Kali Linux 2018 Live USB with Encrypted Persistence

Guide: Kali Linux 2020 & 2019 Live USB with Encrypted Persistence (Windows)

Last updated on

In this guide we will create a Kali Linux 2020 Live USB from Windows and configure an encrypted persistent partition so we can securely retain files and setting between reboots. This guide also works with Kali Linux 2019 & 2018.

If you want persistence without encryption, please see Guide: Kali Linux 2020 & 2019 Live USB with Persistence (Windows).

1. Download Kali Linux 2020 (Live)

In this guide we are using the Kali Linux Live 2020 64 Bit image, though it should work fine with the 32 Bit image as well. This guide also works with Kali Linux 2019 and Kali Linux 2018.

2. Write Kali Linux 2020 Live ISO to USB

Write the ISO to your USB drive using a tool like Universal USB Installer or UNetbootin. In this guide we are using Universal USB Installer.

  1. Run Universal USB Installer.
  2. Select Kali Linux from the dropdown menu. (Kali is listed under Security and Penetration Testing).
  3. Browse for the Kali Linux 2020 Live ISO you downloaded.
  4. Select your USB drive from the drowpdown menu.
  5. Now select the checkbox Fat32 Format Drive (Erases Content).
  6. Finally, click Create.

It may take a few minutes to write Kali Linux 2020 Live ISO to USB.

Creating a Kali Linux Live USB with Universal USB Installer

3. Resize USB Partition

Now that your Kali Linux 2020 ISO has been written to your USB drive, we can begin setting up partitions to work with Kali Live encrypted persistence. You can configure partitions with the partition manager of your choice, but in this guide we are going to use MiniTool Partition Wizard

When installing Partition Wizard, make sure to uncheck the checkbox on the Avast screen – you don’t need to install that.

Once installed, run and select Disk and Partition Management.

MiniTool Partition Wizard - Disk and Partition Management

Right-click on the blue disk space bar of your USB drive and click Move/Resize. In the example below, the USB drive is Disk 3 and it has a blue USB icon over it.

Resize the partition to 4GB and click OK. This is the partition where the Kali Linux system files reside and shouldn’t ever need more than 4GB.

4. Create Persistence Partition

We will now create the persistence partition, which will store your personal files and Kali settings.

Right-click on the Unallocated partition and click Create.

In the File System menu, select Unformatted.

Use the maximum partition size available (or the size of your choice) and click OK.

Finally, click Apply in the top left-hand corner and click Yes to apply changes.

The Partition Wizard will now set up your partitions. This may take some time depending on the size of your USB drive.

Once done, close Partition Wizard and safely eject your USB drive.

5. Boot Into Kali Live 2020 USB

To boot from USB in most modern PCs, hold down the shift key while clicking Restart in the Windows start menu. If this doesn’t work, you may need to do some searching on how to boot from USB on your particular machine. Repeatedly pressing one of the function keys (F12F2, etc) or the ESC or Delete keys on bootup will invoke the boot or BIOS menus on some machines.

In the Kali boot menu, select Live system and press Enter.

Don’t select the encrypted persistence option here yet, we will do that later.

The menu may look different depending on your version of Kali. It’s usually the first option you want here.

Kali should boot straight to Desktop. However, if you do get a password prompt, the default username and password in Kali Linux 2020 is “kali”. For Kali Linux 2019 and below, the default user is “root” and the password is “toor”.

6. Initialize LUKS encryption

Once Kali has booted, we will use fdisk to view the disk devices and partitions.

Open a new terminal window and run:

sudo fdisk -l

You will see several entries for partitions and devices listed. Look for your USB drive. It will have two partitions: A 4GB partition and the empty partition you created earlier.

Device     Boot    Start       End   Sectors   Size Id Type
/dev/sdb1           2048   8390655   8388608     4G  c W95 FAT32 (LBA)
/dev/sdb2        8390656  30463999  22073344  10.5G 83 HPFS/NTFS/exFAT

In the above example, we can see the USB drive with a 4GB partition and a larger empty partition with the device name sdb2. This device name may be different on your setup. Make sure you have the right one before continuing.

Assuming our empty partition device name is sdb2, we will now initialize LUKS encryption on sdb2 with the following commands:

IMPORTANT: You must enter these commands exactly and ensure you choose the correct device (yours may not be sdb2), otherwise encrypted persistence will not work.

sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb2

You will see a warning. Type YES and press ENTER to overwrite data.

Enter a passphrase of your choice. Don’t forget it!

When you see “Command successful”, run the following command:

sudo cryptsetup luksOpen /dev/sdb2 my_usb

Enter your passphrase one last time.

