5th Underhanded C Contest Now Open

Xcott Craver writes "The next Underhanded C Contest has begun, with a deadline of March 1st. The object of the contest is to write short, readable, clear and innocent C code that somehow commits an evil act. This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field. The prize is a gift certificate to ThinkGeek.com."

Watch list?

[girlintraining]

This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

All participants will also receive complimentary cavity-searches at airport checkpoints.

Re:Watch list?

[RichardJenkins]

Uh-oh, looks like you got missed out the punctuation and got the words in the wrong order! You clearly meant:

God, is stupid science there? Is that religion? Get some religion! Karma should fuck me good.

Yeah, that makes more sense.

Re:Watch list?

[clang_jangle]

Oooh! Let me try one:

God is. Stupid science! There -- Is that religion? Get some! Religion, karma should... Fuck me good!

Re:Watch list?

[w0mprat]

This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

I am certain that this is already a feature of existing luggage routing software.

Re:Watch list?

[girlintraining]

I am certain that this is already a feature of existing luggage routing software.

It's not a misfeature, it's a Bohr bug.

Re:Watch list?

[markkezner]

Funny, but you've got a point. What would a potential employer think when, upon googling your name, they learn that you're so good at hiding malicious code that you won a contest for it. Would you hire that guy?

It's not worth the $100 gift certificate.

Re:Watch list?

[FenwayFrank]

All participants will also receive complimentary cavity-searches at airport checkpoints.

Second prize: two of them.

Re:Watch list?

[Applekid]

Would you hire that guy?

Definitely, but maybe for QA or as a Code Review consultant. Of course, I'm assuming that the winner of the contest would also be clever enough to detect hidden maliciousness in others' code.

Re:Watch list?

[SamAdam3d]

You think any of these guys are going to submit with their real names? Nah, they'll spend the extra 10 minutes to come up with a super-sweet hacker name.

Re:Watch list?

yes it is. Dude, that's like 3 sets of buckyballs.

Re:Watch list?

[girlintraining]

Funny, but you've got a point.

The best humor also makes a good point. Thanks for noticing.

Re:Watch list?

[Ksevio]

Why? My teeth are fine!

Re:Watch list?

Yes, especially if the word "fragile" or "valuable" is in the comment field.

Re:Watch list?

[the_fat_kid]

more like a complimentary DMCA take down for reproducing the current system.
I mean, realy, isn't this what it does now?

Re:Watch list?

You mean like zerocool?

Re:Watch list?

[Razalhague]

Crash Override is much cooler. Though I'm also partial to Cereal Killer.

Re:Watch list?

[bonch]

That's pretty paranoid of you. The point of the contest is to illustrate your knowledge of esoteric bugs as a lesson to all. You don't want to work for an employer who sees your programming awareness and experience as a negative.

Re:Watch list?

[mea37]

I agree, but GP has a point even if he asked the wrong question.

Would I hire him? Sure - or at least, this wouldn't weigh against him. The guy I worry about has the same skills, but doesn't advertise them by participating in this contest because he intends to actually use them.

But whould a lot of IT managers see it as a negative and decide not to hire him? Yes, they would. Like it or not, a lot of perfectly good jobs (and remember, for a couple years out of any given decade, "perfectly good" is likely to just mean "paying") are controlled by people who will not understand the contest's purpose or the positives that are implied by doing well at it.

Re:Watch list?

[clang_jangle]

(Score:-1, Troll)

I feel so misunderstood...

Re:Watch list?

[InterStellaArtois]

"Hex Pest"

Re:Watch list?

The best humor also makes a good point. Thanks for noticing.

Normally I'd agree but with this new breed of ironic comedy I find that I can listen to Rush Limbaugh for hours, laugh my ass off, and not hear a single good point.

Re:Watch list?

[gad_zuki!]

>What would a potential employer think when, upon googling your name, they learn that you're so good at hiding malicious code that you won a contest for it.

Thats a pretty lousy line of reasoning and probably responsible for all the mediocrity out there in the computer world. Heck, what if your employer found out you were in the military and fought? Do you want to hire the guy who shot at Iraqis with a 50 caliber machine gun? Or the guy who wrote an ad blocking program? Or the guy who wrote a cover letter well enough to fool you into interviewing him?

Yes, you do because all these things are signs of courage and intelligence. Once you start filtering anyone with any background in anything controversial, powerful, different, or mildly questionable then you can pretty much guarantee yourself a staff of dim bulbs and products that do miserably in the market.

This is also why I think its so hard for smart people to be in politics. The electorate is so scared of anything that deviates from the mainstream that we only vote in conformist 'never rock the boat' overly-religious men, who turn out to be good at not cheating on their wives and going to church but not so good at governing and coming up with and implementing good solutions for the public good.

Re:Watch list?

