Updated 2016-01-04: A year after Red Star 3.0 surfaced at 31C3, 32C3 held a talk on its internals. The talk documents the official root method and some malicious components present in the OS; I have updated this post accordingly.
The latest version of North Korea’s custom Linux distribution, Red Star OS – that one with the OS X style interface – has leaked onto the internet. While the individual who talked about technology in North Korea at the 31C3 conference claimed he didn’t see anybody using Red Star seriously, it’s still an interesting distribution to check out.
Installation
The Korean installer is quite easy to go through blind. All you need to watch out for is the network configuration, which is not set to DHCP by default. Some extras (including compilers and a LAMP stack) are available through the Customize screen.
The installer (a customized version of Fedora’s Anaconda) can run in English with a modification to the ISO: in /isolinux/isolinux.cfg, replace lang=ko with lang=en on the kernel parameters. Some minor parts of the UI remain untranslated as they are static images. The installed system will still be in Korean, but we’ll fix that later.
Obtaining root
The root user is disabled by default on Red Star. You can enable it with the /usr/sbin/rootsetting command, although I cannot verify how it works.
My old root-shell RPM is still available here for reference.
English
Like the installer, the system can run in English, and the included apps have English translations as well. Run the following commands as root, reboot, and the system will be in English:
sed -i 's/ko_KP/en_US/g' /etc/sysconfig/i18n
sed -i 's/ko_KP/en_US/g' /usr/share/config/kdeglobals
Thanks to davidiwharper on OSNews for the sed command.
Internet connectivity
For some reason, Red Star’s iptables firewall is set to only allow outgoing connections to certain ports. DNS is blocked as North Korea’s intranet uses IP addresses only, so you can’t get a proper internet connection on Red Star by default. To fix that, run the following command as root to clear Red Star’s default firewall rules, and reboot:
rm /etc/sysconfig/iptables
The included “Naenara Browser” is Firefox 3.5, and despite being configured to browse on the North Korean intranet, it works just fine on the internet. Its language can be changed to English by disabling the Korean language pack (thanks Chocohead): go to the second-to-last menu, select the third option, go to the fourth tab, select the “(ko-KP)” add-on, click the first button to disable it, and click the button on the yellow bar to restart the browser.
Dubious components
As highlighted on the 32C3 follow-up talk, Red Star contains several shady components, including but not limited to a file watermarking system service and a supposed “virus scanner”. The speakers provided instructions on how to disable these components.
Other notes
The system seems to be dated October 2012.Packages as new as 2013 are present in the system.- There appears to be a system file modification detector, which warns about modified system files when you log in. Running the installer in English was enough for it to complain about the kernel and initramfs images, at least for me. To disable it, run this command as root to remove its autorun entry: rm /usr/share/autostart/intcheck_kde.desktop
- The 32C3 talk also mentions a similar service which automatically reboots the system if files related to the aforementioned malicious components are modified.
- The disc includes a Windows executable named install.exe, which displays a dialog (actually an image lifted from the EXE resources) with two buttons. The first one displays an error, which probably tells you to boot from the installation DVD, and the second one closes the dialog.
- Press Esc on the boot splash for verbose boot.
- In several places, you’ll see English or South Korean locales replaced to accommodate the North Korean locales.
- The English translation is surprisingly good. One theory is that all English text was taken straight out of OS X.
- The “Crosswin” Windows compatibility layer is a wrapper around Wine 1.2.2.
You say that you can’t change the language in the browser, but you infact can, as the Korean language pack is really just an addon, meaning going to the addons menu lets you disable it, reverting the language back to English. Not sure if you need to tweak the settings shown here http://unix.stackexchange.com/questions/34965/how-to-change-firefox-language in order for it to revert to English over Korean, but I did that before disabling the language pack, so now everything apart from the previously closed tab menu is in English.
Thanks for the tip. Disabling the language pack was enough.
