32C3: Inside Glorious Leader’s Operating System

North Korea is a surveillance state propped up by a totalitarian government infamous for human rights abuses and a huge military that serves the elite while the poor are left to fight over scraps. Coincidently, that’s exactly what North Korea says about the United States.

There is one significant difference between the two countries: North Korea has developed its own operating system for its citizens, called Red Star OS. It’s an operating system based on Linux, but that has a few interesting features that allow Glorious Leader to take care of his citizens. A deep teardown of what has gone into the development of Red Star OS hasn’t been available until now, with [Florian Grunow] and [Niklaus Schiess]’s talk at the Chaos Communication Congress this week.

Kim Jong-Un with an iMac
Kim Jong-Un with an iMac

The first question anyone must ask when confronted with an operating system built by a country that doesn’t have much electricity is, “why?” This question can only be answered philosophically; the late Kim Jong-Il stressed the importance of North Korea developing “their own style” of programming, and not relying on western operating systems. Nearly everything in Red Star has been modified, with a custom browser called Naenara, a crypto tool, a clone of Open Office, a software manager, and a custom music composition tool. Red Star also had to have the look and feel of OS X; that is, after all, what Glorious Leader uses.

Red Star goes much deeper than custom browsers and a desktop theme. There are other, subtler components inside the OS. There is a program that verifies the integrity of the system by checking signatures of the custom files against a database. If a file has been tampered with, the system reboots. Since this tamper check runs on bootup, Red Star makes it nearly impossible to modify files for study. This is one of the big features designed into Red Star – system integrity is paramount.

There are other custom bits of software that hide files from the user even if they have root, and a ‘virus scanner’ that is anything but. This virus scanner checks documents for patterns that, when put through Google Translate, are strange, weird, and somewhat understandable. Phrases like, “punishment”, “hungry”, and “strike with fists” are detected in all documents, and depending on what the developers decide, these documents can be deleted on a whim.

While scanning a system for documents that contain non-approved speech is abhorrent enough, there’s another feature that would make any privacy advocate weep. Media files including DOCX, JPG, PNG, and AVI files are watermarked by every computer that opened the files. This allows anyone to track the origin of a file, with the obvious consequences to free speech that entails.

While most people in the US consider North Korea to be a technological backwater and oppressive regime, the features that make Red Star OS useful to the DPRK are impressive. The developers touched nearly everything in Red Star, and the features inside it are rather clever and make their style of surveillance very useful. They’re also doing this without any apparent backdoors or other spycraft; they’re putting all their surveillance out in the open for all to see, which is, perhaps, the best way to go about it.

46 thoughts on “32C3: Inside Glorious Leader’s Operating System

  1. It’s what the US says about every country not part of NATO and anyone who criticizes their brand of capitalism..

    People had already did RE on this OS before this conference and concluded it was cloneware with a lot of control processes.

    1. The US may have our issues with privacy, and they are serious, but NK literally rounds people up and throws them into death camps on a whim. Like the US or not, we have it a LOT better than them.

  2. One could probably do an entire talk just on web scraping media files for evidence of North Korean viewers and the privacy implications that creates. It’s like a Youtube analytics blockchain embedded in every file that crosses the North Korean border… Neat! Maltego should do something with this.

  3. [Insert Country] is a surveillance state propped up by a totalitarian government infamous for human rights abuses and a huge military that serves the elite while the poor are left to fight over scraps.

    Elite gonna elite, after all.

    1. +1 to that, do we conclude the NSA et all, are not looking at this with envious eyes? “I spy, you spy, they spy, we all spy”, a phrase from the cold war perhaps, but just as true today.

      But a more interesting question is, who do all regimes, without exception spy for? Not the man in the street obviously. Not for the interest of Joe Soap, going about his business, he has no need for this kind of information.

      We all spy for our masters. In every case the people who make use of the results of surveillance are the elite. They have power, they use it to get more power.

