Security Weekly
Content

Backtrack 4 Pre-Release with persistence on an SD card

How to create a persistent install for BackTrack 4 Pre-release (via the Informer) on an SD card (or USB thumb drive)
I was excited to be able to use the new pre-release version of Backtrack 4, as I love to use it on my Asus EEE 1000HA. When it was released I was eager to make it work, booting off of an SD card in the EEE so that I would not have to mess with additional USB thumb drives (they stick out of the laptop, and the SD card is internal). During the process, I was happy to discover that both the internal wireless and bluetooth adapters are now supported. The wireless card even appears to support injection!

backtrack-4-beta.png

I’ll be tailoring this to use on an SD card, but the steps are exactly the same as a USB thumb drive.
Thank you to the Offensive Security folks who put together LINK this video, as this guide is based on it exactly. I wanted to put it down in text as it isn’t always that easy to print out video, or view when you don’t have internet access (such as on a plane…), where I initially wanted to accomplish this.
Additionally, this is a signifiant departure from the previous methods for creating a persistent install. This will not work for the BT4 beta versions.
Let’s get started.
Two things that you will need:
4GB_SD_CARD.jpg

  • The Backtrack 4 Pre-release ISO, booted on a machine with an SD card reader
  • An SD Card 4 gigs or larger (or USB thumb drive 4 gigs or larger) that we can completely wipe. This is a destructive method, as we need to create a few partitions.

After Booting in to BT4, and insert your SD card. Issue the command “dmesg”. At the very bottom of the output, we should be able to identify the plug in of our SD card, and the device to which it was assigned. Mine happened to be /dev/sdc, so that’s how the rest of the instructions will progress. Replace /dev/sdc with your assignment from the output of dmesg.
Now, as root (the default user for BT4), we need to fdisk our SD Card. BE CAREFUL, as selecting the wrong drive here can potentially hose your system. That’s why I like doing this from within a VM. Start fdisk with the appropriate drive:

# fdisk /dev/sdc

Within the fdisk utility, print the existing partition table with “p”. If there are existing partitions, delete them with “d”, and select the appropriate partition, and repeat until they are all gone. You can reverify by reprinting the partition table with “p”.
We now need to create two new partitions with in fdisk. For the first partition enter “n” for a new partition, “p” for primary partiton, “1” for first. Use a size of “+1500M” for 1.5 Gig. For the second partition, “n” for a new partition, “p” for primary partition, 2 for second. You can accept the default for size, or at a minimum of 1.5 Gig with “+1500M”
Activate (set as bootable) the first partition with “a”, and select partition 1. Assign a type to partition 1 by issuing “t”, select partition 1, and use the code of “b” to identify it as W95 FAT32
Verify the new partition table by issuing a “p” with in fdisk. If all looks OK, write it to disk (and exit) with “w”
Ok, you can breathe again. The dangerous part is done.
In order to use our new partitions, we need to format them. The first partition (/dev/sdc1) will be vfat, and the second (/dev/sdc2) will be ext3. We can format them with the following commands:

# mkfs.vfat -F 32 -n BT4 /dev/sdc1
# mkfs.ext3 -b 4096 -L casper-rw /dev/sdc2

The mkfs.ext3 command will take some time, so be patient.
Before we can begin copying over the files, we need to mount the forst partition after creating a directory to mount it to. We accomplish that with:

# mkdir /mnt/sdc1
# mount /dev/sdc1 /mnt/sdc1

Copy away! We’re going to copy the contents of our current, booted BT4 enviroment to the new partition on the SD card:

# rsync -avh /media/cdrom/ /mnt/sdc1

Again, this one will take some time, so be patient. Also, note that the extra “/” at the end of /media/cdrom/ is important. If you use tab completion to add that directory to the command, it will not be included and the rsync copy will fail.
Let’s install the grub bootloader so that the thumbdrive will actually boot, and know where to fund all of the appropriate files:

# grub-install --no-floppy --root-directory=/mnt/sdc1 /dev/sdc

Editing the startup items will make our experience that much better. You can use your favorite text editor here (vi for example), but nano is included on the BT 4 install, so feel free to use that:

# nano /mnt/sdc1/boot/grub/menu.lst

At the top of the file, change the default boot option to 5 to automatically use the persistent install at boot time if no user interaction is provided. the line should now read as:

default 5

Also, edit the block towards the end of the file with the title of “Start Persistent Live CD”. You’ll want the kernel line to be updated, and at the at the end add 0x315. This sets the default video mode for boot, and was the highest resolution available on my EEE. For normal installations (such as on non-netbooks), use 0x317. The updated line should be as follows:

/boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0x315

Exit nano and save the file to the default location (with ctrl x).
We are almost done! Just unmount the SD card ad reboot:

# umount /mnt/sdc1
# init 6

Enjoy your persistent Backtrack 4 installation on an SD card!
– Larry “haxorthematrix” Pesce

Larry Pesce

Larry’s core specialties include hardware and wireless hacking, architectural review, and traditional pentesting. He also regularly gives talks at DEF CON, ShmooCon, DerbyCon, and various BSides. Larry holds the GAWN, GCISP, GCIH, GCFA, and ITIL certifications, and has been a certified instructor with SANS for 5 years, where he trains the industry in advanced wireless and Industrial Control Systems (ICS) hacking. Larry’s independent research for the show has led to interviews with the New York Times with MythBusters’ Adam Savage, hacking internet-connected marital aids on stage at DEFCON, and having his RFID implant cloned on stage at Shmoocon. Larry is also a Principal Instructor and Course Author for the SANS Institute for SEC617: Wireless Penetration Testing and Ethical Hacking and SEC556: IoT Penetration Testing. When not hard at work, Larry enjoys long walks on the beach weighed down by his ham radio, (DE KB1TNF), and thinking of ways to survive the impending zombie apocalypse.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.