As previously promised on another thread, here is the tutorial on how to get BT3 (Final or Beta) to work under Windows without rebooting, with persistent changes on the same FAT32 (or NTFS) "folder" using your HD or USB key.

1. Go to this site and follow ALL the instructions exactly as mentioned there. This will get you used to running Pen Drive Linux (PDL)
on your machine while on Windows. After you are familiar with this and got everything working (including Persistent changes),
then and only then proceed to Step #2.
http://www.pendrivelinux.com/2007/09/19/portable-qemu-persistent-pendrivelinux/

EDIT: IMPORTANT:

-->
Once you boot into PDL with its GNOME, fire up a terminal (it should be under Accessories; root password is pendrivelinux), and type the following:

# cd /
# mkdir changes
# poweroff

Note: Don't save many changes, just test if the persistent changes work by changing the background for example, rebooting, and checking if its the same. Also make sure the changes directory you just created under / survived the reboot.
<--

2. Create a folder and name it BT3_within_windows. Place the following inside it from the previous PDL installation:

- The qemu folder and all its contents
- The LaunchPDL file
- the casper-rw.img file

and this from the BT3 image you downloaded:

- bt3-final.iso file (or bt3final_usb.iso if you want). Keep ONLY one .iso image at a time in the BT3_within_windows folder.


3. Rename the LaunchPDL file to LaunchBT3Final (or whatever you want)


4. Open LaunchBT3Final with notepad and make sure that the last line is as follow:
.\qemu\qemu -L .\qemu -kernel-kqemu -std-vga -localtime -soundhw all -m 512 -cdrom *.iso -hda casper-rw.img -boot d


5. Now you can place the BT3_within_windows folder on your current hard drive or on a USB key. For USB keys, you can actually put the BT3_within_windows folder anywhere, that is, you don't have to put it under the root partition of the USB key.


6. Double click on the LaunchBT3Final file. If running on another system, install qemu as it will ask you to do. If you don't have admin privileges, its OK, just hit cancel and proceed. It will still run, but slower.


7. If everything is OK, you should see a window popped out with the BT3 Final menu!!


8. Select the line "BT3 Graphics mode with Persistent Changes" and hit the Tab key. Make the following changes to the line:

- changes=/dev/hda1 (yes, its hda1 and NOT sda1, because, as far as BT3 is concerned, the "Drive", which in reality is the BT3 folder, is the first drive on this "virtual computer", therefore we will go with /dev/hda1.

- and for autoexec=xconf;kdm --> change that to: autoexec=kdm


9. Thats it! hit Enter and you be good to go. It should boot right into BT3 Final. On my computer, its very very fast, and persistent changes DO work.


10. THIS STEP IS OPTIONAL, but recommended :) OK, now we need to make some changes permanent to the iso image to avoid doing step 8 everytime we want to boot BT3 using this method.

These instructions were done using MagicISO in Windows:

a. Double click on the bt3final_usb.iso image, which would open MagicISO and you will find the boot and bt3 folders in the right panel.

b. Open the boot folder, then the isolinux folder. You should see 3 files there. Right click on isolinux.cfg and Extract it to your desktop.

c. Now, still under Magic ISO, right click on the same file (isolinux.cfg) and delete it.

d. On your desktop, open isolinux.cfg with Notepad or Wordpad. Look for the LABEL pchanges section and make the sure the last line of that section is exactly as follow:

APPEND vga=0x317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw changes=/dev/hda1 autoexec=kdm


Note: You can also cut and paste this section in place of the first section there, so that you can have it as the first line when you boot it from your HD or USB key:

PROMPT 0
TIMEOUT 40
DEFAULT /boot/vesamenu.c32

LABEL pchanges
MENU LABEL BT3 Graphics mode with Persistent Changes
KERNEL /boot/vmlinuz
APPEND vga=0x317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw changes=/dev/hda1 autoexec=kdm

... other sections ...


Note: you can also take out any section you dont want in order to make the boot menu simpler or with fewer entries..

Note: as long as we are using this method, its always going to be /dev/hda1.

Ok, now save the file and exit it.


e. Next, drag back the isolinux.cfg file to where it was in MagicISO. Then Select File and Save. Your iso image is now saved with the new changes.


f. Now simply move the new iso file to the BT3_within_windows folder and make sure that its the only iso there. After launching LaunchBT3Final, You should see your changes reflected on the BT3 boot menu.


Thats it! Feel free to ask any questions.