    1. nor we have strong activism. But apparently we have nice things. From what I’ve heard things like a government system (developed by a private company) that tries to make citizens list all their purchases, we just started banning domains that share pirated links, and also a while ago it has become ilegal to access websites that contain pro ISIS material. So everything seems to be on the right path to state surveilance and censorship.

  4. If we had to measure the respect of country leaders for their citizens by the way police can abuse/kill unarmed people and get away with it, I’m sure only a small bunch of north EU countries would get less negative ratings.

    Probably also because they don’t recycle war veterans with PTSD into police forces.

  5. I like that part about system integrity scans. In the times of Windows 98 I had to deal with many viruses that added themselves to system .exes and .dlls. Since Win XP we have this neat tool, SFC (System File Checker), which checks, if any system files are damaged by comparing them with secure repository (or something). Does Linux have something like that? Unfortunately SFC sometimes doesn’t work, and on one occasion broke my system…

    1. I was having trouble with intermittent power and consequently corrupted filesystems but I looked into running a linux system as a torrent file, so anything that would get corrupted would be repaired. it seems the btrfs filesystem offers that ability.

        1. No, I never coded anything as I lack the skill, but as I said btrfs is the way to go, it can repair any damage done although it lacks the ability to reinstall from the net. The learning curve on btrfs is too steep for me however. I did try it out on a spare hard disk but c’est la vie.

    1. Ugg… I don’t think I’d want my IP to hit their servers.

      Or maybe there is an IP redirect that goes to a different download that uber-infects your machine… or turns your computer into a node on a N.Korean botnet.

      Conspiracy theories are fun!! ;)

  6. About that watermarking: Did anybody do a bit level comparison of files that went through windows10? Because we all know windows10 is pretty full of tracking crap and I hadn’t thought of that one yet.

    And windows has a lot of that ‘prevent users fixing things technology’ too btw. And forced updates. And microsoft is embracing that ‘signed’ boot stuff to prevent ‘unauthorized’ OS’s running and a ton more of the stuff the north koreans would have a tough time thinking up themselves.
    And I don’t even want to ask what OSX these days does to wall in its users.

    So I”m not sure I’d call the NK experience all that different.
    And CCC will on request also tell you about what the german cops are pulling, and what they are allowed to do, including installing malware on your system.
    And of course it has been shown that a great many anti-virus software makers happily help ‘security forces’ to keep a tap on everything. Which is ideal since anti-virus software is suppose to check every file, so it seems all legit.

    1. Your comment is really interesting – did you have som links to get more informed about:
      * Watermarking in Windows 10
      * german cop rights
      * help of security forces by anti-virus software makers
      Sure every one heard something from someone included me but i liked more the hard facts included some links for details.
      best regards,

      1. I can help you out at least with info to the Surveillance in Germany:


        Read it like this:
        They put a backdoor on your computer, and the infos they get from it are _valid_evidence_ for Curt decisions

        For me it looks like if you where not just average bob doing nothing, it “might” be filth, but no big problem for you.
        But what if you are some top notch guy in the opposition and they just decide to: Infect his computer, put some CP on it and sue him for the files you “found” on his computer… …there where a case like that a while ago here in Germany and most people wondered if he was truly a perv or just was recalcitrant enough to get “shoot out of his position” by that… …nobody will ever know…

        best regards

      2. I hear about that german thing from german sites, in german, so that might be an issue for people only speaking english, but all tech sites and news sites cover it, like der spiegel and such.And the same extended allowances are also on the table or already approved in various EU countries like the UK and netherlands and france and belgium (and poland I hear here), take your pick, so any of those countries have articles on news sites in their respective tech and privacy/rights sections
        As for the virus killer thing, that info was obtained by the anonymous group gathering documents and releasing them and then other leaks and insiders basically confirming it in various reports. Info on that kind of thing can be found on wikileaks and the big news sites, specifically ones that carry wikileaks stories.

