Become a fan of Slashdot on Facebook


Forgot your password?
Programming United States It's funny.  Laugh. Technology

Obfuscated Vote Counting Contest 223

Daniel Horn writes "In a flash of inspiration coming from the Obfuscated C code contest and the current E-voting scandals, I wondered if there shouldn't be a similar code obfuscation contest based on obfuscating voting results, that is, C code that appears correct but does the wrong thing when counting votes. Submit your obfuscated vote-counting code now, and the two winners will be selected on November 2 and will receive a free Vega Strike CD. Obviously incorrect code, however, is not welcome."
This discussion has been archived. No new comments can be posted.

Obfuscated Vote Counting Contest

Comments Filter:
  • I WIN! (Score:5, Funny)

    by AmigaAvenger ( 210519 ) on Saturday October 16, 2004 @11:03AM (#10544323) Journal
    Quick, someone post some of the Diebold voting machine code, you certainly will have a winner in there!
    • Re:I WIN! (Score:2, Funny)

      by qube99 ( 652571 )
      10 print "KERRY WINS!" 20 goto 10
    • Re:I WIN! (Score:4, Funny)

      by anonymous cowherd (m ( 783253 ) on Saturday October 16, 2004 @11:07AM (#10544344) Homepage
      Did anyone notice the irony in the fact that the email address for submissions is LOL.
  • Damn (Score:5, Funny)

    by antifoidulus ( 807088 ) on Saturday October 16, 2004 @11:03AM (#10544325) Homepage Journal
    I was going to submit the Diebold code till I read:Obviously incorrect code, however, is not welcome.
  • Hiding... (Score:5, Interesting)

    by Anonymous Coward on Saturday October 16, 2004 @11:08AM (#10544351)
    If I were doing this, I would hide the date analysis and vote rigging in another part of the program. For example, the code used to handle the screen and menus, or the network stack.
    Then, you could obfuscate a call to jump the program pointer to that part of memory directly, run a tiny bit of code that appears to deal with graphics, but does something else when called with the correct offset.
    The devious would be scattered about, rather than in one single vote counting function.
    • Re:Hiding... (Score:2, Interesting)

      by Starji ( 578920 )
      I wish I had more experience with code obfuscation, then I might actually submit something. Probably the poor man's way of doing this might be to copy their vote.c and then have some sort of on-the-fly vote redirector to favor one candidate. Compile it to assembly then copy the relavant portion back to the origional source code and do an inline assembly replacing the origional c code. if the assembly is especially long, it's likely nobody will be able to decode it anyway since almost nobody knows assembl
      • Re:Hiding... (Score:3, Interesting)

        by Lehk228 ( 705449 )
        I just changed the memory location to output Kerrys vote count from, since the code increments array['K'] i just output array['k'], now kerry gets 0 votes and "other" gets all of his votes instead. I chose Kerry to target with the code because 'k' and 'K' are much more similar than 'b' and 'B' or 'N' and 'n'.
    • Re:Hiding... (Score:4, Interesting)

      by globalar ( 669767 ) on Saturday October 16, 2004 @12:04PM (#10544624) Homepage
      In that same vein, I would use code which has somewhat unpredicatable and incremental behavior. It is much harder to detect code which alters data seemingly at random, and sometimes not at all.

      Changing a small amount of data with minimal condition at pseudorandom intervals is practically an intentional bug. Of course, if I can expect a certain threshold of data, I might be able to add a statistical leaning into the program that favors a particular outcome. Of course, this is the point of the contest. The point is, blind trust is no trust at all.
    • Way back in my salad days, 1970 or so, I had a FORTRAN II program which had expanded to, I think, 1600 cards or so, most of a box. Plotted some graphics on a line printer. I got tired of the program and decided to go out of style in good fashion. I don't remember any details now, and have forgotten most of the FORTRAN I ever knew. But the main entry point, equivalent of main() in C, never executed. Instead it began with some obscure subroutine which was never called by the source code, which proceeded
    • Re:Hiding... (Score:3, Interesting)

      by Anonymous Coward

      I would hide my code in the parts used for assisting disabled people. My code would be triggered once every so often when a voter takes lots of time to enter a choice or when the voter uses the visually impaired asistance functions vendors have been bragging about. This way you have a high chance of cheating on an older or visually impaired voter, which means a much better chance of going unnoticed even with a voter verified paper trail...

      Another good idea for cheating on the disabled, you can hide lots of

  • by Dancin_Santa ( 265275 ) <> on Saturday October 16, 2004 @11:09AM (#10544356) Journal
    enum Outcome

    int main()
    bool voted = didYouVote();

    Outcome o;

    switch (voted)
    case true:
    case false:
    return o;
  • by GrAfFiT ( 802657 ) on Saturday October 16, 2004 @11:15AM (#10544387) Homepage
    "C code that appears correct but does the wrong thing when counting votes"
    Beware of Diebold suing you for infringing one of their patents !
  • by bjtuna ( 70129 ) <.brian. .at.> on Saturday October 16, 2004 @11:32AM (#10544473) Homepage
    This seems to be similar to Dr. Avi Rubin's [] challenge to the community, which basically states that a team of security specialists and programmers should be given access to the development environment of one of the major DRE machines, by the vendor. The team should then attempt to rig the machine in favor of one candidate, and then submit the machine for approval by the elections board's testing agency. The testing agency doesn't know it's being tested, and doesn't know the machine is rigged. Could they catch the rigged machine as they currently claim? It's the same basic principle as having undercover agents attempt to sneak weapons through airport security.

    The paper can be found at: []
    • Dr. Rubin has already done this in a class. In CS 600.643: Advanced Topics in Computer Security he has student research methods for malicious code hiding and then as groups, try to hid code to rig the vote in a program. Once done, the groups switch programs and try to find the malicious sections. Groups were given one clean, one dirty and one version picked at random.
      Results? Very few sections of malicious code were found, even in this highly controlled environment. The graduate students proved very adept
      • Seems like exactly the sort of thing he would assign :) I took 600.443 Security and Privacy in Computing (Spring, 2003) and our project was to design a secure e-voting system capable of performing remote poll-site voting.

        I'd be very interested in seeing some of the students' results. I assume they're posted on the course website.
  • Why? Already there! (Score:5, Informative)

    by DigitalRaptor ( 815681 ) on Saturday October 16, 2004 @11:33AM (#10544481) Homepage
    Why create code that distorts the voting results, Diebold has already done it.

    My favorite story was a county in Pennsylvania (if I remember correctly, it's in this months Readers Digest) where the electronic voting machine correctly counted all 144,000 votes. Except there were only 19,000 registered voters in the entire county.

    We're screwed in this election. It is going to make the 2000 Florida crap look like a cakewalk.
  • ok. (Score:5, Funny)

    by photon317 ( 208409 ) on Saturday October 16, 2004 @11:42AM (#10544512)
    /* Global vote tallies */
    int KerryVotes=0;
    int BushVotes=0;

    void ParseVote(const char* v) {
    if(!strcmp(v,"Kerry")) {
    } else if(strcmp(v,"Bush")) {
    • Re:ok. (Score:3, Funny)

      by Peyna ( 14792 )
      Just hope that more than 65535 people don't vote for the same candidate.
      • Re:ok. (Score:3, Funny)

        by Anonymous Coward
        Now, what are the chances that the code is being run on a 17-bit platform?
        • /* Global vote tallies */
          int KerryVotes=0;
          int BushVotes=0;

          Just hope that more than 65535 people don't vote for the same candidate.

          Now, what are the chances that the code is being run on a 17-bit platform?

          At first I thought it was a typo and I wanted to answer: "Even lower than chances of running on a 16-bit platform." And then I understood. That was truly brilliant. Bravo.

  • by SamBeckett ( 96685 ) on Saturday October 16, 2004 @11:45AM (#10544526)
    /* Current population proportion polls show: */
    #define BUSH 0.512
    #define KERRY 0.481
    #define UNDECIDED (1.0 - BUSH - KERRY)

    #define NBC 0
    #define ABC 1
    #define CBS 2
    #define FOX 3

    int main() {

    int bush = 0;
    int kerry = 0;
    int nader = 0;
    int i;
    int vote;
    int broadcast_network = rand() % 4;

    for ( i = 0; i < 260000000; ++i) {
    vote = rand() % 10000;

    if ( vote < 10000.0*BUSH ) ++bush;
    else if ( vote < 10000.0*(BUSH+KERRY) ) ++kerry;
    else {
    if ( broadcast_network == NBC || broadcast_network == ABC ||
    broadcast_network == CBS )
    else if ( broadcast_network == FOX )

    printf("Bush :%9d\nKerry:%9d\nNader:%9d\n", bush, kerry, nader);
    return 0;
    • Re:my submission (Score:3, Insightful)

      by Peyna ( 14792 )
      I fail to trust any poll, because most of them only call during the day, when a certain group of people are home, and another group are likely to not be home. They also do not include a large number of younger voters, who are less likely to respond to a survey, and are more likely to have a cell phone and not a landline phone (which means they won't be called.)

