Archive for January, 2015

01
Jan
15

Notes on Red Star OS 3.0

Updated 2016-01-04: A year after Red Star 3.0 surfaced at 31C3, 32C3 held a talk on its internals. The talk documents the official root method and some malicious components present in the OS; I have updated this post accordingly.

The latest version of North Korea’s custom Linux distribution, Red Star OS – that one with the OS X style interface – has leaked onto the internet. While the individual who talked about technology in North Korea at the 31C3 conference claimed he didn’t see anybody using Red Star seriously, it’s still an interesting distribution to check out.

LLBMKWg

 

Installation

The Korean installer is quite easy to go through blind. All you need to watch out for is the network configuration, which is not set to DHCP by default. Some extras (including compilers and a LAMP stack) are available through the Customize screen.

The installer (a customized version of Fedora’s Anaconda) can run in English with a modification to the ISO: in /isolinux/isolinux.cfg, replace lang=ko with lang=en on the kernel parameters. Some minor parts of the UI remain untranslated as they are static images. The installed system will still be in Korean, but we’ll fix that later.

Red Star 3-2015-01-01-20-47-52

 

Obtaining root

The root user is disabled by default on Red Star. You can enable it with the /usr/sbin/rootsetting command, although I cannot verify how it works.

My old root-shell RPM is still available here for reference.

 

English

Like the installer, the system can run in English, and the included apps have English translations as well. Run the following commands as root, reboot, and the system will be in English:

sed -i 's/ko_KP/en_US/g' /etc/sysconfig/i18n
sed -i 's/ko_KP/en_US/g' /usr/share/config/kdeglobals

Thanks to davidiwharper on OSNews for the sed command.

Red Star 3-2015-01-02-13-50-04

 

Internet connectivity

For some reason, Red Star’s iptables firewall is set to only allow outgoing connections to certain ports. DNS is blocked as North Korea’s intranet uses IP addresses only, so you can’t get a proper internet connection on Red Star by default. To fix that, run the following command as root to clear Red Star’s default firewall rules, and reboot:

rm /etc/sysconfig/iptables

The included “Naenara Browser” is Firefox 3.5, and despite being configured to browse on the North Korean intranet, it works just fine on the internet. Its language can be changed to English by disabling the Korean language pack (thanks Chocohead): go to the second-to-last menu, select the third option, go to the fourth tab, select the “(ko-KP)” add-on, click the first button to disable it, and click the button on the yellow bar to restart the browser.

Red Star 3-2015-01-02-22-23-36

 

Dubious components

As highlighted on the 32C3 follow-up talk, Red Star contains several shady components, including but not limited to a file watermarking system service and a supposed “virus scanner”. The speakers provided instructions on how to disable these components.

 

Other notes

  • The system seems to be dated October 2012. Packages as new as 2013 are present in the system.
  • There appears to be a system file modification detector, which warns about modified system files when you log in. Running the installer in English was enough for it to complain about the kernel and initramfs images, at least for me. To disable it, run this command as root to remove its autorun entry: rm /usr/share/autostart/intcheck_kde.desktop
    • The 32C3 talk also mentions a similar service which automatically reboots the system if files related to the aforementioned malicious components are modified.
  • The disc includes a Windows executable named install.exe, which displays a dialog (actually an image lifted from the EXE resources) with two buttons. The first one displays an error, which probably tells you to boot from the installation DVD, and the second one closes the dialog.
    XP Pro-2015-01-08-20-20-29XP Pro-2015-01-08-20-20-55
  • Press Esc on the boot splash for verbose boot.
  • In several places, you’ll see English or South Korean locales replaced to accommodate the North Korean locales.
  • The English translation is surprisingly good. One theory is that all English text was taken straight out of OS X.
  • The “Crosswin” Windows compatibility layer is a wrapper around Wine 1.2.2.
Advertisements



Twitter

Advertisements