Slashdot Mirror

← Back to Stories (view on slashdot.org)

2008 Underhanded C Contest Officially Open

Posted by Soulskill on from the sneaky-sneaky dept.

Xcott Craver writes "The 2008 Underhanded C Contest has just opened. Every year, contestants are asked to write a simple, innocent, readable C program that appears to perform an innocent task — but implements some non-obvious evil behavior. This year's challenge: redact blocks from an image, but do it so that the excised pixels can somehow be retrieved. We also have listed the winners of last year's contest, which was to write a simple encryption utility that mysteriously and undetectably fails between 1 percent and 0.1 percent of the time. The winning entry is truly impressive." We discussed the first of these contests in 2005.

61 of 160 comments (clear)

  1. I submit by Anonymous Coward · · Score: 5, Funny

    The Microsoft Windows Operating System, pick your version.

    1. Re:I submit by Rhapsody+Scarlet · · Score: 5, Funny

      Um, hello? Simple? Readable? Seemingly innocent? Does any current version of Windows manage to fulfil even one of these criteria?

    2. Re:I submit by dotancohen · · Score: 4, Funny

      Um, hello? Simple? Readable? Seemingly innocent? Does any current version of Windows manage to fulfil even one of these criteria?

      Post the Windows source code and we'll tell ya.
      --
      It is dangerous to be right when the government is wrong.
    3. Re:I submit by Anonymous Coward · · Score: 4, Funny

      Post the Windows source code and we'll tell ya.
      A rare moment when a goatse.cx link would be appropriate.
    4. Re:I submit by setagllib · · Score: 4, Insightful

      Microsoft has already released a fair part of Windows' source as the "Research kernel". Surprisingly enough it's not bad, but it takes more than clean code to make a clean operating system.

      --
      Sam ty sig.
    5. Re:I submit by hairyfeet · · Score: 3, Interesting
      Have you actually looked at the Windows source code? When that chunk of the Win2K Pro source code hit the net I had to look(I still think it was the best Windows version ever made) and I was torn between being saddened and LMAO. It had tons of comments like "Don't know what this actually does but if removed Office prior to 2K will destroy every doc it touches so DON'T TOUCH" and "THIS IS A HACK which we haven't a clue what does but Windows crashes horribly if removed so LEAVE IT ALONE"


      I don't know whether it is because the code has gotten so massive,or it is because so many coders from the old days have quit,but you really get the feeling that the reason Windows gets hit with crap like the ancient WMF file hack is not because they WANT to keep those ancient pieces of junk in there,but because nobody knows exactly what it does and removing it causes Windows to fail like Win 3.1 with a buggy TSR. But that is my 02c,YMMV

      --
      ACs don't waste your time replying, your posts are never seen by me.
    6. Re:I submit by Tubal-Cain · · Score: 5, Funny

      When that chunk of the Win2K Pro source code hit the net I had to look... And where do you live again?

      --The IP Police
    7. Re:I submit by Hal_Porter · · Score: 5, Informative

      Have you actually looked at the Windows source code? When that chunk of the Win2K Pro source code hit the net I had to look(I still think it was the best Windows version ever made) and I was torn between being saddened and LMAO. It had tons of comments like "Don't know what this actually does but if removed Office prior to 2K will destroy every doc it touches so DON'T TOUCH" and "THIS IS A HACK which we haven't a clue what does but Windows crashes horribly if removed so LEAVE IT ALONE" I've seen that code and what you wrote is FUD and bullshit

      http://www.kuro5hin.org/story/2004/2/15/71552/7795

      Despite the above, the quality of the code is generally excellent. Modules are small, and procedures generally fit on a single screen. The commenting is very detailed about intentions, but doesn't fall into "add one to i" redundancy.

      There is some variety in the commenting style. Sometimes blocks use a // at every line, sometimes the /* */ style. In some modules functions have a history, some do not. Some functions describe their variables in a comment block, some don't. Microsoft appears not to have fallen into the trap of enforcing over-rigid standards or universal use of over-complicated automatic tools. They seem to trust their developers to comment well, and they do .
      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    8. Re:I submit by Tenebrarum · · Score: 2, Funny

      And where do you live again?

      --The IP Police

      127.0.0.1

  2. invisible ink by jacquesm · · Score: 3, Funny

    This is actually a feature in 'word'...

