India

I am currently a computer science Ph.D. student at the University at Buffalo. My main areas of focus are cyber-security, malware analysis, blockchain concepts, application development, and computer networking. My long-term goal is to be a good teacher and researcher.


10824367524_04bd7712a4_o

Common Creative License from Flickr by KylaBorg

What is BARTS?

The  Blockchain ART Simulation (BARTS)  and related experiential online exercises facilitate understanding blockchain concepts. The BARTS simulation is a non-technical simulation where participants mine or validate a digital coin transaction for buying and selling drawings (see Figure 1).  Graduate students, undergraduate students, and high school students with technical and non-technical backgrounds have used the simulation to get a clearer idea of blockchain mining concepts. 

Simulation participants need laptops, smartphones, or tablets with access to the internet to participate as a cryptocurrency miner. The BARTS simulation has been used with 50 students. But we believe that it can be scaled online to more than 100 students.

Our premise is that understanding the role of secure hashing algorithms in the mining process is the primary conceptual impediment for students to gain an accurate picture of the validation process for blockchain transactions. The BARTS simulation and experiential PHP programs help understand cryptocurrency mining, hashing concepts, proof of work and proof of stake, immutable ledgers, and digital currency value.

BARTS Preparatory Material

  • The following paper presents a good overview of the BARTS simulation and experiential exercises. The Blockchain Art Simulation (BARTS) and Experiential Exercises Paper presented at ITiCSE  21 in  Paderborn Germany: ITiCSE BARTS Paper
  • PowerPoint slides for the instructor on the BARTS simulation: BARTS PowerPoint Slides 
  • Handout to be given to students on the BARTS simulation: Handout for BARTS Simulation Download

BARTS Mining Programs:

Additional BARTS Exercises

We have found that the BARTS simulation is an excellent way to introduce hashing concepts, but the hashing process needs additional discussion because of its importance to several security concepts. These exercises delve deeper into hashing concepts and were also used as the foundation for developing the BARTS simulation. These exercises were presented at the 34th Annual (CCSC) Eastern Regional Conference in 2018 by Sean Sanders under the title “A-Noncing the Use and Performance of Hashing Algorithms”. The paper received a best student paper award.

  • EXERCISE 1 : Generate a nonce that will result in a leading zero for a hash. Nonces are used to change the value of the hash. In blockchain implementations, the nonce is added to the end of the text being hashed to generate a hash with a specified number of leading zeros. Bitcoin currently requires about 19 leading zeros. The difficulty of the mining process is controlled by requiring more leading zeros. Students enter their name with the number 1 right after their name and keep incrementing the number following their name by one more unit until a hash with one leading zero is generated. This program is available at http://104.156.254.129/Exercise1.php
  • Exercise 2: A Hashing program that automatically searches for a nonce. This algorithm is complicated because it has to keep searching until it finds a hash with the correct number of leading zeros. Bitcoin miners use specialized hardware capable of generating trillions of hashes per second. This program is available at http://104.156.254.129/Exercise2.html.
  • Exercise 3: Mining Computation Issues: The purpose of this exercise is to illustrate in greater detail the computational demand that is required for using hashing for proof of work. It requires participants to enter the text to be hashed, along with the number of leading zeros, then clicks on the hashing algorithm desired and the number of times to run the simulation. The program will find the hash by adding a nonce, or random number, to the string until it generates a hash with the appropriate number of leading zeros. This program is available at http://104.156.254.129/Exercise3.html.
  • Exercise 4: Birthday Paradox and cracking secure hash algorithms: The safety of secure hash algorithms is always an issue of interest. The Birthday Paradox can be used as an approximation of the amount of brute force computing necessary to find a hash collision. The program can be found at http://104.156.254.129/BirthdayParadox.php. The number of years needed to find a collision for the lowly 160 bit SHA1 algorithm using 5,000 ASICS computers, each capable of 13TH/s with a total hashing rate of 65,000 TH/s, is 0.74 years. This contrasts with the 208.06 trillion years to find a collision with the SHA256 algorithm using the brute force approach.

