93 - Boot almost ANY linux ISO from a grub4dos USB drive (e.g. Tails, BackTrack or even Ophcrack)!

Tutorials, How To's and Guides‎ > ‎

93 - Boot almost ANY linux ISO from a grub4dos USB drive (e.g. Tails, BackTrack or even Ophcrack)!

This method can be used to boot most 'difficult' linux ISO files (including Ophcrack).

Contents

1 Introduction
2 Method
3 Run Ophcrack from an ISO
4 More Examples

RMPrepUSB Blog - please leave a comment or feedback on RMPrepUSB or this Tutorial (please mention Tutorial number).

Use any computer without leaving a trace with Tails!

Tails is a Debian based linux which leaves no trace of you ever having used the system.

Tails can be installed to a USB Flash drive, and can be booted from an ISO file on a multiboot USB boot drive if you use the cheat code 'findiso' which luckily Tails supports. See this post from Ilko which shows how the findiso cheat code can be used. A tested and working grub4dos menu.lst entry from that post is shown below (as the post is formatted badly!):

Note: if booting from a USB hard disk, then the ISO must be in the root of the drive and you must remove the live-media=removable cheat code!

title Start tails-i386-0.15 LIVE (persistent)
#http://dl.amnesia.boum.org/tails/stable/tails-i386-0.15/tails-i386-0.15.iso
#add a casper-rw ext2 file to your USB drive using RMPrepUSB Create ext2 FS button for persistence
set ISO=/tails-i386-0.15.iso
ls %ISO% > nul || find --set-root --devices=hf %ISO%
map %ISO% (0xff) || map --mem %ISO% (0xff) || map --mem --heads=0 --sectors-per-track=0 %ISO% (0xff)
map --hook
root (0xff)
#note kernel line below is one long line followed by one initrd line
kernel /live/vmlinuz findiso=%ISO% boot=live config live-media=removable persistent noprompt quiet timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash nox11autologin module=Tails quiet
initrd /live/initrd.img
root (bd)

However, this tutorial shows another method of adding a linux ISO to your grub4dos multiboot USB drive which will work with almost 100% of linux ISOs!

This method should work with almost ANY linux ISO file, even those that do not have a cheat code for post-loading of the ISO file!

The method described below was previously outlined by cdob on reboot.pro here. This method can be used with many linux ISOs but may be particularly useful if you have an NTFS boot partition but the linux version you want to boot to does not support the NTFS filesystem. This method is used by Easy2Boot (a multiboot USB drive that will boot almost any boot able file just by copying it on!).

PLEASE NOTE: Your boot USB drive must not have more than 3 primary partitions. This procedure makes an entry in the the fourth partition entry in the partition table.

Introduction

Once you create your Tails boot disc, you'll be ready to reboot your computer from a USB drive into an encrypted and private operating system preloaded with all the software you'll need to browse the Web, email, IM, and edit documents.

Built-in online anonymity: The key feature that's going to appeal to most people is Tails' built-in online anonymity. This comes in the form of the customized web browser Iceweasel built using the anonymous Web browsing technology from Tor. The browser also includes popular security extensions like HTTPS Everywhere for secure browsing, Adblock Plus to block ads, and NoScript to block Java and Flash. Other than those features, the web browser works exactly like you'd expect a web browser to work.
Built-in encrypted email and chat: Additionally, you also get encrypted and private messaging. Tails includes the Claws email client with OpenPGP for email encryption and the instant messaging client Pidgin with an OTR cryptography tool that encrypts your IM conversations.
Built-in file encryption: When boot Tails from a USB drive instead of a DVD, you can save documents to the thumb drive and they're automatically encrypted using an encryption specification called LUKS. (Since the DVD is read-only, you can't save any files - which is its own form of security.)
A full suite of editing software: On top your web access being private you also get a full suite of work and creative software. Tails comes preloaded with Openoffice for editing documents, Gimp for editing photos, Audacity for editing sound, and lots more additional software

Method

This tutorial assumes that you already have a grub4dos multiboot USB drive. If you do not already have one, then make one using RMPrepUSB (follow steps 1 and 2 in this tutorial)

Again, be aware that the new grub4dos menu will write a new partition table entry on your USB boot drive (a fourth entry) - this will destroy any existing partition entry that may already be in the fourth position!