      The pollsters "are hoping" that young people continue their streak of not voting much, so their numbers remain accurate.

      It's all B.S.
      • What question do they ask? In most polls I see (in Britain, FWIW), the question is "If there were a general election tomorrow, who would you vote for?". I'd bet that they don't get 75% of people replying "I wouldn't vote", even though we get about 25% turnout.
        • Usually they only poll "likely voters," which is defined by things such as being registered to vote, and having voted in the last election.

          That being said, people who are really undecided may give a name anyway just for the hell of it, so the results are still imperfect.

      • I fail to trust any poll, because most of them only call during the day, when a certain group of people are home, and another group are likely to not be home. They also do not include a large number of younger voters, who are less likely to respond to a survey, and are more likely to have a cell phone and not a landline phone (which means they won't be called.)

        They also normalize votes to try to iron out some of those things (doesn't work perfectly but it can help). The problem is that some polls normaliz
        • The thing is, they're normalizing based on past election turn out, and if some groups have a small enough number of people respond out of the total group surveyed, normalization won't make a difference.

          This election is very likely to have a much high voter turnout, especially among younger voters.
    • Um, it would seem that Nader will not get any votes with this program. You wish!
    • Is it sad... (Score:2, Interesting)

      by bizpile ( 758055 ) *
      Is it sad that I just ran your code? It worked, by the way. See the results here [].
  • Course at Rice (Score:3, Informative)

    by offby1 ( 157382 ) on Saturday October 16, 2004 @12:19PM (#10544716)
    Dan Wallach is teaching a course [] at Rice that, I think, includes this sort of challenge.
    • Yes, teaching people how to make code look correct while doing something wrong is a valuable skill for everyday honest folks. I'd like to take the class and then write banking software....
  • Compile the provided example with:

    gcc -D "EOF=((Input=(Input=='K')?'B':Input),-1)" vote.c -o vote
  • by Visaris ( 553352 ) on Saturday October 16, 2004 @01:06PM (#10544966) Journal
    #include <stdio.h>
    #include <unistd.h>

    /* Just to clean things up a bit */
    #define REGISTERED_VOTERS 230597013
    #define kerry 1
    #define bush 2
    #define nader 3
    #define Count(y) f##or##y

    /* Where the votes come from */
    extern int get_vote();

    int main(int argc, char **argv)
    int for_b=0, for_k=0, for_n=0, vote;

    /* Count the votes! */
    while(vote=get_vote()) {
    switch(vote) {
    case bush:
    case nader:
    case kerry:

    /* Print results */
    printf("Bush: %d\nKerry: %d\nNader: %d\n",
    return 0;
    • I'm sorry, that was a typo. Replace the print-out with this:

      /* Print results TWICE for clairity */
      for(int i=0; i<2; i++) {
      printf("Bush: %d\nKerry: %d\nNader: %d\n",

      /* Return success */
      return 0;
  • code that randomly adds a Cowboy Neal option to the user's choices?
  • C code? (Score:3, Funny)

    by Pan T. Hose ( 707794 ) on Saturday October 16, 2004 @01:14PM (#10545023) Homepage Journal

    C code that appears correct but does the wrong thing when counting votes.

    Does it have to be a C code? In my opinion C is not nearly obfuscatable enough. What about BF [] or Unlambda []? Or, better yet, Lingua Romana Perligata []? Now when I'm thinking about it, I think PASM [] might be perfect for such a task, if only-- I know! Acme DWIM [] or Bleach [] compiled directly into PASM! With JIT!! Dear God, that would be so cool!!! But wait, they want C code, right... Wait a minute, Perl is written in C! So is Parrot! And they can be embedded in a C program! Sweet Heavens! What an idea!!!1 Gotta go.

    • Yea, don't leave out us Perl folks ... which BTW, is used on the Vote for HULK [] website ... and so far, is showing the Big Green Guy [] in first place, followed by Bush and then Kerry - polls open at 8:00PM MDT tonight! ;-)
  • by Anonymous Coward on Saturday October 16, 2004 @01:18PM (#10545054)
    if(voter.ethnicity != WHITE)
    return 0;
    case BUSH:
    case KERRY:
  • It crashes if there are no votes (and who votes anyway??) and on many CPUs, like perhaps embedded controllers of voting machines, prints fradulant results. I mean, we all know only Bush will get less than 32768 votes, so everyone else is screwed. Here, see for yourself:

    int main () {
    int Input;
    unsigned long total=0;
    unsigned long Tally[256]={0};
    while ((Input=getchar())!=EOF) {
    unsigned char Vote=Input;
    if (!isspace(Vote)){
    printf("Kerry %d
  • by toby ( 759 )
    And a bit trickier than rigging evoting: the Byzantine setup that tilts Venezuelan elections []. That should give Vote-Robbing Hood and her cronies some ideas.

    It would be interesting if contestants could defeat the statistical methods [] used to uncover fraud mentioned elsewhere on that blog.

  • #define TABULATE(VOTE,COUNT) case VOTE : COUNT++ ; break ;
    #define TA8ULATE(VOTE,COUNT) default: COUNT++ ; break ;

    switch ( vote )
    TABULATE( 'N', nader ) ;
    TABULATE( 'K', kerry ) ;
    TABULATE( 'B', bush ) ;
    TA8ULATE( 'O', libertarian ) ;

  • union { struct {
    unsigned short bush ;
    unsigned short kerry ;
    unsigned short nader ;
    } candidates ;
    unsigned long libertarian ;
    } counters ; ...

    switch ( vote )
    case 'B' : counters.candidates.bush++ ; break ;
    case 'K' : counters.candidates.kerry++ ; break ;
    case 'N' : counters.candidates.nader++ ; break ;
    case 'O' : counters.libertarian++ ; break ;
    default : printf( "invalid vote = '%c'\n", vote ) ;
  • by FleaPlus ( 6935 ) on Saturday October 16, 2004 @02:22PM (#10545416) Journal
    The best way to do this would be a variant of Ken Thompson's cc hack, published in ACM back in 1984. Basically the voting code would be pristine, but the compiler itself would be modified to add in "features" at compile time. The compiler also had hooks to add in the trojans while compiling pristine compiler code.

    Both compiler and voting application code would appear pristine, with the the actual hack existing only in the compiled code.
    • In real life that would be the sort of thing to do. But in this silly competetion, since we can't get to the compiler, I was trying to do it through one incorrect malloc like this:

      unsigned long *Tally;
      *Tally = (unsigned long) malloc(sizeof(unsigned long)*256) ;

      to get the array to hold the counts, and trying to manipulate the code so that when the compiler compiles it, the unchanged pointer Tally ends up being in another portion of the program that would be interpereted as some totally wacko initial counts
  • switch ( vote )
    case 'B' : bush += 1, 0, 0, 0 ; break ;
    case 'K' : kerry += 0, 1, 0, 0 ; break ;
    case 'N' : nader += 0, 0, 1, 0 ; break ;
    case 'O' ; libertarian += 0, 0, 0, 1 ; break ;
  • The obfuscated-ballot-stuffing-program-DETECTOR contest.

    A program that, when given the source code of a vote counting program, indicates whether the program is fair or crooked.
  • I have finally finished my code example! It is written in Perl instead of C so I won't send it to the contest, but I think it will nicely demonstrate many very important aspects of code obfuscation and subtle errors in the program control flow which can unexpectedly change at run time. I'm sorry that it took so long, it was a lot of work, mostly testing to make it portable, but I think it was worth it. Here it is:

    use Acme::Bleach;

    (I hope Slashdot will not mess with

  • write code with subtle errors in it, you might want to study the methodology used in Prof. Mann's paper proving global warming [] The paper has been gospel for about a decade...but its bad code and it took a couple of Canadians to notice it. Once you master that example, you are sure to wind the prize for bad voting software.
  • What no Java! Uhh.
    Thats the best language for the problem. Last summer I did produce couple of correctly looking programs that failed, because of few little details in the runtime that changed the operation.
  • I am totally going to participate, win, and mention my achievement on a resume. When the employers ask who ran the contest, I'll say this guy []

Man is an animal that makes bargains: no other animal does this-- no dog exchanges bones with another. -- Adam Smith