Enjoy!!

At this point, I do not believe you could mount any other HDs of your system using this method. Unless someone can prove otherwise.

Also, make sure you have enough RAM available.

Looks like a nicely written tutorial and interesting approach. However, I would be interesting in what the benefits there are with running BT3 in manner compared to simply using Vmplayer under windows?

Seeing as you can download a ready VMware image of BT3 it sure is an easier installation procedure than this and I would also assume that VMplayer/VMware workstation is better optimized and have broader configuration possibilities than using this setup.

Please do not take this as criticism against your tutorial, I am simply interested in knowing if I am overlooking some possible benefit with this approach.

I have tried Qemu , its slower as its processor emulation. vmware-server 1.05 (latest version) is almost transparent in performance and it become opensource for a year already..

While they both achieve you the same goal, these two methods are kinda different. I am not an VMware expert, so anyone can correct me on the below facts:

1. The Qemu method is totally portable. Just throw your BT3_within_windows folder on a USB key and you are good to go and run it on ANY machine, without required installation, and WITHOUT having admin privileges at all.

--> For VMplayer, you would have to install it on each and every machine you want to use. And I dont think it will finish installing if you don't have admin privileges. Not to mention installation time required.


2. Space usage, especially for USB flash drives. Qemu, including the persistent changes loopfile, requires only about 55 MB. Add the iso image, which is about 600 to 783 MB, and your whole backtrack portable solution with Qemu will cost you about 650 to 835 MB. Not bad at all.

--> VMplayer + space = not friendly. My VMplayer installation in Windows took 213 MB. Then you have the backtrack Vmware image, which after extracting, will run you for about 3.37 GB. So far, thats about 3.6 GB. We are not done.. Add the installer for VMplayer (170 MB), which you will have to put on the USB key in order to install it on other Host machines, and we are talking about 3.77 GB. . Thats kind of a lot.

3. Time required to boot is not that much of a significant difference. On my computer, It took about 1:30 minutes for VMware to completely boot Backtrack3, and it took Qemu, with the bt3final_usb version (which takes longer to boot than the bt3final version), exactly 2:50 minutes. Ok, 1 minute 20 seconds difference... not a big deal! And we are not counting installation time for VMplayer, which takes over 10 minutes and requires a reboot.

Personally, I still prefer Qemu over VMware, but you could use either or both :)

1. The Qemu method is totally portable. Just throw your BT3_within_windows folder on a USB key and you are good to go and run it on ANY machine, without required installation, and WITHOUT having admin privileges at all.

--> For VMplayer, you would have to install it on each and every machine you want to use. And I dont think it will finish installing if you don't have admin privileges. Not to mention installation time required.

I have to agree, if this is indeed the case it can be considered a big benefit as VMware Player requires a bunch of DLLs to run and therefore needs to be installed on each computer.
2. Space usage, especially for USB flash drives. Qemu, including the persistent changes loopfile, requires only about 55 MB. Add the iso image, which is about 600 to 783 MB, and your whole backtrack portable solution with Qemu will cost you about 650 to 835 MB. Not bad at all.

--> VMplayer + space = not friendly. My VMplayer installation in Windows took 213 MB. Then you have the backtrack Vmware image, which after extracting, will run you for about 3.37 GB. So far, thats about 3.6 GB. We are not done.. Add the installer for VMplayer (170 MB), which you will have to put on the USB key in order to install it on other Host machines, and we are talking about 3.77 GB. . Thats kind of a lot.
Well this is not entirely true, as you can use the original BT3 iso file instead of the VMware file to run BT3 in a virtual environment. In this manner you can manually determine the maximum size to be used for saved changes etc.

So it seems that the biggest benefit with using Qemu is the portability and with VMware the speed and configurability.

So you finally got to post it!

Very nice tutorial man!

just a thing, you need to make a directory called changes on /dev/hda1 for do this I think, if you just set the boot entry to changes=/dev/hda1 it will hangs during the booting and say something about a fail with aufs

just a thing, you need to make a directory called changes on /dev/hda1 for do this I think, if you just set the boot entry to changes=/dev/hda1 it will hangs during the booting and say something about a fail with aufs

Actually, you do not need to create any folders :)

What happens is that when you actually go through Step #1 (the tut from pendrivelinux), PDL automatically activates and do the necessary stuff for you on the casper-rw.img file. So from that point on, when you boot BT3, it uses casper-rw.img without problems. But if you just download the files and copy them, you will get that aufs error you had... Let me know if it works for you.

