0:00:00.000,0:00:14.760
34c3 preroll
0:00:14.760,0:00:20.360
Herald: The Democratic People's Republic[br]of Korea—or, as most of you know it,
0:00:20.360,0:00:25.269
North Korea, is a topic which is[br]already following us at congress
0:00:25.269,0:00:31.450
for four years. It all started[br]in 31c3 with Will Scott,
0:00:31.450,0:00:37.030
one of our speakers today, giving a[br]talk about teaching computer science in
0:00:37.030,0:00:45.120
North Korea. The topic was then gone on by[br]Florian Grunow and Niklaus Schiess, who
0:00:45.120,0:00:52.210
talked about the Red Star OS and also the[br]tablet PC called Woolim. Today, we will
0:00:52.210,0:00:56.940
hear the next episode—we will hear about[br]consumer electronics in North Korea. We
0:00:56.940,0:01:02.100
will take a peek behind the curtain, learn[br]about the Internet, and the current market
0:01:02.100,0:01:09.280
situation there. Our speakers today[br]are Will Scott, a security postdoc, as
0:01:09.280,0:01:16.030
well as his friend Gabe Edwards, security[br]consultant, and they will give us a peek
0:01:16.030,0:01:22.710
behind the curtain. So, please, welcome[br]Will and Gabe with a big round of applause,
0:01:22.710,0:01:32.429
thank you for being here already.[br][Applause]
0:01:32.429,0:01:39.890
Will: Thank you, great. So just just to[br]put this in perspective, right, one of the
0:01:39.890,0:01:45.479
disclaimers is that the words that get[br]used, especially on this topic often have
0:01:45.479,0:01:52.460
a lot of meaning. There there is a reason[br]of that we'll be calling this DPRK or
0:01:52.460,0:01:56.170
Korea throughout. That's often the words[br]you'll hear of people who are dealing with
0:01:56.170,0:01:59.979
engagement with the country. North Korea[br]is a term that the country does not call
0:01:59.979,0:02:06.119
itself, but rather is what typically more[br]adversarial countries use to talk about it
0:02:06.119,0:02:12.080
as an occupying presence. So that that[br]language is is this weird quirk that
0:02:12.080,0:02:18.320
exists here. So yeah, we're going to talk[br]some about what consumer technology looks
0:02:18.320,0:02:22.660
like and how it's evolving and what's[br]going on there. I think we're pretty
0:02:22.660,0:02:30.630
excited about this. I want to start by by[br]setting a little bit of context. This is
0:02:30.630,0:02:35.570
the science of technology complex that[br]opened in 2015. It's in an island in a
0:02:35.570,0:02:40.390
river to the south side of Pyongyang, it's[br]still in the main city. There was a pretty
0:02:40.390,0:02:44.490
major construction project; it went on for[br]about a year before they opened this. In
0:02:44.490,0:02:48.110
the lobby they've got this nice[br]diorama of what the building looks like.
0:02:48.110,0:02:52.570
It actually … this is the rest of the[br]lobby—it looks pretty modern.
0:02:52.570,0:02:56.870
They have this sort of plain pastel[br]scheme that you actually see a lot in in
0:02:56.870,0:03:02.870
modern architectural construction there.[br]So so if you go into the new water park or
0:03:02.870,0:03:06.700
the boat restaurant that they've opened in[br]the last couple of years you see the same
0:03:06.700,0:03:14.150
design styling. This building is part[br]Science Museum—it has a bunch of sort of
0:03:14.150,0:03:20.510
interactive exploratory exhibits that you[br]might have a class of children come
0:03:20.510,0:03:26.930
through to learn. It also has lecture[br]halls, and it also has a library. And and
0:03:26.930,0:03:31.010
when you look at parts of it are that are[br]the library you see a ton of computers.
0:03:31.010,0:03:36.790
Right, this this is a … technically … there,[br]there is technology here. And and the
0:03:36.790,0:03:40.720
thing that is really, I think, fascinating[br]and revealing about where we are in terms
0:03:40.720,0:03:44.350
of our understanding of this country is[br]you look at these computers and yet again
0:03:44.350,0:03:49.900
we see this thing that doesn't look[br]familiar. This isn't Red Star, it's not
0:03:49.900,0:03:53.170
quite anything that looks like the tablets[br]we've seen. That's that's a desktop
0:03:53.170,0:04:00.840
monitor. And it's not Windows or Mac. It's[br]yet again something new. And in fact,
0:04:00.840,0:04:06.150
playing with this, you find that it's[br]Android that's that's been put in this
0:04:06.150,0:04:11.500
custom bezel. It has a keyboard and mouse,[br]but it's got an Android taskbar at the top
0:04:11.500,0:04:16.820
to let you know what apps are there and[br]it's yet another … they have special cased
0:04:16.820,0:04:23.140
and customized a distribution that works[br]for this purpose. And I think we … for
0:04:23.140,0:04:28.980
each one of these that maybe we have seen,[br]there's there's many more that we haven't.
