For some time, there has been a bug in the cryptroot script that makes it odd when you enter your passphrase. Some, including me, have also found it kind of annoying that you have to press the F8 key to get to the console to enter your passphrase.

I have updated the how-to with the fix for the cryptroot bug and with instructions on how to remove the splash screen and boot straight to console mode.

Many thanks for James and Greg for figuring out how to so this.

Included below are the instructions which were added to the blog post. These steps can also be taken to correct an already built Backtrack USB drive. Simply boot the drive and follow the instructions below.

-Kevin

Fixing the Passphrase Entry Bug

When we boot our USB drive, it will appear to be stuck on the splash screen. What is actually happening is that the system is waiting on us to enter our luks password. We have two choices for doing so.

The first is to just type it in when we see the splash screen. This works as long as we have waited long enough for the system to be ready for us. However, it's kind of hard to tell what's going on.

The second option is to press the F8 key which takes us to the console. There we will see the system waiting for us to enter our passphrase and this is where this odd bug shows up.

Initially, it will look like 4 characters have already been entered. They haven't been, but that's what it looks like. Then, every type we press a key, it will reprint the line asking us to enter our passphrase. It is actually taking the input correctly, but, man, it's annoying 🙂

We can fix that. Greg M and James had a conversation in the comments about this topic and found the resources needed to fix it. James was kind enough to send me the changes that need to be made.

As mentioned, the problem is with the cryptroot script. This script is the script that requests our passphrase and mounts the encrypted volume. Kind of important stuff.

Greg and James used a patch file found in this post in the Backtrack Linux forums. Below I have included the actual changes to be made. Alternatively, you can use a patch file. The commands to perform the patch are as follows. BTW - that's a zero in the patch command.

Warning: You can make your system unbootable if the cryptroot script gets corrupted.

cd ~

wget http://www.infosecramblings.com/cryptroot.patch

patch -u /usr/share/initramfs-tools/scripts/local-top/cryptroot ./cryptroot-patch

If you prefer to do it the manual way, open the file /usr/share/initramfs-tools/scripts/local-top/cryptroot in your favorite editor. Go to line 275. You should see the following:

# Try to get a satisfactory password $crypttries times
 	count=0
 	while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do

Add the following line right after 'count=0'

echo "Unlocking the disk $cryptsource ($crypttarget)"

The section should now look like this:

count=0
echo "Unlocking the disk $cryptsource ($crypttarget)"
while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do

Next, skip down to line 291 and you'll see a the following:

if [ -z "$cryptkeyscript" ]; then
    cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: "
if [ -x /bin/plymouth ] && plymouth --ping; then

Replace the middle line, the one that starts with cryptkey, with:

cryptkey="Enter passphrase: "

so that it now looks like this:

if [ -z "$cryptkeyscript" ]; then
    cryptkey="Enter passphrase: "
if [ -x /bin/plymouth ] && plymouth --ping; then

That's it. Save the file and we are ready to rebuild initrd. To do that, execute the following command.

update-initramfs -u

Now, if having to press the F8 key at boot bugs you, you can change the boot sequence to go directly to the console.

Warning: You can make your system unbootable playing around in here 🙂

To make the system boot to the console, edit the /boot/grub/grub.cfg file, search for the word 'splash', without the quotes, and delete the word  splash and only that word. The line will end up looking like this:

linux /vmliunx-3.2.6 root=/dev/mapper/vg-root ro text vga=791

If all goes well, you are now ready to cross your fingers and reboot.

{ 0 comments }

Guess or Know?

by kriggins on March 7, 2012

in Uncategorized

Stanford, and other colleges, have started offering some courses online for free. You can see one such portal here. I have started one and a couple others are starting soon. Very good stuff.

Anywho, Several of us were talking on Twitter this morning about a couple of them and the following exchange occurred.

That got me to thinking a little bit about guessing and keeping quiet.

How often in our efforts as security professionals do we guess we know something and don't ask a question?

How often do we assume somebody else knows something and don't offer a comment or provide information?

I know that I have been guilty of both on more occasions than I can count and will be guilty of both many more times in the future.

However, I'm going to work on getting better. Like my tweet above says, it's better to know than to guess.

Which brings up another point. Please folks, don't get offended or snotty when somebody tells you something you already know. That's just rude, particularly, when they have your best interests in mind.

What do you think?

-Kevin

{ 3 comments }

Hey folks.

Two updates in one day. 🙂

The PDF of the how-to is now available. You can find it here.

