Set up Kali Linux on a thumb drive (for MacBooks)

Greetings! With practically no introduction whatsoever, let’s dive directly into getting this up and running!

This guide has 6 parts, with some ramblings at the end

  1. Set up Kali on a thumb drive
  2. Set up encrypted persistence mode
  3. Install the wifi driver for MacBooks
  4. Fix the tilde key on MacBooks
  5. Set up an actual user account and disabling the root user
  6. Optional fun stuff
    1. Install webcam driver for MacBooks
    2. Install Google Chrome
    3. Improve power-saving features
    4. Set up an adapter in monitor mode
    5. Configure vim
    6. Update packages
    7. Show trash icon on desktop
    8. Install VirtualBox and Metasploitable
  7. Sources/thoughts

At the end, you will have a Kali installation set up on your thumb drive that you can use as an alternate OS. Better yet, it will be a portable OS that you can boot to from any machine. Also, it will have the proper drivers to use a MacBook’s wifi adapter. You can read what you WON’T have at the end of the post.

Set up Kali on a thumb drive

First things first, you’re gonna need a Kali ISO file. So, go ahead and grab the latest version, or use the version I used.

Now, you’re going to need to make a bootable USB drive out of that ISO. I used Rufus, which is what the folks over at Ubuntu recommend, and I think it works great. I beleive Rufus is Windows-only, so feel free to use what method you like to do this step.

One thing to note, is that the default username for Kali is root and the default password is toor, root backwards.

Once you are finished with these instructions, you should be able to boot from the thumb drive into Kali. If not, something isn’t right.

Set up encrypted persistence mode

First off, persistence mode enables Kali to keep files. Without it, every time you boot Kali, it will be as though the OS has never been run before, which can be a hassle, as we’ll find out in the next section.

So, boot into Kali using your bootable thumb drive. You may notice in the boot menu two persistence options. Those will not work without first setting up a partition on the thumb drive, so simply selecting those options will accomplish nothing. As such, it doesn’t matter which option you choose, so long as you are booted into Kali, because every option is the same for what we are about to do.

Once you have Kali up, fire up a terminal. From here on, every time you see a code block

Like this

, that will indicate things you need to type in the terminal. Once you have the terminal open, type

fdisk -l

which will display a list of drives connected to your computer. Identify which one is your thumb drive. In the event that you only have a single drive besides the thumb drive connected to your computer (i.e. the hard disk your primary OS boots from), this will most likely be /dev/sdb. fdisk will also show numbers after sda, sdb, sdc, and so on, and those numbers indicate partitions on that drive, which we don’t care about for now. All we want is to find which letter after “sd” identifies our thumb drive.

Did you find it? Good, let’s continue

We’ll use parted to create another partition on our thumb drive.

parted /dev/sdb

Now we should see (parted) instead of [email protected]:

print free

will show us detailed information about the partitions on our thumb drive. What we are looking for is where the last partition ends, and the end of our thumb drive, which should be displayed for us now.

So, noting these two details, we are ready to create our partition. For me, the last partition ended at 2794MB and the end of my thumb drive was 15.8GB.

mkpart primary 2794MB 15.8GB

Now, we are done with parted. To close a running program in a terminal in unix, use ctrl+c (do that now to end parted). We can use fdisk -l to verify that the new partition was created, but it’s just to make you feel warm and bubbly inside.

Now we need to create a file system for our partition. Even better, our partition will be encrypted, because we’re using Kali linux and the thought of our colleagues pwning us reminds us of the time we were laughed off the stage in the Shrek middle school musical. This next command assumes that sdb was the thumb drive and we just made a third partition for it.

cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb3

This will prompt us for a password. You will use this password EVERY time you boot Kali, so be prepared for that. This next one will give us access to the partition so we can create a file system for it.

cryptsetup luksOpen /dev/sdb3 my_usb

Okay, now let’s make the filesystem

mkfs.ext3 -L persistence /dev/mapper/my_usb

And then

e2label /dev/mapper/my_usb persistence

Finally, we need to make a conf file, so we’ll use four commands for that

mkdir -p /mnt/my_usb
mount /dev/mapper/my_usb /mnt/my_usb
echo "/ union" > /mnt/my_usb/persistence.conf
umount /dev/mapper/my_usb

Now, let’s close the encrypted channel to our persistence partition

cryptsetup luksClose /dev/mapper/my_usb

Okay, so now when we boot into Kali, we should be able to pick up where we left off. All our programs that we install from here on should still be there. Bash history will be there, etc.

