Exploring the BackTrack Boot Menu

We have now demonstrated two of the nine options in the default BackTrack boot menu. The first option boots with desktop resolution 1024×768, and the fifth option boots in persistent mode with changes written out to and read from a casper file system. Let’s take a closer look at each of the boot menu options and the configuration behind each option.

BackTrack uses the grub boot loader. Grub is configured by a file named menu.lst on the ISO or DVD or thumb drive within the boot\grub subdirectory. For most of the startup options, the menu.lst file will specify the title to appear in the menu, the kernel with boot options, and the initial RAM disk to use (initrd). For example, here is the configuration for the first choice in the BackTrack boot menu:

title                 Start BackTrack FrameBuffer (1024×768)
kernel             /boot/vmlinuz BOOT=casper nonpersistent rw quiet vga=0x317
initrd               /boot/initrd.gz

Referring to Figure, you can see that the title is displayed verbatim as the description in the boot menu. Most of the kernel boot options are straightforward:
• Use the casper file system (casper).
• Do not attempt to persist changes (nonpersistent).
• Mount the root device read-write on boot (rw).
• Disable most log messages (quiet).

Screenshot from 2020-06-19 22-40-39

BackTrack boot menu

The vga parameter assignment is not as obvious. Table lists the VGA codes for various desktop resolutions.

Therefore, the first choice in the BackTrack boot menu having boot option vga=0x317 will start BackTrack with desktop resolution 1024×768 and 64k colors. The second BackTrack boot menu option, Start BackTrack FrameBuffer (800×600), is similar to the first option with the primary difference being vga=0x314 instead of vga=0x317. Referring to Table, we can see that 0x314 means desktop resolution 800×600 with 64k colors.

The third BackTrack boot menu option, Start BackTrack Forensics (no swap), uses the same boot flags as the first boot option. The differences are only in the initial RAM disk. By default, BackTrack will automount any available drives and utilize swap partitions where available. This is not suitable for forensic investigations, where the integrity of the drive must absolutely be maintained. The initrdfr.gz initial RAM disk configures BackTrack to be forensically clean. The system initialization scripts will not look for or make use of any swap partitions on the system, and this configuration will not automount file systems. The BackTrack Forensics mode is safe to use as a boot DVD for forensic investigations.

The only difference in the fourth BackTrack boot menu option, Start BackTrack in Safe Graphical Mode, is the keyword xforcevesa. This option forces X Windows to use the VESA driver. If the regular VGA driver does not work for an uncommon hardware configuration, you can try booting using the VESA driver. We discussed the fifth option, Start Persistent Live CD, earlier. You can see from the menu.lst file that the keyword persistent is passed as a boot option.

You can start BackTrack in text mode with the sixth boot option, Start BackTrack in Text Mode. The boot option to do so from the menu.lst file is textonly. If you’d like the boot loader to copy the entire live environment to system RAM and run BackTrack from there, choose the seventh option, Start BackTrack Graphical Mode from RAM. The boot option for this configuration option is toram.

The final two boot menu options are less likely to be used. If you’d like to do a system memory test, you can choose the eighth option to “boot” the program /boot/ memtest86+.bin. Finally, you can boot from the first hard disk by choosing the ninth and final boot option.

Screenshot from 2020-06-19 22-44-32

Table – Grub Boot Loader VGA Codes

The default menu.lst file is a nice introduction to the commonly used boot configurations. If you have installed the full BackTrack installation or boot into a persistence mode, you can change the menu.lst file by mixing and matching boot options. For example, you might want to have your persistence mode boot into desktop resolution 1280×1024 with 16-bit color. That’s easy. Just add the value vga=0x31A as a parameter to the fifth option having the persistent keyword and reboot.

Reference

Linux kernel parameters www.kernel.org/doc/Documentation/kernel-parameters.txt

For any query or issue, feel free to discuss on http://discuss.eduguru.in