Encrypted-Persistence USB Parrot Security 4.7

HELP!?!? I want to make an Encrypted-Persistence USB with Parrot Security 4.7
I followed the well written tutorial (https://community.parrotlinux.org/t/tutorial-parrot-3-11-encrypted-usb/241) but it simply DOES NOT WORK. I don’t know if the problem is the version difference, or the tutorial is incorrect? I am an advanced PC tech, but newbie to Linux. I created a USB with balenaEtcher on FAT32. I got very stubborn and tried to follow this 3.11 tutorial at least 8-9 times. I tried it on 2 different Intel based computers, 2 different USB’s (different brands/sizes), I tried it booted from LiveUSB and also booted from Encrypted-Persistence. I am doing all commands from sudo. Everything “seems” to be going as instructed, and I end up with the persistence.conf in mnt/my_usb dir, but when I reboot, everything is erased again as if I did nothing (new partition(s) are still there in fdisk, but no persistence.conf or text text files in Documents). Can someone please make a suggestion what can be going wrong, or provide a WORKING tutorial for Parrot Security 4.7 Encrypted-Persistence USB?

have a look at THIS
works for me!
read it carefully! you dont need point 1 :wink:

Thank you for the suggestion. I checked your link, but it was virtually the same directions as the previous 3.11 tutorial with the exception of the “$device_name” which really did not change the actual function. Have you tried this tutorial you suggested and verified it works and retains files after reboot? I don’t doubt I am doing something wrong, but after doing so MANY times I can not believe I am not following directions properly. I welcome further suggestions…

yes, it works. trust me.
what does not work? where do you fail?

ALL commands lines in tutorial work as expected. But when I reboot (encrypted persistence), there is no encrypted password verification, and all saved documents are gone, and all new users are gone. However if I create a document in the second “parrot” drive folder, it remains OK (left pane on Files).

At this point I am suspecting that my problem is my partitions, please advise me.
Until today, I had created FAT32 partitions and then tried to do the changes outlined in the 3.11 tutorial. Today I tried something different, I used a second USB to boot Parrot Live, from there I created a single ext4 partition on the target USB (16gb), I rebooted back into the first drive with Parrot Live, and used balenaEtcher-linux to write the Parrot files to the target USB. I was able to boot from the target USB, with the results afore stated. Now here is where I think I did something wrong… when I am booted unto the target USB and sudo fdisk my USB, I have these FOUR partitions:

sdb1 * Hidden HPFS/NTFS 4G
sdb2 FAT12 736K
sdb3 Extended 10.6G
sdb5 CP/M 721.6G (Really? It is only a 16gb drive!)

How did I do that I don’t know!!??! “usually” I’m pretty smart, but not here for sure!

Perhaps if you can provide me a better way to partition my 16gb USB and install the Parrot files on it, maybe the tutorial instructions may work as expected?

lets try it step by step mate :wink:

  1. flash parrot.iso with etcher to the target usb-stick
  2. use partitionmagic or another linux to resize the usb-stick partition to create a new partition on it. label it persistence.
  3. then boot from the usb-stick parrot live
  4. open a browser, go to the forum and copy the script to your live system. make it executable and run it. choose the right partition (maybe /dev/sdb) that you have created before.
  5. Now boot into Encrypted Persistence Mode

OK, lets imagine for the moment that I am ignorant (and considering my limited linux knowledge it is a close truth). You have described pretty much everything I have done several times already, so there must be some step or information you are assuming I know, or is omitted from the tutorial.

Lets go step by step, from your last post…

  1. What partition size/format do you want me to expand the parrot.iso in to?
  2. I can use Acronis (my preference) of gparted, or PM, but WHAT size/format do you want the two partitions? (16gb USB)
  3. OK
  4. I don’t know how to “make” an executable in linux, but I can type each line in the terminal (sudo) correctly and appropriately. (side note is in the tutorial it always asks 3 questions, sector start, end, and desired partition number. I always just use default.)
    4a. Lets assume after creating the partitions I will have sdb1 and sdb2, which partition do I install the cryptsetup? sbd2?
  5. Everything works 100% through #4, every time I try it, but when I reboot to “Encrypted Persistence” I end up with the malfunctioning results stated previously, and not encrypted, nor persistently retaining test files.

Please forgive my linux ignorance, if we were talking about page long DOS batch files I could write & edit them no problem, but linux appears to have different rules & commands. Thank you for helping me though this.

tested and it works!

i think i have found your problems! :wink:

Flash parrot.iso with etcher and then boot from the stick in Live Mode.

  • Open a terminal and type:
sudo fdisk /dev/sdb
p       ## for Print ## 

you should see 2 partitions on the usb-stick (if not create a second one … not a third one)

then type:

n        ## for new ##
p        ## for Primary ##
3        ## create a third one / or 2 for second one ##
enter 
enter 
w        ## for write ##

  • now insert to content from below to a file and save it as EncryptedPersistence.sh
#!/bin/bash

fdisk -l /dev/sdb

echo "Enter Device Name [sdb1, sdb2, etc]: "

read device_name

cryptsetup --verbose --verify-passphrase luksFormat /dev/$device_name

cryptsetup luksOpen /dev/$device_name parrot

mkfs.ext4 -L persistence /dev/mapper/parrot

e2label /dev/mapper/parrot persistence

mkdir -p /mnt/parrot

mount /dev/mapper/parrot /mnt/parrot

echo "/ union" > /mnt/parrot/persistence.conf

umount /dev/mapper/parrot
  • Make it executable
sudo chmod +x /path to file/EncryptedPersistence.sh
  • and finally run it
sudo bash /path to file/EncryptedPersistence.sh

Now choose the sdb3 (or sdb2) partition and set a passphrase

When complete reboot and start again but now in Encrypted Persistence Mode

If this doesnt work i will send you a stick! :wink:

It works! A BIG THANK YOU for all your time & effort to help me!

Now it retrospect I think I know what the problem was… both tutorials stated to make the new partition “extended” and you said “primary”, that was the only tangible difference I can see in all of this. My finished partitions are: sdb1= *boot 4gb Hidden HPFS/NTFS, and sdb2= 10.6gb Linux.

I was unable to properly run the EncryptedPersistence.sh, I ran it “sudo bash /home/user/Desktop/EncryptedPersistence.sh” but EVERY line came back with an error like “line 2: $’\r’: command not found : No such file or directory”, I don’t know why, but after that epic fail, I just typed in commands as you instructed in line by line with the exception that I omitted the top 4 lines and substituted “sdb2” for “$device_name”. Bottom line is, it works now! Thank you.

1 Like

that happens when you edit the file under windows. you have to open it with an editor (pluma) and save it as - Select “Line Ending Unix/Linux” and save it. :wink:

Thank you for all my education, you are appreciated!

1 Like

you welcome!

1 Like