0:04:28.980,0:04:37.590
So, I want to just get us up to speed on[br]what we do know, to start with. We've seen
0:04:37.590,0:04:43.090
Red Star—this is version 3, it came out[br]three years ago that we learned about Red
0:04:43.090,0:04:47.001
Star version 3; this this thing that sort[br]of Mac-like. There's actually been a
0:04:47.001,0:04:50.030
couple other versions that have ended up[br]on the Internet that we know stuff about.
0:04:50.030,0:04:54.690
And we we have at some level a better[br]picture of what the desktop technology
0:04:54.690,0:04:59.560
looks like. We've seen version 2.5 which[br]looks somewhat Windows like. There's been
0:04:59.560,0:05:04.250
a release of the server version that runs[br]some of the web servers from the country.
0:05:04.710,0:05:10.180
And then two years ago, Florian and[br]Niklaus' talk—they actually went in and
0:05:10.180,0:05:13.750
did a bunch of analysis of it, along[br]with on the Internet there's been
0:05:13.750,0:05:18.320
blog posts of other people who've posted[br]CVEs of various bugs that they found in
0:05:18.320,0:05:22.540
this, figured out how to make it run on[br]the external Internet by changing firewall
0:05:22.540,0:05:26.540
rules, and really just like learning a lot[br]about both the environment that this thing
0:05:26.540,0:05:32.310
was working in and the properties of it.[br]We have a bit less on the mobile side - so
0:05:32.310,0:05:37.030
this is what a store in in Korea in[br]Pyongyang sort of looks like: those are
0:05:37.030,0:05:43.560
laptops on the left, tablets and phones on[br]the right for sale. We got a talk last
0:05:43.560,0:05:49.090
year, again from Niklaus and Florian, about[br]the Woolim tablet. I think that's actually
0:05:50.440,0:05:56.420
maybe on the second row in this picture.[br]And and we got a sense of some of the
0:05:56.420,0:06:02.460
information controls there in particular,[br]right. So what they talked about was how
0:06:02.460,0:06:07.520
this thing prevents some types of file[br]copies and transferring, and some of the
0:06:07.520,0:06:12.540
sort of surveillance things that are built[br]into it. But again, we didn't get too much
0:06:12.540,0:06:17.810
in terms of hardware to bite our teeth[br]into. Finally, there's this like next
0:06:17.810,0:06:23.930
layer up—the software ecosystem. This is[br]an app store, again in Korea. You go to a
0:06:23.930,0:06:27.790
place and they have nice … this is this is[br]a nice one where they've got pictures so I
0:06:27.790,0:06:33.550
can see which games it is that are for[br]sale that they'll then plug this in my
0:06:33.550,0:06:41.280
device into a computer and transfer apps[br]onto the device. And so we get all of this
0:06:41.280,0:06:46.240
and we have mostly anecdotes that are that[br]are helping us sort of get small pictures,
0:06:46.240,0:06:48.810
and I think the real problem right is[br]there's all these devices—this is an
0:06:48.810,0:06:54.669
example of a few, and and we really I[br]think are quite far behind and having that
0:06:54.669,0:07:02.230
bar lowered for people to play and[br]understand what these things are. So, what
0:07:02.230,0:07:06.800
what I want to do to like try and explain[br]that situation that we're in is is talk
0:07:06.800,0:07:11.770
about why we're there and the different[br]sort of general groups of where these
0:07:11.770,0:07:16.000
devices end up. I realize that[br]that's talking about motives and that
0:07:16.000,0:07:19.610
is often like the way that you get[br]people mad at you, if you try and
0:07:19.610,0:07:22.770
ascribe some motivation to them that[br]they disagree with. So realize that these
0:07:22.770,0:07:26.550
are bread's … broad strokes and not really[br]indicative of everyone. But this gives you
0:07:26.550,0:07:31.590
some sense of why we've still ended up in[br]this world of not knowing much publicly.
0:07:31.590,0:07:36.830
Maybe … there's a quote from … this is[br]from Kim Jong-il that's that's relevant, and
0:07:36.830,0:07:41.980
and says, you know, Koreans are quite an[br]intelligent people and even in computer
0:07:41.980,0:07:45.570
technology we excel. I think this is[br]something that we maybe don't appreciate
0:07:45.570,0:07:50.290
when we're thinking about this. It is[br]rational for Korea to not want this stuff
0:07:50.290,0:07:54.620
to come out, right? They are worried about[br]adversarial government's trying to
0:07:54.620,0:07:58.919
leverage whatever they can. It seems[br]rational that it's in their best interest
0:07:58.919,0:08:03.330
to make it difficult for this stuff to get[br]out and for people to be able to attack
0:08:03.330,0:08:08.900
them with it. That's what we've seen in,[br]you know, against the threat model well
0:08:08.900,0:08:16.710
implemented copy control and and other[br]sort of limitations on the on the devices.
