For convenience and portability, you can’t beat creating your own bootable CD-ROM (aka a Live CD) on a USB flash drive. Previously, I showed you how to create a Linux security-oriented distribution on a Live CD that lets you take your security tools with you to boot a failed or suspect computer without affecting the host OS. (See “Virtual Machines and Backtrack” at http://www.securityprovip.com/Articles/ArticleID/95921/95921.html). However, CD-ROM-based Live CDs can be a bit bulky, and once created, you can’t do anything else with them. For computers that support booting from a USB port—and most newer computers do—a USB 2.0 flash drive boots a Live CD distro faster than a CD-ROM, and you can use the remaining space on the flash drive as storage. For example, you could copy the 689MB Live CD version of BackTrack on a FAT32-formatted 2GB flash drive and still have more than a gigabyte of storage available. If you’re working on a Windows computer, you can insert the flash drive and access your Windows tools, reference docs, or other data, or reboot the host and boot to the Linux-based BackTrack Live CD. Sound good? Let’s create one for you.
How to Do It
I’ve chosen for this example to do a basic configuration of a USB bootable version of the BackTrack Live CD, but you can also use these techniques for creating a bootable USB drive of other distros. You’ll need at least a 1GB USB flash drive to hold the whole Live CD. You’ll also need a host computer to configure the USB drive—in our example we’re using Windows to configure the USB drive to show that you don’t need to have a ton of experience to set this up. I’ve found it helpful to keep the following questions in mind when choosing and formatting your USB flash drive:
- How large is your flash drive? In the example below I’ll show you how to install BackTrack on a 1GB flash drive. You can find smaller distributions but will obviously sacrifice the number of applications you have available for use. If you use a larger flash drive, you’ll be able to use all sorts of your favorite applications, from Mozilla Firefox to OpenOffice.
- Do you want persistence? Live CDs were made for bootable CD-ROMs. CD-ROMs are cheap but don’t offer persistence—that is, the ability to save changes to the OS between reboots. This article helps you configure your flash drive to boot a Linux Live CD without persistence, but by using FAT32 you can use the remaining space on your flash drive to store files available to most other OSs. In an upcoming article, I’ll show how to create an entire Linux installation on a USB drive that provides persistence.
After the above considerations are met and you’ve chosen your distro and USB drive, you need to format the USB drive for FAT32 from a Windows computer. Insert the flash drive in Windows, right-click the associated drive letter, and click format. Make a note of the drive letter Windows assigns to your USB drive. Next, download the BackTrack ISO at remote-exploit.org (http://www.remote-exploit.org/backtrack_download.html).
Next, unpack the files from the ISO and copy them to the newly formatted USB drive. A Live CD is designed to boot from a removable drive to a fully functional OS. A traditional OS installation CD-ROM is designed to start a setup program that usually walks you through questions as it installs the OS. For example, look on your Live CD for the directory /boot, which contains the bootable kernel ”vmlinuz.” You can also look in the Live CD for the distro files; for example, in the BackTrack Live CD, look in the /bt/base directory and you’ll see files with the same names as familiar Linux folders. For example, etc.lzm is the etc directory compressed with LZM compression.
There are many ways to unpack files. One option is to burn the BackTrack ISO to a CD-ROM and access the files from that CD-ROM. A second option is to extract the ISO image by using a tool such as 7-Zip (http://www.7-zip.org). Download and install 7-Zip and then run the 7-Zip File Manager. Navigate to where you downloaded your Live CD ISO and open the image.
After you unpack the ISO, copy the entire contents of the Live CD ISO directly to the root of the USB drive, being careful to maintain the original Live CD directory structure.
Next, make the USB drive bootable by using the lightweight boot loader syslinux. Download the latest version (syslinux-3.52.zip at the time of this writing) from kernel .org (http://www.kernel.org/pub/linux/utils/boot/syslinux) and extract the Zip file to a directory on your host computer’s hard drive. Open a command prompt, go to the \syslinux\win32 directory, and run the command:
syslinux.exe -ma USB drive letter:
The -ma parameter instructs syslinux to create a master boot record (-m) and to make it active (a). If you’re running Windows Vista and User Access Control (UAC), make sure you run the command shell as an administrator or syslinux will fail. (To run the command shell as an administrator, from the Vista Start menu, right-click Command Prompt and click Run as Administrator.) At this point, your USB drive is now bootable to the Live CD distribution of BackTrack.
Testing Your Creation
When you start your computer, it probably boots directly from your hard drive, or maybe from your CD-ROM drive if you have a bootable CD-ROM inserted. You'll probably need to tell your computer to try to boot from the USB drive. I’ve configured my laptop to boot from a USB first, a CD-ROM next, and the hard drive last—if a device doesn’t contain a bootable OS, the laptop will try the next choice. Be mindful of the computer you're trying to boot; the owners of a public kiosk might have password-protected the BIOS to prevent tampering. Insert your USB drive and reboot your computer.
To Persist or Not to Persist
One advantage of what I’ve shown you is portability—a Linux security BackTrack on a bootable USB drive means you don’t have to carry an extra bootable CD-ROM. A Live CD running on a bootable USB is also very fast at loading and file access compared to one running on a CD-ROM, and creating a Live CD by using the methods above lets you use your USB drive to also store other files. When using a Live CD distro such as this, any changes to the OS are written to a RAM drive created by the Live CD distro each time you start it up. Any changes to the OS persist only while the session is active; when you reboot the host computer you won’t leave any tracks. However, you might want your changes to persist—for example, to be able to boot off your USB Linux flash drive and have quick access to your previously configured email, bookmarks, or other documents. As it turns out, we can use a slightly modified Live CD distro to do just this. Next month, I’ll show you how to create a persistent Linux USB installation.