Skip to content

Instantly share code, notes, and snippets.

Avatar

Ben Holland benjholla

View GitHub Profile
@benjholla
benjholla / ExpandedDataFlowLaunder.java
Last active Aug 29, 2015
An expanded example of a dataflow laundering scheme
View ExpandedDataFlowLaunder.java
import java.math.BigInteger;
public class ExpandedDataFlowLaunder {
public static void main(String args[]) {
String sensitive = toHex("SECRET_DATA");
leak(launder(sensitive));
}
// a method that should never get sensitive data...
@benjholla
benjholla / NondeterministicOuroboros_0.java
Last active Jan 26, 2016
Inspired by quine computing, this is a nondeterministic ouroboros program that produces a random program that in turn produces another random program. Currently, at most 2^64 unique programs could be produced, but since the JVM allows for up to 65535 characters (including most unicode characters) in valid class names this could easily be increased.
View NondeterministicOuroboros_0.java
public class NondeterministicOuroboros_0 {
public static void main(String[] args) {
Long id = 0L;
char quote = 34;
String[] code = {
"public class NondeterministicOuroboros_0 {",
" public static void main(String[] args) {",
" Long id = 0L;",
" char quote = 34;",
" String[] code = {",
@benjholla
benjholla / LFSRQuineRelay.java
Last active Jan 27, 2016
A quine-relay with the state of a Linear Feedback Shift Register embedded in and updated by one shift operation for each successive output quine.
View LFSRQuineRelay.java
/**
* A quine-relay with the state of a Linear Feedback Shift Register embedded
* in and updated by one shift operation for each successive output quine.
*
* @author Ben Holland
*/
public class LFSRQuineRelay {
public static void main(String[] args) {
// initialize the register, any non-zero start state is valid
boolean[] register = {true, false, false, true, false, false, true, false, true, true, true};
@benjholla
benjholla / Quine.java
Created Jan 27, 2016
A simple quine program implementation in Java
View Quine.java
public class Quine {
public static void main(String[] args) {
char quote = 34;
String[] code = {
"public class Quine {",
" public static void main(String[] args) {",
" char quote = 34;",
" String[] code = {",
" };",
" for(int i=0; i<4; i++){",
@benjholla
benjholla / long_jump.c
Created Feb 10, 2016
An example of using long jumps in C to jump interprocedurally
View long_jump.c
#include <stdio.h>
#include <setjmp.h>
// saves the stack context/environment for nonlocal gotos
jmp_buf env;
// foo immediately makes a long jump to the setjmp in main
void foo(void){
longjmp(env,1);
}
@benjholla
benjholla / DynamicDispatchExample.java
Last active Mar 19, 2016
A small Java program demonstrating a dynamic dispatch
View DynamicDispatchExample.java
public class DynamicDispatchExample {
public static void main(String[] args){
A b1 = new B();
A c1 = new C();
A b2 = b1;
A c2 = c1;
// what will get printed?
@benjholla
benjholla / BasicProgramDependenceGraphExample.java
Last active Sep 22, 2016
A basic Program Dependence Graph (PDG) example
View BasicProgramDependenceGraphExample.java
/**
* Basic Program Dependence Graph (PDG) example from:
* https://www.cs.colorado.edu/~kena/classes/5828/s00/lectures/lecture15.pdf
*
* @author Ben Holland
*/
public class BasicProgramDependenceGraphExample {
public static void main(String[] args) {
/* 1 */
View SliceExample.java
package examples;
public class SliceExample {
public static void main(String[] args) {
/* 1 */
int i = readInput();
/* 2 */
if(i == 1){
View gist:b84acd6887e8fece6e329aa6e7822c57
### Keybase proof
I hereby claim:
* I am benjholla on github.
* I am benjholla (https://keybase.io/benjholla) on keybase.
* I have a public key whose fingerprint is 9F91 64D0 3952 07B3 AAA4 5214 CC5B E141 4F37 D334
To claim this, I am signing this object:
@benjholla
benjholla / PayloadDropperOptions.md
Last active Sep 17, 2017
Payload Dropper Options
View PayloadDropperOptions.md
Usage: java -jar dropper.jar [options]
--help, -h                   Prints this menu and exits.
--safety-off, -so            This flag must be specified to execute the modifications specified by embedded payloads (enabling the flag disables the built-in safety).
--search-directories, -s     Specifies a comma separated list of directory paths to search for targets, if not specified a default set of search directories will be used.
--output-directory, -o       Specifies the output directory to save modified runtimes, if not specified output files will be written as temporary files.
--replace-target, -r         Attempt to replace target with modified target.
--disable-watermarking, -dw  Disables watermarking the modified target (can be used for additional stealth, but could also cause problems for watchers). Watermarks are used to prevent remodifying a target.
--ignore-watermarks, -iw     Ignores watermarks and modifies targets regardless of whether or not they have been previously modified.
--single-in