0:08:16.710,0:08:19.630
In terms of foreigners who have access to[br]these devices, I think there's sort of two
0:08:19.630,0:08:24.070
classes. What we saw in the talk last year[br]was a device that came out through a
0:08:24.070,0:08:29.650
defector group. So you've got someone who[br]left with this device and now he's trying
0:08:29.650,0:08:35.360
to figure out what what's on it. And that[br]is this adversarial relationship where the
0:08:35.360,0:08:40.299
goal there is to do damage to the country.[br]And so there's much more value in having
0:08:40.299,0:08:45.501
0-days than there is in releasing this[br]because then the security gets fixed. And
0:08:45.501,0:08:48.880
so you'll see that you know for any device[br]that comes out there there's really the
0:08:48.880,0:08:52.520
sensitivity both in terms of not wanting[br]to identify people but also in; well if we
0:08:52.520,0:08:57.770
find anything that's buggy, we want to be[br]able to do something with it. I think in
0:08:57.770,0:09:03.040
fact there's many more devices that don't[br]come out that way but that are held by
0:09:03.040,0:09:08.119
foreigners who are working constructively[br]with the country. And for them, the the
0:09:08.119,0:09:12.790
reason is somewhat different. And I think[br]the reason for them is in many cases that
0:09:12.790,0:09:17.169
they're worried about sort of the unknown[br]unknowns of “could someone get in trouble?
0:09:17.169,0:09:21.449
Will this result in my connection to the[br]country getting disrupted? The people
0:09:21.449,0:09:25.030
I like and work with getting in trouble[br]for having given me the device that I've
0:09:25.030,0:09:28.640
been done something reckless with.”[br]Right, so we can see from like
0:09:28.640,0:09:31.529
a bunch of individual perspectives why[br]we don't have more of this technology
0:09:31.529,0:09:37.120
out there. We can also understand[br]that, you know, as the public, this
0:09:37.120,0:09:40.050
creates this weird thing where[br]we're all fascinated but don't
0:09:40.050,0:09:43.949
have access. And and that I think[br]also in the spirit of, you know,
0:09:43.949,0:09:49.690
for Korea, this isn't great. Because the[br]bugs go unpatched and they don't get a
0:09:49.690,0:09:56.660
better security. So, this is the[br]electronic goods store at the airport
0:09:56.660,0:10:00.800
which somewhat counter-intuitively doesn't[br]actually sell the tablets to foreigners
0:10:00.800,0:10:07.199
but they do have some. What we're … what[br]we're going to talk about for the rest of
0:10:07.199,0:10:14.309
this talk is an effort that I guess we're[br]sort of putting out on the web called
0:10:14.309,0:10:19.540
computer … KoreaComputerCenter.org. Where[br]we're going to try and release a bit more
0:10:19.540,0:10:23.699
of this technology. And I'm going to talk[br]through the three initial things that
0:10:23.699,0:10:27.929
we're going to put up there that we hope[br]people play with. And this is in the
0:10:27.929,0:10:34.079
spirit that this we think … this makes life[br]better both for Korea and for the outside
0:10:34.079,0:10:40.009
world. For Korea, the same thing I was[br]just saying—I think you get better
0:10:40.009,0:10:44.500
security in the long run. We we I think as[br]a community understand the value of open-
0:10:44.500,0:10:48.620
source software, and in having many eyes[br]audit and find the bugs. We've already
0:10:48.620,0:10:53.180
seen that on the artifacts that have[br]gotten out. For us, I think it's a great
0:10:53.180,0:11:00.820
chance to … to do two things—one one,[br]it spreads our understanding more
0:11:00.820,0:11:03.999
consistently so we actually understand[br]what is going on in the country and can
0:11:03.999,0:11:08.769
make rational policy decisions at some[br]high level. It's also fascinating and we
0:11:08.769,0:11:15.230
get to preserve this anthropological[br]artifact of this really amazing parallel
0:11:15.230,0:11:19.130
development that has created … that[br]that exists of of what technology is
0:11:19.130,0:11:25.519
like in Korea. So, in that spirit,[br]let's talk about what's coming out.
