Fun with Red Star OS
Red Star OS (붉은별 사용자 영체계) is a North Korean operating system based on the Linux kernel. Its development began at the Korean Computer Center in 2002; until that time, English-language versions of Windows were commonly used in North Korea. As of 2018, the latest version of the system is Red Star OS 4.0, it is reported that the fourth version exists and is being tested locally, but at the moment most people in North Korea are still on the third version. Only the localized Korean version is distributed, in English-language sources it is referred to as Red Star OS.
Let’s say you got your filthy hands on an ISO of Red Star OS Desktop 3.0 (like, 5 years ago but you forgot about it). The obvious next step is to install it on your main computer and give it access to the outside so it can spread love and goodness. Just kidding, install that motherfucker in a virtual machine (VirtualBox, VMware, etc), just because.
Install
The Networking part in the Setup is not set to use DHCP by default so make sure you change that. Just click on the rightmost button (Next) until it starts installing. We can boot the installer into English but we’re larp-ing as a leet North Korean hacker, right?
After it finished installing, rebooting (press Esc if you want verbose boot) and taking over your internal network like a good Skyne… Kimnet should, start by enabling root access for your default user because you want to mess around and hackers always mess around as root.
$ rootsetting
I’m not posting any screenshots of what to do next but considering you’re trying to install Red Star motherfucking OS i’m pretty confident you’ll figure it out even though the buttons and messages are in Korean. If not, well, you could install something easier. Like Gentoo or Arch.
Once you get root access you might want to enable English locale unless you understand Korean:
$ su
Password:
# sed -i ‘s/ko_KP/en_US/g’ /etc/sysconfig/i18n
# sed -i ‘s/ko_KP/en_US/g’ /usr/share/config/kdeglobals
Reboot after that.
If you want network access, you need to remove the default iptables rules:
# rm /etc/sysconfig/iptables
# service iptables restart
View the original iptables rules
# Generated by iptables-save v1.4.7 on Fri Apr 13 08:55:11 2012
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:APPLICATION_FILTER - [0:0]
:INTRUSION_PREVENTION_FILTER - [0:0]
:USER_DEFINED_FILTER - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -j INTRUSION_PREVENTION_FILTER
-A INPUT -j APPLICATION_FILTER
-A INPUT -j USER_DEFINED_FILTER
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 22 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 22 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 80 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 80 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 443 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 443 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 5900 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 5900 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 631 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 631 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 135 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 135 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 137 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 137 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 137 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 137 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 138 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 138 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 139 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 139 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 445 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 445 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 445 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 445 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 20 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 20 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 21 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 21 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 548 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 548 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 1:65535 --dport 5353 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 1:65535 --dport 5353 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 22 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 22 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 80 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 80 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 443 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 443 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 