This repository includes several binaries from and tools for Red Star OS. These can be used for further research work.
The easiest way is to run the defuse.sh
script on Red Star OS 3.0 Desktop (requires root privileges), make sure it's executable by running chmod u+x defuse.sh
.
Get root privileges via /usr/sbin/rootsetting
Disable SELinux
SELinux protects several files an directories (e.g. /var/log). It should be disabled in order to make changes to some parts of the system.
setenforce 0
In order to keep SELinux disabled after rebooting, append selinux=0
to the kernel line in the GRUB config file (/boot/grub/grub.conf).
Kill securityd
Killing securityd
will prevent the system from rebooting when editing/deleting various protected files.
killall -9 securityd
Disable rtscan
kernel module
Either via resctl.py
(see rtscan
) or via a Python shell as follows:
[root@localhost ~]# python
Python 2.6 (r26:66714, Oct 7 2012, 13:39:47)
[GCC 4.4.0 20090506 (Red Hat 4.4.0-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import fcntl
>>> fcntl.ioctl(open('/dev/res', 'wb'), 29187)
0
After disabling rtscan
protected processes like opprc
will become killable.
Kill scnprc
and opprc
killall scnprc
killall opprc
Replace /usr/lib/libos.so.0.0.0
See libos
for further information. Replacing this file will prevent the system from rebooting via securityd
after rebooting the system. It also will prevent reboot loops by kdm
rendering the system unusable.
Delete /usr/share/autostart/scnprc.desktop
Deleting this file will prevent kdeinit
from starting the framework after a system reboot.
Delete /etc/init/ctguard.conf
Deleting this file will prevent init
from starting opprc
even when scnprc
is not running.
Reboot the system
The default installation of Red Star OS 3.0 Desktop does not include GCC but the ISO includes the required packages.
/media/RedStar\ Desktop\ 3.0/RedStar/RPMS
Install the following packages:
yum localinstall glibc-headers-2.10.1-2.i386.rpm
yum localinstall glibc-devel-2.10.1-2.i386.rpm
yum localinstall ncurses-devel-5.6-0.rs3.0.i386.rpm
yum localinstall gcc-4.4.0-4.i386.rpm
Now it is possible to build a recent (e.g. the latest) version of GDB for better debugging.
The default installation of Red Star OS 3.0 Desktop does not allow to debug threads with the shipped version of GDB in e.g. scnprc
and opprc
because the required libpthread.so.0
library is stripped.
Use the libpthread-2.10.1.so
/libpthread.so.0
and libthread_db-1.0.so
/libthread_db.so.1
libraries from the glibc-2.10.1-2.i686.rpm
package of Fedora 11.
All of the information is based on research dedicated to analyzing Red Star OS. The authors take no responsibility for the accuracy, completeness or quality of the information provided.