Have you managed to install any other browser on it? A combination of the butchering of yum and other general awkwardness has left me stuck to Naeara.
I don’t think it’s possible without breaking the system through yum. If there’s a way, I’ll add it here.
I’m running this on VMWARE. Trying to change to English. 2 problems. When I double click on iso it just opens bin file. Where is the “software manager” ? I’m losing the will to live here.
You need to mount the ISO on the virtual machine’s CD drive. When the CD appears on the Red Star desktop, open it, then open the RPM package. Or you can use a USB drive.
Or just share the drive in RedStar, then connect to it via SMB with the guest account (make sure the share permissions are sufficient). The r/w time may be long with this method (as a VM), but it works.
Well, that’s me stumped. Lol. I’ve spent all day on this and am at the point where I need to replace the ko_KP with en_US. That’s where I notice it needs to be done in “Vi”. I’ve never used Vi. Never heard of it. Can you tell I’m a noob?
Vi is just a terminal-based text editor (though for the uninitiated it can be highly confusing to use). You could alternatively try the more convectional nano, although that assumes that this OS has it installed.
Personally I’m quite proficient with vim (VI iMproved) but vi still confuses me (arrow keys? What arrow keys? You move the cursor using HJKL!)
RichardG, thanks so much for your insight in fixing this to be “usable”. I am kind of working on a side project to attempt to “map” the internal network on the DPRK by using some of the beaconing the OS might be doing. For example to an Update Server, or maybe an internal NTP server they might run. I know it won’t mean much to us on the outside, but maybe will provide further insight to how their network is at least subnetted (if it is at all). Thanks!!! Great great great work.
Wow, I actually independently discovered this just the other day, and wrote a blog about it too. I even noted the selinux issues. Awesome! https://crispyappstudiosblog.wordpress.com/2015/01/05/changing-the-language-in-north-koreas-red-star-os-v2-5-to-3-0-and-server/
You guys are all really on point, I’ve had the same findings as you. Great work, everyone! I think we might just be a secret world wide team working on the same thing.
Oh my gosh, I didn’t even realize the gigantic zero day right in the middle of the post the first time I read it. Man, you are a master. I had actually been looking for a way to get a root shell all day, and you found it last week. How cool is it that we’re all working on the same thing?
@hackerfantastic also got a 0day in the udev event scripts, but I found the RPM method.
do you feel special requesting a CVE for an issue that you did not discover through your own research, but via a public disclosure
I have no association with whoever requested the CVE.
easier: after using “rootsh” do-> visudo, enable %wheel entry.
Now edit /etc/passwd and replace /sbin/nologin with /bin/bash,
add yourself to wheel group (i.e. usermod -G wheel) and use sudo command.
Man, been trying for fairly long, but have had no success. Can y’all tell me how to run the terminal in RS3? Tried just about everything 😦
Open “Applications” folder > Open “AppLink” folder > Open “Utilities” folder > Open “Terminal” icon > Profit!
Thanks very much, yet I’m still in the Korean version, and not really good in Korean 😉 is there some kind of a key combination?
There is no combination. But you can follow these screenshots.
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
1 – http://itmages.ru/image/view/2210247/1bcf4f63
2 – http://itmages.ru/image/view/2210251/37793874
3 – http://itmages.ru/image/view/2210253/4500c028
Thank you SO very much, worked like a charm 🙂
There is a way to get directly to an Engish terminal (that even works in the installer), press control-alt-F1 and it’ll pop up with a terminal screen. Control-alt-F2 will swap it back to the normal desktop.
Dude where is the Terminal?? North Korea disables it maybe for more restrictions…
Is Red Star O’s ARM based? Because I think this would be awesome on raspberry pi 🙂
How to install google chrome? I installed it, but it will not start
I found that the iptables command worked only if i said iptables-config, maybe its specific to my copy, i don’t know.
Nevermind, still broken.
