The Underhanded C Contest

The Underhanded C Contest is a yearly contest which has a simple goal: write an innocent looking program in C that hides malicious behavior. Bonus points if it looks like a legitimate bug. Immediately, I can hear the cries: “WHY? Why would you write code that hides what it’s really doing?” The answer to that is simple: To become better programmers.

C can be a dangerous language. It’s great for bit-twiddling, it can let you overwrite the execution stack, among of horde of other dangerous things. C is literally one step removed from assembler. Of course, all these dangers are also the power of C. It’s very to write code that can effectively talk to hardware in many languages that are viewed as more advanced than C, particularly these days as more and more languages utilize specialized runtimes which typically have low-level functions implemented in the Runtime in C anyway.

The challenge grew out of the 2004 Obfuscated V Contest, a contest started by a disgruntled American voter who was upset at George Bush’s re-election. This challenge was to write a vote tabulation program that looked correct, but secretely favored one candidate. Such is the basis for all the contests. Write innocent looking code, that does something evil.

These challenges have ranged from image processing to encryption tasks, with this years being to redact part of an image in a recoverable fashion. They provide a PPM library, conveniently enough, so all you need to worry about is making the image look redacted, but having the data still recoverable, all while making sure the code looks completely innocent. I’m going to be looking at competing, hell there is a $100 Thinkgeek gift certificate on the line, but I haven’t done any C in a year or so. Needless to say, I’m not sure I’ll do well. Should be an entertaining challenge though.