Slashdot Mirror

← Back to Stories (view on slashdot.org)

2008 Underhanded C Contest Officially Open

Posted by Soulskill on from the sneaky-sneaky dept.

Xcott Craver writes "The 2008 Underhanded C Contest has just opened. Every year, contestants are asked to write a simple, innocent, readable C program that appears to perform an innocent task — but implements some non-obvious evil behavior. This year's challenge: redact blocks from an image, but do it so that the excised pixels can somehow be retrieved. We also have listed the winners of last year's contest, which was to write a simple encryption utility that mysteriously and undetectably fails between 1 percent and 0.1 percent of the time. The winning entry is truly impressive." We discussed the first of these contests in 2005.

31 of 160 comments (clear)

  1. I submit by Anonymous Coward · · Score: 5, Funny

    The Microsoft Windows Operating System, pick your version.

    1. Re:I submit by Rhapsody+Scarlet · · Score: 5, Funny

      Um, hello? Simple? Readable? Seemingly innocent? Does any current version of Windows manage to fulfil even one of these criteria?

    2. Re:I submit by dotancohen · · Score: 4, Funny

      Um, hello? Simple? Readable? Seemingly innocent? Does any current version of Windows manage to fulfil even one of these criteria?

      Post the Windows source code and we'll tell ya.
      --
      It is dangerous to be right when the government is wrong.
    3. Re:I submit by Anonymous Coward · · Score: 4, Funny

      Post the Windows source code and we'll tell ya.
      A rare moment when a goatse.cx link would be appropriate.
    4. Re:I submit by setagllib · · Score: 4, Insightful

      Microsoft has already released a fair part of Windows' source as the "Research kernel". Surprisingly enough it's not bad, but it takes more than clean code to make a clean operating system.

      --
      Sam ty sig.
    5. Re:I submit by Tubal-Cain · · Score: 5, Funny

      When that chunk of the Win2K Pro source code hit the net I had to look... And where do you live again?

      --The IP Police
    6. Re:I submit by Hal_Porter · · Score: 5, Informative

      Have you actually looked at the Windows source code? When that chunk of the Win2K Pro source code hit the net I had to look(I still think it was the best Windows version ever made) and I was torn between being saddened and LMAO. It had tons of comments like "Don't know what this actually does but if removed Office prior to 2K will destroy every doc it touches so DON'T TOUCH" and "THIS IS A HACK which we haven't a clue what does but Windows crashes horribly if removed so LEAVE IT ALONE" I've seen that code and what you wrote is FUD and bullshit

      http://www.kuro5hin.org/story/2004/2/15/71552/7795

      Despite the above, the quality of the code is generally excellent. Modules are small, and procedures generally fit on a single screen. The commenting is very detailed about intentions, but doesn't fall into "add one to i" redundancy.

      There is some variety in the commenting style. Sometimes blocks use a // at every line, sometimes the /* */ style. In some modules functions have a history, some do not. Some functions describe their variables in a comment block, some don't. Microsoft appears not to have fallen into the trap of enforcing over-rigid standards or universal use of over-complicated automatic tools. They seem to trust their developers to comment well, and they do .
      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  2. Encryption utility that fails... by darekana · · Score: 5, Funny

    encryption utility that mysteriously and undetectably fails... Debian OpenSSL?

    (sorry, couldn't resist, I know they've suffered enough already)
    --
    Interactive Visual Medical Dictionary
  3. Re:Hmm... by dreamchaser · · Score: 4, Informative

    No, the point is to make a utility that appears to innocently redact part of an image, when in fact the information is retrievable. It's meant to be a malicious utility that people would use without knowing that the 'hacker' could recover their full images.

  4. Re:Hmm... by Anonymous Coward · · Score: 5, Funny

    Something like Photoshop's Swirl filter.

  5. Hide the evil code? by Dwedit · · Score: 4, Interesting

    I'm sure it would be nearly impossible to hide the evil code here, because anything that isn't a simple assignment loop is suspicious.
    Maybe stick in stuff in the image loader, image temporary copy code, and keep the blackener to the obvious implementation, then stick stuff in the saver.

    I thought some crazy stuff involving function pointers as the function to call to return a black pixel might be promising. Maybe use some out of bounds array math to change one function pointer to point to some other code.

    1. Re:Hide the evil code? by Ethan+Allison · · Score: 4, Insightful

      That's what makes this so interesting.

      --
      I make websites and stuff. Buy one.
    2. Re:Hide the evil code? by apathy+maybe · · Score: 5, Interesting

      Have a look at some of the previous contests. The original contest (2004 voting contest) has people exploiting stacks and various other sorts of nastiness.

      In 2006, http://www.brainhz.com/underhanded/results2006.html you get people exploiting the fact that 64 bit and 32 bit OS are different, or that some OSes are big endian and some little, and so on. There are all sorts of nasty tricks that are possible.

      One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like), there isn't much space, but you could recover some information from the original. And a one bit difference in black isn't easy to spot...

      Of course, I can't code C, so I don't know what I'm talking about.

      --
      I wank in the shower.
    3. Re:Hide the evil code? by amRadioHed · · Score: 4, Insightful

      One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like) Sure that's easy without the source code, but how do you make setting black to something other than 0 look innocent in your source code? There's the rub.
      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    4. Re:Hide the evil code? by Anonymous Coward · · Score: 4, Funny

      Of course, I can't code C, so I don't know what I'm talking about.
      You should have begun your post with this line. Then I'd know not to listen to you. :-)
    5. Re:Hide the evil code? by Heian-794 · · Score: 4, Funny

      "One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like)"

      Pedantry, I admit, but it's steganography that hides the information in that way. Stenography would be copying the RGB values on a piece of lined yellow paper.

