bust out the glibc sources... figure out what machine values they use for their rand seed generator, and perform some computation to get the original seed (it can be done, random numbers are *not* safe)
then, in the code, use a random number generator as part of a hash checking algorithm... that is, maybe convert the image twice and compare a custom "hash" which will then tag the image saying it passed validation (this will be your machine info)
]]>i never thought about this concept - putting malicious code in OPEN-SOURCE codes... this might be intresting enough, even on the human-level, just by defining malicious code with "#DEFINE innocent_statement malicious_stuff".
regarding the mentioned challenge, since the program is already dealing with unknown/unreadable data, adding some stuff to it (one might enlarge the buffer by 1 count, adding his fingerprint there...) should be fairly stright forward imho while not looking "malicious" at all
I wish I was sneaky enough to do this... maybe tossing digraphs around... and using iosb and things... hmmm
]]>