Episode 524 – USB Multipass
Why carry around a dozen bootable USB drives when you could merge ‘em all into one? On his episode we buld a USB Multipass complete with customized boot menu ready to launch any of favorite tools–including Backtrack, Ophcrack, Kon-boot, dban, freedos, and more. Plus Shannon reviews the Trinity Rescue Kit, the boot disc dubbed CPR for your computer.
Download HD Download MP4 Download XviD Download WMV
It has been the dream of many to combine the pen-testing, forensics and recovery power of our favorite USB bootable linux distros into one drive complete with customized boot menu. Finally Frank Castle shares this digital mojo with us. I bring you the USB Muiltipass.
While the video walks you through the step by step I’ll provide an overview with links here.
First you’ll need three programs, PeToUSB, grubinst and grub4dos.
Prepare the USB drive by formatting it with PeToUSB. With the drive plugged in run the PeToUSB executable, select the drive, check Enable Disk Format, Quick Format and Force Volume Dismount and click Start. If you are using a drive over 2 GB you will receive an error about dismounting — it’s no big deal — simply format the drive as Fat32 with the Windows Disk Manager.
Next run grubinst_gui. Select the disk option and pick your USB drive. Be sure to select the correct drive number. If you’re not sure which drive is your USB drive check with Windows Disk Manager. Once you are assured the correct drive is selected go ahead and click Install. No options need to be checked, the defaults are fine.
You will then need to copy the grldr file from the grub4dos package to the root of your USB drive. Finally finish off the install by creating a blank text file in the root of your USB drive called “menu.lst”.
You can now boot from this drive. Of course there aren’t any Linux distributions and utilities installed yet, so let’s move on to adding all the goodies.
When it comes to installing distros I’ll go ahead and quote Frank Castle as he puts it best.
For most of the distros I added, I started off with an iso version of it. I then extracted the isos either to my desktop or directly to the root of the thumb drive (or you could just copy the files from a burnt version of the distro, just as long as you get the files to the root of your thumb drive). Most Linux Distros come with 2 folders: a boot folder and another folder that actually holds the meat and potatoes of the distro. Since it would be impossile to have 6 or 7 different boot folders that don’t overlap on the same thumb drive (without multiple partitions…a route I tired to take for way too long) I simply renamed the boot folder to something like “bootbt3″ or “bootknop” depending on the distro, and just left the other folder as is. I then added the appropriate information by using the information by either:
1) Looking at the information provided in the syslinux or isolinux file in most linux distros
2) Looking at a (now taken down) webpage with tons of examples (appropriatly added to this tutorial under Examples.txt)
3) Trial and Error
Most distros fell under the first of these options: Backtrack 3, Backtrack 4, Knoppix, and Trinity Rescue Kit all worked fine under these conditions
Some distros fell under the examples webpage: these included Ubuntu LiveCD (a different example because there is no boot folder and way more than two folders, but it ended up working without changing any folder names) as well as some others
Few Distros fell into the third option, but the ones that did were a bitch and a half to get working. These included Kon-Boot and OPHcrack.
OPHcrack (the latest version – 2.3.0), a tool I have known, loved, and depended on (at least until I met Kon-boot…thank you) was a apparently different than any of the other distros because just copying the files from the iso… blah blah blah didn’t work. It turns out that you have to burn the Distro to a spare thumb drive using tazusb (Slitaz installer) from http://www.objectif-securite.ch/slitaz/tazusb.exe. You then copy these files to the root of your thumb drive and so on and so on. The second challenge was to get both versions of OPHcrack (XP and Vista) on the drive, since ALL of the files overlapped. It turns out that the only difference in the two verisons were the tables provided so I just copied the tables from one cd to the other and proceeded forward as usual.
Kon-Boot was yet another bitch of a thing to get running via USB. No matter what I did it would boot, load, and promptly go back to the Grub bootloader. After a few hours of trial and error, I discovered I had to tell GRUB to tell the BIOS that the hard drive was the first boot device, even though it was obviously the thumb drive, because Windows apparently won’t run at all if it isn’t the first boot device. This reqiured a few extra lines. Also, for some reason the .iso file wouldn’t work (I could never extract or even see the raw files of Kon-Boot), so i was forced to use the Floppy image (.img)
When it comes to customizing Grub its simply a matter of creating a 640×480 – 14 color splash screen image. This is easy to accomplish with the Gimp. Once you’ve created a 640×480 image you can crunch the colors be selecting Image, Mode, Indexed and entering 14 ad the maximum colors. Save this file as a XMP, then gzip it. Copy the gz to the root of your USB drive and prepend “splashimage /image.xpm.gz” to your menu.lst file.