        And as for that watermarking, that was a question I asked, if anybody ever checked if W10 is doing such a thing, because we know from many sources including MS admitting it that they really increased their ‘euphemistically called ‘user feedback’ program and are doing rather unwholesome things in tracking people and their activities, claiming you can opt out (although people looking at these things noticed the opt-out is not quite complete, and not always all that centralized), but anyway it makes me wonder after seeing this NK watermarking thing if we can be sure we are free from that.
        After all we all know for instance for years already that color laser printers print an encoded yellow dot pattern on each print, and that companies making laser printers were found to be all too happy to use that supposedly anti-counterfeit measure to help the cops trace letters sent to government officials from people. Meaning a precedent has been set, including ‘mission creep’ beyond its (supposed) intended use. so the only way to know if that kind of nonsense doesn’t show up in operating systems is by someone testing it on a regular basis. Assuming companies like MS would not do that doesn’t really seem the way to go in this day and age. And of course you dont’ need to embed it in the image data itself, most image and video formats have various kinds of embedded data blocks, and filesystems themselves have additional metadata blocks too into which you can put all kinds of identifiers, and the various viewers that show metadata like EXIF clearly don’t cover it all, which you can see if you check some media files with hex editors.

    2. At least it’s less invasive than TSA on american airports.
      In case of Microsoft everything is in EULAs. Did you read them? No? Then go and watch “HumancentiPad” episode of south Park.
      Just now polish government is passing a law that grands every police officer an unlimited and uncontrolled access to personal information on every citizen, including call history and bank account history. AFAIK they won’t need permission of judge for any form of active surveillance. One just needs to be suspected of something, anything.
      And the best part is that the people who are doing this 25-35 year ago were fighting (in the name of freedom) against Polish People’s Republic government who used similar methods against them…

      1. The EU court however already ruled a few times that such things are not allowed because of the EU human rights. Including the mass collection of data. And yet every euro country is making even more extreme laws than those deemed illegal already. And I’m talking about germany doing it, and the netherlands, and the UK and belgium and france and now you say poland, seems they all happily ignore the law and happily make new laws that they know are in violation on the EU human rights rules.

        And here we are complaining about far away countries like north korea and china and whatnot.

        1. Those governments will tell EU to boink off, because they are doing what is necessary for security. And they will tell people that it’s necessary to loose some freedom in exchange for increased protection from terrorists, pedophiles and other criminals. And most of those people will think that trading freedom they have for a chance of increased protection from terrorism (which might not be achieved at all) because most of those people never lived in a state, where basic freedoms are restricted, human rights are ignored and every citizen is suspected. How many Germans remember Stasi? And western countries never had this experience of police state, like eastern ones left in tender care of Stalin and Soviet Union. Those people, who would not mind trading freedom for security should ask, whose freedom is sold and whose security is bought.
          And just everyone should read “A World Apart: The Journal of a Gulag Survivor” by Gustaw Herling-Grudziński and “The Gulag Archipelago” by Aleksandr Solzhenitsyn. Just to know, how police state looks like, and what can happen when someone gets the idea that no freedom = maximum security.

          1. The only thing we have going for us is that few people want to be cops and those that do want to be cops want nothing more than do the least amount of actual work as possible.

          2. Actually britain isn’t using pedophiles or terrorists or criminals as excuse, but claim it will protect you from the worst horror modern man can face (apparently): bullies.

            No joke.

            And to protect you from said bullies they are willing to bully every damn internet user in the UK.

      2. “And the best part is that the people who are doing this 25-35 year ago were fighting (in the name of freedom) against Polish People’s Republic government who used similar methods against them…”
        HA HA HA HA HA HA, Yours sincerely, a Russian

      3. I don’t use windows10, so I can’t say from personal experience what is in its EULA.
        I can tell you though that I often do read EULA’s to find out what trap lies within the software, because that’s a thing you can at least learn from reading them. Although you have to read between the lines of course, and have to look up on their site what they mean with terms like ‘non-identifiable’, (which actually means ‘completely identifiable’ as it turns out)

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.