounting proc and sys can you paste the contents of/etc/initramfs/modules, and /etc/initramfs/scripts/local-top/pvcrypt here so I can take a look.It will be an hour or so until I can, but I will then.Kevin

reply

Sure, and thanks again for the help After the comments in /etc/initramfs/modules is this:fbconvesafbaes_i586xts

Cryptosond January 14, 2010

Cryptosond January 14, 2010







/etc/initramfs/scripts/local-top/pvcrypt looks like this:PREREQ="udev"prereqs(){echo "$PREREQ"}case $1 in# get pre-requisitesprereqs)prereqsexit 0;;esac/bin/loadkeys -q /etc/console-setup/boottime.kmap.gzmodprobe -Qb dm_cryptmodprobe -Qb sha256modprobe -Qb aes_i586modprobe -Qb xts# The following command will ensure that the kernel is aware of# the partition before we attempt to open it with cryptsetup./sbin/udevadm settlesleep 10if grep -q splash /proc/cmdline; then/bin/chvt 1fi/sbin/cryptsetup luksOpen /dev/disk/by-uuid/b8f7efe5-d87d-4a1f-890d-1198defa7729pvcryptKiamo

reply

@Kiamo,That all looks correct which is a bummer, because now we don't have a quick fix. This leadsme to believe one of two things:1) There is a problem with the initrd image or2) There is a problem with partition enumeration.Execute the following commands from the chrooted environment:cd /tmpmkdir foocd foozcat /boot/initrd.img-2.6.30.9 | cpio -ivThis uncompresses the initrd image so we can check somethings.First we want to confirm the that the modules we need were copied over. Make sure/tmp/foo/lib/modules/2.6.30.9/kernel/arch/x86/crypto/aes-i586.ko and/tmp/foo/lib/modules/2.6.30.9/kernel/crypto/xts.ko exist.We also want to confirm that they are listed in the modules file so cat the/tmp/foo/conf/modules file and make sure aes_i586 and xts are included. There will be otherstuff in there, but those two are the ones we want to confirm.Finally we want to confirm that lvm is included and our pvcrypt script is where it belongs.Make sure /tmp/foo/sbin/lvm and /tmp/foo/scripts/pre-mount/lvm2 exist and that/tmp/foo/scripts/local-top/pvcrypt exists.If any of the above is not true, then we have an issue with the rebuild of the initrd image.Run update-initramfs -u again and recheck this stuff. If that doesn't work, I'm not sure whatis going on.If all that is in good shape, I suggest changing /dev/disk/by-uuid... in the cryptsetup line in/etc/initramfs/scripts/local-top/pvcrypt to be the logical partition, i.e. /dev/sdb5 or whateverthe case is in your situation. You need to do this in /etc/initramfs/scripts/local-top/pvcryptand run update-initramfs -u again to build the new initrd image.If none of that helps, I am a bit of a loss on next steps other than to start over completelyby deleting any partitions and rebooting.Kevin

reply

Hi Kevin:I am getting an error on boot:/scripts/local-top/pvcyrpt: line 33: /bin/chvt: Not found, However, this has not affected thefunctionality. Should I edit the script. I haven't checked the script since downloading.Backtrack has loaded just fine, although sometimes it seems a little slower then on the CD orHD.Also my wireless is not working I keep getting a code error 80ba or something like that whenI enter the password for the wireless access point. When I do "iwconfig wlan0 key [pwd] I getthat error above.I had no problem with my wireless when I had bt4 installed on my HD. Anysuggestions? I know this isn't a wireless forum but just thought I would ask since I hadn't



had any problems before.BTW-This was a great "tut," I was so excited that everything worked, Although wishing you aproperous New Year, I forgot to give you your well deserved "props." Thanks again.

reply

Kevin:Just logged on again I do iwconfig wlan0 essid "[my ID] key "my girlfriends key" , and her key(without quotes]. The OS then complained with "Error for wireless request "Set Encode"(8B2A) :I then did a dhclient lookupI then got frustrated and tried NetworkManager which is not installed, but I found a "workaround"and and got wicd Network connection manager started. Previously I installed andused Network Manager.I don't know what the problem is because on my other installation of the HD all I had to dowas provide the essid and pwd in text from the command line. I also tried providing the pwdin hex. The system is taking the essid just fine as reflected in iwconfig cmd. Do you have anysuggestions or do you know of any issues with wireless when used on the USB? Thanksagain.