Further information on customizing the grub menu.lst file for your specific distros can be found in the grub manual. As an example I’ll provide my config here:
splashimage /jozette.xpm.gz color blue/black yellow/blue timeout 120 title BackTrack 4 BETA root (hd0,0) kernel /bootbt4/vmlinuz vga=0x317 ramdisk_size=6666 root=/dev/ram0 rw quiet initrd=/bootbt4/initrd.gz boot title Kon-Boot-test map --mem /FD0-konboot-v1.1-2in1.img (fd0) map --hook chainloader (fd0)+1 map (hd1) (hd0) map --hook rootnoverify (fd0) title Memtest86 kernel /memdisk initrd /memtestp.img title ntpasswd kernel /ntpasswd/vmlinuz rw vga=1 initrd=/ntpasswd/initrd.cgz /ntpasswd/scsi.cgz initrd /ntpasswd/initrd.cgz title DBAN kernel /memdisk initrd /dban.img title SystemRescueCD kernel /rescuecd initrd=initram.igz video=ofonly vga=0 scandelay=5 initrd /initram.igz title FreeDOS root (hd0,2) kernel /memdisk initrd /freedos.img floppy title Ophcrack kernel /bootoph/bzImage rw root=/dev/null vga=normal lang=C kmap=us screen=1024x768x16 autologin initrd /bootoph/rootfs.gz
I’m sure there will be many questions and further development of this project so as I’ll go ahead and point you the episode 524 release thread on the Hak5 forums. Share your thoughts!
Don’t forget about our first ever official Hak5 Meetup at Busch Gardens Williamsburg on August 15th. Find all the details at hak5meetup.squarespace.com or RSVP on Facebook.
I do this and get Error 11: Unrecognized device string, or you omitted the required DEVICE part which should lead the filename.
Using Rick’s way! Any assitance!
Fantastic episode guys, are there any versions of the software for Linux? Also with this ‘little’ drive that I found you will never run out of room
http://www.mymemory.co.uk/USB-Flash-Drives/Kingston/Kingston-128GB-DT200-Data-Traveler-USB-Flash-Drive.
@starwolf:
Make sure you are using double -’s
i had the same issue then realized that rick’s post shows single -’s
example:
UN:F [1.7.8_1020]
Rating: 0 (from 0 votes)
title Hirens 9.9 ISO1
map (hd0,0)/Hirens99.iso (hd32)
map --hook
root (hd32)
chainloader ()
[...] [...]
Just to let everyone who doesn’t go to the forum know: plain old grub doesn’t work for konboot or booting from iso’s so even if you only run linux use grub for dos ’cause it apparently does things plain old grub 1 doesn’t do.
I just want to know if you can do this to something like the switchblade and boot all the goodies and still retain the switchblades functions even stuff like the hacksaw. I dont see why it wouldn’t work but has anybody actually preformed that yet?
Daren said,
Most distros fell under the first of these options: Backtrack 3, Backtrack 4, Knoppix, and Trinity Rescue Kit all worked fine under these conditions
But I spent a full day trying to ket Trinity to work and nothing I did got it working. Has anyone goten Trinity added to this multiboot? And if so can you share your menu.lst file. Thanks a lot.
@ rene see the forum topic for this episode
splashimage doesn’t work for me.
Hi,
I would like to install a few utilities as well as a Linux operating system on my USB drive so that I can run it on boot.
How can i partition my Cruzer 4GB so that I can also use it on Windows and boot it in dos.
Many thanks
if you want a partition manager check out GParted and here’s the working menu.lst entry
title GParted 0.4.5-2
root (hd0,0)
kernel /live/vmlinuz1 boot=live username=casper noswap vga=788 ip=frommedia
initrd=/live/initrd1.img
boot
Ya, i’m using the grub4dos method as well. More recent versions of grub4dos have the ability to boot off iso’s. Doesn’t seem to work with all iso’s, but majority i’ve tried work well.
And being that’s it’s just grub, you can boot them using other methods if the iso doesn’t work. I have a mix of iso’s, floppy images, and kernel/initrd’s.
so petousb is saying that all my usb’s a 4 gig geek squad one, a 2 gig sandisk cruzer don’t exist, both are u3. help?
I want to make a USB key with Hirens ,UBCD and UBCD4windows
I have got this to work with Hirens boot CD.
But I have no idea how to get UBCD and UBCD4Windows to work, any ideas?
http://diddy.boot-land.net/grub4dos/files/splash.htm
Please mention that you need to use a linux GIMP or this information to make a working splash screen. WIndows GIMP doesn’t format the XPM correctly.
i have never done anything like this and im not 100% sure how this works im new to all of these programs also does anyone know where i can find a little bit more information? i got all the iso im just not sure if i have to extract them and rename all of the boot folders or what let me know thanks in advance.