0:11:25.519,0:11:29.790
Some of this I think is showing up on[br]BitTorrent links that are on this site
0:11:29.790,0:11:36.009
koreacomputercenter.org as we speak. The[br]first is a phone image—there's a system
0:11:36.009,0:11:43.869
partition and data partition recovery for[br]this phon, a Pyongyang 2407. This phone
0:11:43.869,0:11:51.050
was chosen because it's made by a Chinese[br]OEM, Jin Lee, which also creates the same
0:11:51.050,0:11:58.059
hardware in an Indian model. So if you've[br]got a friend in India at least, you can
0:11:58.059,0:12:04.249
get the G&E v5—it's exactly the same[br]hardware and so these images can load onto
0:12:04.249,0:12:08.330
one of these phones and then you will also[br]be able to run this operating system. And
0:12:08.330,0:12:12.239
so rather than just doing static analysis[br]of what's there you can actually see how
0:12:12.239,0:12:16.949
that fits together and what actually[br]happens. How it works, that it does shut
0:12:16.949,0:12:20.429
down when a SIM card from a different[br]operator gets plugged in, these sorts of
0:12:20.429,0:12:26.730
things. So this is this is just I guess[br]I'll say the the basic phone system - it
0:12:26.730,0:12:30.660
doesn't include most apps but it's got a[br]bunch of the sort of operating system-
0:12:30.660,0:12:35.190
level copy controls. You can get your[br]hands on the the Red Star protection
0:12:35.190,0:12:42.709
things that we're talked about last year.[br]The second thing for apps we're going to
0:12:42.709,0:12:46.300
turn to something a little bit older this[br]is the Samjiyon tablet which is one of the
0:12:46.300,0:12:54.189
first tablets that came out 2011-2012 era.[br]This was sort of at the beginning of
0:12:54.189,0:12:58.040
Korea's sort of introduction of widespread[br]consumer electronics, so it got circulated
0:12:58.040,0:13:03.480
quite a bit. It was a larger run of[br]devices than many of them. In fact so
0:13:03.480,0:13:07.210
widespread that there's there's one of[br]these devices in the Stanford library. And
0:13:07.210,0:13:10.481
so I guess the other thing I'll stress is[br]these devices are out there and it's a
0:13:10.481,0:13:13.999
matter of making sure that we're releasing[br]these in a way where it's just like this
0:13:13.999,0:13:18.009
is software but we're not necessarily[br]getting anyone in particular in trouble
0:13:18.009,0:13:21.220
because these devices we know are in a[br]bunch of places and the attribution
0:13:21.220,0:13:24.450
becomes hard at that point for[br]anyone to like, lose
0:13:24.450,0:13:27.360
contact or get in trouble. So there's
0:13:27.360,0:13:33.809
there's a basic set of apps that come[br]there. These are some of the icons there -
0:13:33.809,0:13:37.999
there's a nice one that has a bunch of[br]recipes. The the thing I'll say about
0:13:37.999,0:13:42.689
these - these were made for this specific[br]device and this is a thing that you'll see
0:13:42.689,0:13:46.819
I think throughout all the software if you[br]actually take a look at it. And so there's
0:13:46.819,0:13:51.929
a lot of hard-coded paths. So as well as[br]the APKs themselves you'll find that they
0:13:51.929,0:13:56.070
reference things that they expect to be in[br]specific parts of the SD card. Those files
0:13:56.070,0:14:00.449
are included, but it's unlikely that if[br]you just copy the APK onto a Android phone
0:14:00.449,0:14:06.369
it will be able to show you much content.[br]So it would be awesome if someone who
0:14:06.369,0:14:09.569
enjoys small.i wants to twiddle some paths[br]so that those can look for internal
0:14:09.569,0:14:13.921
resources instead, and lower that bar[br]further so that more people can play. I
0:14:13.921,0:14:17.139
think the other thing that's interesting[br]here is pretty much all of these apps use
0:14:17.139,0:14:21.670
their own specific binary format that's[br]like yet again this totally new thing
0:14:21.670,0:14:29.209
where it's like someone just coded some[br]totally one-off thing. And that's weird.
0:14:29.209,0:14:33.080
And the final thing is we're gonna release[br]a bunch of educational materials that seem
0:14:33.080,0:14:36.519
to sort of end up on these devices.[br]Education is one of the big purposes,
0:14:36.519,0:14:40.610
right? You're you're giving these to the[br]the children and teenagers who are
0:14:40.610,0:14:45.160
especially excited about technology and[br]one of the useful things that they can do
0:14:45.160,0:14:50.489
is use that for for their course material.[br]In getting a set of PDFs that are sort of
0:14:50.489,0:14:55.189
like usable, we ended up having to do some[br]work. I'm gonna turn over to Gabe to
0:14:55.189,0:14:58.649
explain sort of the process we went[br]through and getting this this last set of
0:14:58.649,0:15:03.280
the the textbooks that are[br]going to come out.
