CSE 598 Rev&PA - Fall 2025

Project 0: Evil and Obfuscated C

This is a personal assignment. DO NOT copy solutions from others.

Introduction

We have learned a lot about C programming in this course so far. Now it is time for you to show off your C programming skills by (1) implementing a ``flag checker'' in C, and (2) protecting the source code with as much obfuscation as possible so that evil attackers cannot make sense of the source code!

Requirements

  1. Design and implement a program that accepts a flag as input, verifies it, and returns whether the flag is correct or not. Your program must be implemented in C (strongly recommended). Your program must be compilable using GCC 13.x into an x86-64 ELF executable on Ubuntu 24.04. Your program must accept flags via one of the following manners: stdin, a file at a fixed location, or if you have a GUI, a text box. Your program must accept only one flag. Your program must not accept all possible input (i.e., a program that always returns "valid flag" regardless of input is unacceptable). Your program must be explicit about the correctness of flags (e.g., displaying a message "Your flag is valid", or setting the exit code of your program to 0 if the flag is valid). We call your program a C flag checker.

  2. Protect the source code of your flag checker in any way you want. You can use any existing or publicly available protection mechanisms. The goal of your source code protection is to make it difficult, if not impossible, for others to understand the logic of your flag checker or find the intended flag. Your program must still be compilable, runnable, and accept the same flags as before protection. Specifically, it must still run and accept all valid flags that your (original) C flag checker would accept. In other words, your protection must not change the functionality of your flag checker. We call the final program (the source code) a protected C flag checker.

Academic Integrity

You can use any source code from any existing open-source or close-source projects. However, you must disclose the source of any code that you use in your submission. Any reuse of code from existing projects without proper disclosure will be viewed as a violation of academic integrity. If you are unsure what you plan to do is considered an academic integrity violation or not, please contact the TAs or the professor of this course.

Points

This project is worth 10 points.

Grading

We will grade your submission based on the following criteria:

  1. Correctness (50%): Your C flag checker must compile and run correctly, and accept/reject flags as you specified.
  2. Correctness post-protection (50%): Your protected C flag checker must compile and run correctly, and accept/reject flags as you specified.

Submission

Please submit the following items:

  1. The source code of your C flag checker.
  2. The source code of your protected C flag checker.
  3. A README file that documents what flags are acceptable, and how your protection mechanism works.

Please send your report to Zion Basque [email protected] before the deadline. Zion will evaluate your submission and contact you if the submission violates any of the above rules. In your report, please include your name and ASU ID.

Deadline

Please submit your submission before 1758715199.