Set up Kali Linux on a thumb drive (for MacBooks)
17 Jul 2017Greetings! With practically no introduction whatsoever, let’s dive directly into getting this up and running!
This guide has 6 parts, with some ramblings at the end
- Set up Kali on a thumb drive
- Set up encrypted persistence mode
- Install the wifi driver for MacBooks
- Fix the tilde key on MacBooks
- Set up an actual user account and disabling the root user
- Optional fun stuff
- Sources/thoughts
At the end, you will have a Kali installation set up on your thumb drive that you can use as an alternate OS. Better yet, it will be a portable OS that you can boot to from any machine. Also, it will have the proper drivers to use a MacBook’s wifi adapter. You can read what you WON’T have at the end of the post.
You can read more about the difference between a persistent live USB drive and a full Linux install here. Basically, a live drive makes no assumptions about the hardware it is running on, whereas a full Linux install generally customizes itself to the hardware it was installed on. In short, the live drive can be run better on different hardware profiles, but it takes longer to boot.
Set up Kali on a thumb drive
First things first, you’re gonna need a Kali ISO file. So, go ahead and grab the latest version, or use the version I used.
Now, you’re going to need to make a bootable USB drive out of that ISO. I used Rufus, which is what the folks over at Ubuntu recommend, and I think it works great. I beleive Rufus is Windows-only, so feel free to use what method you like to do this step.
One thing to note, is that the default username for Kali is root and the
default password is toor, root backwards.
Once you are finished with these instructions, you should be able to boot from the thumb drive into Kali. If not, something isn’t right.
Set up encrypted persistence mode
First off, persistence mode enables Kali to keep files. Without it, every time you boot Kali, it will be as though the OS has never been run before, which can be a hassle, as we’ll find out in the next section.
So, boot into Kali using your bootable thumb drive. You may notice in the boot menu two persistence options. Those will not work without first setting up a partition on the thumb drive, so simply selecting those options will accomplish nothing. As such, it doesn’t matter which option you choose, so long as you are booted into Kali, because every option is the same for what we are about to do.
Once you have Kali up, fire up a terminal. From here on, every time you see a code block
Like this
, that will indicate things you need to type in the terminal. Once you have the terminal open, type
fdisk -l
which will display a list of drives connected to your computer. Identify which one is your thumb drive. In the event that you only have a single drive besides the thumb drive connected to your computer (i.e. the hard disk your primary OS boots from), this will most likely be /dev/sdb. fdisk will also show numbers after sda, sdb, sdc, and so on, and those numbers indicate partitions on that drive, which we don’t care about for now. All we want is to find which letter after “sd” identifies our thumb drive.
Did you find it? Good, let’s continue
We’ll use parted to create another partition on our thumb drive.
parted /dev/sdb
Now we should see (parted) instead of root@kali:
print free
will show us detailed information about the partitions on our thumb drive. What we are looking for is where the last partition ends, and the end of our thumb drive, which should be displayed for us now.
So, noting these two details, we are ready to create our partition. For me, the last partition ended at 2794MB and the end of my thumb drive was 15.8GB.
mkpart primary 2794MB 15.8GB
Now, we are done with parted. To close a running program in a terminal in unix, use ctrl+c (do that now to end parted). We can use fdisk -l to verify that the new partition was created, but it’s just to make you feel warm and bubbly inside.
Now we need to create a file system for our partition. Even better, our partition will be encrypted, because we’re using Kali linux and the thought of our colleagues pwning us reminds us of the time we were laughed off the stage in the Shrek middle school musical. This next command assumes that sdb was the thumb drive and we just made a third partition for it.
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb3
This will prompt us for a password. You will use this password EVERY time you boot Kali, so be prepared for that. This next one will give us access to the partition so we can create a file system for it.
cryptsetup luksOpen /dev/sdb3 my_usb
Okay, now let’s make the filesystem
mkfs.ext3 -L persistence /dev/mapper/my_usb
And then
e2label /dev/mapper/my_usb persistence
Finally, we need to make a conf file, so we’ll use four commands for that
mkdir -p /mnt/my_usb
mount /dev/mapper/my_usb /mnt/my_usb
echo "/ union" > /mnt/my_usb/persistence.conf
umount /dev/mapper/my_usb
Now, let’s close the encrypted channel to our persistence partition
cryptsetup luksClose /dev/mapper/my_usb
Okay, so now when we boot into Kali, we should be able to pick up where we left off. All our programs that we install from here on should still be there. Bash history will be there, etc.