0:15:03.280,0:15:08.029
Gabe: Thanks, Will. So basically when I[br]got involved with this, the situation as
0:15:08.029,0:15:13.860
far as these textbooks was that we had[br]quite a few of these files. And there are
0:15:13.860,0:15:18.629
two things you could tell on the surface -[br]one is that they claim to be PDF files
0:15:18.629,0:15:24.379
based on the filename, and some of them[br]have titles in English or Korean -
0:15:24.379,0:15:25.379
that sort of suggests
0:15:25.379,0:15:28.480
what's inside. But what you see on the[br]screen is not what we saw because none of
0:15:28.480,0:15:35.319
these files were plain PDFs. So there's a[br]bit of sort of custom DRM that's been
0:15:35.319,0:15:40.959
applied to these files and it's pretty[br]rudimentary, but it's actually been kind
0:15:40.959,0:15:48.161
of remarkably decent job of what we think[br]it was designed for. Which is that the the
0:15:48.161,0:15:53.350
textbooks that come with or that come with[br]or that are added to one device are not
0:15:53.350,0:15:57.580
supposed to be able to be accessed on a[br]different device. And as well so if you
0:15:57.580,0:16:01.630
pulled the these PDF files out of the[br]device that you send off outside the
0:16:01.630,0:16:07.009
country, they're not readable. Now one[br]thing I will say is that we know from some
0:16:07.009,0:16:13.009
of the previous talks on Red Star that[br]developers in and for the DPRK have
0:16:13.009,0:16:20.259
implemented actual AES-like encryption.[br]This is not that - it's fairly basic and
0:16:20.259,0:16:26.269
we did find some some holes in it. So talk[br]a little bit about what we did. So when we
0:16:26.269,0:16:30.949
look at these files, the first thing we[br]notice is that they don't have a PDF
0:16:30.949,0:16:35.029
header. The first eight bytes have this[br]reference or this potential reference
0:16:35.029,0:16:40.459
anyway to what will might be a date in[br]little-endian format. So this might be
0:16:40.459,0:16:45.910
either December 1st or January 12th in[br]1978. If you have any idea what that
0:16:45.910,0:16:50.920
means, please let us know because we're[br]kind of curious. The next thing is that
0:16:50.920,0:16:56.300
when we started to look at the devices,[br]because we also had the the applications
0:16:56.300,0:17:03.449
that read these files, one of them has a[br]hard coded reference to those first four
0:17:03.449,0:17:08.319
bytes. And so when you look at what that[br]application was, we find that it's this
0:17:08.319,0:17:14.138
app called UDK.Android.Reader, which if[br]you go to the Google Play Store it's just
0:17:14.138,0:17:21.280
a commercially available PDF Reader app[br]for Android. But it's not really, because
0:17:21.280,0:17:27.459
it's been modified to implement the the[br]DRM that we're looking at here. So
0:17:27.459,0:17:32.890
basically, we took the the copy of the[br]reader that's available online, and one of
0:17:32.890,0:17:37.769
the copies on one of the devices, and[br]we'll compare them we find that the
0:17:37.769,0:17:44.070
application calls out to a shared library[br]when it wants to parse a PDF file. That
0:17:44.070,0:17:47.270
library looks kind of like this[br]- these are the ELF sections in the file
0:17:47.270,0:17:53.850
and it's pretty normal. When we look at[br]the copy that's on the DPRK version of the
0:17:53.850,0:17:58.789
app, there's this one section added that[br]kind of jumps out - like it's literally
0:17:58.789,0:18:07.990
called dot-modified. So when you look into[br]what's in that section, we see something
0:18:07.990,0:18:12.230
like this - and this is really not going[br]to be legible both because of the size of
0:18:12.230,0:18:18.370
text and because it's decompiled from ARM.[br]But we have the original decompiled code
0:18:18.370,0:18:23.200
on the left, and the DPRK version on the[br]right. And the two things I just want to
0:18:23.200,0:18:29.380
highlight are - at the top the original[br]function that would be filling a buffer to
0:18:29.380,0:18:34.029
read the file has been replaced by a stub[br]that calls this sort of custom method in
0:18:34.029,0:18:39.620
the modified section. And this the version[br]that's over in the modified section does
0:18:39.620,0:18:44.380
basically the exact same thing, except[br]that in one case it will call another
0:18:44.380,0:18:47.740
function that does some decryption. And[br]there's some other things as well in the
0:18:47.740,0:18:54.200
modified section this is just sort of one[br]example. Now the reason that this is kind
0:18:54.200,0:18:58.639
of interesting to us is that it really[br]shows us that these modifications were not
0:18:58.639,0:19:04.000
made by someone who had source code.[br]Like this is kind of crazy low-level, not
0:19:04.000,0:19:09.639
crazy, but like it's it's really low-level[br]modification of the binary itself. So when
0:19:09.639,0:19:14.360
we look into those functions and what they[br]do, what we start finding is that the
0:19:14.360,0:19:21.880
shared library, the modified version of[br]the shared library, has this 512 bytes pad
0:19:21.880,0:19:25.960
which basically gets used over and over[br]again as part of the decryption process.
