GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kiding → apple-ocsp-noiser

kiding / apple-ocsp-noiser

Licence: MIT license
Privacy-Preserving Noise Machine for Apple Developer ID OCSP

Programming Languages

shell
77523 projects

Labels

macossecurityprivacypkiocspbig-sur

Projects that are alternatives of or similar to apple-ocsp-noiser

certgrinder
Certgrinder is a client/server system for getting LetsEncrypt certificates for your infrastructure. ACME challenges are handled by the Certgrinder server, making it possible to get certificates in highly isolated environments, since only an SSH connection to the Certgrinder server is needed.
Stars: ✭ 24 (-22.58%)
Mutual labels:  pki, ocsp
vault-ocsp
OCSP responder for Hashicorp Vault PKI
Stars: ✭ 42 (+35.48%)
Mutual labels:  pki, ocsp
Routinator
An RPKI Validator written in Rust
Stars: ✭ 215 (+593.55%)
Mutual labels:  pki
ct-honeybee
Lightweight program that pollinates STHs between Certificate Transparency logs and auditors
Stars: ✭ 25 (-19.35%)
Mutual labels:  pki
pki-manager
IT Freelancers : Manage small PKI for multiple projects (or clients) with 2 bash scripts
Stars: ✭ 36 (+16.13%)
Mutual labels:  pki
freeipa-issuer
A cert-manager external issuer for FreeIPA
Stars: ✭ 22 (-29.03%)
Mutual labels:  pki
certbot-dns-powerdns
PowerDNS DNS Authenticator plugin for Certbot
Stars: ✭ 22 (-29.03%)
Mutual labels:  pki
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (+500%)
Mutual labels:  pki
valist
Web3-native software distribution. Publish and install executables, Docker images, WebAssembly, and more. Powered by Ethereum, IPFS, and Filecoin.
Stars: ✭ 107 (+245.16%)
Mutual labels:  pki
rfc3161timestampingserver
This project offers a rfc 3161 compliant timestamping authority/server
Stars: ✭ 30 (-3.23%)
Mutual labels:  pki
crlite
WebPKI-level Certificate Revocation via Multi-Level Bloom Filter Cascade
Stars: ✭ 52 (+67.74%)
Mutual labels:  pki
pdf-sign-check
A java / spring boot application to help you sign and check signed pdf documents
Stars: ✭ 81 (+161.29%)
Mutual labels:  pki
Mathematical-Mesh
The Mesh is an infrastructure that makes the Internet easier to use by making it more secure.
Stars: ✭ 39 (+25.81%)
Mutual labels:  pki
Lenovo-Y430p-OS-X-Clover-OpenCore-Hotpatch
Lenovo IdeaPad Y430P NoteBook for macOS 13 Ventura&macOS 12 Monterey&macOS Big Sur 11.0& macOS Catalina 10.15& macOS Mojave 10.14& High Sierra 10.13
Stars: ✭ 41 (+32.26%)
Mutual labels:  big-sur
makeuniversal
Tool to create a Universal Binary version of a Qt distribution.
Stars: ✭ 40 (+29.03%)
Mutual labels:  big-sur
certbot-dns-acmedns
Certbot ACME-DNS DNS01 plugin for Certbot
Stars: ✭ 24 (-22.58%)
Mutual labels:  pki
Asn1.js
ASN1js is a pure JavaScript library implementing a full ASN.1 BER decoder and encoder.
Stars: ✭ 196 (+532.26%)
Mutual labels:  pki
open-attestation
Meta framework for providing digital provenance and integrity to documents.
Stars: ✭ 39 (+25.81%)
Mutual labels:  pki
WhiteSurFirefoxThemeMacOS
MacOS Big Sur like theme for Firefox on MacOS & Windows. Make your Firefox look like Safari.
Stars: ✭ 243 (+683.87%)
Mutual labels:  big-sur
orbitdns
Distributed PKI based DNS
Stars: ✭ 23 (-25.81%)
Mutual labels:  pki
View All Similar Projects ➔

apple-ocsp-noiser

Privacy-Preserving Noise Machine for Apple Developer ID OCSP

Read the writeup for the full details.

macOS sends a periodic OCSP request in plaintext with a serial number of the developer certificate of the app that's being installed or launched. Whether the intention, the requests themselves can be used as telemetry by anyone on the network; ISPs, governments, etc.

Blocking ocsp.apple.com entirely will hinder Apple's built-in malware protection. What we should do instead is to confuse the eavesdroppers in the middle by adding noise.

apple-ocsp-noiser sends out an OCSP request to http://ocsp.apple.com with a random legitimate or nonexistent serial number for every random period of time.

Download script.sh, examine the file, then run it with zsh.

curl -O https://raw.githubusercontent.com/kiding/apple-ocsp-noiser/main/script.sh
# If you're confident the script is trustworthy:
/bin/zsh script.sh

Serial Number Submission

A well-equipped eavesdropper might have a database of Developer ID serial numbers. You can help the project by adding more legitimate serial numbers in the random pool. Make an issue or a pull request with only the serial numbers in hex format.

Please do not post the name of apps or developers. Creating a trackable database is not the purpose here.

ls | grep '.app' | while read APP; do
  rm -f OCSP_0 OCSP_1 OCSP_2
  codesign -d --extract-certificates="OCSP_" "$APP" 2>/dev/null

  if [ -f OCSP_0 ]; then
    openssl x509 -in OCSP_0 -inform DER -serial | head -n1 | sed 's/serial=\(..\)\(..\)\(..\)\(..\)\(..\)\(..\)\(..\)\(..\)/\\x\1\\x\2\\x\3\\x\4\\x\5\\x\6\\x\7\\x\8/' 2>/dev/null
  fi

  rm -f OCSP_0 OCSP_1 OCSP_2
done
# \x75\x8E\xF3\x40\x27\x52\xDE\x87
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].