Obfuscated Vote Counting Contest

Daniel Horn writes "In a flash of inspiration coming from the Obfuscated C code contest and the current E-voting scandals, I wondered if there shouldn't be a similar code obfuscation contest based on obfuscating voting results, that is, C code that appears correct but does the wrong thing when counting votes. Submit your obfuscated vote-counting code now, and the two winners will be selected on November 2 and will receive a free Vega Strike CD. Obviously incorrect code, however, is not welcome."

I WIN!

[AmigaAvenger]

Quick, someone post some of the Diebold voting machine code, you certainly will have a winner in there!

Re:I WIN!

[anonymous+cowherd+(m]

Did anyone notice the irony in the fact that the email address for submissions is dyebold@gmail.com? LOL.

Re:I WIN!

[Phillup]

You gotta do it right (like... FAR right ;-))

switch (c) {
case YADA_YADA:
yada_yada += 1;
case NADER:
nader += 1;
case KERRY:
kerry += 1;
case BUSH:
bush += 1;
}

That will more likely pass the "first glance" test... and give the big guys the numbers they "deserve".

And, I'm sure Bush would believe he really does have that much more "support" from "his" citizens than Kerry.

Re:I WIN!

[00420]

It has nothing to do with default case. It has to do with the lack of breaks.

Read it again. A vote for kerry means both kerry and bush get a vote. A vote for nader means nader kerry and bush get a vote.

Re:I WIN!

[JUSTONEMORELATTE]

You're missing something more important than a default case.
Aww c'mon, give the guy a break already!

--
free gmail invites -- only one left!

Damn

[antifoidulus]

I was going to submit the Diebold code till I read:Obviously incorrect code, however, is not welcome.

Hiding...

If I were doing this, I would hide the date analysis and vote rigging in another part of the program. For example, the code used to handle the screen and menus, or the network stack.
Then, you could obfuscate a call to jump the program pointer to that part of memory directly, run a tiny bit of code that appears to deal with graphics, but does something else when called with the correct offset.
The devious would be scattered about, rather than in one single vote counting function.

Re:Hiding...

[globalar]

In that same vein, I would use code which has somewhat unpredicatable and incremental behavior. It is much harder to detect code which alters data seemingly at random, and sometimes not at all.

Changing a small amount of data with minimal condition at pseudorandom intervals is practically an intentional bug. Of course, if I can expect a certain threshold of data, I might be able to add a statistical leaning into the program that favors a particular outcome. Of course, this is the point of the contest. The point is, blind trust is no trust at all.

Re:Hiding...

I would hide my code in the parts used for assisting disabled people. My code would be triggered once every so often when a voter takes lots of time to enter a choice or when the voter uses the visually impaired asistance functions vendors have been bragging about. This way you have a high chance of cheating on an older or visually impaired voter, which means a much better chance of going unnoticed even with a voter verified paper trail...

Another good idea for cheating on the disabled, you can hide lots of stuff in an audio decompression codec with the added bonus of people not getting suspicious about highly optimized self modifing code there.

If you were very devious you could even submit your code into an opensource audio project like ogg and then base your voting software on that. Not only would code auditors be looking mostly at what code changes from the public version to the voting machine version, if they found something it would be hard to say anything about who planted it. Instand plausible denyability, another reason to be suspecious about using third party software like windows CE and the access database stuff. Ofcourse if you really want denyability you just accidentally add an exploitable security vulnarability. If it gets cought you hit yourself on the forehead asking how you could have been so stupid, if it isn`t found you go around voting stations on election day and flip some votes around.

Of course nobody would be stupid enough for their cheat code to be triggerd in the first hundred votes. Remember that story about voting machines being "tested" by entering one vote?

One other thing, with everybody talking about software, the obious way to avoid detection is to put your tricks in hardware. Remember the X-box, it has a plain x86 pc design, cpu, northbridge southbridge and bios ROM chip. The guy that first published about cracking its copy protection surprissed quite a few people with the revalation that the X-box doesn`t actually boot from the bios chip but from a bit of rom hidden inside the southbridge chip.

