
Woolim – Lifting the Fog on DPRK’s Latest Tablet PC [video] - Vespasian
https://media.ccc.de/v/33c3-8143-woolim_lifting_the_fog_on_dprk_s_latest_tablet_pc
======
cnvogel
Slides: [https://github.com/takeshixx/woolim-
tools](https://github.com/takeshixx/woolim-tools)

Blog-Post: [https://insinuator.net/2016/12/woolim-lifting-the-fog-on-
dpr...](https://insinuator.net/2016/12/woolim-lifting-the-fog-on-dprks-latest-
tablet-pc/)

------
wonko1
I'm constantly impressed by the effort the DPRK is putting into securing their
devices.

I've just skimmed it, but:

The talk describes what is really an extreme form of DRM, the tablet can only
open media created and signed by the government or media created and self-
signed on the tablet.

Users can't exchange files, if they try the signature check fails.

It's very similar to what they presented last year on RedStar OS, but this
seems to be taking it to even greater extremes.

In RedStar OS you could transfer files, but they'd get watermarked. In
someways that's even scarier, because they can log ever user who touched the
file.

Really very interesting, it will be fascinating to see how this progresses (as
well as terrifying).

~~~
lisper
> Users can't exchange files

Yes, they can, but the OS appends a watermark to each file when it is
exported, so every file carries with it a record of who exported it and in
what order. That allows the government, when it gets a copy of a shared file,
to track back exactly who gave it to whom.

> terrifying

Indeed.

~~~
wonko1
That appears to be the case on RedStar OS. But on Woolim you can only few
government signed or self-signed content, nothing else. That was my
understanding from the talk.

~~~
lisper
Ah, you may be right. I skipped over a few parts of the talk, so I may have
been missing some context during the watermarking discussion. My comment was
based on the segment starting at 41:30.

~~~
strgrd
Maybe you should state that you skimmed the article before declaring something
so assertively. Did you even read the parent comment, or did you see "transfer
files, Redstar OS" and jump at the chance to espouse your little NK factoid?

Seriously, you didn't read/listen to the article, and you didn't read the
parent comment. This sort of comment etiquette is unacceptable on YC

~~~
CodeMage
_> This sort of comment etiquette is unacceptable on YC_

I feel that the above statement is more applicable to your comment, than to
the comment you were talking about. I would like to politely suggest silently
downvoting a comment that is factually incorrect, instead of going on a rant
about comment etiquette.

We're all human and we all make mistakes. Angry outbursts like yours are more
toxic to a community than having an occasional user be negligent and fail to
fact-check their comment.

------
jwtadvice
This would be so much fun to jailbreak.

The solution to media content distribution looks a lot like what companies in
the United States have tried again and again to do, but have failed - with
perhaps the recent exception of smart phone and tablet devices.

Another trick the DPRK might consider is making much of their software a
service and requiring always-on connectivity to use the application in
question. This not only restricts what a user can do, but it also allows the
'stewart' body to track usage, collect metadata and a number of other useful
bits for state security. Often, the use of the app can be track to a
geolocation.

~~~
digi_owl
Well, Bono managed to point to China's great firewall as an example when
talking about DRM enforcement...

------
laborat
I guess these guys hadn't seen the info on [https://linux-
sunxi.org/Main_Page](https://linux-sunxi.org/Main_Page) when they were trying
to get the device to run arbitrary code. All Allwinner SoCs have a USB
bootloader baked into the _CPU_, which you can talk to over an open-source
protocol (poorly documented, but on my old A10 tablet the magic term to google
for is 'LiveSuit' \- there is an open-source Linux driver, bootloader, and
flasher stub to be found on github somewhere).

------
tedmiston
"We don't know if it's really Flash, but it makes sense because most of the
DPRK websites are using Flash to serve video… and deliver remote exploits."

------
wyldfire
DPRK is the Democratic People's Republic of Korea, commonly referred to as
"North Korea".

------
johansch
(Now - listen: this is after "suffering" through 3-4 CCC speeches in the past
week.)

Ah. It's that time the the year. CCC. Ze Germans.

I'm also not a native speaker of English (I'm Swedish).. but I know my limits.
If I would want to communicate something to the rest of the world, I would put
it on the web. In text and images.

German people tend to be decent-to-quite good good at writing English - and
kind of bad at speaking it, to be honest. This guy is one of the better, I
have to say. The video format is still annoying though, because of its linear
format.

Please: CCC speakers with brilliant and interesting topics that you know will
interest the global community: Put up an English language blog post!

~~~
smcl
I had a similarly irritating experience with one of the CCC videos, but I'm
not sure if it's just me being spoiled (these are otherwise excellent quality
talks, provided at no cost to me). The first 20 minutes of the Snowden/family
talk was a presenter fiddling around with her laptop which had run out of
battery, interspersed with a guy whistling into the mic to "entertain" the
crowd. I was able to skip past it, but whistling - wtf!?

~~~
wonko1
I feel a bit sad to read this.

The CCC is a super-cheap conference. It costs 100Euro (about 100USD
currently?) to attend a 4 day conference.

The venue is massive, and roughly 13,000 people attend. There are often 3 or 4
talks going on at the same time. The talks are among the most technically
interesting available anywhere.

In top of that, they have areas where people can hack on group projects, and
the venue is open 24hours during the conference (some people even crash there
over night).

This is all run on a largely volunteer basis. And in my view to a very
professional standard.

Someone screwing up and delaying one talk seems pretty insignificant in light
of the amazing work they do.

~~~
smcl
Hey hold on - I did say that the talks were excellent and delivered at no
cost, and conceded that I was probably just overreacting. Why are you
commenting as I didn't?

