I need to do a better job of getting information to the blog in a timely manner. Well, I am back at it now and this entry will show you how to setup Backtrack, a boot Linux distribution focused on security tools and penetration testing, on a USB flash drive.
As you may be aware, the beta version of Backtrack version 3 was announced last month. There are two versions available - the Stripped Down version and what they are calling the USB version. The USB version is actually the larger of the two versions weighing in at around 950 MB. I decided to give the USB version a try so I purchased the SanDisk 2 GB Cruzer Micro for $20. A bootable Live USB distro is advantageous over the standard Live CD in that you have the ability to change and store data on the USB device. In fact, with the 2GB USB drive you can carve out a 1GB partition to store data while you perform your security audits. Well, on to the process of creating a bootable USB key... Command (m for help): n
1. Delete the pre-existing partitions and create new partitions.
In my experience, many of the USB keys come with "helpful" Windows utilities, hidden partitions, etc. I want nothing to do with this crap. If you want to save these programs, make a backup copy of the USB key before proceeding.
Note: All of these step are performed using Debian Linux.
Run fdisk on your USB drive. My drive is sdb. To determine your drive run tail -f /var/log/messages
Prior to inserting your USB drive and examine the output after your insert the drive. Now run fdisk.
fdisk /dev/sdb
At the fdisk command prompt type 'p' (without the apostrophe) to print the contents of the partition table. The partition table on the pre-formatted SanDisk drives may produce some strange results.
Disk /dev/sdb: 1024 MB, 1024966656 bytes
32 heads, 62 sectors/track, 1009 cylinders
Units = cylinders of 1984 * 512 = 1015808 bytes
This doesn't look like a partition table
Probably you selected the wrong device.
Device Boot Start End Blocks Id System
/dev/sdb1 ? 392206 967564 570754815+ 72 Unknown
Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(357, 116, 40) logical=(392205, 19, 11)
Partition 1 has different physical/logical endings:
phys=(357, 32, 45) logical=(967563, 8, 51)
Partition 1 does not end on cylinder boundary.
/dev/sdb2 ? 85025 1060846 968014120 65 Novell Netware 386
Partition 2 has different physical/logical beginnings (non-Linux?):
phys=(288, 115, 43) logical=(85024, 30, 47)
Partition 2 has different physical/logical endings:
phys=(367, 114, 50) logical=(1060845, 20, 42)
Partition 2 does not end on cylinder boundary.
/dev/sdb3 ? 942481 1918302 968014096 79 Unknown
Partition 3 has different physical/logical beginnings (non-Linux?):
phys=(366, 32, 33) logical=(942480, 18, 30)
Partition 3 has different physical/logical endings:
phys=(357, 32, 43) logical=(1918301, 7, 39)
Partition 3 does not end on cylinder boundary.
/dev/sdb4 ? 1454477 1454505 27749+ d Unknown
Partition 4 has different physical/logical beginnings (non-Linux?):
phys=(372, 97, 50) logical=(1454476, 12, 25)
Partition 4 has different physical/logical endings:
phys=(0, 10, 0) logical=(1454504, 11, 33)
Partition 4 does not end on cylinder boundary.
Next, delete all of the pre-existing partitions:
Command (m for help): d
Partition number (1-4): 1
Command (m for help): d
Partition number (1-4): 2
Command (m for help): d
Partition number (1-4): 3
Command (m for help): d
Selected partition 4
Since the fdisk was complaining about an invalid partition table on the USB drive I decided to create a new disklabel and manually define the partition type. Create the new disklabel by selection 'o' from the fdisk command prompt.
Command (m for help): o
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content won't be recoverable.
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
Now create the partitions. I have a 2 GB drive. Approximately 1 GB will be used by Backtrack, and I am creating a second partition with the remaining space. Use 'n' at the command prompt to create a new partition and 't' to define the partition type.Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-1009, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-1009, default 1009): +1000M
Partition Type:
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): L
Notice, since I don't know the partition types off the top of my head I type 'L' to display the options.
*Output eliminated for the sake of brevity*
Choose 'c' for Win95 FAT-32 (LBA)
Hex code (type L to list codes): c
Changed system type of partition 1 to c (W95 FAT32 (LBA))
Then write the changes by typing 'w' at the command prompt.
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: If you have created or modified any DOS 6.x
partitions, please see the fdisk manual page for additional
information.
Don't forget to flag the first partition as bootable by using the 'a' command. Now repeat this process to create the second partition. The step will essentially be the same with the exception of flagging the drive as bootable.
Partition 2:Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (740-1009, default 740):
Using default value 740
Last cylinder or +size or +sizeM or +sizeK (740-1009, default 1009):
Using default value 1009
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): c
Changed system type of partition 2 to c (W95 FAT32 (LBA))
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: If you have created or modified any DOS 6.x
partitions, please see the fdisk manual page for additional
information.
Syncing disks.
2. Format the newly created partitions.
Format the first partition.root@gloc:/home/bbest# mkfs.vfat /dev/sdb1
mkfs.vfat 2.11 (12 Mar 2005)
...and the second partition.root@gloc:/home/bbest# mkfs.vfat /dev/sdb2
mkfs.vfat 2.11 (12 Mar 2005)
3. Mount the Backtrack ISO and copy the files to the USB flash drive.
Make appropriate mount directories
mkdir bt_temp
mkdir usb_partition_1
Mount the Backtrack ISO image.
mount -o loop backtrack3.iso bt_temp
Mount the bootable partition on the USB flash drive.
mount -t vfat /dev/sdc1 usb_partition_1
Copy boot and BT directories to the bootable partition of the USB flash drive.
cp -a bt_temp/boot usb_partition_1
cp -a bt_temp/BT usb_partition_1
Copy contents of /boot/isolinux to root of bootable partition
cp /boot/isolinux/* usb_partition_1
Rename isolinux.bin to syslinux.bin and isolinux.cfg to syslinux.cfg
mv isolinux.bin syslinux.bin
mv isolinux.cfg syslinux.cfg
If necessary, edit syslinux.cfg to relect proper path. Now make sure you have syslinux installed for the last step. If you do not have it installed you will need to install it now.
Run syslinux on the bootable partition of the USB flash drive
syslinux /dev/sdc1
Make sure that your BIOS is set to boot from USB, and you should now be able to boot Bactrack from your USB flash drive. Also, don't forget about that second partition as you will be able to mount it and use it while working in Backtrack.