5900 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 5900 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 631 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 631 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 135 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 135 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 138 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 138 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 139 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 139 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 20 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 20 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 21 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 21 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 548 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 548 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p tcp -m tcp --sport 5353 --dport 1:65535 -j ACCEPT
-A APPLICATION_FILTER -p udp -m udp --sport 5353 --dport 1:65535 -j ACCEPT
COMMIT
# Completed on Fri Apr 13 08:55:11 2012
View the list of processes
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.2 0.0 2796 1308 ? Ss 04:57 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S 04:57 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 04:57 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S 04:57 0:00 [kworker/0:0]
root 6 0.0 0.0 0 0 ? S 04:57 0:00 [migration/0]
root 7 0.0 0.0 0 0 ? S< 04:57 0:00 [cpuset]
root 8 0.0 0.0 0 0 ? S< 04:57 0:00 [khelper]
root 9 0.0 0.0 0 0 ? S< 04:57 0:00 [netns]
root 10 0.0 0.0 0 0 ? S 04:57 0:00 [sync_supers]
root 11 0.0 0.0 0 0 ? S 04:57 0:00 [bdi-default]
root 12 0.0 0.0 0 0 ? S< 04:57 0:00 [kintegrityd]
root 13 0.0 0.0 0 0 ? S< 04:57 0:00 [kblockd]
root 14 0.0 0.0 0 0 ? S< 04:57 0:00 [kacpid]
root 15 0.0 0.0 0 0 ? S< 04:57 0:00 [kacpi_notify]
root 16 0.0 0.0 0 0 ? S< 04:57 0:00 [kacpi_hotplug]
root 17 0.0 0.0 0 0 ? S< 04:57 0:00 [ata_sff]
root 18 0.0 0.0 0 0 ? S 04:57 0:00 [khubd]
root 19 0.0 0.0 0 0 ? S< 04:57 0:00 [md]
root 21 0.0 0.0 0 0 ? S 04:57 0:00 [kswapd0]
root 22 0.0 0.0 0 0 ? SN 04:57 0:00 [ksmd]
root 23 0.0 0.0 0 0 ? SN 04:57 0:00 [khugepaged]
root 24 0.0 0.0 0 0 ? S 04:57 0:00 [fsnotify_mark]
root 25 0.0 0.0 0 0 ? S< 04:57 0:00 [aio]
root 26 0.0 0.0 0 0 ? S< 04:57 0:00 [crypto]
root 32 0.0 0.0 0 0 ? S< 04:57 0:00 [kthrotld]
root 33 0.0 0.0 0 0 ? S 04:57 0:00 [kworker/u:1]
root 34 0.0 0.0 0 0 ? S 04:57 0:00 [scsi_eh_0]
root 35 0.0 0.0 0 0 ? S 04:57 0:00 [scsi_eh_1]
root 36 0.0 0.0 0 0 ? S 04:57 0:00 [scsi_eh_2]
root 37 0.0 0.0 0 0 ? S 04:57 0:00 [kworker/u:2]
root 39 0.0 0.0 0 0 ? S< 04:57 0:00 [kpsmoused]
root 41 0.0 0.0 0 0 ? S 04:57 0:00 [kworker/0:2]
root 183 0.0 0.0 0 0 ? S 04:57 0:00 [kjournald]
root 222 0.0 0.0 0 0 ? S 04:57 0:00 [kauditd]
root 278 0.0 0.0 3772 1992 ? S<s 04:57 0:00 /sbin/udevd -d
root 329 0.0 0.1 3708 2068 ? S< 04:57 0:00 /sbin/udevd -d
root 330 0.0 0.1 3708 2068 ? S< 04:57 0:00 /sbin/udevd -d
root 948 0.0 0.0 0 0 ? S 04:57 0:00 [flush-8:0]
root 967 0.0 0.0 6328 1432 ? Ss 04:57 0:00 /bin/bash /etc/rc.d/rc 5
root 972 9.3 0.3 43076 7872 ? Ssl 04:57 0:43 /usr/bin/opprc
root 973 0.0 0.0 1988 644 ? Ss 04:57 0:00 syslogd -m 0
root 978 0.0 0.0 1932 396 ? Ss 04:57 0:00 klogd -x
dbus 1031 0.0 0.0 11148 1164 ? Ssl 04:57 0:00 dbus-daemon --system --fork
68 1073 0.0 0.1 14196 3648 ? Ssl 04:57 0:00 hald --daemon=yes
root 1075 0.0 0.0 3720 1168 ? S 04:57 0:00 hald-runner
root 1142 0.0 0.0 3796 1004 ? S 04:57 0:00 hald-addon-input: Listening on /dev/input/event2 /dev/input/event4 /dev/input/event1 /dev/input/event0
avahi 1156 0.0 0.0 2980 1304 ? Ss 04:57 0:00 avahi-daemon: running [linux.local]
avahi 1157 0.0 0.0 2980 368 ? Ss 04:57 0:00 avahi-daemon: chroot helper
root 1170 0.0 0.0 3796 1004 ? S 04:57 0:00 hald-addon-storage: polling /dev/sr0 (every 2 sec)
68 1173 0.0 0.0 3424 752 ? S 04:57 0:00 /usr/libexec/hald-addon-acpi
root 1178 0.0 0.0 4804 720 ? Ss 04:57 0:00 /usr/bin/kdm
root 1203 1.3 1.8 58888 38620 tty2 Ss+ 04:57 0:06 /usr/bin/X -br -novtswitch -nolisten tcp :0 vt2 -auth /var/run/xauth/A:0-ji31BQ
root 1206 0.0 0.1 5564 2096 ? S 04:57 0:00 -:0
root 1222 0.9 0.2 31272 4788 ? Sl 04:57 0:04 /usr/sbin/intcheck --daemon
root 1302 0.0 0.0 11912 1400 ? Ss 04:57 0:00 nmbd -D
root 1337 0.0 0.1 18292 2124 ? Sl 04:58 0:00 /usr/sbin/console-kit-daemon --no-daemon
user 1404 0.0 0.0 6140 1248 ? Ss 04:58 0:00 /bin/sh /usr/bin/startkde
user 1421 0.0 0.0 3856 536 ? S 04:58 0:00 dbus-launch --sh-syntax --exit-with-session
user 1422 0.0 0.0 11016 876 ? Ssl 04:58 0:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
user 1519 0.0 0.0 7024 548 ? Ss 04:58 0:00 /usr/bin/ssh-agent /etc/X11/xinit/Xclients
user 1643 0.0 0.3 46412 8004 ? Ss 04:58 0:00 kdeinit Running...
