reUSBable
is a simple bash script to automate the creation of LUKS encrypted USB devices.
The devices can then be used to securely 'transport' sensitive data between two computers, erasing any trace of previous data before each use, making the USB devices reusable.
luks.mp4
reUSBable
was tested on linux.
On debian based operating system, install (if not already present) the folowing:
sudo apt install cryptsetup parted util-linux
Optionally for the command shred
instead of dd
:
sudo apt install coreutils
curl -LO https://raw.githubusercontent.com/revelaction/reUSBable/master/reUSBable.sh
# make it executable
chmod +x reUSBable.sh
# copy it to your path
cp reUSBable.sh ~/bin
Run the scrypt with sudo
:
⤷ sudo ./reUSBable.sh
[sudo] password for revelaction:
1) DataTraveler_3.0 /dev/sde B0C54E757496FFB3K9F2
2) PC404 NVMe SK hynix 128GB /dev/nvme0n1 JJAN590010307L4V
[./reUSBable.sh] Please select the device: 1
[./reUSBable.sh] Choosen device is 💽 /dev/sde (DataTraveler_3.0)
[./reUSBable.sh] Choosen device has serial number 🔢 B0C54E757496FFB3K9F2
[./reUSBable.sh] Unmounting all crypt mapper devices from device /dev/sde:
[./reUSBable.sh] - Unmounting crypt dev mapper /dev/mapper/B0C54E757496FFB3K9F2_sde1
[./reUSBable.sh] - Closing crypt /dev/mapper/B0C54E757496FFB3K9F2_sde1
[./reUSBable.sh] Unmounting all partitions from device /dev/sde:
[./reUSBable.sh] - Unmounting partition /dev/sde1
umount: /dev/sde1: not mounted.
[./reUSBable.sh] Detected command shred for shred the device /dev/sde
[./reUSBable.sh] Press Enter to shred device /dev/sde
If you want to avoid confirmation in each step, run the script with the flag -q
⤷ sudo ./reUSBable.sh -q
[sudo] password for revelaction:
1) DataTraveler_3.0 /dev/sde B0C54E757496FFB3K9F2
2) PC404 NVMe SK hynix 128GB /dev/nvme0n1 JJAN590010307L4V
[./reUSBable.sh] Please select the device: 1
reUSBable
should be run after (and before) using it for secure
transport of data between two computers.
reUSBable
performs the following actions in a given USB (or other data device):
- It unmounts any previous partitions on the device.
- It shreds the entire device with the command
shred
(if present) ordd
. This step can last many minutes/hours. - It shreds the partition table of the device with
wipefs
anddd
. - It creates a new
gpt
partition table. - It creates one partition using 100% of the device.
- It creates a LUKS2 partition on the previously create partition.
- It opens the LUKS2 partition and creates a ext4 filesystem inside.
- It mounts the filesystem in
/media/<user>
mount-luks.sh
is a companion script to mount and unmount the files created by reUSBable
.