fbpx
Wikipedia

Underhanded C Contest

January 01, 1970

The Underhanded C Contest was a programming contest to turn out code that is malicious, but passes a rigorous inspection, and looks like an honest mistake even if discovered. The contest rules define a task, and a malicious component. Entries must perform the task in a malicious manner as defined by the contest, and hide the malice. Contestants are allowed to use C-like compiled languages to make their programs.[1]

The contest was organized by Dr. Scott Craver[2] of the Department of Electrical Engineering at Binghamton University. The contest was initially inspired by Daniel Horn's Obfuscated V contest in the fall of 2004.[3] For the 2005 to 2008 contests, the prize was a $100 gift certificate to ThinkGeek. The 2009 contest had its prize increased to $200 due to the very late announcement of winners, and the prize for the 2013 contest is also a $200 gift certificate.

Contests edit

2005 edit

The 2005 contest had the task of basic image processing, such as resampling or smoothing, but covertly inserting unique and useful "fingerprinting" data into the image. Winning entries from 2005 used uninitialized data structures, reuse of pointers, and an embedding of machine code in constants.

2006 edit

The 2006 contest required entries to count word occurrences, but have vastly different runtimes on different platforms. To accomplish the task, entries used fork implementation errors, optimization problems, endian differences and various API implementation differences. The winner called strlen() in a loop, leading to quadratic complexity which was optimized out by a Linux compiler but not by Windows.

2007 edit

The 2007 contest required entries to encrypt and decrypt files with a strong, readily available encryption algorithm such that a low percentage (1% - 0.01%) of the encrypted files may be cracked in a reasonably short time. The contest commenced on April 16 and ended on July 4. Entries used misimplementations of RC4, misused API calls, and incorrect function prototypes.

2008 edit

The 2008 contest required entries to redact a rectangular portion of a PPM image in a way that the portion may be reconstructed. Any method of "blocking out" the rectangle was allowed, as long as the original pixels were removed, and the pixel reconstruction didn't have to be perfect[4] (although the reconstruction's fidelity to the original file would be a factor in judging). The contest began on June 12, and ended on September 30. Entries tended to either xor the region with a retrievable pseudo-random mask or append the masked data to the end of the file format. The second placing programs both used improperly defined macros while the winner, choosing to work with an uncommon text based format, zeroed out pixel values while keeping the number of digits intact.

2009 edit

The 2009 contest required participants to write a program that sifts through routing directives but redirects a piece of luggage based on some innocuous-looking comment in the space-delimited input data file. The contest began December 29, 2009, and was due to end on March 1, 2010.[5] However, no activity occurred for three years. The winners were only announced on April 1, 2013, with one overall winner and six runners-up.[6][7]

2013 edit

The 2013 contest was announced on April 1, 2013, and was due July 4, 2013; results were announced on September 29, 2014.[8] It was about a fictional social website called "ObsessBook". The challenge was to write a function to compute the DERPCON (Degrees of Edge-Reachable Personal CONnection) between two users that "accidentally" computes a too low distance for a special user.

2014 edit

The 2014 contest was announced on November 2, 2014, and was due January 1, 2015. The results were announced on June 1, 2015.[9] The objective was to write surveillance code for a Twitter-like social networking service, to comply with a secret government surveillance request; but for non-obvious reasons, the code must subtly leak the act of surveillance to a user. The general approach is to obfuscate writes to the user data as writing to surveillance data, and the winning entry did so by implementing a buggy time-checking function that overwrites the input.

2015 edit

The 2015 contest was announced on August 15, 2015, and was due November 15, 2015. The results were announced on January 15, 2016. The scenario was a nuclear disarmament process between the Peoples Glorious Democratic Republic of Alice and the Glorious Democratic Peoples Republic of Bob (Alice and Bob), and the mission was to write a test function for comparing potentially fissile material against a reference sample, which under certain circumstances would label a warhead as containing fissile material when it doesn't. Around a third of the submissions used NaN poisoning by erroneous floating-point operations, which generates more NaN's in the later computation and always evaluates to false for a comparison. The winning entry used a confusion of datatypes between double and float to distort values.

See also edit

References edit

  1. ^ "Underhanded C Contest Revived". I Programmer. April 6, 2013. Retrieved October 4, 2014.
  2. ^ Faculty and Staff page of EE Dept. at Binghamton University May 29, 2010, at the Wayback Machine
  3. ^ "Underhanded C Contest FAQ". Underhanded C contest. Retrieved February 28, 2015.
  4. ^ 2008 contest rules March 22, 2015, at the Wayback Machine
  5. ^ , xcott.com (archived from the original October 6, 2014, at the Wayback Machine on 2011-07-18)
  6. ^ . January 8, 2010. Archived from the original on January 8, 2010. Retrieved March 12, 2019.
  7. ^ "The Underhanded C Contest". Archived from the original on April 9, 2013. Retrieved April 3, 2013.
  8. ^ Scott Craver (September 29, 2014). "2013 Winners". Retrieved June 22, 2017.
  9. ^ Scott Craver (November 2, 2014). "The 7th Underhanded C Contest is now Open". Retrieved December 18, 2014.

