InputOutput.io

Why?

There’s been a number of situations in the past where, even though I’m perfectly happy running BackTrack as a host operating system, it would nonetheless be sweet to run any number of virtualized guest machines as well. For instance, if exploit code or a tool has been released in Windows (e.g. Ferret/Hamster) but is not yet, or will never be, released for Linux. Or if you want to do research in a virtualized network environment. And of course in general, it’s just a good idea to keep your options open, to sharpen your axe before you go out and chop some wood. My virtualization software of choice is VMWare Workstation, especially the newer versions >= 6.5. I’m not going to go into why I favor VMWare over other options, but suffice to say that they are just the best choice for non-commercial virtualized environments (and, uhm, unity mode is kickass.) So this will be a quick run-through for you to create a customized .lzm file for BackTrack Live with a full and functioning install of VMWare Workstation.

How?

While on the road to creating a customized .lzm file, I was steering for the path of least resistance. Basically, I created a before- and after-install list of files across the entire file system. I then compared the two – the difference being the new files that were created from the install. Copy those files over to a subdirectory structure, and run dir2lzm. Place .lzm file into the appropriate directory, uncompressed at boot time. Done. (Here I have to add a disclaimer: this method probably can be improved upon, since it doesn’t take into account those files which the install did not create, but may have only modified. Perhaps checking modification timestamps would be better.)

Boot up to BackTrack Live, and lets get started:

mkdir ~/vmware-install-tracking/
cd ~/vmware-install-tracking/
find / | sort > before

Now that we have a list of files before the install takes place, it’s time for us to install VMWare. Once you’ve installed it, run it, customize your settings, enter your serial number, etc. Open a few virtual machines. Get your settings to a point where you’re comfortable with them – you won’t be able to modify them again after this point. Close VMWare.

find / | sort > after
diff before after > new_files
cat new_files | egrep -v "^---$" | egrep -v "^[0-9]" | egrep -v "[><] /dev" | egrep -v "[><] /mnt/live" | egrep -v "[><] /proc" | egrep -v "[><] /sys" | egrep -v "[><] /tmp" | egrep -v "[><] /var/run" | egrep -v "[><] /var/lock/subsys/vmware" | egrep -v "[><] /root/vmware-install-tracking/" | cut -d" " -f2 > required_files
echo "/lib/modules/2.6.28.1/modules.dep" >> required_files # don't forget those modules!

The directory in the last line will vary based on current kernel version. At this point we have compiled a list of all the files and directories we need for the .lzm file. But we need a script that will parse through required_files and create a file/directory structure from it. I threw the following together in python, create_filestructure_from_filelist.py:

#!/usr/bin/python

import subprocess, os, sys
if len(sys.argv) is not 3:
        print "Usage: " + sys.argv[0] + " [file list to parse] [destination path]"
        exit()

dest_path = sys.argv[2]
if dest_path[len(dest_path) - 1] is '/':
        dest_path = dest_path[0:len(dest_path) - 1]

try:
        fp = open(sys.argv[1],"r")
except:
        print "Error: Could not open file for reading!"

x = fp.readline().strip()
file_list = []
dir_list = []
while x:
        if os.path.isdir(x):
                dir_list.append(x)
        if os.path.isfile(x):
                file_list.append(x)
        x = fp.readline().strip()

for dir in dir_list:
        if not os.path.isdir(dest_path + dir):
                subprocess.call('mkdir -p ' + dest_path + dir,shell=True)

for file in file_list:
        file_components = file.split('/')
        containing_dir = '/'.join(file_components[0:len(file_components) - 1])
        if not os.path.isdir(dest_path + containing_dir):
                subprocess.call('mkdir -p ' + dest_path + containing_dir,shell=True)
        subprocess.call('cp ' + file + ' ' + dest_path + file,shell=True)

Now all thats left to do is call the script, create the .lzm, and put it in the loadtime modules directory. Make sure the destination path in the script has enough storage space.

./create_filestructure_from_filelist.py required_files vmware-tmp/
dir2lzm vmware-tmp/ vmware.lzm
mv vmware.lzm /mnt/sdb1/bt4/modules/

Reboot to your live distribution. You now have a working install of VMWare Workstation on your BackTrack Live. Enjoy!

I recently attended Shmoocon 2009, and was surprised to find a few attendees asking me how I got my EVDO Sprint Novatel u727 modem working in BackTrack 3. The process should be the same for BT4, which was just released on Friday at Shmoocon. So for convenience sake, I provide the script I use to connect, and the configuration file for kppp.

evdoconnect.sh:

#!/bin/bash
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
eject /dev/sr0 2>/dev/null
sleep 1
modprobe -r usbserial
modprobe usbserial vendor=0x1410 product=0x4100
sleep 1
nohup kppp -c "Sprint Wireless" > /dev/null 2> /dev/null &

A note that the vendor and product codes will probably need to be changed if you’re using a different provider or card. Contact your provider for this information.