So, to test, shut down Kali and reboot into the thumb drive. This time, be sure to select “Live USB encrypted Persistence” from the boot menu. During the boot process, you should see the following prompt: “Please unlock disk /dev/sdb3:”, at which point you enter your password when we set made the partition.

Install the wifi driver for MacBooks

Okay, so now we’re getting into some juicy stuff here. The reason we desire persistence is so we don’t have to keep setting up all our drivers and crap like that. I use Kali from a MacBook Air (Early 2014), and the wifi adapter will not work right off the bat. This can be killer, but I used an ethernet to usb dongle I got from Amazon for internet initially. You can also install these drivers without internet from another thumb drive, but that’s not what I did, and I don’t know how to do it. Assuming you’ve got internet somehow, it’s not too hard to set up the adapter, but one of the commands is straight gibberish. Fire up the old terminal and let’s get going.

apt-get install linux-headers-$(uname -r | sed 's,[^-]*-[^-]*-..') broadcom-sta-dkms

That’s the part you need internet for. It’s important to note that you should see

wl:
Running module version sanity check.

towards the top part of your terminal window. If not, something went wrong. Now, we need to disable crap drivers and enable the good one.

modprobe -r b44 b43 b43legacy ssb brcmsmac

And then

modprobe wl

Type

iwconfig

and now you should see an entry for wlan0. But an even easier way to verify that everything went well is that you’ll be able to set up a wifi connection in Kali now :)

Fix the tilde key on MacBooks

To make it so the tilde key doesn’t output angle brackets, fire up your terminal.

sudo -i

will open up a terminal as the root user.

crontab -e

will open up the root user’s crontab file. Add @reboot echo 0 > /sys/module/hid_apple/parameters/iso_layout to the end, then save changes, and exit the text editor. You should see crontab: installing new crontab if everything went right. Restart the machine to confirm that the tilde key is now functioning as expected.

Set up an actual user account and disabling the root user

Okay, so now let’s not use the root user to log in. First, we’ll create a user profile. We don’t need to use the terminal for this part! Click the down arrow at the top-right corner of the screen, click root, and then click account settings. Click the Add User… button.

MAKE SURE YOU ARE MAKING YOURSELF AN ADMINISTRATOR, because we’re going to be disabling root. Type your username in the Full Name and Username fields (the full name part doesn’t matter at all, really), and then give yourself a password.

When you’re done, click Add. Now you have another user. However, you’ll soon realize (if you don’t follow the next instructions) that Kali couldn’t care less about this new user. It automatically logs you in on boot, and if you log out of root, it just kills the desktop environment. So, we need to change a file. I use the VIM file editor, but leafpad is more user-friendly.

leafpad /etc/gdm3/daemon.conf

Now, with the leafpad editor open, comment out the following lines by adding a “#” at the beginning of the line.

AutomaticLoginEnable=true AutomaticLogin=root TimedLoginEnable=true TimedLogin=root TimedLoginDelay=5

Next, disable root login by changing

AllowRoot = true

to

AllowRoot = false

Make sure you save your changes.

Finally, set up a cronjob that will disable root user login.

sudo -i

crontab -e

Add the following to the end: @reboot passwd -l root

Now, I recommend restarting the machine and rebooting into Kali at this point.

You’ll know you did these instructions correctly if:

Kali makes you login at boot. You can’t log in with the root account. You can log out without killing the desktop environment. You can use Google Chrome (assuming you install it, which we’ll discuss in the next section).

