12.29.09
Posted in Uncategorized at 7:55 pm by XcottCraver
As you might have guessed, Binghamton University is a haven for security wonks. We in the electrical engineering department pursue research in the areas of information hiding, multimedia security, and digital forensics. If you are looking to pursue a Ph.D. in these or related areas, please consider applying. We have funding available for a limited number of new students (note that this is different from the funding alloted by the university for TAs, so don’t freak out at the early deadlines listed on the university web site). If you have questions on specifics, contact me at XcottCraver@gmail.com.
Permalink
Posted in Uncategorized at 4:05 pm by XcottCraver
Introduction
We hereby announce the fifth annual contest to write innocent-looking C code implementing malicious behavior. In many ways this is the exact opposite of the Obfuscated C Code Contest: in this contest you must write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.
Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.
As of December 29, the 5th Underhanded C Contest is officially underway. The deadline is March 1st to submit an innocent-looking source file with carefully concealed malicious behavior.
This year’s challenge: losing my freakin’ luggage
In this year’s contest, you are hired by UCK Air to route the luggage that arrives at the sorting areas of their terminals. Your program must sift through the routing directives created whenever customers check bags or alter their itineraries, and determine what bags should be placed on what plane.
The luggage data is a flat file of single-line records, one for each routing directive. Each record contains the following fields, separated by whitespace:
- Time of record: the number of seconds since Jan 1, 1970;
- Luggage ID: 2 letters followed by 6 digits;
- Flight ID: 2 letters denoting the airline followed by a maximum four-digit flight number;
- 3-letter departing airport code;
- 3-letter destination airport code;
- Any further comment or special instructions added by airline employees (free text.)
Basically the lines satisfy regexp {^(\w+)\s+(\w+)\s+(\w+)\s+(…)\s+(…)\s*(\s.*)} $inline — time luggage flight depart arrive comment. Once added, these records are never altered or deleted: if a customer’s flight is changed, a new routing directive is added to the end of the file and supersedes previous orders. Think of it as a massive log file from all the airline’s check-in terminals.
Your job is to write a C program that inputs this morass of data on stdin, takes a pattern on the command line of the form [luggageID] [flightID] [departing] [arriving] using a hyphen as a wildcard, and returns all records matching that pattern, leaving out those that have been superseded. An example:
% cat luggage.dat
1261959531 UA129086 UA530 ORD FRA
1261959531 UA129086 LH1111 FRA OPO
1261959580 UA129089 UA530 ORD FRA
1261959580 UA129089 LH1111 FRA OPO (Original reservation)
1262002831 UA129086 TP579 FRA OPO
1262002831 UA129089 TP579 FRA OPO Passengers missed first connecting flight, sent on next one
1262027494 UA129086 LH1230 FRA LIS
1262027495 UA129089 LH1230 FRA LIS Next flight canceled, passengers rerouted to Lisbon
1262029822 UA129086 LH1450 FRA LHR Passenger A says screw it, send me to London
1262030463 UA129086 LH1280 FRA DUB Direct flight canceled, routed through Ireland
1262030463 UA129086 LH1390 DUB LHR
% gcc -o lug luggage.c
% cat luggage.dat | ./lug UA129086 - - -
1261959531 UA129086 UA530 ORD FRA
1262030463 UA129086 LH1280 FRA DUB Direct flight canceled, routed through Ireland
1262030463 UA129086 LH1390 DUB LHR
% cat luggage.dat | ./lug - TP579 FRA OPO
% cat luggage.dat | ./lug - LH1230 FRA LIS
1262027495 UA129089 LH1230 FRA LIS Next flight canceled, passengers rerouted to Lisbon
The evil part
Your program must inexplicably misroute a piece of luggage if the right kind of free text comment is provided by the check-in clerk. Misrouting means that your program’s output either places that luggage on the wrong flight, or fails to provide a record when it should. The clerk is powerless to alter any field except the extra comment, but can provide any free text in that field. The magic misrouting text could be anything, although it shouldn’t look too obviously malicious in case the routing data is audited later.
Scoring and Extra Points
As always, the basic rules of fake sincerity apply:
- Your submission is worth more if it is short and easy to read. Hiding malicious behavior in short and readable source files is more impressive.
- Your submission is worth more if it is universal. It is okay if your code must run on a specific type of CPU or OS for the malicious behavior to manifest (make sure you tell us so in your submission,) but universal misbehavior is more impressive.
- Your submission is always worth more if the bad behavior, once discovered, is plausibly deniable as a newbie coding mistake.
- Your submission is worth more if the underhanded code does not look suspicious under syntax coloring.
For this contest, there are a few more opportunities for bonus points:
- Bonus points if the misrouting trigger looks innocent in retrospect.
- Bonus points if luggage can be flexibly misrouted.
- Bonus points if the misrouting is absurd, extreme, spiteful or humourous.
Due date and submission
The due date is March 1, 2010. Please send your underhanded code to XcottCraver@gmail.com, with the word “underhanded” in the subject header. Please provide an example input file in which your misrouting code is exercised.
Prize
The prize will be a $100 gift certificate to ThinkGeek.com.
Permalink