HICSS 2021 Blockchain Art Simulation Workshop


HICSS 2021 Comparing Soot and APKTool Injection

Documentation

Presentation Material

Video Presentation


UB Compilers Class​: Injecting Blockchain Calls with the Soot Framework

Smart contract Solidity Code

pragma solidity >=0.5.15;

contract ApplicationContract{

	string Name ="";

	function SetName(string memory statedata) public{
		Name = statedata;
	}

	function Hello()public view returns(string memory){
		return Name;
	}
}

Code for pom.xml file

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>Soot</groupId>
  <artifactId>Soot</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <build>
    <sourceDirectory>src</sourceDirectory>
    <plugins>
      <plugin>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.8.0</version>
        <configuration>
          <source>1.8</source>
          <target>1.8</target>
        </configuration>
      </plugin>
    </plugins>
  </build>
  <dependencies>
  <dependency>
    <groupId>ca.mcgill.sable</groupId>
    <artifactId>soot</artifactId>
    <version>4.0.0</version>
  </dependency>
  </dependencies>
</project>

Java file (HicssSootAnalysis.java)

import soot.Body;
import soot.BodyTransformer;
import soot.Local;
import soot.PackManager;
import soot.PatchingChain;
import soot.RefType;
import soot.Scene;
import soot.SootClass;
import soot.SootMethodRef;
import soot.SootResolver;
import soot.Transform;
import soot.Type;
import soot.Unit;
import soot.Value;
import soot.VoidType;
import soot.javaToJimple.LocalGenerator;
import soot.jimple.AssignStmt;
import soot.jimple.InvokeStmt;
import soot.jimple.Jimple;
import soot.jimple.StringConstant;
import soot.jimple.VirtualInvokeExpr;

import java.util.*; 

public class HicssSootAnalysis
{
    
    static String EntryPointApp = "com.example.simpleapplication.MainActivity";
    static String EntryPointBlockchain = "com.example.simpleapplication.Hello";
    static String RemoteFunctionCallWeb3J = "org.web3j.protocol.core.RemoteFunctionCall";
    static String SendAsync = "org.web3j.protocol.core.RemoteFunctionCall: java.util.concurrent.CompletableFuture sendAsync()";
    static Local ContractReference = null;
    static Value BlockchainContractStmt = null;
    
    public static void main(String[] args)
    {       
        
         PackManager.v().getPack("jtp").add(new Transform("jtp.myInstrumenter", new BodyTransformer() {   
            @Override
            protected void internalTransform(final Body body, String phaseName, @SuppressWarnings("rawtypes") Map options) {
                final PatchingChain<Unit> units = body.getUnits();                              
                IterateOverAllUnits(units, body);               
            }
        }));        
        soot.Main.main(args);
    }
    
    private static void IterateOverAllUnits(PatchingChain<Unit> units, Body body) {
        String StringLastKnownUnit = "";   
//        int counter = 0;
        for(Iterator<Unit> UnitIterator = units.snapshotIterator(); UnitIterator.hasNext();) { 
            final Unit LastKnownUnit = UnitIterator.next(); 
            StringLastKnownUnit = LastKnownUnit.toString();
            if(Check_If_SetContentView_Exists(StringLastKnownUnit)) { 
            	//ADD LOCALS
                LocalGenerator l = new LocalGenerator(body);               
                l.generateLocal(RefType.v("com.example.simpleapplication.Hello"));    
                l.generateLocal(RefType.v("org.web3j.protocol.core.RemoteFunctionCall"));
                
                // Create $r3 = $r0.<com.example.simpleapplication.MainActivity: com.example.simpleapplication.Hello contract>;
                LinkedList<Value> ContractInitArgs = new LinkedList<>();
                AssignStmt AssignStmtContract = Jimple.v().newAssignStmt(Return_Local(body, "Hello"),Jimple.v().newVirtualInvokeExpr(Return_Local(body,"MainActivity"), Scene.v().getMethod("<"+ EntryPointApp +": "+ EntryPointBlockchain +" ContractInit()>").makeRef(), ContractInitArgs));
                units.insertAfter(AssignStmtContract, LastKnownUnit);
                // Create $r2 = virtualinvoke $r3.<com.example.simpleapplication.Hello: org.web3j.protocol.core.RemoteFunctionCall SetName(java.lang.String)>("John");
                LinkedList<Value> ContractPersonName = new LinkedList<>();
                ContractPersonName.add(StringConstant.v("John"));
                AssignStmt AssignStmtContractFunc = Jimple.v().newAssignStmt(Return_Local(body, "RemoteFunctionCall"),Jimple.v().newVirtualInvokeExpr(Return_Local(body,"Hello"), Scene.v().getMethod("<"+ EntryPointBlockchain +": "+ RemoteFunctionCallWeb3J +" SetName(java.lang.String)>").makeRef(), ContractPersonName));
                units.insertAfter(AssignStmtContractFunc, AssignStmtContract);
                // Create virtualinvoke $r2.<org.web3j.protocol.core.RemoteFunctionCall: java.util.concurrent.CompletableFuture sendAsync()>();
                List<String> BlockchainArgumentsForSendAsync = new LinkedList<>();
                SootMethodRef SendAsyncMethodRef = makeMethodRef("org.web3j.protocol.core.RemoteCall","sendAsync", "java.util.concurrent.CompletableFuture",BlockchainArgumentsForSendAsync, false);
                VirtualInvokeExpr InvokeExprSendAsync = Jimple.v().newVirtualInvokeExpr(Return_Local(body,"RemoteFunctionCall"), SendAsyncMethodRef, Collections.<Value>emptyList());
                InvokeStmt InvokeStatementSendAsync = Jimple.v().newInvokeStmt(InvokeExprSendAsync);
                units.insertAfter(InvokeStatementSendAsync, (Unit) AssignStmtContractFunc);
            }
        }
        
