Hi, Hans wrote: > I had the idea, to boot the ISO in a chroot environment, then > upgrade the booted ISO via apt, and at last save the updated livesystem as > an ISO-file again.
This might give you the desired data content or not. I could imagine stumblestones but have no experience with such an operation. The booted system might be a wild mix of files from the ISO, from the initrd, temporarily generated files, and pseudo files like in /proc. Further you might have to authorize your newly installed packages by checksums or signatures. For that you will have to ask Kali people. In any case you will have to pack up your manipulated file tree to the ISO so that it is bootable. Probably i can help with that aspect. For Debian ISOs i wrote https://wiki.debian.org/RepackBootableISO Let's have a look at the current boot equipment of Kali amd64 ISOs: wget https://cdimage.kali.org/kali-2022.3/kali-linux-2022.3-live-amd64.iso xorriso -indev kali-linux-2022.3-live-amd64.iso \ -report_el_torito plain -report_system_area plain yields Volume id : 'Kali Live' El Torito catalog : 2080 1 El Torito cat path : /isolinux/boot.cat El Torito images : N Pltf B Emul Ld_seg Hdpt Ldsiz LBA El Torito boot img : 1 BIOS y none 0x0000 0x00 4 2529 El Torito boot img : 2 UEFI y none 0x0000 0x00 1792 2081 El Torito img path : 1 /isolinux/isolinux.bin El Torito img opts : 1 boot-info-table isohybrid-suitable El Torito img path : 2 /boot/grub/efi.img System area options: 0x00000102 System area summary: MBR isohybrid cyl-align-on ISO image size/512 : 7458904 Partition offset : 16 MBR heads per cyl : 228 MBR secs per head : 32 MBR partition table: N Status Type Start Blocks MBR partition : 1 0x80 0x17 64 7456448 MBR partition : 2 0x00 0x01 7456512 1792 So it boots from DVD on Legacy BIOS and UEFI. For booting from USB stick i see only the official opportunity to boot via Legacy BIOS and EFI in legacy CSM mode. But, as Pete Batard of Rufus relentlessly points out, all known EFI implementations would boot not only from an MBR partition of type 0xEF but also from any other MBR partition type which contains a FAT filesystem with a file \EFI\BOOT\BOOT*.EFI which matches EFI's idea of the present processor type. Peeking ahead, it turns out that partition 2 contains BOOTIA32.EFI for 32-bit x86 and BOOTX64.EFI for 64-bit x86. Kali is so nice to include like Debian a file with the program name and arguments which were used to pack up the ISO: sudo mount kali-linux-2022.3-live-amd64.iso /mnt/iso cat /mnt/iso/.disk/mkisofs yields (in one single line): xorriso -as mkisofs -R -r -J -joliet-long -l -cache-inodes -iso-level 3 -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin -partition_offset 16 -A "Kali Linux" -p "live-build 20220505kali1; https://salsa.debian.org/live-team/live-build"; -publisher "Kali" -V "Kali Live" --modification-date=2022080415360800 -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot --efi-boot boot/grub/efi.img -append_partition 2 0x01 binary/boot/grub/efi.img -o live-image-amd64.hybrid.iso binary "binary" was the directory name where the tree of files was prepared. As stated above, i am unsure which path you should give when packing up the manipulated Kali system. /usr/lib/ISOLINUX/isohdpfx.bin is installed by Debian package "isolinux". But you may also extract the first 432 bytes of the original ISO: dd if=kali-linux-2022.3-live-amd64.iso bs=1 count=432 of=kali_mbr.img and then use it by -isohybrid-mbr kali_mbr.img We learn that partition 2 holds a copy of the same image efi.img which is also offered by the El Torito boot catalog. The latter is a file in the ISO: sudo mount /mnt/iso/boot/grub/efi.img /mnt/fat find /mnt/fat shows ... /mnt/fat/EFI/boot/bootia32.efi /mnt/fat/EFI/boot/bootx64.efi ... /mnt/fat/boot/grub/grub.cfg So it is very likely that the EFI ifirmware of an amd64 machine will detect partition 2 as bootable, although it does not have the officially specified partition type 0xEF. ------------------------------------------------------------------------- If you would only want to add some files to the ISO's tree, then it would be possible to do this by a single xorriso run: xorriso -indev kali-linux-2022.3-live-amd64.iso \ -outdev changed-kali-linux-2022.3-live-amd64.iso \ ... xorriso image manipulation commands like -map, -rm, -mv ... \ -boot_image any replay I tested that xorriso-1.5.0 of Debian 10 and xorriso-1.5.2 of Debian 11 both detect the need of the same xorriso commands for the final replay of the boot equipment, as the current release xorriso-1.5.4 does. xorriso-1.4.6 of Debian 9 is too old. If you can't get xorriso >= 1.5.0 you may download and build https://www.gnu.org/software/xorriso/xorriso-1.5.4.pl02.tar.gz according to "Compilation, First Glimpse, Installation" in https://www.gnu.org/software/xorriso/README_xorriso Installation is not needed, if you can live with using a long program path like "$HOME"/experiments/xorriso-1.5.4/xorriso/xorriso . Have a nice day :) Thomas