Typically most bootable USB drives have only one or two partitions. You can check the four partition table entries on your USB drive using RMPrepUSB - Drive Info - 0.

Booting Tails direct from an ISO also prevents any malware from changing any files in Tails.

NOTE: Tails does not boot from a USB Hard Disk (FAT32 or NTFS) using the partnew method described below!

Step 1

Download the Tails ISO and copy it to your USB drive (the Torrent is much faster!). The developers behind Tails recommend you verify your Tails ISO to make sure it's an officially released version that hasn't been tampered with. They have instructions on their website for Windows on how to do this.

Step 2

Edit the menu.lst file (press F4 in RMPrepUSB to load it into Notepad). Add the following text to your menu (make sure the set ISO= line has the exact same name as your ISO file)..

# GENERIC ANY LINUX BOOT FROM ISO TECHNIQUE

# This menu can be used for to boot any linux iso file

# It is especially useful if your boot drive is NTFS but linux does not understand NTFS once it boots and so cannot boot further

# WARNING: permanently alters the boot device's partition table (adds a 4th ptn entry)!

# Use with care as it will obliterate ptn 4 on the boot device if it already exists!

# see http://reboot.pro/topic/9916-grub4dos-isohybrided/page-2#entry88531 for details

iftitle [if exist /tails-i386-0.15.iso] Tails (boot from ISO)
set ISO=tails-i386-0.15.iso
# check and make an empty table entry in 4th position in ptn table
parttype (hd0,3) | set check=
set check=%check:~-5,4%
if "%check%"=="0x00" partnew (hd0,3) 0 0 0
if not "%check%"=="0x00" echo WARNING: PTN TABLE 4 IS ALREADY IN USE! && pause && configfile /menu.lst
ls (hd0,0)/%ISO% && partnew (hd0,3) 0x00 /%ISO%

map /%ISO% (0xff)

echo -e \r\n

map --hook

root (0xff)

chainloader (0xff)

Step 3

Test your menu entry on a REAL SYSTEM - it won't work under QEMU because disk writes will not work correctly under QEMU!

Note: Once the menu entry has been run, you will have a (nonsensical, bad, duff and overlapping) 4th partition entry (but of type 0 so Windows should not see it).

The new 4th partition will be set to start at a position just after the start of the ISO file and the partition length will be set to the length of the ISO file. It will look to linux as if there is a valid CDFS filesystem in partition 4 which linux will mount and then access for the rest of it's boot files (squashfs, etc.).

Run Ophcrack from an ISO

Ophcrack will boot from an ISO using this 'partnew' method, however it will be unable to find the \tables folder on the 4th partition on the USB drive.

The easiest way to fix this is simply to extract the \tables folder from the ophcrack ISO(s) and place it in the root of your USB drive (USB:\tables\xxxx).

You can add both the XP and Vista/7 tables to the same \tables folder and thus be able to crack XP/Vista/7.

However, if you don't want to add the large \tables folder...

Ophcrack version 3.4.0, do the following:

1. After booting from the Ophcrack ISO file, launch the bash shell by clicking on the black square icon at the top left of the Desktop

2. Type su and use the password root to get superuser access rights

3. We need to mount the ISO partition (4th partition) which is normally sdb4 on a single disk system - so type

mkdir /media/oph
mount /dev/sdb4 /media/oph

Note: This example assumes that your USB device will be the second disk in your system (i.e. the system has just one internal hard disk, sda, and no other external drives connected), if you have several drives connected, you may need to specify sdc4 or sdd4 rather than sdb4.

...try this procedure if you are not sure what device the 4th partition of the USB drive has been detected as by linux...

