519:
118:
The contest began on June 12, and ended on
September 30. Entries tended to either xor the region with a retrievable pseudo-random mask or append the masked data to the end of the file format. The second placing programs both used improperly defined macros while the winner, choosing to work with an uncommon text based format, zeroed out pixel values while keeping the number of digits intact.
164:, to comply with a secret government surveillance request; but for non-obvious reasons, the code must subtly leak the act of surveillance to a user. The general approach is to obfuscate writes to the user data as writing to surveillance data, and the winning entry did so by implementing a buggy time-checking function that overwrites the input.
117:
image in a way that the portion may be reconstructed. Any method of "blocking out" the rectangle was allowed, as long as the original pixels were removed, and the pixel reconstruction didn't have to be perfect (although the reconstruction's fidelity to the original file would be a factor in judging).
126:
The 2009 contest required participants to write a program that sifts through routing directives but redirects a piece of luggage based on some innocuous-looking comment in the space-delimited input data file. The contest began
December 29, 2009, and was due to end on March 1, 2010. However, no
104:
The 2007 contest required entries to encrypt and decrypt files with a strong, readily available encryption algorithm such that a low percentage (1% - 0.01%) of the encrypted files may be cracked in a reasonably short time. The contest commenced on April 16 and ended on July 4. Entries used
172:
The 2015 contest was announced on August 15, 2015, and was due
November 15, 2015. The results were announced on January 15, 2016. The scenario was a nuclear disarmament process between the Peoples Glorious Democratic Republic of Alice and the Glorious Democratic Peoples Republic of Bob
177:), and the mission was to write a test function for comparing potentially fissile material against a reference sample, which under certain circumstances would label a warhead as containing fissile material when it doesn't. Around a third of the submissions used
181:
poisoning by erroneous floating-point operations, which generates more NaN's in the later computation and always evaluates to false for a comparison. The winning entry used a confusion of datatypes between double and float to distort values.
135:
The 2013 contest was announced on April 1, 2013, and was due July 4, 2013; results were announced on
September 29, 2014. It was about a fictional social website called "ObsessBook". The challenge was to write a function to compute the
91:
The 2006 contest required entries to count word occurrences, but have vastly different runtimes on different platforms. To accomplish the task, entries used fork implementation errors, optimization problems,
235:
35:. The contest rules define a task, and a malicious component. Entries must perform the task in a malicious manner as defined by the contest, and hide the malice. Contestants are allowed to use
96:
differences and various API implementation differences. The winner called strlen() in a loop, leading to quadratic complexity which was optimized out by a Linux compiler but not by
Windows.
586:
46:. The contest was initially inspired by Daniel Horn's Obfuscated V contest in the fall of 2004. For the 2005 to 2008 contests, the prize was a $ 100 gift certificate to
50:. The 2009 contest had its prize increased to $ 200 due to the very late announcement of winners, and the prize for the 2013 contest is also a $ 200 gift certificate.
449:
232:
1022:
849:
997:
152:
The 2014 contest was announced on
November 2, 2014, and was due January 1, 2015. The results were announced on June 1, 2015. The objective was to write
518:
488:
191:
483:
701:
493:
508:
503:
442:
966:
657:
153:
127:
activity occurred for three years. The winners were only announced on April 1, 2013, with one overall winner and six runners-up.
854:
80:
1007:
681:
435:
344:
1017:
1002:
920:
498:
940:
808:
161:
318:
301:
742:
732:
275:
36:
818:
144:
Personal CONnection) between two users that "accidentally" computes a too low distance for a special user.
869:
696:
618:
548:
650:
607:
458:
43:
32:
976:
971:
930:
859:
717:
543:
533:
28:
925:
478:
468:
910:
747:
727:
602:
290:
935:
889:
798:
577:
42:
The contest was organized by Dr. Scott Craver of the
Department of Electrical Engineering at
1012:
950:
915:
643:
538:
72:
64:
945:
884:
305:
279:
239:
905:
879:
686:
68:
422:
348:
991:
864:
783:
691:
560:
554:
174:
114:
71:" data into the image. Winning entries from 2005 used uninitialized data structures,
803:
722:
211:
141:
76:
31:
contest to turn out code that is malicious, but passes a rigorous inspection, and
105:
misimplementations of RC4, misused API calls, and incorrect function prototypes.
874:
793:
251:
833:
813:
778:
93:
67:, such as resampling or smoothing, but covertly inserting unique and useful "
823:
773:
319:"The Underhanded C Contest » Also, we're looking for good PhD students"
47:
393:
371:
612:
427:
18:
Programming contest for malicious code that looks like an honest mistake
828:
737:
666:
157:
113:
The 2008 contest required entries to redact a rectangular portion of a
788:
768:
763:
322:
298:
294:
272:
635:
624:
417:
639:
431:
178:
233:
Faculty and Staff page of EE Dept. at
Binghamton University
959:
898:
842:
756:
710:
674:
595:
569:
526:
467:
39:-like compiled languages to make their programs.
