Slashdot Mirror

← Back to Stories (view on slashdot.org)

2008 Underhanded C Contest Officially Open

Posted by Soulskill on from the sneaky-sneaky dept.

Xcott Craver writes "The 2008 Underhanded C Contest has just opened. Every year, contestants are asked to write a simple, innocent, readable C program that appears to perform an innocent task — but implements some non-obvious evil behavior. This year's challenge: redact blocks from an image, but do it so that the excised pixels can somehow be retrieved. We also have listed the winners of last year's contest, which was to write a simple encryption utility that mysteriously and undetectably fails between 1 percent and 0.1 percent of the time. The winning entry is truly impressive." We discussed the first of these contests in 2005.

4 of 160 comments (clear)

  1. Re:Hmm... by dreamchaser · · Score: 4, Informative

    No, the point is to make a utility that appears to innocently redact part of an image, when in fact the information is retrievable. It's meant to be a malicious utility that people would use without knowing that the 'hacker' could recover their full images.

  2. Re:PNG by flnca · · Score: 4, Informative
    Yes, it can be: From TFA:

    Note that if you use our PPM code, or any bog-standard image library , that code isn't counted in the number of lines.
  3. Re:Bug? by Xcott+Craver · · Score: 4, Informative

    This was indeed a bug; we fixed it after several people pointed out the mistake.

    Interestingly, this demonstrates the effectiveness of "many eyes" in an open source project, even if the contest demonstrates the limitations of informal source inspection.

  4. Re:I submit by Hal_Porter · · Score: 5, Informative

    Have you actually looked at the Windows source code? When that chunk of the Win2K Pro source code hit the net I had to look(I still think it was the best Windows version ever made) and I was torn between being saddened and LMAO. It had tons of comments like "Don't know what this actually does but if removed Office prior to 2K will destroy every doc it touches so DON'T TOUCH" and "THIS IS A HACK which we haven't a clue what does but Windows crashes horribly if removed so LEAVE IT ALONE" I've seen that code and what you wrote is FUD and bullshit

    http://www.kuro5hin.org/story/2004/2/15/71552/7795

    Despite the above, the quality of the code is generally excellent. Modules are small, and procedures generally fit on a single screen. The commenting is very detailed about intentions, but doesn't fall into "add one to i" redundancy.

    There is some variety in the commenting style. Sometimes blocks use a // at every line, sometimes the /* */ style. In some modules functions have a history, some do not. Some functions describe their variables in a comment block, some don't. Microsoft appears not to have fallen into the trap of enforcing over-rigid standards or universal use of over-complicated automatic tools. They seem to trust their developers to comment well, and they do .
    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;