    --
    MP3 Search Engine
    1. Re:invisible ink by jamesh · · Score: 4, Interesting

      I recently investigated a problem in MS Outlook where an option was set to never show the body of the email when viewing the email, it could only be viewed when forwarding. There were actually a bunch of tick box options to enable and disable this behavior. Reminds me of the Far Side comic with a passenger in an airplane reaching down to adjust his seat and accidentally about to toggle the 'wings stay on / wings fall off' switch.

  3. Encryption utility that fails... by darekana · · Score: 5, Funny

    encryption utility that mysteriously and undetectably fails... Debian OpenSSL?

    (sorry, couldn't resist, I know they've suffered enough already)
    --
    Interactive Visual Medical Dictionary
  4. Re:Hmm... by dreamchaser · · Score: 4, Informative

    No, the point is to make a utility that appears to innocently redact part of an image, when in fact the information is retrievable. It's meant to be a malicious utility that people would use without knowing that the 'hacker' could recover their full images.

  5. Re:Hmm... by Anonymous Coward · · Score: 5, Funny

    Something like Photoshop's Swirl filter.

  6. Re:Hmm... by Llywelyn · · Score: 3, Insightful

    Ever seen scans from a FOIA request? They redact certain information regarding sources and methods (and some would claim whatever they feel like at the time). *That* would be a "use" of this technology.

    "Enter the registration key" type schemes are more easily accomplished without it being underhanded in nature.

    --
    Integrate Keynote and LaTeX
  7. Hide the evil code? by Dwedit · · Score: 4, Interesting

    I'm sure it would be nearly impossible to hide the evil code here, because anything that isn't a simple assignment loop is suspicious.
    Maybe stick in stuff in the image loader, image temporary copy code, and keep the blackener to the obvious implementation, then stick stuff in the saver.

    I thought some crazy stuff involving function pointers as the function to call to return a black pixel might be promising. Maybe use some out of bounds array math to change one function pointer to point to some other code.

    1. Re:Hide the evil code? by Ethan+Allison · · Score: 4, Insightful

      That's what makes this so interesting.

      --
      I make websites and stuff. Buy one.
    2. Re:Hide the evil code? by apathy+maybe · · Score: 5, Interesting

      Have a look at some of the previous contests. The original contest (2004 voting contest) has people exploiting stacks and various other sorts of nastiness.

      In 2006, http://www.brainhz.com/underhanded/results2006.html you get people exploiting the fact that 64 bit and 32 bit OS are different, or that some OSes are big endian and some little, and so on. There are all sorts of nasty tricks that are possible.

      One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like), there isn't much space, but you could recover some information from the original. And a one bit difference in black isn't easy to spot...

      Of course, I can't code C, so I don't know what I'm talking about.

      --
      I wank in the shower.
    3. Re:Hide the evil code? by amRadioHed · · Score: 4, Insightful

      One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like) Sure that's easy without the source code, but how do you make setting black to something other than 0 look innocent in your source code? There's the rub.
      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    4. Re:Hide the evil code? by Anonymous Coward · · Score: 4, Funny

      Of course, I can't code C, so I don't know what I'm talking about.
      You should have begun your post with this line. Then I'd know not to listen to you. :-)
    5. Re:Hide the evil code? by apathy+maybe · · Score: 2, Interesting

      Alternatively, it doesn't have to be black, it can be "random" colours or whatever (as pointed out by someone below).

      I can't just think how one could do it, and still pass inspection, however, I'm not trying to enter the contest, so ;).

      --
      I wank in the shower.
    6. Re:Hide the evil code? by linal · · Score: 2, Funny

      One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like) Sure that's easy without the source code, but how do you make setting black to something other than 0 look innocent in your source code? There's the rub. Just lie really well in your comments?
    7. Re:Hide the evil code? by billcopc · · Score: 2, Interesting

      Init a "black buffer", and sneakily smash it with something else via a rogue pointer or array overrun.

      There are millions of ways to write nasty code in C, since C is just a thin veneer on top of assembler.

      --
      -Billco, Fnarg.com
    8. Re:Hide the evil code? by Heian-794 · · Score: 4, Funny

      "One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like)"

      Pedantry, I admit, but it's steganography that hides the information in that way. Stenography would be copying the RGB values on a piece of lined yellow paper.

