Jump to content


Photo
- - - - -

Ep 1102 Install Using Btr5 R2


This topic has been archived. This means that you cannot reply to this topic.
11 replies to this topic

#1 Tortus

Tortus
  • Active Members
  • Newbie

  • 3 posts

Posted 13 March 2012 - 09:11 AM

I was wondering if anyone has tried to follow the tutorial using BTR5 R2?. The file contents of /etc/fstab has changed from BTR5 R1 and not sure what to add and or edit.

I watched the episode again but this time with less red bull and vodka as my choice beverage and everything worked out ok thank you all for your help.

Edited by Tortus, 17 March 2012 - 05:39 PM.


#2 int0x80

int0x80
  • Active Members
  • Hak5 Zombie

  • PipPipPipPipPip
  • 160 posts

Posted 13 March 2012 - 01:51 PM

I upgraded to R2 from inside my R1 install, so have not done a fresh install yet. I wouldn't expect the contents of /etc/fstab to be an issue, though.
6a 25 58 6a ff 5b 6a 09 59 cd 80

http://dualcoremusic.com

#3 Valsacar

Valsacar
  • Active Members
  • Hak5 Fan +

  • PipPipPip
  • 48 posts

Posted 13 March 2012 - 05:51 PM

I'm running BT5R2 installed that way, only thing that really needs to change is the one for /boot. Just remove the UUID and put /dev/sdb1 in it's place.

#4 int0x80

int0x80
  • Active Members
  • Hak5 Zombie

  • PipPipPipPipPip
  • 160 posts

Posted 14 March 2012 - 12:32 PM

The /etc/fstab editing is covered in the episode :]
6a 25 58 6a ff 5b 6a 09 59 cd 80

http://dualcoremusic.com

#5 slowjoe

slowjoe
  • Members
  • Newbie

  • 1 posts

Posted 18 February 2013 - 10:32 AM

@ int0x80

 

Thanks for the episode, great instructions, worked a treat and with no problems.

 

Just a couple of N00b questions.

 

What happens if i lose the usb key or it stops working ? Do i need to back this key up somehow and if so what is the best way.

 

Also a stupid question I am sure, if you are deriving the key each time then can anyone do it if they had access to that key or they would need to know the offset, which could be computed in no time I am assuming ? especially if like in the example choosing 32 which is near the beginning ?

 

Sorry for resurrecting an old thread, thanks in advance.



#6 int0x80

int0x80
  • Active Members
  • Hak5 Zombie

  • PipPipPipPipPip
  • 160 posts

Posted 28 March 2014 - 08:14 PM

One good rez deserves another.  Mods please forgive me.  

 

Replies inline:

 

 

What happens if i lose the usb key or it stops working ? Do i need to back this key up somehow and if so what is the best way.

 

Definitely back up the drive.  I do this with dd -- let's say the USB drive is /dev/sdd in this example:

dd if=/dev/sdd bs=64k of=./boot_usb.img

Should something change like losing your USB drive, physical media degradation, or you just want to switch up your media (and use an SD card, for example); you can write the new device from the acquired image -- let's say the new device is /dev/sde in this example:

dd if=./boot_usb.img bs=64k of=/dev/sde

Now all the bytes are the same and you're good to go.

 

 

 

if you are deriving the key each time then can anyone do it if they had access to that key or they would need to know the offset, which could be computed in no time I am assuming ? especially if like in the example choosing 32 which is near the beginning ?

 

The key needs to be exactly the same in order to decrypt the drive.  An attacker would need to know your exact key derivation algorithm to recreate the key.  The approach to choosing your own method gives you flexibility here, aka pick your poison: consecutive bytes, every other byte, every third byte, offsets in the Fibonacci sequence, whatever you want.  Choose your own adventure -- you just have to do it the same way each time to always recreate the same key.  