First click on My Documents folder on Desktop and then click on the drive symbol for your USB drive - if you have clicked on the correct USB drive, it should immediately change it's name to SliTaz ophcrack and you should be able to see a tables and boot folders within it, then in a console window, now type ...

mkdir /media/oph
mount

(look at what \dev\sdx4 device is mounted as /media/SliTaz ophcrack - e.g. it could be /dev/sdb4). The entry should always end in 4 as it is the fourth partition.
In the Explorer GUI window, right-click on the SliTaz ophcrack device and choose Unmount File System to unmount it. Now mount it to sdb4 by typing...

mount /dev/sdb4 /media/oph

4. Now double-click on the Launcher desktop icon and choose 'Search' from the Ophcrack Launcher menu list

Here is an example grub4dos menu.lst entry (cut and paste it into your menu):

# make empty table entry in 4th position in ptn table before running any menu entry
parttype (hd0,3) | set check=
set check=%check:~-5,4%
if %check%==0x00 partnew (hd0,3) 0 0 0
if not %check%==0x00 echo WARNING: PTN TABLE ENTRY 4 IS ALREADY IN USE! && pause

# menu entry for Ophcrack ISO

title (ISO) OphCrack Password Cracker XP 3.4.0 from ISO (using partnew)\nTo find the tables type: su root, mkdir /media/oph, mount /dev/sdb4 /media/oph and then run Launcher.
set ISO=/ophcrack-XP-livecd-3.4.0.iso
find --set-root %ISO%
parttype (hd0,3) | set check=
set check=%check:~-5,4%
if %check%==0x00 partnew (hd0,3) 0x00 %ISO%
if NOT %check%==0x00 echo ERROR: Partion Table entry 4 already exists - so will not map %ISO% to ptn 4 ! && pause --wait=3 && configfile /menu.lst
map %ISO% (0xff)
map --hook
root (0xff)
chainloader (0xff)

More Examples

See here for a list of ISO files that have been tested.

Some linux ISOs can be found on this page - here are some I tested and worked...

title raring-dvd-i386.iso\nEdubuntu 13.04 Alpha 1 Test Build
set ISO=/raring-dvd-i386.iso
find --set-root %ISO%
parttype (hd0,3) | set check=
set check=%check:~-5,4%
if %check%==0x00 partnew (hd0,3) 0x00 %ISO%
if NOT %check%==0x00 echo ERROR: Partion Table entry 4 already exists! && pause --wait=3 && configfile /menu.lst
map %ISO% (0xff)
map --hook
root (0xff)
chainloader (0xff)

title systemrescuecd-x86-3.1.2.iso\nSystemRescueCD
set ISO=/systemrescuecd-x86-3.1.2.iso
find --set-root %ISO%
parttype (hd0,3) | set check=
set check=%check:~-5,4%
if %check%==0x00 partnew (hd0,3) 0x00 %ISO%
if NOT %check%==0x00 echo ERROR: Partion Table entry 4 already exists! && pause --wait=3 && configfile /menu.lst
map %ISO% (0xff)
map --hook
root (0xff)
chainloader (0xff)

title Load xbmcbuntu-12.00-RC1.Intel-NVIDIA.iso
debug off
# set the path and filename on this next line
set ISO=/_ISO/Linux/xbmcbuntu-12.00-RC1.Intel-NVIDIA.iso
# make empty table entry in 4th position in ptn table
parttype (hd0,3) | set check=
set check=%check:~-5,4%
if "%check%"=="0x00" partnew (hd0,3) 0 0 0
if not "%check%"=="0x00" echo ERROR: PTN TABLE ENTRY 4 IS ALREADY IN USE! && pause && configfile /menu.lst
# map the iso file to a partition
ls %ISO% > nul && partnew (hd0,3) 0x00 %ISO% > nul
debug 1
map %ISO% (0xff)
echo -e \r\n
map --hook
root (0xff)
kernel /casper/vmlinuz boot=casper live-media-path=/casper nopersistent quiet splash --
initrd /casper/initrd.lz

This method also works with BackTrack 5 ISO files (but persistence does not work).