7. Configure Persistence Partition

Create an ext4 filesystem. This may take a minute.

sudo mkfs.ext4 -L persistence /dev/mapper/my_usb

Once the filesystem is created, label it persistence.

sudo e2label /dev/mapper/my_usb persistence

Now mount the new encrypted partition.

sudo mkdir -p /mnt/my_usb
sudo mount /dev/mapper/my_usb /mnt/my_usb

Create a new file called persistence.conf using the nano text editor.

sudo nano /mnt/my_usb/persistence.conf

In this file, type / union.

/mnt/my_usb/persistence.conf
/ union

Save the file and exit. (Press CTRL + X, press Y, then press ENTER).

sudo umount /dev/mapper/my_usb

Lastly, close the encrypted channel to our persistence partition.

sudo cryptsetup luksClose /dev/mapper/my_usb

We’re done!

8. Reboot and Test

Restart and boot from USB, and from now on always select Live system (encrypted persistence, check kali.org/prst)

You should see a message like below.

Please unlock disk /dev/sdb2:

Enter your passphrase and press ENTER. Kali should now load.

To test if encrypted persistence is working correctly, try creating an empty test folder on the Desktop and restarting. Select Live system (encrypted persistence, check kali.org/prst) again and if the test folder is still there, encrypted persistence is working correctly.

If you are having issues, please mention the exact Kali image you downloaded in the comments.

1 Star2 Stars3 Stars4 Stars5 Stars 4.84 (44 votes)

Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.

p.s. I increased my AdSense revenue by 68% using AI 🤖. Read my Ezoic review to find out how.

164 replies

avatar
  Subscribe  
newest oldest
Notify of
Yuri
Guest
Yuri
Yuri
4 months ago

Persistence and encryption works on 2020.2 but when upgrading. Right around 30-40% it will go black screen and and cursor is blinking repeatedly.

happy
Guest
happy
happy
3 months ago

yes sir i got the same problem. so i just pressed control+alt+f3 when the screen went blank and then a terminal of kali opened there i updated the kali again, install gdm3 and kali successfully booted. but now i cant see the network manager icon whcih is on the right hand side top corner used to access the wifi and all. plz help

happy
Guest
happy
happy
3 months ago

does this also occurs when we dont have encryption persistence?

Frogvendor
Guest
Frogvendor
Frogvendor
4 months ago

when i enter the the sudo fdisk command “sudo fdisk -1” i get an error that says “fdisk: invalid option –‘1’
when i enter the the sudo fdisk command “sudo fdisk” i get an error that says “fdisk: bad usage”
when i enter the the sudo fdisk command “$ sudo fdisk -1” i get an error that says “bash: $: command not found”

Yuri
Guest
Yuri
Yuri
4 months ago

lower case L not 1 for fdisk

123@123
Guest
123@123
[email protected]
4 months ago

its “l” for list not 1

Death by Umbongo
Guest
Death by Umbongo
Death by Umbongo
5 months ago

worked perfectly. THANKS.

Rick
Guest
Rick
Rick
5 months ago

Hi there! So I was able to log into a live session in Kali 2020.1, but when I try to set up LUKS I get the error “Command failed with code -1 (wrong or missing parameters” when it should be asking me for a passphrase. My USB partition is sda2, but other than that I’ve entered exactly what’s listed. Any ideas?

Alice
Guest
Alice
Alice
5 months ago

This was very thorough and useful. Thank you for your work.

NEWBE
Guest
NEWBE
NEWBE
6 months ago

can some one please help me learn a bit more about hacking and network testing #newbe

Ajay
Guest
Ajay
Ajay
6 months ago

Fdisk command is not working
Actually system commands are not working

Tim
Guest
Tim
Tim
6 months ago

Hi

I installed it twice from start and I know the password is right but it shows as wrong password. It seems to be a problem with latest Kali version and there isn’t any information anywhere on web regarding this issue.

Can you please solve it? Would be greatly appreciated. Thank you

Samiul
Guest
Samiul
Samiul
6 months ago

Sir i put 123456 as passphrase but when i type it in passphrase space it shows that it was a worng. Can you solve it

Tim
Guest
Tim
Tim
6 months ago

I have the same issue

I installed it twice from start and I know the password is right but it shows as wrong password. It seems to be a problem with latest Kali version and there isn’t any information anywhere on web regarding this issue.

Can you please solve it? Would be greatly appreciated. Thank you

Cibbin
Guest
Cibbin
Cibbin
6 months ago

Kali 2020.1
I completed the encryption process and when I boot, and enter my passphrase it loads for a while and the computer turns off.

hacx0r
Guest
hacx0r
hacx0r
6 months ago

Thank you, this was a wonderful tutorial. Love your work.

Mohian
Guest
Mohian
Mohian
6 months ago

With due respect
you have missed “sudo” at the “umount /dev/mapper/my_usb” command.