What does the rpm you provided exactly do? Could you please provide the source code? Thanks!!!
I will start this post by giving some general information of the operating system I use, it’s Redstar OS 3.0 installed from ISO on a Toshiba windows 7 laptop. I formatted it and installed Redstar from a bot-able USB drive, fixed root access, Ethernet and got the language to work in English. This blog here was too a huge help fixing root access and get the system to work in English. Trying to run Redstar as main operating system and here are the issues I have stumbled across trying to get Wi FI working by getting essentials trough Yum:
Is there any ways to get Yum working on this OS? Either by reinstalling it or finding the config so it becomes fixed like the internet. Since used the clear IP tables command in the terminal as root, fixed the firewall and set up my Ip and I can perfectly use the internet with the OS. So is there a way to fix Yum So I can get WiFi on it?
Here are the error messages I get when I try to use yum, when I either try to update it or try to install essentials this happens:
———————————
[root@localhost ~]# sudo yum update
/usr/lib/python2.6/site-packages/iniparse/ini.py:46:
DeprecationWarning: the sets module is deprecated
from sets import
Set
Options Error: Error parsing ‘/media/REDSTAR DES//’: URL must be http, ftp, file or https not “”
and:
[root@localhost ~]# yum groupinstall “Development Tools”
/usr/lib/python2.6/site-packages/iniparse/ini.py:46: DeprecationWarning: the sets module is deprecated
from sets import
Set
Options Error: Error parsing ‘/media/REDSTAR DES//’: URL must be http, ftp, file or https not “”
————————
If you wonder why my computer name is localhost, is just because it’s the default name the computer get’s after changing to Redstar. I need essensials for getting iw-4.1 to work but the program that I need to run Iw with, Libln-3.2.2.5 need a c compiler that, I try to install with Yum but it refuses to work, I always get the last part of the error message and I don’t know what /media/REDSTAR DES//`.
I have tried some fixes like these ones:
To enable software installation run:
mv /etc/yum/repos.d/rs-03000.repo /etc/yum/repos.d/rs-03000.off (causes yum errors)
Download fedora-upgrade-21.2-1.fc21.noarch.rpm, fedora-release-21-2.noarch.rpm, and fedora-repos-21-2.noarch.rpm from http://ftp.heanet.ie/pub/fedora/linux/releases/21/Everything/i386/os/Packages/f/ and run:
yum install fedora-upgrade-21.2-1.fc21.noarch.rpm
yum install fedora-release-21-2.noarch.rpm
yum install fedora-repos-21-2.noarch.rpm
yum update
In case of error: yum clean all
Source: http://computing.mallowcollege.ie/red-star-os-3-0/
Btw this is one of the guides I tried to use for fixing Yum, none of if works, Always get the same error message and can’t even use yum clean all since the error message doesn’t even allow me to that either, but I think there may be something too it though, any thoughts about this?
Most likely, the only way to update Red Star is through the DPRK Kmangmyong. There may also be a restriction on what rpms update. The repos are most likely different, so you can’t upgrade those. Release may be Fedora, but is most likely BASED ON Fedora with DPRK influences 😉
Thanks for the answer 🙂 It’s a long time since I wrote this post, lots of progress has been made though.
Yup it could be that I can’t upgrade some of the repos, but I can install other rpms, I got EPEL working on it, the only thing I need to fix now is Python. The error I got was just my baseurl, so I changed the redstar-core-03000.repo to .off-. I have a forum thread about it here: http://www.linuxquestions.org/questions/showthread.php?p=5407537#post5407537 I only need to reinstall python since Redstar had version 2.6 but I need to install the official rpm, which is in my redstar rpm folder on my drive where I have the ISO. It’s Python 2.6-7. Also one fun thing I found out, It has rpmbuild 🙂 Which was in the extra official DPRK package for reasons I don’t know. So going to use it with epel, also got the c compiler in the same repo I got the rpmbuild command, but Yum is soon working and don’t worry I scrapped the plan of installing fedora on it. It would also remove the beutifull KDE3 deskop 😉 But thanks for the reply, if you could give me any ideas of how to safely replace the 2.6 python with the 2.6-7 repo It would be very welcome.
