The 29th International Obfuscated C Code Contest (IOCCC) 2025 Winners

Posted by matt_d 13 hours ago

The 29th International Obfuscated C Code Contest (IOCCC) 2025 Winners(www.ioccc.org)

315 points | 74 commentspage 2

tomcloney007 3 hours ago|

[flagged]

swordlucky666 5 hours ago||

[dead]

nsoonhui 11 hours ago||

I'm not sure this kind of competition is still meaningful, given that LLM can easily convert a program clearly written in any programming language to the most obfuscated C code, and can still easily verify it's correctness in an automated way.

Do I miss anything?

s-macke 11 hours ago||

Yes, you haven’t tried it. LLMs are actually awesome at deobfuscation, but terrible at obfuscation. They just can’t do it yet.

They also lack the creativity needed for those entries. Obfuscation is only one part of it. Coming up with the idea is another. Many entries also have special qualities that make them true works of art.

awesome_dude 10 hours ago|||

They should train on some of my colleagues code - they have an inate skill of turning anything simple and clear into a mindboggling mess

esikich 8 hours ago||

Lol you're so much smarter, nice

fooker 10 hours ago|||

> They just can’t do it yet.

Have you tried it or are you guessing this?

s-macke 10 hours ago||

Yes, I’ve tried it. For example, this was my winning entry from a year ago [0]. The LLM only performs trivial obfuscation, not advanced transformations.

For example:

  if (x == 1 || x == 2) { ...

can be transformed into:

  if (!(2+x*x-3*x)) { ...

An LLM will do this if you explicitly ask it to, but not on its own.

[0] https://github.com/ioccc-src/winner/blob/master/2024/macke/p...

tromp 10 hours ago|||

One of the main instruments of obfuscation (and the way to get more out of the size constraints) is making the code as short as possible, so in that example you'd prefer

    if (!(x/2-1)) { ...

EDIT: Oops, confused the original with x==2 || x==3. Instead, we can use !(x-1>>1), which precedence rules parse as !((x-1)>>1).

extrano84 9 hours ago|||

I checked this in an online C-compiler and it is not equivalent to x==1 | x==2.

this statement is equivalent to x==2 | x==3.

For example, x=3, 3/2 = 1 then 1-1 = 0 so that !(0) is 1 or true. Also for x=1, 1/2 = 0 then 0-1 = -1 and !(-1) = 0 or false.

I agree with your point in general though about size constraints.

Mankaninen 9 hours ago||||

extrano84 already found some errors but also 0 will fail and if x is int (instead of unsigned int) all negative numbers will also fail (but so will the original s-macke obfuscation as well).

alienbaby 10 hours ago|||

It's pretty easy to see what that does though, even if it is shorter. Wouldn't the other approach be more obfuscated?

fooker 9 hours ago||||

Not sure what you mean by advanced transformations but I got these versions from ChatGPT without explicit instructions.

  if(x-1<2&&x)...
  if((1<<x)&6)...
  if(x<3&x)...
  if(3%x&&x<3)...
  if(!((x-1)*(x-2)))
  if(!(x^1|x^2))...
  if(!(x*x-3*x+2))

listeria 5 hours ago||

[dead]

nsoonhui 10 hours ago|||

But then we all know that LLM has come a long way since one year ago.

Are you sure they still can't do it?

lifthrasiir 9 hours ago||

Just two months ago I tried to write a short K code with Claude Opus 4.6, only to find that while it had sufficient knowledge about K vocabularies it didn't try to make good use of them. K is, while slightly obscure and obfuscated, a real programming language and certainly better known than obfuscated programming. I don't have high hope for IOCCC-grade obfuscation.

GuB-42 4 hours ago|||

The competition never was about actual obfuscation. If you really just want obfuscation, you are actually writing a DRM system, like Denuvo.

If anything, it is closer to code golf, the main obfuscation is often a result of all the trickery needed to do something impressive in a small amount of code. Of course, minification techniques are used, like renaming variables to single character and messing with the formatting, but that's the boring part, no one is going to win because of that.

Another aspect is being clever and unique, and abusing the rules is often rewarded... once. LLMs are not good at that. The judges are human, the code needs to a appeal to a human, not just be hard to understand.

visha1v 11 hours ago|||

yes llm can do it but i think competitions have more to do with developing scientific temperament, competitive mindset and complex problem solving skills. that's why i think they are still relevant and will be relevant for a long time.

layer8 9 hours ago|||

You are missing that the IOCCC isn’t just about obfuscation, that the judges have taste.

jjav 11 hours ago|||

> Do I miss anything?

That human art is worth the humanity in the art.

As soon as anything is automated, it's worth nothing.

zabzonk 10 hours ago||

Chess?