    6. Re:Hide the evil code? by Ifni · · Score: 4, Interesting

      Actually, this one is likely simple (haven't read the detailed requirements, so I may be off base), but instead of redacting with a solid black block, redact with a "random" pattern, perhaps using MD5 to generate the pattern from the original. MD5 is reversible (though maybe not for all values), though the computing requirements to do so might be a little more than the project demands. In that case, some other innocent looking but slightly flawed algorithm to obfuscate the image portion (I think someone mentioned the Photoshop Swirl filter) could be used. A casual observer would look at the code and go "oh, what a neat effect, and it is indeed unreadable", without investigating the reversibility of the process.

      --

      Oh, was that my outside voice?

    7. Re:Hide the evil code? by kevingolding2001 · · Score: 4, Funny

      Diebold

  6. Re:Hmm... by Gnavpot · · Score: 4, Insightful

    No, the point is to make a utility that appears to innocently redact part of an image

    More precisely:
    The point is to make a utility that - when viewing the source code - appears to innocently...

    It is no challenge to make a closed source utility which does something evil even though it appears to do something innocent. Most viruses do that.

    The challenge is to hide the the evil behaviour in simple and open source code.
  7. Compression would be nice by 32771 · · Score: 5, Interesting

    Wouldn't it be nice if the original under the blacked out area could be compressed and then put somewhere else in the image.

    It would be much easier if one could just use an algorithm which just displaces the pixels and then forget to randomize the displacement. This could look much more innocent than the above.

    That black area has so little expected channel capacity that hiding anything in it is kinda difficult.

    Unfortunately the code for the blacking out can be made so small that it is tough to hide anything in it, unless ppm offers some ways to add complexity in some innocent way.

    I wonder what means of deciphering the hidden area are allowed, i.e. can I write another program to get the kitty face information back?

    That is a really cute picture. I wonder what it is thinking.

    --
    Je me souviens.
    1. Re:Compression would be nice by irc.goatse.cx+troll · · Score: 4, Interesting

      Seems like you dont even have to go that far, all you have to do is compress the image to jpeg first keeping/embedding a JFIF thumbnail (leave this as uncommented black magic, preferably outsourced to another lib), then do all your work to the actual image without updating the thumbnail.

      Photoshop used to do this under certain conditions, like when Cat Schwartz from TechTV took topless pictures of herself and cropped them to just extreme closeups of her eyes for her blog, only to have someone save it and see the (uncropped) thumbnails.

      They made her do a story on it shortly thereafter. Cruel.

      --
      Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
  8. Last years winner really deserves some praise by imsabbel · · Score: 4, Interesting

    because the way it dumpes the key into the output is hidden in such a underhanded, innocent way...

    --
    HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
  9. Even better by Moraelin · · Score: 5, Interesting

    Reminds me of a "compression program" back in the early 90's. Seemed to compress better than Zip or RAR and was pretty fast too. You could also test it by compressing and uncompressing a few files, and you got your original back.

    Turns out it just copied the contents to a temporary file and "uncompressing" got them back from there, while the "archive" was just random junk. Better yet, the temporary file was just a circular buffer, so when it filled, old data got discarded.

    --
    A polar bear is a cartesian bear after a coordinate transform.
  10. Re:Hmm... by 32771 · · Score: 5, Interesting

    Now we can speculate what the authors intentions behind the contest are.

    I think their FAQ addresses most points pretty well:

    http://underhanded.xcott.com/?page_id=7

    I hope sensitizes open source programmers programmers to take great care with peoples submissions to their projects. Only good can come from that.

    --
    Je me souviens.
  11. Re:invisible ink by jamesh · · Score: 4, Interesting

    I recently investigated a problem in MS Outlook where an option was set to never show the body of the email when viewing the email, it could only be viewed when forwarding. There were actually a bunch of tick box options to enable and disable this behavior. Reminds me of the Far Side comic with a passenger in an airplane reaching down to adjust his seat and accidentally about to toggle the 'wings stay on / wings fall off' switch.

  12. Re:PNG by flnca · · Score: 4, Informative
    Yes, it can be: From TFA:

    Note that if you use our PPM code, or any bog-standard image library , that code isn't counted in the number of lines.
  13. WIC by Saiyine · · Score: 5, Funny

    Wavelet Intelligent Compressor. And it was intellingent, indeed. It had a compression scheme so good it could compress its own .wic files down from megs to bytes. But what do you mean with "random junk", do you mean my .wic based backups could be in trouble????

    --
    Hosting 20G hd, 1Tb bw! ssh $7.95
  14. It's been done for years .. . by Stavr0 · · Score: 4, Insightful

    courtesy of crazy Japanese censorship laws. Google for gmask or see examples at Lecture on masking (Yes, it's SFW)

  15. Bug? by Anders · · Score: 4, Interesting

    There seems to be an error in the supplied ppm.c library file:

    p.rgb[i] = z.pixel[y][(x+i)*3*z.bpp];

    This only ever gets the R component, as all offsets are multiples of 3. I think the right code is:

    p.rgb[i] = z.pixel[y][(x*3+i)*z.bpp];

    Maybe this is part of the assignment :-).

    1. Re:Bug? by Xcott+Craver · · Score: 4, Informative

      This was indeed a bug; we fixed it after several people pointed out the mistake.

      Interestingly, this demonstrates the effectiveness of "many eyes" in an open source project, even if the contest demonstrates the limitations of informal source inspection.

  16. Re:This is scary by Haeleth · · Score: 4, Insightful

    OK, it is generally believed that OSS is inherently secure
    No, that's a popular strawman argument used by opponents of OSS. There have been enough vulnerabilities found in OSS that it is trivially obvious that any such claim is false, and no serious OSS proponent would dream of saying any such thing.