How do you run an exe with the included wine distro?
I think you just open it on the file browser.
I’ve tried that, but it always gives me the ‘choose application’ dialogue.
A little bit late to the party, I guess , but hey….
There is a much easier, builtin way to get root privilege.
The distribution has /usr/sbin/rootsetting silently sitting there, patiently waiting to be called.
It will ask for your user password, after this you are able to set a password for root.
This activates the normal root superuser on the system and you can now use “su” to gain root.
Interesting discovery. Unfortunately I don’t have enough disk space to install Red Star again, but I will update the blog post as soon as I get around to installing it again.
Nice, if you find anyway getting software installation to work in this OS could you post it when you update this post? Since when you run yum install (name of program) you will get an error about /etc/yum.repos.d/rs-core-03000.repo baseurl not working, It could possible be annother way to fix it I tried adding file:// but it did not work in my case. I managed to turn it off by cd into /etc/yum.repo.d/ and running this command: mv /rs-core-03000.repo /rs-core-03000.off which got rid of the error. Then I installed Epel 5 in the software manager to get software mirrors up and running, but now I am stuck getting Python errors. Hope this was to help for you, will be interesting to hear if you manage to get this working. Hope this make sense if you if not just ask and I will try to clarify this more. Good luck with this blog and thanks for covering this OS
Also could you look into the server edition if it’s possible to set it up for use or if the software is to restricted? I am very curios about both these subjects since it would be very interesting to see if this OS could be configured enough so it can be suited for “normal” use by people interesting to test it.
Hey. Heads up, I’m a complete noob. I’m running Red Star OS 3.0 in VirtualBox, I downloaded the redstarroot.rpm, I now have a file called rootsh……what do I do now?
“To get root, get this RPM package I made into Red Star through an ISO (if you’re using a virtual machine) or USB key, double-click it to open it with the Software Manager, and click through the blue buttons until it’s done.
After that, run rootsh to get a root shell. ”
^^^^ How do I do this ?
Thanks 🙂
There’s an easier way to enable root on another comment.
I have installed it in VMWare but it seems that there’s no settings about DHCP.
i changed the language into English and disabled the iptables but the only problem is that I can’t load webpages using the explorer. How can I solve this problem?
thx
The message on the windows installer say,
이 프로그람을 사용하려면 설치파일들을 하드디스크에 복사하여야 합니다.
To use this program, you must copy the installation files to the hard drive.
Source: I’m Korean
I have not needed to use rootsh to have an access to the root. at startup, when the grub, press “insert” to modify the kernel launcher line and modify to “quiet 1” to start in single user (root) and then edit the sudoers file and the password “root”. Then, restart, and the sudo works.
I edited lang=ko to lang=en but now I cant even boot it!
help! how do I get the redstarroot file on the redstar desktop to install it? I cant find it. I have it saved in my downlaods folder and my usb stick
Hi can someone tell me any root password that RedStar OS 3.0 Server will accept when you set it in installation? I tried everything but I always get some Korean error that I can’t retype and can’t understand
Thanks for Anwsering and Best Regards
Is it possible to get a wireless connection to the internet? I know that in Korea they only use modems.
i haven’t found a way, unfortunately. i tried getting it to find my usb wifi adapter; i tried multiple ones too. and none were found
Is there a way to replace the Naenara browser? I’m not sure which distribution of Google Chrome, Firefox, etc that would be suitable for Red Star OS 3.0.
Also, Naenara crashes for some reason when attempting to visit the Firefox website.
just thought i would add, for those who want to change red star 2.0 to english the steps apply exactly the same way. however you do not need to enable root access as you are the root user by default.