0:19:25.960,0:19:29.649
And one of the things about it is that for[br]different files you will start using it at
0:19:29.649,0:19:35.870
a different point. And there's also a four[br]byte key that's different for every file,
0:19:35.870,0:19:41.179
which comes from a combination of a few[br]bytes in the file header itself, and a
0:19:41.179,0:19:50.330
per-device key. So that per-device key is[br]kind of interesting. So they're taking,
0:19:50.330,0:19:54.029
well at the end of the day you want a four[br]byte key, and they're generating it out of
0:19:54.029,0:19:57.690
a six byte MAC address and the code that[br]they use kind of looks like this.
0:19:57.690,0:20:02.669
This is us reimplementing it[br]in Go. One of
0:20:02.669,0:20:06.659
the weird things about it is that some of[br]these devices may not actually have useful
0:20:06.659,0:20:11.419
MAC addresses so in some cases the MAC[br]address that's using is actually just some
0:20:11.419,0:20:17.460
hard-coded value in a file. All the time[br]when it reads these MAC addresses it's
0:20:17.460,0:20:21.940
really just reading some code or some some[br]text out of that system etc MAC address
0:20:21.940,0:20:28.610
file. So if you have that key, the process[br]to decrypt is really simple. You take that
0:20:28.610,0:20:35.080
key, you subtract some of the bytes - the[br]ones marked with Y, and you get your four
0:20:35.080,0:20:41.019
bytes to do a decryption. And the point in[br]the pad that I mentioned for this (tilaka)
0:20:41.019,0:20:47.200
starting offset is just that same value[br]interpreted as an integer mod 512 because
0:20:47.200,0:20:53.720
that's the length of the pad. In all the[br]examples we looked at, or as far as we
0:20:53.720,0:21:00.750
could tell, these headers only had keys[br]for like one device. But looking at the
0:21:00.750,0:21:06.500
the compiled code it looks like it might[br]be possible to have like one file that can
0:21:06.500,0:21:09.820
be decrypted by multiple different[br]devices. We just haven't actually seen a
0:21:09.820,0:21:16.250
file that is like. So the way that[br]actually does decryption is byte by byte
0:21:16.250,0:21:22.940
and this is a simplified view of what's[br]going on. We're releasing a tool that will
0:21:22.940,0:21:26.230
do this correctly and has all the details[br]in it but in a nutshell what you're doing
0:21:26.230,0:21:30.090
is you're doing a little bit of math to[br]figure out where you are starting from for
0:21:30.090,0:21:33.980
all these operations. And then for each[br]byte that you want to decrypt, you take
0:21:33.980,0:21:39.710
your encrypted byte, you subtract one of[br]the per-file bytes, and then you XOR the
0:21:39.710,0:21:46.750
whole thing with one of the bytes from[br]that 512 byte pad. So, the cool thing
0:21:46.750,0:21:52.200
about this from my point of view is that[br]this process is totally reversible. So if
0:21:52.200,0:21:57.220
you don't know your per-file key but you[br]do know what the plaintext should look
0:21:57.220,0:22:05.539
like, you can run this backwards. And it[br]looks ound like that. So what if you just
0:22:05.539,0:22:09.210
get a bunch of these encrypted PDF files[br]and you have no idea what device they came
0:22:09.210,0:22:15.170
from and you just want to look at them?[br]You can also do it like. It's really
0:22:15.170,0:22:19.169
quick to do you basically[br]brute-force all of the potentialial
0:22:19.169,0:22:22.410
positions to be starting from, which[br]is really not that many many because the
0:22:22.410,0:22:28.250
pad is not very big. And it's kind of a[br]plain text at a known plaintext attack.
0:22:28.250,0:22:33.570
The header a PDF file always looks like %[br]PDF and then there's a version number. So
0:22:33.570,0:22:38.830
you take 4 bytes you calculate the per-[br]file key that you would need to to make
0:22:38.830,0:22:44.100
that decrypt to % PDF and then you take[br]the same per-file key and you see if it
0:22:44.100,0:22:49.160
would be able to decrypt the next section[br]to a version number, and wind up with a
0:22:49.160,0:22:58.781
valid header. And so we've done this for[br]all of the the files that we found, and
0:22:58.781,0:23:04.880
basically wound up with plain text for all[br]these. One of the things that we noticed
0:23:04.880,0:23:10.309
after decrypting these files is that many[br]of them have watermarks at the end - so if
0:23:10.309,0:23:17.230
we look back to the talks on Red Star OS[br]from the past years, Florian and Niklaus
0:23:17.230,0:23:21.970
did some work on understanding what the[br]watermark is. And if you want full details
0:23:21.970,0:23:28.860
look at those talks. But to summarize it -[br]every time that a file passes through a
0:23:28.860,0:23:34.500
desktop system or sometimes a file gets[br]modified the OS adds basically an
0:23:34.500,0:23:40.290
encrypted form of the hard drive serial[br]number. Now when releasing these files we
0:23:40.290,0:23:45.460
want to sort of obscure their origins and[br]not get any particular people into
0:23:45.460,0:23:52.200
trouble, so we remove all those watermarks[br]before releasing these. And that's pretty
0:23:52.200,0:23:55.659
simple because the way that this works[br]with PDF files is just that there's a
0:23:55.659,0:23:59.860
known line of text at the end of the file[br]that represents the end of the PDF, and
0:23:59.860,0:24:05.130
the Red Star always puts these watermarks[br]at the end so we just chop off the end. So
0:24:05.130,0:24:10.190
once we have this we have like over 300[br]files of really different kinds of things,
0:24:10.190,0:24:14.039
and we've kind of looked at some of them[br]but we're going to be releasing a torrent
0:24:14.039,0:24:19.590
with all of them and we'd really like to[br]see what people come up with - just you
0:24:19.590,0:24:21.940
know that that's in these files that we[br]have noticed.