7471n
Guest
7471n
7471n
8 months ago

I love these h4xx0r5 reporting problems without even trying a bit further from just copy&paste. You should be ashamed of yourselves (╯°□°)╯︵ ┻━┻

Franze
Guest
Franze
Franze
8 months ago

Hey i have issue when i type my passphrase i
in the encrypted persistence boot menu
The computer shutdown and he is write” failed unmounting tmp ” and same for /run/live/medium

Franze
Guest
Franze
Franze
8 months ago

Kali linux 2019.4

Shep
Guest
Shep
Shep
6 months ago

I have the same problem too, but I he don’t show any error msg. Kali Linux 2020.1b

Rishi
Guest
Rishi
Rishi
9 months ago

I’m facing problems in latest version of kali . In Configure Persistence Partition

Rushi
Guest
Rushi
Rushi
9 months ago

Problem solve . It’s my mistake .
Sry !

carlo cogni
Guest
carlo cogni
carlo cogni
10 months ago

Thank you very much. Quick question.
When I get to the persistance phase, the command “mkfs.ext4 -L persistence /dev/mapper/my_usb” doen’t work, it tells it doesn’t exist
any suggestion??

thank you very much

Jake Hackl
Guest
Jake Hackl
Jake Hackl
6 months ago

that might be because Linux gave the partition a different name. check by running sudo fdisk -l

Rafeeq
Guest
Rafeeq
Rafeeq
11 months ago

A big thank to you finally I did it

Will Duggan
Guest
Will Duggan
Will Duggan
1 year ago

Whenever I boot my system into Kali Linux with encrypted persistence, I get to the point where I am supposed to enter my passphrase, which I enter, but then when I get to the desktop, the test folder is never there. I then check the file manager, which has a device labeled “26 GB Encrypted” in the left hand column (I am using a 32GB USB with 6GB for the operating system and 26GB for persistence). I click on the device and I get prompted to enter the passphrase. After I enter the passphrase, I get an error that says ‘Unable to access “persistence”‘. More specifically, it says:

Unable to access "persistence"

Error mounting /dev/dm-0 at /media/root/persistence: wrong fs type, bad option,
bad superblock on /dev/mapper/
luks-1971d87e-5c90-414e-88b3-43a30fca485d, missing codepage or helper
program, or other error

I have tried this on both Kali Linux 2019.1a and 2019.3. I can’t figure out what the problem is. After the first time it didn’t work I started just copying and pasting the commands into the terminal to make sure that I wasn’t mistyping anything, so I know that the problem isn’t the commands being mistyped.

Godson Allaputa
Guest
Godson Allaputa
Godson Allaputa
1 year ago

Am Awed…..
Best ever How-To.
10 star for this.

John
Guest
John
John
1 year ago

After doing this when I set a root password it just reverts back to “toor” the next time I boot into it. The instructions you provided worked like a charm but I was hoping you could help me with this further step.
Thanks.

edmabo
Guest
edmabo
edmabo
1 year ago

I followed all the steps. This is the most concise, clear and objective “How-To”.

edmabo
Guest
edmabo
edmabo
1 year ago

Thank you for the work.

Japper
Guest
Japper
Japper
1 year ago

This works flawlessly on Kali Linux 2019.2 amd64. Best “how to” ever; clear, concise, well written. Thank you so much. Spent needless hours trying this, till we found your tutorial.
Just awesome! Thank you again.

Crazgod
Guest
Crazgod
Crazgod
1 year ago

Thank you. Works perfectly with Kali 2019.2 on my 2018 MacBook Pro.

test
Guest
test
test
1 year ago

It works with 2019.2 and macbook pro late 2013

karina
Guest
karina
karina
1 year ago

2019.2 works?

Dipta Mondal
Guest
Dipta Mondal
Dipta Mondal
1 year ago

please make a video

Roger
Guest
Roger
Roger
1 year ago

Or give your address and he can go there to do this stuff for you lol 🙂

Montalfu
Guest
Montalfu
Montalfu
1 year ago

I already test all persistence it is not working, if i reboot all folder are gone, i use RoG strix how suppose i do?? Sorry for bad english

Andrew
Guest
Andrew
Andrew
1 year ago

Hey there, having a strange issue hoping I can get some advice here.

I’ve done this before in the past and I’ve followed this guide to the letter, but whenever I boot from the USB and select the “encrypted persistence” option it asked me to unlock /dev/sda3. I enter in the exact passphrase, and it just tells me there’s no key slot with that passphrase. From what I see in kali (running in VM) there’s only two partitions. Just does’t make sense to me. please advise.

Dyno
Guest
Dyno
Dyno
1 year ago

2019.1a works aswell Good Guide! perfect for starting into the new Linux life!

Ivan
Guest
Ivan
Ivan
1 year ago

Thanks for the guide, it’s very well written. The partitioning and installation went flawlessly. However I do have an issue with the thing running extremely slow, like apt-get update && apt-get dist-upgrade takes more than a whole day to finish installing after downloading 1GB of files.