Optional fun stuff

Install webcam driver for MacBooks

This section has not been tested. Ignore this for now.

Who really gives a flip about the stupid webcam? (Just use MacOS to skype your internet girlfriend already…) Let’s set it up anyway.

Let’s clone the repo onto the desktop

cd ~/Desktop
git clone https://github.com/patjak/bcwc_pcie.git

Install dependencies

sudo apt-get install linux-headers

Install Google Chrome

Let’s install everyone’s favorite web browser! Though Firefox ESR and Firefox Development edition will probably be more useful to someone using Kali, it’s always good to have Chrome!

Download the Debian/Ubuntu version of Chrome. Once you have it, the big question is, how do you use a .deb file?

dpkg -i PATH_TO_SOME_.DEB_FILE

If you do this without creating a non-root user, Chrome will whine and complain. You can use Chrome as root, and odds are you won’t run into trouble. The concern is, if someone hijacks your Chrome browser, they have access to the root user. You may think there is no difference between root and another user with admin privileges, but you’d be 100% wrong.

Improve power-saving features

Adpated from here
One of the unfortunate realities of using Linux on a MacBook is the drastically reduced battery life. Fortunately, we have a couple tricks up our sleeve. We’re going to install powertop and tlp.

sudo apt-get install powertop

Once that’s installed execute it

sudo powertop

Use the tab key to go to Tunables. Once there use the arrow keys and hit enter to toggle all the bad options to good.

Next up is tlp

sudo apt-get install tlp
sudo apt-get install tlp-rdw

Once it is installed, open up /etc/default/tlp in a text editor. Make sure that you see the following lines and values, making any changes necessary:

DISK_IDLE_SECS_ON_AC=0
DISK_IDLE_SECS_ON_BAT=1
MAX_LOST_WORK_SECS_ON_BAT=15
DISK_APM_LEVEL_ON_BAT=”1 1” (irrelevant if you have an SSD)
RUNTIME_PM_ALL=1
RESTORE_DEVICE_STATE_ON_STARTUP=1

Now start it

sudo tlp start

Then check the status

sudo tlp-stat -s

You may need to start services when you run tlp-stat -s. If so, it will tell you how to start the services, and you should start them.

Put this script in /etc/pm/power.d/

Now, we need to execute the script on powerup. First, make it so the root user owns it

sudo chown root:root /etc/pm/power.d/macbook

Then, give the root user executable permissions

sudo chmod o+x /etc/pm/power.d/macbook

Finally, execute the script on reboot

sudo -i
crontab -e

Add the lines to the end
@reboot /etc/pm/power.d/macbook

Set up an adapter in monitor mode

This one’s going to be a tad wonky. I’m convinced there must be some better way to go about this, but this worked for me. First confirm that you are a member of the sudo group

groups

Your group will be listed after your username. Then we are going to give the sudo group write access to a certain file.

sudo -i

crontab -e

Append @reboot chmod g+w /proc/brcm_monitor0 to the end of the file.

Now, we’re going to have bash write to this file every time you open a terminal. Append the following line to ~/.bashrc

echo 1 > /proc/brcm_monitor0

This will enable a device called prism0 which we can use with programs that require a wifi adapter in monitor mode, e.g. airodump-ng prism0

Strangely, I noticed that prism0 was gone after I left the computer idle for a bit.

I believe the broadcom adapter should be able to change states, but I am not a driver person. I will continue to look into this and report back any further details.

Configure vim

We want vim to display line numbers, so let’s put the following in ~/.vimrc

set number
syntax on

Update packages

Now, if you update your packages, it will actually retain the updates when you restart the machine. I’m not going to walk you through this process. Do it, don’t do it, it’s up to you!

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt autoremove

Show Trash icon on desktop

If you’re like me, you’re constantly emptying the trash/recycle bin. It might be a good idea to just disable the stupid thing and have deleted files just delete. BUT, let’s have Kali display the Trash on the desktop so we can get thrills from emptying it.

