xorl %eax, %eax

C De-Obfuscation

leave a comment »

A lot of times I enjoy de-obfuscating popular obfuscated C codes since in most cases they use some really cool tricks. Here is a simple one I picked from IOCCC of 1984 (anonymous.c):

int i;main(){for(;i["]<i;++i){--i;}"];read('-'-'-',i+++"hell\
o, world!\n",'/'/'/'));}read(j,i,p){write(j/p+p,i---j,i/i);}

At first it definitely looks obscure but if have a closer look you’ll see that it is just this:

int i;
main()
{ 
  for(; i["]<i;++i){--i;}"]; read('-'-'-',i+++"hell\
  o, world!\n",'/'/'/'));
}

read(j,i,p)
{
   write(j/p+p, i---j, i/i);
}

Once again, some C programmers might find this difficult to understand. That’s because it uses a really clever condition statement trick in the for loop.  At last, here is the complete de-obfuscated code:

int i;
main()
{
  for( ;
       i["HELLO, WORLD!\n"];
       read(0, i++ + "hello, world!\n", 1)
    );
}

read(j, i, p)
{
   write(0, i--, 1);
}

It’s not that weird any more eh? That’s why I really like de-obfuscating C proggies :P

Written by xorl

February 23, 2009 at 01:18

Posted in C programming, fun

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s