-Kevin

{ 4 comments }

 

Just a quick note to let everybody know that I have confirmed that the Backtrack 5 "Full Disk" Encryption How-to works just fine with the R2 release. However, I did update the how-to with a couple changes:

  • lvm2 is now part of the ISO in the R2 release. That means we no longer have to use apt-get to install it. However, we still need to install hashalot, so it doesn't save us a step.
  • Added a note at the end about using dd to backup your install per a very good suggestion by Richard in comment 241.

As I was updating the how-to, WordPress helpfully removed most of my formatting. Ugh. I think I have things at least readable and usable at this point. I will be going back and cleaning up more this weekend.

If you notice any problems, please let me know.

-Kevin

{ 0 comments }

RSA, SecurityBsides San Fran and Me

by kriggins on February 22, 2012

in Announcement, Conferences

Hi folks. Just a quick note to let you all know that I am moderating a session at RSA next week. The title is Cloudy with a Chance of Risk.

From the catalog:

Cloud computing brings with it a need to modify our risk assessment and risk management efforts to incorporate the somewhat unique challenges that a distributed, scalable, location independent architecture brings. This session will explore real world instances of how individuals are addressing this complex issue, resulting in some pragmatic steps that can be used in the real world.

The session is on Wednesday, the 29th at 1:00 in room 111.

I will be spending my time wandering between RSA, SecurityBsides and the hallways. Look me up if you want to chat. The best way to reach me is via twitter using my @kriggins account. Yes, it's protected so you will have to follow me if you want to see any responses to meet-up queries 😉

I look forward to connecting with friends and making new ones.

Kevin

{ 0 comments }

Here are today's Interesting Information Security Bits from around the web.

  1. "This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure apps. It may however also be of interest to project managers of smartphone development projects. "
    Smartphone Secure Development Guidelines -- ENISA
    Tags: ( appsec guide enisa smartphone)
  2. A reverse engineering challenge for you.
    AthCon 2012
    Tags: ( challenge reverse-engineering)
  3. Very cool.
    TaoSecurity: Dustin Webber Creates Network Security Monitoring with Siri
    Tags: ( siri network-security)
  4. Tom's excellent guide to Facebook's privacy and security settings has gotten an update. Go use it.
    Social Media Security >> Facebook Privacy & Security Guide Updated to v3.0
    Tags: ( facebook privacy)
  5. Richard points out this report which you really ought to read. Good stuff in there.
    TaoSecurity: Thoughts on 2011 ONCIX Report
    Tags: ( issb report)
  6. Wow. This is pretty amazing. Fraudsters used cell phone number porting to steal money.
    Fraudsters beat two-factor authentication, steal $45k
    Tags: ( multi-factor sms fraud )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Here are today's Interesting Information Security Bits from around the web.

  1. Dave speaks truth here. You should read and take to heart what he says.
    ShackF00 >> Doom, Gloom, and Infosec
    Tags: ( general career)
  2. This is a very nicely penned perspective on risk analysis, threat centricity and the impact that not knowing what your assets are and what they are worth has on your risk assessment processes.
    Assets, Black Swans, and Threat-Centrism - The Falcon's View
    Tags: ( risk )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here are today's Interesting Information Security Bits from around the web.

  1. Here is a list of links to the videos from SkyDogCon.
    SkyDogCon 2011 Videos (Hacking Illustrated Series InfoSec Tutorial Videos)
    Tags: ( video skydogcon)
  2. This is a three part challenge with packet analysis, steganography, and reverse engineering.
    SecuraLabs Challenge #2 << SecuraBit
    Tags: ( iis challenge)
  3. Here is an excellent process for attacking forensics challenges. Heck, it's a good process for any forensic engagement.
    Windows Incident Response: DF Analysis Lifecycle
    Tags: ( forensics process)
  4. Chris is a good friend of mine and he penned a missive about self-improvement, perception and feedback, among other things, that everybody should read.
    Personal Risk Management << Risktical Ramblings
    Tags: ( general career )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Here are today's Interesting Information Security Bits from around the web.

  1. Challenges are good for you. They make you use your grey matter 🙂
    [FortiChallenge 2k11] Hint #2 | Fortinet Security Blog
    Tags: ( challenge cryptography)
  2. Some common mobile app vulnerabilities.
    Carnal0wnage & Attack Research Blog: Common mobile app vulnerabilities
    Tags: ( )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Here are today's Interesting Information Security Bits from around the web.

  1. A nice review of this book.
    Security and risk: Book review: Social Engineer - The art of human hacking by Chris Hadnagy
    Tags: ( books)
  2. Nice article and story that drives home the point that not EVERYTHING is classified or needs to be.
    Security Musings >> Blog Archive >> "I think they already know about the mountains, sir."
    Tags: ( general )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }