DHReutter

Ever wondered if peer review of source code really enhances security? Ever thought it could be possible to hide routines in plain C so cleverly noone would even think something was there? Ever wanted to work for a feared government agency with three letters but your resumée is not spiffy enough yet?

Search no more, fellow hackers! The 2008 Underhanded C Contest has been announced and offers fun, eternal respect writing and $100 ThinkGeek gift certificate!

This year's challenge is titled Leaky Redaction.

In this case you have to offer a small program (preferrably <200 LOC), which redacts a PPM image at coordinates given via command line by drawing a box at those coordinates. The image should be rendered beyond recognition at this position for any human viewer, but a corresponding 'deredactor' should be able to regain as much information as possible.

Sounds easy at first, but this is the Underhanded C Contest, so all modifications should not be observable by reading the source code! To quote the mission statement:

The Underhanded C Contest is an annual contest to write innocent-looking C code implementing malicious behavior. In this contest you must write C code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.

Uwe Hermann and myself took part back in 2005. The program should write extra information to a picture when converting it and we had quite a time in coding the piece. If you want, you can download the program here: underhanded2005.tar. The price back then was better (IIRC a collection of beers and no, we didn't win it) but nevertheless I am really heartbroken that we most likely will not find the time to take part in this year's contest.

Anyways, to all of you participating:
Happy Hacking!