user 1646 0.0 0.1 44400 3180 ? S 04:58 0:00 dcopserver [kdeinit] --nosid
user 1648 0.0 0.4 47788 8684 ? S 04:58 0:00 klauncher [kdeinit]
user 1653 0.1 0.6 49776 13508 ? S 04:58 0:00 kded [kdeinit]
user 1659 0.0 0.0 1908 240 ? S 04:58 0:00 kwrapper ksmserver
user 1661 0.0 0.4 47280 8888 ? S 04:58 0:00 ksmserver [kdeinit]
user 1665 0.0 0.6 51104 13792 ? S 04:58 0:00 kwin [kdeinit]
user 1669 0.1 0.0 4728 1692 ? Ss 04:58 0:00 /usr/bin/kompmgr
user 1670 0.3 0.1 18524 2508 ? Sl 04:58 0:01 /usr/bin/ibus-daemon --xim
root 1671 0.9 0.9 60596 18656 ? Sl 04:58 0:04 scnprc
user 1672 0.0 0.1 10684 2680 ? S 04:58 0:00 /usr/libexec/ibus-gconf
user 1674 0.0 0.8 201024 16992 ? S 04:58 0:00 python /usr/share/ibus/ui/gtk/main.py
user 1676 0.0 0.2 24496 5344 ? S 04:58 0:00 /usr/libexec/ibus-x11 --kill-daemon
user 1678 0.0 0.1 8196 2584 ? S 04:58 0:00 /usr/libexec/gconfd-2
user 1679 0.0 0.1 12816 3204 ? S 04:58 0:00 /usr/libexec/ibus-engine-hana --ibus
root 1691 0.0 0.1 6944 3456 ? Ss 04:58 0:00 /usr/sbin/restorecond
user 1699 0.4 0.8 53492 16876 ? S 04:58 0:01 kicker [kdeinit]
root 1724 0.0 0.0 0 0 ? S< 04:58 0:00 [rpciod]
root 1731 0.0 0.0 2092 324 ? Ss 04:58 0:00 rpc.idmapd
root 1749 0.2 0.0 5792 852 ? Ss 04:58 0:01 /usr/sbin/securityd
root 1760 0.0 0.1 16756 2544 ? Ss 04:58 0:00 smbd -D
root 1768 0.0 0.0 16756 912 ? S 04:58 0:00 smbd -D
root 1775 0.0 0.2 19108 4804 ? S 04:58 0:00 /usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd -a
root 1790 0.0 0.0 18492 1940 ? Ss 04:58 0:00 /usr/sbin/snmptrapd -Lsd -p /var/run/snmptrapd.pid
user 1799 0.9 0.9 72928 20468 ? S 04:58 0:04 kdesktop [kdeinit]
root 1819 0.0 0.0 10308 516 ? S<sl 04:58 0:00 auditd
user 1822 0.5 1.0 62988 22548 ? S 04:58 0:02 rsdock
root 1839 0.0 0.1 12088 2376 ? Ss 04:58 0:00 cupsd -C /etc/cups/cupsd.conf
user 2029 0.0 0.3 46544 6300 ? S 04:58 0:00 kio_file [kdeinit] file /tmp/ksocket-user/klaunchermw1pwb.slave-socket /tmp/ksocket-user/rsdockNwZgKb.slave-socket
root 2034 0.0 0.0 4188 564 ? Ss 04:58 0:00 /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient-eth0.leases -pf /var/run/dhclient-eth0.pid eth0
root 2106 0.0 0.0 6328 1252 ? S 04:58 0:00 /bin/sh /etc/rc5.d/S06battery start
root 2107 0.0 0.0 6192 992 ? S 04:58 0:00 /bin/bash -c ulimit -S -c 0 >/dev/null 2>&1 ; /usr/bin/battery_monitor
root 2108 0.0 0.5 45800 12052 ? S 04:58 0:00 /usr/bin/battery_monitor
user 2111 0.0 0.5 52644 11164 ? S 04:58 0:00 knotify [kdeinit]
user 2117 0.1 0.2 15080 5628 ? S 04:58 0:00 /usr/bin/artsd -F 10 -S 4096 -a alsa -s 60 -m artsmessage -c drkonqi -l 3 -f
user 2135 0.0 0.5 49708 11760 ? S 04:58 0:00 kmix [kdeinit] -caption KMix -icon kmix -miniicon kmix
user 2138 0.0 0.5 50144 10588 ? S 04:58 0:00 esavermanager
user 2143 0.0 0.5 46112 11496 ? S 04:58 0:00 kcontroltray
user 2145 0.0 0.7 49828 15020 ? S 04:58 0:00 chkutil_client
user 2146 0.1 0.6 37492 14288 ? S 04:58 0:00 /Applications/APM_Manager.app/Contents/RedStar/apm_manager
user 2152 0.0 0.5 65220 10436 ? S 04:58 0:00 klipper [kdeinit]
user 2190 0.0 0.8 50648 17208 ? S 04:58 0:00 rssidebardaemon
user 2212 0.0 0.4 42360 9040 ? Sl 04:58 0:00 intcheck_kde
user 2233 0.0 0.7 61912 14544 ? S 04:58 0:00 /Applications/kCal.app/Contents/RedStar/kcald --miniicon kcal
user 2372 0.0 0.5 49436 12176 ? S 04:58 0:00 kio_uiserver [kdeinit]
user 2392 1.9 0.8 69824 17084 ? S 04:58 0:08 konsole [kdeinit] --inputstyle overthespot
user 2418 0.0 0.0 6196 1440 pts/0 Ss 04:58 0:00 /bin/bash
root 2472 0.0 0.0 7092 1896 pts/0 S 04:58 0:00 su
root 2499 0.0 0.0 6196 1484 pts/0 S 04:58 0:00 bash
The system is absolutely network-silent except when you actively do something that requires network access, like using the browser. It does not call the mothership, not for updates, not for telemetry, not to let Kim Jong Un know the status of your internal organs. Spoiler, he doesn’t give a fuck about your hentai porn. You’re not trusting me? Well, you should, because if you listened and installed the OS inside a VM, you can now mitm/firewall the external connections and notice the absolute silence.
# uname -a
Linux user-C 2.6.38.8-24.rs3.0.i686 #1 SMP Fri Mar 22 09:35:36 KST 2013 i686 i6
There is Python 2.6, Perl 5.10.1, gcc 4.4.9 and many more goodies.
The OS looks pretty damn polished (and stable) to be honest and doesn’t appear to steal your organs (at least not yet in my case, maybe I just got added to a list and when an organ is needed, the doorbell will ring? Who knows, I’ll let you know if that’s the case.)
It does have some components that prevent the normal user from editing/deleting various protected files (securityd, scnprc and opprc). We call it “oppression” if we’re speaking of DPRK and “defending your privacy and security” if we’re speaking of Apple. Two sides of the same coin, I guess, depends on which side you’re on.
If you want to disable the security, check this out.
I love how Red Star OS mimics macOS .app bundle format for the applications. Executabiles are in the Contents/RedStar directory (similar to Contents/MacOS on … macOS). /System/Library is a symlink to /usr/share.
Applications
Most of the applications are forks of the original KDE apps.