    9. Re:Hide the evil code? by Ifni · · Score: 4, Interesting

      Actually, this one is likely simple (haven't read the detailed requirements, so I may be off base), but instead of redacting with a solid black block, redact with a "random" pattern, perhaps using MD5 to generate the pattern from the original. MD5 is reversible (though maybe not for all values), though the computing requirements to do so might be a little more than the project demands. In that case, some other innocent looking but slightly flawed algorithm to obfuscate the image portion (I think someone mentioned the Photoshop Swirl filter) could be used. A casual observer would look at the code and go "oh, what a neat effect, and it is indeed unreadable", without investigating the reversibility of the process.

      --

      Oh, was that my outside voice?

    10. Re:Hide the evil code? by Ifni · · Score: 2, Interesting

      Replying to myself so both posts can be ignored together...

      Another option is to have an option in the program that allows the user to choose to have the redacted part recoverable (optionally with a password), but the check for that option is subtly bugged such that the option is ALWAYS enabled, and the default password is known or determinable. Then all the complex code for hiding a recoverable image looks innocent, and the only hard part is making it non obvious that the check to use that feature always returns true.

      --

      Oh, was that my outside voice?

    11. Re:Hide the evil code? by OldManAndTheC++ · · Score: 3, Funny

      And then of course there is Steganosaurus, the carnivorous dinosaur that employed stealth. It could hide in plain sight by making itself look like a large fern or shrub, and then leap onto its unsuspecting prey, snapping its victim's neck in one bite of its massive jaws.

      "Scientists" tell us that the dinosaurs died out millions of years ago, but I think that Steganosaurus could still be with us today, having adapted to our modern world by mimicking small cars, or photo kiosks, or landscaping equipment. And that is why I tell my wife that I refuse to touch the lawnmower until she can prove that it isn't really a steganosaur.

      --
      Soylent Green is peoplicious!
    12. Re:Hide the evil code? by Argilo · · Score: 2, Informative

      MD5 is reversible only if you know in advance that the input value was chosen from a relatively small set of possibilities. The recent attacks on MD5 do not reverse it; they just find "collisions", i.e. pairs of inputs that hash to one and the same value.

    13. Re:Hide the evil code? by DJStealth · · Score: 2, Interesting

      The real question is, if you do win the contest is this something you'd want to put on your resume? Would someone hire somebody who is capable and who has actually done something like this?

    14. Re:Hide the evil code? by kevingolding2001 · · Score: 4, Funny

      Diebold

  8. Re:Hmm... by Gnavpot · · Score: 4, Insightful

    No, the point is to make a utility that appears to innocently redact part of an image

    More precisely:
    The point is to make a utility that - when viewing the source code - appears to innocently...

    It is no challenge to make a closed source utility which does something evil even though it appears to do something innocent. Most viruses do that.

    The challenge is to hide the the evil behaviour in simple and open source code.
  9. Compression would be nice by 32771 · · Score: 5, Interesting

    Wouldn't it be nice if the original under the blacked out area could be compressed and then put somewhere else in the image.

    It would be much easier if one could just use an algorithm which just displaces the pixels and then forget to randomize the displacement. This could look much more innocent than the above.

    That black area has so little expected channel capacity that hiding anything in it is kinda difficult.

    Unfortunately the code for the blacking out can be made so small that it is tough to hide anything in it, unless ppm offers some ways to add complexity in some innocent way.

    I wonder what means of deciphering the hidden area are allowed, i.e. can I write another program to get the kitty face information back?

    That is a really cute picture. I wonder what it is thinking.

    --
    Je me souviens.
    1. Re:Compression would be nice by 32771 · · Score: 3, Informative

      Just found the following in their faq:

      "For the 2008 contest: what does âoeblocked outâ mean?

      It means those pixels are apparently replaced with non-image. It can mean overlaying a black rectangle, or any colored rectangle, or a pattern, or random noise. As long as it appears to remove those image pixels, thatâ(TM)s fine."

      Very good!

      --
      Je me souviens.
    2. Re:Compression would be nice by RKThoadan · · Score: 2, Insightful

      The real challenge isn't how to do it, but how to do it so that someone who is reading your code doesn't realize the data is still available. That's the really tricky part.

    3. Re:Compression would be nice by The+Troll+Catcher · · Score: 2, Interesting

      something like this, perhaps:

      int _time = time(0);
      srand(time);
      int randomValue = rand();

      For those who aren't c programmers, what this actually does is seed the random number generator with the *function address* of the time() function. Which is just about guaranteed to be constant across all runs of the program (at least on the same machine).

