Anti-Piracy Message in Mac OS X Kernel Extension
Apple has hidden an anti-piracy message within Mac OS system software as a kernel extension.
“com.apple.Dont_Steal_Mac_OS_X” is a kernel extension that runs within Mac OS X, it’s function is thought to insure that Mac OS X is running only on certified Apple hardware. And aside from the not-so-subtle name of the kernel extension, it includes a little anti-piracy poem too.
You can see this kernel extension yourself by going to the Terminal and typing:
kextstat | grep "Dont_Steal"
Apparently the following message gets loaded into memory somewhere:
Your karma check for today:
There once was was a user that whined
his existing OS was so blind,
he’d do better to pirate
an OS that ran great
but found his hardware declined.
Please don’t steal Mac OS!
Really, that’s way uncool.
(C) Apple Computer, Inc.
A rhyme to combat software piracy, nice huh? The ‘hardware declined’ message seems to suggest this is aimed at the Hackintosh community, which aims to run MacOS and Mac OS X on unofficial hardware by using commodity PC components.
I wonder if this is one of the kernel extensions that gets replaced or modified with various Hackintosh installs?
If you have any insight regarding the kernel extension, share in the comments!
Unfortunately, the lawyers at apple removed it :-( now it says “Copyright (c) 2006-2019 Apple Inc. All rights reserved. The purpose of this Apple software is to protect Apple copyrighted materials from unauthorized copying and use. You may not copy, modify, reverse engineer, publicly display, publicly perform, sublicense, transfer or redistribute this file, in whole or in part. If you have obtained a copy of this Apple software and do not have a valid license from Apple to use it, please immediately destroy or delete it from your computer.”
nice find bro
This is a bit humorous. Good find. does anyone know why Mac OS x kernel is putting up mass activity when utorrent is running?
On hackintoshes, that kext is responsible for doing the heavy lifting of decrypting the Apple Protected Binaries, however the actual keys are stored in a device called the SMC which is present only in Macs and is responsible for platform management like temps sensors etc. The trick is to emulate the whole device but provide only the necessary keys and a response when probed (to act like the actual device). Don’t Steal Mac OS X does the rest. Apple implemented this idea starting with Mac OS X Tiger 10.4.3 and onward. The actual key(s) stored in the SMC are: “ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc”
You can find it here.
System/Library/Extensions/Dont Steal Mac OS X.kext
When you find this file and select it. press ‘Command I’. Read up on what it does.
yes … this is the extension … the “Your Karma blabla …” ist the decrypt key from Apple … on this all the Hackintosh decrypters are working :-)