Tunnelblick is open source, free software, so you can certainly modify it. See
Building from Source and
Signing the Application.
To point you to the OpenVPN source in Tunnelblick, it is located in third_party/sources/openvpn. There is a folder there for each version of OpenVPN to be included, named with the OpenVPN version. Inside that folder is an optional "patches" folder that contains patches, and an "openvpn" folder that contains the source code for that version of OpenVPN. What you would basically do is put the patch file into the "patches" folder, renaming it so it ends in ".diff", and possibly modify it so the patch command used when building Tunnelblick works at the proper folder level, and rebuild Tunnelblick.
I should warn you that the xor patch on GitHub has several bugs, including null-pointer dereferences, and that
the view of the OpenVPN developers is that it should not be used and that they recommend obfsproxy instead. The following is from the last post (by one of the OpenVPN developers) on
an OpenVPN mailing list thread:
We (OpenVPN developers) do not encourage people building their own versions of OpenVPN changing the wire-protocol like this, without the patch being through a proper patch review and having evaluated possible security risks related to such a change.
And we especially discourage using such an approach when there exists a far better solution, used by the TOR community. It is called obfsproxy and can be used together with OpenVPN without needing any re-compilation of OpenVPN.
For more information, have a look at these URLs
That said, I am considering adding the xor patch to Tunnelblick (after fixing the bugs; I would contribute the bug fixes upstream), possibly by including it as an additional patched copy of OpenVPN. This would allow people who do not want the patch for security reasons to avoid it, but still make it available for those who want/need it.
I am also considering adding the ability to easily use obfsproxy (from the Tor project), by including it inside of Tunnelblick (similar to the way that OpenVPN is included) and starting it with arguments provided by specially marked comments in the OpenVPN configuration.