Obfuscated C Code Contest 2006. Please explain sykes2.c

Let's de-obfuscate it.

Indenting:

main(_) {    _^448 && main(-~_);    putchar(--_%64        ? 32 | -~7[__TIME__-_/8%8][">'txiZ^(~z?"-48] >> ";;;====~$::199"[_*2&8|_/64]/(_&2?1:8)%8&1        : 10);}

Introducing variables to untangle this mess:

main(int i) {    if(i^448)        main(-~i);    if(--i % 64) {        char a = -~7[__TIME__-i/8%8][">'txiZ^(~z?"-48];        char b = a >> ";;;====~$::199"[i*2&8|i/64]/(i&2?1:8)%8;        putchar(32 | (b & 1));    } else {        putchar(10); // newline    }}

Note that -~i == i+1 because of twos-complement. Therefore, we have

main(int i) {    if(i != 448)        main(i+1);    i--;    if(i % 64 == 0) {        putchar('\n');    } else {        char a = -~7[__TIME__-i/8%8][">'txiZ^(~z?"-48];        char b = a >> ";;;====~$::199"[i*2&8|i/64]/(i&2?1:8)%8;        putchar(32 | (b & 1));    }}

Now, note that a[b] is the same as b[a], and apply the -~ == 1+ change again:

main(int i) {    if(i != 448)        main(i+1);    i--;    if(i % 64 == 0) {        putchar('\n');    } else {        char a = (">'txiZ^(~z?"-48)[(__TIME__-i/8%8)[7]] + 1;        char b = a >> ";;;====~$::199"[(i*2&8)|i/64]/(i&2?1:8)%8;        putchar(32 | (b & 1));    }}

Converting the recursion to a loop and sneaking in a bit more simplification:

// please don't pass any command-line argumentsmain() {    int i;    for(i=447; i>=0; i--) {        if(i % 64 == 0) {            putchar('\n');        } else {            char t = __TIME__[7 - i/8%8];            char a = ">'txiZ^(~z?"[t - 48] + 1;            int shift = ";;;====~$::199"[(i*2&8) | (i/64)];            if((i & 2) == 0)                shift /= 8;            shift = shift % 8;            char b = a >> shift;            putchar(32 | (b & 1));        }    }}

This outputs one character per iteration. Every 64th character, it outputs a newline. Otherwise, it uses a pair of data tables to figure out what to output, and puts either character 32 (a space) or character 33 (a !). The first table (">'txiZ^(~z?") is a set of 10 bitmaps describing the appearance of each character, and the second table (";;;====~$::199") selects the appropriate bit to display from the bitmap.

The second table

Let's start by examining the second table, int shift = ";;;====~$::199"[(i*2&8) | (i/64)];. i/64 is the line number (6 to 0) and i*2&8 is 8 iff i is 4, 5, 6 or 7 mod 8.

if((i & 2) == 0) shift /= 8; shift = shift % 8 selects either the high octal digit (for i%8 = 0,1,4,5) or the low octal digit (for i%8 = 2,3,6,7) of the table value. The shift table ends up looking like this:

row col val6   6-7 06   4-5 06   2-3 56   0-1 75   6-7 15   4-5 75   2-3 55   0-1 74   6-7 14   4-5 74   2-3 54   0-1 73   6-7 13   4-5 63   2-3 53   0-1 72   6-7 22   4-5 72   2-3 32   0-1 71   6-7 21   4-5 71   2-3 31   0-1 70   6-7 40   4-5 40   2-3 30   0-1 7

or in tabular form

00005577117755771177557711665577227733772277337744443377

Note that the author used the null terminator for the first two table entries (sneaky!).

This is designed after a seven-segment display, with 7s as blanks. So, the entries in the first table must define the segments that get lit up.

The first table

__TIME__ is a special macro defined by the preprocessor. It expands to a string constant containing the time at which the preprocessor was run, in the form "HH:MM:SS". Observe that it contains exactly 8 characters. Note that 0-9 have ASCII values 48 through 57 and : has ASCII value 58. The output is 64 characters per line, so that leaves 8 characters per character of __TIME__.

