In August 2006, Apple sent WWDC attendees home with prerelease copies of Mac OS X 10.5 “Leopard”. As with all major updates, the initial seeds of Leopard broke a lot of programs, in some cases requiring hefty code changes to fix. Attendees received prereleases of the operating system in order to get their programs working before the public release date (then, early 2007), but were bound to non-disclosure agreements forbidding them from revealing what exactly broke.

Adium, a GPL-licensed IM program, is one program that broke, and support tickets trickled in from users complaining of having to use iChat instead. Most of the problems were fixed without too much effort by the Adium developers who had the Leopard prerelease, but as Eric Richie pointed out, they couldn’t check the changes in because it would violate the NDA.

A few hours later David Smith came back with a plausible solution: Keep the fixes private until October, but release a compiled binary for 10.5 users in the meantime. Sean Egan’s “GPL violation radar” quickly went off, and the Catch-22 became clear: Release the code, violate the NDA; release the binary with no code, violate the GPL.

Ultimately, the team decided to make a private branch of the code and release neither their changes nor compiled binaries until Leopard was finally released in October 2007.

A Solution

Now that Snow Leopard is in the hands of developers, history may repeat itself. While there have been no reports of Adium failing to run, there are minor graphical glitches which cannot be resolved until the NDA expires.

However, it dawned on me today that a simple solution is to encrypt a tarball of the source with a key that is only known by people with the prerelease operating system (and presumably under the same NDA). The key could be simple, like the output of uname -r, or more secure, like some system file introduced in the new OS.

I’ve written a simple perl script which performs an elementary XOR cipher on an input file given a key via STDIN. For instance, you won’t be able to read this file without having the same version of Finder as me:

A Note on Cryptanalysis

The XOR cipher is not meant to be strong; it’s meant to be simple. However, it can be rather trivial to crack it. In the case of human-readable text, as in the example file above, statistical analysis can eliminate the need for a key. For patched source code, an attacker could use the unpatched code to work out the changes, if the key is short enough.

Perhaps the most interesting, though, is that XOR is symmetric. The intended use is plaintext ^ key = ciphertext; ciphertext ^ key = plaintext. However, by simple manipulation we can show that plaintext ^ ciphertext = key. So, if someone was smart enough to work out the exact changes independently, they could work out the key — revealing a key that is likely under NDA! I wonder if that can be used against you…

This entry was posted Wednesday, July 2nd, 2008 at 4:51 am and is filed under Computer Science, Math, Secrets, Security. You can leave a response, or trackback from your own site.