You got it all wrong, you need to use 'C Real Killer', which can either refer to the fact that they mistook you for the real killer, or that you're the real killer of C programming :)

Re:Watch list?

[dangitman]

Definitely, but maybe for QA or as a Code Review consultant. Of course, I'm assuming that the winner of the contest would also be clever enough to detect hidden maliciousness in others' code.

You employ people to work in your Mom's basement? You must get one heck of an allowance.

Re:Watch list?

[story645]

who turn out to be good at not cheating on their wives

Since when?

Re:Watch list?

[jonadab]

> we only vote in conformist 'never rock the boat' overly-religious
> men, who turn out to be good at not cheating on their wives...

Right. Which President are you referring to?

Barack Obama is practically the opposite of conformist, ramming his program down everyone's throats, including the congresspersons of his own party. George W. Bush rocked the boat all over the place, taking us to war when a good chunk of the world was adamantly against it, not once but twice. Clinton is mostly known for cheating on his wife. Do I really need to go through the whole list?

Re:Watch list?

[clone53421]

All participants will also receive complimentary cavity-searches at airport checkpoints.

Actually, I fully expect the entries to receive this very sort of examination...

Re:Watch list?

[gad_zuki!]

By US standards going to war on a whim isnt rocking the boat. Implementing universal heatlhcare or socialized higher education is.

Re:Watch list?

What would a potential employer think when, upon googling your name, they learn that you're so good at hiding malicious code that you won a contest for it. Would you hire that guy?

I am fairly sure that you are able to hit someone on the head. Should I hire you or not, based on the risk of you hitting some colleague on the head?

Stupid reasoning.

Of course I would hire such a person. Obviously talented. I always assume people have some sense of ethics until I see a reason not to. How do you survive in this world?

Re:Watch list?

[Geminii]

Current routing software stops before the "if".

Re:This sounds familiar to,

Yes, because no one but a C programmer could ever do such a thing. Fuck you.

Not fair!

Someone who works at any major airline can just submit the real production code they use for luggage routing and win the contest for sure!

Re:Not fair!

[fuzzyfuzzyfungus]

Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any of the airline production code meets that description?

Re:Not fair!

[BrokenHalo]

What are the odds that any of the airline production code meets that description?

How it's written probably doesn't matter. Heathrow Airport has almost certainly patented the invention, and will go after the winner(s) of the competition with every platoon of lawyers at its disposal.

Re:Not fair!

[girlintraining]

Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any of the airline production code meets that description?

Depends on the function -- if it's mission critical, you bet your ass it'll be documented and readable. Considering that most ATC technical failures are hardware, not software-based, that should say something. The problem is that while the code is quite well-documented, few people are left with the training or understanding of it to port it to newer systems, and it's not like they can ground all flights for a week to do an upgrade. So we're left with mainframes that were out of date in the 70s being used today being used in critical infrastructure.

On the other hand, the code in applications used at the ticket counter and security checkpoints... not so much.

Re:Not fair!

Not to mention that their production code is probably written in COBOL. And that wouldn't be fair - everything written in COBOL is underhanded.

Re:Not fair!

[Reziac]

include airport.c
baggage==random();

Something like that?

(IANAP, obviously :)

Re:Not fair!

[PPH]

The problem is that while the code is quite well-documented, few people are left with the training or understanding of it to port it to newer systems,

Because its written in COBOL, and when any new analysis/developers come in and suggest porting it to something else, all the geezers clutch their hearts and moan.

We've had tools to reverse engineer, document and port code from practically any language to any other for years (a decade in cases I'm familiar with, actually). There's no excuse for keeping dead languages or platforms around any longer.

and it's not like they can ground all flights for a week to do an upgrade.

Nobody just pulls the plug on an old system, rolls in a new one and says, "Boy, I hope this will work!" Even for non mission critical systems. There are numerous methods for running commissioning tests, parallel checkouts, etc. that one can use to make changeovers seamless. The claim that a changeover will require a shutdown and cause chaos is usually an argument the geezers make when someone threatens to take their old mainframe away.

Re:Not fair!

[Skater]

Does anyone else remember the new Denver Airport's original luggage system? This system singlehandedly delayed the airport's opening for over a year. Eventually the airport retrofitted a standard baggage moving system. If someone has access to the code of the original system, they could easily submit that.

Re:Not fair!

[derGoldstein]

Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any of the airline production code meets that description?

Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any software written in C meets that description?

There, fixed.

Re:Not fair!

The current system used for tracking luggage is a matryoshka doll of emulated systems within systems. The innermost layer is a virtual machine simulating a punchcard reader - that's why the tags have an 80 character limit.

Re:Not fair!

[quanticle]

Airlines don't write Air Traffic Control code. That's the FAA's job. The luggage routing software that routes your bag to Boston when you're going to New York is the airline's responsibility.

