# Tools for Red Star OS (붉은별)

This repository includes several binaries from and tools for Red Star OS. These can be used for further research work.

## Disable malicious components

1. Get root privileges via `/usr/sbin/rootsetting`
2. Disable SELinux

    SELinux protects several files an directories (e.g. /var/log). It should be disabled in order to make changes to some parts of the system.

        setenforce 0

    In order to keep SELinux disabled after rebooting, append `selinux=0` to the kernel line in the GRUB config file (/boot/grub/grub.conf).

3. Kill `securityd`

    Killing `securityd` will prevent the system from rebooting when editing/deleting various protected files.

        killall -9 securityd

4. Disable `rtscan` kernel module

    Either via `resctl.py` (see `rtscan`) or via a Python shell as follows:

        [root@localhost ~]# python
        Python 2.6 (r26:66714, Oct  7 2012, 13:39:47)
        [GCC 4.4.0 20090506 (Red Hat 4.4.0-4)] on linux2
        Type "help", "copyright", "credits" or "license" for more information.
        >>> import fcntl
        >>> fcntl.ioctl(open('/dev/res', 'wb'), 29187)
        0

    After disabling `rtscan` protected processes like `opprc` will become killable.

5. Kill `scnprc` and `opprc`

        killall scnprc
        killall opprc

6. Replace `/usr/lib/libos.so.0.0.0`

    See `libos` for further information. Replacing this file will prevent the system from rebooting via `securityd` after rebooting the system. It also will prevent reboot loops by `kdm` rendering the system unusable.

7. Delete `/usr/share/autostart/scnprc.desktop`

    Deleting this file will prevent `kdeinit` from starting the framework after a system reboot.

8. Reboot the system

## Disclaimer

All of the information is based on research dedicated to analyzing Red Star OS. The authors take no responsibility for the accuracy, completeness or quality of the information provided.