Daily NK recently obtained a copy of “Bidulgi 1.01,” a program that can bypass the smartphone security authentications that were recently put into place by North Korean authorities on the country’s smartphones.
Mun Chong Hyun, the head of the ESTsecurity Security Response Center (ESRC), provided Daily NK with the program, explaining that it and another program, “Chammae,” convert non-North Korean files on mobile phones.
Daily NK previously reported that Chammae – presumably a basic version of Bidulgi, which means “pigeon” or “dove” – is a program that bypasses North Korean smartphone security authentications. In fact, Chammae’s resources (read-only data inside portable executable files like EXE, DLL, CPL, SCR, SYS or MUI files) include the same icon and image files used by Bidulgi. However, Bidulgi’s resources contain no data about Chammae.
Analysis of the programs revealed that Bidulgi and Chammae share the exact same functions. With the exception of a few images, the user interfaces (UI) are the same as well. Even the icon is the same, with its depiction of something penetrating a smartphone’s shield.
Like Chammae, Bidulgi runs right away on Windows 7 and 10 with no special installation process required.
Bidulgi’s UI consists of a left side panel with options for “mobile phone” and “tablet computer” along with a text field to enter an International Mobile Equipment Identity (IMEI) number, and a right side panel with a space to upload the file to convert.
At the bottom of the UI are buttons for “open,” “delete,” “convert” and “quit.” If you click “tablet computer,” the IMEI field changes to “device number.”
The program works just like Chammae. Just select the type of device you would like to stick the file on, enter the IMEI number, add the file to convert to the list, and click “convert.”
North Korean authorities have designed the country’s smartphones to automatically delete unauthenticated files. Bidulgi bypasses this.
Broadly speaking, North Korean authorities have installed two kinds of security authentications on smartphones: an independent authentication system and a “state authentication” system. Files authenticated by North Korean authorities with the state system run on all smartphones, while those authenticated with the independent one run only on the devices where they received the authentication.
Daily NK also obtained a copy of Bidulgi 1.04’s user guide.
The guide begins with a description of the program and provides details installation instructions per operating system.
The guide says Bidulgi 1.04 is “a program that converts multimedia files like text, videos and music so you can use them on mobile devices such as mobile phones.”
According to the guide, you can install the program on Red Star OS 3.0 and Windows XP. A test showed that it runs fine on not only XP, but also on 32-bit versions of later editions of Windows.
The guide stipulated the program’s “duration of use” to last from Jan. 1, 2016 to Dec. 31, 2017.
The program appears to be updated on a yearly basis. Accordingly, version 1.08 of the program has most likely been released by now. Given that the developers regularly make updates to the program, it appears the program is not illegal, but rather an officially sold or distributed piece of software.
In fact, Bidulgi’s user guide is fairly similar in format to other documents produced by North Korean authorities. There is the possibility that the program was created for people who have to carry out “official duties” with North Korean smartphones.
Meanwhile, the user guide also provides detailed instructions for users who encounter errors while using the program.
According to the guide, some files do not convert because they are either “in use” or are “state-approved.”
The guide also states that converted files may not work on your mobile phone if the IMEI of your phone differs from the IMEI of the device the file was converted on.
This means you cannot use Bidulgi to convert files that have been authenticated by the government, and that you can use files that receive independent authentication through Bidulgi only on the phone that converted them.
