01
Jan
15

Notes on Red Star OS 3.0

Updated 2016-01-04: A year after Red Star 3.0 surfaced on 31C3, 32C3 held a talk on its internals. The talk documents the official root method and some malicious components; I have updated this post accordingly.

The latest version of North Korea’s custom Linux distribution, Red Star OS – that one with the OS X style interface – has leaked onto the internet. While the individual who talked about technology in North Korea on the 31C3 conference said he didn’t see anybody using Red Star seriously, it’s a rather interesting distribution to check out.

LLBMKWg

 

Installation

The Korean installer is quite easy to go through blind. All you need to watch out for is the network configuration, which is not set to DHCP by default. Some extras (including compilers and a LAMP stack) are available through the Customize dialog right before it starts the actual installation.

The installer (a customized version of Fedora’s Anaconda) can run in English with a modification to the ISO: in /isolinux/isolinux.cfg, replace lang=ko with lang=en on the kernel parameters. Some minor parts of the UI are images which weren’t translated. The final system will still be in Korean, but we’ll fix that later.

Red Star 3-2015-01-01-20-47-52

 

Obtaining root

The root user is disabled by default on Red Star. You can enable it with the /usr/sbin/rootsetting command, although I cannot verify how it works.

My old root-shell RPM is still available here for reference.

 

English

Like the installer, the system can run in English, and the included apps have English translations as well. Run the following commands as root, reboot, and the system will be in English:

sed -i 's/ko_KP/en_US/g' /etc/sysconfig/i18n
sed -i 's/ko_KP/en_US/g' /usr/share/config/kdeglobals

Thanks to davidiwharper on OSNews for the sed command.

Red Star 3-2015-01-02-13-50-04

 

Fixing internet

For some reason, Red Star’s iptables is set to only allow outgoing connections to certain ports. That doesn’t include DNS (North Korea’s intranet uses IP addresses only), so you can’t get a proper internet connection on Red Star. To fix that, run this command as root to clear Red Star’s default iptables rules, and reboot:

rm /etc/sysconfig/iptables

The included “Naenara Browser” is Firefox 3.5, and despite being set to browse on the North Korean intranet, it works just fine on the internet. Its language can be changed to English by disabling the Korean language pack (thanks Chocohead): go to the second-to-last menu, select the third option, go to the fourth tab, select the “(ko-KP)” add-on, click the first button to disable it, and click the button on the yellow bar to restart the browser.

Red Star 3-2015-01-02-22-23-36

 

Dubious components

As highlighted in the 32C3 follow-up talk, Red Star contains several shady components, including but not limited to a file watermarking service and a supposed “virus scanner”. The speakers provided instructions on how to disable these components.

 

Other things

  • The system seems to be dated October 2012. UPDATE: Packages as new as 2013 are in the system.
  • There appears to be a system file modification detector, which warns about modified system files when you log in. Running the installer in English was enough for it to complain about the kernel files, at least for me. To disable it, run this command as root: rm /usr/share/autostart/intcheck_kde.desktop
    • The 32C3 talk also mentions a similar service which automatically reboots the system if files related to the aforementioned malicious components are modified.
  • The disc includes a Windows executable named install.exe, which displays a dialog (actually an image lifted from the EXE resources) with two buttons. The first one displays an error, which probably tells you to boot from the DVD, and the second one closes the dialog.
    XP Pro-2015-01-08-20-20-29XP Pro-2015-01-08-20-20-55
  • Press Esc on the boot splash for verbose boot.
  • In several places, you’ll see English or South Korean locales replaced to accommodate the North Korean locales.
  • There is a surprising lack of Engrish in the included apps. One theory is that all English text was taken straight out of OS X.
  • The “Crosswin” Windows compatibility layer is a wrapper around Wine 1.2.2.
Advertisements

67 Responses to “Notes on Red Star OS 3.0”


  1. January 2, 2015 at 20:44

    You say that you can’t change the language in the browser, but you infact can, as the Korean language pack is really just an addon, meaning going to the addons menu lets you disable it, reverting the language back to English. Not sure if you need to tweak the settings shown here http://unix.stackexchange.com/questions/34965/how-to-change-firefox-language in order for it to revert to English over Korean, but I did that before disabling the language pack, so now everything apart from the previously closed tab menu is in English.

