Source Code For 22nd IOCCC Winners Has Been Released

An anonymous reader writes "The source code for the 22nd International Obfuscated C Code Contest winners has finally been released. Many entries exploited bugs in the size check program, making the 2013 entries possibly the most featureful submissions ever."

Perl

[Threni]

Is there one for Perl, but the other way around - where it's clear what the code is actually doing?

Re:

[John Bokma]

Yes, it's called CPAN.

Re:

[countach]

Yes there is, but nobody has ever been deemed worthy of winning.

It's not just the obfuscation...

[LikwidCirkel]

I find this very impressive, not so much for the obfuscation, but for packing so much functionality into a small bit of code....

http://ioccc.org/2013/cable3/hint.html [ioccc.org]

Re:

[hydrofix]

There might be more to that entry than meets the eye. Quoting its description:

CPU supports the full 8086/186 instruction set. Due to the complexities of the 8086’s arbitrary-length instruction decoding and flags, 8086 instructions are first converted to a simpler intermediate format before being executed. This conversion, along with instruction lengths and how each instruction modifies the flags, is assisted by some lookup tables which form part of the BIOS binary.

The BIOS binary is over 12 kilobytes, so it raises the question as to which extent the emulation might be actually achieved by the BIOS.

Re:

[icebike]

I'm just glad the published these guys names.
Every HR department now will know never to hire them for work on any production code.

Re:

[rusty0101]

Actually, the reverse is mostly true.

Most companies want to be able to find developers who can do this, as it means that they have someone on staff (or available) who will go to the trouble of figuring out just what it is that the spagetti code that did make it to production actually does. Someone who can write this level of code, can often get the company in question out of trouble that even the original developer could not, or perhaps would charge excessively high "support" fees based on the perception th

Re:

[icebike]

Code audit? Who's going to do that?
One guy who wants to put obfuscated code in production systems is not likely to be audited by someone with the skills to detect it.

Re:

[TheGratefulNet]

we have guys at work who are paid to write obfuscated code (in java, no less) so that its harder for people to disassemble and figure out what the code is doing. whether I agree with that or not, I'm not the boss, but we have guys who do this at work, for actual pay (yes).

Re:

[cold fjord]

There are tools to obfuscate code. Won't those do the trick?

For example...

[bhlowe]

char*_ = "'""/*"; #include #define m 21 #define o(l, k) for(l=0; lGP9$5-,#C?NX"]-35)>>t*3 o(e,4){ c[T] [e][t]=("5'##>4(" [T+t+T]-35)>>e*2 } } n(15) { s=T>9?m:(T&3)-3?15:36;o(e,s)o(t,2)c[T+19][e][t]="6*6,8*6.608.6264826668\ 865::(+;0(6+6-6/8,61638065678469.;88))()3(6,8*6.608.6264826668865:+;4)-*6-6/616365,\ -6715690.5;,89,81+,(023096/:40(8-7751)2)65;695(855(+*8)+;4**+4(((6.608.626482666886\ 5:+;4+4)0(8)6/61638065678469.;88)-4,4*8+4(((60(/6264826668865:+;4-616365676993-9:54\ +-14).;./347.+18*):1;-*0-975/)936.+:4*,80987(887(0(*)4.*""/4,4*8+4(((6264826668865:\ +;4/4-4+8-4)0(8)6365678469.;88)1/(6*6,6.60626466686:8)8-8*818.8582/9863(+;/""*6,6.6\ 0626466686:4(8)8-8*818.8582/9863(+;/,6.60626466686:8-818.8582/9864*4+4(0())+;/.6062\ 6466686:8/8380/7844,4-4*4+4(0())69+;/0626466686:818582/9864.4/4,4-4*4+4(0())+;" [e+E +e+t]-40; E+=s+s; } n(45){ if(T>i) { v(2,T,7); v(46,T,7); } v(2+T,44,7); } T=0; o(e, 42)o(t,m)h[T][e][t]--; while(R+i) { s = D=0; if (r-R) { n(19) if (G[R+i][T]+i) V=T/2 ; else if(G[R][T]+i) s++; if(s) { if(V>4){ V=9-V; D++; } V+=29; n(20) q(c[V][T][0],c [V][T][i],D); } } n(19) if((L=G[R][T])+i) { O=T-L; e=O>9; t=e?18-O :O; o(K,((t&3)-3? 16:37)){ if(K){ L=c[t+19][K-i][0]; O=c[t+19][K-i][i] ; } q(L,O,K && e); } } if(s) q( c[V][20][0], c[V][20][i], D); R--; } printf("\33[47;1f\33[?25h\33[40m"); return 0; } // TODO: Add comments.

Re:For example...

[davester666]

looks like it'll work. ship it. we'll fix any problems in v2.

Re:

[cold fjord]

You can't ship it in that condition, there is a comment in the code! Strip out the comment and then it should be ready to go.

Re:

[kmoser]

But if you remove the comments, how will the code know what it's supposed to do?