reply

Kevin:Forget the stuff about the wireless, I think I figured it out. I have gotten the wicd workingand it is trying to obtain and ip address. I also got the wireless to accept my girl friends pwdafter again coverting to hex. Now all I got to do is get it to give me an IP address, hopefully Ican figure that out soon. I also did a update for backtrack and it may have "broke a fewthings. My Mozilla browser is broke, but that shouldn't be too much of problem. I hope thatis all that is broke.Thanks again, but still, any of your suggestions are welcome. This is definitely a process!!LOL

reply

hmm, it seems xts.ko does not exist and xts is not included in the modules file. Also/tmp/foo/scripts/pre-mount/lvm2 does not exist either.Iv tried updating initramfs again but its exactly the same. I'll have another go at it from thebeginning in the morning.Thanks for the howto, its gonna be awesome once I have it working

reply

@Stealth,That is pretty bizarre stuff with the wireless. Unfortunately, I don't have any suggestions foryou. A trip to the remote-exploit.org forums might help though.@Kiamo,The fact that xts.ko is missing makes complete sense along with the other stuff. Somethingbad happened. As you indicate, a re-install is probably the best thing to try.-Kevin

reply

Kevin:I just noticed that the first script (/etc/initramfs-tools/hooks/pvcrypt) is missing. However,the second script (/etc/initramfs-tools/scripts/local-top-pvcrypt) is there and is mirrored asabove. Should I try to download it again or paste it in as above? Of should I leave it as it is,currently empty?

reply

@stealth,Yes, you want to make sure that script is there. It is used every time a rebuild of the initrdimage is done and makes sure some important files are copied to the image.You should be able to download it with the wget command in the how-to.-Kevin

reply

I've got to the point where we prepare disk space. I do not have a boot partition on my 8GBthumb drive. I've gone through the tutorial multiple times, but it just isn't shown in mypartitions list. I did use fdisk to create it in an earlier step. Is there a step missing? Thanks.

reply







william January 15, 2010

@William,Everything needed to complete the install is included in the how-to. My first guess is that thepartition table is not getting written correctly. What does the out put offdisk -l /dev/sd[x]look like?-Kevin

reply

fdisk -l /dev/sdb2/dev/sdb1p1 * 1 14 112423+ 83 Linux/dev/sdb1p2 15 975 7719232+ 5 Extended/dev/sdb1p3 15 975 7719201 83 LinuxOpening the install.sh script and viewing the partitions shows this:/dev/sda/dev/sda1/dev/sda2/dev/sda3/dev/sdb/dev/sdb1free spaceI'm using sdb1 for the install (8GB sandisk). According to your screenshot, I should have a100MB boot partition. I've gone through the tutorial 4 times, start to finish, and always getstuck on this part.

reply

@William,I'm a little confused by the output above. /dev/sdb2 usually refers to a partition, not a fulldisk. It almost looks like there is one large extended partition that is then partitioned intomore logical partitions. The contents of the install.sh script do not really mean anything atthis point.My suggestion would be to delete all partitions from /dev/sdb, write that partition table todisk and then start again. First create the 100MB primary partition, then create the extendedpartition with the rest of the drive and create the logical partition. The output of the fdisk -lcommand should look more like this:fdisk -l /dev/sdb/dev/sdb1 * 1 14 112423+ 83 Linux/dev/sdb2 15 975 7719232+ 5 Extended/dev/sdb5 15 975 7719201 83 LinuxHope this helps.-Kevin

reply

@william,Note: I think I also realized something else you are doing. It looks like you are creating the3rd partition as a primary partition and not a logical one.Kevin

reply

Thanks Kevin, I downloaded the script but it was again blank. So, I just added the 1st. scriptmanually, updated its permissions, and then did an update for initramfs but I am getting anerror:"cryptsetup: WARNING: invalid line in /etc/crypttab." Does this mean my crypto is no longergoing to function? I am rebooting now to see if it had any negative effects.OK, it at least asking me for the LUKS passphrase. Mmmm...every loaded fine with no errors.Do I need to be worried about the error in etc/crypttab?

reply

Kevin:What do you think the chances of me being hacked using the LAN with the encrypted filesystem? During a network hack where I was on the LAN would the encrypted disk ask anyonethat attempted to connect for the LUKS pwd, or would the system allow a connection tomount the drive encrypted drive. I would think hopefully not.

reply

@Stealth,Once you have booted the system and entered the password, the drive is accessible to locally


william January 15, 2010






Once you have booted the system and entered the password, the drive is accessible to locallylogged on users. If you turn on samba or nfs or some other file sharing service and allowanonymous access or some gains access to that service, they will see the files on disk. Theencryption ensures that a lost thumb drive cannot be read, not an up and operating system.Kevin

reply

KevinThanks for the awesome tutorial! I started from the top and this time everything wentsmoothly. No hitches at all.Only thing I'm noticing is that the thumb drive seems to freeze sometimes, and takes a fewmoments longer to be read/written to. It started to do it after the backtrack4 installationstage, and has continued after I've restarted and booted from it.Could that be the encryption?Thanks again for the great tutorial, and all the help that followed, I really appreciate it.-kiamo

reply

@Kiamo,I glad it is working for you now and thank you for the kudos.Enabling encryption does affect performance slightly, but the thumb drive and computer itselfcontribute more to the equation in my experience.-Kevin

reply

Thanks Kevin:Great insight on the network security part of this. I wasn't exactly sure how all of this wasworking, I just wanted to get it working on my usb. However, in my spare time I will read upon how all of this works together and get a more deeper and granular understanding of thecrypto and functionality. Now I know I should have enabled iptables first before going on thenetwork, hopefully I was lucky enough that nobody attempted any local hacks from thenetwork on the os. Hopefully BT4 comes reasonably secure in the default that I was nottotally insecure. Thanks again for all your insight and assistance.

