Slashdot Mirror
The 2006 Underhanded C Contest Begins
Xcott Craver writes "The second annual Underhanded C Code Contest is live as of April 4th, and runs until July 4th. The object is to write malicious C code that looks perfectly readable and innocent under informal inspection of the source."
Why is this a good thing? I'm not a programmer, so I don't really understand why writing code that appears to be innocent, yet is really evil, help the community?
I understand about making source code available helps in a secure system, but what if that code has evil code...made to look innocent upon inspection....written into it?
I know that showing how to crack into a system, or how to write a virus actually helps in the long run as it exposes weaknesses that can and should be patched and closed. But what does having people practice hiding malicious code do for us?
Just wondering. I find this stuff fascinating....though not fascinating enough to actually learn how to do it!
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
I really liked last years task but this years, um ...
It depends way too much on things like the compiler being used, the optimization level, the actual hardware (how do they compare program run-time if the two OSes in question run on very different CPUs ?), and so on, than on actual C.
Isn't it likely that encouraging people to design programs in this way would lead to companies using these techniques in their own software? Say someone has a contract with Microsoft, the linux version, while being fully functional, could be made to be slower. Then someone would go and demonstrate how poor linux performanace is yadda yadda
Yeah, but why pay when you can just get the HACKER to go to jail and be charged as a terrorist?
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
I see a lot of utility in a contest like this. As much fun as an obfuscated programming contest is, in a day and age when our critical infrastructure, including voting machines, are running on software, it is important that we be aware of just how difficult it to assure that code does what it should.
A related contest I would like to see is a lucid programming contest. Given some small but insidiously tricky task, write a program in the language of your choice which solves the problem correctly and which is easy for someone else to understand. It would be interesting to discover which languages excel at this task and what sorts of patterns emerge when emphasis is placed on clarity.
Heh, I've been ranting for years how I love C and C++ and how Java and pretty much all other higher level languages suck. I think they are ment just for crybabies who can't handle pointers and get confused while tying their shoelaces.
I actually just thought that I'll whip something up for the contest. You know, first I'll just make the basic program and try to figure out how to sneak something in. It took me 10 minutes to realize that I have no fucking clue what I'm doing.
"How do I read from stdin?"
"How do I allocate without too much overhead for it?"
"Wait, I really shouldn't be doing this in the main function. Perhaps I'll make a separate function. Now, hmm.. How do I define a function which takes a reference to an array of char pointers, and what else do I need to know to reallocate the array"
"Oh right. It also needs to be separated by spaces too, not just newlines"
"I wish there was a nice library function 'char *readfile(stream)' in ANSI C"
"Shit. Real programming is hard!"
I hereby turn in my coding gloves, and don the pink fluffy Java gloves I have actually worn for some time against my will.
Bot Assisted Blogging
#include <stdio.h>
main()
{
char stuf[80];
while(1)
{
fputs("Enter something: ", stdout);
fflush(stdout);
gets(stuf);
fputs("You have entered ", stdout);
printf(stuf);
}
}
silly (and looks innocent enough) but closer inspection will reveal nastyness...
SIGBUS @ NO-07.308
I think, with creative use of bad programming, you could corrupt either the salt or the calculation of the hash function in such a way as to guarantee that for a target OS the hash-table performance would degrade into worst-case. So if you took your borked hash table, and used it to implement an associative array, the fairly trivial read in stdin, increment fields in associative array, sort array in order code could be made to perform at average time complexity in non-targetted OSes and worst-case time complexity in your target OS. Assuming you pick an O(n log n) sort algorithm, if you manage to "accidentally" make each of those n's actually polynomial complexity (heck, n^2 even) the computer should essentially blow up on non-trivial data sets. Its late in the evening and I haven't thought through this very much, but one way would be to use utsname's sysname thing as part of your "random data" to make the salt. That sounds a little obvious though. Maybe there's some obscure function somewhere for getting dates or times or something that I can exploit format of the returned data to reveal the difference between OSes, as that would be a lot harder to detect ("oh, seeding a hash function with a date and some magic numbers, nothing wrong with that").
Anybody got any ideas or corrections to share? Its been a while since I've taken data structures, and I've got essentially no ideas for obscure functions revealing system differences to exploit (C isn't my bag).
Help poke pirates in the eyepatch, arr.
uint32 foo = 0;
uint8 *bar =
*bar = 3;
while(foo--) {
do_something();
}
You've got the point? With the right endiness, foo will not become '3', but more like 3*124 = ca. 50 Mio.