  2. January 4, 2015 at 10:27

    I’m running this on VMWARE. Trying to change to English. 2 problems. When I double click on iso it just opens bin file. Where is the “software manager” ? I’m losing the will to live here.

    • 6 RichardG
      January 4, 2015 at 10:47

      You need to mount the ISO on the virtual machine’s CD drive. When the CD appears on the Red Star desktop, open it, then open the RPM package. Or you can use a USB drive.

    • January 8, 2015 at 08:18

      Or just share the drive in RedStar, then connect to it via SMB with the guest account (make sure the share permissions are sufficient). The r/w time may be long with this method (as a VM), but it works.

  3. January 4, 2015 at 18:11

    Well, that’s me stumped. Lol. I’ve spent all day on this and am at the point where I need to replace the ko_KP with en_US. That’s where I notice it needs to be done in “Vi”. I’ve never used Vi. Never heard of it. Can you tell I’m a noob?

    • 9 terrorbite
      January 9, 2015 at 01:51

      Vi is just a terminal-based text editor (though for the uninitiated it can be highly confusing to use). You could alternatively try the more convectional nano, although that assumes that this OS has it installed.

      Personally I’m quite proficient with vim (VI iMproved) but vi still confuses me (arrow keys? What arrow keys? You move the cursor using HJKL!)

  4. January 7, 2015 at 11:21

    RichardG, thanks so much for your insight in fixing this to be “usable”. I am kind of working on a side project to attempt to “map” the internal network on the DPRK by using some of the beaconing the OS might be doing. For example to an Update Server, or maybe an internal NTP server they might run. I know it won’t mean much to us on the outside, but maybe will provide further insight to how their network is at least subnetted (if it is at all). Thanks!!! Great great great work.

  5. January 8, 2015 at 07:37

    Wow, I actually independently discovered this just the other day, and wrote a blog about it too. I even noted the selinux issues. Awesome! https://crispyappstudiosblog.wordpress.com/2015/01/05/changing-the-language-in-north-koreas-red-star-os-v2-5-to-3-0-and-server/

    You guys are all really on point, I’ve had the same findings as you. Great work, everyone! I think we might just be a secret world wide team working on the same thing.

    • January 8, 2015 at 07:51

      Oh my gosh, I didn’t even realize the gigantic zero day right in the middle of the post the first time I read it. Man, you are a master. I had actually been looking for a way to get a root shell all day, and you found it last week. How cool is it that we’re all working on the same thing?

  6. 14 nobody
    January 10, 2015 at 00:53

    do you feel special requesting a CVE for an issue that you did not discover through your own research, but via a public disclosure

  7. 16 at
    January 10, 2015 at 20:19

    easier: after using “rootsh” do-> visudo, enable %wheel entry.
    Now edit /etc/passwd and replace /sbin/nologin with /bin/bash,
    add yourself to wheel group (i.e. usermod -G wheel) and use sudo command.

  8. January 17, 2015 at 18:24

    Man, been trying for fairly long, but have had no success. Can y’all tell me how to run the terminal in RS3? Tried just about everything 😦

  9. 23 Velizar
    January 28, 2015 at 12:19

    Dude where is the Terminal?? North Korea disables it maybe for more restrictions…

  10. 24 Qian Gong
    February 2, 2015 at 14:36

    Is Red Star O’s ARM based? Because I think this would be awesome on raspberry pi 🙂

  11. 25 KAYOver
    February 14, 2015 at 10:32

    How to install google chrome? I installed it, but it will not start :\

  12. 26 btsuyuki1
    February 20, 2015 at 01:39

    I found that the iptables command worked only if i said iptables-config, maybe its specific to my copy, i don’t know.

  13. June 12, 2015 at 11:01

    What does the rpm you provided exactly do? Could you please provide the source code? Thanks!!!

