Samiux's Blog

Open Source is a great idea and it has changed the world! Open Source forever ....

While you do not know attack, how can you know about defense? (未知攻,焉知防?)

Do BAD things .... for the RIGHT reasons -- OWASP ZAP

It is easier to port a shell than a shell script. -- Larry Wall

Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall

为天地立心，为生民立命，为往圣继绝学，为万世开太平。 -- 王炜

Friday, March 09, 2012

HOWTO : Encrypt/Decrypt BackTrack 5 R2 with USB stick

Credit to : Hak5.org

Step 1 :

To check the device label :

sfdisk -l /dev/sda

sfdisk -l /dev/sdc

*** Where sda is my hard drive and sdc is the USB stick

Step 2 :

To format the following devices with linux format :

fdisk /dev/sda

d

n

p

1

p

w

fdisk /dev/sdc

d

n

p

1

p

w

Step 3 :

dd if=/dev/sdc bs=1 count=64 skip=32 of=/tmp/first.key



cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sda1 /tmp/first.key



cryptsetup -d /tmp/first.key luksOpen /dev/sda1 mylaptop



ls /dev/mapper

Step 4 :

mkfs.ext2 /dev/sdc1



mkfs.ext4 /dev/mapper/mylaptop

*** Where mylaptop is the label of the device.

Step 5 :

Install BackTrack 5 R2 as usual. However, do not format the partitions. Select /dev/mapper/mylaptop as ext4 and /. Then, select /dev/sdc1 as ext2 and /boot.

After that, make sure the bootloader is installed at /dev/sdc

Step 6 :

Once the installation is completed, select "Continue testing" and do not reboot.

dd if=/dev/sdc bs=1 count=64 skip=32 of=/tmp/second.key

Make sure the keys are different.

sha1sum /tmp/*key

Step 7 :

cryptsetup -d /tmp/first.key luksAddKey /dev/sda1 /tmp/second.key



mkdir /mnt/mylaptop



mount /dev/mapper/mylaptop /mnt/mylaptop/

mount /dev/sdc1 /mnt/mylaptop/boot



chroot /mnt/mylaptop/



mount -t proc proc /proc

mount -t sysfs sys /sys/

Step 8 :

nano /etc/crypttab



blkid /dev/sda1



mylaptop /dev/disk/by-uuid/<UUID Key> none luks



nano /etc/fstab



/dev/sdb1 /boot    ext2  defaults   0   2

Step 9 :

After that, boot BackTrack 5 R2 from the USB stick. It will drop to the busybox.

At the busybox, enter the following commands to unlock the partition. You are required to enter these commands on every boot up.

dd if=/dev/sdb bs=1 count=64 skip=32 of=/tmp/mykey.key



cryptsetup -d /tmp/mykey.key luksOpen /dev/sda1 mylaptop

Then press Ctrl-D to continue the boot process.

Step 10 :

After the system is boot up, it is required to create swap file.

dd if=/dev/zero of=/swapfile1 bs=1M count=512

* Where count=512 is 512M

mkswap /swapfile1

chown root:root /swapfile1

chmod 0600 /swapfile1



swapon /swapfile1



nano /etc/fstab



/swapfile1 swap  swap  defaults  0  0

Then reboot the system.

Remarks :

You are required to enter these commands on every boot up.

dd if=/dev/sdb bs=1 count=64 skip=32 of=/tmp/mykey.key



cryptsetup -d /tmp/mykey.key luksOpen /dev/sda1 mylaptop

See Also : HOWTO : Encrypt/Decrypt BackTrack 5 R2 with Passphrase

That's all! See you.