    } 
    public static SootMethodRef makeMethodRef(String cName, String mName, String rType, List<String> pTypes,
            boolean isStatic) {
           SootClass sc = SootResolver.v().makeClassRef(cName);
           Type returnType = null;
           if (rType == "") {
            returnType = VoidType.v();
           } else {
            returnType = RefType.v(rType);
           }
           List<Type> parameterTypes = new ArrayList<Type>();
           for (String p : pTypes) {
            parameterTypes.add(RefType.v(p));
           }
           return Scene.v().makeMethodRef(sc, mName, parameterTypes, returnType, isStatic);
    }
    
    private static Local Return_Local(Body b, String name) {
        for (Local local : b.getLocals()) {
	         if (local.getType().toString().contains(name)) {
	          return local;
	         }
        }
        return null;
   }

    
    private static boolean Check_If_SetContentView_Exists(String StringLastKnownUnit) {
        if(Contains_Match_Case(StringLastKnownUnit, EntryPointApp) && Contains_Match_Case(StringLastKnownUnit, "SetContentView")) {
            return true;
        }else {
            return false;
        }
    }  
    
    
    public static boolean Contains_Match_Case(String str, String subString) {
        return str.toLowerCase().contains(subString.toLowerCase());
    }    
}

India

I am currently a computer science Ph.D. student at the University at Buffalo. My main areas of focus are cyber-security, malware analysis, blockchain concepts, application development, and computer networking. My long-term goal is to be a good teacher and researcher.


10824367524_04bd7712a4_o

Common Creative License from Flickr by KylaBorg

What is BARTS?

The  Blockchain ART Simulation (BARTS)  and related experiential online exercises facilitate understanding blockchain concepts. The BARTS simulation is a non-technical simulation where participants mine or validate a digital coin transaction for buying and selling drawings (see Figure 1).  Graduate students, undergraduate students, and high school students with technical and non-technical backgrounds have used the simulation to get a clearer idea of blockchain mining concepts. 

Simulation participants need laptops, smartphones, or tablets with access to the internet to participate as a cryptocurrency miner. The BARTS simulation has been used with 50 students. But we believe that it can be scaled online to more than 100 students.

Our premise is that understanding the role of secure hashing algorithms in the mining process is the primary conceptual impediment for students to gain an accurate picture of the validation process for blockchain transactions. The BARTS simulation and experiential PHP programs help understand cryptocurrency mining, hashing concepts, proof of work and proof of stake, immutable ledgers, and digital currency value.

This image has an empty alt attribute; its file name is bartsprocess.png

BARTS Preparatory Material

  • The following paper presents a good overview of the BARTS simulation and experiential exercises. The Blockchain Art Simulation (BARTS) and Experiential Exercises Paper presented at ITiCSE  21 in  Paderborn Germany:
  • PowerPoint slides for the instructor on the BARTS simulation: BARTS PowerPoint Slides 
  • Handout to be given to students on the BARTS simulation: Handout for BARTS Simulation Download

itcse__the_blockchain_art_simulation__barts__and_experiential_exercises-final-submissionDownload

BARTS Mining Programs:

Additional BARTS Exercises

We have found that the BARTS simulation is an excellent way to introduce hashing concepts, but the hashing process needs additional discussion because of its importance to several security concepts. These exercises delve deeper into hashing concepts and were also used as the foundation for developing the BARTS simulation. These exercises were presented at the 34th Annual (CCSC) Eastern Regional Conference in 2018 by Sean Sanders under the title “A-Noncing the Use and Performance of Hashing Algorithms”. The paper received a best student paper award.

