Encrypted Persistence Parrot-Security 4.7

Briefly describe your issue below:

What version of Parrot are you running? (include version (e.g. 4.6), edition(e.g. Home//KDE/OVA, etc.), and architecture (currently we only support amd64)

What method did you use to install Parrot? (Debian Standard / Debian GTK / parrot-experimental)

Configured to multiboot with other systems? (yes / no)

If there are any similar issues or solutions, link to them below:

If there are any error messages or relevant logs, post them below:

I will document here my own creation of a fully encrypted live persistent Parrot-security system.
This is all me, I am in no way associated with anything or anyone. I just juggle bits and
stuff for fun, if it does not work for you, sorry. If it does prove useful or you learn something
from it, great…
This is more a Documentation of my own experience, than a tutorial… Use your head.

OK, Let’s go…
Get an iso
wget https://download.parrot.sh/parrot/iso/4.7/Parrot-kde-security-4.7_x64.iso

burn to USB
dd bs=4096 if=Parrot-kde-security-4.7_x64.iso of=/dev/sdx status=progress oflag=sync
(and walk away or launch it from tmux and do whatever clever things you do for an hour or so…)
Or, please, for the Love of all things sugar frosted or musical, PLEASE, at least give Etcher a try… :wink:

Once we have transferred the image to our device, running sudo fdisk -l
will show our device with a disk layout like the following
(the device will be referred to as /dev/sdx moving forward)

/dev/sdx1 * 64 8449055 8448992 4G 17 Hidden HPFS/NTFS
/dev/sdx2 8449056 8450527 1472 736K 1 FAT12

I know darned well I used a 32GB PNY USB drive!
What is going ON?
Well, a Live iso…
That means that when booted, this device will basically, load an entire operating system into memory.
Memory is, however, dumped when we shut down the machine.
In order to achieve persistence, we must:

  1. change the disk layout of our /dev/sdx device (This gives the Live OS physical storage space
    to load to, rather than memory.)

  2. Encrypt that storage (ALWAYS ENCRYPT)

  3. write a persistence.conf file to the root of the encrypted storage (persistence.conf is at
    its simplest, one line indicating [where?] [what?] more on that in a minute…)

  4. Creating a new partition
    my parrot iso is 4.3gb
    my /dev/sdx device is 32gb
    parted is a command line partitioning tool. Let’s have it create a new primary partition on our
    device, beginning just beyond the size of our iso, and ending at the end of the devices capacity.
    i am working with a 32GB USB device and a 4.3GB iso, so:
    sudo parted /dev/sdx mkpart primary 4.4gb 32gb

fdisk -l /dev/sdx now shows a third partition, of type 83"Linux"
our device now contains our live iso and a completely blank Linux partition
now we need to boot our device into live mode. NOT PERSISTENT!!! just live.
we can do ALL the rest required from within our live environment

  1. Establishing persistence
    I wanted to do these next steps from the live environment, because the Linux rig that
    you burned from, may or may not have all the necessary filesystem utilities
    whereas i KNOW parrot security DOES…
    Having booted into live mode from our device, run sudo fdisk -l and determine where
    the live system sees our usb drive (I will still be referring to it as /dev/sdx )

Now we run cryptsetup on our new partition like so:
sudo cryptsetup --verify-passphrase luksFormat /dev/sdx3

it warns us that everything there will be LOST! (since there isn’t anything there yet, that is
totally OK…)
it asks us to verify that we want to encrypt the partition by typing YES in all caps.
it ask us to create a passphrase and verify it. DON’T FORGET THIS PASSPHRASE!!!

Now we need to create a mapping to our new luks partition and name it. i will call it parrot_stick.
sudo cryptsetup luksOpen /dev/sdx3 parrot_stick
it asks for the passphrase we just created.
Now our encrypted volume(/dev/sdx3) is mapped to /dev/mapper/parrot_stick

now we can format our mapped volume and label it as persistence
sudo mkfs.ext3 -L persistence /dev/mapper/parrot_stick

and e2label our volume as persistence
sudo e2label /dev/mapper/parrot_stick persistence

  1. Mount our volume and write persistence.conf

First we need a mount point. i will make mine at /mnt/stick
sudo mkdir /mnt/stick
then mount our mapped (encrypted) partition to it
sudo mount /dev/mapper/parrot_stick /mnt/stick

Now we will write our persistence.conf file to the root of our partition
sudo echo “/ union” > /mnt/stick/persistence.conf
(those are 2 fields of data actually. The previously mentioned [where]"/" and [what]“union”)

unmount and unmap
sudo umount /mnt/stick

sudo cryptsetup luksClose /dev/mapper/parrot_stick

Now reboot from your USB and select encrypted persistence from now on! :slight_smile:
(not that you CAN’T still load the system Live into memory ANYTIME you want to
after all we did nothing to our iso. All we did was give that Live OS the viable option
of persistence.)

You will be asked for the passphrase you established for your persistence partition

If you want to verify persistence quickly, make a simple change the first time
you boot into encrypted persistence, and reboot into encrypted persistence again.
Then check that your changes took.

Maybe move the license from the Desktop to Home…
mv Desktop/README.license ~/ && sudo init 6

"The F stands for ‘friendly’. RTFM… " - anonymous


This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.