 

Keep your operational security (opsec) in mind.  Who are your adversaries?  Are you worried that BART police might snatch your laptop, for example?  Then don't sit under a camera on BART with your keyboard and screen exposed while you decrypt your laptop.  You get the idea.


6a 25 58 6a ff 5b 6a 09 59 cd 80

http://dualcoremusic.com

#7 WilsonFisk

WilsonFisk
  • Active Members
  • Newbie

  • 4 posts

Posted 16 June 2014 - 12:30 PM

I apologize in advance for resurrecting an old thread. I have a question though.  I use this setup quite a bit and I love it.  Instead of using it with BackTrack, I use it with Kubuntu.  Process still works pretty much the same up until 12.04.  After 12.04 cryptsetup was no longer available at the busybox prompt.  Up until 13.10, it was just a minor inconvenience as I would just start with 12.04, get my encrypted installs setup and working, and then upgrade up to 13.10, making sure to add new keys when those areas of the USB drive changed.  Now I have a I can't seem to find an answer for.  I have a new laptop, and 12.04 does not recognize the network devices, wireless or wired.  If I boot from the 14.04 LiveUSB all the hardware is detected and is working properly, however, there is no cryptsetup in busybox. So I can't upgrade my way to the latest version of the Distro, and I can't install the latest Distro with full disk encryption. 

 

So finally to my question: How do I add cryptsetup to busybox so that I can start with Kubuntu 14.04 and still have my full disk encryption? Thanks again, and I feel compelled once again to apologize for reopening an old thread.



#8 int0x80

int0x80
  • Active Members
  • Hak5 Zombie

  • PipPipPipPipPip
  • 160 posts

Posted 16 June 2014 - 02:58 PM

I installed Kubuntu 14.04 into a new VM and selected the full system encryption with LVM option during install.  After dropping out to BusyBox, I do have cryptsetup available:
 
(initramfs) which cryptsetup
/sbin/cryptsetup
My guess is that you are using cryptsetup in the live environment that you booted from, but it is not installed into the host OS (your persistent installation).  HTH.

Edited by int0x80, 16 June 2014 - 03:39 PM.

6a 25 58 6a ff 5b 6a 09 59 cd 80

http://dualcoremusic.com

#9 WilsonFisk

WilsonFisk
  • Active Members
  • Newbie

  • 4 posts

Posted 16 June 2014 - 07:35 PM

Yes that is the problem that I am having. I followed the tutorial for backtrack from your segment in one of the Hak5 episodes. Awesome work BTW.  I have never tried this before but after I finish installing 14.04 and chroot to setup the volumes, can I install cryptsetup from there?



#10 int0x80

int0x80
  • Active Members
  • Hak5 Zombie

  • PipPipPipPipPip
  • 160 posts

Posted 16 June 2014 - 07:58 PM

You should be able to, definitely give that a try.  

 

Another more-involved option could be to add cryptsetup into your initrd, but I would go for installing cryptsetup into the target install during the setup process.

 

Please post your notes/instructions here once you get it figured out.  Other people are sure to have the same questions as you.


6a 25 58 6a ff 5b 6a 09 59 cd 80

http://dualcoremusic.com

#11 WilsonFisk

WilsonFisk
  • Active Members
  • Newbie

  • 4 posts

Posted 18 June 2014 - 04:44 PM

Just an update. I finally found the time to try installing cryptsetup into the target environment and that did not work. Next attempt will be to add cryptsetup into initrd. After encrypting the root drive with luks, creating a key from the USB drive, and rebooting, I am dropped into a busybox shell without cryptsetup so no way to decrypt the drive and continue the boot process.



#12 WilsonFisk

WilsonFisk
  • Active Members
  • Newbie

  • 4 posts

Posted 20 June 2014 - 10:54 AM

Okay, I have managed to get this working. After editing the /etc/crypttab file, I ran 'update-initramfs -c -k all'  and then used lsinitramfs to verify that cryptsetup was there.  If anyone is interested I can post a step-by-step doc this weekend. Thanks again int0x80!