Summary of this year's election

[Dancin_Santa]

enum Outcome
{
AMERICAWINS,
AMERICALOSES
}

int main()
{
bool voted = didYouVote();

Outcome o;

switch (voted)
{
case true:
o = AMERICAWINS;
case false:
o = AMERICALOSES;
}
return o;
}

Re:Summary of this year's election

[tomhudson]

More efficient code, to avoid all the suspense. It is guaranteed to return the correct outcome every time!

#define AMERICALOSES 0x00

int main() {
return AMERICALOSES;
}

Re:Summary of this year's election

I don't know if you're trying to encourage voting or proposing code for the contest but by leaving out the "break;" in your switch statment I think you've certainly predicted the outcome of this year's elections.

Patent pending

[GrAfFiT]

"C code that appears correct but does the wrong thing when counting votes"
Beware of Diebold suing you for infringing one of their patents !

Similar to Dr. Rubin's challenge

[bjtuna]

This seems to be similar to Dr. Avi Rubin's challenge to the community, which basically states that a team of security specialists and programmers should be given access to the development environment of one of the major DRE machines, by the vendor. The team should then attempt to rig the machine in favor of one candidate, and then submit the machine for approval by the elections board's testing agency. The testing agency doesn't know it's being tested, and doesn't know the machine is rigged. Could they catch the rigged machine as they currently claim? It's the same basic principle as having undercover agents attempt to sneak weapons through airport security.

The paper can be found at:
http://avirubin.com/vote/ita.challenge.pdf

Why? Already there!

[DigitalRaptor]

Why create code that distorts the voting results, Diebold has already done it.

My favorite story was a county in Pennsylvania (if I remember correctly, it's in this months Readers Digest) where the electronic voting machine correctly counted all 144,000 votes. Except there were only 19,000 registered voters in the entire county.

We're screwed in this election. It is going to make the 2000 Florida crap look like a cakewalk.

ok.

[photon317]

/* Global vote tallies */
int KerryVotes=0;
int BushVotes=0;

void ParseVote(const char* v) {
if(!strcmp(v,"Kerry")) {
KerryVotes++;
} else if(strcmp(v,"Bush")) {
BushVotes++;
}
}

Re:ok.

Now, what are the chances that the code is being run on a 17-bit platform?

my submission

[SamBeckett]

/* Current population proportion polls show: */
#define BUSH 0.512
#define KERRY 0.481
#define UNDECIDED (1.0 - BUSH - KERRY)

#define NBC 0
#define ABC 1
#define CBS 2
#define FOX 3

int main() {

int bush = 0;
int kerry = 0;
int nader = 0;
int i;
int vote;
int broadcast_network = rand() % 4;

for ( i = 0; i < 260000000; ++i) {
vote = rand() % 10000;

if ( vote < 10000.0*BUSH ) ++bush;
else if ( vote < 10000.0*(BUSH+KERRY) ) ++kerry;
else {
if ( broadcast_network == NBC || broadcast_network == ABC ||
broadcast_network == CBS )
++kerry;
else if ( broadcast_network == FOX )
++bush;
else
++nader;
}
}

printf("Bush :%9d\nKerry:%9d\nNader:%9d\n", bush, kerry, nader);
return 0;
}

Re:last election

Surely you know that C and C++ don't give a damn if there are new lines and carriage returns in the whitespace or not.

Only newbie programmers use new lines and carriage returns.

Real programmers don't use new lines and carriage returns as it detracts from being able to glance at the whole program at once and immediately understand it's intent, purpose, and spot any bugs in a holistic fashion.

Re:Powered by Windows?

[psetzer]

Well, you must have misread. They use Windows CE. I shit you not.

Re:last election

[ezzzD55J]

forgetting strcmp() returns 0 when strings match are we?