It's amazing that they don't link to the source co

[Anonymous Coward]

For a contest involving writing source code, it's astounding and infuriating that the judges did not link to the source code in the results.

Re:

[Anonymous Coward]

"The International Obfuscated C Code Contest

The 22nd IOCCC Winners"

This is the title of the page. Yet we miss:

-the obfuscated C code
-winners
-C code
-code

Fck that.

Re:It's amazing that they don't link to the source

[Art Challenor]

For a contest involving writing source code, it's astounding and infuriating that the judges did not link to the source code in the results.

What did you expect? It's a contest for writing obfuscated code and you expect a webpage that has clear, concise information?

Re:

[ericloewe]

Navigate to "previous winners". It's all there.

Ray tracer + web server + image encoder + clock

[hydrofix]

I found this one [ioccc.org] a pretty mind-blowing entry. When compiled and run, it creates a web server at http://localhost:8224 [localhost], which can be opened in a browser to display a ray-traced 3D scene of steel ball bearings on a checker-pattern surface, arranged to display the current time. Quoting the description:

The program wears many hats (not literally). It is
* a web server
* a PNG encoder
* a ray tracer
* a clock

Unlike the PC emulator entry, it does not require a binary blob and all the code and data fit within the 4 kilobyte limit.

Re:

[neiras]

http://ioccc.org/2013/mills/ [ioccc.org]

Re:

[VortexCortex]

Unlike the PC emulator entry, it does not require a binary blob and all the code and data fit within the 4 kilobyte limit.

If you liked this you might have liked the 64k and 4k comp.s in the demoscene, which is unfortunately dead.

Re:

[Anonymous Coward]

in the demoscene, which is unfortunately dead

Uh, no it's not? [pouet.net]

Re:

[hydrofix]

Does the program include its own PNG format algorithms, or am I missing something?

Same goes for the web server: did he really write his own web server in mills.c?

Well in a way, yes for both. He only uses standard C libraries, so there is indeed no PNG library or an HTTP server #included. But due to the size limitations, the code can probably only produce one exact type of PNG image and the HTTP server can only serve one page, so those are not "proper" implementations by any means. For example, the HTTP server ignores the request path and the result of accessing http://localhost:8224/ [localhost] http://localhost:8224/foo [localhost] and http://localhost:8224/foo/bar [localhost] is alwyas the same

Re:

[prichardson]

Are you seriously shitting on this guy for not implementing a generic solution? Would you go to an impressionist art gallery and lament the lack of photorealistic paintings? Would you go to a game of Fiasco and complain about the lack of interesting combat mechanics?

Re:

[hydrofix]

Err.. Well, let's just say I am sure he would have implemented as general of a solution as was possible within the constraints imposed by the rules [ioccc.org], if that was the entrant's goal. Make no mistake, I have tremendous respect for this competition and the entrants. Sad to see there are such lamers on Slashdot showing an unreasonably hostile attitude for someone simply taking interest in someone else's work. You don't happen to be employed by the copyright mafia by any chance, do you?

Re:

[stderr_dk]

Does the program include its own PNG format algorithms, or am I missing something?

The PNGs generated by the program are simple enough to be constructed more or less one byte at a time.

Same goes for the web server: did he really write his own web server in mills.c?

No, not really. At least not a fully functional one. His "webserver" simply waits for connections, read characters one at a time until it gets an empty line (the end of the HTTP requests), sends the "200 OK" and "Refresh: 1" headers, writes the PNG data directly to the socket and closes the connection. The "webserver" doesn't care what resources you request or if you use "GET", "HEAD", "POST" or something e

Re:

[cold fjord]

I found this one [ioccc.org] a pretty mind-blowing entry. ...

The program wears many hats (not literally). It is

* a web server
* a PNG encoder
* a ray tracer
* a clock

Unlike the PC emulator entry, it does not require a binary blob and all the code and data fit within the 4 kilobyte limit.

And this is why I'm a big fan of OpenBSD's [openbsd.org] continuous code audits [openbsd.org] and general outlook regarding security.

Largest small system emulator - Humbling

[Flammon]

Humbled after reading Largest small system emulator. http://ioccc.org/2013/cable3/hint.html [ioccc.org]

Even their site is obfuscated

[Anonymous Coward]

Can someone parse this quote from the README [ioccc.org] for me?

This year, several 8 people won 9 people won 15 awards.

Busted!

[Trax3001BBS]

"As I was writing up this description, I discovered I'm not the first person to write an obfuscated C sparkline utility! Vicent Martí created
[this one](https://gist.github.com/vmg/1368661) years (!) ago. (My implementation is completely independent.)" http://ioccc.org/2013/dlowe/hint.text [ioccc.org]

I fully believe this was a coincidence, but one can never say they hadn't seen it or similar before as it's would appear within their circle of interest.

But to complete this project then find an older version must be deflating in some manner.

In other news

[Anonymous Coward]

The International logically desiged, well documented, comprehensible and maintainable C code contest yet again received no entries this year.

Re:

[EETech1]

That was funny +1