Sounds interesting, but does it allow FULL functionality of wireless cards such as injection using this method ?

Sounds interesting, but does it allow FULL functionality of wireless cards such as injection using this method ?

Good point.. honestly, I have not tested that yet, but I will try it in the next couple of days. If someone did, please let us know.

Actually, you do not need to create any folders :)

What happens is that when you actually go through Step #1 (the tut from pendrivelinux), PDL automatically activates and do the necessary stuff for you on the casper-rw.img file. So from that point on, when you boot BT3, it uses casper-rw.img without problems. But if you just download the files and copy them, you will get that aufs error you had... Let me know if it works for you.

I fixed it but I tried to do following all your steps, so...

I tried to first do some changes on PDL, restart, see that the background changed, so it works, then replace the iso, select persistent changes, tab, set /dev/hda1 and nothing:
-------------------------------
* using BT3 data from /mnt/hdc/BT3
* setting up directory for changes
* /dev/hda1
* testing filesystem for posix compatibility
* setup union directoru (using aufs, with udba=none)
mount: mounting aufs on union failed
Fatal error occured - can't setup union (aufs)
* Something went wrong and we can't continue. This should never happen.
* Please reboot your computer with Ctrl + Alt + Delete ...
#
--------------------------------

The way it works for me is:

1st Download PDL

2nd Extract

3rd Replace the iso with the bt3 one, change the name of the .bat and edit it if you want, keeping that
.\qemu\qemu -L .\qemu -kernel-kqemu -std-vga -localtime -soundhw all -m 512 -cdrom *.iso -hda casper-rw.img -boot d

4th Execute the .bat and load the 3rd option on backtrack (the VESA one)

5th Just mkdir /mnt/hda1/changes

6th Poweroff

7th Start again the .bat, select the Persistant Changes option, TAB, and set now changes=... to changes=/dev/hda1 and autoexec=xconf;kdm to autoexec=kdm

And now it works perfect


I'm trying VMWare and VirtualBox too, and I have to say that
1. The faster way to make a VM is with Qemu, so if you want to test a livecd within windows, is a good choice. And if you want to use it in other computers with your pendrive and without booting it, is a good choice too. The problem, plug usb stuff is tedious, you have to use the Qemu console (Ctrl+Alt+1) and usb_add with some options
2. The one I like more is VirtualBox because it seems to use less memory and works smoothly. Anyway, it sometimes freezes when I plug or unplug my wifi usb adapter (configured under the usb options to use it only in VirtualBox when it's plugged)
3. The one with most stability is VMWare, it's just faster, and have no problems related to usb (in my case).


So if you want to use a virtual machine, you can spend a few of HD for it, and you want it in your own computer, then I think the best option is VMWare ^^

SeRGiNaToR:

Dang!! My bad, Now that I read your post I totally forgot about having something to do with creating the changes directory. Mistake is when you write a tut long after your experiment, you might miss some stuff, and thats what happened with me. You are right, we have to create a "changes" directory otherwise BT3 will freak out looking for it.

I already updated the tutorial to reflect the necessary changes (marked in red), thanks for mentioning this crucial step.

SeRGiNaToR, for sure VMware is faster and probably comes with more options. Each method has its pluses and minuses. The biggest advantages of Qemu is portability when you want to use BT3 on other machines, no admin rights required, and you can fit it easily on a USB key under 1 GB. It can also be launched under 3 minutes.


--> For those who like Qemu and its portability, a quick trick is to disable services you do not need at startup time. That way BT3 will boot a little faster (I will confirm by how much after some tests).

Here is a quick mini-howto:

Note: This is the slackware way. I know other Linux Distros have different ways (through /etc/init.d or sys-v style), but in slackware its done with /etc/rc.d
Note/Tip/Trick: In Slackware, to disable a service from booting a startup, simply make it not executable under /etc/rc.d

1. Once booted to BT3 with persistent changes:

bt # cd /etc/rc.d
bt # chmod 644 rc.servicename (for example, rc.postgresql)

2. Reboot and see if you notice any faster boot time.

Be careful what to disable though. Please do some research or ask here on potential services to disable.

Hi BTuser3,
I've tested your tutorial and i was able to boot in vesa mode (now I know why i can't boot with persistant changes). The problem is that my wireless card is not recognized...
iwconfig command tell me that there are no wireless cards.
I'm on asus a2800s, p4 3.06, 512mb ram, ati mobility 9600, asus wireless card (broadcomm 4306). Of course i've no problems when booting from live cd.

