Axel Rietschin, a kernel engineer at Microsoft, has claimed that ReactOS, an open-source operating system intended to be binary-compatible with Windows, is "a ripoff of the Windows Research Kernel that Microsoft licensed to universities."
Rietschin, who is a senior software engineer working on the Windows base kernel and container technologies, according to his LinkedIn profile, made the claim in late 2017. It was apparently little noticed at the time, and has backed it up today with a post on Hacker News.
"I think it's a ripoff of the Windows Research Kernel that Microsoft licensed to universities under an agreement that was obviously violated by some, as the code has been uploaded to numerous places, some of it on GitHub," Rietschin wrote.
"I glanced at the ReactOS code tree, and in my opinion, there is absolutely no way on Earth this was written from a clean sheet only from the available public documentation."
He says that "internal data structures and internal functions, not exported anywhere and not part of the public symbols, have the exact same names as they appear in the Research Kernel."
In his recent post, he presents further arguments against ReactOS being a "clean room" implementation done without reference to the source code. "Macros names, parameters, etc. never appears in the compiled code. It is … almost surely impossible that a clean-room reimplementation ends up using macros for the same things, let alone macros with the same or similar names."
Heaps of Windows 10 internal builds, private source code leak onlineREAD MORE
ReactOS is a longstanding project, begun in 1996 and still at Alpha (the current version is 0.4.11). Claims concerning copied source code are not new. In 2006, a developer made a similar claim on the ReactOS developer list, leading to a statement and internal audit by the ReactOS team. Steven Edwards, ReactOS developer, stated that ReactOS code must comply with the "US standard method for reverse engineering", defined by him as "one person tears apart the implementation of a device, writes documentation and another reads that documentation and implements." Edwards said the team would "rewrite all code found to have been implemented not using the US method for reverse engineering," though he also said "we are not banning any developer who might have had access to leaked sources from contributing to ReactOS."
The Windows source code is copyright, though parts of it have been published for research and code has also been leaked, for example as reported by The Reg in June 2017.
Reversing without reversing?
ReactOS developer Alex Ionescu has talked about the methods he uses at the OffensiveCon security conference; one of his sessions there, called "Reversing without reversing", is available online.
In a world where Microsoft dominated the operating system world, the open source ReactOS project was more significant than it is today, with PC sales flat at best and Windows not competing in mobile. Microsoft's direction has also shifted, now focused more on cloud services and subscriptions than on Windows, making Rietschin's claims less significant than would once have been the case. ®