Open the dconf Editor program. It will warn you not to be stupid, and agree to not be stupid. Go to the following path /org/gnome/nautilus/desktop. Once there, click on trash-icon-visible, and set it to true.

Next, immediately empty the trash and enjoy the satisfaction (I freed up almost a gig, not sure what the heck was in there that was taking up that much space, probably should have looked a little more carefully…)

Install VirtualBox and MetaSploitable

This one is super optional. Running a VM and an OS off a thumb drive is sketchy on a good day. Nevertheless, let’s ignore what sense is telling us and do it anyway!

I have to say, the VM in reality runs pretty well on the thumb drive (USB 3).

sudo apt-get install virtualbox

You’re also going to need the image for virtualbox, which you can snag here Make sure it’s unzipped.

Okay, let’s set it up!

Assuming it VirtualBox was installed correctly, it should be listed amongst your normal programs, so fire it up!

Click new then Expert Mode use the following options:

  • Name: Metasploitable
  • Type: Linux
  • Version: Other Linux (64-bit)
  • Memory Size: 1024 MB
  • Use an existing virtual hard disk file: select the file from the unzipped metasploitable download

You’re going to need to access this VM through the network, so let’s set that up.

From the VirtualBox main menu, go to File->Preferences Then go to Network then Host-only Networks From there, click the icon on the right with the plus sign on it, which should create vboxnet0. Hit OK.

Now, we need to have our VM use it, so click on your VM (which was metasploitable in our case) and then Settings. Click on Network. In Adapter 1, make sure Enbale Network Adapter is checked, and then select Host-only Adapter from the Attached to dropdown box. From the Name dropdown, select vboxnet0

Now, you can fire up the VM and login (using the credentials user/user or msfadmin/msfadmin). If you type ifconfig you should see an IP that starts with 192.168. To test the connection, you can use ping VM_IP_ADDRESS.

From this point, we can continue on to the Metasploitable tutorial.

Sources

I got my instructions for this primarily from the following sources:

https://docs.kali.org/downloading/kali-linux-live-usb-persistence

https://unix.stackexchange.com/questions/234859/how-to-create-a-partition-in-free-space-using-gnu-parted

https://pentestmac.wordpress.com/2015/11/28/kali-linux-broadcom-wireless-on-macbook/

https://www.binarytides.com/auto-login-root-user-kali/

Asides

I spent quite a while figuring out exactly how to perform these steps. What I have described is the best way to accomplish the task that I could find. In some instances, I tried many things before settling on a solution that actually worked.

I noticed that almost nothing about the OS itself was saved when using USB persistence mode. For example, when changing the permissions of /proc/brcm_monitor0 it wasn’t carried over to the next boot. So, I figured a decent way to accomplish persistent OS changes was using crontab.

Regarding Kali updates, I don’t think updating Kali through Software works. However, I believe the command sudo apt-get dist-upgrade is equivalent and works fine.

If you are aware of anything that could be done better, by all means, leave a comment.

Complaints

One major complaint of mine is that the wl driver seems to run into errors sometimes, leaving me without use of the wifi adapter until I restart the machine. I am not sure at what point this started happening.

Another problem is the atrocious battery life compared to MacOS (which is expected). I have messed with TLP and powertop, but the battery life still isn’t even in the realm of MacOS.

Because we use an encrypted filesystem (on a thumb drive, no less), don’t expect responsiveness to be extreme. I was once installing something from the terminal and copying something over from a thumb drive, and responsiveness was non-existant for anything not already loaded into RAM. So yeah, if you want a snappy OS, forget about putting it on a thumb drive :)

Updates

  • I’m not sure if TLP gets started correctly at reboot. I need to confirm this.
  • I plan on updating this as soon as I confirm that you can set the wifi adapter to monitor mode, a critical component of using some of Kali’s tools.
    I have added instructions on how to get a persistent monitor mode set up