Taking the Open out of Open Source.
So, Version 3.0 of North Korea’s own Redstar Linux distribution got uploaded to thepiratebay (and posted on Reddit) today so I decided to a take a look at the Linux experience inside the Glorious Leader’s paradise.
It starts with two files:
[david@psyclone Red Star OS 3.0 Server]$ ls -l
-rw-r—r— 1 david david 37853184 Jun 2 10:25 boot.iso
-rw-r—r— 1 david david 856113152 Jun 2 10:26 rss3_32_key_gui_20131212.iso
For some reason they decided you need a boot disk to start the installation. It feels a bit like playing pirated games on the Dreamcast, but fair enough.  Apparantly the boot.iso image is to avoid the serial check. This really is like piracy on the Dreamcast!. Anyway, let’s install!
The first thing you are treated with is a prompt for CD-key:
Definitely the first time I see CD-keys used for Linux. But it doesn’t matter, you can enter anything (or even leave it empty) as the CD-Key check is removed by the boot.iso crack.
After that you’re asked to configure the network:
IPv6 support! North Korea is definitely ready for the future.
When the network is done configuring you get this popup asking you to insert the next CD:
And this is where the installation starts getting a bit tricky due to the language barrier:
However I noticed that the input was changed to asterisks, so this must be the root password:
It believe it needs to have 1 upper case and 1 numeral to be accepted.
Time to configure disk layout. Luckily it’s already setup, I can’t imagine doing this from scratch without understanding the menu. Finding the right menu entry to get to the next step is hard enough.
Accidently printed layout details while trying to navigate to the next step. Seems like it’s setup with LVM.
After accidently deleting the disk layout and having to restart the installer a few times, I think I found the right menu choice:
Now you get a choice of desktop environment. KDE/QT3/QT4 apparantly. I’m not sure what the QT options would leave me with, but let’s go with KDE:
Followed by an automatic reboot into the installed system. Quite smooth I must say!
Boot splash screen. I’m already in love with this distribution.
Only a root account is created by default. Not very good Linux practice.
Because they’re using the Anaconda installer, we have this log:
Here we find out Redstar Linux is a fork of RHEL6 or one of it’s derivatives, like CentOS. Also notice the Asia/Pyongyang timezone.
Here I confirm I’m running Redstar 3.0 (release 1?)
Kernel version 2.6.32 with patches up until 2013/05.
Which means OpenSSL is vulnerable to Heartbleed! OpenSSL version actually predates Heartbeat extensions, so not vulnerable!
Even though we’re running a Redhat fork, they don’t seem to be using yum:
 I reinstalled the OS with all optional dependencies. Yum is apparantly one of them. It’s configured against the CentOS repositories.
There’s an interesting Input Pad in the toolbox up in the right corner of the desktop.
Default set is “noble names”. Because the only reason you would want to use a computer is to write about how much you love the royal family.
 Here’s a translation of the symbols from Reddit user Leujo :
I can read Korean. If you’re curious the “Noble Names” font’s top line reads:
Kim Il Sung Kim Jong Il Kim Jong Eun
We have a browser as well:
Seems to be a fork of Firefox:
Default IPTables rules:
Accepts inbound SSH by default.
However there’s no SSH daemon running:
Or even installed:
Remote administration hasn’t quite catched on in North Korea.
There also doesn’t seem to be any Office suite installed due to this being the Server version of the OS. All we have is this basic text editor (Gedit):
And a PDF reader is included too:
I think it’s Evince.
Desktop background is very boring. Let’s see what else we have to choose between.
A few generic Leader approved backgrounds, and of course some lovely DPRK style logos.
I especially love this one:
Why does the earth have rings? Because space.
I got some requests for all the wallpapers from the distribution. Here they are!
As for the question on whether there are any backdoors… A nmap scan shows not a single port reachable from the outside:
[david@psyclone ~]$ nmap -p1-65535 192.168.10.125
Starting Nmap 6.46 ( http://nmap.org ) at 2014-06-03 13:08 CEST
Nmap scan report for 192.168.10.125
Host is up (0.0037s latency).
All 65535 scanned ports on 192.168.10.125 are closed
Nmap done: 1 IP address (1 host up) scanned in 1.01 seconds
However this doesn’t eliminate the possibility of hidden backdoors using port knocking, etc.
I also left Wireshark capturing the VirtualBox interface on the outside (so Redstar couldn’t hide any packets) and it didn’t see any suspicious activity. The only traffic going back and forth is this:
6821 325.120671000 192.168.10.125 184.108.40.206 HTTP 131 GET /mgetmetar.php?cccc=KBOS HTTP/1.1 HOST weather.noaa.gov
I.e. this URL: http://weather.noaa.gov/mgetmetar.php?cccc=KBOS
So for some reason Red Star Linux is pulling weather data for the KBOS station, which is located in Boston :
MA BOSTON KBOS BOS 72509 42 22N 071 01W 6 X U A 0 USAnd gets this data returned:
KBOS 031054Z 15005KT 10SM FEW180 16/12 A2999 RMK AO2 SLP156 T01610117
A closer look at netstat shows us the connection, too:
And to see which process the connection belongs to, we do this:
In other words, this is just the Gnome clock doing some default weather checking stuff.
Anyway, this concludes my brief view of DPRK’s Redstar Linux. Redstar Linux is best Linux. I hope you enjoyed it too.
Praise the Great Leader!