Also, there's no guarantee that "mission critical" implies readable or documented. Arguably, the reason the FAA is having so much trouble introducing a new flight control system is that the old one is so poorly documented, porting it to newer hardware is extremely difficult.

Re:Not fair!

I'm so worried about the baggage retrieval system they've got at Heathrow.

Re:Not fair!

[clone53421]

Depends on the function -- if it's mission critical, you bet your ass it'll be documented and readable.

Not if someone bet their ass it won’t crash inexplicably and need to be fixed or rewritten.

Re:Not fair!

[nortcele]

Relax. No one is going to submit the .bat file currently used to route luggage.

Wait a sec...

| This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

What, we actually need to write code for something that happens by nature?

Re:Wait a sec...

[bcong]

the current method of writing in:
"Package Handler,
Customer was an asshat...you know what to do"
was starting to get noticed

Re:Wait a sec...

Updated to:
"Fragile: please handle with care"

It's only triggered with the "please" part included :-)

Re:Wait a sec...

[derGoldstein]

What, we actually need to write code for something that happens by nature?

Their logic is sound:
Code written not to make this mistake will make it. How do you solve the problem? Write code that does make the mistake. The resulting software will then, logically, avoid making the mistake.

Why not, I suppose.

This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

Eh, why re-invent the wheel? The software already in use does a good enough job of that already.

Easy?

[Monkeedude1212]

Public Static String default_Address = "1600 Pennsylvania Ave NW, Washington, DC 20500, USA" --- hide this somewhere

Private Sub Void Route_Bagggage(bag b)
{
if (comment.text == NULL)
{
b.destination = default_Address
}
else
{
b.destination = comment.text
}
}

Or do I have to make it slightly more deceptive?

Re:Easy?

*Way* more deceptive. The default value for the destination field? It's supposed to look innocent - an innocent program would note that you left out a destination and prompt you to enter one. Any basic debugging done by someone else would turn this up. What they want is for you to leave a "comment" like "this package is top-heavy" (in a field designed for such comments) that changes the destination, but in a way such that someone reading the source code wouldn't realize anything was happening at all much what that you were changing the destination. Also such that whoever entered the text wouldn't obviously be at fault.

Re:Easy?

[Monkeedude1212]

LoL - I know.

But wouldn't that be as easy as testing for whatever the secret comment is (for example, top-heavy) - when that's true, set off a top heavy flag (boolean). Then go somewhere towards the end of the Example, for example the final routing stages, where the destination has already been set by the clerk and confirmed it - and alter the shipping address that way? Like say the overview stage where they clerk reviews all the information, then submits it.

I mean - to me, I cannot think of a single scenario where someone going through with a debugger won't be able to catch this on their first shot. Just put a watch on the destination values, and step over/through until one or more changes. Since its likely a large infrastructure, with thousands of lines of code, thats why I say sneak it in towards the end, since no one is going to want to step through the WHOLE process.

Re:Easy?

[Bandman]

I'm thinking the best way would be an overflow in an array that flips the most significant digit of the target zip code. But I'm not a coder, so someone else can steal my idea.

Re:Easy?

[travdaddy]

Yeah, sounds like that second one would fulfill the requirements. Unlike a lot of other tech contests like the X Prize and Netflix, I don't think the contest is meant to stump a lot of the competition. So, the question becomes whether or not the code is simple enough and underhanded enough to be the absolute best out of however many hundreds of entries there will be.

Re:Easy?

In other words, you need to replace an == with an = in just the right location (or vice versa) so that while it looks like you're doing a sanity check, you're actually assigning a stealth variable.

To make it even better, you need to set it up so that this causes a buffer overflow, and you're actually overwriting another variable. THEN, you go back and do a sanity check on the original value which corrects the mistake caused by the ==/= replacement. That way, someone sees the mistake, but sees that it is properly handled and doesn't think twice about it.

Meanwhile, the adjacent address field has just been overwritten, and unless you're checking for overflows, you're unlikely to notice, unless you've already isolated the variable in a debugger. However, in this case, you're going to catch it no matter what... unless it's the pointer that gets overwritten and while you're watching the variable, it just doesn't get called anymore (even though the code implies that it does).

Sounds like fun :)

Re:Easy?

[Tyler+Durden]

C motherfucker, do you speak it?!

Re:Easy?

You're still missing the point. Yes, it would be really easy to make a program that changes the destination based on a particular value in the comment field. It would also be really easy to see that someone did that. What is difficult (and worthy of a contest) is changing the destination based on a particular value in the comment field in such a way that a simple debugging wouldn't find it (assuming they don't know what the secret comment is in advance).