Yep, same here, my wireless card does not show up either, am doing some tests as we speak, but I doubt it would be recognized. I will post updates as soon as I find something.

You could use the ethernet connection though. Keep in mind, this is an extrememly portable solution, so not all hardware can be available easily.

galbi: Are you using the card on windows? I think that could be the problem.

BTuser3: Do you know how to connect a wifi usb adapter to Qemu? a WUSB54GC? I don't get it with Qemu console

Sorry, but i can't test it know. Do you suggest to totally disable the card under windows?

I think that if you are using a wireless card on windows, it's not going to work under qemu, so yep, maybe disabling it under windows (just for not being using it while you are trying qemu) will help :S

Sounds interesting, but does it allow FULL functionality of wireless cards such as injection using this method ?

I have tried couple tests, with wireless card enabled / disabled under Windows and BT3 still wont recognize it.. Kinda weird, because it does recognize the ethernet card, and the wireless has the same type of connection on the laptop.


Anyone got their wireless card working under Qemu with BT3?

I have tried couple tests, with wireless card enabled / disabled under Windows and BT3 still wont recognize it.. Kinda weird, because it does recognize the ethernet card, and the wireless has the same type of connection on the laptop.


Anyone got their wireless card working under Qemu with BT3?That's what I figured would happen.
The environment you are running bt3 in does not give bt3 physical access to the hardware, which it needs for anything other than the most basic of functions.

That's what I figured would happen.
The environment you are running bt3 in does not give bt3 physical access to the hardware, which it needs for anything other than the most basic of functions.

Agreed. At this point, for anyone who needs further hardware support under this method, I think it will have to do with Qemu and not BT3.

*cough* Xen *cough*

I found that this method is great for everything except wireless pentesting.

I can do everything else and to top it off I can channel all my activities through my Vodafone 3G!!!. All I need to do is boot into BT3 when I need to fondle with my WiFi AP at work and at home.

Thanx SeRGiNaToR

I'm getting a

fatal server error:
xf860OpenConsole: Cannot Open /dev/tty0 (No such file or directory)

when i try to startx using this method.

I rechecked the md5 and the .iso is good.

thank you very much

How many more "thank you very much" posts are you going to do??

I'm getting a

when i try to startx using this method.

I rechecked the md5 and the .iso is good.

Which option did you first use when booting BT3? Did you edit the boot entry as the first post suggests?

Which option did you first use when booting BT3? Did you edit the boot entry as the first post suggests?

I booted into the persistant changes and edited the boot entry accordingly. I figure its probably just the wrong hd location "/dev/hda1" I wiped that drive out but if you want I could reinstall and troubleshoot it further just for the sake others.

Hi BTuser3,

I didn't try the tutorial yet. But I am positive it will work! Thanks a lot BTuser3! I was researching the same thing last month, but I didn't had the time to get into it elaborately. (I made a start with PortableApps and VMware player.)

Big advantage what I was searching for is that you don't need admin privileges. If I look to it out of pen-testing view, the advantage of this method is obvious. You can still run your security tools on a hardened workstation, with usb, cd/dvd boot options disabled. That's great for making a point during pen-tests that it's possible for users to run unauthorized applications. In that regard it's less interesting that wireless doesn't work, since for wireless pen-testing any node can be used for making a point.

Kind regards,

Macamba

Hi BTuser3,

I didn't try the tutorial yet. But I am positive it will work! Thanks a lot BTuser3! I was researching the same thing last month, but I didn't had the time to get into it elaborately. (I made a start with PortableApps and VMware player.)

Big advantage what I was searching for is that you don't need admin privileges. If I look to it out of pen-testing view, the advantage of this method is obvious. You can still run your security tools on a hardened workstation, with usb, cd/dvd boot options disabled. That's great for making a point during pen-tests that it's possible for users to run unauthorized applications. In that regard it's less interesting that wireless doesn't work, since for wireless pen-testing any node can be used for making a point.

Kind regards,

Macamba

Glad you found and liked the tutorial :)

Remember also: you can put all this on a folder on your USB stick, and on that same stick, you can throw BT3 and make it bootable as well. That way you have both BT3 "methods" on the same USB stick, and with rebooting you can use all the wireless capabilities for a complete pen-testing solution.

