March 29, 2018

Kali Linux Live USB Persistence

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is the best OS for Hackers ever created. When we first create a Live USB of Kali Linux, by default, is not persistence. Today, I’ll go through the procedures to enable it.

Kali Linux “Live” has two options in the default boot menu which enable persistence — the preservation of data on the “Kali Live” USB drive — across reboots of “Kali Live”. This can be an extremely useful enhancement, and enables you to retain documents, collected testing results, configurations, etc., when running Kali Linux “Live” from the USB drive, even across different systems. The persistent data is stored in its own partition on the USB drive, which can also be optionally LUKS-encrypted.

To make use of the USB persistence options at boot time, you’ll need to do some additional setup on your “Kali Linux Live” USB drive. I assume that a Kali Linux “Live” USB drive has already been created.

So Let’s Start…


Persistence without LUKS Encryption

  1. Create and Format an additional partition on USB Drive using GParted. Let’s assume that partition is /dev/sdb3.

  2. Open Linux Terminal Console.

  3. Create an ext3 file system in the partition and label it persistence
    mkfs.ext3 -L persistence /dev/sdb3
    e2label /dev/sdb3 persistence

  4. Create a mount point, mount the new partition there, and then create the configuration file to enable persistence. Finally, unmount the partition.
    mkdir -p /mnt/my_usb
    mount /dev/sdb3 /mnt/my_usb
    echo "/ union" > /mnt/my_usb/persistence.conf
    umount /dev/sdb3

Persistence with LUKS Encryption

  1. Create and Format an additional partition on USB Drive using GParted. Let’s assume that partition is /dev/sdb3.

  2. Open Linux Terminal Console.

  3. Initialize the LUKS encryption on the newly-created partition. You’ll be warned that this will overwrite any data on the partion. When prompted whether you want to proceed, type YES. Enter your selected passphrase twice when asked to do so, and be sure to pick a passphrase you’re going to remember: if you forget it, your data will still be persistent, just irretrievable.
    cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb3
    cryptsetup luksOpen /dev/sdb3 my_usb

  4. Create the ext3 filesystem, and label it persistence.
    mkfs.ext3 -L persistence /dev/mapper/my_usb
    e2label /dev/mapper/my_usb persistence

  5. Create a mount point, mount our new encrypted partition there, set up the persistence.conf file, and unmount the partition.
    mkdir -p /mnt/my_usb
    mount /dev/mapper/my_usb /mnt/my_usb
    echo "/ union" > /mnt/my_usb/persistence.conf
    umount /dev/mapper/my_usb

  6. Close the encrypted channel to our persistence partition.
    cryptsetup luksClose /dev/mapper/my_usb


That’s really all there is to it! To use the persistent data features, simply plug your USB drive into the computer you want to boot up Kali Live on — make sure your BIOS is set to boot from your USB device — and fire it up. When the Kali Linux boot screen is displayed, choose the persistent option you set up on your USB drive, either normal or encrypted.