Chatsubo [(in)Security Dark] Labs

"... A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphic representation of data abstracted from banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding into the distance... "
William Gibson.

miércoles, 27 de agosto de 2014

(In)secure, funny and peculiar C code posted on Twitter

No, this is not a post about how secure or insecure is Twitter’s code itself. It’s about code posted on Twitter by ordinary people, coders, ninjas, aliens, etc.
As you might know, the directive #include is used to tell the C pre-processor to include certain portions of code, data structures, data type definitions, etc. within your C program. On the other hand, a hashtag is a word or an unspaced phrase prefixed with the sign # to group messages, tweets, posts, pictures, etc. referring to a specific topic. Therefore, in the cyberspace, specifically social networks, #include is not a directive, it’s just another hashtag.

Having said that, last night I had insomnia and I spent a while looking for #include on Twitter wondering if I would find some interesting C code. Well, in less than two seconds, my screen was full of tweets by people expressing the thrill they felt after writing their first “Hello World”s and other peculiarities in C programming language. You'll notice that most of them were written by Asian people, why? Have no idea.

Have phun:

Following some tweets with c0d3 that caught my attention:

Who said Buffer Overflow? ;-D

I can prove that I can allocate and free memory as fast as Chuck Norris pulls the trigger:
The devil in on Twitter }:-)
ñ_ñ she likes strcpy():

This is not code, but I'm pretty sure that that Warning: was because of the percent signs in the text, 10% and 5%, and evidently, sprintf() was expecting two vars for those "format strings":

And some others who know about the weaknesses of those functions just have phun with them... Like the butt overflow by @jduck:

Or this sushi emoji overflow that will not compile ($stomach, confused with PHP, lame) by me:


I delete the screensh0tz in my Desktop with C cuz I can:

I want some of diz peculiar dinner that will never compile (? printf(" );?):

Accompanied with a big cold beer.h:

VX writers everywhere:

 One about girlfriends and $$$:

Such a smart guy !

Some help needed:

Someone was sleeping in class zZzzZzzZzZ:

And the last one, a funny one in Spanish but basically it is a 
printf("They jerk me off .!.");

After this, I think it'd be a cool idea to create a Twitter bot to grab C code from #include (hashtag), pass it through Flawfinder ( and tweet the output back.

Happy c0ding + Social Nets ! B-)