Properly done there would be no boolean indicating the presence of the comment, and the value of "Destination" might never change. Instead at the end there would be some code that verified that all fields were properly formatted and send them to the printer, and some clever code at this point would subtly change what was outputted as the destination based on the contents of a particular comment field. Maybe some combination of the conditional operator and regular expressions would allow you to cleverly add 1 to all numbers in the destination if some condition is true, such that "1234 main street" becomes "2345 main street". (Something more clever then "comment == 'top-heavy'", based on regular expressions and/or hashes)

But yea, doing it such that not only can nobody tell what's happening but such that they don't know *anything* is happening is difficult. That's why it's a contest.

Re:Easy?

[Hurricane78]

Yeah. You easily failed! ^^

The whole point of the contest is, that there is no “hide somewhere”. All the code must pass an inspection and look reasonable.

Re:Easy?

[aztracker1]

Well, if you have special comment categories from an enum, then you could have a switch/case statement that does a few things, where the comment inspection could seem less obvious... HandleComment(enum comment1, string comment2, string comment3) { switch(comment1) {... case myenum.sizeRestriction: if (comment2 == "top heavy") this.RouteToFrontOfPlane(); ... } RouteToFrontOfPlane() { this.DelayLoading(); this.PushToFront(); } ... with DelayLoading() making one change, then PushToFront() doing another, the combination of would route out the package to a bad location. Inspecting any of the above would be fairly innoculous, and innocent looking... But it would only be the original code path that would cause the issue to present itself.

Not a difficult challenge at all really. Of course I make a habbit of sniffing out thread-safety issues in the code I work on.

Re:Easy?

How about a hash code selecting the destination? The problem would be how to make the hash function depending of the comment field. Perhaps a buffer overflow could do it.

Re:Easy?

Well if you think it's easy, why not try submitting something? There's a good chance the winners will have far better solutions than you were expecting.

Remember there's a few parts to this. It's supposed to be simple, hidden in plain sight, and once discovered, it can't look intentional.

Read the challenge. If your program mentions anything at all having to do with loading, or positioning of the luggage, it's thrown out. Those concepts have nothing to do with the code that is being written. Your code simply parses standard in, and spits out pieces of that standard in based on command line arguments. Anything that goes astray from that is suspect.

I think I know what my submission will be :)

Re:Easy?

[zill]

There are literally thousands of string hashing algorithms available, many of the them have implementations under BSD/MIT license which you can just copy and paste into your program. If you wrote a custom string hashing algorithm it would be highly suspicious.

Even if the code review doesn't catch you, you will still be fired for reinventing the wheel and polluting the codebase.

Re:Easy?

[Saxerman]

To answer your first question, you're partially correct that a debugger can do wonders to highlight malicious code. Of course, as you point out, knowing when and where to use a debugger can be a little challenging. And then the realization that unless exceptional care is taken, the code you're stepping though might not even contain or reveal the exploit. (Since the mere act of viewing the byte code in a debugger can change affect it's operation.) There's one story that really opened my eyes to the possibilities. I don't remember where the long beards keep the real link, but this seems to be the story I remember:

http://cm.bell-labs.com/who/ken/trust.html

This was the first story of real high level obfuscation I learned about in college. As a result of Ken Thompson's little speech here, he caused the DOD to change the way they do code reviews to catch back doors like this. And the obfuscated C challenges have been going on since at least the early 80s. Some of the winners are real treasure troves of high level trickery.

http://www.ioccc.org/years.html

Re:Easy?

fired for reinventing the wheel and polluting the codebase

Those famous last words in the CV. ;)

Re:Easy?

[dgatwood]

Actually, I'd probably go with a packed data structure in which the string is allowed to overflow by one byte into the zip code integer or similar. Then, it will appear to be perfectly innocuous and functional. However, if you enter a string that is one byte too long, the top byte of the zip code integer becomes zero. Of course, it will always be zero on a big endian machine (assuming a 32-bit integer) because you only need the bottom 17 bits to hold all 5-digit zip codes. However, on little endian machines, it zeroes the LSB (which is usually nonzero). If you then calculate the city and state off the zip code and only use the human-entered value in the rare case of conflicts, you have something that would successfully misroute packages about 98% of the time when you specify a properly oversized comment value.

Re:Easy?

[dgatwood]

You could also overflow into an integer that contains a normally constant value of 1 that points into an array of pointers that changes depending on whether you are using version 1 or 2 of the data structure. When the value overflows, it resets it to zero and using version 1 on a version 2 data structure causes the contents of the comment to be used for the address.

Re:Easy?

[Monkeedude1212]

(assuming they don't know what the secret comment is in advance)

Thats the kicker though. If its a single occurance (meaning a very rare comment) then it wouldn't be very difficult to hide it at all, especially if you are the one who programs the entire algorithm start to finish.

If it occurs multiple times, this "routing error" then the pattern is predictable, and they know -EXACTLY- where the problem will be. Testing with a regular expression and/or hashes won't change it one bit if you know what generates the error (the comment).