reply

I did a quick run through on your tutorial only to run into partitioning problems not realizingsdb, sdb1, sdb2, etc. all referred to the same device but different partitions...Not an issue! I will start over. However I do recall after issuing the fdisk write command "w"that I got a strange error "WARNING: Re-reading the partition table failed with error 22:Invalid argument. The kernel still uses the old table. The new table will be used at the nextreboot. Syncing disks" Now a quick google showed it can be normal...but do I need to do anyother steps before continuing?Thanks for your help,WhiskP.S. I assume to you your own passphrase! lolz not "passphrase"

reply

Thanks.It works great. Nice tutorial. Good thing too use LVM it makes it awsome As an alternative too wipe disk faster but less secure this command can be usedbadblocks -c 10240 -s -w -t random -v /dev/XXXI will now test to convert my ext3 too ext4.

reply

@Stealth,Backtrack out of the box is very secure. There are no listening services so chances ofanything bad happening are very very slim. You are welcome.@Whiskey,I have experienced that error before. It has never gotten in the way that I can rememberand, yup, pick your own passphrase..passphrase is mine @Capron,Thanks for the alternate command for randomizing the disk. I'm interested in hearing howthe ext3 -> ext4 conversion goes.-Kevin

reply




Whiskey January 16, 2010

capron January 16, 2010


**Thank-you kriggins! I have followed your tutorial and have successfully created a fullyencrypted Back|Track 4 installation on my 8gb flash drive. Your well-written article is anexcellent addition to the Back|Track homepage how-to section. =)As a side note to any users following this tutorial, here are some of the things I encounteredthat confused me.1.) If "fdisk -l" lists out multiple partitions on your drive. Say (1-3) In the first step hit "d1""d2" "d3" To make sure you delete everything!2.) Using the final write (w) command using fdisk can give you an error 22 about the kernelstill using the old table...just ignore it or use the o command on your drive before performingANY of the partitioning steps and it should not bug you when you go to write.3.)The dd urandom command does indeed take at LEAST an hour. I think mine was 2actually. Capron said this is a less secure alternative "badblocks -c 10240 -s -w -t random -v/dev/XXX"4.) On the type passphrase step. Please enter your own! I can see fifty users out in theworld with this advanced encryption scheme all with the same log-in pass...I almost enteredpassphrase! Make up your own!5.) The script and modules files you have to edit might be hidden if you use Konquer fileexplorer. Just cd into the directory and use nano to edit the files.That's all folks!

reply

Thank you for suggestion #5I was having a helluva time trying to find a way to edit the file. Used nano, and it workedgreat!

reply

@krigginsThe convention ext3 --> ext4 whent okey.It made me think of trying too to skip theinstalltion script and do it all manually. I dont think it wood be that much more work.A quick howto in converting , The partions can not bee mounted I rebooted using mybacktrack CD and install apt-get install hashalot lvm2 again.Convert the logical disks ext3 -> ext4tune2fs -O extents,uninit_bg,dir_index /dev/mapper/XXXe2fsck /dev/mapper/XXX(The /boot partion shud not bee converted grub do not yet support ext4 )Edit fstab and grub configmount your converted ( root ) partion and edit the /etc/fstab too use ext4mount your boot partion and edit menu.lst ( add rootfstype=ext4 as option)Exampel "kernel /vmlinuz-2.6.30.9 root=/dev/mapper/your_root ro quiet splashrootfstype=ext4"

reply

Hi Kriggins and thanks for this excellent guide.I followed your instructions and i managed to complete the installation procedure withsuccess.However when i tried to boot from the "target" USB drive, the system asked for mypassphrase which i entered. I then got the following:device-mapper: table: 253:0: crypt: Error allocating crypto tfmCommand failed: No key available with this passphraseI thought i had maybe entered the wrong passphrase and thought it best to check it usingthe process in your guide where it says that if you remember the passphrase you dont needto do everything all over again. So i booted with my "installer" USB and then went to mountthe logical partition of my "target" usb in order to check that my passphrase was correct orwrong. The command i used is: cryptsetup luksOpen /dev/[your logical partition] pvcryptThe system then asked for my passphrase - i used the one i had used previously and it wasaccepted.This leads me to the conclusion that my passphrase was correct.Why then does the systemnot accept it at boot time, yet accepts it if i try to mount the encrypted partition from withinthe installer?Maybe i am all wrong here, but i wouldn't know as i am a complete newbie but i would loveit if you could throw some insight my way.Thanks a lot for all your workaalex

reply

@aalex,Thank you for the compliment. The error you are seeing is usually an indication that one ofthe crypto modules did not make it into the initrd image. Here is a series of things to check