  14. 29 Agandaur
    July 25, 2015 at 07:38

    I will start this post by giving some general information of the operating system I use, it’s Redstar OS 3.0 installed from ISO on a Toshiba windows 7 laptop. I formatted it and installed Redstar from a bot-able USB drive, fixed root access, Ethernet and got the language to work in English. This blog here was too a huge help fixing root access and get the system to work in English. Trying to run Redstar as main operating system and here are the issues I have stumbled across trying to get Wi FI working by getting essentials trough Yum:

    Is there any ways to get Yum working on this OS? Either by reinstalling it or finding the config so it becomes fixed like the internet. Since used the clear IP tables command in the terminal as root, fixed the firewall and set up my Ip and I can perfectly use the internet with the OS. So is there a way to fix Yum So I can get WiFi on it?

    Here are the error messages I get when I try to use yum, when I either try to update it or try to install essentials this happens:
    ———————————
    [root@localhost ~]# sudo yum update
    /usr/lib/python2.6/site-packages/iniparse/ini.py:46:
    DeprecationWarning: the sets module is deprecated
    from sets import
    Set
    Options Error: Error parsing ‘/media/REDSTAR DES//’: URL must be http, ftp, file or https not “”

    and:

    [root@localhost ~]# yum groupinstall “Development Tools”

    /usr/lib/python2.6/site-packages/iniparse/ini.py:46: DeprecationWarning: the sets module is deprecated
    from sets import
    Set
    Options Error: Error parsing ‘/media/REDSTAR DES//’: URL must be http, ftp, file or https not “”
    ————————

    If you wonder why my computer name is localhost, is just because it’s the default name the computer get’s after changing to Redstar. I need essensials for getting iw-4.1 to work but the program that I need to run Iw with, Libln-3.2.2.5 need a c compiler that, I try to install with Yum but it refuses to work, I always get the last part of the error message and I don’t know what /media/REDSTAR DES//`.

    I have tried some fixes like these ones:

    To enable software installation run:
    mv /etc/yum/repos.d/rs-03000.repo /etc/yum/repos.d/rs-03000.off (causes yum errors)

    Download fedora-upgrade-21.2-1.fc21.noarch.rpm, fedora-release-21-2.noarch.rpm, and fedora-repos-21-2.noarch.rpm from http://ftp.heanet.ie/pub/fedora/linux/releases/21/Everything/i386/os/Packages/f/ and run:
    yum install fedora-upgrade-21.2-1.fc21.noarch.rpm
    yum install fedora-release-21-2.noarch.rpm
    yum install fedora-repos-21-2.noarch.rpm
    yum update
    In case of error: yum clean all
    Source: http://computing.mallowcollege.ie/red-star-os-3-0/

    Btw this is one of the guides I tried to use for fixing Yum, none of if works, Always get the same error message and can’t even use yum clean all since the error message doesn’t even allow me to that either, but I think there may be something too it though, any thoughts about this?

    • 30 Qian Gong
      August 17, 2015 at 13:40

      Most likely, the only way to update Red Star is through the DPRK Kmangmyong. There may also be a restriction on what rpms update. The repos are most likely different, so you can’t upgrade those. Release may be Fedora, but is most likely BASED ON Fedora with DPRK influences 😉

      • 31 Rhaegar
        August 18, 2015 at 17:39

        Thanks for the answer 🙂 It’s a long time since I wrote this post, lots of progress has been made though.
        Yup it could be that I can’t upgrade some of the repos, but I can install other rpms, I got EPEL working on it, the only thing I need to fix now is Python. The error I got was just my baseurl, so I changed the redstar-core-03000.repo to .off-. I have a forum thread about it here: http://www.linuxquestions.org/questions/showthread.php?p=5407537#post5407537 I only need to reinstall python since Redstar had version 2.6 but I need to install the official rpm, which is in my redstar rpm folder on my drive where I have the ISO. It’s Python 2.6-7. Also one fun thing I found out, It has rpmbuild 🙂 Which was in the extra official DPRK package for reasons I don’t know. So going to use it with epel, also got the c compiler in the same repo I got the rpmbuild command, but Yum is soon working and don’t worry I scrapped the plan of installing fedora on it. It would also remove the beutifull KDE3 deskop 😉 But thanks for the reply, if you could give me any ideas of how to safely replace the 2.6 python with the 2.6-7 repo It would be very welcome.