And I assume they want you to route the package to a specific location, and not just to alter its value - since that could lead to addresses that don't exist, generating some errors.

Re:Easy?

[quanticle]

If its a single occurance (meaning a very rare comment) then it wouldn't be very difficult to hide it at all, especially if you are the one who programs the entire algorithm start to finish.

Who says it has to be a single comment? Perhaps you could make so that, if the comment starts with 'a', it routes to an alternate destination that's randomized based on the contents of the comment. That would be hell to debug, since the program would end up producing different outputs from the same input.

Re:Easy?

[lgw]

Of course, a C compiler produces bytes, not byte code. Existing malware will hide from a debugger by changing what that debugger shows the developer. At least one new virus has been spotted in the wild this way (a developer debugging his own code started seeing memory that just couldn't be right).

I'd be interested to see how the DOD does code reviews to spot a Thompson hack. Manually reconcile source and object after each compile? That sounds a bit unwieldy, to say the least - plus whatever tool you use to examine the object could be malicious as well.

Re:Easy?

[asaz989]

The thing is, this has to survive source code inspection - when your employer inspects this program you wrote for them, you have to be able to pass off this maliciousness as an innocent mistake. That's the real fun; invent a subtle bug that most people wouldn't catch!

Re:Easy?

"Wh Wh What?"

BAM!!!

I dare you to say "What" one more fucking time!! I double dare you, say "What" one more motherfucking time!!

Re:Easy?

[Tyler+Durden]

"What" ain't no country I've ever heard of. They speak C in What?

Re:Easy?

[pjt33]

O, stewardess! I speak Java.

Re:Easy?

[AniVisual]

I can see an abuse of sprintf() some in handy... Where it normally does sprintf("Insert comment here"), typing "%s" will, well.

BAE Automated was just too early

They wrote the right software for Denver International's baggage handling system, but just a tad too soon and in the wrong place!

A challenge?

It seems like this has already been done and is in use at airports worldwide.

Possibilities

[Rei]

I don't have the time for something like this, but it seems to me a good possibility would be to have all of your inputs that the clerk fills out be contiguous in memory, including the destination, have the algorithm to figure out what destination to go to scan through the whole destination string looking for matches (rather than looking for an exact match) and taking the last one it finds, and have a broken bounds check for the length of that string so that the algorithm looks into the comments section as well.

So, for example, if the clerk fills out the destination as "LAX" but writes in the comments section, "Do not confuse his bags with those owned by CID who is also going to a different final destination; they're very similar looking.", the bags would be routed to Cedar Rapids (CID) instead of Los Angeles (LAX).

Re:Possibilities

[j-stroy]

It could be hidden in piece of user interface that todays systems are full of, the extra clicks and bells that no one needs, but some client or marketing weenie will never give it up.. overwrite the destination with the first bytes of an audio file with some misdirection.
Example on this page

Re:Possibilities

[bberens]

I could see this... have the front-end and back-end communicate over a socket or something and have a simple delimited message format where someone could alter the results by using a sql-injection style attack on your parser. That way, at least, the input has to be somewhat complex, but the code could look very innocent.

Re:Possibilities

[bonkeydcow]

This is the method I would use, I was already thinking this before I read your post. I'm sure this method will be implemented a lot.

Re:Possibilities

Not very good... the obvious question (during code review) is "why are you looking for the last occurrence and not the first?

Re:Possibilities

[lgw]

Yeah, that's totally the way to go, if it's allowed. I wonder how much live code can be broken by an injection starting with ]]> because someone just crammed an input string into a CDATA section. Deliberately allowing this would be quite subtle.

Re:Possibilities

[Imrik]

Because the first is the starting airport, then any intermediate airports, then the destination airport.

Re:Possibilities

[clone53421]

Not according to the record definition:
time luggageID flightID depart arrive comment

time: int
luggageID: char[9], 2 letters, 6 digits, terminated by whitespace
flightID: char[7], 2 letters, 1-4 digits, terminated by whitespace
depart: char[4], 3 letters terminated by whitespace
arrive: char[4], 3 letters terminated by whitespace
comment: char[], any length of alphanumeric data terminated only by \n

No intermediate airports are given, according to this template. Flights with layovers are given in two records, one for each leg of the flight.

Obviously some flexibility can be introduced; e.g. you could use char[3] for depart and arrive and not null-terminate them. The key is, your program has to seem correct (and if you do something like not use null-terminated strings, I’ll be checking more closely to make sure you don’t do something later on that depends on them ending with \0).

Re:Possibilities

[clone53421]

“Um, why are you using sockets to do this? We just asked for you to read some luggage records from stdin and send the output to stdout.”

Candy from a baby

[oldhack]

I've got this nailed. But do you have to know in advance the mystery input combo? I could never figure that out before I throw it over to QA.

