The last paragraph is both funny and so so in phase with a lot of security by obscurity found everywhere:
"The V700 consults both “/proc/cpuinfo” to learn the CPU serial number of the device it is on, and a binary file associated with the device file system structure as part of its method for determining its AES (Advanced Encryption Standard) key. It then ignores all of these device-specific items, and reverts back to a static key “87654321” stored in the binary."
When I read this, it sounded very familiar. This is also how some Allwinner tablets derive their MAC address. And wow, it turns out it is an Allwinner based device!
I found it out because we sold Allwinner devices and customers complained that after an update the MAC address changed. The MAC address is set at boot time, but the algorithm used was different in the binaries we got from Allwinner, and the source we used for compiling the update. They do have a reputation for not taking GPL too seriously.
I could imagine in this case, the source-code version of libcdx_stream was supposed to give the proper machine ID that Allwinner uses in other places, but somebody sloppily patched it out for their encryption scheme.
Makes sense to me, who could be bothered to clone drives and then have to wait for them to be re-encrypted per device. Instead of just modifying the firmware once?
Especially considering the devices would be sold to strangers and it's quite unlikely the harddrive would make it into the hands of someone without access to the paired system.
I suppose the re-encrypting could just be a second key, but still would require processing that is not worth anyone's time.
Do NKers have suitcases? It's not like (at least in my head) many of them travel for leisure. What percentage can even leave the country? For the rest, it seems like the country is such a police state that no one would try to open your bags, making a combination lock unnecessary.
A quick google just now does tell me there are NKers who travel overseas for work or studies..
>A quick google just now does tell me there are NKers who travel overseas for work or studies..
I recall reading something along the lines of their being tens of thousands of North Koreans working in Russia, more or less in slavery, doing things like construction where the work is so dangerous that even the locals won't pick it up.
The problem with tying encryption to the serial number is that it becomes harder to distribute the material in the first place - either you need to know the serial number of the device you're going to put a drive into so you can pre-encrypt the data, or you need to have extra code to encrypt the data on first boot (and then make very sure that first boot happens in the factory). Moving to a static key makes it much easier to handle all of this. Anyone who's able to reverse engineer the system well enough to obtain a static key would probably be able to figure out the dynamic algorithm anyway, so the practical outcome isn't terribly different.
I'm betting they started with per device encryption and then someone in management figured out they'd need to generate one image per device and that would cost too much, so they left the code already written in and just added the hard coded key at the end.
> The "Roland" name was selected for export purposes, as Kakehashi was interested in a name that was easy to pronounce for his worldwide target markets. The name was found in a telephone directory, and Kakehashi was satisfied with the simple two-syllable word and its soft consonants. The letter "R" was chosen because it was not used by many other music equipment companies, so would stand out in trade-show directories and industry listings. Kakehashi did not learn of the French epic poem The Song of Roland until later.
"Sony" has an interesting history as well. The official line is that it was a mixture of "sonus" and "sonny" boys (see https://en.wikipedia.org/wiki/Sony). But I have it on good authority from people in the know in the company that the real reason for the name Sony was that it sounded like an American company name to Japanese ears. America was cool. That is, namewise Sony was the Japanese equivalent of Haagen-Dazs. It's even written in Katakana, the script for foreign words.
Obviously it’s the English pronounciation that is difficult for them. See also how Japanese try to avoid saying “reflex” in relation to cameras: An SLR is an 一眼レフ Single Lens Ref and Nikon’s camera with a reFlex mirror is the Nikon “F”. Mirrorless seems to have fared better, but I have seen shops selling them as 一眼カメラ, Single Lens Cameras.
Side note: I've never seen an account quite like that one before.
From their recent uploads
> Armed police forces preparing to take on the violent anarchists and trotskyists on the streets of Hong Kong. Drill took place 29 August in Shenzhen, just over the border from Hong Kong.
I'm quite familiar with anti-imperialists of various sorts. They generally don't start ranting about Trotskyists. That makes this person sound decades out of date.
Yes, I don't think they pretend to have invented it, given the lyrics of the song. One of the lines is about how they are advancing towards the cutting edge of the world, which does admit they're not a leader.
Theory I've heard is CNC mills and the like aren't banned for import into DPRK by UN or others and so it's like the most advanced industrial component they can import there, so it gets a song!
Of course the Chinese song is Little Apple, I should have known. The most ubiquitous Chinese song ever, soon 10 years running. So ubiquitous, it has an English wikipedia article: https://en.wikipedia.org/wiki/Little_Apple_(song)
Knowing that's the song, I am no longer surprised it made it to North Korea.
So, why the encryption? Is someone in NK really afraid that their stuff will be stolen?
Hmm I guess the answer is in that word "steal", some Chinese supplier probably has monopoly of the NK market and is using the encryption to prevent cheap Chinese karaoke machine makers to just copy their data. (Insert the word "other" in the previous sentence.)
Yeah. A lot of the karaoke systems (even cheap ones) have their own weird "encryption". It is really just to stop other manufacturers from copying their song collection.
I wish there was some way to get Chinese karaoke songs in the US apart from spending hundreds on importing a physical karaoke machine. All the apps such as 全民K歌 are region-locked, and the songs on YouTube vary in quality --- they often do not have properly timed lyrics and are rarely the instrumental version without the vocals, and newer or less popular songs are nowhere to be found at all.
It's not a torrent, but I think the best way to retrieve the entire collection is using the internetarchive "ia" command line tool. Here's a couple pointers:
This was a fun project. It's good to know that a lot of the north korean consumer technology does propagate at least to the border areas with China, and so has a chance to be archived and kept available into the future.
"The V700 consults both “/proc/cpuinfo” to learn the CPU serial number of the device it is on, and a binary file associated with the device file system structure as part of its method for determining its AES (Advanced Encryption Standard) key. It then ignores all of these device-specific items, and reverts back to a static key “87654321” stored in the binary."