Skip to content
TopicTracker
From HackerNewsView original
TranslationTranslation

The Underhanded C Contest

The Underhanded C Contest is a programming competition where participants write short, seemingly innocent C code that actually performs malicious or unexpected actions, testing their ability to hide subtle flaws in plain sight.

Background

- The Underhanded C Contest was a programming challenge (2005–2019) where participants wrote C code that appeared honest and correct but secretly performed malicious or unexpected behavior — testing the ability to hide exploits in plain sight. - It highlighted how hard it is to write safe, auditable C code even when reviewers are actively looking for tricks, foreshadowing real-world vulnerabilities in critical systems (e.g., open-source libraries, firmware, encryption software). - Each year had a theme: spoofing election results, hiding backdoors in image processing, cheating at poker, etc. Winning entries used subtle abuses of integer overflow, undefined behavior, preprocessor macros, or misleading formatting. - The contest was founded by Scott Craver, an engineer at Boeing and later a professor at Binghamton University. It ended after the 2019 edition, as the community felt compiler optimizations exploiting undefined behavior had made the challenge too easy — and too much like real-world exploit writing.