Re:Nader not Nater

[OneDeeTenTee]

Nater is a Basketball player, Nader is a presidnetial candidate.

And they both have the same chances of becoming president.

Course at Rice

[offby1]

Dan Wallach is teaching a course at Rice that, I think, includes this sort of challenge.

What the fsck is wrong with this?

[Visaris]

#include <stdio.h>
#include <unistd.h>

/* Just to clean things up a bit */
#define REGISTERED_VOTERS 230597013
#define kerry 1
#define bush 2
#define nader 3
#define Count(y) f##or##y

/* Where the votes come from */
extern int get_vote();

int main(int argc, char **argv)
{
int for_b=0, for_k=0, for_n=0, vote;

/* Count the votes! */
while(vote=get_vote()) {
switch(vote) {
case bush:
for_b++;
break;
case nader:
for_n++;
break;
case kerry:
for_k++;
break;
}
}

/* Print results */
printf("Bush: %d\nKerry: %d\nNader: %d\n",
Count(_b),Count(k)(),Count(_n));
return 0;
}

This is pretty much accurate:

if(voter.ethnicity != WHITE)
return 0;
if(GetVote(&voter))
{
switch(voter.vote)
{
case BUSH:
case KERRY:
++BusinessAsUsual;
break;
default:
AlertFBI();
}
}

Ken Thompson's compiler hack

[FleaPlus]

The best way to do this would be a variant of Ken Thompson's cc hack, published in ACM back in 1984. Basically the voting code would be pristine, but the compiler itself would be modified to add in "features" at compile time. The compiler also had hooks to add in the trojans while compiling pristine compiler code.

Both compiler and voting application code would appear pristine, with the the actual hack existing only in the compiled code.

Indeed

[Pan+T.+Hose]

try to make a point and the only thing people notice is the syntax errors... only on slashdot

Indeed. Everywhere else normal people would just get the point presented in the form of a C program, but not the nerds on Slashdot! But seriously, I was sure that all of the errors in your code was just meant to be examples of real errors that might change the election outcome:

• gorevotes = 1; instead of gorevotes += 1; to make gorevotes always less than or equal to one, and using +=1 instead of ++ only to make the =1 mistake less visible
• comparing canidate to "Nater" instead of "Nader" to make real Nader's votes not counted
• the second bushvotes += 1; instead of nadervotes += 1; to count Nader's votes as votes for Bush
• using bushvotes += 10; instead of bushvotes += 1; to multiply votes for Bush by ten
• using if(strcmp(canidate,"Bush")) instead of if(!strcmp(canidate,"Bush")) supposedly forgetting that strcmp returns 0 false value on a match and true otherwise, to invert the vote counts and count votes not for any given candidate as votes for him
• using canidate instead of candidate variable, which might have a different value
• while not an error per se, not using curly brackets in conditionals might introduce unexpected subtleties in the control flow in more complex code with deceptive indentation

All in all, not counting the Perlish elsif there are no syntax errors, while every single logic error might be used on purpose in a vote-counting code to change the election outcome while being hard to spot in a large and complicated spaghetti code. Did I really miss something?

Actually, I was very surprised reading all of the posts fixing the bugs in your code. "Weren't such bugs the whole point of a contest writing 'C code that appears correct but does the wrong thing when counting votes' after all," I thought to myself? [emphasis added]

But now I am even more surprised! Were those really unintentional errors? Because when I first read your comment I though: "What a brilliant example with so many subtle errors in every single statement!" Have I really overestimated the brilliance of your code? I do really hope that I have not, because it was surely one of the best examples posted so far, the foolish down-moderation notwithstanding.

Was I completely wrong? Doubtful. Was I fooled? I don't think so. Am I stupid? Highly unlikely. So what's wrong?

Re:You Think You're Funny

[pjt33]

Or more accurately, half of America is sitting right in the middle, and the other two quarters are on the fringes.

Right in the middle of America, maybe. From the perspective of those of us on the other side of the Atlantic, your middle is a good way to the right.