So, to test, shut down Kali and reboot into the thumb drive. This time, be sure to select “Live USB encrypted Persistence” from the boot menu. During the boot process, you should see the following prompt: “Please unlock disk /dev/sdb3:”, at which point you enter your password when we set made the partition.
You set the password to unlock the partition, so it’s not going to be toor unless that’s what you set it to.
Install the wifi driver for MacBooks
Okay, so now we’re getting into some juicy stuff here. The reason we desire persistence is so we don’t have to keep setting up all our drivers and crap like that. I use Kali from a MacBook Air (Early 2014), and the wifi adapter will not work right off the bat. This can be killer, but I used an ethernet to usb dongle I got from Amazon for internet initially. You can also install these drivers without internet from another thumb drive, but that’s not what I did, and I don’t know how to do it. Assuming you’ve got internet somehow, it’s not too hard to set up the adapter, but one of the commands is straight gibberish. Fire up the old terminal and let’s get going.
apt-get install linux-headers-$(uname -r | sed 's,[^-]*-[^-]*-..') broadcom-sta-dkms
That’s the part you need internet for. It’s important to note that you should see
wl:
Running module version sanity check.
towards the top part of your terminal window. If not, something went wrong. Now, we need to disable crap drivers and enable the good one.
modprobe -r b44 b43 b43legacy ssb brcmsmac
And then
modprobe wl
Type
iwconfig
and now you should see an entry for wlan0. But an even easier way to verify that everything went well is that you’ll be able to set up a wifi connection in Kali now :)
Fix the tilde key on MacBooks
To make it so the tilde key doesn’t output angle brackets, fire up your terminal.
sudo -i
will open up a terminal as the root user.
crontab -e
will open up the root user’s crontab file. Add @reboot echo 0 > /sys/module/hid_apple/parameters/iso_layout
to the end, then save changes, and exit the text editor. You should see
crontab: installing new crontab if everything went right. Restart the machine
to confirm that the tilde key is now functioning as expected.
Set up an actual user account and disabling the root user
Okay, so now let’s not use the root user to log in. First, we’ll create a user profile. We don’t need to use the terminal for this part! Click the down arrow at the top-right corner of the screen, click root, and then click account settings. Click the Add User… button.
MAKE SURE YOU ARE MAKING YOURSELF AN ADMINISTRATOR, because we’re going to be disabling root. Type your username in the Full Name and Username fields (the full name part doesn’t matter at all, really), and then give yourself a password.
BE SURE YOU MADE YOURSELF AN ADMINISTRATOR!!!!
When you’re done, click Add. Now you have another user. However, you’ll soon realize (if you don’t follow the next instructions) that Kali couldn’t care less about this new user. It automatically logs you in on boot, and if you log out of root, it just kills the desktop environment. So, we need to change a file. I use the VIM file editor, but leafpad is more user-friendly.
leafpad /etc/gdm3/daemon.conf
Now, with the leafpad editor open, comment out the following lines by adding a “#” at the beginning of the line.
AutomaticLoginEnable=true AutomaticLogin=root TimedLoginEnable=true TimedLogin=root TimedLoginDelay=5
Next, disable root login by changing
AllowRoot = true
to
AllowRoot = false
Make sure you save your changes.
Finally, set up a cronjob that will disable root user login.
sudo -i
crontab -e
Add the following to the end: @reboot passwd -l root
Now, I recommend restarting the machine and rebooting into Kali at this point.
You’ll know you did these instructions correctly if:
Kali makes you login at boot. You can’t log in with the root account. You can log out without killing the desktop environment. You can use Google Chrome (assuming you install it, which we’ll discuss in the next section).
