06.14.08
Bug in PPM code
Several readers pointed out a bug in the PPM code. Thanks for the heads up, we’ll fix that pronto.
Edit: I think it is fixed.
06.12.08
The 2008 Underhanded C Contest
Introduction
We hereby announce our fourth annual contest to write innocent-looking C code implementing malicious behavior. In many ways this is the exact opposite of the Obfuscated C Code Contest: in this contest you must write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.
Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.
As of June 12, the 2008 Underhanded C Contest is officially underway. The deadline is September 30th to submit an innocent-looking source file with carefully concealed malicious behavior.
This year’s challenge: leaky redaction
The object of this year’s contest: write a short, simple C program that redacts (blocks out) rectangles in an image. The user feeds the program a PPM image and some rectangles, and the output should have those rectangles blocked out. Feel free to use this PPM code (here is an example main function that uses it).
[Note: “blocked out” means “replaced with non-image.” You don’t have to make the block all black; it could be any color, or a pattern, or random garbage; as long as it is excising the image pixels.]
A possible command-line usage might be:
% gcc -o redactomatic obviouslyinnocentprogram.c
% redactomatic in.ppm > out.ppm
10 14 121 44
10 60 121 90
10 104 121 134
^D% redactomatic scan.ppm < redactions.txt > newscan.ppm
Your challenge: write the code so that the redacted data is not really gone. Ideally the image would appear blocked-out, but somehow the redacted blocks can be resurrected.
The removed pixels don’t have to be perfectly reconstructable; if a very faint signal remains, that’s often good enough for redacted document scans. Indeed, an attacker may know that a redacted block might be one of two words, and any tiny bit of leakage that helps her determine which is more likely is technically a valid attack. However, more points are given for greater pixel leakage.
Scoring, and Extra Points
The main object of the contest is producing a source file that looks very innocent, and passes informal code inspection. Here are some guidelines for judging innocence:
- Short programs are innocent, and more impressive. If your source file is over 200 lines, you are not likely to win. You can hide a semi truck in 300 lines of C. In general, the fewer hiding places, the more impressed we will be if you can conceal malicious behavior.
Note that if you use our PPM code, or any bog-standard image library, that code isn’t counted in the number of lines. (If you tamper with our code it counts toward your total.)
- Typical behavior is innocent. Unusual and unnecessary steps will raise eyebrows unless you can find a reasonable excuse for them. This makes this challenge somewhat difficult, because there are only so many ways a dude can wipe out a rectangle.
Extra points will be handed out for the following reasons:
- Extra points if the error, once found, looks like an innocent bug rather than deliberate miscoding.
- Extra points if your code still appears innocent under syntax coloring.
- Extra points if the information leakage is dramatic.
Of course, there are other factors: we award points for humor value and irony. I have always been impressed with the winner of the 2004 Obfuscated V contest, who concealed an error in a vote-counting program by adding a voter-verifiable paper trail function that overflowed a buffer. That’s evil with style.
How to Submit
Mail your C file to me at XcottCraver at teh gmail; please put the word “Underhanded” in your subject.
Submissions are accepted up until September 30th, 2008. Winners will be announced at some future date.
Prize
The best underhanded program will win a $100 gift certificate to ThinkGeek.com