Re:Candy from a baby

[Eberlin]

I wrote an experimental javascript blackjack prog where if I type in "upupdowndownleftrightleftrightBASTARD" I always win. Seemed like a good, easy to remember input combo. :)

Contest or Job Posting?

a luggage routing program that mysteriously misroutes a customer's bag

sounds like Delta is looking for new programmers

Re:Contest or Job Posting?

[Sebilrazen]

No, that challenge would have random 3 hour tarmac waits generated too.

Re:Contest or Job Posting?

No, that challenge would have random 3 hour tarmac waits generated too.

3-hour delays flying into or out of ATL are about a random as a sunrise.

I used to fly DL at lot, but gave up on them after one too many "Atlanta Olympics": trudging between 3 or 4 gates on concourses 20-minute train rides apart, trying to find my flight.

Re:This sounds familiar to,

IOCC rocks!

korn.c is a good example, probably one of the best one-liner programs I have seen.

Re:For Slashdot Lamerz:

[oodaloop]

Hey thanks, Kilgore. Way to out yourself as an AC troll.

Re:For Slashdot Lamerz:

[LOLLinux]

Way to out yourself as an AC troll.

You just figured this out? He's been posting as an AC troll for ages.

Re:For Slashdot Lamerz:

[Monkeedude1212]

"write short, readable, clear and innocent C code"

1. None of the above adjectives apply to C.

See, thats why its a contest. It has nothing to do with the scenario.

Re:For Slashdot Lamerz:

[Arancaytar]

None of the above adjectives apply to C.

Well, that's the challenge. The misrouting part is easy.

(I'm only partly kidding. :P )

I'm really impressed

[troll8901]

I've read the entire blog, and I must say, I'm impressed. Very impressed. Very, very impressed.

The person who writes the criteria knows what he's/she's writing about.

And the winners who submit the results are really, really good.

Re:I'm really impressed

[troll8901]

Here's some points I'd like to highlight, from the 2008 Winners.

• Linus Akesson: The BYTESPERPIXEL macro "gives the false impression that the code intelligently supports higher bit widths" but actually "causes the 8-bit case to leak information into the file" (by exploiting a buffer overflow). ... (thus allowing wiped image data to be reconstructed.)
• Avinash Baliga: The ExpectTrue macro overwrites the image mask (by exploiting a buffer overflow), allowing two bits to survive the wiping, (thus allowing wiped image data to be reconstructed). Furthermore, the evil behavior is concealed in an innocent-looking error checking macro.
• John Meacham: (Winner) The code is "extremely simple, innocent, obvious" ... and devious. "Low-intensity pixels are replaced with a ‘0, and high-intensity pixels replaced with a ‘00 or a ‘000" ... (thus allowing wiped image data to be reconstructed.)

All I can say is, Wow.

Re:I'm really impressed

[spydum]

I also started looking up past winners, Johns explanation/justification code was brilliant. I had no idea such evilness could be so cleverly concealed.

Re:I'm really impressed

[derGoldstein]

I also started looking up past winners, Johns explanation/justification code was brilliant. I had no idea such evilness could be so cleverly concealed.

So you're new to C?

Re:I'm really impressed

[whoisisis]

Try looking up the obscufated c code contest.

I love this example (mystery.c):

[Filter error: Please use fewer junk characters] (try this link instead http://www.cs.cf.ac.uk/Dave/C/node4.html#SECTION00420000000000000000)

It's legal C code. Compiling and running produces some quite extraordinary output.

Re:I'm really impressed

Wow, that was a really helpful comment. "Dude...it was all...good...

Yeah, I know, this comment is real helpful, too.

Re:I'm really impressed

[troll8901]

That's why I wrote a second comment with the actual information, dude!

We're sorry, Mr...

I. C. Weener, we seem to have misplaced your luggage.

Re:This sounds familiar to,

I was going to say, don't forget Perl programmers, but then I remembered the legibility requirement.

For extra points:

[w0mprat]

For extra points submit this to your favourite open source project and have it accepted into the main code release - since it appears to be prefectly geniune, compiles, and can do what it appears to - it's certainly possible. Finally demonstrate your backdoor when the project is released to the wild.

If you manage to get this into the GNU/Linux Kernel, you get a job at the NSA.

Write short, readable, perfectly innocent looking C code, that somehow commits an evil act under certain circumstances.

Re:For extra points:

[Nemyst]

Well, Linux already allows you to install Windows...

Re:For extra points:

[selven]

I always thought Windows, including the Python interpreter, was written in Python?

Re:For extra points:

[Hurricane78]

But what project accepts code as specialized on a specific task as this?
Is there such a do-all software?

Oh, wait... there’s Emacs, of course! ^^

Re:For extra points:

[Rigrig]

Might raise a few eyebrows though:

*) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
          renaming to all platforms (within the 0.9.8 branch, this was
          done conditionally on Netware platforms to avoid a name clash).

