Most of the below patches are functionality from the OpenBSD kernel that I've attempted to port to Xnu (Darwin and Mac OS X's kernel).

These patches are subject to to the Apple Public Source License.

Initialize TCP Timestamp with a random number


This patch is trivial. The TCP timestamp field starts out as one and increase based upon time. By analyzing this field of a TCP packet you can determine how long ago a remote system was rebooted. This patch has the TCP stack initialize the timestamp with a random number. This is perfectly acceptable behavior because nowhere in the RFC does it state that this number needs to start at one.

As of Mac OS X 10.2.3 my patch has been accepted by Apple into Xnu. You can see the original bugzilla report here.

Fork assigns random PID

fork_random_pid.patch - 2k

This patch is not fully working. When applied, the system may boot, but it will be unstable. The message "task_get_bootstrap_port() returned MACH_PORT_NULL!" is repeatedly printed on the console (if the system is booting in verbose mode). My theory is that the randompid variable is being set too early during the kernel's initialization process. This is a rather diffcult thing for me to debug since I don't have another machine for which to use as a remote debugger. Even though it will boot, I can't login, which is another dead-end. Right now I'm just shotgun debugging stage...

This patch is against xnu 201.19 (Mac OS X 10.1.3).

Other Sites

If you're looking for other cool kernel patches, check out Slagheap's MAC Spoofing on the Mac.