Guide: Kali Linux 2017 Live USB with Encrypted Persistence (Windows)

Last updated on

UPDATE: There is a new version of this guide available for Kali Linux 2018.
Please see: Kali Linux 2018 Live USB with Encrypted Persistence (Windows)

In this guide we will create a bootable USB of Kali Linux Live and configure an encrypted persistent partition so we can securely retain files and settings between reboots. You will need at least an 8GB USB drive.

If you want persistence without encryption, please see: Kali Linux 2017 Live USB with Persistence (Windows)

1. Write Kali Linux ISO to USB

Download the latest Kali Linux ISO. Both the 64 bit and 32 bit versions are good for this guide.

Write the ISO to your USB drive using a tool like Universal USB Installer or UNetbootin. In this guide we are using Universal USB Installer.

Select Kali Linux from the dropdown. Browse for your downloaded ISO file and select the correct USB drive.

Check the box Fat32 Format Drive (Erases Content), and then click Create.

It can take up to ten minutes to write the ISO.

2. Resize USB Partition

Once the ISO has finished writing, download and install MiniTool Partition Wizard Free Edition.

Run the program and locate your USB drive. Right-click on the blue disk space bar and select Move/Resize from the menu.

Resize the partition to 4GB and click OK.

In the example above, I am using a large 128GB USB drive.

3. Create New Partition

We now need to create a new partition in our unallocated space.

Right-click on the unallocated space and click Create.

Click Yes if you see a message “The new created partition cannot be used in Windows. Because Windows could only recognize the first partition on a removable disk. Do you want to continue?”

In the File System menu, select Unformatted and click OK.

Finally, click Apply to begin the partitioning process. It may take some time depending on the size of your USB drive.

4. Boot Live USB

Once partitioning is complete, restart your machine and boot from USB.

You may need to do some searching on Google on how to boot from USB on your particular machine. Repeatedly pressing one of the function keys (F12F2, etc) or the ESC or Delete keys on bootup will invoke the boot or BIOS menus on most machines.

In the Kali boot menu, select Live system and press Enter.  The menu may look different depending on your version of Kali. It’s usually the first option you want here. Don’t select the persistence option yet, we will do that later.

If Kali prompts for login details, the username is root and the password is toor.

5. Initialize LUKS encryption

Firstly, we will run fdisk to identify the device name of the empty partition we created earlier.

Open up a terminal window and run:

fdisk -l

You will see several entries for drives and partitions listed. Look for your USB drive. It will have a boot partition where Kali resides and the empty partition you created earlier.

Device     Boot    Start       End   Sectors   Size Id Type
/dev/sdb1  *        2048  12584959  12582912     4G  c W95 FAT32 (LBA)
/dev/sdb2       12584960 242614271 230029312 110.6G 83 HPFS/NTFS/exFAT

In this example, my empty partition device name is sdb2.

We will now initialize LUKS encryption on sdb2 with the following commands:

cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb2

You will see a warning. Type YES and press ENTER to overwrite data.

Enter a passphrase of your choice. Don’t forget it!

When you see “Command successful”, run the following command:

cryptsetup luksOpen /dev/sdb2 my_usb

Enter your passphrase one last time.

6. Configure Persistence Partition

Create an ext3 filesystem. This may take a minute.

mkfs.ext3 -L persistence /dev/mapper/my_usb

Label it persistence.

e2label /dev/mapper/my_usb persistence

Mount the new encrypted partition.

mkdir -p /mnt/my_usb
mount /dev/mapper/my_usb /mnt/my_usb

Set up the persistence.conf file and unmount the partition.

echo "/ union" > /mnt/my_usb/persistence.conf
umount /dev/mapper/my_usb

Lastly, close the encrypted channel to our persistence partition.

cryptsetup luksClose /dev/mapper/my_usb

We’re done!

7. Reboot and Test

Restart and boot from USB, and from now on always select Live system (encrypted persistence, check kali.org/prst)

You should see a message like below.

Please unlock disk /dev/sdb2:

Enter your passphrase and press ENTER. Kali should now load.

To test if persistence is working correctly, try creating an empty test folder on the Desktop and restarting. Select Live system (encrypted persistence, check kali.org/prst) again and if the test folder is still there, persistence is working correctly.

1 Star2 Stars3 Stars4 Stars5 Stars 4.71 (14 votes)

Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.

p.s. I increased my AdSense revenue by 68% using AI 🤖. Read my Ezoic review to find out how.

20 replies

avatar
  Subscribe  
newest oldest
Notify of
knightrider
Guest
knightrider
knightrider
1 year ago

awsome dear friend it works on my first time.
thank you bro.
can please guide me “how to disable live system encrypted persistence”‘also .. the proper way u guided above how to setup live system encrypted persistence.
it would be great if u share this one also.
thank you once again.

Kal tengus
Guest
Kal tengus
Kal tengus
2 years ago

Je vous suis sincèrement reconnaissant pour votre requête c’était vraiment un poids qui s’en est aller .
Soyez abondamment bénis.

Muhammad Zeeshan Azam
Guest
Muhammad Zeeshan Azam
Muhammad Zeeshan Azam
2 years ago

you guys are awesome, after so much searching and testing only yours idea and code, works like a charm…thanks guys.
God bless you.

Michael
Guest
Michael
Michael
2 years ago

This process works with Kali 2018 as well

MKumar
Guest
MKumar
MKumar
2 years ago

After surfing dozens of sites, I finally found a perfect guide for USB live persistence with encryption. Thanks! really helped a lot.

kali bro
Guest
kali bro
kali bro
2 years ago

aye, great tutorial bro but i got an error when i try to running “cryptsetup –verbose –verify-passphrase luksFormat /dev/sdb2” command which give me “cannot format device /dev/sdb2 which is still in use” how to solve this? thank you in advance.

Sudo
Guest
Sudo
Sudo
1 year ago

using the sudo command worked for me

Igor
Guest
Igor
Igor
2 years ago

When i finish the process and boot from the usb it ask me to unlock a difirente partition (mint linux encrypted), any tips?

Tony
Guest
Tony
Tony
2 years ago

that’s a great tutorial. However as soon as you you do an update terminal stops working and kali is buggy. Anyway to fix this?

Mark Kirkland
Guest
Mark Kirkland
Mark Kirkland
2 years ago

Thanks it worked for me first time. In the previous guide (non-encryption) you format the persistence partition with EXT4 in Windows but in this guide you format with EXT3 in Ubuntu. Is there any reason for that? Thanks.

Aden
Guest
Aden
Aden
2 years ago

Tested with ext4 and appears to work without any issues.