  15. October 10, 2015 at 21:34

    How do you run an exe with the included wine distro?

  16. 35 Georg
    December 6, 2015 at 14:44

    A little bit late to the party, I guess , but hey….

    There is a much easier, builtin way to get root privilege.
    The distribution has /usr/sbin/rootsetting silently sitting there, patiently waiting to be called.
    It will ask for your user password, after this you are able to set a password for root.
    This activates the normal root superuser on the system and you can now use “su” to gain root.

    • 36 RichardG
      December 6, 2015 at 14:49

      Interesting discovery. Unfortunately I don’t have enough disk space to install Red Star again, but I will update the blog post as soon as I get around to installing it again.

      • 37 Agandaur
        December 28, 2015 at 02:52

        Nice, if you find anyway getting software installation to work in this OS could you post it when you update this post? Since when you run yum install (name of program) you will get an error about /etc/yum.repos.d/rs-core-03000.repo baseurl not working, It could possible be annother way to fix it I tried adding file:// but it did not work in my case. I managed to turn it off by cd into /etc/yum.repo.d/ and running this command: mv /rs-core-03000.repo /rs-core-03000.off which got rid of the error. Then I installed Epel 5 in the software manager to get software mirrors up and running, but now I am stuck getting Python errors. Hope this was to help for you, will be interesting to hear if you manage to get this working. Hope this make sense if you if not just ask and I will try to clarify this more. Good luck with this blog and thanks for covering this OS

        Also could you look into the server edition if it’s possible to set it up for use or if the software is to restricted? I am very curios about both these subjects since it would be very interesting to see if this OS could be configured enough so it can be suited for “normal” use by people interesting to test it.

  17. 38 Kenji
    December 16, 2015 at 15:16

    Hey. Heads up, I’m a complete noob. I’m running Red Star OS 3.0 in VirtualBox, I downloaded the redstarroot.rpm, I now have a file called rootsh……what do I do now?

    “To get root, get this RPM package I made into Red Star through an ISO (if you’re using a virtual machine) or USB key, double-click it to open it with the Software Manager, and click through the blue buttons until it’s done.
    After that, run rootsh to get a root shell. ”

    ^^^^ How do I do this ?

    Thanks 🙂

  18. 40 Felix
    December 30, 2015 at 07:24

    I have installed it in VMWare but it seems that there’s no settings about DHCP.
    i changed the language into English and disabled the iptables but the only problem is that I can’t load webpages using the explorer. How can I solve this problem?
    thx

  19. 41 박건
    December 30, 2015 at 12:56

    The message on the windows installer say,

    이 프로그람을 사용하려면 설치파일들을 하드디스크에 복사하여야 합니다.

    To use this program, you must copy the installation files to the hard drive.

    Source: I’m Korean

  20. December 30, 2015 at 17:27

    I have not needed to use rootsh to have an access to the root. at startup, when the grub, press “insert” to modify the kernel launcher line and modify to “quiet 1” to start in single user (root) and then edit the sudoers file and the password “root”. Then, restart, and the sudo works.

  21. 43 Explorer14
    February 3, 2016 at 00:05

    I edited lang=ko to lang=en but now I cant even boot it!

  22. February 18, 2016 at 10:27

    help! how do I get the redstarroot file on the redstar desktop to install it? I cant find it. I have it saved in my downlaods folder and my usb stick

  23. 45 Mitja
    March 14, 2016 at 10:33

    Hi can someone tell me any root password that RedStar OS 3.0 Server will accept when you set it in installation? I tried everything but I always get some Korean error that I can’t retype and can’t understand

    Thanks for Anwsering and Best Regards

  24. 46 Kavi
    May 23, 2016 at 23:17

    Is it possible to get a wireless connection to the internet? I know that in Korea they only use modems.

  25. 47 Denning
    June 16, 2016 at 17:29

    Is there a way to replace the Naenara browser? I’m not sure which distribution of Google Chrome, Firefox, etc that would be suitable for Red Star OS 3.0.

    Also, Naenara crashes for some reason when attempting to visit the Firefox website.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: