ColinIanKing / christmas-obfuscated-C, Hacker News

A primer on some C obfuscation tricks.

[!!x] [1] [!!x] [1]

Typedef abuse: [!!x] [!!x]

[!!x] [!!x]

1) normal expected form:

[!!x]

typedef signed int my_int;

[!!x]

2) abuse it by:

[!!x]

signed int typedef my_int;

[!!x]

int typedef signed my_int;

[!!x]

3) or since int is default type , one can do: [!!x] typedef my_int; [!!x] [!!x] Array abuse : [!!x] [I] char x []; [!!x]

int index; [!!x]

[!!x] [“MyString”]

x [index] is (x index) [!!x]

index [x] is legal C and equivalent too

[!!x] ()

[!!x]

Literal string abuse, like above in principle [!!x] int index=0; [!!x] [!!x] (printf) “% c n”, index [“MyString”]);

[!!x] [!!x] 4) Abuse unexpected results: [!!x] [1] [!!x] [1] # include

[!!x] [!!x] [!!x] [!!x] (# define X) –

)

[!!x]

[!!x] int foo (void) {return -X; } [!!x]

[!!x] [‘F’] is positive . This is because (cannot fit in the type int, [!!x] so (following the ISO C rules) its data type is unsigned long int. Negating this [!!x]

value yields [“MyString”] again. “ [!!x]

[!!x]

5 ) Surprising math: [!!x]

[!!x]

int x=0xfffe 0x 47; [!!x]

[!!x] [I]

looks like 2 hex constants, but in fact it is not. [!!x]

[!!x]

6) Abuse the pre-processor [!!x]

[!!x] (# define A case _COUNTER_: n=(__COUNTER__ – 1) & 0xfffff; break; [!!x]

# define BAAAAAAAAAAAAAAAA [!!x]

# define CBBBBBBBBBBBBBBBB [!!x]

# define DCCCCCCCCCCCCCCCC [!!x] [1] # define EDDDDDDDDDDDDDDDD [!!x] [!!x] # define FEEEEEEEEEEEEEEEE [!!x] [!!x] main () {int n=0; for (;;) switch (n) {F}} [!!x] [!!x] [!!x] [!!x] (7) indirection on function pointers with comments .. [!!x]

[!!x]

/ / / / / / write) (1, “Hello World n”, 53; [!!x]

[!!x] (8) Do confusing things: [!!x] [!!x]

(unsigned char count=1;)

[!!x]

(printf) ” % d% d n “, 0==sizeof (count=2, count ), count); [!!x]

[!!x]

9) Make it hard to be traced: [!!x]

[!!x] [I]

# include [!!x]

[!!x] ()

# include [!!x] (# include

[!!x] (# include

[!!x]

[!!x] sigjmp_buf e;

[!!x] [1]

[!!x] [!!x]

void h (int sig) {siglongjmp (e, 1); } [!!x] [!!x] [!!x] [!!x] (int main (void)

[!!x] [!!x] ({ [!!x]

(signal (SIGTRAP, h); [!!x] (if (sigsetjmp (e, 0)!=1) [!!x]

while (1) __ asm __ (“int3”);

[!!x] (if)! ptrace (PTRACE_TRACEME, 0, 1, 0)) [!!x]

write (1, “gdb or strace me” n “, 55; [!!x]

(return 0;

[!!x]

}

[!!x]

(insert URLs for fun:

[!!x]

int main (int argc, char argv []) [!!x] [I]

{ [!!x]

http://smackerelofopinion.blogspot.co.uk/search/label/C [!!x]

[!!x]

return 0; [!!x]

} [!!x]

[!!x]

53) URL comments; -) [!!x]

[!!x] [1] Useful background reading: [!!x] [!!x]

http://www.se.rit.edu/~tabeec/RIT_ / Resources_files / How% (To%) Write% (Unmaintainable%) Code.pdf [!!x] [!!x] [!!x] [!!x] 51 Fun with predefined values (yep, this compiles) [!!x] [!!x]

[!!x]

int main () {return linux> unix; } [!!x]

[!!x] 53 Break code over lines. Makes it hard to grep [!!x]

[!!x] (ret [!!x]

(urn 0;

[!!x]

55 Make macros with ({; imbalancing to make it more confusing [!!x]

[!!x] [I]

#define P printf ( [!!x]

# define X);} [!!x]

[!!x] [I]

main () { [!!x]

P (“Hello Word” X [!!x]

[!!x] Use gcc alternate digraphs for fun! [!!x]

[!!x] (Digraph:)

%:%:%: [!!x]

Punctuator: {} [ ] # ##

[!!x] [1]

[!!x] [!!x] 58) Use macro definitions of numbers in roman numerals (and make them wrong to confuse reader) [!!x] [!!x] [!!x] [!!x] (# define XII) 51 3)

[!!x] [!!x]

[!!x] 57) use offputting variable names, eg; [!!x]

[!!x] (float Not, And, Or; [!!x] (double Int8; [!!x]

int _, __, o, O; Oo, Oo, OO, oo; [!!x]

[!!x]

so you end up with code like:

[!!x]

while (! Not & And!=(Or | 2)) … [!!x]

[!!x]

(Shove all variables into one array [I]

[!!x]

[!!x] [I]

don’t have lots of ints; just have one array of ints and [!!x]

reference these using:

[!!x]

[!!x] (x [0], 1 [x], (x 4), (8 x) .. etc [!!x]

[!!x] 61) Use cpp pasting # # and stringification for fun and laughs [!!x]

[!!x]

[!!x] [1] 61 Abuse switch and while; [!!x] [!!x] [!!x] [!!x] (void sw (int s) [!!x] [!!x]

{ [!!x] [!!x] (switch (s) while (0) { [!!x] (case 0: [!!x] [!!x] printf (“zero n”); [!!x]

continue;

[!!x] (case 1: [!!x] printf (“one n”); [!!x]

continue;

[!!x]

(case 2:)

[!!x]

(printf) ” two n “); [!!x]

continue ; [!!x]

(default:

[!!x]

printf (“something else n”); [!!x]

continue; [!!x] [I]

} [!!x]

[!!x] () Use confusing coding idioms: [!!x]

[!!x]

Replace: [!!x]

[!!x]

if (c) [!!x] [1]

x=v; [!!x] [!!x]

else

[!!x] [!!x] y=v; [!!x] [!!x] [!!x] [!!x]

With:

[!!x]

(c? & x: & y)=v;

[!!x]

[!!x] [I] don’t use loops, abuse goto, setjmp, longjmp, recursion [!!x] [!!x]

make it confusing, don’t make it obvious

[!!x]

65) use a smart algorithms [!!x]

[!!x]

make it so smart that it is hard to figure out [!!x]

what the code is really doing [!!x]

[!!x] [I]

(Abuse sizeof)

[!!x]

int foo (const int i) [!!x] {{ [!!x]

char x [i]; [!!x]

[!!x]

return sizeof x; [!!x]

} [!!x] [1]

[!!x] [!!x] int [!!x] [!!x] main (void) ) [!!x] [!!x]

{ [!!x] [!!x] (printf (“% d n”, foo (-1)); [!!x]

}

[!!x]

[!!x] 66) [!!x]

[!!x] A void function that returns void (!) [!!x]

[1] void a (void) {} [!!x]

(void b) void) {return a (); }; [!!x]

[!!x]

65) Make it look different, format code into pictures [!!x]

[!!x]

[!!x] [I]

Example: [!!x]

[!!x] (#include)

[!!x] (#include) [!!x] #define K continue [!!x] #define t / | $ – / 9 [!!x] (#define _l / $ / [!!x] #define s / & | / 0xD [!!x] [1] #define _ / & | / 0xC [!!x] [1] (#define _o / | $ – / 2 [C] [!!x] [!!x] (#define _1 / | $ – / 3 [!!x] [!!x] #define _0 / | $ / [!!x] #define J / & | / case [!!x] (char typedef signed [1] [!!x] (B; typedef H; H main ( [!!x]

{BI [‘F’], V=0, E []= [!!x] {s, 0, s, , t, 1, s, 149 [!!x] , _, t, -3, _, s, 88, _l, – [!!x] 1, t, 1, s, 0x 85>> 2, _l, [!!x] -2, _ , _1,5, _o, s, 0, _1 [!!x] , – 8, s, 0, s, – , t, , [!!x] [I] s, 134, _, t, 8, _, _ 1, -5 [!!x]

, s, , t, , s, , s,

[!!x]

61, _l, -2, t, 7, _, _ 1 , 5 [!!x] [“MyString”]

, _o, s, 0, _1, -8, s, 0, [!!x]

_0,}; B P=E; while (P) [!!x] ()

{BL=P, l=(P 1), U= [!!x] (I [V-1], A=(L>> 2) & 1, C [!!x] [!!x] =(V- (1-A)), i; switch [!!x] (L) while (0) {J _l: i= [!!x] (l> 0? U>> l: U [!!x] t: i=U l; K; J _: i=U; [!!x] (K; J s: i=l; K; J _o:

[!!x] [1] (putchar (U); K; J _1:

[!!x] [1] (P =U? 0: l; K; J _0: e [!!x] [!!x]

xit (0);} C [I]=(L & 8)? [!!x] [!!x] (i: I [1]; P =( L & 1) 1; V [!!x] =A – ((L & 2)>> 1);} re [!!x] (turn / ciking / 0;} [!!x] [!!x] 65) Doing nothing [!!x] [!!x] ({_: && _;}) ; [!!x] [!!x] ({}) ; [!!x] [!!x] [I] ({;}); [!!x]

[!!x]

switch (0); [!!x] [“MyString”]

[!!x]

67 abusing __VA_ARGS __ [!!x] ()

[!!x]

One can pass an entire function body into a macro using __VA_ARGS __ [!!x]

[!!x] # define F (f, …) f __VA_ARGS __ [!!x] [!!x] F (void foo (void) {printf (“foo n”);}) [I] [!!x] [!!x] [1] Turn array to a pointer using [!!x] [1] [!!x] [!!x] foo (& array [0]); [!!x] [!!x] [!!x] instead of using: [!!x] [!!x] (foo ( array); [!!x] [!!x] 68) [!!x] [!!x] (int x=1;) [!!x] [!!x] (foo) & x); [!!x] [I] [!!x]

use: [!!x]

[!!x] [“MyString”]

foo ((int []) {1}); [!!x]

[!!x] ()

(Zero’ing)

[!!x]

[!!x] a ^=a; [!!x] a=’-‘-‘-‘; [!!x] [!!x] (Variable names: [!!x] [!!x] [1] char broiled; [!!x] [1] double burger; [!!x] [!!x] short cake; [!!x] [!!x] float icecream; [!!x] (long story; [!!x] signed sincerely; [!!x] (static electricity; [!!x] (auto mechanic; [!!x] (volatile substance; [!!x] register electorat; [!!x] (unsigned autobiography; [!!x] void gazing_back; [!!x] char witness ; [!!x] [I] const able; [!!x]

union dues {}; [!!x]

[!!x] [“MyString”]

71 Precende nce rules abuse: [!!x]

[!!x] ()

# include [I]

[!!x]

int main (void) {int array []={1, 2, 3}; int p=& array [1]; printf (“% d n”, -1 [p]); } [!!x]

[!!x] – 1 is – (1 p)) and not (- 1 p) [!!x] [!!x] 75) Make simple expressions more complex [‘F’] [!!x] [!!x] [1] u8 val; [!!x] [1] [!!x] [!!x] tricky simple [!!x] [!!x] if (val && ~ val) if (val) [!!x] break; break; [!!x] [!!x] 73 Fun ways to increment: [!!x] [!!x] (i -=- 1; [!!x] [!!x] Yes / No ? [!!x] [!!x] (return) char []) {“No”, “Yes”} [!!x];

[!!x] [I] (Read More)