  • EXERCISE 1 : Generate a nonce that will result in a leading zero for a hash. Nonces are used to change the value of the hash. In blockchain implementations, the nonce is added to the end of the text being hashed to generate a hash with a specified number of leading zeros. Bitcoin currently requires about 19 leading zeros. The difficulty of the mining process is controlled by requiring more leading zeros. Students enter their name with the number 1 right after their name and keep incrementing the number following their name by one more unit until a hash with one leading zero is generated. This program is available at http://104.156.254.129/Exercise1.php
  • Exercise 2: A Hashing program that automatically searches for a nonce. This algorithm is complicated because it has to keep searching until it finds a hash with the correct number of leading zeros. Bitcoin miners use specialized hardware capable of generating trillions of hashes per second. This program is available at http://104.156.254.129/Exercise2.html.
  • Exercise 3: Mining Computation Issues: The purpose of this exercise is to illustrate in greater detail the computational demand that is required for using hashing for proof of work. It requires participants to enter the text to be hashed, along with the number of leading zeros, then clicks on the hashing algorithm desired and the number of times to run the simulation. The program will find the hash by adding a nonce, or random number, to the string until it generates a hash with the appropriate number of leading zeros. This program is available at http://104.156.254.129/Exercise3.html.
  • Exercise 4: Birthday Paradox and cracking secure hash algorithms: The safety of secure hash algorithms is always an issue of interest. The Birthday Paradox can be used as an approximation of the amount of brute force computing necessary to find a hash collision. The program can be found at http://104.156.254.129/BirthdayParadox.php. The number of years needed to find a collision for the lowly 160 bit SHA1 algorithm using 5,000 ASICS computers, each capable of 13TH/s with a total hashing rate of 65,000 TH/s, is 0.74 years. This contrasts with the 208.06 trillion years to find a collision with the SHA256 algorithm using the brute force approach.

HICSS 2021 Blockchain Art Simulation Workshop

barts-slides-session-1Downloadhashing-performance-session-2Downloadbarts-smart-contract-slidesDownload


HICSS 2021 Comparing Soot and APKTool Injection

Comparison and contrast of APKTool and Soot for injecting blockchain calls into Android applications PaperDownload

Documentation

Injecting Blockchain Calls with the Soot Framework and APKTool DocumentationDownload

Presentation Material

presentation-hicss(PDF)Downloadpresentation-hicss(PPT-With Notes)Download

Video Presentation


UB Compilers Class​: Injecting Blockchain Calls with the Soot Framework

Injecting Blockchain Calls with the Soot Framework and APKTool DocumentationDownloadPresentation File in PDF FormDownload

Smart contract Solidity Code

pragma solidity >=0.5.15;contract ApplicationContract{	string Name ="";	function SetName(string memory statedata) public{		Name = statedata;	}	function Hello()public view returns(string memory){		return Name;	}}

Code for pom.xml file

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">  <modelVersion>4.0.0</modelVersion>  <groupId>Soot</groupId>  <artifactId>Soot</artifactId>  <version>0.0.1-SNAPSHOT</version>  <build>    <sourceDirectory>src</sourceDirectory>    <plugins>      <plugin>        <artifactId>maven-compiler-plugin</artifactId>        <version>3.8.0</version>        <configuration>          <source>1.8</source>          <target>1.8</target>        </configuration>      </plugin>    </plugins>  </build>  <dependencies>  <dependency>    <groupId>ca.mcgill.sable</groupId>    <artifactId>soot</artifactId>    <version>4.0.0</version>  </dependency>  </dependencies></project>

Java file (HicssSootAnalysis.java)

