copymethod() with Java string -

-

i have requirement use copymethod() of unsafe class use string, came across link http://mishadoff.com/blog/java-magic-part-4-sun-dot-misc-dot-unsafe/, found following example-

string password = new string("l00k@myhor$e"); string fake = new string(password.replaceall(".", "?")); system.out.println(password); // l00k@myhor$e system.out.println(fake); // ???????????? getunsafe().copymemory(           fake, 0l, null, toaddress(password), sizeof(password));  system.out.println(password); // ???????????? system.out.println(fake); // ????????????  static long toaddress(object obj) {     object[] array = new object[] {obj};     long baseoffset = getunsafe().arraybaseoffset(object[].class);     return normalize(getunsafe().getint(array, baseoffset)); }  private static long normalize(int value) {     if(value >= 0) return value;     return (~0l >>> 32) & value; }

i tried example got illegalargumentexception. can please in getting example worked.

my advice: don't this!

if need erase string, can "safely" using reflection dig out string object's private chars array , filling nul characters. of course, need sure string erasing not shared other code; e.g. has not been interned.

the code copying looks broken. start, seems assuming references fit in int ... not 64 bit jvm. wouldn't trust code. wouldn't try fix it. wrong approach.

unsafe should used people really, know doing. copying else's code not substitute knowledge.

and in case, don't think original code erased characters properly. in fact, think merely dismantles string object, leaving char[] containing super-secret password intact in heap. blog post hints @ this.

in fact, next impossible guarantee have erased string. if succeed in erasing char[] containing characters, can't sure copy of data. instance, if string has been relocated gc, there still old copy of characters in memory @ original location. characters overwritten there no guarantees on when happen.

probably best can use jni / jna (or unsafe) allocate off-heap (that won't relocated gc) , over-write zeros before release it. obviously, can't string.

and ... there stale pages on paging device containing characters. or sufficient privilege set breakpoint , read secret out of memory.

my advice: make sure >>platform<< secured, both physically , access on network.


Comments

Post a Comment

Popular posts from this blog

javascript - How to get current YouTube IDs via iMacros? -

-
i want viewed youtube video id , save csv via imacros, gets nothing. here js code: var videoid; videoid ="code:"; videoid +="url goto=https://www.youtube.com/watch?v=dbnywxdz_pa"+"\n"; videoid +="add !extract {{!urlcurrent}}"+"\n"; videoid +="set !var1 eval(\"var s=\"{{!urlcurrent}}\"; s.match((?<=watch\\?v=|/videos/|embed\\/)[^#\\&\\?]*);s[0]; \")"+"\n"; videoid +="add !extract {{!var1}}"+"\n"; videoid +="saveas type=extract folder=* file=url.csv"+"\n"; try this: var videoid = "url goto=https://www.youtube.com/watch?v=dbnywxdz_pa" + "\n"; videoid += "set !extract {{!urlcurrent}}" + "\n"; videoid += 'set !extract eval("\'{{!extract}}\'.match(/v=(.{11})/)[1];")' + "\n"; videoid += "saveas type=extract folder=* file=url.csv" + "\n"; iimplay
Read more

c# - Maintaining a program folder in program files out of date? -

-
for program i'm writing in vs c# wpf need store user related information on user's computer. far knew has been done creating folder in c:\program files , adding whatever program related info folder in subfolders or whatever. after doing browsing came across lot of people saying method out of date because access may denied create folder there, works administrative accounts, etc.. 1 site suggested saving c:\users\username\appdata\roaming or c:\users\username\appdata\local. question best , date method saving program data users computer? also take @ msdn article . it uwp apps have general idea put if developing wpf app. you may need these folders: environment.specialfolder.applicationdata environment.specialfolder.localapplicationdata environment.specialfolder.commonapplicationdata
Read more

emulation - Android map show my location didn't work -

-
i have been struggle current location in google map, tried official map demo, not working also. shows getmylocation button on upper right, didn't show blue dot on map current location. here code , i'm using emulator target api 23, guess may emulator's problem since code download directly github. advice appreciated. [screenshot][1] package com.example.mapdemo; import com.google.android.gms.maps.googlemap; import com.google.android.gms.maps.googlemap.onmylocationbuttonclicklistener; import com.google.android.gms.maps.onmapreadycallback; import com.google.android.gms.maps.supportmapfragment; import android.manifest; import android.content.pm.packagemanager; import android.os.bundle; import android.support.annotation.nonnull; import android.support.v4.app.activitycompat; import android.support.v4.content.contextcompat; import android.support.v7.app.appcompatactivity; import android.widget.toast; /** * demo
Read more