Whiskey January 16, 2010

Pocket October 14, 2010


aalex January 18, 2010


after you have remounted the encrypted image and chrooted to that environment.Execute the following commands from the chrooted environment:cd /tmpmkdir foocd foozcat /boot/initrd.img-2.6.30.9 | cpio -ivThis uncompresses the initrd image so we can check somethings.First we want to confirm the that the modules we need were copied over. Make sure/tmp/foo/lib/modules/2.6.30.9/kernel/arch/x86/crypto/aes-i586.ko and/tmp/foo/lib/modules/2.6.30.9/kernel/crypto/xts.ko exist.We also want to confirm that they are listed in the modules file so cat the/tmp/foo/conf/modules file and make sure aes_i586 and xts are included. There will be otherstuff in there, but those two are the ones we want to confirm.Finally we want to confirm that lvm is included and our pvcrypt script is where it belongs.Make sure /tmp/foo/sbin/lvm and /tmp/foo/scripts/pre-mount/lvm2 exist and that/tmp/foo/scripts/local-top/pvcrypt exists.If any of the above is not true, then we have an issue with the rebuild of the initrd image.Run update-initramfs -u again and recheck this stuff. If that doesn't work, I'm not sure whatis going on.If all that is in good shape, I suggest changing /dev/disk/by-uuid... in the cryptsetup line in/etc/initramfs/scripts/local-top/pvcrypt to be the logical partition, i.e. /dev/sdb5 or whateverthe case is in your situation. You need to do this in /etc/initramfs/scripts/local-top/pvcryptand run update-initramfs -u again to build the new initrd image.If none of that helps, I am a bit of a loss on next steps other than to start over completelyby deleting any partitions and rebooting.The other individual who had this same problem ended up starting over and it worked thesecond time around.Kevin

reply

Thanks for the prompt response Kevin!I will try and follow your advice and go through the checks you mentioned.If it doesn't work then i will start everything from the beginning.I will let you know the outcome.aalex

reply

Maybe my write speed cud be better. What do you guys get in creating one gig file off zero ?I use ext4 , aes-xts-plain --key-size 512 320G ide disk. CPU athlon xptime dd if=/dev/zero of=1G bs=1024 count=10000001024000000 bytes (1.0 GB) copied, 40.7775 s, 25.1 MB/sreal time 0m40.822s

reply

Hello guys.I have next problem. I use ur guide, all good, but this error stop me:root@bt:/etc/initramfs-tools# update-initramfs -uupdate-initramfs is disabled since running on a live CDany solutions make this on live-cd?P.s. english bad, its my third language =)

reply

Guys, i do it. help this tip:update-initramfs.distrib -c -k allAnyway thx for guide guys. its cool =)

reply

@KevinThanks very much for the advice on my question above. In the end i just re-did everythingfrom scratch and it worked like a charm.I am now trying to get my TP-LINK TL-WN321G to work (so far i was using a wired ethernetconnection) but i am having difficulties. Its strange. Some people say it works out of the box,others say you need to install new drivers. I tried both but no luck... Is there any chance forsome help in this endeavor Once again thanks for your time and for all your helpaalex



Exe January 20, 2010

Exe January 20, 2010


reply

@capron,I haven't done any speed tests, but the numbers you put up don't seem to terriblyunreasonable for a usb thumb drive.@exe,You haven't chrooted to the newly install system. Go back to the how-to and see where youneed to chroot to the system after you finish the install.sh script. You will also need toreinstall hashalot and lvm2 again and follow the rest of the steps.@aalex,My experience with getting wireless working on Backtrack has been hit or miss. I can't reallyoffer much in the way of suggestions other that to go check out the remote-exploit.orgforums. Sorry.-Kevin

reply

Kevin:All "props" again to you, this is awesome tutorial. I have everything working fine. The initialerrors are all gone and once I placed the 1st script in its proper place good things reallystarted to happen. My whole system updated properly as i had run the upgrade for BT4earlier. As you stated previously the initrd image must have gotten updated by that scriptafter I placed it correctly. Wireless is working great after setting it manually, I was makingsome very basic errors and it is suggested that it be set manually instead of dynamically atthe BT forums. Good to know that BT4 is pretty secure coming out of the box, I haveconfigured iptables instead of the UFW also. Thanks again.

reply

krigginsHehe no it is not my USB drive that has only 6 MB/sThe encryption has a impact om speed but not that bad belive it is my old and slow CPUthat limits it most.My 500G wester driver simpel write /dev/zero with dd59.1 MB/s uncrypt29.7 MB/s crypt

reply

@krigginsthx very much for this how-to.... it is a gooooooooooooooood one!but i have one problem, when I've done everything and want to boot from my stick it is notbooting. the grub loader comes up but then i get into a shell.I've looked in the initrd.img-2.6.30.9 file and found that there is no/tmp/foo/lib/modules/2.6.30.9/kernel/crypto/xts.ko in it. I think that this is my only problemnow that this how-to dosen't works on my stick. have you maybe an idea?I already have done the procedure more then 10 times for now, it dosen't work. I have a 8gigstick when you need this info.pikkker

