Who else has test driven Red Star OS? Inspired by the talk give at 32C3 (and 31C3) I decided to have a go.
Even though its primarily designed for use within DPRK, you can still set your own time zone
Note. Dont try and install it on an 8BG drive. I though this was enough, but it kept shitting itself, telling me that the partition that I had just created could not be found. I eventually got it installed on a 15 GB partition.
Note the english language. You can hack and save the isolinux.config file in the .iso itself so that the installation language is english, which makes things a lot easier.
No, I dont think it does.
What do you base that assumption on?
Once installed, log on.
OK, we are back to Korean language again. But there is a fix for this. There is an .rpm that has been prepared which (like previously using isomaster) can be inserted into the iso. Once installed, you are a few key strokes away from root access and English language (for the OS at least - applications etc still seem to be in Korean)
Note the Mac look and feel
There is a wide selection of wallpapers.
Here's an example: Howitzers aimed at the south, no doubt.
Hmmm... not only are we still in Korean language, but it appears that access to the internet itself cannot be obtained without going through some sort of internal (ie within DPRK) proxy.
In that case it's still not as bad as a modern Windows install.
It's funny how double standards exist in that sense.
>western company spies on you
>"for muh own good"
>eastern company spies on you slightly less than the western company
>"it's just like the gestapo all over again!"
At times, the theft of Mac OS stuff is blatant.
Remember, this OS is built primarily on a Fedora release.
>Note the Mac look and feel
To their credit, i think Red Star is probably the best imitation of the Mac interface in and distro I've seen.
That's almost hilarious.
What's the default proxy settings in Fx?
Thats actually a really good point. There are plenty of serious reviews of this thing available and plenty that either take the piss or are pretty heavy on the condemnation. With the case of the latter group, yes, the hypocrisy is laughable.
Yes, you are on the right track. I will talk more about this later on.
Yes, it does look rather nice and the guns were a nice touch I thought :).
In the browser, it is just set to "use system settings", which as they guy above mentioned relates to so strict iptables rules, which we will deal with shortly.
No net access from outside of DPRK. Even adding exceptions for certs does not help much. I think the cert authorities referenced in the browser and all NK and of course, the dont like too much, what comes from outside of their borders (or so it seems).
To be fair, North Korea wasn't nearly as wacky before Kim Il-Sung died.
The Soviets and most of the eastern block weren't nearly as crazy at the time either.
It'd be more like the Cuban's attempts more than anything.
>North Korea spies on you less than Windows
The Cubans have their own OS too, I believe.
Anyway, as the chap mentioned above, we need to get rid of iptables in order to get access to the outside world. We need root access however to do this.
As I mentioned earlier, I inserted a prepared .rpm (not mine, but I will post links later) into the iso and then used this to get root access.
Once I had root, I then ran the next commands and rebooted. This put the OS in English mode, but like I said, applications still seemed to be just in Korean.
Yep, I will talk about this later (and the problems I had in replicating it, which was disappointing).
I am not certain what this means.
Many files contain unique strings (like the watermarks) in Windows. Not to mention the fact that Microsoft has the capability to copy literally any file from your Windows install.
Watermarking is bad, but complete remote access is worse.
You can get sudo as well. Took me a few gos syntax wise. It was late by now, but it works
>So we thought we will give it a shot and created a simple DOCX file that we copied on a USB drive and attached the drive to the RedStar OS. Guess what: The MD5sum of the file changed. We did not open the file with the included “Sogwang Office” or touch it in any way, it just changed simply making it available to the OS. Now a DOCX file is basically a ZIP with multiple files included. If you look at a DOCX in a hex editor you will see that there are larger areas that are filled with null bytes at the beginning of the file. By looking at the same area again in a file that has once been transfered to RedStar we see some garbage inserted into the file.
The next picture shows a hexdiff with the file before it was transfered to RedStar and after it was transfered.
>To sum that up: Creating and using media files and documents on RedStar OS can get you into trouble if you are living in North Korea. Do not assume that the files can be kept private and cannot be traced back to the creator!
After rebooting, now with root, sudo and Eng language, I now had net access. Note, I did not screen shot the command needed to get rid of iptables. Sorry about that.
Some pages do not display all that well.
It wasn't as widespread as I made it sound, but it's still bloody scary.
I'm not trying to defend North Korea either, I'm just saying that we aren't much better. It's terrifying.
it means that the Korean Computer Center (KCC) took the path of least resistance to get the look that the supreme leader, and whoever was in charge of development of the OS wanted
Yep, that is correct.
Thanks for that. As much as I tried, I could not get the hash on either a docx or a jpg to update. Many times, i moved the files around, inserted and removed a usb device etc but no way could I get the sha1 to update, which was very disappointing.
I wonder if the OS realises when it has been tampered with? I dont know, but if you look at the various demos done elsewhere, plent of folk were able to make this happen easily.
Other web pages seem to display OK
Note the Korean language. This is for the Naenara bowser, not the OS itself
to get the root exploit i literally just ran a grep on the dev/usb daemon and found that it runs as root and takes an argument. i simply edited the file to point to the file i wanted it to execute as root, which was a shell script running chmod.
it was quite simple, and was overlooked by people who, i guess tried, but don't really have the skill or knowledge to harden an os
The colours on the "Activity Monitor" are a bit much.
That was a great talk. Remember how some files are watermarked by the OS? Well I wrote a simple crawler for nork websites to see if the images they uploaded were watermarked but I haven't found any. I guess whoever has enough security clearance to access the public Internet also doesn't need (or isn't allowed) to use red star.
I wonder if it would be possible to find an exploit for the watermarking program and have it self-destruct on a malformed file.
It will have to be later I dont have it running at the moment.
One thing I will say is that it seems to sit there very quiet when you are not doing anything. I just had WS running on the host and all of the chatter from the OS was just plain old NETBIOS stuff. The guys at 32C3 said they let it run for two days and it did not try to phone home at all. I guess if it senses that it is outside of the DPRK intranet it just shuts up.
This image became the wallpaper for my root account
yeah, you have to examine it in a trusted environment on a secure machine, not a known (or thought to be) compromised environment such as redstar os.
but the evidence of tampering is there in clear hex.
in this figure, see the top file, the unmodified one, and the bottom file, the same file, after the os has watermarked it.
it's not very sophisticated though, and can easily be reverse engineered, or neutered.
Just a C and P of some info:
sed -i 's/ko_KP/en_US/g' /etc/sysconfig/i18n
sed -i 's/ko_KP/en_US/g' /usr/share/config/kdeglobals
easier: after using “rootsh” do-> visudo, enable %wheel entry.
Now edit /etc/passwd and replace /sbin/nologin with /bin/bash,
add yourself to wheel group (i.e. usermod -G wheel) and use sudo command.
I assume the watermarking is only done to certain filetypes?
How does it discriminate between different filetypes? Just by name?
Couldn't you just save your files as like "ilikewearingdressesand.longsocks" to evade it?
Nice. Thanks for that. Insidious, isnt it?
But I am bamboozled as to why it would not work for me. Essentially, I just did what the guys did at the 32C3 talk, but no way in hell could I get it to update. I cross-checked on my own (host) machine here - the sha1sums remained unchanged. Might have another go tonight.
The degree to which they've cloned OS X is uncanny. Windows/Linux OS X clone attempts in the west fall way short, even the ones that take the trouble of developing custom software to get the desired effect (anybody remember the aqua-soft forums?)
I did, but it was a .docx created under open office. Perhaps that made a difference, I dont know? But I was at it for 1-2 hours, just doing what the guys did at the presenattion a few days ago, but each time, sha1sum *file...* resulted in the same hash.
There is even some stuff that root cannot touch.
I guess updates are done when those controlling the internal network think they should be done, which of course, leaves the path wide open for malware deployment and snooping.
Does the OS do anything special in terms of security? Is there any evidence that the government can remote control the OS? What kernel is it running?
It can't be running anything close the latest kernel. It would be pretty interesting if someone unleashed a bug that makes use of well-known now-patched security holes and propagated itself through intranet-connected red star machines.
Would probably be pretty easy to snag some XP machines in the country too, I bet most of those aren't even running SP1
My question is how did they manage to set up the Kfinder and File/Edit/View/Go/Window/Help thing in the main desktop panel? No distro I've used has anything that close to Mac OS X.
For a while there was a Gnome 2/MATE/XFCE bar plugin that'd grab application menus and stick them in a bar on the top of the screen. Last I tried, it was broken and unmaintained though.
I'd really love to find a replacement or fix for that plugin. I find that having a singular menubar docked to the top of the screen is more effective for me.
But what about .jpg's?
I have thought about that. But I dont think it would amount to much. After all, 10. whatever is used everywhere for internal networks. What we need to know is the point where the intranet marries up with the internet.
I believe it is a fairly recent kernel. I dont have the number written down here but one of the reviewers websites mentions it.
>Would probably be pretty easy to snag some XP machines in the country too, I bet most of those aren't even running SP1
Nothing internal connects directly to the internet as we know it. I think it is all pretty much proxied. Any NK ips what you can see will be those that they want you to see, I guess. Your average joe at home running XP would be almost impossible to see (and scan) I would assume.
What I mean is, docx is watermarked, but if you give it the wrong file extension is it still watermarked?
docx saved as file.docx = watermarked
docx saved as file.kukx = watermarked or not?
That's may not be so far fetched if you're an insider:
But only microsoft knows how windows actually works anyway.
Some people internally use it, but most of the population with a computer are still using XP.
There is also a server version of Red Star Os and it has been confirmed that at least one externally facing server (ie one that we can see) is using it.
OP here, I was going to try and post a selection of the wallpapers from within naenara browser itself, but posting to the board here seems nigh on impossible. I could not see any of the captcha stuff. The catalog does not display.
There may be a fix for this, but I dont know it yet
The Finder is just the desktop and file manager under OS X. It's the equivalent to Explorer or Nautilus.
The plugin moves application menus to a global menu panel on the top of the screen, mimicking OS X's global menubar.
Is that not what you're talking about?
>My question is how did they manage to set up the Kfinder and File/Edit/View/Go/Window/Help thing in the main desktop panel? No distro I've used has anything that close to Mac OS X.
because they dont care about copyright
>My only disappointment is that this OS is not binary compatible with OSX.
They could've if they wanted to. Just take the FOSS version of Darwin and re-implement Foundation, Quartz, Cocoa, etc on top of it.
>because they dont care about copyright
Pretty much this. I would love to get a hand on one of their versions of Windows XP. Its been in use for a very long time. The surveillance capabilities in it would be staggering.
>What's stopping people from making a clone of Mac OS X that's 99% accurate, based off BSD or Linux?
Nothing, as we have seen in this thread :)
There's not much closed source MacOS exclusive software worth using, a lot of it is POSIX compliant and OSS. Regardless the daisy project exists. An unrelated project that may be of interest is BSDNeXT which is a FreeBSD fork with a lot of mach stuff rolled in as well as OS X software like launchd, it's new and experimental.
im too autistic to see that your picture is probably meant to be used ironically but god damn. Rustled my jimmies
>capitalism = bad phones xDDDD
nigger without capitalism there would not be phones or really any technology in general.
Not so much an end-goal, more an inevitable consequence.
But anyway, we are talking about a great OS here
Its OK, thanks for being polite.
I have worked out how to get the board to display correctly in the browser and how to avoid the pesky messages about the invalid certs: Connect via port 80 ;)
This pic is from Virtual Box (ctrl E)
Considering all the Security certs on redstar are signed by the korean govt, not very.
Unless you want to keep your secrets korean only, then its pretty secure.
That raises a real question about security cert authorities. Would you trust your government over a bunch of multinationals?
Sorry, I don't know a ton about OSes, but this really isn't a reskinned (Snow) Leopard? It's built from the ground up? Or built but stole a lot of assets, like the browser? Because it looks way too similar
Agreed, I guess.
I have just been looking at the search engines. Two are installed. Both head off to the same internal IP when used.
Its Fedora in a leopard skin, I guess :)
If you want to update your search engines, again, you connect to what seems to be this master IP.
Its been fun playing with this over the last couple of days. The guys who gave the presentation at 32C3 got me interested.
You get some nifty tools, like the Bokem file encryptor, which apparently is derived from AES.
If anyone wants to look at this further then do it, If you know your code, reverse engineering etc, then contact the German chaps via their github. At the presentation they asked for more help in looking at this OS
Ordinary users cannot change any security settings. If you have root access though, then you can (I tried my normal user account - it failed, but the root account worked - remember, the ordinary user at DPRK will not have root access).
This is interesting. Another locked down set of security settings. I kinda thought I might have seen some log files here as my system's integrity surely has been compromised. But perhaps it does not work like this. Perhaps it only generates logs if the PC is on the internal network, knowing that it can upload then when it has to.
That's scary. Think OP's computer is compromised now? I wonder if NK wrote malware into it that could infect his device firmware and totally fuck his hardware, short of hardflashing the chips himself. I heard that was possible, but I don't know if NK cares about doing that.
Root comes with no password. The account is well hidden though. read up towards the op of the thread. I inserted a pre-prepared .rpm made by another person into the .iso, and then after running it and doing some other stuff I got access to the root acct and was able to set a password.
By the fact that I now have root, I have deleted IP tables and I have seen tits on 4chan.org.
I dont think so. There isnt a bit of the original Fedora that these guys haven't re-modeled or tweaked. But who knows? The author of the .rpm that gives root access seems legit, but who is to say that he might wanna fuck around some?
That will be enough of that out of you, thank you very much.
Apparently they have pretty girls directing traffic everywhere.
I heard american citizens can have a hard time getting permission to enter, but otherwise its relatively easy.
>about 1,500 Western tourists visit North Korea each year, along with thousands of Asians
If you search the CCC video presentations (or you tube too I would imagine) the guy who gave the first talk on NK net infrastructure (at 31C3) just wrote a letter to their govt asking if he could come teach for a while. Apparently he got pretty much an instant 'yes'.
So, you have just done a basic install, the machine has re-booted and thats it? It just hangs?
Venom should not affect him yet. He does not have root access on the machine.
Remember that ordinary users will not have root.
Want to turn off the guest account? Forget it unless you have root access
No problem, its been an interesting couple of days.
Like other settings, network settings cannot be touched by ordinary users, just root. I thought I might have seen something interesting here, but I guess all the cool stuff is hard-coded (apart from iptables which were deleted) deep in the bowels of the OS.
Disk Tools include erasers for both CD's and HDD's.
For an OS that apparently is geared towards surveillance and censorship, it has more personal security features than one would expect
I get this when I attempt to open the Bokem Security tool. I a guessing it is saying that you must be logged on as root. There is no option to put in root credentials when starting the application. I might try it logged on to the OS as root
Logged on as root. Note the wee flag in the top bar and the absence of the other red icon.
OK, root can access the Bokem security tool. I believe this thing is the users personal file encryptor. Odd though, that your average user would not have root access and thus they could not use it.
I couldnt do anything with the bokem tool. I thought I might have been able to drag a file to it or something, but i could not. However, right clicking on a file allowed me to encrypt it and then decrypt it
And there is the file. Encrypted. Lets see what happens when I go back to my normal user account.
OK, back as my normal user account. I can encrypt and decrypt the file as before, but whats this? Notice anything different? The little animated red flag has returned to the top bar.
Did activating (?) Bokem as root do this (Did Bokem shit itself and turn itself off when I originally got root? I dont know. Weird).
whats up with the light shininc down from her skirt?
You need a passphrase to decrypt. That document you saw on both my screens is not the same document. Root has a different copy to the normal user (albeit with the same name).
Or am I misunderstanding you?
It makes her legs glow like her tits
The red flag that reappeared seems to have three options when you right click on it.
1. You can search for folders (not files) and add a path t5o a folder to a pop up box. But I cannot see what to do after that. Perhaps you need to be logged on as root to make use of this.
2. The second option produces this with a hex-key of some sort.
3. The last function is depicted by an email symbol. It allows you to search for a file. When it is clicked, a message pops up. Perhaps this is something that allows to to submit a suspicious file to the big guys at 10.76.1.11
Back on as root, the operation of the 3 choices at the red flag remain unchanged. I think this is some sort of virus scanner, with a capability to upload if one feels the need to.
It would be great to have a Korean speaker in the thread.
No idea, it looks like it holds pens or paint brushes though.
I dont think so. Perhaps because it sense it is not on its home network? I had WS running on my host machine here. All I saw was a bunch of stick standard Net BIOS stuff.
The researchers from Germany had it running for 2 or so days and the logs showed nothing of interest.
Hi - please look through the thread and translate anything that is Korean.
Then tell me why, when you have this wonderful OS, you persist in using a MAC?