import soot.Body;import soot.BodyTransformer;import soot.Local;import soot.PackManager;import soot.PatchingChain;import soot.RefType;import soot.Scene;import soot.SootClass;import soot.SootMethodRef;import soot.SootResolver;import soot.Transform;import soot.Type;import soot.Unit;import soot.Value;import soot.VoidType;import soot.javaToJimple.LocalGenerator;import soot.jimple.AssignStmt;import soot.jimple.InvokeStmt;import soot.jimple.Jimple;import soot.jimple.StringConstant;import soot.jimple.VirtualInvokeExpr;import java.util.*; public class HicssSootAnalysis{        static String EntryPointApp = "com.example.simpleapplication.MainActivity";    static String EntryPointBlockchain = "com.example.simpleapplication.Hello";    static String RemoteFunctionCallWeb3J = "org.web3j.protocol.core.RemoteFunctionCall";    static String SendAsync = "org.web3j.protocol.core.RemoteFunctionCall: java.util.concurrent.CompletableFuture sendAsync()";    static Local ContractReference = null;    static Value BlockchainContractStmt = null;        public static void main(String[] args)    {                        PackManager.v().getPack("jtp").add(new Transform("jtp.myInstrumenter", new BodyTransformer() {               @Override            protected void internalTransform(final Body body, String phaseName, @SuppressWarnings("rawtypes") Map options) {                final PatchingChain<Unit> units = body.getUnits();                                              IterateOverAllUnits(units, body);                           }        }));                soot.Main.main(args);    }        private static void IterateOverAllUnits(PatchingChain<Unit> units, Body body) {        String StringLastKnownUnit = "";   //        int counter = 0;        for(Iterator<Unit> UnitIterator = units.snapshotIterator(); UnitIterator.hasNext();) {             final Unit LastKnownUnit = UnitIterator.next();             StringLastKnownUnit = LastKnownUnit.toString();            if(Check_If_SetContentView_Exists(StringLastKnownUnit)) {             	//ADD LOCALS                LocalGenerator l = new LocalGenerator(body);                               l.generateLocal(RefType.v("com.example.simpleapplication.Hello"));                    l.generateLocal(RefType.v("org.web3j.protocol.core.RemoteFunctionCall"));                                // Create $r3 = $r0.<com.example.simpleapplication.MainActivity: com.example.simpleapplication.Hello contract>;                LinkedList<Value> ContractInitArgs = new LinkedList<>();                AssignStmt AssignStmtContract = Jimple.v().newAssignStmt(Return_Local(body, "Hello"),Jimple.v().newVirtualInvokeExpr(Return_Local(body,"MainActivity"), Scene.v().getMethod("<"+ EntryPointApp +": "+ EntryPointBlockchain +" ContractInit()>").makeRef(), ContractInitArgs));                units.insertAfter(AssignStmtContract, LastKnownUnit);                // Create $r2 = virtualinvoke $r3.<com.example.simpleapplication.Hello: org.web3j.protocol.core.RemoteFunctionCall SetName(java.lang.String)>("John");                LinkedList<Value> ContractPersonName = new LinkedList<>();                ContractPersonName.add(StringConstant.v("John"));                AssignStmt AssignStmtContractFunc = Jimple.v().newAssignStmt(Return_Local(body, "RemoteFunctionCall"),Jimple.v().newVirtualInvokeExpr(Return_Local(body,"Hello"), Scene.v().getMethod("<"+ EntryPointBlockchain +": "+ RemoteFunctionCallWeb3J +" SetName(java.lang.String)>").makeRef(), ContractPersonName));                units.insertAfter(AssignStmtContractFunc, AssignStmtContract);                // Create virtualinvoke $r2.<org.web3j.protocol.core.RemoteFunctionCall: java.util.concurrent.CompletableFuture sendAsync()>();                List<String> BlockchainArgumentsForSendAsync = new LinkedList<>();                SootMethodRef SendAsyncMethodRef = makeMethodRef("org.web3j.protocol.core.RemoteCall","sendAsync", "java.util.concurrent.CompletableFuture",BlockchainArgumentsForSendAsync, false);                VirtualInvokeExpr InvokeExprSendAsync = Jimple.v().newVirtualInvokeExpr(Return_Local(body,"RemoteFunctionCall"), SendAsyncMethodRef, Collections.<Value>emptyList());                InvokeStmt InvokeStatementSendAsync = Jimple.v().newInvokeStmt(InvokeExprSendAsync);                units.insertAfter(InvokeStatementSendAsync, (Unit) AssignStmtContractFunc);            }        }            }     public static SootMethodRef makeMethodRef(String cName, String mName, String rType, List<String> pTypes,            boolean isStatic) {           SootClass sc = SootResolver.v().makeClassRef(cName);           Type returnType = null;           if (rType == "") {            returnType = VoidType.v();           } else {            returnType = RefType.v(rType);           }           List<Type> parameterTypes = new ArrayList<Type>();           for (String p : pTypes) {            parameterTypes.add(RefType.v(p));           }           return Scene.v().makeMethodRef(sc, mName, parameterTypes, returnType, isStatic);    }        private static Local Return_Local(Body b, String name) {        for (Local local : b.getLocals()) {	         if (local.getType().toString().contains(name)) {	          return local;	         }        }        return null;   }        private static boolean Check_If_SetContentView_Exists(String StringLastKnownUnit) {        if(Contains_Match_Case(StringLastKnownUnit, EntryPointApp) && Contains_Match_Case(StringLastKnownUnit, "SetContentView")) {            return true;        }else {            return false;        }    }              public static boolean Contains_Match_Case(String str, String subString) {        return str.toLowerCase().contains(subString.toLowerCase());    }    }

Link to Remix


UB GenCyber Smart Contract Page


BARTS Blockchain Documents DSI


UB GenCyber Smart Contract Page


BARTS Blockchain Documents DSI