Kali Live USB is great, but doesn’t it suck that all of the changes that you make in the live boot environment are wiped when you shut it down? That doesn’t have to be the case, thanks to a feature called persistence.
Persistence allows us to customize and configure desktop and user options, install additional software, perform updates, save files from a target desktop to our persistent environment, transport files from the Kali live environment to different machines, perform system updates to the live environment and carry them with us, install persistent software, and more. When using a bootable Kali USB device without persistence, Kali returns to its “out of the box” state every time you boot the USB device. In this tutorial I’m going to show you how to set up persistence on a Kali USB device, and as a bonus, our persistent volume will also be encrypted so if you lose the device or if it’s stolen, none of the information stored on your encrypted persistent volume can be compromised.
What You’ll Need
Before we can get started, you’ll need a few things.
- A Linux environment to create partitions on a USB drive (this can be a dedicated install, VM, or live boot environment)
- A USB flash drive, at least 8GB in size
- The latest Kali Linux ISO
Flashing the Latest Kali ISO
First thing’s first, we’ll use the following command:
…to list the partitions on all of our storage devices. As you can see in this example, /dev/sda is the first disk in my system and is a 20GB disk. I’m running this in a virtual machine, and 20GB is the amount I allocated to my virtual hard disk file. Typically /dev/sda will be the first disk in your system, followed by sdb, sdc, and so on. My second disk, /dev/sdb, is roughly 28.7GB in size, so I know that’s my 32GB USB drive. Be sure you’re discovering the name of the correct drive, as we’ll soon overwrite its entire contents with the contents of the Kali ISO.
If you haven’t already, cd to the directory where you downloaded the latest Kali ISO image. In this example I’ve downloaded Kali 2018.2 to the /root/Downloads directory. From here, you’ll want to issue the following command:
dd if=kali-linux-2018.2-amd64.iso of=/dev/sdb bs=512k
…where kali-linux-2018.2-amd64.iso is the name of your ISO file, and /dev/sdb is the name of the device you identified in the step above. Again, be sure you are writing to the correct device. You can easily overwrite a whole hard drive if you do this wrong, and the system won’t prompt you. Note that while the command is writing, there is no output. Rest assured it hasn’t locked up, just wait a few minutes for it to finish. Once it’s done you’ll be returned to the command prompt and the command will tell you that just shy of 3GB was written to disk.
You should now have a fully functional Kali live USB drive, so we’re ready to configure persistence.
Determine Unpartitioned Disk Space on the USB Device
Before we can execute the commands to write a persistence partition to the USB device, we must first determine the amount of unpartitioned space left on the device. You can do this with the command:
…where /dev/sdb is the name of your USB device. After you’re in the parted console, type the command:
…to view the amount of unpartitioned space left on the device.
As you can see in the last line of the output, I’ve got roughly 27.8GB of my 32GB device available. To stay on the safe side, we’ll call it 27GB.
Creating and Formatting the Encrypted Partition
Now that we know how much free space we have to work with, we’ll issue the commands required to create a new partition within that free space and format it with the ext3 filesystem. We’ll use the Kali ISO image that we flashed to the USB device as input for a command to tell parted where to begin the new partition. Commands are as follows:
end=27gb read start _ < <(du -bcm kali-linux-2018.2-amd64.iso | tail -1); echo $start parted /dev/sdb mkpart primary $start $end
You’ll need to change 27gb to the amount of free space that’s left on your particular USB device. You may also need to change the name of the Kali ISO file and the /dev/sdb parameter within the parted command to match your own variables.
When this command executes, you may get errors or warnings. The first will mention the closest location that “we can manage” in relation to partition creation. If this happens, just press Y and then Enter to let the application do its thing.
You may also get a warning that the partition isn’t “properly aligned for performance.” Press I and then Enter to ignore this warning and continue on with the partition creation.
The rest of this process will complete fairly quickly. To ensure that your new partition has been created, issue the command:
fdisk -l /dev/sdb
…where sdb is the name of your device. If you compare this to the previous output, you’ll see that we now have a /dev/sdb3 partition that’s approximately 23GB in size.
We’ll now create the encrypted volume within our new partition. Issue the following command:
cryptsetup --verify-passphrase luksFormat /dev/sdb3
…where /dev/sdb3 is the name of your new partition. You will be warned that all data on the partition will be lost. This is ok, since there should be no data on our new partition. You’ll be asked to acknowledge this by typing YES in all capital letters and pressing Enter. You’ll then be asked for a password. This password will be used to decrypt and mount the volume. If you lose this password, the data on the encrypted volume will be lost, so don’t lose it.
Next, we’ll create a mapping to our new luks volume, called kali_usb:
cryptsetup luksOpen /dev/sdb3 kali_usb
Now, well run the commands to format the volume with the ext3 filesystem and label it persistence:
mkfs.ext3 -L persistence /dev/mapper/kali_usb e2label /dev/mapper/kali_usb persistence
Both commands should execute very quickly.
We now have an encrypted luks volume that’s password protected, formatted as ext3, and labeled persistence. This will be the encrypted volume where all of our persistence data will reside on our persistent Kali USB device. There’s only one step left to go, and that’s to set up the persistence configuration file. To do this we’ll create a mount point to which we’ll mount our newly created volume, and create a persistence.conf file within the root of that volume. Finally we’ll unmount the volume and close the mapping.
mkdir -p /mnt/kali_usb mount /dev/mapper/kali_usb /mnt/kali_usb echo "/ union" > /mnt/kali_usb/persistence.conf umount /dev/mapper/kali_usb cryptsetup luksClose /dev/mapper/kali_usb
And that’s it. You should now have a persistence.conf file in the root of the encrypted volume.
From here we can test our USB device. Reboot the machine (or another machine) with the USB device inserted, and from the Kali boot menu choose Live System (Encrypted Persistence). During boot, you’ll be asked to unlock your encrypted persistence partition with the password you entered above. After entering the password, the system will continue to boot normally.
Considerations and Conclusion
Having persistence enabled on our Kali USB device will allow us to do many things that we couldn’t ordinarily do. One of the most powerful things is to copy data from a machine that we have a live boot session on and take it with us on our encrypted volume. We can then use the same tools we used above to mount our encrypted volume on another machine and pull that data off. Of course this requires that machine be a Linux machine since we would have to first decrypt our encrypted volume with luks, but the process is fairly simple. First, create a mapper to the encrypted volume; second, create a mount point to mount the volume; third, mount the volume.
cryptsetup luksOpen /dev/sdb3 kali_usb mkdir -p /mnt/kali_usb mount /dev/mapper/kali_usb /mnt/kali_usb
It’s as simple as that. When we’re finished copying data from the encrypted volume, we an simply unmount it.
That’s it! I hope you enjoyed this tutorial.