    4. Re:Compression would be nice by irc.goatse.cx+troll · · Score: 4, Interesting

      Seems like you dont even have to go that far, all you have to do is compress the image to jpeg first keeping/embedding a JFIF thumbnail (leave this as uncommented black magic, preferably outsourced to another lib), then do all your work to the actual image without updating the thumbnail.

      Photoshop used to do this under certain conditions, like when Cat Schwartz from TechTV took topless pictures of herself and cropped them to just extreme closeups of her eyes for her blog, only to have someone save it and see the (uncropped) thumbnails.

      They made her do a story on it shortly thereafter. Cruel.

      --
      Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
  10. Last years winner really deserves some praise by imsabbel · · Score: 4, Interesting

    because the way it dumpes the key into the output is hidden in such a underhanded, innocent way...

    --
    HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
    1. Re:Last years winner really deserves some praise by lbft · · Score: 2, Interesting

      You mean the way it dumps the key amongst other junk in the output file one in every 256 times it's run with debugging off?

      When was the last time you checked the output of an encryption program to make sure it was truly random? What about your boss? The CEO's secretary? The accountant? Someone in a government office dealing with your personal information?

  11. Even better by Moraelin · · Score: 5, Interesting

    Reminds me of a "compression program" back in the early 90's. Seemed to compress better than Zip or RAR and was pretty fast too. You could also test it by compressing and uncompressing a few files, and you got your original back.

    Turns out it just copied the contents to a temporary file and "uncompressing" got them back from there, while the "archive" was just random junk. Better yet, the temporary file was just a circular buffer, so when it filled, old data got discarded.

    --
    A polar bear is a cartesian bear after a coordinate transform.
  12. Re:Hmm... by 32771 · · Score: 5, Interesting

    Now we can speculate what the authors intentions behind the contest are.

    I think their FAQ addresses most points pretty well:

    http://underhanded.xcott.com/?page_id=7

    I hope sensitizes open source programmers programmers to take great care with peoples submissions to their projects. Only good can come from that.

    --
    Je me souviens.
  13. Re:Hmm... by Anonymous Coward · · Score: 3, Funny

    You mean like the FBI in PDF's?

  14. Re:PNG by flnca · · Score: 4, Informative
    Yes, it can be: From TFA:

    Note that if you use our PPM code, or any bog-standard image library , that code isn't counted in the number of lines.
  15. WIC by Saiyine · · Score: 5, Funny

    Wavelet Intelligent Compressor. And it was intellingent, indeed. It had a compression scheme so good it could compress its own .wic files down from megs to bytes. But what do you mean with "random junk", do you mean my .wic based backups could be in trouble????

    --
    Hosting 20G hd, 1Tb bw! ssh $7.95
  16. C is easy - what about Java or Python? by tucuxi · · Score: 3, Interesting

    Arrays, pointers and functions, no memory protection, dangerous strings. I would like to see the same contest with other 'safer' languages, say Java or Python.

    What languages are best suited to underhanded tactics, that is, seemingly innocent but evil?. Notice that underhandedness is very different from plain old abuse -- anybody can write unreadable programs in their favorite language. But, can you make them "clearly read" something different from what is actually written?

    Seems like an important question for people who use Open Source because of the difficulty for adding back doors. For many applications, security is at least as important as speed, and you already have The Shootout for that.

  17. goatse's time to... ummm... shine by jamesh · · Score: 3, Funny

    So it could be sufficient to replace the image with something that the inspector doesn't _want_ to look at. Sort of like a "somebody else's problem" solution. Your code would pass inspection because it would appear to have overlaid the original part of the image with the hardcoded image stored in code (the unsightly image), but there would be a bug which only copies every second pixel or something. Anyone looking at the redacted image wouldn't notice that the original data is still visible simply because they would have to look at the unsightly image too closely. They'd just rubber stamp the solution and say it passed, and then go and lie down for a bit.

    Alternatively, you could go the opposite way instead and use an image which would distract the attention of the inspector enough that they wouldn't notice. Something with breasts would probably do it.

    Can I have my $100 gift certificate now?

  18. Re:Where are past year's results? by niceone · · Score: 2, Insightful

    http://underhanded.xcott.com/?page_id=9

    --
    ccalam - acoustic versions of new songs.
  19. This is scary by LaughingCoder · · Score: 3, Insightful

    OK, it is generally believed that OSS is inherently secure because so many eyeballs can examine and vet it. But as this contest shows, it is possible to include backdoor behavior "in the source for everyone to see" without it being discovered. Oh, and note to self, don't download any open source image editing software in the future ...