*) Support for routing luggage.

*) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
          RAM on SSL connections. This option can save about 34k per idle SSL.

Re:For extra points:

[Rycross]

Someone tried something similar to that.

Re:For extra points:

If you manage to get this into the GNU/Linux Kernel, you get a job at the NSA.

No, you should write a self-reproducing 'bug' for a well-known compiler suite: Reflections on Trusting Trust

Re:For extra points:

Are you inferring Windows is short, readable, and perfectly innocent?

Re:For extra points:

[nschubach]

Well, it does have "cool effects" (readable) and "was rewritten from the ground up to be fast and light" (supposedly short) while maintaining the normal Windows work flow (innocent.) /sarcasm

Re:For extra points:

[bjamesv]

protip: if you're just talking about the kernel.. you just call it Linux.

and policing a patch for a buffer overflow is a little easier then hunting through a whole app.

Code Review vs. Debugger

[SuperKendall]

The point of something like "Underhanded C" would be more about hiding something from a code review than GDB. That code would easily trigger red flags in a code review...

Totally opposite

[SuperKendall]

The true "Underhanded" program would be one that was perfectly readable, so readable in fact that you totally overlook the sneaky thing it was doing because what you think it's doing seems so clear.

The ObsfuC contest is all about code that even after staring you can't tell what the heck is going on.

Re:This sounds familiar to,

[bigg_nate]

Care to explain what it does? I read the hints and still have no clue what 'unix' is, and gcc and cc on my machine give compilation errors.

Re:This sounds familiar to,

#define unix 1

Re:This sounds familiar to,

'unix' is a preprocessor constant:

#define unix 1

(It should be defined like that on unix/linux systems)

Another important thing to know is how the compiler gets the address of an array element. Consider the following piece of code:

char a[] = {0,1,2,3};
printf("%d\n", a[1]);
printf("%d\n", 1[a]);

The two printf lines will do exactly the same (output is '1', the second array element). That's beceause the compiler just takes the address of the array 'a' and adds an offset (1) to get the address of the actual array element. The compiler doesn't care which one is the offset, and which is the base address.

Once you got that, the rest of the code should become clear sooner or later. The actual output of the program is just 'unix' followed by a newline (012 octal). Don't get confused... the 'un' part for example is from "fun" ;-)

I hope I gave enough hints...

ps: sorry for the missing 'C' in the previous comment

Technology makes many things obsolete ...

[Krishnoid]

Depending on the number of working entries, I think this guy will have to update his song.

So that's what happened at DIA!

[plopez]

But years before the contest.

http://en.wikipedia.org/wiki/Denver_International_Airport#Automated_baggage_system

http://users.csc.calpoly.edu/~dstearns/SchlohProject/problems.html

The second article sounds familiar. All the warning signs of a risky project failure were there, but no one seemed to know it or pay attention.

Developers: 5th Underhanded C Contest Now Open

[weicco]

I have a program, actually a large system, that sends boxes to different areas in warehouse depending from various aspects. Sending/transfer is done by conveyor belts and sometimes even with robots. Boxes are actual physical boxes containing food items.

It has a little defect though which I've been unable to track down. Sometimes when it tries to send box to place A the box is actually found in place B but the UI tells that it is located in places C and D, which of course is impossibility.

Unfortunately it is not written in C. Otherwise it could a clear winner with couple of minor modifications.

Re:Developers: 5th Underhanded C Contest Now Open

[nschubach]

If it was written in C, wouldn't the boxes in A and B overwrite it?

Re:Developers: 5th Underhanded C Contest Now Open

[weicco]

Possibly yes, but it would duplicate as C and D. And before you know it world would be full of Cs and Ds!

Re:This sounds familiar to,

[bigg_nate]

'unix' is a preprocessor constant:

#define unix 1

(It should be defined like that on unix/linux systems)

Ah, that's exactly what I was missing. Thanks!

Re:This sounds familiar to,

http://otbits.blogspot.com/2009/06/ioccc-best-one-liner.html

Re:This sounds familiar to,

It prints out the word "unix".

Re:This sounds familiar to,

[Ukab+the+Great]

The Perl programmers weren't forgotten, just implicitly passed in.

What happened to the obfuscated C contest?

[wdef]

This is way cool, yes. But I miss the obfuscated C contest which was also way cool eg in terms of discovering legal features of the language that probably should never get used LOL. What happened to it?

Re:What happened to the obfuscated C contest?

[shutdown+-p+now]

What happened to it?

Slashdot covered this.

