

The Easter Egg Song - Cherian
http://www.cucumbertown.com/craft/the-easter-egg-song/

======
rachelbythebay
I worked on a code base which touched a bunch of Secret Sauce stuff but was
somehow also open-sourced. One day, a patch went out to the public side which
had a bunch of internal codenames and other stuff you normally wouldn't share
with the outside world. So, the people working on the project went into SVN
and manually chopped it out.

I started wondering what else might have been in there and went grepping for
things which resembled our fairly distinctive host naming scheme. A simple
regex did the trick, and while I didn't find any evidence of "prod secrets"
leaking into the world, I did find something very strange in the argv parser
which happened to match.

There was a comparison of argv to a string which looked like base64 to me. I
decoded it and it turned out to be "--WHAT" (I think, it's been a few years).
Actually running "the_tool --WHAT" made it print an enormous ASCII pimp on the
screen with some kind of saying underneath. The pimp itself was also
base64-encoded, I think, but it was just one giant line in the source, so it
didn't stand out too much. If you didn't notice the horizontal scroll bar you
might not have ever seen it on a typical 80x25 display.

It was something like this:

    
    
        if (argv == "BaSe64StRiNg==") ... (long line to decode and display it here )
    

... only imagine it going on for hundreds of characters on that same line.

This had been added to the depot a year or two before (long before I was on
the project) and had lurked there the whole time. I don't think anyone else
had any idea it was there, especially when the instigators moved on to
something else.

There's something to be said for reviewing existing code once in a while.

------
kalyan02
That is some ingenuity in sneaking the easter egg in, under the watchful eyes
of so many others. I always thought, easter eggs were a mutually agreed upon
things with a company and never occurred to me that they may involve having to
go great lengths. Now I can't help but wonder, how many of the recipes on the
site have easters inside them.

------
huhtenberg
> _20 second music clip file from a popular song_

Rick Astley song, no doubt.

~~~
Cherian
Ha! I wish. But if you tell me the song I’ll gift you a Komachi 2[1]

1\. [http://www.amazon.com/Pure-Komachi-Series-9-Piece-
Knife/dp/B...](http://www.amazon.com/Pure-Komachi-Series-9-Piece-
Knife/dp/B0029XAAQ0) , for the first person. Also tell me when where the song
ends (the file name is very evident).

~~~
leddt
Here is the audio: <https://dl.dropbox.com/u/87925954/out.wav>

~~~
upthedale
You've got the correct offset, but it appears you have some extraneous data at
the end.

The offset is 0x20b94, with length 82244. Pull that out of the jpeg, and you
can play the song.

------
th
> Note: This was at a time when we didn’t have version controls like git and
> people didn’t commit for every small feature. Change list sometimes varied
> between 10 lines to 25 files during a refactor.

Does this mean you weren't using version control at all or you weren't using a
distributed version control system? The former would surprise me since CVS,
SVN, and similar tools have been around for years and are a lot easier than
emailing patches back and forth.

------
manas2004
The way this code looks, it opened up a backdoor into the app to load any code
embedded in the image, and execute it with the app's credentials - including
access to app's in memory data. Major security hole for an enterprise app
given that this could be used to override assembly signing. Just change the
image, and the app would load and run any code embedded in that background
image!

~~~
Cherian
Yes the image was embedded as a resource IIRC and the assembly signed
(enterprise app)

~~~
manas2004
Oh ok - good that the image was not picked up from a path in the install
folder. I thought that was the case! That would have been bad.

------
UnoriginalGuy
I was sad the day I read that Microsoft effectively banned Easter Eggs.

I mean I understand their reasoning, but still, a sad day indeed when there
weren't web-sites where you could type in any software product name and get a
list of fun toys.

I like the Doom-like game in Excel (97?). But there were tons of really fun
Easter Eggs in Microsoft's kit back in the 90s.

~~~
huhtenberg
Excel had a flight simulator.

------
Vlaix
My worry is that even though it's an Easter egg there, it could very well be
used to introduce malicious code inside the production code.

------
egb
Not sure what's going on with this page, but Avira Antivirus is reporting
DR/FakePic.Gen on there...

~~~
Cherian
Probably because the image is tampered with. If you read through the article
you’ll understand why the data is changed. There is no malicious content.

------
Shank
This makes me wonder what the process would be in a large company (Google?)
when it comes to introducing changes like this. I'd assume it'd either be
agreed upon in company policy, or a lot of really smart engineers just keep
trying to outdo each other.

------
manas2004
Such stuff is a challenge for code reviewers. Reminds me, just to bug my code
reviewers, I'd put in things like:

// TODO Remove this comment

------
JoachimSchipper
If you liked this, you may also like <http://underhanded.xcott.com/>

------
jobigoud
I would be so afraid of introducing a bug…

~~~
mrspeaker
The feeling of seeing your easter egg in the wild more than overcomes this
fear ;) My only tip: if possible make sure it's a CLIENT SIDE easter egg. I
know someone who pulled server side files as part of the show. The easter egg
went semi-viral and topped the company's logs as most requested resource!

------
prawks
This makes me really want to introduce some Easter Eggs into our codebase...

------
leddt
Also, the key code to play the song is: K-E-Y-C-O-D-E-(enter)

~~~
cocoflunchy
But what is the program?

~~~
leddt
My HN reader app failed me. I meant to post this as a reply to another
comment. That is the sequence I found in the code that was embedded in the
image file. I don't know in what software it is used.

