benjholla

import java.math.BigInteger;

public class ExpandedDataFlowLaunder {

	public static void main(String args[]) {
		String sensitive = toHex("SECRET_DATA");
		leak(launder(sensitive));
	}

	// a method that should never get sensitive data...

benjholla

public class NondeterministicOuroboros_0 {
    public static void main(String[] args) {
        Long id = 0L;
        char quote = 34;
        String[] code = {
"public class NondeterministicOuroboros_0 {",
"    public static void main(String[] args) {",
"        Long id = 0L;",
"        char quote = 34;",
"        String[] code = {",

benjholla

/**
 * A quine-relay with the state of a Linear Feedback Shift Register embedded
 * in and updated by one shift operation for each successive output quine.
 * 
 * @author Ben Holland
 */
public class LFSRQuineRelay {
    public static void main(String[] args) {
        // initialize the register, any non-zero start state is valid
        boolean[] register = {true, false, false, true, false, false, true, false, true, true, true};

benjholla

public class Quine {
    public static void main(String[] args) {
        char quote = 34;
        String[] code = {
"public class Quine {",
"    public static void main(String[] args) {",
"        char quote = 34;",
"        String[] code = {",
"        };",
"        for(int i=0; i<4; i++){",

benjholla

#include <stdio.h>
#include <setjmp.h>

// saves the stack context/environment for nonlocal gotos
jmp_buf env;

// foo immediately makes a long jump to the setjmp in main
void foo(void){
  longjmp(env,1);
}

benjholla

public class DynamicDispatchExample {

	public static void main(String[] args){
		A b1 = new B();
		A c1 = new C();
		
		A b2 = b1;
		A c2 = c1;
		
		// what will get printed?

benjholla

/**
 * Basic Program Dependence Graph (PDG) example from:
 * https://www.cs.colorado.edu/~kena/classes/5828/s00/lectures/lecture15.pdf
 * 
 * @author Ben Holland
 */
public class BasicProgramDependenceGraphExample {

	public static void main(String[] args) {
		/* 1 */ 

benjholla

package examples;

public class SliceExample {

	public static void main(String[] args) {
		/* 1 */
		int i = readInput();
		
		/* 2 */
		if(i == 1){

benjholla

### Keybase proof

I hereby claim:

  * I am benjholla on github.
  * I am benjholla (https://keybase.io/benjholla) on keybase.
  * I have a public key whose fingerprint is 9F91 64D0 3952 07B3 AAA4  5214 CC5B E141 4F37 D334

To claim this, I am signing this object:

benjholla

Usage: java -jar dropper.jar [options]
--help, -h                   Prints this menu and exits.
--safety-off, -so            This flag must be specified to execute the modifications specified by embedded payloads (enabling the flag disables the built-in safety).
--search-directories, -s     Specifies a comma separated list of directory paths to search for targets, if not specified a default set of search directories will be used.
--output-directory, -o       Specifies the output directory to save modified runtimes, if not specified output files will be written as temporary files.
--replace-target, -r         Attempt to replace target with modified target.
--disable-watermarking, -dw  Disables watermarking the modified target (can be used for additional stealth, but could also cause problems for watchers). Watermarks are used to prevent remodifying a target.
--ignore-watermarks, -iw     Ignores watermarks and modifies targets regardless of whether or not they have been previously modified.
--single-in