Because we are no longer using the root account, several of Kali’s programs need
to be run with sudo now. If you don’t like that, you can always log into a root
terminal with sudo -i
Optional fun stuff
Install webcam driver for MacBooks
This section has not been tested. Ignore this for now.
Who really gives a flip about the stupid webcam? (Just use MacOS to skype your internet girlfriend already…) Let’s set it up anyway.
Let’s clone the repo onto the desktop
cd ~/Desktop
git clone https://github.com/patjak/bcwc_pcie.git
Install dependencies
sudo apt-get install linux-headers
Install Google Chrome
Let’s install everyone’s favorite web browser! Though Firefox ESR and Firefox Development edition will probably be more useful to someone using Kali, it’s always good to have Chrome!
Download the Debian/Ubuntu version of Chrome. Once you have it, the big question is, how do you use a .deb file?
dpkg -i PATH_TO_SOME_.DEB_FILE
If you do this without creating a non-root user, Chrome will whine and complain. You can use Chrome as root, and odds are you won’t run into trouble. The concern is, if someone hijacks your Chrome browser, they have access to the root user. You may think there is no difference between root and another user with admin privileges, but you’d be 100% wrong.
Improve power-saving features
Adpated from here
One of the unfortunate realities of using Linux on a MacBook is the drastically
reduced battery life. Fortunately, we have a couple tricks up our sleeve. We’re
going to install powertop and tlp.
sudo apt-get install powertop
Once that’s installed execute it
sudo powertop
Use the tab key to go to Tunables. Once there use the arrow keys and hit enter to toggle all the bad options to good.
Next up is tlp
sudo apt-get install tlp
sudo apt-get install tlp-rdw
Once it is installed, open up /etc/default/tlp in a text editor. Make sure that you see the following lines and values, making any changes necessary:
DISK_IDLE_SECS_ON_AC=0
DISK_IDLE_SECS_ON_BAT=1
MAX_LOST_WORK_SECS_ON_BAT=15
DISK_APM_LEVEL_ON_BAT=”1 1” (irrelevant if you have an SSD)
RUNTIME_PM_ALL=1
RESTORE_DEVICE_STATE_ON_STARTUP=1
Now start it
sudo tlp start
Then check the status
sudo tlp-stat -s
You may need to start services when you run tlp-stat -s. If so, it will tell
you how to start the services, and you should start them.
Put this script in /etc/pm/power.d/
I host the script here, but I did not write it. I originally downloaded it from this location: https://help.ubuntu.com/community/MacBookAir6-2/Trusty?action=AttachFile&do=view&target=99macbookair6
Now, we need to execute the script on powerup. First, make it so the root user owns it
sudo chown root:root /etc/pm/power.d/macbook
Then, give the root user executable permissions
sudo chmod o+x /etc/pm/power.d/macbook
Finally, execute the script on reboot
sudo -i
crontab -e
Add the lines to the end
@reboot /etc/pm/power.d/macbook
Set up an adapter in monitor mode
This one’s going to be a tad wonky. I’m convinced there must be some better way to go about this, but this worked for me. First confirm that you are a member of the sudo group
groups
Your group will be listed after your username. Then we are going to give the sudo group write access to a certain file.
sudo -i
crontab -e
Append @reboot chmod g+w /proc/brcm_monitor0 to the end of the file.
Now, we’re going to have bash write to this file every time you open a terminal. Append the following line to ~/.bashrc
echo 1 > /proc/brcm_monitor0
This will enable a device called prism0 which we can use with programs that
require a wifi adapter in monitor mode, e.g. airodump-ng prism0
Strangely, I noticed that prism0 was gone after I left the computer idle for a bit.
I believe the broadcom adapter should be able to change states, but I am not a driver person. I will continue to look into this and report back any further details.
Configure vim
We want vim to display line numbers, so let’s put the following in ~/.vimrc
set number
syntax on
Update packages
Now, if you update your packages, it will actually retain the updates when you restart the machine. I’m not going to walk you through this process. Do it, don’t do it, it’s up to you!
These commands will take a LONG time!!