External links edit

  • Official contest page
  • Prior page with 2014 winners

January 01, 1970
underhanded, contest, programming, contest, turn, code, that, malicious, passes, rigorous, inspection, looks, like, honest, mistake, even, discovered, contest, rules, define, task, malicious, component, entries, must, perform, task, malicious, manner, defined,. The Underhanded C Contest was a programming contest to turn out code that is malicious but passes a rigorous inspection and looks like an honest mistake even if discovered The contest rules define a task and a malicious component Entries must perform the task in a malicious manner as defined by the contest and hide the malice Contestants are allowed to use C like compiled languages to make their programs 1 The contest was organized by Dr Scott Craver 2 of the Department of Electrical Engineering at Binghamton University The contest was initially inspired by Daniel Horn s Obfuscated V contest in the fall of 2004 3 For the 2005 to 2008 contests the prize was a 100 gift certificate to ThinkGeek The 2009 contest had its prize increased to 200 due to the very late announcement of winners and the prize for the 2013 contest is also a 200 gift certificate Contents 1 Contests 1 1 2005 1 2 2006 1 3 2007 1 4 2008 1 5 2009 1 6 2013 1 7 2014 1 8 2015 2 See also 3 References 4 External linksContests edit2005 edit The 2005 contest had the task of basic image processing such as resampling or smoothing but covertly inserting unique and useful fingerprinting data into the image Winning entries from 2005 used uninitialized data structures reuse of pointers and an embedding of machine code in constants 2006 edit The 2006 contest required entries to count word occurrences but have vastly different runtimes on different platforms To accomplish the task entries used fork implementation errors optimization problems endian differences and various API implementation differences The winner called strlen in a loop leading to quadratic complexity which was optimized out by a Linux compiler but not by Windows 2007 edit The 2007 contest required entries to encrypt and decrypt files with a strong readily available encryption algorithm such that a low percentage 1 0 01 of the encrypted files may be cracked in a reasonably short time The contest commenced on April 16 and ended on July 4 Entries used misimplementations of RC4 misused API calls and incorrect function prototypes 2008 edit The 2008 contest required entries to redact a rectangular portion of a PPM image in a way that the portion may be reconstructed Any method of blocking out the rectangle was allowed as long as the original pixels were removed and the pixel reconstruction didn t have to be perfect 4 although the reconstruction s fidelity to the original file would be a factor in judging The contest began on June 12 and ended on September 30 Entries tended to either xor the region with a retrievable pseudo random mask or append the masked data to the end of the file format The second placing programs both used improperly defined macros while the winner choosing to work with an uncommon text based format zeroed out pixel values while keeping the number of digits intact 2009 edit The 2009 contest required participants to write a program that sifts through routing directives but redirects a piece of luggage based on some innocuous looking comment in the space delimited input data file The contest began December 29 2009 and was due to end on March 1 2010 5 However no activity occurred for three years The winners were only announced on April 1 2013 with one overall winner and six runners up 6 7 2013 edit The 2013 contest was announced on April 1 2013 and was due July 4 2013 results were announced on September 29 2014 8 It was about a fictional social website called ObsessBook The challenge was to write a function to compute the DERPCON Degrees of Edge Reachable Personal CONnection between two users that accidentally computes a too low distance for a special user 2014 edit The 2014 contest was announced on November 2 2014 and was due January 1 2015 The results were announced on June 1 2015 9 The objective was to write surveillance code for a Twitter like social networking service to comply with a secret government surveillance request but for non obvious reasons the code must subtly leak the act of surveillance to a user The general approach is to obfuscate writes to the user data as writing to surveillance data and the winning entry did so by implementing a buggy time checking function that overwrites the input 2015 edit The 2015 contest was announced on August 15 2015 and was due November 15 2015 The results were announced on January 15 2016 The scenario was a nuclear disarmament process between the Peoples Glorious Democratic Republic of Alice and the Glorious Democratic Peoples Republic of Bob Alice and Bob and the mission was to write a test function for comparing potentially fissile material against a reference sample which under certain circumstances would label a warhead as containing fissile material when it doesn t Around a third of the submissions used NaN poisoning by erroneous floating point operations which generates more NaN s in the later computation and always evaluates to false for a comparison The winning entry used a confusion of datatypes between double and float to distort values See also editInternational Obfuscated C Code ContestReferences edit Underhanded C Contest Revived I Programmer April 6 2013 Retrieved October 4 2014 Faculty and Staff page of EE Dept at Binghamton University Archived May 29 2010 at the Wayback Machine Underhanded C Contest FAQ Underhanded C contest Retrieved February 28 2015 2008 contest rules Archived March 22 2015 at the Wayback Machine The Underhanded C Contest xcott com archived from the original Archived October 6 2014 at the Wayback Machine on 2011 07 18 The Underhanded C Contest Also we re looking for good PhD students January 8 2010 Archived from the original on January 8 2010 Retrieved March 12 2019 The Underhanded C Contest Archived from the original on April 9 2013 Retrieved April 3 2013 Scott Craver September 29 2014 2013 Winners Retrieved June 22 2017 Scott Craver November 2 2014 The 7th Underhanded C Contest is now Open Retrieved December 18 2014 External links editOfficial contest page Prior page with 2014 winners Retrieved from https en wikipedia org w index php title Underhanded C Contest amp oldid 1219291726, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.