Skip to content

takeshixx/redstar-tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
bin
bin
 
 
crypto
crypto
 
 
libos
libos
 
 
patterns
patterns
 
 
rtscan
rtscan
 
 
screenshots
screenshots
 
 
watermarked
watermarked
 
 
README.md
README.md
 
 
RedStar_OS_32c3.pdf
RedStar_OS_32c3.pdf
 
 
defuse.sh
defuse.sh
 
 

Repository files navigation

Tools for Red Star OS (붉은별)

This repository includes several binaries from and tools for Red Star OS. These can be used for further research work.

Disable malicious components

The easiest way is to run the defuse.sh script on Red Star OS 3.0 Desktop (requires root privileges), make sure it's executable by running chmod u+x defuse.sh.

Manual steps

  1. Get root privileges via /usr/sbin/rootsetting

  2. Disable SELinux

    SELinux protects several files an directories (e.g. /var/log). It should be disabled in order to make changes to some parts of the system.

     setenforce 0

    In order to keep SELinux disabled after rebooting, append selinux=0 to the kernel line in the GRUB config file (/boot/grub/grub.conf).

  3. Kill securityd

    Killing securityd will prevent the system from rebooting when editing/deleting various protected files.

     killall -9 securityd

  4. Disable rtscan kernel module

    Either via resctl.py (see rtscan) or via a Python shell as follows:

     [root@localhost ~]# python
 Python 2.6 (r26:66714, Oct  7 2012, 13:39:47)
 [GCC 4.4.0 20090506 (Red Hat 4.4.0-4)] on linux2
 Type "help", "copyright", "credits" or "license" for more information.
 >>> import fcntl
 >>> fcntl.ioctl(open('/dev/res', 'wb'), 29187)
 0

    After disabling rtscan protected processes like opprc will become killable.

  5. Kill scnprc and opprc

     killall scnprc
 killall opprc

  6. Replace /usr/lib/libos.so.0.0.0

    See libos for further information. Replacing this file will prevent the system from rebooting via securityd after rebooting the system. It also will prevent reboot loops by kdm rendering the system unusable.

  7. Delete /usr/share/autostart/scnprc.desktop

    Deleting this file will prevent kdeinit from starting the framework after a system reboot.

  8. Delete /etc/init/ctguard.conf

    Deleting this file will prevent init from starting opprc even when scnprc is not running.

  9. Reboot the system

Debugging

Prepare building environment

The default installation of Red Star OS 3.0 Desktop does not include GCC but the ISO includes the required packages.

  1. Insert the Red Star OS ISO into the system

  2. Go to /media/RedStar\ Desktop\ 3.0/RedStar/RPMS

  3. Install the following packages:

     yum localinstall glibc-headers-2.10.1-2.i386.rpm
 yum localinstall glibc-devel-2.10.1-2.i386.rpm
 yum localinstall ncurses-devel-5.6-0.rs3.0.i386.rpm
 yum localinstall gcc-4.4.0-4.i386.rpm

Now it is possible to build a recent (e.g. the latest) version of GDB for better debugging.

Install non-stripped threading libraries

The default installation of Red Star OS 3.0 Desktop does not allow to debug threads with the shipped version of GDB in e.g. scnprc and opprc because the required libpthread.so.0 library is stripped.

Use the libpthread-2.10.1.so/libpthread.so.0 and libthread_db-1.0.so/libthread_db.so.1 libraries from the glibc-2.10.1-2.i686.rpm package of Fedora 11.

Disclaimer

All of the information is based on research dedicated to analyzing Red Star OS. The authors take no responsibility for the accuracy, completeness or quality of the information provided.

About

Tools for Red Star OS (붉은별)

Topics

dprk redstar

Resources

Readme
Activity

Stars

396 stars

Watchers

20 watching

Forks

35 forks
Report repository

Contributors 3

  •  
  •  
  •  

Languages