The Mac OS X Expert Challenge 2005.1


© Amit Singh. All Rights Reserved. Written in April 2005

Result

RankName(s)Analysis
WinnerAlexey ProskuryakovView Analysis
Runners UpAndrew Wellington and Graham DennisView Analysis

Alexey Proskuryakov's was the first entry in the challenge. When I first looked at his analysis, I momentarily regretted not having made the problem harder! Alexey determined correctly what panpipes was doing to trigger the panic, identified most of the cloaking measures it used, and suggested a plausible fix for the problem.

The analysis by Andrew Wellington and Graham Dennis is equally commendable, matching Alexey's analysis in technical excellence and satisfying all requirements of the challenge.

Alexey is the winner since his submission was received over two days sooner than the one from Andrew and Graham.

Honorable Mentions

I received exactly 5 entries. Besides the winner and the runners up, the remaining 3 entries did not meet any of the challenge requirements. However, they were from people who made serious, sincere, and worthy efforts. These people are listed below, in decreasing order of the merit of their submissions.

Reward Disbursement

Each challenge participant will receive a free copy of my book on Mac OS X internals when it comes out.


Report

Recapitulation

I announced The Mac OS X Expert Challenge 2005.1 a week ago. The challenge involved a program called "panpipes" that causes a Mac OS X system to panic. Moreover, panpipes incorporated certain cloaking measures to hide its operation. Participants had to analyze the program to determine its operation, provide their own program to trigger the same kernel panic, and propose a fix for the flaw in question.

The Construction of Panpipes

For details on how I constructed the panpipes program, please refer to the document The Construction of Panpipes.

Perhaps the most intriguing aspect of the system flaw used by panpipes is the flaw's age. It has existed for well over ten years. NEXTSTEP, which is ancestral to Mac OS X, had the same issue, and the issue continues to exist in the current and upcoming versions of Mac OS X.

Response to the Challenge

The response was better than I had expected, for the most part. Consider the following key statistics:

Statistics

I received several other emails — some of them quite bizarre — that do not qualify as entries by any stretch of imagination. I am at a loss what to make out of notes such as the following (quoted verbatim):

Do Not Enter
Net-demography of those interested

It is worth noting, and should be of particular interest to the winners, that there were downloads from research labs, universities, and technology companies.

Consider the following non-exhaustive list of examples (University names are colloquially stated):

Disclaimer

Please note that barring cases where I have received correspondence, I have no way of knowing whether a downloader actually attempted to analyze panpipes or even executed it. Specifically, downloading panpipes does not necessarily imply that the downloader participated in the challenge.

Laboratories: Fermi National Accelerator Laboratory, Goddard Institute for Space Studies (NASA), Los Alamos National Laboratory, Lawrence Livermore National Laboratory, and Sandia National Laboratories.

Universities: ANU (Australia), Boston University, Brown, Caltech, Cambridge (UK), Cornell, Universidad Galileo, Harvard, Hokkaido (Japan), Imperial College (UK), Indiana, Iowa State, John Hopkins, Kent (UK), L'Univerité de Nantes (France), Maryland, MIT, Monash (Australia), Michigan, Newcastle (UK), NTUA (Greece), Ohio, Oregon State, Oxford (UK), Penn State, Portland State, RIT (Rochester), Rutgers, Stanford, Tennessee, UCLA, UTA (Austin), Utah, Various *.uni-*.de, Washington, Waterloo (Canada), University of Western Australia, and Yale.

Companies: Apple, Boeing, Capital One, Cisco, Compaq, Compound Therapeutics, EFI, Fossil, Goldman Sachs, GPC Electronics (Australia), IBM, IKEA, JVC, Microsoft, Motorola, nVIDIA, Oracle, SAAB, Tour Andover Controls, and Xerox.

Summing Up

I had stated my goals for this endeavor as the following:

  1. Probe popular interest in system-level Mac OS X topics.
  2. Gauge the initiative and inquisitiveness of the Mac OS X community based on the kind of response generated.
  3. Use the outcome to roughly quantify, if possible, Internet-wide Mac OS X expertise outside of Apple.
  4. Facilitate sharing (and acquisition) of Mac OS X knowledge.
  5. At the very least, provide an interesting problem for some people to solve.

In light of my goals, one can question whether the challenge was useful to the audience, and whether it was useful to me.

Audience Feedback

Based on the feedback I received, I believe this endeavor was useful to its audience. Following are some excerpts from the feedback:

My Feedback (to the Audience)

Rather than impose my inferences upon others, I would like to suggest the following points for pondering, which could potentially be topics of discussion based on the statistics of this challenge:

In my opinion, an important positive side effect of this challenge is that at least the techniques used by panpipes become public knowledge. This should reduce the size of the conceivable arsenal of "unknown tricks" that could potentially be part of future malware.