1. Write Kali Linux 2019 ISO to USB
UPDATE FEB 2019: Tested and working in both Kali Linux 2019 and Kali Linux 2018. Do not use Kali Linux 2018.3 as this build was botched. Use 2018.3a or later. Let us know in the comments if you have any issues.
Begin by downloading your preferred image of Kali Linux 2019 (guide also works with Kali Linux 2018). In this guide we are using the Kali Linux 2019 64 Bit image, though it should work fine with the 32 Bit and Light images as well.
Run Universal USB Installer.
Step 1: Select Kali Linux from the dropdown menu. (Kali is listed under Security and Penetration Testing).
Step 2: Browse for the Kali Linux ISO you downloaded.
Step 3: Select your USB drive from the drowpdown menu.
Now select the checkbox Fat32 Format Drive (Erases Content).
Finally, click Create.
It may take a few minutes to write the ISO to USB. Once complete, continue to Step 2 to set up partitions.
2. Resize USB Partition
Now that your Kali Linux 2019 ISO has been written to your USB drive, we can begin setting up partitions to work with Kali Live encrypted persistence. You can configure partitions with the partition manager of your choice, but in this guide we are going to use MiniTool Partition Wizard
Download and install MiniTool Partition Wizard Free Edition for Windows.
Once installed, run and select MiniTool Partition Wizard Free.
Right-click on the blue disk space bar of your USB drive and click Move/Resize. In the example below, the USB drive is Disk 3 and it has a blue USB icon over it.
Resize the partition to 4GB and click OK.
3. Create Persistence Partition
Right-click on the Unallocated partition and click Create.
In the File System menu, select Unformatted and click OK.
Finally, click Apply in the top left-hand corner and click Yes to apply changes.
The Partition Wizard will now set up your partitions. This may take some time depending on the size of your USB drive.
Once done, close Partition Wizard and safely eject your USB drive.
4. Boot Into Kali Live 2019 USB
Once partitioning is complete, restart your machine and boot from USB.
You may need to do some searching on Google on how to boot from USB on your particular machine. Sometimes pressing Shift and the restart button in Windows will invoke a menu at bootup. If that doesn’t work, repeatedly pressing one of the function keys (F12, F2, etc) or the ESC or Delete keys on bootup will invoke the boot or BIOS menus on most machines.
In the Kali boot menu, select Live system and press Enter. Don’t select the encrypted persistence option here yet, we will do that later.
The menu may look different depending on your version of Kali. It’s usually the first option you want here.
If Kali prompts for login details, the default username is root and the password is toor.
5. Initialize LUKS encryption
Once Kali has booted, we will use
fdisk to view the disk devices and partitions.
Open a new terminal window and run:
You will see several entries for partitions and devices listed. Look for your USB drive. It will have two partitions: A 4GB partition and the empty partition you created earlier.
Device Boot Start End Sectors Size Id Type /dev/sdb1 2048 8390655 8388608 4G c W95 FAT32 (LBA) /dev/sdb2 8390656 30463999 22073344 10.5G 83 HPFS/NTFS/exFAT
In the above example, we can see the USB drive with a 4GB partition and a larger empty partition with the device name
sdb2. This device name may be different on your setup. Make sure you have the right one before continuing.
Assuming our empty partition device name is
sdb2, we will now initialize LUKS encryption on
sdb2 with the following commands:
IMPORTANT: You must enter these commands exactly and ensure you choose the correct device (yours may not be
sdb2), otherwise encrypted persistence will not work.
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb2
You will see a warning. Type YES and press
ENTER to overwrite data.
Enter a passphrase of your choice. Don’t forget it!
When you see “Command successful”, run the following command:
cryptsetup luksOpen /dev/sdb2 my_usb
Enter your passphrase one last time.
6. Configure Persistence Partition
ext4 filesystem. This may take a minute.
mkfs.ext4 -L persistence /dev/mapper/my_usb
Once the filesystem is created, label it persistence.
e2label /dev/mapper/my_usb persistence
Now mount the new encrypted partition.
mkdir -p /mnt/my_usb
mount /dev/mapper/my_usb /mnt/my_usb
Set up the persistence.conf file and unmount the partition.
echo "/ union" > /mnt/my_usb/persistence.conf
Lastly, close the encrypted channel to our persistence partition.
cryptsetup luksClose /dev/mapper/my_usb
7. Reboot and Test
Restart and boot from USB, and from now on always select Live system (encrypted persistence, check kali.org/prst)
You should see a message like below.
Please unlock disk /dev/sdb2:
Enter your passphrase and press
ENTER. Kali should now load.
To test if encrypted persistence is working correctly, try creating an empty test folder on the Desktop and restarting. Select Live system (encrypted persistence, check kali.org/prst) again and if the test folder is still there, encrypted persistence is working correctly.
If you are having issues, please mention the exact Kali image you downloaded in the comments.
p.s. I increased my AdSense revenue by 68% using AI 🤖. Read my Ezoic review to find out how.