{"id":13587992,"url":"https://github.com/kiding/apple-ocsp-noiser","last_synced_at":"2025-04-08T02:34:34.353Z","repository":{"id":145026850,"uuid":"313836674","full_name":"kiding/apple-ocsp-noiser","owner":"kiding","description":"Privacy-Preserving Noise Machine for Apple Developer ID OCSP","archived":false,"fork":false,"pushed_at":"2024-05-28T10:22:20.000Z","size":48,"stargazers_count":34,"open_issues_count":1,"forks_count":1,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-08-02T16:08:36.206Z","etag":null,"topics":["big-sur","macos","ocsp","pki","privacy","security"],"latest_commit_sha":null,"homepage":"https://kiding.medium.com/macos-ocsp-telemetry-explainer-and-mitigation-9bc243928f4c","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kiding.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-11-18T05:53:13.000Z","updated_at":"2024-06-11T20:05:52.000Z","dependencies_parsed_at":"2024-02-08T12:28:27.091Z","dependency_job_id":"2b08ed79-22af-4e67-becd-ca9cac392304","html_url":"https://github.com/kiding/apple-ocsp-noiser","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiding%2Fapple-ocsp-noiser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiding%2Fapple-ocsp-noiser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiding%2Fapple-ocsp-noiser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiding%2Fapple-ocsp-noiser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kiding","download_url":"https://codeload.github.com/kiding/apple-ocsp-noiser/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223300649,"owners_count":17122661,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["big-sur","macos","ocsp","pki","privacy","security"],"created_at":"2024-08-01T15:06:27.438Z","updated_at":"2024-11-06T07:30:44.158Z","avatar_url":"https://github.com/kiding.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# apple-ocsp-noiser\nPrivacy-Preserving Noise Machine for Apple Developer ID OCSP\n\n\u003e Read [the writeup](https://kiding.medium.com/macos-ocsp-telemetry-explainer-and-mitigation-9bc243928f4c) for the full details.\n\nmacOS sends a periodic OCSP request *in plaintext* with a **serial number** of the developer certificate of the app that's being installed or launched. Whether the intention, the requests themselves can be used as *telemetry* by anyone on the network; ISPs, governments, etc. \n\nBlocking `ocsp.apple.com` entirely will hinder Apple's built-in malware protection. What we should do instead is to *confuse* the eavesdroppers in the middle by adding noise.\n\n`apple-ocsp-noiser` sends out an OCSP request to `http://ocsp.apple.com` with a *random* legitimate or nonexistent **serial number** for every *random* period of time. \n\nDownload `script.sh`, examine the file, then run it with `zsh`.\n```bash\ncd /Users/Shared/ || exit 1\ncurl -Ro 'apple-ocsp-noiser.sh' --fail -- \\\n    'https://raw.githubusercontent.com/kiding/apple-ocsp-noiser/main/script.sh'\nchmod +x apple-ocsp-noiser.sh\n\n# If you're confident the script is trustworthy:\n/bin/zsh apple-ocsp-noiser.sh\n```\n\nYou can also install the script to run at load:\n```bash\nmkdir -p ~/Library/LaunchAgents/\ncd ~/Library/LaunchAgents/ || exit 1\ncurl -ROJ --fail -- \\\n    'https://raw.githubusercontent.com/kiding/apple-ocsp-noiser/main/launched.apple-ocsp-noiser.plist'\n\n# Examine the plist file in case there was a disruption in downloading\n# You will also need to change the `\u003cusername\u003e` to the real user name\nYOUR_FAVORATE_EDITOR=vim\n\"$YOUR_FAVORATE_EDITOR\" launched.apple-ocsp-noiser.plist\n\nlaunchctl load -w launched.apple-ocsp-noiser.plist\n```\n\n## Serial Number Submission\n\nA well-equipped eavesdropper might have a database of *Developer ID* serial numbers. You can help the project by adding more legitimate serial numbers in the *random* pool. Make an issue or a pull request with **only** the serial numbers in hex format.\n\nPlease **do not post** the name of apps or developers. Creating a trackable database is not the purpose here.\n\n```zsh\ncd /Applications/ || exit 1\nls | grep '.app' | while read APP; do\n  rm -f OCSP_0 OCSP_1 OCSP_2\n  codesign -d --extract-certificates=\"OCSP_\" \"$APP\" 2\u003e/dev/null\n\n  if [ -f OCSP_0 ]; then\n    SERIAL=$(openssl x509 -in OCSP_0 -inform DER -serial | head -n1)\n    if [[ ${#SERIAL} -ge 23 ]]; then\n      echo \"$SERIAL\" | sed 's/serial=\\(..\\)\\(..\\)\\(..\\)\\(..\\)\\(..\\)\\(..\\)\\(..\\)\\(..\\).*/\\\\x\\1\\\\x\\2\\\\x\\3\\\\x\\4\\\\x\\5\\\\x\\6\\\\x\\7\\\\x\\8/' 2\u003e/dev/null\n    fi\n  fi\n\n  rm -f OCSP_0 OCSP_1 OCSP_2\ndone\n# \\x75\\x8E\\xF3\\x40\\x27\\x52\\xDE\\x87\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkiding%2Fapple-ocsp-noiser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkiding%2Fapple-ocsp-noiser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkiding%2Fapple-ocsp-noiser/lists"}