Faking Fissile Material

Hoo-ray! It turns out I'm the winner of the 2015 Underhanded C Contest! Check out my contribution below, and see if you can spot the sleight-of-hand.

The challenge

The Underhanded C Contest is about writing a program that would pass a code review, but secretly does evil things, and where the covert behaviour can plausibly be explained away as a bug.

This year's challenge was about subverting a nuclear disarmament treaty. Our task was to write a piece of code to detect the presence or absence of fissile material, allowing Country A to verify that Country B is destroying actual warheads. The underhanded bit consisted of sneaking in some kind of vulnerability that would allow Country B to trigger false positives, and thus destroy only fake warheads.

My contribution

My entry comes in the form of two PDF documents:

First, read the introduction, which also contains the complete source code (66 lines) on the last page. Try to see of you can spot the flaw in the code, and (less likely) figure out how it can be exploited. Then, have a look at Discussion And Spoilers, where all is revealed.

Here is the original tarball that I submitted to the competition. It contains the source code, the above two documents, and some additional code for generating data for the plots in the documents.

I am grateful to P-A Bäckström for providing feedback on my entry before I submitted it.


Also, please head over to the official announcement of the results, which details some of the ingenious techniques employed by the runners-up. It's well worth a read!

Posted Wednesday 3-Feb-2016 22:56

Discuss this page

Disclaimer: I am not responsible for what people (other than myself) write in the forums. Please report any abuse, such as insults, slander, spam and illegal material, and I will take appropriate actions. Don't feed the trolls.

Jag tar inget ansvar för det som skrivs i forumet, förutom mina egna inlägg. Vänligen rapportera alla inlägg som bryter mot reglerna, så ska jag se vad jag kan göra. Som regelbrott räknas till exempel förolämpningar, förtal, spam och olagligt material. Mata inte trålarna.

Thu 4-Feb-2016 09:43
Thu 4-Feb-2016 16:06
Hassan Rohani likes this.
Thu 4-Feb-2016 16:53
This is so rad!
Thu 4-Feb-2016 21:46
Thu 4-Feb-2016 22:05
Very underhanded, a well deserved win. Kudos!
Thu 4-Feb-2016 23:04
Wed 10-Feb-2016 18:02
Truly brilliant!
Mon 18-Apr-2016 10:07
Wow... I though my entry was clever, but yours blows my mind. Well done