    --
    The more you regulate a company, the worse its products become.
    1. Re:This is scary by Haeleth · · Score: 4, Insightful

      OK, it is generally believed that OSS is inherently secure
      No, that's a popular strawman argument used by opponents of OSS. There have been enough vulnerabilities found in OSS that it is trivially obvious that any such claim is false, and no serious OSS proponent would dream of saying any such thing.
  20. It's been done for years .. . by Stavr0 · · Score: 4, Insightful

    courtesy of crazy Japanese censorship laws. Google for gmask or see examples at Lecture on masking (Yes, it's SFW)

  21. Re:PNG by msparshatt · · Score: 2, Informative
    The main page says

    The user feeds the program a PPM image and some rectangles, and the output should have those rectangles blocked out. So it seems the input file has to be in PPM format, though you can use any image library to access the file.
  22. Bug? by Anders · · Score: 4, Interesting

    There seems to be an error in the supplied ppm.c library file:

    p.rgb[i] = z.pixel[y][(x+i)*3*z.bpp];

    This only ever gets the R component, as all offsets are multiples of 3. I think the right code is:

    p.rgb[i] = z.pixel[y][(x*3+i)*z.bpp];

    Maybe this is part of the assignment :-).

    1. Re:Bug? by Xcott+Craver · · Score: 4, Informative

      This was indeed a bug; we fixed it after several people pointed out the mistake.

      Interestingly, this demonstrates the effectiveness of "many eyes" in an open source project, even if the contest demonstrates the limitations of informal source inspection.

  23. Easy by StormReaver · · Score: 3, Funny

    Seemingly innocent code...that mysteriously and undetectably fails up to 1% of the time. What's the big deal? This sounds like any given day at work for me.

  24. Past contests seem too easy by ohtani · · Score: 2, Interesting

    Taking a look at the 2006 entry reminds me of a program I used to have to work on:

    Essentially it was a giant checkbook for a city government organization for some sort of subsidized housing program. There were two numbers to be calculated along with a grand total (primary and interest maybe. I forget now) The code took about 10 minutes to execute and looked something like this... and yes this was unfortunately in Visual Basic

    Label1.Caption = Function1
    Label2.Caption = Function2
    GrandTotal.Caption = Function1 + Function2

    Some of the functions themselves were already bloated to begin with. That ontop of calling both of them twice was just kinda nasty though.

    --
    Pancakes. Oh I blew it.
  25. Re:Poor low-level MS devs by TaoPhoenix · · Score: 2, Interesting


    This cheers me up just a little.

    We rage against the management decisions of MS, but I'm positive the ranks are filled with decent guys just trying to pay for dinner & rent.

    "We haven't a clue what this does but it's vital..."
    Seems to me that if the source were opened, within 5 years we'd at least know what all the hacks did, even if they were still necessary.

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
  26. Too easy by ObjetDart · · Score: 2, Funny
    utility that mysteriously and undetectably fails between 1 percent and 0.1 percent of the time


    Pfft. I don't see what the big deal is. Just about every app I've ever written does this.

    --
    I read Usenet for the articles.
  27. Re:Hmm... by deathy_epl+ccs · · Score: 3, Funny

    ... or the version of Acrobat they sell to the federal government.

  28. My guess by archeopterix · · Score: 3, Interesting

    #define SWAP(x,y) do { x^=y; y^=x; x^=y; } while (0)
    My guess: it is used for x and y of different sizes (say 8 bit and 32 bit).
  29. Re:COULD SOMEONE EXPLAIN HOW IT WORKS by Xcott+Craver · · Score: 2, Informative

    Hi,

    Ask yourself what SWAP(a[j],a[k]) does when j==k.

  30. Re:2007 winners not found by Xcott+Craver · · Score: 2, Insightful

    We have a separate tab for the 2007 winners; it's the first one on the left.

    I recommend you give it a read; the entries are all very clever.

  31. Re:COULD SOMEONE EXPLAIN HOW IT WORKS by sid0 · · Score: 2, Informative

    When a points to the same location as b, *a XOR *b becomes 0. So *a becomes 0. But a is the same as b, so *b becomes 0 as well. Both *a and *b are destroyed. This will happen when the array indices that are passed into the macro are equal.