I use a 64GB Kingston 3.0 USB, plugged in to a 3.0 USB port.

The machine has an i7 8550U processor and 8GB RAM with a Windows 10 main operating system. I have disabled secure boot in order to boot from USB. Perhaps you will have a clue and point me in the right direction on how to solve this? Is it the BIOS settings that require some modifying?

I used the 2019.1 image for Kali.

Deacon
Guest
Deacon
Deacon
1 year ago

Creating file system section of tutorial was almost flawless, I ran into errors due to usb label having a space in it but finally got it working by only using the fist part of usb label, ie Kali Live to just Kali where the usb label was needed. Thanks for a great resource!

johnc
Guest
johnc
johnc
1 year ago

Works as well with Kali Linux 2019.1

User
Guest
User
User
1 year ago

I’ve just done it with Kali 2018.4. Works perfect! Thank for such a full guide!

(For those one who has discrete nvidia card and stuck at firts boot – press e when choose kali boot option and type nouveau.modeset=0 in the end of “Linux” line)

Jack
Guest
Jack
Jack
1 year ago

A very good guide but … l have a little trouble that when I created a passphrase and verified it, but the Teminal got this to me:”Command failed with code -1 (wrong or missing parameters).” So I just wander how to solve this problem, thank you very much!

Jay
Guest
Jay
Jay
1 year ago

This guide worked almost flawlessly. In the end, following these instructions did give me a bootable USB with Kali + Persistence; however I was not able to resize the partition. I’m using a pretty standard Lexar USB and no matter where or how I tried, it wouldn’t give me the option to resize. I’ll likely try again with another USB stick, but I wanted to confirm that even though I couldn’t resize – simply creating the new partition and following the rest of the guide still results in a successful configuration.

John
Guest
John
John
1 year ago

What a superbly-written piece. Direct and concise and accurate.

Thank you very much.

Shaun
Guest
Shaun
Shaun
1 year ago

Nice one!

Got this working as described in article on first attempt. Thanks very much for this guide as its much more thorough than what is provided in the official Kali Docs.

FYI I used 2018.4 amd64 image with SanDisk Cruzer 16GiB USB drive.

Works like a charm.

Leo
Guest
Leo
Leo
1 year ago

After following the steps and trying to boot into Kali grub says you must load the kernel first. Did I miss something?

AngelFromNSK
Guest
AngelFromNSK
AngelFromNSK
1 year ago

After starting the live mode, the monitor goes dead. Only the console works after pressing ctrl+alt+F2.How fix this?

Mike
Guest
Mike
Mike
1 year ago

Thanks alot. Brilliant work

JM
Guest
JM
JM
1 year ago

THANK YOU!!!!
After hours of frustration, came upon this page, followed the instructions and got my live usb with persistence encryption working straight away. And I’m a newbie…
Brilliant. Thank You so much!

Happy man
Guest
Happy man
Happy man
1 year ago

It’s working at 2018.2! Fantastic, ty!

newbie
Guest
newbie
newbie
2 years ago

I’m using 2018.2 and I try to do the command for create new partition, it failed for mount /dev/mapper/my_usb /mnt/my_usb saying mount does not exist. Anyone can help me ?

Atom
Guest
Atom
Atom
1 year ago

Try to update/upgrade your system and reboot.
Syntax:
sudo apt-get update -y
sudo apt-get upgrade -y
reboot

Atom
Guest
Atom
Atom
1 year ago

Or just
sudo apt-get update && sudo apt-get upgrade && reboot

John
Guest
John
John
2 years ago

I tried with the newer version 2018.3a x64. It doesn’t save anything except inside encrypted partition.

John
Guest
John
John
2 years ago

I’ve to clearify that i followed the guide partially, i created the partition inside kali with the native “Disks” tool. I don’t think change nothing but i want to specify

Ed
Guest
Ed
Ed
2 years ago

I followed the guide using 3a and it has worked

Dev
Guest
Dev
Dev
2 years ago

Only works on Kali 2018.2 but you can still update.

quantumleap
Guest
quantumleap
quantumleap
2 years ago

It works perfectly with 2018.2 image! Thank you so much! The best guide on the Internet!

quantumleap
Guest
quantumleap
quantumleap
2 years ago

I didn’t see the “Please unlock disk /dev/sdb2:” message and my test folder disappeared after reboot =(. I used 2018.3 amd64 image. And now I’m going to use the previous release (2018.2). Hope it will work.

Caren
Guest
Caren
Caren
2 years ago

Hi, any news? did they fix it on W37 ?

Kurt
Guest
Kurt
Kurt
2 years ago

Works! Commenting from an encrypted persistence live boot.

“Running apt-get update && apt-get upgrade” now to see if moving to the latest breaks anything, will report back.