7 - i/8%8 is thus the index of __TIME__ that is presently being output (the 7- is needed because we are iterating i downwards). So, t is the character of __TIME__ being output.

a ends up equalling the following in binary, depending on the input t:

0 001111111 001010002 011101013 011110014 011010105 010110116 010111117 001010018 011111119 01111011: 01000000

Each number is a bitmap describing the segments that are lit up in our seven-segment display. Since the characters are all 7-bit ASCII, the high bit is always cleared. Thus, 7 in the segment table always prints as a blank. The second table looks like this with the 7s as blanks:

000055  11  55  11  55  116655  22  33  22  33  444433  

So, for example, 4 is 01101010 (bits 1, 3, 5, and 6 set), which prints as

----!!--!!--!!--!!--!!--!!!!!!------!!------!!------!!--

To show we really understand the code, let's adjust the output a bit with this table:

  00  11  5511  55  66  22  3322  33  44

This is encoded as "?;;?==? '::799\x07". For artistic purposes, we'll add 64 to a few of the characters (since only the low 6 bits are used, this won't affect the output); this gives "?{{?}}?gg::799G" (note that the 8th character is unused, so we can actually make it whatever we want). Putting our new table in the original code:

main(_){_^448&&main(-~_);putchar(--_%64?32|-~7[__TIME__-_/8%8][">'txiZ^(~z?"-48]>>"?{{?}}?gg::799G"[_*2&8|_/64]/(_&2?1:8)%8&1:10);}

we get

          !!              !!                              !!       !!  !!              !!  !!  !!  !!              !!  !!  !!     !!  !!              !!  !!  !!  !!              !!  !!  !!           !!      !!              !!      !!                       !!  !!  !!          !!  !!      !!              !!  !!  !!     !!  !!  !!          !!  !!      !!              !!  !!  !!           !!              !!                              !!   

just as we expected. It's not as solid-looking as the original, which explains why the author chose to use the table he did.

Let's format this for easier reading:

main(_){  _^448&&main(-~_);  putchar((--_%64) ? (32|-(~7[__TIME__-_/8%8])[">'txiZ^(~z?"-48]>>(";;;====~$::199")[_*2&8|_/64]/(_&2?1:8)%8&1):10);}

So, running it with no arguments, _ (argc conventionally) is 1. main() will recursively call itself, passing the result of -(~_) (negative bitwise NOT of _), so really it'll go 448 recursions (Only condition where _^448 == 0).

Taking that, it'll print 7 64-character wide lines (the outer ternary condition, and 448/64 == 7). So let's rewrite it a little cleaner:

main(int argc) {  if (argc^448) main(-(~argc));  if (argc % 64) {    putchar((32|-(~7[__TIME__-argc/8%8])[">'txiZ^(~z?"-48]>>(";;;====~$::199")[argc*2&8|argc/64]/(argc&2?1:8)%8&1));  } else putchar('\n');}

Now, 32 is decimal for ASCII space. It either prints a space or a '!' (33 is '!', hence the '&1' at the end). Let's focus on the blob in the middle:

-(~(7[__TIME__-argc/8%8][">'txiZ^(~z?"-48]) >>     (";;;====~$::199"[argc*2&8|argc/64]) / (argc&2?1:8) % 8

As another poster said, __TIME__ is the compile time for the program, and is a string, so there's some string arithmetic going on, as well as taking advantage of an array subscript being bidirectional: a[b] is the same as b[a] for character arrays.

7[__TIME__ - (argc/8)%8]

This will select one of the first 8 characters in __TIME__. This is then indexed into [">'txiZ^(~z?"-48] (0-9 characters are 48-57 decimal). The characters in this string must have been chosen for their ASCII values. This same character ASCII code manipulation continues through the expression, to result in the printing of either a ' ' or '!' depending on the location within the character's glyph.

Adding to the other solutions, -~x is equal to x+1 because ~x is equivalent to (0xffffffff-x). This is equal to (-1-x) in 2s complement, so -~x is -(-1-x) = x+1.