08.20.08

Check out Poly’s underhanded hardware contest

Posted in Uncategorized at 11:37 am by XcottCraver

My friends at NYU Polytechnic (formerly Brooklyn Polytechnic) sent me a link to the next
Cyber Security Awareness Week challenge. CSAW is a big event with multiple security contests. One of them, inspired by the UCC, is an underhanded embedded system contest:

Cryptographers, scientists and engineers in the Orange Army have developed a solid-state cryptographic device, codenamed Alpha. The new device uses a strong 128-bit private key block cipher which has been shown to be resistant to modern cryptanalysis techniques.
[…]
Your challenge is to design and implement a set of trojans, to undermine Alpha’s cryptographic strength, and incorporate them into Alpha’s HDL without failing validation testing.

This is similar to last year’s Underhanded contest, except here you must add backdoors to someone else’s design—and instead of passing visual inspection of source, it must pass black-box testing, and have the same binary size and power consumption.

This is a security problem of increasing importance, as people send security-critical designs to be fabricated in faraway, insecure foundries. It is an unsolved (and maybe insoluble) problem to design and then test layouts so that backdoors can be detected.

You can find the full description at http://isis.poly.edu/csaw/embedded.

06.14.08

Bug in PPM code

Posted in Uncategorized at 8:21 am by XcottCraver

Several readers pointed out a bug in the PPM code. Thanks for the heads up, we’ll fix that pronto.

Edit: I think it is fixed.

06.12.08

The 2008 Underhanded C Contest

Posted in Uncategorized at 5:17 pm by XcottCraver

Introduction

We hereby announce our fourth annual contest to write innocent-looking C code implementing malicious behavior. In many ways this is the exact opposite of the Obfuscated C Code Contest: in this contest you must write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.

Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.

As of June 12, the 2008 Underhanded C Contest is officially underway. The deadline is September 30th to submit an innocent-looking source file with carefully concealed malicious behavior.

This year’s challenge: leaky redaction

The object of this year’s contest: write a short, simple C program that redacts (blocks out) rectangles in an image. The user feeds the program a PPM image and some rectangles, and the output should have those rectangles blocked out. Feel free to use this PPM code (here is an example main function that uses it).

Woo, five points.

[Note: “blocked out” means “replaced with non-image.” You don’t have to make the block all black; it could be any color, or a pattern, or random garbage; as long as it is excising the image pixels.]

A possible command-line usage might be:

% gcc -o redactomatic obviouslyinnocentprogram.c

% redactomatic in.ppm > out.ppm
10 14 121 44
10 60 121 90
10 104 121 134
^D

% redactomatic scan.ppm < redactions.txt > newscan.ppm

Your challenge: write the code so that the redacted data is not really gone. Ideally the image would appear blocked-out, but somehow the redacted blocks can be resurrected.

The removed pixels don’t have to be perfectly reconstructable; if a very faint signal remains, that’s often good enough for redacted document scans. Indeed, an attacker may know that a redacted block might be one of two words, and any tiny bit of leakage that helps her determine which is more likely is technically a valid attack. However, more points are given for greater pixel leakage.

Scoring, and Extra Points

The main object of the contest is producing a source file that looks very innocent, and passes informal code inspection. Here are some guidelines for judging innocence:

  • Short programs are innocent, and more impressive. If your source file is over 200 lines, you are not likely to win. You can hide a semi truck in 300 lines of C. In general, the fewer hiding places, the more impressed we will be if you can conceal malicious behavior.

    Note that if you use our PPM code, or any bog-standard image library, that code isn’t counted in the number of lines. (If you tamper with our code it counts toward your total.)

  • Typical behavior is innocent. Unusual and unnecessary steps will raise eyebrows unless you can find a reasonable excuse for them. This makes this challenge somewhat difficult, because there are only so many ways a dude can wipe out a rectangle.

Extra points will be handed out for the following reasons:

  • Extra points if the error, once found, looks like an innocent bug rather than deliberate miscoding.
  • Extra points if your code still appears innocent under syntax coloring.
  • Extra points if the information leakage is dramatic.

Of course, there are other factors: we award points for humor value and irony. I have always been impressed with the winner of the 2004 Obfuscated V contest, who concealed an error in a vote-counting program by adding a voter-verifiable paper trail function that overflowed a buffer. That’s evil with style.

How to Submit

Mail your C file to me at XcottCraver at teh gmail; please put the word “Underhanded” in your subject.

Submissions are accepted up until September 30th, 2008. Winners will be announced at some future date.

Prize

The best underhanded program will win a $100 gift certificate to ThinkGeek.com

04.16.07

The 2007 Underhanded C Contest is Now Open

Posted in Uncategorized at 2:20 pm by XcottCraver

Introduction

We hereby announce our third annual contest to write innocent-looking C code implementing malicious behavior. In many ways this is the exact opposite of the Obfuscated C Code Contest: in this contest you must write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.

Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.

As of April 16, the 2007 Underhanded C Contest is officially underway. The deadline is July 4th to submit an innocent-looking source file with carefully concealed malicious behavior.

This year’s challenge: weak encryption

The object of this year’s contest: write a short, simple C program that encrypts/decrypts a file, given a password on the command line. Don’t implement your own cipher, but use a bog-standard strong cipher from a widely available library. An example usage might be something like:

% gcc -o cryptacular obviouslyinnocentprogram.c -lcrypto

% cryptacular -e passphrase < bigfile.mp3 > ciphertext
% cryptacular -d passphrase < ciphertext > plaintext.mp3

Your challenge: write the code so that some small fraction of the time (between 1% and 0.01% of files, on average) the encrypted file is weak and can be cracked by an adversary without the password. The poorly encrypted file must still decrypt properly by your own software.

“Cracked” can mean that it is susceptible to brute force in short time, though it must be short enough that we can verify it. Or it could mean that the file is trivially obfuscated.

Scoring, and Extra Points

The object of the contest is producing a source file that looks innocent, and passes informal code inspection. Here are some guidelines for judging innocence:

  • Short programs are innocent, and more impressive. If your source file is over 200 lines, you are not likely to win. You can hide a semi truck in 300 lines of C.

    In general, the fewer hiding places, the more impressed we will be if you can conceal malicious behavior.

    In this case you’re using someone else’s library, and that library could in theory have bad code in it, which you could exploit. That’s cool, and doesn’t count toward the “size” of your submission. Unless you put in the bad code yourself.

  • Typical behavior is innocent. Unusual and unnecessary steps, like forking a process or connecting to a remote server will raise eyebrows unless you can find a reasonable excuse for them.

Extra points will be handed out for the following reasons:

  • Extra points if the error, once found, looks like an innocent bug rather than deliberate miscoding.
  • Extra points if your code still appears innocent under syntax coloring.
  • Extra points if you can tell, quickly, which outputs are weak.

Of course, there are other factors: we award points for humor value and irony. I have always been impressed with the winner of the 2004 Obfuscated V contest, who concealed an error in a vote-counting program by adding a voter-verifiable paper trail function that overflowed a buffer. That’s evil with style.

How to Submit

Mail your C file to me at XcottCraver at teh gmail; please put the word “Underhanded” in your subject.

Submissions are accepted up until July 4th, 2007. Winners will be announced on some date in some year.

Prize

The best underhanded program will win a $100 gift certificate to ThinkGeek.com