Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Contests 1.1 2005 1.2 2006 1.3 2007 1.4 2008 1.5 2009 1.6 2013 1.7 2014 1.8 2015 2 See also 3 References 4 External links

Underhanded C Contest

Add links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

The Underhanded C Contest was a programming contest to turn out code that is malicious, but passes a rigorous inspection, and looks like an honest mistake even if discovered. The contest rules define a task, and a malicious component. Entries must perform the task in a malicious manner as defined by the contest, and hide the malice. Contestants are allowed to use C-like compiled languages to make their programs.^[1]

The contest was organized by Dr. Scott Craver^[2] of the Department of Electrical Engineering at Binghamton University. The contest was initially inspired by Daniel Horn's Obfuscated V contest in the fall of 2004.^[3] For the 2005 to 2008 contests, the prize was a $100 gift certificate to ThinkGeek. The 2009 contest had its prize increased to $200 due to the very late announcement of winners, and the prize for the 2013 contest is also a $200 gift certificate.

Contests[edit]

2005[edit]

The 2005 contest had the task of basic image processing, such as resampling or smoothing, but covertly inserting unique and useful "fingerprinting" data into the image. Winning entries from 2005 used uninitialized data structures, reuse of pointers, and an embedding of machine codeinconstants.

2006[edit]

The 2006 contest required entries to count word occurrences, but have vastly different runtimes on different platforms. To accomplish the task, entries used fork implementation errors, optimization problems, endian differences and various API implementation differences. The winner called strlen() in a loop, leading to quadratic complexity which was optimized out by a Linux compiler but not by Windows.

2007[edit]

The 2007 contest required entries to encrypt and decrypt files with a strong, readily available encryption algorithm such that a low percentage (1% - 0.01%) of the encrypted files may be cracked in a reasonably short time. The contest commenced on April 16 and ended on July 4. Entries used misimplementations of RC4, misused API calls, and incorrect function prototypes.

2008[edit]

The 2008 contest required entries to redact a rectangular portion of a PPM image in a way that the portion may be reconstructed. Any method of "blocking out" the rectangle was allowed, as long as the original pixels were removed, and the pixel reconstruction didn't have to be perfect^[4] (although the reconstruction's fidelity to the original file would be a factor in judging). The contest began on June 12, and ended on September 30. Entries tended to either xor the region with a retrievable pseudo-random mask or append the masked data to the end of the file format. The second placing programs both used improperly defined macros while the winner, choosing to work with an uncommon text based format, zeroed out pixel values while keeping the number of digits intact.

2009[edit]

The 2009 contest required participants to write a program that sifts through routing directives but redirects a piece of luggage based on some innocuous-looking comment in the space-delimited input data file. The contest began December 29, 2009, and was due to end on March 1, 2010.^[5] However, no activity occurred for three years. The winners were only announced on April 1, 2013, with one overall winner and six runners-up.^[6]^[7]

2013[edit]

The 2013 contest was announced on April 1, 2013, and was due July 4, 2013; results were announced on September 29, 2014.^[8] It was about a fictional social website called "ObsessBook". The challenge was to write a function to compute the DERPCON (Degrees of Edge-Reachable Personal CONnection) between two users that "accidentally" computes a too low distance for a special user.

2014[edit]

The 2014 contest was announced on November 2, 2014, and was due January 1, 2015. The results were announced on June 1, 2015.^[9] The objective was to write surveillance code for a Twitter-like social networking service, to comply with a secret government surveillance request; but for non-obvious reasons, the code must subtly leak the act of surveillance to a user. The general approach is to obfuscate writes to the user data as writing to surveillance data, and the winning entry did so by implementing a buggy time-checking function that overwrites the input.

2015[edit]

The 2015 contest was announced on August 15, 2015, and was due November 15, 2015. The results were announced on January 15, 2016. The scenario was a nuclear disarmament process between the Peoples Glorious Democratic Republic of Alice and the Glorious Democratic Peoples Republic of Bob (Alice and Bob), and the mission was to write a test function for comparing potentially fissile material against a reference sample, which under certain circumstances would label a warhead as containing fissile material when it doesn't. Around a third of the submissions used NaN poisoning by erroneous floating-point operations, which generates more NaN's in the later computation and always evaluates to false for a comparison. The winning entry used a confusion of datatypes between double and float to distort values.

References[edit]

^ "Underhanded C Contest Revived". I Programmer. April 6, 2013. Retrieved October 4, 2014.

^ Faculty and Staff page of EE Dept. at Binghamton University Archived May 29, 2010, at the Wayback Machine

^ "Underhanded C Contest FAQ". Underhanded C contest. Retrieved February 28, 2015.

^ 2008 contest rules Archived March 22, 2015, at the Wayback Machine

^ The Underhanded C Contest », xcott.com (archived from the original Archived October 6, 2014, at the Wayback Machine on 2011-07-18)

^ "The Underhanded C Contest » Also, we're looking for good PhD students". January 8, 2010. Archived from the original on January 8, 2010. Retrieved March 12, 2019.

^ "The Underhanded C Contest". Archived from the original on April 9, 2013. Retrieved April 3, 2013.

^ Scott Craver (September 29, 2014). "2013 Winners". Retrieved June 22, 2017.

^ Scott Craver (November 2, 2014). "The 7th Underhanded C Contest is now Open". Retrieved December 18, 2014.

External links[edit]

v t e Binghamton University
Athletics	Binghamton Bearcats Men's basketball Women's basketball Men's lacrosse Wrestling Events Center Varsity Field
Campus	City of Binghamton Town of Vestal Cider Mill Playhouse Fernand Braudel Center Harpur Palate OCC Transport
People	Harvey G. Stenger (President) Honorary degree recipients
Student life	Binghamton Crosbys BTV Harpur Harpeggios Pipe Dream WHRW Radio

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Fleeceware Form grabbing Fraudulent dialer Malbot Keystroke logging Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses HyperCard viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Operation: Bot Roast

Retrieved from "https://en.wikipedia.org/w/index.php?title=Underhanded_C_Contest&oldid=1219291726" Categories: ●C (programming language) contests ●Programming contests ●Binghamton University ●Malware ●Software obfuscation ●Recurring events established in 2005 Hidden categories: ●Webarchive template wayback links ●Use American English from March 2019 ●All Wikipedia articles written in American English ●Articles with short description ●Short description matches Wikidata ●Use mdy dates from March 2019 ●This page was last edited on 16 April 2024, at 21:29 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view