
Reversing a MacOS Kernel Extension - supro
https://lightbulbone.com/posts/2016/10/dsmos-kext/
======
saagarjha
> Reversing the Unprotect Algorithm

Protected binaries have everything after the first three pages encrypted with
512-bit Blowfish. The key is the “Don’t steal Mac OS X” poem (I believe with
spaces removed):

Your karma check for today: There once was was a user that whined his existing
OS was so blind, he'd do better to pirate an OS that ran great but found his
hardware declined. Please don't steal Mac OS! Really, that's way uncool. (C)
Apple Computer, Inc.

Fun fact: CommonCrypto doesn’t do Blowfish with a key size this large anymore
due to CVE-2016-1802: [https://blog.timac.org/2016/0710-blowfish-operations-
with-ke...](https://blog.timac.org/2016/0710-blowfish-operations-with-key-
size-longer-than-448-bits-in-macos-10-11-5-ios-9-3-2/)

~~~
Matt3o12_
What would be the purpose of such a "bad" encryption? Apple must have known
that it is not difficult to decrypt the protected binaries, so what is the
point? To deter people who are not determined enough to learn about the code?
To tell people who do decrypt them not to seal code?

~~~
saagarjha
It’s probably meant as a slight deterrent. People who are determined to
Hackintosh are going to do it anyways; this just puts a small barrier in place
to them doing so. Plus, the poem makes them feel bad about their actions.

~~~
95014_refugee
Technical Protection Measures.

~~~
saagarjha
It's not a very good one, is it? Nothing close to what iOS does.

Nice username BTW ;)

------
aymenim
This is interesting, I wonder if this the same encryption used to encrypt app
store apps as well, I believe on iOS the kernel extension is fairplay, it
would be interesting to know if someone tried to decrypt an app without a
jailbroken device.

------
fouc
Funny - reverse engineer C++ calls by using google instead.

------
Fnoord
(2016)