.kde/share/config/kppprc:

pppdArguments=

[Account0]
AccountingEnabled=0
AccountingFile=
Authentication=4
AutoDNS=1
AutoName=0
BeforeConnect=
BeforeDisconnect=
CallbackPhone=
CallbackType=0
Command=
DNS=
DefaultRoute=1
DisconnectCommand=
Domain=
ExDNSDisabled=0
Gateway=0.0.0.0
IPAddr=0.0.0.0
Name=Sprint Wireless
Password=user
Phonenumber=#777
ScriptArguments=
ScriptCommands=
StorePassword=1
SubnetMask=0.0.0.0
Username=user
VolumeAccountingEnabled=0
pppdArguments=

[General]
DefaultAccount=Sprint Wireless
DefaultModem=EVDO Modem
NumberOfAccounts=1
NumberOfModems=1
PPPDebug=0

[Graph]
Background=255,255,255
Enabled=true
InBytes=0,0,255
OutBytes=255,0,0
Text=0,0,0

[Modem0]
BusyWait=0
Device=/dev/ttyUSB0
Enter=CR
FlowControl=Hardware [CRTSCTS]
Name=EVDO Modem
Speed=921600
Timeout=60
UseLockFile=1
Volume=1
WaitForDialTone=1

[WindowPosition]
WindowPositionConWinX=283
WindowPositionConWinY=215

Again, this is simply my personal configuration. These should work quite the same for other distributions as well, provided that your card is connected via USB.

Explanation and Advantages

I recently decided to make BackTrack 3 the primary OS on my pearly EEE 701.  Given my EEE’s whopping 4GB of solid-state storage, I decided that rather than installing BackTrack directly onto the SSD, I would instead install the live distro to an 8GB SDHC card I had lying around, and use the remaining internal 4GB SSD as an encrypted /root partition using cryptsetup.  There are a few distinct advantages of such a setup.  Firstly, since the OS is installed as a live distro on a removable device, portability is not sacrificed – I am still able to boot into BackTrack from the same SDHC card plugged into another machine (assuming, of course, that machines BIOS supports booting from SD.)  Secondly, by overriding the default /root partition which is created by root.lzm, any changes I make to /root are persistent, and do not require a recompression of root.lzm.  This allows me to store application settings and files in a much more convenient manner.  Thirdly, since /root is encrypted, saving settings or files containing passwords or other sensitive information is less of a security risk.

Implementation

To install BackTrack onto the SDHC card, we use the same method as a USB install.  Format the SDHC to contain a vfat filesystem.  Extract the BackTrack 3 USB .iso file into the filesystem mount point, and run boot/bootinst.sh.  I tried this in Ubuntu 8.10, and had some trouble: the device was recognized as /dev/mmcblk0 and the partition as /dev/mmcblk0p1, a designation that shell script got mixed up on.  Running the script on the EEE’s previous OS, Xubuntu 8.04, the device and partition were recognized as /dev/sda and /dev/sda1, and I encountered no further problems.

Once we boot into BackTrack, we configure and install cryptsetup:

cd ~
wget http://luks.endorphin.org/source/cryptsetup-1.0.5.tar.bz2
tar -xvf cryptsetup-1.0.5.tar.bz2
cd cryptsetup-1.0.5
./configure
make
make install

Next, we create a .lzm file for cryptsetup to ensure that it will be available each time we boot:

mkdir -p usr/include usr/lib usr/man/man8 usr/sbin usr/share/locale/de/LC_MESSAGES
cp /usr/include/libcryptsetup.h usr/include/
cp /usr/lib/cryptsetup usr/lib/
cp /usr/lib/libcryptsetup.* usr/lib/
cp /usr/man/man8/cryptsetup.8 usr/man/man8/
cp /usr/sbin/cryptsetup usr/sbin/
cp /usr/share/locale/de/LC_MESSAGES/cryptsetup.mo usr/share/locale/de/LC_MESSAGES/
tar -zcvf cryptsetup.tgz usr/
tgz2lzm cryptsetup.tgz cryptsetup.lzm
cp cryptsetup.lzm /mnt/sda1/BT3/modules/ # my mountpoint was /mnt/sda1, yours probably is too

Now we have cryptsetup available in the live environment.  Next step is to format the EEE’s internal SSD.  I set up one primary filesystem, recognized as hdc1.  We’ll be formatting this with cryptsetup using a secure passphrase.

cfdisk # to set up the partition
umount /dev/hdc1
cryptsetup luksFormat /dev/hdc1
cryptsetup luksOpen /dev/hdc1 root_dir
mkfs.ext2 /dev/mapper/root_dir

And now we have an encrypted partition on the SSD.  Next mount it and copy the existing BackTrack /root files.

mkdir /mnt/root_dir
mount /dev/mapper/root_dir /mnt/root_dir
cp -a /root /mnt/root_dir
mv /mnt/root_dir/root/* /mnt/root_dir/root/.* /mnt/root_dir/
rmdir /mnt/root_dir/root

And we’re almost done.  We’ll create a script to make it easy to mount our /root every time we boot.  Create a file in /root/root/decrypt_root.sh with the following contents:

#!/bin/bash
cryptsetup luksOpen /dev/hdc1 root_dir
mount /dev/mapper/root_dir /root

Finally, create an .lzm file for the script.

cd ~
tar -zcvf decrypt_root.tgz root/
tgz2lzm decrpyt_root.tgz decrypt_root.lzm
cp decrypt_root.lzm /mnt/sda1/BT3/modules/

And we’re finished.  If all goes well, when you restart your machine you will have this script in your /root directory, and once run it will mount your encrypted SSD partition to /root.  From this point, you can issue a ctrl-alt-backspace and re-login, and startx if you’d like.  Welcome to a world of BackTrack possibilities!