17-jop-may-08

  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View 17-jop-may-08 as PDF for free.

More details

  • Words: 595
  • Pages: 1
The Joy of

Programming Writing a One-line, Useful and Obfuscated Program!

S.G. Ganesh

In this column, we’ll see an obfuscated code and then discover how to make sense of the program. You’ll be surprised that this one-line obfuscated program provides a very useful function.

I

n March 2007, we covered the basics of code obfuscation. For those who missed reading it, obfuscation is, “The art of concealing the meaning of communication by making it more confusing and harder to interpret.” Here is an obfuscated (almost) one-line program. Can you decipher it and find out what it does? main(int c,char**v){c=0;int n,i=(strlen(v[1])1);while(i>=0){n=v[1][i]-’0’;if(!(i%2))n=(n>4)?(n*2%10)+1: n*2;c+=n;i--;}return((c%10)==0);}

Okay, it is difficult, so let me help you and explain what it does. This program checks if your credit card number is valid or not! No, I am not kidding, it is true; just give your credit card number as the argument to the executable and if it returns 1, the given number is valid, else it isn’t. Assume that the file name of the program is obfus.oneline.c. Compile it using your favourite C compiler. Run it and give your credit card number as the argument. If the program returns 1, the card number is valid, else the credit card number is fake (invalid). The following is an example:

Step 1: From the rightmost digit, take every even digit and multiply that digit by 2. If the resulting number is greater than 9 (that is, a double digit), add the two digits and store the result back in that digit’s place. Step 2: Add all the digits. Step 3: Check if the last digit of the resulting sum is 0 (i.e., is it divisible by 10). If so, the given number has a valid checksum. Try out an example to see how it works or refer to en.wikipedia.org/wiki/Luhn_algorithm for more details. The following is the de-obfuscated code for this program: int main(int argc, char**argv) { int argc = 0; const char *str = argv[1]; for(int i = (strlen(str) -1); i >= 0; i--) { int curr_digit = str[i] - ‘0’; if((i%2) == 0) { /* Step I */ curr_digit *= 2; if(curr_digit > 9) curr_digit = (curr_digit % 10) + 1; }

bash-2.05$ cc -w obfus.oneline.c

sum += curr_digit; /* Step II */

bash-2.05$ ./a.out 4483591407021598; echo $?

}

0

return ((sum % 10) == 0); /* Step III */

bash-2.05$ ./a.out 4483591407021597; echo $? 1 bash-2.05$

The number 4483591407021598 is not a credit card number; the number 4483591407021597 is possibly a correct card number. Now, how does this program work? This program implements the Luhn algorithm for checking the checksum of a given number. This is the algorithm used by credit card and other numbers given by government organisations for first level validity checks. This initial check is to weed out any randomlygenerated numbers and do further processing on numbers that are valid. The algorithm is actually simple. It has three steps.

110

may 2008

|

LINUX For You

|

www.openITis.com

}

The program is simple and self-explanatory; note that this program does not have error-checking and makes assumptions such as—an argument is always passed to the program, arg is a number, etc. If you can retrace the steps from this program and reduce it to as small as possible, you’ll get the one-line program that does the same thing. I hope you’ll enjoy trying out this program!

S.G. Ganesh is a research engineer at Siemens (Corporate Technology). His latest book is “60 Tips on Object Oriented Programming”, published by Tata McGraw-Hill in December last year. You can reach him at [email protected].