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt autoremove
Show Trash icon on desktop
If you’re like me, you’re constantly emptying the trash/recycle bin. It might be a good idea to just disable the stupid thing and have deleted files just delete. BUT, let’s have Kali display the Trash on the desktop so we can get thrills from emptying it.
Open the dconf Editor program. It will warn you not to be stupid, and agree to not be stupid. Go to the following path /org/gnome/nautilus/desktop. Once there, click on trash-icon-visible, and set it to true.
Next, immediately empty the trash and enjoy the satisfaction (I freed up almost a gig, not sure what the heck was in there that was taking up that much space, probably should have looked a little more carefully…)
Install VirtualBox and MetaSploitable
This one is super optional. Running a VM and an OS off a thumb drive is
sketchy on a good day. Nevertheless, let’s ignore what sense is telling us and
do it anyway!
I have to say, the VM in reality runs pretty well on the thumb drive (USB 3).
Make sure you’ve updated your packages
sudo apt-get install virtualbox
You’re also going to need the image for virtualbox, which you can snag here Make sure it’s unzipped.
Okay, let’s set it up!
Assuming it VirtualBox was installed correctly, it should be listed amongst your normal programs, so fire it up!
Click new then Expert Mode use the following options:
- Name: Metasploitable
- Type: Linux
- Version: Other Linux (64-bit)
- Memory Size: 1024 MB
- Use an existing virtual hard disk file: select the file from the unzipped metasploitable download
You’re going to need to access this VM through the network, so let’s set that up.
From the VirtualBox main menu, go to File->Preferences Then go to Network then Host-only Networks From there, click the icon on the right with the plus sign on it, which should create vboxnet0. Hit OK.
Now, we need to have our VM use it, so click on your VM (which was metasploitable in our case) and then Settings. Click on Network. In Adapter 1, make sure Enbale Network Adapter is checked, and then select Host-only Adapter from the Attached to dropdown box. From the Name dropdown, select vboxnet0
Now, you can fire up the VM and login (using the credentials user/user or msfadmin/msfadmin).
If you type ifconfig you should see an IP that starts with 192.168. To test
the connection, you can use ping VM_IP_ADDRESS.
From this point, we can continue on to the Metasploitable tutorial.
Sources
I got my instructions for this primarily from the following sources:
https://docs.kali.org/downloading/kali-linux-live-usb-persistence
https://pentestmac.wordpress.com/2015/11/28/kali-linux-broadcom-wireless-on-macbook/
https://www.binarytides.com/auto-login-root-user-kali/
Asides
I spent quite a while figuring out exactly how to perform these steps. What I have described is the best way to accomplish the task that I could find. In some instances, I tried many things before settling on a solution that actually worked.
I noticed that almost nothing about the OS itself was saved when using USB
persistence mode. For example, when changing the permissions of /proc/brcm_monitor0
it wasn’t carried over to the next boot. So, I figured a decent way to accomplish
persistent OS changes was using crontab.
Regarding Kali updates, I don’t think updating Kali through Software works.
However, I believe the command sudo apt-get dist-upgrade is equivalent and
works fine.
If you are aware of anything that could be done better, by all means, leave a comment.
Complaints
One major complaint of mine is that the wl driver seems to run into errors sometimes, leaving me without use of the wifi adapter until I restart the machine. I am not sure at what point this started happening.
Another problem is the atrocious battery life compared to MacOS (which is expected). I have messed with TLP and powertop, but the battery life still isn’t even in the realm of MacOS.
Because we use an encrypted filesystem (on a thumb drive, no less), don’t expect responsiveness to be extreme. I was once installing something from the terminal and copying something over from a thumb drive, and responsiveness was non-existant for anything not already loaded into RAM. So yeah, if you want a snappy OS, forget about putting it on a thumb drive :)
Updates
- I’m not sure if TLP gets started correctly at reboot. I need to confirm this.
I plan on updating this as soon as I confirm that you can set the wifi adapter to monitor mode, a critical component of using some of Kali’s tools.
I have added instructions on how to get a persistent monitor mode set up