"While KCC mainly works on projects within the DPRK, it has since 2001 served clients in Europe, China, South Korea, Japan, and the Middle East. It operates Naenara, North Korea's official web portal."
What a wonderful woman.
"South Korean users' access to the site has been blocked by South Korean authorities since 2011 and as of 17 July 2014 the website remains blocked."
SoUth Korea, Shit-tier KoREA
> It's just you. http://www.naenara.com.kp is up.
I think I got blacklisted for trying to wget all their mp3 and wma files. I really wanted that music.
From what I have heard, JAV DVDs is one of the most (if not the most) popular things to bribe guards with on the Chinese border.
They have people going in and out who transfers mobile phones and people, so some porn should not be completely absent, just very limited.
>This talk will reflect on teaching Computer Science in Pyongyang over the last two years, and look at how technology has been integrated into civilian life in the DPRK. Remaining an extremely isolated country, many people would be surprised to hear that cellphones have become commonplace within the capitol, let alone that the country invests in custom hardware and software. I'll talk through the current state of desktop and mobile technology in pyongyang, and what's changing.
There's even webm/opus for free as in freedom.
I am Korean-American so I can speak and write English, as well as Korean.
North Korean grammar is a bit different from our country (S.Korea)
since we've been apart since the Korean war.
But here's the rough translation. I believe this is what the message means.
The message translates into :
During the scan, running programs could malfunction, so please save all running programs.
>During the scan, running programs could malfunction, so please save all running programs.
That's the most honest AV I've ever seen. The others just silently interfere with other running programs.
is blocked from the South Korean government.
When I try to access the site using the link, it goes to warning.or.kr
Not surprised though.
Even 4chan was blocked briefly in 2015...
As far as I know you can buy pendrives filled with porn on local markets and shit. But like in South Korea, it's illegal. If they find it on your computer, or the pendrive, you are dead.
Don't know what happens in South Korea though, but it is illegal over there too.
I have no idea
The user names are pulled from twitter and randomly matched to posts
The word 4chan is filtered to the name of the site
I suppose it is used to fake a real forum and rake in adbux
Until recently, Norks actually had a better economy than the south. And greater political freedoms.
That's more of an 'asian countries are shit' thing rather than a socialist/capitalist thing though.
Communism will never work irl, because we are humans, not ants or bees. There is always some asshole who only wants more power, so it will always end in a mass murdering dictatorship. People are not equally want to work too, a lot of them just want to leech the system. So communism is completely based on bullshit. It's only good for scamming stupid people to vote for you, so you can enslave a whole country.
Like it or not, capitalism the best we have.
That's one way to put it.
However the firewall is basically a ip blocker, preventing S. Korean users from accessing certain sites.
If you try to access a blocked site here,
you are redirected automatically to
Now I don't know a lot about networks but you are still blocked even if you use a different DNS server (eg. Google Public DNS)
Most foreign and domestic public porn sites are blocked, including some paid porn sites. Most foreign torrent sites remain unblocked, however some domestic torrent sites are blocked.
Hentai, and other 2d porn sites are mostly blocked.
Google Searches done on
block certain keywords related to porn, including English searches.
Recently I've heard that the searches have been unblocked.
This can all be easily circumvented with a foreign based VPN or proxy.
Even CNET Korea has tutorials
on how to do this
If you are born in S. Korea, finding porn isn't easy as typing in 'porn' in Google Search...
Yup porn is illegal here, although I don't know the details of the law.
Was never caught having porn though.
I have over 70GB of porn on my pc, lost my previous collection due to drive failure
South Korea seems to be a country that just werks and werks pretty well. Not counting k-pop you're a very rare example of a first world country that's almost completely free of degeneracy. Don't ruin it and stop ruining your life, delete all that furry porn immediately.
Porn censorship is getting harder here.
Usually porn is distributed illegally here through public webhard(cloud) services.
Most porn sites change their domains and IP every time the government blockes them.
Haven't heard of people getting punished by law by having porn, usually its the porn uploders that get punished by law.
Here's a wiki article (In Korean)
my military friend wont shut up about iraq
>what was your favorite part of your tour?
>it would defiantly have to be getting to bum around the outer cities when we had nothing to do, shits beautiful, shame the people are not
if i look up your backdoor ill see 1,210,000 dicks