0:24:21.940,0:24:25.149
Will: Have we looked at all of them?[br]Gabe: I mean yeah, we've had like a quick
0:24:25.149,0:24:30.330
look at some of them. We don't, I don't[br]speak Korean, you know some. There's
0:24:30.330,0:24:36.460
probably more to be found in that archive.[br]So quick a look at just a couple of
0:24:36.460,0:24:42.019
examples of things we found. There's many[br]different kinds of books on these devices
0:24:42.019,0:24:45.659
many of them are like computer science[br]books, there's general-purpose knowledge
0:24:45.659,0:24:50.679
kids textbooks. But because we want to[br]understand the state of technology in in
0:24:50.679,0:24:55.889
the DPRK, the part that's most interesting[br]to us right now is computer science
0:24:55.889,0:25:01.190
textbooks. So like two of the examples we[br]have are this Java programming book and
0:25:01.190,0:25:06.820
this computer science book. They've got[br]some awesome covers and really neat art in
0:25:06.820,0:25:11.970
some of them. But yeah, I'll hand that[br]back to to Will to actually talk about the
0:25:11.970,0:25:20.790
analysis of what we we found in these[br]books and sort of where they came from.
0:25:20.790,0:25:23.500
Will: Cool. Yeah, so maybe another quote
0:25:23.500,0:25:28.331
from from Kim Jong-il is appropriate,[br]saying that we need to be aware of the
0:25:28.331,0:25:31.940
information technology industry and we[br]need to meet the needs of the information
0:25:31.940,0:25:37.559
technology industry. And so I think one of[br]the things that that comes out of these
0:25:37.559,0:25:42.090
text books that that I think is sort of[br]interesting and this is the first benefit
0:25:42.090,0:25:46.260
is that this can help us understand sort[br]of where Korea is in terms of how much
0:25:46.260,0:25:52.680
emphasis its placing on this aspect. For a[br]lot of the educational materials, they
0:25:52.680,0:25:57.019
seem to be organically created, they seem[br]to be about the specific environment
0:25:57.019,0:26:02.990
there's a lot of training kids how to use[br]Red Star of various versions that you see.
0:26:02.990,0:26:10.440
The textbooks, many of them are translated[br]or follow a curriculum and a layout of
0:26:10.440,0:26:13.700
foreign external materials that have been[br]translated. So for some of the ones where
0:26:13.700,0:26:18.350
we could identify what the original source[br]was, we tried to calculate how long that
0:26:18.350,0:26:21.299
had taken, because we were actually[br]surprised sometimes this was a pretty
0:26:21.299,0:26:27.990
quick. So I'll show this waterfall graph -[br]each of these bars represents one book.