When I run the PeToUSB, it says “No USB Disks Found!” even though I have the USB plugged in, yes, it is plugged in. The USB disk is already formatted fat32, according to Windows. Then when I tried to run the GrubGui Installer, it does not have the disk showing up at all…
How come, when I try to do all the things on your show, none of them work for me?
Wicked… it works..
KoonBoot!
BT3 – USB edition
love it! I’m happy
Thanks guys!
[...] Click Here Categories: Projects Tags: Comments (0) Trackbacks (0) Leave a comment Trackback [...]
I don’t know if anyone is still looking at this, but I just found it a few days ago. I’m having a lot of trouble with this and can’t figure out what I’m not doing right. My usb is bootable, but will not show any of the live cds I’ve placed on it. The menu.lst is:
title BackTrack 3
root (hd0,0)
kernel /boot/boot.bt3/vmlinuz vga=0×317 ramdisk_size=6666 root=/dev/ram0 rw quiet
initrd=/boot/boot.bt3/initrd.gz
boot
title Trinity Rescue Kit
kernel /kernel.trk initrd=/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose
initrd /initrd.trk
title Kon-Boot
map (hd0,0)/FD0-konboot-v1.1-2in1.img (fd0)
map –hook
map (hd0) (hd1)
map (hd1) (hd0)
map –hook
chainloader (fd0)+1
rootnoverify (fd0)
title Hirens BootCD
kernel /HBCD/memdisk
initrd /HBCD/boot.gz
Any suggestions would be great. Thanks.
[...] a USB key to support multibooting on a single partition using the multipass methods describe in hak5 episode 524 and episode 602. Unfortunately I discovered my fancy semi-new MacBook (now called a Macbook Pro [...]
First off, This was a great episode… and some really usful information. Darren you Rock!
For those of you still having problems getting some of the different images working I stumbled across a tool that has worked 100% of the time for me when using ISO images. Freakish ones like BCD4WIN, Hires & Ultimate Recovery CD all worked.
Download Winbuilder it’s free and works in exactly the same way as defined above. It uses Grub4Dos and requires the Menu.lst file as the selection. Where things differ is in how it’s built. Winbuilder is at http://web.telia.com/~u75404714/instruction.html
There’s a script for converting the actual USB to bootable and puts the “whole ISO file” on the USB. You can then do all the config that is described above. You will not need to copy files to different directories just copy the whole ISO to a folder on the USB. As you add more images just create another folder put the ISO in it and update the menu.lst file. My assumption as to why this owrks with so many images is because it basically get’s the USB to just act like a bootloader and a CDrom drive.
- WJ
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Susan
http://carusbcharger.com
This Confuses me so much
i’m just trying to boot knoppix std and some other Os
I am getting this error when I run grub:
(title of form):
16 bit MS-DOS Subsystem
GRUB
The NTVDM CPU has encountered an illegal instruction
CS:0e71 IP:47a6 OP:9d 61 07 If Choose ‘Close’to terminate the application.
I have tryed pressing Ignore and this is what is displayed:
NTVDM.EXE has encountered a problem and needs to close.
And inside the actual GRUB cmd prompt this is displayed:
Probing ROM INT vectors. If hang, unload a device driver or TSR and try again.
00 01 02 03 04 05 06 07 08 09! 0A 0B 0C 0D 0E! 0F! (etc, etc)
My flashdrive is listed as disk 8 in Windows Computer Management and the Grub Installer only goes up to hd5. Any advice?
@harry
i had problems with grub not listing all the available drive numbers.
select disk 5, and then re open the drop down box and it should list more once it refreshes.
seems to be a limit on how many lines the drop box can display.
hope it works for ya!
@harry,
i had the same problem and found it easier to just use another computer.
Hi guys,
I was making a multipass USB with all the items listed below, odd thing is I can get TRK 3.3 to boot, find itself (i dont need to tell it SDA1), but it does not show the TRK menu selection (the submenu.lst) with all the chosices for antivirus, etc, it just vboots to a # prompt. Does anyone know what might cause this or where i can look. I have googling for 4 or 5 days, found some cool stuff but nothing to make it work.
So far i have Ubunut, Herins, spinrite 6, freedos, konboot, Backtrack 3, memtest, dban, ntpass, resuecd, gparted, cmdconsole
planning on adding UBCD4win, Helix 10, ghost 10, BT4 pr and Winxp win7 installers.
any thought welcome for getting trk working
\boot\trinity <=has all the boot files for trk3
\trk3 = 512mb, 256mb min)
kernel /boot/trinity/kernel.trk
append /boot/trinity/initrd=initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose pci=conf1 trkinmem VolLabel=MULTIPASS
label 3
I have the same problem as Mark. When I choose Trinity Rescue Kit from the grub-loader, it jumps straight into the default mode.. Anyone knows the solution to this problem? Would be much appreciated
Another thing aswell; I need to manually write the location of TRK during startup of TRK (which is on my Multipass). Is there a solution to this aswell?