reply

@pikkker,Others have experienced this problem and it went away on redoing the build, but apparentlythat is not working for you. The only suggestion I have is to double check the/etc/initramfs/modules file and make sure there is no type or extra characters on the line thathas xts. The full file should look something like this:# List of modules that you want to include in your initramfs.## Syntax: module_name [args ...]## You must run update-initramfs(8) to effect this change.## Examples:## raid1# sd_modfbconvesafbaes_i586xtsConfirm that it looks like this or do the following after mounting and chrooting to the installedBacktrack environment:




pikkker January 21, 2010


cd /etc/initramfswget -O modules http://www.infosecramblings.com/initramfs-modulesAfter doing that, run update-initramfs -u again.-Kevin

reply

I made a small update to this how-to.Some people are having issues with the xts.ko module not getting copied to the initrd image.This makes the the root and swap partitions unmountable because the encrypted partitioncan't be opened. Most have been able to correct this by redoing the install, but I wondered ifmaybe a consistent modules file would help, i.e. don't require the reader to edit the file.To that end, I have modified the how-to. I created a preconfigured modules file like I did forthe two pvcrypt scripts and added the wget command to download it. I also added what thecontents of that file should look like.Both the on-line how-to and the pdf have been updated.Note: The video does not show this step. It still shows the manual method.-Kevin

reply

Maybe we can save some space and computer power just too do the luksformat direct toothe primary ( /dev/hda2 ) ? Or is there some reson to have it on a logical partion ?

reply

Hi,thank you very much for this tutorial!Now, I'm trying to install BT on a USB thumbdrive to be used with a legacy laptop that doesnot support boot from USB. So I have to install the boot partition on the internal hard disk(which is seen as hda) and the root partition on the USB external device (sda).The problem is that the "Prepare partitions" wizard (for both manual and guided partition)shows the sda drive only!The hda disk is only shown if I launch the install process without any attached USB drive.How can the steps above be modified to have the system boot from the internal hard disk,and then load the encrypted file system from the USB thumbdrive?Thank you in advance for any hint!Jack

reply

@capron,It should be be possible to do skip the lvm part and directly use encrypted partitions. I triedthat initially and didn't get far, but that doesn't mean it can't be done.However, you will have to create two partitions, one for root and one for swap. You will alsohave to update the scripts to unlock both partitions at boot.You could run with a swap partition, but might experience performance problems.Personally, I don't think the use of LVM significantly impacts performance.@Jack,When the partitioning portion of the install.sh script starts on my machine I see all devices onthe system, both USB and hard drives. I wonder if the age of you system is getting in theway. I'm not sure what to tell you at this point. I will think about it and let you know if I comewith anything.-Kevin

reply

when i run:update-initramfs -ui get an error say that i cant update "initramfs" because i am using a live cdcan you tell me why I am getting this error

reply

nevermind someone has already posted thisi will re-install and try againbut thank you for the tutorial

reply

@kriggins



Jack January 22, 2010


damian January 22, 2010

damian January 22, 2010


Today I installed ubuntu 9.10 on my crypt hdisk. Following thishttp://nedos.net/2010/01/21/ubuntu-luks-lvm/ It is very diffrent from your installationprocedure. He don't use scripts too config initfsram , and only edit /etc/cryptab in a moresimpel way. Damm Do you think this also cud work for backtrack ? ( Grub2 is used in 9.10 ubuntu )

reply

Is it possible to format the free space as NTFS and use that partition on windows?reply

@kriggins,After reading your post, I started playing around with partitions, making some additionalcheck that they were all unmounted, and trying with different USB ports... at the end, Irelaunched the install process and both drives were magically recognized!Sorry for annoying you with that, I should have tried harder Many thanks!Jack

reply

I also receive this error:"device-mapper:table:253:0:crypt:Error allocation crypto tfmcommand failed. No key available with this passphrase"I tried booting with the livecd, and then seeing if I can open the encrypted portion, sameerror. This has happened to me twice (starting from scratch both times)

reply

Greetings from Sweden! I just wanted to say thank you for this guide. It worked like acharm! Much appreciated you took the time to make this.Mattias

reply

Hello i have been having a problem , all the procedure until the installation is exactly as aboveno problems there but when i go in the manual install no partitions are made in the flashdrive , i tried with an 8G and a 16G flash drive no luck. And also if i proceed with theinstallation then during the installation a get a fatal error and the hole procedurestops.Everything works up until that moment and i don't what it could be, any thoughts?

reply

I tried following the instructions while booting from a dvd, had some issues arise whileinstalling hashalot and lvm2 apt-get returned an error regarding "update-initramfs disabled"because of using a live cd environment. a possible workaround is to replace the update-initramfs binary e.gcd /usr/sbin/mv update-initramfs update-initramfs.oldln -s /rofs/usr/sbin/update-initramfs /usr/sbin/update-initramfsthis must be done before installing hashalot and lvm2.In the end I found running backtrack4 in VirtualBox (installed not live disc) worked best andreturned no errors throughout the process. In the end this was an awesome "how to" thanksfor the work.