Useless use of Cat

[Saint+Stephen]

Doesn't the example on the contest page qualify as Useless Use of Cat?

i.e., shouldn't this line:
cat luggage.dat | ./lug UA129086 - - -

be this: ./lug UA129086 - - - http://en.wikipedia.org/wiki/Cat_(Unix)#Useless_use_of_cat

Re:Useless use of Cat

[Xcott+Craver]

It is indeed a terribly redundant use of cat, but not useless: it makes it easier to read, by placing the command line invocation by itself at the end of the line.

Re:Useless use of Cat

[Firedog]

That wouldn't work since the data file comes in on stdin, right? But this line should be equivalent:

./lug UA129086 - - - < luggage.dat

Re:Useless use of Cat

[clone53421]

He typed,

./lug UA129086 - - - < luggage.dat
<a href="http://en.wikipedia.org/wiki/Cat_(Unix)#Useless_use_of_cat">http://en.wikipedia.org/wiki/Cat_(Unix)#Useless_use_of_cat</a>

Slashcode ate his angle braces.

And yes, that line would be equivalent... as would,
< luggage.dat ./lug UA129086 - - -

However, get a > where you meant for a < and you’ll be having an epic oh-fuck moment.

Re:NEW YEARS WARNING

[ex_ottoyuhr]

A kioll once bit my sister...

Re:This sounds familiar to,

[JeffAMcGee]

Isn't it obvious? It prints the string "unix\n".

Been There, Seen it, Done it...

You all remember London Heathrow Terminal 5 don't you?!

My Entry

[Cruxus]

if (strcmp(entry->description, "lose luggage") == 0) { loseLuggage(entry); } (It's been awhile since I've done anything vaguely C.)

Re:For Slashdot Lamerz:

[oodaloop]

I must be new here.

No change in functionality

[geek2k5]

If the code has a comment field for special handling, you wouldn't need much to do this. The biggest problem would be to make it so that somebody can't correlate bad handling to the comment. You might want to have a 'bad handling' string that varies from hour to hour, one that is displayed as part of a 'quote of the moment'.

Something like

[Locke2005]

Never done this myself, but people have inserted backdoors into Unix V7 kernels they compiled by replacing a "if (userid == 0)" with a "if (userid = 0)" check. I assume they are looking for a more sophisticated version of that trick.

Write up of last entry

[John+Meacham]

I am the winner of the previous underhanded C contest. If anyone is interested, I wrote up a description of my entry on my blog here: http://notanumber.net/archives/54/underhanded-c-the-leaky-redaction

It was a fun contest to enter and now I can shop at thinkgeek for silly gadgets without feeling guitly :)

Re:Write up of last entry

[zzyzyx]

Really beautiful solution, and 100% justifiable. I had a little tear of joy when I read it :'-)

Re:Write up of last entry

[troll8901]

I've got just five words to all the successful contestants:

YOU GUYS ARE TEH WINZ !!!!

Re:Write up of last entry

[clone53421]

I loved your solution, by the way. Will you be entering this year’s contest – or have you already? (Okay, so it’s only two days in as of yet...)

Re:This sounds familiar to,

So... make your OWN contest in YOUR language of choice? Fuck YOU for thinking YOUR opinion is what the world revolves around ass-hat.

Irony

Well, you must have known supporting religious beliefs will earn you bad karma

Re:Irony

Umm -- whoosh?

CONFESSIONS: Who here admits to underhanded code?

[md65536]

Who here has put underhanded code in released products?

I admit to adding and concealing the flight cam easter egg in Star Wars: Knights of the Old Rebublic. It wasn't nearly as clever as the contest entries, and it would be impossible to claim innocence if I was caught, but I enabled the "debug" cam using a generic-sounding external variable, put the code inside an "#ifndef _DEBUG" block, added a comment to describe the code as some boring debug message thing (hardly worth looking at), and had a little loop to decode the "Punch it, Chewie!" message to that the string wouldn't show up in the executable.

Re:For Slashdot Lamerz:

[clone53421]

You’re joking, but you’re correct. The challenge is making the program ever do what it’s supposed to. It’s deceptively simple... then you start looking at it and you realise it’s more complicated than you thought. Making the 2nd leg of a non-direct flight go away when the 1st leg was superseded by a newer entry, for example.

Re:For Slashdot Lamerz:

Hey oodaloop... April fools!

Yours In Ashgabat,
Kilgore Trout

Re:NEW YEARS WARNING

Here is me, a troll, astounded at my superiors' troll skill. It seems that I still have many level ups more to go...

Re:NEW YEARS WARNING

lurk moar.

The original winner

And in other news: we learn that C was actually invented during the Underhanded Programming Language Contest of 1972.

As opposed to?

[tomhudson]

This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field

As opposed to the current system that does it at random? If you come up with a system that ONLY does it when malicious text is written in the comment field, the government wants to talk with you. They paid $500 per LINE for a baggage-routing system that never worked. It was finally abandoned after half a billion was sunk into it.