The main reason I tried BT3 using windows without rebooting is this scenario: You are at work, on a Windows OS, without admin privileges, and you do not have access to another machine, but at the same time would like to test some security related stuff rapidly on a Linux box for your work related activities.. Also, you dont want to reboot endless times, and you dont want to install VMware player on that work machine. add to that you need Bt3 with the least space possible on your USB stick.

Hmmm...

it can be portable but what if iam going to access on the Lan. it needs to install the Tap adapter for qemu right? and use bridging

i cant run ettercap :/

Tried it this weekend and works great with and without admin privileges, although without admin privileges it's very slow.

Also the internal wireless card of my Lenovo T61 notebook was recognized and working. I have only not tested it with wireless hacking/ injection yet, but I will try soon. I also still have to test my external wireless Proxim card.

Keep you informed.

Macamba

Pen Drive Linux isn't working for me, when I choose persistent it eventually says enter run level and no matter what I type it doesn't go past that.

Tried it this weekend and works great with and without admin privileges, although without admin privileges it's very slow.

Also the internal wireless card of my Lenovo T61 notebook was recognized and working. I have only not tested it with wireless hacking/ injection yet, but I will try soon. I also still have to test my external wireless Proxim card.

Keep you informed.

Macamba

I am guessing its slower without admin privileges because you are not using KQemu at that point? There is a HUGE speed difference using Qemu and Kqemu.

I am guessing its slower without admin privileges because you are not using KQemu at that point? There is a HUGE speed difference using Qemu and Kqemu.

I wasn't aware of the difference between Qemu and Kqemu, I guess the last one has something to do with KDE. In see that there is a kqemu.exe and qemu.exe in the qemu directory on the USB stick. How can I influence that the 'without admin priviliges' option uses Kqemu instead of Qemu?

Macamba

I wasn't aware of the difference between Qemu and Kqemu, I guess the last one has something to do with KDE. In see that there is a kqemu.exe and qemu.exe in the qemu directory on the USB stick. How can I influence that the 'without admin priviliges' option uses Kqemu instead of Qemu?

Macamba

If I remember correctly, when you run LaunchPDL on a system for the first time, it will ask you if you want to install kqemu on that host machine. Now, if you dont have admin privileges on that system, KQemu wont install, and therefore you will be running with only Qemu.

To check if KQemu was previously installed, look for c:\windows\system32\drivers\kqemu.sys

From Wikipedia:
Fabrice Bellard also wrote a Linux kernel module (with preliminary ports to FreeBSD and MS Windows) named KQEMU or QEMU Accelerator, which notably speeds up x86 emulation on x86 platforms. This is accomplished by running user mode code directly on the host computer's CPU, and using processor and peripheral emulation only for kernel mode and real mode code. KQEMU also supports a kernel emulation mode in which portions of kernel mode code run on the host's CPU.

Thanks for the great tutorial
I am having the same issues with VMWARE as I am with QEMU which is my wireless card doesn't show up when I do airmon-ng.
I can install BT3 on both VMWARE and QEMU and they run ok but I can't figure out why the card doesnt show.
This happens on 2 different laptops and on my desktop but when I boot from USB or CD the wifi cards show up.

Any suggestions would be greatly appreciated.

Thanks for the great tutorial
I am having the same issues with VMWARE as I am with QEMU which is my wireless card doesn't show up when I do airmon-ng.
I can install BT3 on both VMWARE and QEMU and they run ok but I can't figure out why the card doesnt show.
This happens on 2 different laptops and on my desktop but when I boot from USB or CD the wifi cards show up.

Any suggestions would be greatly appreciated.Are you using a USB connectable wireless card? Otherwise you are SOL.

On the 2 laptops I have centrino wifi and on the desktop I have a PCI wifi card.

On the 2 laptops I have centrino wifi and on the desktop I have a PCI wifi card.Internal wireless cards will not be recognized by any virtualization software, which you would know had you searched at all before you posted.

Internal wireless cards will not be recognized by any virtualization software, which you would know had you searched at all before you posted.

That does suck quite a bit but never mind, and by the way I have been searching and I found this forum and thought the people here would be able to help.
appologies for my N00bness

I found this forum and thought the people here would be able to help.
appologies for my N00bness

I'm sure all the Members and even specially the Senior Members are here to give us support as much they can.
I've learned so much from this forum the last two weeks (btw thx 2 all)

Also, there maybe Topics where a solution isnt possbile.
In this case, we have to accept the answer and try to find another way.

<terminal86>