Cheers!
HI ,
I Have 8 gig usb , and it give me error [7] failed to dismount Drive ??? ‘
on petousb 3.0.0.7
PLEASE Help ,
First Time I see hak5,
NICE 1 ,
Good Day , & thanx
I am using transcend 8 GB pen drive. While formatting the usb through the PeToUSB_3.0.0.7 i am getting an error as “formatEx Error[11]“. I went to disk management and formatted the drive using FAT 32 but still the error exist while formatting
was wondering if you could do this on a CD?
Ok, you all know when they were talking about Trinity Rescue Kit… and they said make sure that you format the USB Key and not your Hard Drive and you just knew that someone was going to do it… Well, it was me. Now I have a bit of an issue. When making the TRK USB I put everything that was on the Key on the Hard Drive, including my resume and its only copy, when I thought I was formatting the Key it wiped it out. I slave the drive and it show the drive as 4 gig. Im pretty sure that everything that was on the drive, all 75 gig, is probably still there and I just cant see it and get to it. I need any help that anyone can give me, anything, to retrieve the info. I have come to accept that I am going to have to reinstall the OS, but I would really like to get my info off if at all possible. I would really appreciate anyone’s help, PLEASE!
Doh123
Hi !
I did these settings on my USB.
menu.lst
color blue/black yellow/blue
timeout 120
title BackTrack 3
root (hd0,0)
kernel /boot/vmlinuz vga=0×317 ramdisk_size=6666 root=/dev/ram0 rw quiet
initrd=/boot/initrd.gz
boot
I have two folders one is boot folder and one is BT3 folder on the USB.
I am getting error when i boot from USB
find /menu.lst
find /boot/grub.lst
find /grub/menu.lst
@Doh123
If I am not too late and you still have the drive I have a suggestion for you.
Remove the drive from that computer and take it to one that you can install R-Studio (http://www.r-studio.com/) on. At $80 it is a life saver. I have used this twice and it saved me both times.
The first time I had a RAID 5 array of 8 SCSI disks and the controller card itself burned up. A data recovery company said it would cost $5000 to look at it and tell me if it was even possible to do anything and then it was $250 an hour after that and to expect it to take a full week. With R-Studio I was able to rebuild a virtual array of the individual disks and then recover all the data my self and it only took 2 days for the full recovery.
In the other instance I was called by a client to do data recovery because another computer company decided her computer needed a reload of Windows. I was able to recover the Quickbooks company files for her 6 client companies that she was an accountant for even after the hard drive had been formatted and Windows reinstalled.
In short, for the price it is worth owning this gem because at some point you will need it. I had two situations that I was sure were hopeless and it worked both times so give it a shot is all I can say.
Hi !
can anyone help me. I have posted my problem earlier.
Thanks.
ok in grub i cant find the disk i need my flash drive is set as (K) and is disk 5 in grub i only get up to hd4 so what iam i doing wrong what is a work around for this thanks
[...] This post was Twitted by jwhibner [...]
Hi Guys,
all is working sweet……i’m booting all the tools i want with a modified linuxmultiboot. due to the iso limited?? i trying to add open xp home, pro, vista and windows 7. I can do all these from single pens and wondered if anyone has the code for the menu to adopt for these to install, i get so far and then they blue screen.
cheers
I love this site ..Iv’e learned so much. I did get Hiren 10 to work
But BT4 did not .
Then a friend told me that i needed to change the menu.lst file.
Use this if you can’t start BT4
title BackTrack 4 (Hak5)
root (hd0,0)
kernel /bootbt4/vmlinuz boot=casper persistent ramdisk_size=6666 root=/dev/ram0 rw quiet
initrd=/bootbt4/initrd.gz
boot
I took out the. ( vga=0×317 )
and added. ( boot=casper )
Because,,,
From the BT4 CD you are going to copy over the Boot Folder and Casper Folder.
I’m not sure why the Casper Folder is not on the video..
HHMMMM …..
Oooh and one more thing if your multi pass dose not work.
Before you give up try using a different PC.
Some config in the BIOS. i don’t know.
I do have a question .
How can I make my multipass OS persistent?
Like if I change my backgrounds in BT4 and add photo’s
how can i make it save the settings.
HHHHHmmmmmmmmm?
[...] still in the first stage, using episode 524 of Hak5 “USB Multipass.” to work out the basics of booting GRUB from the flash drive. I’ll probably start by booting [...]