Red Star kernel.

Over the long weekend, I downloaded a copy of Red Star Linux, the official operating system of North Korea.
Because license violations seem to be part of the Juche idea, there’s no known source code online, so proper analysis of what goes into it is difficult.

The rpm headers alone reveal quite a lot of interesting information though.
It seems that Red Star is forked from a version of Fedora somewhere around the Fedora 10 or 11 timeframe.

Here’s the changelog embedded in the kernel rpm..

* Fri Mar 27 14:00:00 2009 Jong Song Jin
- patched linux-2.6.25-drivers-video.patch(for video capture saa7134 onboard driver)

* Mon Mar 16 14:00:00 2009 An Jin
- change machanism for pci device information.

* Thu Feb 19 13:00:00 2009 Kim Yong Gwang
- change system halt to poweroff for x86 architecture

* Wed Jan 7 13:00:00 2009 Kim Jong Chol
- fixed the 8250 serial driver for modem.

* Fri Nov 28 13:00:00 2008 Kim Se Hyok
- apply tuxonice hibernate patch for Software Suspend 2

* Mon Nov 10 13:00:00 2008 Kim Chol Guk
- apply jipsam algorithm

* Mon Nov 10 13:00:00 2008 Kim Yong Gwang
- change 16 from 8 max count of the loop device

* Sat Aug 2 14:00:00 2008 Kim Yong Gwang
- implement the usb filtering through user authentification

* Wed Jul 23 14:00:00 2008 Kim Chol Guk
- Implement koreanize
- sata harddriver
- apply bootsplash

* Wed Apr 30 14:00:00 2008 Dave Airlie 2.6.25-14
- fix radeon fast-user-switch oops + i915 breadcrumb oops

Some interesting things here.
– All changelog timestamps are on the hour. Suggesting they’ve been sanitised, or generated from another source. All 374 changelog entries had been munged in this way, including the ones from the original Fedora release.
– No email addresses for the changelog entries (no surprise)
– The actual changelogs are quite cryptic. “change machanism for pci device information.” why?
– ‘fixed the 8250 serial driver for modem.’ wtf ?
– They decided tuxonice is the way forward for hibernation. Perhaps it works better on dear leaders laptop.
– ‘apply jipsam algorithm’. This is a crypto module that isn’t in mainline (and apparently doesn’t exist outside North Korea). I bet it’s good though. No backdoor master keys or anything similar.
– ‘implement the usb filtering through user authentification’.
What does that even mean ?

Browsing through the rest of the distribution, a lot of packages are renamed. OpenOffice became UriOffice. Gimp became ImageProcessor. Wine became CrossWin2.0.

It also comes with AntiVirus 2.0. Which comes with a rtscan.ko kernel module, which judging by the symbols it uses, does some magic with jprobes to hook various functions for on-open scanning.

Another curious thing, is that throughout the distro whenever you do see an email address or hostname, it has a .kp TLD, that never seem to resolve. I’m assuming that the DNS servers in North Korea show different results if you’re in North Korea or not.