Slashdot Mirror

← Back to Stories (view on slashdot.org)

2008 Underhanded C Contest Officially Open

Posted by Soulskill on from the sneaky-sneaky dept.

Xcott Craver writes "The 2008 Underhanded C Contest has just opened. Every year, contestants are asked to write a simple, innocent, readable C program that appears to perform an innocent task — but implements some non-obvious evil behavior. This year's challenge: redact blocks from an image, but do it so that the excised pixels can somehow be retrieved. We also have listed the winners of last year's contest, which was to write a simple encryption utility that mysteriously and undetectably fails between 1 percent and 0.1 percent of the time. The winning entry is truly impressive." We discussed the first of these contests in 2005.

11 of 160 comments (clear)

  1. I submit by Anonymous Coward · · Score: 5, Funny

    The Microsoft Windows Operating System, pick your version.

    1. Re:I submit by Rhapsody+Scarlet · · Score: 5, Funny

      Um, hello? Simple? Readable? Seemingly innocent? Does any current version of Windows manage to fulfil even one of these criteria?

    2. Re:I submit by Tubal-Cain · · Score: 5, Funny

      When that chunk of the Win2K Pro source code hit the net I had to look... And where do you live again?

      --The IP Police
    3. Re:I submit by Hal_Porter · · Score: 5, Informative

      Have you actually looked at the Windows source code? When that chunk of the Win2K Pro source code hit the net I had to look(I still think it was the best Windows version ever made) and I was torn between being saddened and LMAO. It had tons of comments like "Don't know what this actually does but if removed Office prior to 2K will destroy every doc it touches so DON'T TOUCH" and "THIS IS A HACK which we haven't a clue what does but Windows crashes horribly if removed so LEAVE IT ALONE" I've seen that code and what you wrote is FUD and bullshit

      http://www.kuro5hin.org/story/2004/2/15/71552/7795

      Despite the above, the quality of the code is generally excellent. Modules are small, and procedures generally fit on a single screen. The commenting is very detailed about intentions, but doesn't fall into "add one to i" redundancy.

      There is some variety in the commenting style. Sometimes blocks use a // at every line, sometimes the /* */ style. In some modules functions have a history, some do not. Some functions describe their variables in a comment block, some don't. Microsoft appears not to have fallen into the trap of enforcing over-rigid standards or universal use of over-complicated automatic tools. They seem to trust their developers to comment well, and they do .
      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  2. Encryption utility that fails... by darekana · · Score: 5, Funny

    encryption utility that mysteriously and undetectably fails... Debian OpenSSL?

    (sorry, couldn't resist, I know they've suffered enough already)
    --
    Interactive Visual Medical Dictionary
  3. Re:Hmm... by Anonymous Coward · · Score: 5, Funny

    Something like Photoshop's Swirl filter.

  4. Compression would be nice by 32771 · · Score: 5, Interesting

    Wouldn't it be nice if the original under the blacked out area could be compressed and then put somewhere else in the image.

    It would be much easier if one could just use an algorithm which just displaces the pixels and then forget to randomize the displacement. This could look much more innocent than the above.

    That black area has so little expected channel capacity that hiding anything in it is kinda difficult.

    Unfortunately the code for the blacking out can be made so small that it is tough to hide anything in it, unless ppm offers some ways to add complexity in some innocent way.

    I wonder what means of deciphering the hidden area are allowed, i.e. can I write another program to get the kitty face information back?

    That is a really cute picture. I wonder what it is thinking.

    --
    Je me souviens.
  5. Re:Hide the evil code? by apathy+maybe · · Score: 5, Interesting

    Have a look at some of the previous contests. The original contest (2004 voting contest) has people exploiting stacks and various other sorts of nastiness.

    In 2006, http://www.brainhz.com/underhanded/results2006.html you get people exploiting the fact that 64 bit and 32 bit OS are different, or that some OSes are big endian and some little, and so on. There are all sorts of nasty tricks that are possible.

    One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like), there isn't much space, but you could recover some information from the original. And a one bit difference in black isn't easy to spot...

    Of course, I can't code C, so I don't know what I'm talking about.

    --
    I wank in the shower.
  6. Even better by Moraelin · · Score: 5, Interesting

    Reminds me of a "compression program" back in the early 90's. Seemed to compress better than Zip or RAR and was pretty fast too. You could also test it by compressing and uncompressing a few files, and you got your original back.

    Turns out it just copied the contents to a temporary file and "uncompressing" got them back from there, while the "archive" was just random junk. Better yet, the temporary file was just a circular buffer, so when it filled, old data got discarded.

    --
    A polar bear is a cartesian bear after a coordinate transform.
  7. Re:Hmm... by 32771 · · Score: 5, Interesting

    Now we can speculate what the authors intentions behind the contest are.

    I think their FAQ addresses most points pretty well:

    http://underhanded.xcott.com/?page_id=7

    I hope sensitizes open source programmers programmers to take great care with peoples submissions to their projects. Only good can come from that.

    --
    Je me souviens.
  8. WIC by Saiyine · · Score: 5, Funny

    Wavelet Intelligent Compressor. And it was intellingent, indeed. It had a compression scheme so good it could compress its own .wic files down from megs to bytes. But what do you mean with "random junk", do you mean my .wic based backups could be in trouble????

    --
    Hosting 20G hd, 1Tb bw! ssh $7.95