GTP 7 hours ago||

I think what they mean is that this sort of competition makes sense because it's about humans competing against each other, so that, even if we could have LLMs do it, the human version is still what captures our interest. In a similar way, we don't look at chess tournaments with computers playing against each others, but we look at chess grandmaster challenging each other. Even if it has been decades now that computers can beat grandmaster.

tjpnz 9 hours ago|||

Where's the fun in that?

hulitu 11 hours ago||

> Do I miss anything?

School ? /s

larodi 13 hours ago||

Tis a pity to not have LLMs compete, given level of obfuscation they be capable of.

shakna 11 hours ago||

LLMs are allowed. [0]

> You are free to use whatever tools you wish to write your code. This includes tools that are AI based, LLM (large language model), Virtual coding assistants, code generators, or similar tools, as well as your own tools. The IOCCC judges do not discriminate on the basis of the tools used to write obfuscated C code so long as you are the ultimate author of the code you submit.

[0] https://www.ioccc.org/faq.html#ai

lifthrasiir 12 hours ago|||

In my experience LLMs were pretty good at deobfuscating many entries (including mine) but very awful at generating any significantly obfuscated code. So obfuscation can be regarded as a truly humane art---at least for now.

nickcw 10 hours ago|||

I pointed Claude Opus 4.7 at my Forth entry ( https://github.com/ioccc-src/winner/blob/master/2025/ncw3/pr... ) and it absolutely refused to have anything to do with it citing security violations and accusing me of creating malware :-)

Claude seems OK with it now, so I don't know whether that was a glitch but it was quite funny.

adampunk 3 hours ago||

I was talking to a Claude Opus 4.7 chatbot about low-discrepancy sequences and made the mistake of framing a thought experiment as "deceiving" a vendor who owns a scrambler by making a hard to scramble low-discrepancy sequence generator. Admittedly that sounds sketchy but the conversation up to that point--without the explicit framing--was about the same subject just shorn of metaphor. With the framing I got a refusal message that likened my request to Dual_EC_DRBG!

larodi 8 hours ago||||

well, at some point I (like after 5 hours of CC) I can swear im looking at pure random coming out. so perhaps the ability of LLMs to make complex stuff even more complex, would be beneficial. obfuscation, after all, is not about having performant code, but an art form, right?

/curious though given the very nice conversation we're having here, why the parent topic gets down-voted. is neither off-topic, nor rude.../

lifthrasiir 8 hours ago||

I think the "obfuscation" is actually two very different acts: the apparent obfuscation, that is concerned with randomly looking output, and the information-theoretic obfuscation, that takes computational effort to undo it. Commercial obfuscators are mostly the former, making undo much more annoying but easy to undo if you have a right tool. The obfuscation in IOCCC is much more the latter, requiring the heavy logic and deduction to see through that. In my experience LLMs have been capable of doing the former and undoing the latter but not doing the latter, presumably because any obfuscated program still has to run somehow. Given that this form of obfuscation is not common (and that LLMs tend to work well with established things), your initial statement was I believe quite far-fetched.

TZubiri 10 hours ago|||

I mean they can generate 1 million lines of code, it's obfuscation by brute force, how are you going to read that if not with another LLM

lifthrasiir 10 hours ago||

IOCCC disallows such entries for the obvious reason ;-)

AlotOfReading 12 hours ago|||

It's a bit annoying getting frontier models to even work on IOCCC code because of "safety", but even if you get around that LLMs just aren't very good at it. Obfuscating code involves a level of creativity and deviousness that LLMs struggle to meet.

t_mahmood 11 hours ago||

Maybe, but it can't make the gameboy code look like a gameboy too, unless asked to, and that probably would not work even. That's the difference between an LLM and a human, and that's what make this competition worthwhile.

rurban 12 hours ago|

So like at a film festival, 90% of the entries won a price, but unlike a film festival there's not a single best. Weird, like modern education.

lifthrasiir 9 hours ago||

While this has been downvoted to the death, it is fun to guess how many entries are submitted to each IOCCC. My best guess is around 10^2.5, i.e. 3--400. Rationales:

- The number of winning entries and losing entries that get revealed later in public suggests that this number should be at least 50.

- The number of judging rounds, as the FAQ says, is at least 3 and possibly more. If each judging round eliminates about a half of entries, we should expect at least 10 submissions per each winning entries. I personally think the actual elimination rate can be as low as 1--20% at the end, but at least first few rounds should be easy so I think this is a good minimum guess: 1--200.

- The current number of individual judges is just enough for the three-digit number of submissions. It has a striking resemblance with typical academic conferences with typical acceptance rate, by the way! If there were thousands of submissions (like today's AI conferences...) there ought to be much more judges, and more importantly, more levels of judges so that each judge can do just enough work throughout the entire process. So this establishes the maximum guess: 1,000.

- My best guess is simply a geometric mean of two extrema.