Obfuscated C code

https://web.archive.org/web/20120221150448/http://underhanded.xcott.com/#uscated c contest

thompson
http://wiki.c2.com/?TheKenThompsonHack Many years ago Ken Thompson (one of the early C developers) built a backdoor into the C compiler so that anytime the program 'login' was compiled it would insert a backdoor. He made it self-referential so that when the c compiler itself was compiled it would include that backdoor. You could remove the backdoor from the source code but because it was in the binary used by the compiler itself (and other later compilers) the backdoor would propagate even without it being explicitly in the source code. This was, of course, eventually removed.

That being said, maybe Dennis Ritchie put in a couple of his own. Maybe someone else dropped a few into GCC. Who knows? It could be that every C application (which would include the Linux kernel) is awash with compiler inserted backdoors. Code review wouldn't discover these backdoors because we make the *assumption* that the compiler binary is secure - but being that backdoors can be self propagating we'd never actually know without a really really really deep inspection. Of course, even with a deep inspection we'd mostly have to compare the resulting binary with what we expect to see. However, if the backdoor has been in place long enough there won't be any reference binary to compare against. Essentially, there is a very very long chain of trust that stretches back decades in some cases.

links
Gcc compiler

C coding