1. Download Kali Linux 2020 (Live)
In this guide we are using the Kali Linux Live 2020 64 Bit image, though it should work fine with the 32 Bit image as well. This guide also works with Kali Linux 2019 and Kali Linux 2018.
2. Write Kali Linux 2020 Live ISO to USB
- Run Universal USB Installer.
- Select Kali Linux from the dropdown menu. (Kali is listed under Security and Penetration Testing).
- Browse for the Kali Linux 2020 Live ISO you downloaded.
- Select your USB drive from the drowpdown menu.
- Now select the checkbox Fat32 Format Drive (Erases Content).
- Finally, click Create.
It may take a few minutes to write Kali Linux 2020 Live ISO to USB.
3. Resize USB Partition
Now that your Kali Linux 2020 ISO has been written to your USB drive, we can begin setting up partitions to work with Kali Live encrypted persistence. You can configure partitions with the partition manager of your choice, but in this guide we are going to use MiniTool Partition Wizard
When installing Partition Wizard, make sure to uncheck the checkbox on the Avast screen – you don’t need to install that.
Once installed, run and select Disk and Partition Management.
Right-click on the blue disk space bar of your USB drive and click Move/Resize. In the example below, the USB drive is Disk 3 and it has a blue USB icon over it.
Resize the partition to 4GB and click OK. This is the partition where the Kali Linux system files reside and shouldn’t ever need more than 4GB.
4. Create Persistence Partition
We will now create the persistence partition, which will store your personal files and Kali settings.
Right-click on the Unallocated partition and click Create.
In the File System menu, select Unformatted.
Use the maximum partition size available (or the size of your choice) and click OK.
Finally, click Apply in the top left-hand corner and click Yes to apply changes.
The Partition Wizard will now set up your partitions. This may take some time depending on the size of your USB drive.
Once done, close Partition Wizard and safely eject your USB drive.
5. Boot Into Kali Live 2020 USB
To boot from USB in most modern PCs, hold down the
shift key while clicking Restart in the Windows start menu. If this doesn’t work, you may need to do some searching on how to boot from USB on your particular machine. Repeatedly pressing one of the function keys (F12, F2, etc) or the ESC or Delete keys on bootup will invoke the boot or BIOS menus on some machines.
In the Kali boot menu, select Live system and press Enter.
Don’t select the encrypted persistence option here yet, we will do that later.
The menu may look different depending on your version of Kali. It’s usually the first option you want here.
Kali should boot straight to Desktop. However, if you do get a password prompt, the default username and password in Kali Linux 2020 is “kali”. For Kali Linux 2019 and below, the default user is “root” and the password is “toor”.
6. Initialize LUKS encryption
Once Kali has booted, we will use
fdisk to view the disk devices and partitions.
Open a new terminal window and run:
sudo fdisk -l
You will see several entries for partitions and devices listed. Look for your USB drive. It will have two partitions: A 4GB partition and the empty partition you created earlier.
Device Boot Start End Sectors Size Id Type /dev/sdb1 2048 8390655 8388608 4G c W95 FAT32 (LBA) /dev/sdb2 8390656 30463999 22073344 10.5G 83 HPFS/NTFS/exFAT
In the above example, we can see the USB drive with a 4GB partition and a larger empty partition with the device name
sdb2. This device name may be different on your setup. Make sure you have the right one before continuing.
Assuming our empty partition device name is
sdb2, we will now initialize LUKS encryption on
sdb2 with the following commands:
IMPORTANT: You must enter these commands exactly and ensure you choose the correct device (yours may not be
sdb2), otherwise encrypted persistence will not work.
sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb2
You will see a warning. Type YES and press
ENTER to overwrite data.
Enter a passphrase of your choice. Don’t forget it!
When you see “Command successful”, run the following command:
sudo cryptsetup luksOpen /dev/sdb2 my_usb
Enter your passphrase one last time.
7. Configure Persistence Partition
ext4 filesystem. This may take a minute.
sudo mkfs.ext4 -L persistence /dev/mapper/my_usb
Once the filesystem is created, label it persistence.
sudo e2label /dev/mapper/my_usb persistence
Now mount the new encrypted partition.
sudo mkdir -p /mnt/my_usb
sudo mount /dev/mapper/my_usb /mnt/my_usb
Create a new file called
persistence.conf using the nano text editor.
sudo nano /mnt/my_usb/persistence.conf
In this file, type
Save the file and exit. (Press
Y, then press
sudo umount /dev/mapper/my_usb
Lastly, close the encrypted channel to our persistence partition.
sudo cryptsetup luksClose /dev/mapper/my_usb
8. Reboot and Test
Restart and boot from USB, and from now on always select Live system (encrypted persistence, check kali.org/prst)
You should see a message like below.
Please unlock disk /dev/sdb2:
Enter your passphrase and press
ENTER. Kali should now load.
To test if encrypted persistence is working correctly, try creating an empty test folder on the Desktop and restarting. Select Live system (encrypted persistence, check kali.org/prst) again and if the test folder is still there, encrypted persistence is working correctly.
If you are having issues, please mention the exact Kali image you downloaded in the comments.
p.s. I increased my AdSense revenue by 68% using AI 🤖. Read my Ezoic review to find out how.