33:looks like an honest mistake even if discovered
651:
443:
8:
394:"The 7th Underhanded C Contest is now Open"
658:
644:
636:
450:
436:
428:
203:
192:International Obfuscated C Code Contest
63:The 2005 contest had the task of basic
702:Timeline of computer viruses and worms
7:
1023:Recurring events established in 2005
370:Scott Craver (September 29, 2014).
14:
998:C (programming language) contests
967:Computer and network surveillance
392:Scott Craver (November 2, 2014).
321:. January 8, 2010. Archived from
517:
291:The Underhanded C Contest »
212:"Underhanded C Contest Revived"
682:Comparison of computer viruses
1:
921:Data loss prevention software
214:. I Programmer. April 6, 2013
423:Prior page with 2014 winners
345:"The Underhanded C Contest"
252:"Underhanded C Contest FAQ"
1039:
941:Intrusion detection system
587:Honorary degree recipients
809:Privacy-invasive software
515:
162:social networking service
304:October 6, 2014, at the
819:Rogue security software
278:March 22, 2015, at the
254:. Underhanded C contest
855:Classic Mac OS viruses
697:List of computer worms
549:Fernand Braudel Center
75:, and an embedding of
1008:Binghamton University
460:Binghamton University
418:Official contest page
238:May 29, 2010, at the
44:Binghamton University
25:Underhanded C Contest
1018:Software obfuscation
1003:Programming contests
977:Operation: Bot Roast
544:Cider Mill Playhouse
926:Defensive computing
843:By operating system
479:Binghamton Bearcats
911:Antivirus software
757:Malware for profit
728:Man-in-the-browser
675:Infectious malware
603:Binghamton Crosbys
534:City of Binghamton
489:Women's basketball
325:on January 8, 2010
273:2008 contest rules
985:
984:
936:Internet security
890:HyperCard viruses
799:Keystroke logging
789:Fraudulent dialer
733:Man-in-the-middle
633:
632:
613:Harpur Harpeggios
582:
578:Harvey G. Stenger
154:surveillance code
140:(Degrees of Edge-
73:reuse of pointers
1030:
951:Network security
916:Browser security
660:
653:
646:
637:
583:
580:
521:
484:Men's basketball
471:
461:
452:
445:
438:
429:
405:
404:
402:
400:
389:
383:
382:
380:
378:
367:
361:
360:
358:
356:
351:on April 9, 2013
347:. Archived from
341:
335:
334:
332:
330:
315:
309:
288:
282:
270:
264:
263:
261:
259:
248:
242:
230:
224:
223:
221:
219:
208:
65:image processing
1038:
1037:
1033:
1032:
1031:
1029:
1028:
1027:
988:
987:
986:
981:
960:Countermeasures
955:
946:Mobile security
894:
885:Palm OS viruses
850:Android malware
838:
752:
748:Zombie computer
706:
670:
664:
634:
629:
591:
576:
565:
522:
513:
469:
463:
459:
456:
414:
409:
408:
398:
396:
391:
390:
386:
376:
374:
369:
368:
364:
354:
352:
343:
342:
338:
328:
326:
317:
316:
312:
306:Wayback Machine
297:(archived from
289:
285:
280:Wayback Machine
271:
267:
257:
255:
250:
249:
245:
240:Wayback Machine
231:
227:
217:
215:
210:
209:
205:
200:
188:
170:
150:
133:
124:
111:
102:
89:
61:
56:
19:
12:
11:
5:
1036:
1034:
1026:
1025:
1020:
1015:
1010:
1005:
1000:
990:
989:
983:
982:
980:
979:
974:
969:
963:
961:
957:
956:
954:
953:
948:
943:
938:
933:
928:
923:
918:
913:
908:
906:Anti-keylogger
902:
900:
896:
895:
893:
892:
887:
882:
880:Mobile malware
877:
872:
867:
862:
857:
852:
846:
844:
840:
839:
837:
836:
831:
826:
821:
816:
811:
806:
801:
796:
791:
786:
781:
776:
771:
766:
760:
758:
754:
753:
751:
750:
745:
740:
735:
730:
725:
720:
714:
712:
708:
707:
705:
704:
699:
694:
689:
687:Computer virus
684:
678:
676:
672:
671:
665:
663:
662:
655:
648:
640:
631:
630:
628:
627:
622:
615:
610:
605:
599:
597:
593:
592:
590:
589:
584:
573:
571:
567:
566:
564:
563:
558:
551:
546:
541:
539:Town of Vestal
536:
530:
528:
524:
523:
516:
514:
512:
511:
506:
501:
496:
494:Men's lacrosse
491:
486:
481:
475:
473:
465:
464:
457:
455:
454:
447:
440:
432:
426:
425:
420:
413:
412:External links
410:
407:
406:
384:
372:"2013 Winners"
362:
336:
310:
308:on 2011-07-18)
283:
265:
243:
225:
202:
201:
199:
196:
195:
194:
187:
184:
169:
166:
149:
146:
132:
129:
123:
120:
110:
107:
101:
98:
88:
85:
69:fingerprinting
60:
57:
55:
52:
17:
13:
10:
9:
6:
4:
3:
2:
1035:
1024:
1021:
1019:
1016:
1014:
1011:
1009:
1006:
1004:
1001:
999:
996:
995:
993:
978:
975:
973:
970:
968:
965:
964:
962:
958:
952:
949:
947:
944:
942:
939:
937:
934:
932:
929:
927:
924:
922:
919:
917:
914:
912:
909:
907:
904:
903:
901:
897:
891:
888:
886:
883:
881:
878:
876:
873:
871:
870:MacOS malware
868:
866:
865:Linux malware
863:
861:
858:
856:
853:
851:
848:
847:
845:
841:
835:
832:
830:
827:
825:
822:
820:
817:
815:
812:
810:
807:
805:
802:
800:
797:
795:
792:
790:
787:
785:
784:Form grabbing
782:
780:
777:
775:
772:
770:
767:
765:
762:
761:
759:
755:
749:
746:
744:
741:
739:
736:
734:
731:
729:
726:
724:
721:
719:
716:
715:
713:
709:
703:
700:
698:
695:
693:
692:Computer worm
690:
688:
685:
683:
680:
679:
677:
673:
668:
661:
656:
654:
649:
647:
642:
641:
638:
626:
623:
621:
620:
616:
614:
611:
609:
606:
604:
601:
600:
598:
594:
588:
585:
579:
575:
574:
572:
568:
562:
561:OCC Transport
559:
557:
556:
555:Harpur Palate
552:
550:
547:
545:
542:
540:
537:
535:
532:
531:
529:
525:
520:
510:
509:Varsity Field
507:
505:
504:Events Center
502:
500:
497:
495:
492:
490:
487:
485:
482:
480:
477:
476:
474:
472:
466:
462:
453:
448:
446:
441:
439:
434:
433:
430:
424:
421:
419:
416:
415:
411:
395:
388:
385:
373:
366:
363:
350:
346:
340:
337:
324:
320:
314:
311:
307:
303:
300:
296:
292:
287:
284:
281:
277:
274:
269:
266:
253:
247:
244:
241:
237:
234:
229:
226:
213:
207:
204:
197:
193:
190:
189:
185:
183:
180:
176:
175:Alice and Bob
167:
165:
163:
159:
155:
147:
145:
143:
139:
130:
128:
121:
119:
116:
108:
106:
99:
97:
95:
86:
84:
82:
78:
74:
70:
66:
58:
53:
51:
49:
45:
40:
38:
34:
30:
26:
21:
16:
743:Trojan horse
723:Clickjacking
617:
596:Student life
553:
399:December 18,
397:. Retrieved
387:
375:. Retrieved
365:
353:. Retrieved
349:the original
339:
327:. Retrieved
323:the original
313:
299:the original
286:
268:
258:February 28,
256:. Retrieved
246:
228:
216:. Retrieved
206:
171:
151:
137:
134:
125:
112:
103:
90:
77:machine code
62:
41:
24:
22:
20:
15:
875:Macro virus
860:iOS malware
834:Web threats
794:Infostealer
711:Concealment
581:(President)
29:programming
992:Categories
899:Protection
814:Ransomware
779:Fleeceware
625:WHRW Radio
619:Pipe Dream
218:October 4,
198:References
824:Scareware
774:Crimeware
499:Wrestling
470:Athletics
329:March 12,
295:xcott.com
142:Reachable
81:constants
48:ThinkGeek
972:Honeypot
931:Firewall
718:Backdoor
377:June 22,
355:April 3,
302:Archived
276:Archived
236:Archived
186:See also
54:Contests
1013:Malware
829:Spyware
738:Rootkit
667:Malware
158:Twitter
138:DERPCON
804:Malbot
769:Botnet
764:Adware
669:topics
570:People
527:Campus
160:-like
156:for a
94:endian
27:was a
401:2014
379:2017
357:2013
331:2019
260:2015
220:2014
168:2015
148:2014
131:2013
122:2009
109:2008
100:2007
87:2006
59:2005
23:The
608:BTV
179:NaN
115:PPM
79:in
994::
293:,
83:.
659:e
652:t
645:v
451:e
444:t
437:v
403:.
381:.
359:.
333:.
262:.
222:.
173:(
37:C
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.