Multi boot BT5 from USB via GRUB2: Persistent Changes & Make your own Respun ISO


Note: These instructions are for OS X or FreeBSD hosts. You'll need to interpret them differently on Linux, and some commands may be missing from your base system.
Update: Blackcat Studios rewrote the script to work with Linux. I've attached a copy at the end of the page.

Backtrack 5 R3 was recently released and I decided it was a good time to rebuild my USB key. I'd had occasions where I wanted to use it to boot different OSs instead of just Backtrack so I decided I'd go with the Multiboot ISO via GRUB2 method. Unfortunately I found that BT5 *still* doesn't support the iso-scan/filename parameter. No matter. We'll just respin the initrd.

Update: The fix is a little different and more complicated, for R3 so I replaced most of this guide with a shellscript (attached).

First download the shellscript and mount the iso somewhere.

$ chmod +x ./rebuild-initrd.sh
$ ./rebuild-initrd.sh /Volumes/BT5/casper/initrd.gz

Now you have a patched initrd.gz. Let's set up the USB key.

Partition it however you want, but take note: the core.img file that grub-install copies to the boot sector is 24172 bytes long - I had to start my first partition on sector 2 in order for it to install.
Format the key (i'm using vfat, ntfs or anything that grub2 supports should work), mount, install grub and copy your initrd into the boot directory that is created:

$ mkfs.vfat /dev/sdb1 -n KNOWLEDGE
$ mount /dev/sdb1 /media/KNOWLEDGE
$ grub-install --root-directory=/media/KNOWLEDGE /dev/sdb
$ cp ../initrd.gz /media/KNOWLEDGE/boot

And of course copy the bt4 iso to the key:

$ mkdir /media/KNOWLEDGE/iso
$ cp ~/Downloads/bt5-gnome-32.iso /media/KNOWLEDGE/iso

grub2 is configured by editing the /boot/grub/grub.cfg file. Here's my section for bt4:

menuentry "BackTrack 5 Revolution" {
insmod vbe
loopback loop /iso/bt5-gnome-32.iso
linux (loop)/boot/vmlinuz file=(loop)/casper/custom.seed boot=casper nopersistent rw vga=0x317 iso-scan/filename=/iso/bt5-gnome-32.iso media-path=(loop)/casper
initrd /boot/initrd.gz
}


Reboot and enjoy the speed of BT4 :) You can add other ISOs (see the Multiboot ISO example above for more examples.)

Persistent Changes

Persistent changes with the above setup are actually really easy. First, make an ext3 partition on the usb key  with the label casper-rw, eg:

# mkfs.ext3 /dev/sdb2 -b 4096 -L casper-rw

the -b 4096 sets the blocksize to 4096, a sensible setting for usb.

Now just change the "nopersistent" entry in the grub.cfg above to "persistent", eg:

linux (loop)/boot/vmlinuz BOOT=casper boot=casper persistent rw vga=0x317 iso-scan/filename=/iso/bt5r3.iso

Simple!

Respinning the ISO

After a few updates and customisations, your changes drive can start to get a bit full and BT will start to slow down. Mine is currently 2.2gb - bigger than the actual squashfs on the iso!
I think its time to replace the squashfs and respin into a new ISO...
Note: If you're respinning from a virtual machine, you can just mount the iso here, but you will need another partition to act as scratch space while you regenerate squash and the iso.


Step 1: mount up the ISO.
# mkdir /tmp/iso /tmp/squash
# mount -o loop /media/KNOWLEDGE/iso/bt5r3.iso /tmp/iso

Step 2: mount the squashfs and changes. Skip if respinning from VM

# mount -o loop /tmp/iso/casper/filesystem.squashfs /tmp/squash

Now the changes drive... 

# mkdir /tmp/changes
# mount /dev/sdb2 /tmp/changes

Now we'll merge the two using an aufs mount, this is the same way that casper does it:

# mkdir /tmp/merged
# mount -t aufs -o br=/tmp/changes=rw:/tmp/squash none /tmp/merged

And after a quick cleanup of /root it's time to make a new squashfs based on our merged tree above:

3. Create the new squashfs. If respinning from a VM, substitute / for /tmp/merged here.
# apt-get install squashfs-tools
# mksquashfs /tmp/merged /media/isoscratch/bt5r3.squashfs -e /dev /proc /sys /home/cartel

These steps are nescessary to make sure that required directories are present once squash is mounted
# cd /tmp; mkdir fixsquash; cd fixsquash; mkdir dev proc sys
# mksquashfs /tmp/fixsquash /media/isoscratch/bt5r3.squashfs

mksquashfs supports multiple processors so if you're doing this under a VM make sure to enable more than one core if you can because this bit will take a while...

4. When it (finally) completes, it's time to respin the iso. Unmount everything above except the iso mount and make sure genisoimage is installed:

# umount /tmp/merged /tmp/squash /tmp/changes
# apt-get install genisoimage

We can leverage aufs to make generating the new iso easier, and we may as well mix in our respun initrd as well.
You can also update the kernel here, if you wish.

# mkdir -p ~/bt5changes/casper
# ln -s /media/isoscratch/bt5r3.squashfs ~/bt4changes/casper/filesystem.squashfs
# cp /media/KNOWLEDGE/boot/initrd.gz ~/bt4changes/casper/initrd.gz
# mkdir /tmp/newiso
# mount -t aufs -o br=~/bt5changes=rw:/tmp/iso none /tmp/newiso
# cd /tmp/newiso

You can update the md5sum.txt file if you want:

# find . -type f | xargs md5sum > md5sum.txt

I didnt bother with updating the manifests. It's probably just some flag to dpkg - if you know how to do it add a comment below.

Finally let's generate the updated iso.

# genisoimage -R -b casper/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -o ~/bt5-r3-respin.iso /tmp/newiso

After spinning up the new iso in Virtualbox and verifying that it works, we can unmount everything and replace the iso on our USB key.

# cd /
# umount /tmp/newiso /tmp/iso ~/bt5changes
# cp ~/bt5-r3-respin.iso /media/KNOWLEGE/iso/bt5-r3.iso

In our grub.conf we no longer need to reference the external copy of the initrd:

initrd (loop)/boot/initrd.gz

And we can flush the casper-rw partition ready for a new round of changes.

 # mkfs.ext3 /dev/sdb2 -b 4096 -L casper-rw


Č
ċ
initrd.bt5.gz
(17765k)
Thomas Cartel,
Jul 28, 2011, 4:51 PM
ċ
initrd.bt5r3.gz
(17089k)
Thomas Cartel,
Aug 14, 2012, 3:32 AM
ċ
rebuild-initrd-linux.sh
(1k)
Thomas Cartel,
Jul 27, 2012, 7:55 PM
ċ
rebuild-initrd.sh
(1k)
Thomas Cartel,
Jun 13, 2011, 3:32 PM
Comments