0:26:27.990,0:26:32.170
Some of the titles at the bottom they're[br]quite small and the the y-axis is the
0:26:32.170,0:26:36.760
year. The bottom is when the original[br]English version that was used seemed to
0:26:36.760,0:26:41.730
come out and and the top is when the[br]translation was released. And so what's
0:26:41.730,0:26:45.070
interesting here is you[br]see order of even the
0:26:45.070,0:26:50.340
same year sometimes a couple years[br]throughout this whole period of 2000 to
0:26:50.340,0:26:55.789
2010 where they're putting a bunch of[br]effort into taking four-hundred, five-
0:26:55.789,0:27:03.299
hundred page books. The the torrent of[br]these text books is four-some gigs, and
0:27:03.299,0:27:09.019
doing good translations fairly quickly.[br]These are like solid translations the code
0:27:09.019,0:27:14.529
examples have been often changed, there's[br]comments in Korean in there. Like, this is
0:27:14.529,0:27:17.899
this is a solid effort that we should be[br]understanding and I think maybe partially
0:27:17.899,0:27:22.090
sort of fills this gap of like, what is[br]this disconnect between this very isolated
0:27:22.090,0:27:33.509
country and the fact that it has a really[br]strong computer capability. Cool, to end,
0:27:33.509,0:27:38.240
I just want to sort of give an anecdote[br]that maybe goes to the other side of this
0:27:38.240,0:27:42.130
anthropological value that we get out of[br]this sort of work. So you've heard about
0:27:42.130,0:27:48.039
Kwangmyong - this is the internal network[br]or Internet. And so from these educational
0:27:48.039,0:27:51.889
textbooks you start to get I think more[br]insight into sort of how this thing has
0:27:51.889,0:27:57.730
progressed over over time. Here's pictures[br]from 2001, I apologize for quality, this
0:27:57.730,0:28:03.211
was what was there of an early version of[br]Kwangmyong. This is Kwangmyong 5.1 which
0:28:03.211,0:28:09.549
looks sort of like AOL. It was a dial-up[br]application that would get you documents
0:28:09.549,0:28:15.120
and information. You also see at that same[br]time that there was an email sort of
0:28:15.120,0:28:22.179
corresponding app called "hey son" - I[br]think I got that pronunciation not too bad
0:28:22.179,0:28:25.120
that was used for messaging. We've heard[br]that there was a messaging system, we
0:28:25.120,0:28:30.529
didn't really have that connected to sort[br]of where that fit in to the puzzle. A
0:28:30.529,0:28:34.570
picture that seems to be that same sort of[br]Internal network ended up on the South
0:28:34.570,0:28:40.450
Korean internet around 2005. It got reused[br]by anonymous in 2013 when they claimed to
0:28:40.450,0:28:46.340
attack the Korean government servers, but[br]but then sort of that that turned out to
0:28:46.340,0:28:50.781
be false in that it was this original 2005[br]post that someone made. That seems to be a
0:28:50.781,0:28:56.450
similar system. And even in that 2005 post[br]they they had sort of also their web
0:28:56.450,0:29:00.479
component - that's the same logo[br]in the upper left as they moved
0:29:00.479,0:29:02.120
to sort of a web site[br]that we've now seen
0:29:02.120,0:29:07.110
evolved. It's worth noting here right[br]Kwangmyong is a single site - it's a
0:29:07.110,0:29:12.330
service for generally technical document[br]retrieval. Here's that same site now up to
0:29:12.330,0:29:18.740
the 2010-era looking a little bit nicer at[br]least at higher quality in the picture.
0:29:18.740,0:29:21.889
And so I think what we're starting to do[br]is we're getting these insights through
0:29:21.889,0:29:24.760
through seeing some of these more[br]documents coming out about what this
0:29:24.760,0:29:28.840
internal ecosystem actually looks like.[br]There are these these services that we can
0:29:28.840,0:29:33.740
start to link over time, understand what[br]sorts of files are available and the
0:29:33.740,0:29:39.100
specialties of these different groups, and[br]and preserve some of this internal network
0:29:39.100,0:29:44.929
that, you know, in this fairly unstable[br]environment, we're at in danger of losing.
0:29:44.929,0:29:50.100
To bring us up to current time, this is[br]from 2015 - a sort of blurry picture from
0:29:50.100,0:29:55.519
a Koryolink office. Koryolink's the the[br]mobile telephony provider and to call out
0:29:55.519,0:30:00.759
that they now have a same set of services[br]on a poster advertising mobile service
0:30:00.759,0:30:05.830
with internal IPs to them. And so we're[br]seeing now that this is being introduced
0:30:05.830,0:30:09.360
at a wider availability and advertised to[br]people on their mobile devices. So we're
0:30:09.360,0:30:13.700
moving beyond just wire desktop[br]connections but this is now a thing that
0:30:13.700,0:30:18.980
more people are going to have access to on[br]personal devices. And so I think you know,
0:30:18.980,0:30:25.669
internally, we're in this really exciting[br]transitionary phase. I'm happy that that
0:30:25.669,0:30:31.131
more of this ends up in the public. So,[br]there's this site, koreacomputecenter - it
0:30:31.131,0:30:36.320
should already have some links, more will[br]show up very soon. If you are interested
0:30:36.320,0:30:40.860
we encourage you to go grab that stuff try[br]and make it the bar lower. If you have
0:30:40.860,0:30:45.190
DPRK artifacts, info@[br]koreacomputercenter.org - we'd love to
0:30:45.190,0:30:51.081
talk to you, help make stuff safe, and get[br]more stuff out for public consumption. I
0:30:51.081,0:30:57.350
think we are about that time - are you[br]coming kicking us off; so we will take
0:30:57.350,0:31:03.308
questions across the hall in[br]the tea room. Thank you.
0:31:03.308,0:31:07.730
Applause
0:31:07.730,0:31:13.095
34c3 postroll
0:31:13.095,0:31:27.941
subtitles created by c3subtitles.de[br]in the year 2018. Join, and help us!