reply

@nate,That is not actually an error. The programs get installed correctly. The update-initramfs runsfine once we have installed Backtrack to the target drive and then chrooted to it. That error isonly because the install process tries to rebuild the initrd image and can't because it isrunning from a read-only medium.-Kevin

reply

@dan,I'm not sure what you are asking. The how-to calls for using all space on the target drive. Ifyou have a large enough drive, say 16 GB or bigger, you could setup a partition that is FATor NTFS formatted to use with Windows, but you would lose the encryption option for that

Dan January 25, 2010

Jack January 25, 2010

Dan January 25, 2010

Mattias January 26, 2010

AthBot January 26, 2010

nate January 29, 2010



partition.The error you received means that some step in the process was missed or didn't workcorrectly. The required encryption modules are no in the initrd image on the drive. Usually,redoing the install carefully will take care of this.@Mattias,Thanks!@Athbot,Make sure you are deleting any partitions on the target drive before you try to create thenew ones. Sometimes you have to delete the partitions, write the table to the drive, quitefdisk, reboot and then create the new partitions.-Kevin

reply

@capron,I don't know if the method you found for 9.10 will work for this. Give it a try and let us know.-Kevin

reply

Thanks a lot for the guide, it was really helpful (especially the scripts part) which would havebeen very difficult to figure out alone.And just FYI i did the install on a HD and not on a USB stick with only minor adaptations andit works like a charm.Thanks again.Ulrick

reply

@Ulrich,Thanks. I'm glad it worked well for you. I really should add a note that this method works forhard drive install as well as thumb/SD/USB drives.Kevin

reply

Awesome, works for me. Thanks for your help!reply

@daniel,You are welcome. Thanks for the feedback.

reply

Thanks for the guide. Real cool .reply

Great guide and videos...Thanks for taking the time to put this out here.reply

@Justitia and @vtwin1800,Thank you for the comments and I'm glad you found the guides helpful.Kevin

reply

it appears to me that you made 2 partitions in this guide. sdb1 and sdb2. where does sdb5come from? If this is an obvious thing please forgive my ignorance i am still getting used tolinux.

reply

yeah i didn't read very good, my bad...reply

pvcreate /dev/mapper/pvcrypt


Ulrick13 February 1, 2010

kriggins February 2, 2010

Daniel February 3, 2010


Justitia February 4, 2010

vtwin1800 February 5, 2010


mosler February 8, 2010



Device /dev/mapper/pvcrypt not found (or ignored by filtering)any thoughts?

reply

once again as soon as i post i find my mistake...reply

works a treat! usb install went so well in fact, i'm doing the same with my laptop nextthankyou very much for this tutorial, very useful, appreciate =)

reply

I am not sure what I did wrong but I am getting:"Command failed: Can not access device" after I reboot.

reply

@kyle,That is usually indicative of the mistyped UUID or other problem. Try the troubleshooting tipsat the end of the how-to to make sure you can mount the device outside of booting andthen double-check the /etc/initramfs-tools/scripts/local-top/pvcrypt script for the correctUUID or device name.You can paste it here if you would like me to take a look.-Kevin

reply

I'd like to say thanks for the guide, one of the most thorough ive read in a while.Just getting a few problems:Im getting "operating system not found" when trying to boot, could be a mistake in myinstallation, but ive had it on the 2 different devices i have tried to install on. Although whenmanually editing the boot partition in the install process, i get a different window than theone in your screenshot, more.. basic.Could be related but im getting the error "Command failed: Can not access device" whendoing "update-initramfs -u" when i have chroot'd onto the usb stick.Will try a full reinstall again, i just dont want to keep repeating the 3 hour wait while filling thepartition with random data, or the hour or so wait while installing.Any thoughts on the errors?

reply

@pyros,The problem with the update-initramfs command concerns me because it means that thingsare not getting written correctly to the usb device.The no operating system found could be related to that or to the final step when you selectthe device to install the boot loader to. Make sure you are picking the correct device.Finally, you only have to write random data once. No need to do it again.-Kevin

reply

The no operating system found could be related to that or to the final step when you selectthe device to install the boot loader to.Regarding that, am i meant to select the device (sda) or the boot partition of the device(sda1)? The guide shows the device itself, so i chose it, but just to be clearNo need to do it againGood to knowIll get back to here when ive reinstalled

reply

Hey thanks for this guide... unfortunately i am getting an error where it finds the UUID I putin but then it says attempting to resume from... with a UUID that is diff than mine.. it thensays doing a normal boot... then just sits there.... nothing else.any ideas?Also did anyone;s install take like 2 hours? on a gen one macbook?

