Ben Holland benjholla
benjholla
/ LFSRQuineRelay.java
Last active
January 27, 2016 01:37
A quine-relay with the state of a Linear Feedback Shift Register embedded in and updated by one shift operation for each successive output quine.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * A quine-relay with the state of a Linear Feedback Shift Register embedded | |
| * in and updated by one shift operation for each successive output quine. | |
| * | |
| * @author Ben Holland | |
| */ | |
| public class LFSRQuineRelay { | |
| public static void main(String[] args) { | |
| // initialize the register, any non-zero start state is valid | |
| boolean[] register = {true, false, false, true, false, false, true, false, true, true, true}; |
benjholla
/ NondeterministicOuroboros_0.java
Last active
January 26, 2016 23:21
Inspired by quine computing, this is a nondeterministic ouroboros program that produces a random program that in turn produces another random program. Currently, at most 2^64 unique programs could be produced, but since the JVM allows for up to 65535 characters (including most unicode characters) in valid class names this could easily be increased.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class NondeterministicOuroboros_0 { | |
| public static void main(String[] args) { | |
| Long id = 0L; | |
| char quote = 34; | |
| String[] code = { | |
| "public class NondeterministicOuroboros_0 {", | |
| " public static void main(String[] args) {", | |
| " Long id = 0L;", | |
| " char quote = 34;", | |
| " String[] code = {", |
benjholla
/ ExpandedDataFlowLaunder.java
Last active
August 29, 2015 14:18
An expanded example of a dataflow laundering scheme
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.math.BigInteger; | |
| public class ExpandedDataFlowLaunder { | |
| public static void main(String args[]) { | |
| String sensitive = toHex("SECRET_DATA"); | |
| leak(launder(sensitive)); | |
| } | |
| // a method that should never get sensitive data... |
benjholla
/ ExpandedExceptionalLaunder.java
Created
April 8, 2015 21:51
An expanded example of the exception based dataflow laundering example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class ExpandedExceptionalLaunder { | |
| public static void main(String[] args) { | |
| String sensitive = "SECRET_DATA"; | |
| try { | |
| pilfer(sensitive); | |
| } catch (Exception e){ | |
| leak(errorReport(e)); | |
| } | |
| } |
benjholla
/ PrivateMethodReflection.java
Created
April 8, 2015 21:45
An example of using Java Reflection to invoke a private API method
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.lang.reflect.Method; | |
| import java.util.Random; | |
| public class PrivateMethodReflection { | |
| public static void main(String[] args) throws Exception { | |
| Person person = new Person("Bob"); | |
| System.out.println("Name: " + person.getName()); |
benjholla
/ SendmailCrackaddr.java
Last active
August 29, 2015 14:17
A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package sendmail_crackaddr; | |
| /** | |
| * A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien | |
| * Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf | |
| * | |
| * Outputs: | |
| * Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200 | |
| * at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57) | |
| * at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20) |
benjholla
/ UnicodeEvil.java
Created
March 6, 2015 16:54
Some fun with Unicode. The main method calls the print method 3 times.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class UnicodeEvil { | |
| public static void main(String[] args) { | |
| print("Hello"); | |
| /* | |
| * TODO: print World in unicode | |
| * \u002A\u002F\u0070\u0072\u0069\u006E\u0074\u0028\u0022\u0043\u0072\u0075\u0065\u006C\u0022\u0029\u003B\u002F\u002A | |
| */ | |
| print("World"); |
benjholla
/ InsideOut.java
Created
February 13, 2015 18:01
An Java inner class that extends its outer class (cause...why not?)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class InsideOut { | |
| public static void main(String[] args){ | |
| System.out.println(new OutsideIn().toString()); | |
| } | |
| public InsideOut() {} | |
| @Override | |
| public String toString(){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| import getopt | |
| import urllib2 | |
| # define hexEncode function | |
| hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x]) | |
| def main(argv): |
benjholla
/ ExampleClass.java
Last active
August 29, 2015 14:14
Using static and instance initializers to invoke a private method on an anonymous inner class
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Playing around with inner classes and control flow | |
| * @author Ben Holland | |
| */ | |
| public class ExampleClass { | |
| // static initializer | |
| static { | |
| // anonymous inner class | |
| new ExampleClass() { |