Perhaps the easiest way to understand the code is to work through things in reverse. We'll start with a string to print out -- for balance, we'll use "C++Rocks". Crucial point: just like the original, it's exactly eight characters long. Since we're going to do (roughly) like the original, and print it out in reverse order, we'll start by putting it in in reverse order. For our first step, we'll just view that bit pattern as a double
, and print out the result:
#include <stdio.h>
char string[] = "skcoR++C";
int main(){
printf("%f\n", *(double*)string);
}
This produces 3823728713643449.5
. So, we want to manipulate that in some way that isn't obvious, but is easy to reverse. I'll semi-arbitrarily choose multiplication by 256, which gives us 978874550692723072
. Now, we just need to write some obfuscated code to divide by 256, then print out the individual bytes of that in reverse order:
#include <stdio.h>
double x [] = { 978874550692723072, 8 };
char *y = (char *)x;
int main(int argc, char **argv){
if (x[1]) {
x[0] /= 2;
main(--x[1], (char **)++y);
}
putchar(*--y);
}
Now we have lots of casting, passing arguments to (recursive) main
that are completely ignored (but evaluation to get the increment and decrement are utterly crucial), and of course that completely arbitrary looking number to cover up the fact that what we're doing is really pretty straightforward.
Of course, since the whole point is obfuscation, if we feel like it we can take more steps as well. Just for example, we can take advantage of short-circuit evaluation, to turn our if
statement into a single expression, so the body of main looks like this:
x[1] && (x[0] /= 2, main(--x[1], (char **)++y));
putchar(*--y);
To anybody who isn't accustomed to obfuscated code (and/or code golf) this starts to look pretty strange indeed -- computing and discarding the logical and
of some meaningless floating point number and the return value from main
, which isn't even returning a value. Worse, without realizing (and thinking about) how short-circuit evaluation works, it may not even be immediately obvious how it avoids infinite recursion.
Our next step would probably be to separate printing each character from finding that character. We can do that pretty easily by generating the right character as the return value from main
, and printing out what main
returns:
x[1] && (x[0] /= 2, putchar(main(--x[1], (char **)++y)));
return *--y;
At least to me, that seems obfuscated enough, so I'll leave it at that.