reply


phrag February 9, 2010

Kyle February 12, 2010


pyros February 13, 2010



Andrew February 13, 2010


@pyros,You select the device itself.@Andrew,That resume message is normal and shouldn't be causing any issues. Is this happening afteryou have enter your LUKS key or before. I can't speak to the gen one macbook specifically,but it does take quite a while for an install to finish on my laptop, even when I don't writerandom data to the drive.-Kevin

reply

Seems my first problem was an error with the bios - it was counting my usb drive as a harddrive, which pushed it down to second priority and so didnt boot.After reinstalling, update-initramfs did work, so i have no idea what was wrong with it.Many thanks for the assistance and the guide, i now have a smooth running OS on my USBstick

reply

Kevin, the resume msg is happening after i put in the key.. am i not waiting long enough..also i skipped the writing random data part of the guide

reply

If you don't get a can't access device error then you should be okay. I'd give it a least a fewminutes to boot just to see if that's the problem.Kevin

reply

Ok tried again... it says boot from dev (blah, blah) then my UUID..then asks for key.... enters finekinit: name_to_dev_t( blah/blah/ NOT my uuid)resuming from (also not my UUID)no resume file foundstarting normal bootthen nothingive let it sit now for 15 mins.. nothing

reply

OK booted into a vmware backtrack session to try to repairafter running the hashalot and lvm updates i ran#cryptsetup luksOpen /dev/sdb pvcryptEnter LUKS passphrase: (my password)Command failed: No key available with this passphrase.

reply

never mind last comment it needed to be sdb5.. ok now im checking the uuid in the script tomake sure that isnt the issue

reply

here is my pvccryptPREREQ="udev"prereqs(){echo "$PREREQ"}case $1 in# get pre-requisitesprereqs)prereqsexit 0;;esac/bin/loadkeys -q /etc/console-setup/boottime.kmap.gzmodprobe -Qb dm_cryptmodprobe -Qb sha256modprobe -Qb aes_i586modprobe -Qb xts# The following command will ensure that the kernel is aware of# the partition before we attempt to open it with cryptsetup.








/sbin/udevadm settlesleep 10if grep -q splash /proc/cmdline; then/bin/chvt 1fi/sbin/cryptsetup luksOpen /dev/disk/by-uuid/eef9d0f6-88a6-4341-847a-48587882a3afpvcrypt

reply

@Andrew,That file looks good. One thing you can try is to change the /dev/disk... line to be /dev/sdb5and see if that works. It definitely shouldn't sit for 15 minutes.I have had several people who, for whatever reason, have had problems with their first install,but starting over has worked. Something to consider.Kevin

reply

Hi,After enable encryption the BT installer run but close in the 3rd screen (Prepare disk space)without notice.I start from scratch and the same happens. Any idea? (Lenovo 3000 N200)Regards

reply

@John,I don't know what might be causing that behavior. Maybe try a different USB thumb drive.-Kevin

reply

Hi,I've got exactly the same problem, I've rebooted my computer and checked its not acorrupt file, the 3rd screen shows fine if my encrypted drive isn't plugged in but as soon asit is the screen disappears.Regards

reply

Hi again,i solved it, i just restarted the tutorial after formatting the drive and it seems to beworking fine.

reply

[...] booted into my encrypted version of Backtack 4 on an SD card (Thanks to Kevin Rigginsgreat tutorial and video) to see if the screen would rotate. Sure enough, built right in wasthe option to [...]

reply

Hi,Iam trying to do with HDD no USB.Error: the kernel is unable to re-read the partitiontable.... vg-swapregards,

reply

@John,You might try performing the initial partitioning step. Rebooting, installing lvm2 and hashalotand then encrypting the device and creating the logical volumes.Not sure why you would be getting that error on vg-swap since it isn't a partition, but alogical volume.-Kevin

reply

Hi,thx for reply. this laptop is using Hitachi HDD (HTS54168). According to


John February 15, 2010


3616833 January 9, 2011

3616833 January 10, 2011

Using a netbook as an E-book reader at Ed Smileys Blog February 15, 2010



john February 15, 2010

System>Gparte>Show featureslinux-swap Read, Check, Label (not available)ext2/ext3 are ok.any ideas?

reply

Hi,It seems there's an issue when creating root logical volumen:pvcreate /dev/mapper/pvcryptPhysical "volume /dev/mapper/pvcrypt" successfully createdvgcreate vg /dev/mapper/pvcryptVolume group "vg" successfully createdlvcreate -n swap -L xM vg/dev/cdrom3: open failed: Read-only file system. # this is normalLogical volume "swap" created.lvcreate -n root -L xG vg/dev/cdrom3: open failed: Read-only file system. # this is normalLogical volume "root" created.After i created swap logical volume i use "vgdisplay" to see the "Free PE" available, so i used"lvcreate -n root -l yyy vg" instead. Replace "yyy" with Free PEI still have to finish the gui install ... i'll let you know of any issues.Regards,J

reply

im not sure which thumdrive to down load back track to, which one to do the partition on,and which one to instal it on. please get back to me asap i really want to try this sofeware.

reply

@marcel,Careful reading of the how-to will provide you with all the answers you need, but, in short,you install Backtrack using Unetbootin to one device, boot from it and perform all otheractions to the second device.The first device can be 2GB or larger, but the second must be at least 8GB or larger.Again, read all steps very carefully, particularly when partitioning and installing thebootloader. These two steps can cause your system OS to not boot if done incorrectly.-Kevin

reply

Hi,Everything is working fine! Thx for this great tutorial!One thing i have noticed is that "creation of a second account" (non-root) is skipped?installer jump from step 4 to 7.i guess after BT is installed i just create a regular account using: "adduser useraccount" ...right?Best regards,J

reply

@John,You can add a non-admin account if you want just like you indicate. For Backtrack and theuses I have for it, I just run as root.Kevin

reply

When doing "update-initramfs -u" at the end. I got the "update-initramfs is disabled sincerunning on a live CD". What do I do then? Thanks!

reply

@Matthew,It looks like you missed the chroot step. Go back to that point in the how-to and repeat allthe steps after chrooting.Kevin

reply


marcel February 16, 2010




Matthew February 19, 2010


OK, I finally got the LUKS part to work, but after saying "Command successful.", it dumps:Gave up waiting for root device. Common problems:- Boot args (cat /proc/cmdline)- Check rootdelay= (did the system wait long enough?)- Check root= (did the system wait for the right device?)- Missing modules (cat /proc/modules; ls /dev)ALERT! /dev/mapper/vg-root does not exist. Dropping to a shell!...and then I get a (initramfs) prompt.Any ideas?

reply

@derek,It looks like maybe the lvm modules didn't get copied into the initrd image. You might trythe troubleshooting options at the bottom of the post and redoing the apt-get install lvm2and update-initramfs commands.-kevin

reply

Thanks Kevin, you were right - my lvm2 install was fubar'd the first time around, but Istarted over and got it right and now everything is running smooth. Truly excellent write-upand support! We all appreciate the help!!

reply

Hi,First thanks for this gread tut!I've installed all but when I try to boot is just says"Searching for Boot Record from USB RMD-FDD...OKGRUB"And at this point nothing happens...Can anybody help my?Tobias

reply

At last installation step (running install.sh) after running up to about 25% progress,installation crashes with Errno 5, saying there is not enough space left on USB. After tryingto re-initiate install, I figure that I cannot assign boot for /dev/ as per screenshot (as it isprobably already written).Will be figuring out with smaller USB, as my 8Gb takes 2-4 hours to execute dd command,and about 2 hours last time for installation.

reply

@tobias,In my experience, this often happens when the wrong device is selected for the bootloader toinstall to. This is the last step in the install.sh script. Make sure you select the right bootdevice.@aco,A full install requires 6.5 GB or so. You will not be able to use this method with a smaller USBthumb drive. Double check your partition sizing. It seems like maybe you are not using theentire disk as described in the howto. Alos, you only have to do the dd step once. I'm notsure what you are asking about with the assign boot question.-Kevin

reply

Hi,I tried it now twice and I dont think that its because of selecting the wrong device...I will install it again now to make shure its the right device!But is there any other possible reason for this??Tobias

reply

@Tobias,I'm not sure what might be causing this if it isn't due to the wrong device being picked.

Derek February 19, 2010


Derek February 19, 2010

tobias February 20, 2010

Aco February 21, 2010


tobias February 22, 2010


If you can post the contents of /boot/grub/menu.lst and fdisk -l /dev/sd, I will check to see ifI see anything obvious.-Kevin

reply

Why do you want to use the usb disk 8G. Bt4 now only 1.5g of the dvd iso filereply

@wh_hrb,You need that large of a disk because of the updates that will be installed and the encryptionstep. You really need it if you use the new method of full disk encryption that is referenced atthe very top of the how-to.If you are just putting Backtrack on USB device and aren't worried about persistence, then allyou need is a 2GB drive.-Kevin

reply

Hi,I will post the results when Ive finished the installation...I found a difference to your installation after choosing the manual part at the top there arealso 2 parts of my hard disk.:dev/hdadev/hda1 ntfsfree spaceand after that comes the "normal" part.May this cause my problems?tobias

reply

menu.lst:# By default, boot the first entry.default 0# Boot automatically after 30 secs.timeout 30vga=0x317image=/boot/grub/bt4.xpm.gztitle Start BackTrack FrameBuffer (1024x768)kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0x317initrd /boot/initrd.gztitle Start BackTrack FrameBuffer (800x600)kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0x314initrd /boot/initrd800.gztitle Start BackTrack Forensics (no swap)kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw vga=0x317initrd /boot/initrdfr.gztitle Start BackTrack in Safe Graphical Modekernel /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quietinitrd /boot/initrd.gztitle Start Persistent Live CDkernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quietinitrd /boot/initrd.gztitle Start BackTrack in Text Modekernel /boot/vmlinuz BOOT=casper boot=casper nopersistent textonly rw quietinitrd /boot/initrd.gztitle Start BackTrack Graphical Mode from RAMkernel /boot/vmlinuz BOOT=casper boot=casper toram nopersistent rw quietinitrd /boot/initrd.gztitle Memory Testkernel /boot/memtest86+.bintitle Boot the First Hard Diskroot (hd0)chainloader +1### BEGIN AUTOMAGIC KERNELS LIST## lines between the AUTOMAGIC KERNELS LIST markers will be modified## by the debian update-grub script except for the default options below#

Install BackTrack Live to USB

Documents

Transcript of Install BackTrack Live to USB