I am currently a computer science Ph.D. student at the University at Buffalo. My main areas of focus are cyber-security, malware analysis, blockchain concepts, application development, and computer networking. My long-term goal is to be a good teacher and researcher.


Common Creative License from Flickr by KylaBorg

What is BARTS?

The  Blockchain ART Simulation (BARTS)  and related experiential online exercises facilitate understanding blockchain concepts. The BARTS simulation is a non-technical simulation where participants mine or validate a digital coin transaction for buying and selling drawings (see Figure 1).  Graduate students, undergraduate students, and high school students with technical and non-technical backgrounds have used the simulation to get a clearer idea of blockchain mining concepts. 

Simulation participants need laptops, smartphones, or tablets with access to the internet to participate as a cryptocurrency miner. The BARTS simulation has been used with 50 students. But we believe that it can be scaled online to more than 100 students.

Our premise is that understanding the role of secure hashing algorithms in the mining process is the primary conceptual impediment for students to gain an accurate picture of the validation process for blockchain transactions. The BARTS simulation and experiential PHP programs help understand cryptocurrency mining, hashing concepts, proof of work and proof of stake, immutable ledgers, and digital currency value.

BARTS Preparatory Material

  • The following paper presents a good overview of the BARTS simulation and experiential exercises. The Blockchain Art Simulation (BARTS) and Experiential Exercises Paper presented at ITiCSE  21 in  Paderborn Germany: ITiCSE download
  • PowerPoint slides for the instructor on the BARTS simulation: BARTS PowerPoint Slides 
  • Handout to be given to students on the BARTS simulation: Handout for BARTS Simulation Download

BARTS Exercise Links:

(These exercises were presented at the 34th Annual (CCSC) Eastern Regional Conference in 2018 by Sean Sanders under the title “ A-Noncing the Use and Performance of Hashing Algorithms”. The paper received a best student paper award.)

  • EXERCISE 1 : Generate a nonce that will result in a leading zero for a hash. Nonces are used to change the value of the hash. In blockchain implementations, the nonce is added to the end of the text being hashed to generate a hash with a specified number of leading zeros. Bitcoin currently requires about 19 leading zeros. The difficulty of the mining process is controlled by requiring more leading zeros. Students enter their name with the number 1 right after their name and keep incrementing the number following their name by one more unit until a hash with one leading zero is generated. This program is available at
  • Exercise 2: A Hashing program that automatically searches for a nonce. This algorithm is complicated because it has to keep searching until it finds a hash with the correct number of leading zeros. Bitcoin miners use specialized hardware capable of generating trillions of hashes per second. This program is available at
  • Exercise 3: Mining Computation Issues: The purpose of this exercise is to illustrate in greater detail the computational demand that is required for using hashing for proof of work. It requires participants to enter the text to be hashed, along with the number of leading zeros, then clicks on the hashing algorithm desired and the number of times to run the simulation. The program will find the hash by adding a nonce, or random number, to the string until it generates a hash with the appropriate number of leading zeros. This program is available at
  • Exercise 4: Birthday Paradox and cracking secure hash algorithms: The safety of secure hash algorithms is always an issue of interest. The Birthday Paradox can be used as an approximation of the amount of brute force computing necessary to find a hash collision. The program can be found at The number of years needed to find a collision for the lowly 160 bit SHA1 algorithm using 5,000 ASICS computers, each capable of 13TH/s with a total hashing rate of 65,000 TH/s, is 0.74 years. This contrasts with the 208.06 trillion years to find a collision with the SHA256 algorithm using the brute force approach.

HICSS 2021 Blockchain Art Simulation Workshop

HICSS 2021 Comparing Soot and APKTool Injection


Presentation Material

Video Presentation

UB Compilers Class​: Injecting Blockchain Calls with the Soot Framework

Smart contract Solidity Code

pragma solidity >=0.5.15;

contract ApplicationContract{

	string Name ="";

	function SetName(string memory statedata) public{
		Name = statedata;

	function Hello()public view returns(string memory){
		return Name;

Code for pom.xml file

<project xmlns="" xmlns:xsi="" xsi:schemaLocation="">

Java file (

import soot.Body;
import soot.BodyTransformer;
import soot.Local;
import soot.PackManager;
import soot.PatchingChain;
import soot.RefType;
import soot.Scene;
import soot.SootClass;
import soot.SootMethodRef;
import soot.SootResolver;
import soot.Transform;
import soot.Type;
import soot.Unit;
import soot.Value;
import soot.VoidType;
import soot.javaToJimple.LocalGenerator;
import soot.jimple.AssignStmt;
import soot.jimple.InvokeStmt;
import soot.jimple.Jimple;
import soot.jimple.StringConstant;
import soot.jimple.VirtualInvokeExpr;

import java.util.*; 

public class HicssSootAnalysis
    static String EntryPointApp = "com.example.simpleapplication.MainActivity";
    static String EntryPointBlockchain = "com.example.simpleapplication.Hello";
    static String RemoteFunctionCallWeb3J = "org.web3j.protocol.core.RemoteFunctionCall";
    static String SendAsync = "org.web3j.protocol.core.RemoteFunctionCall: java.util.concurrent.CompletableFuture sendAsync()";
    static Local ContractReference = null;
    static Value BlockchainContractStmt = null;
    public static void main(String[] args)
         PackManager.v().getPack("jtp").add(new Transform("jtp.myInstrumenter", new BodyTransformer() {   
            protected void internalTransform(final Body body, String phaseName, @SuppressWarnings("rawtypes") Map options) {
                final PatchingChain<Unit> units = body.getUnits();                              
                IterateOverAllUnits(units, body);               
    private static void IterateOverAllUnits(PatchingChain<Unit> units, Body body) {
        String StringLastKnownUnit = "";   
//        int counter = 0;
        for(Iterator<Unit> UnitIterator = units.snapshotIterator(); UnitIterator.hasNext();) { 
            final Unit LastKnownUnit =; 
            StringLastKnownUnit = LastKnownUnit.toString();
            if(Check_If_SetContentView_Exists(StringLastKnownUnit)) { 
            	//ADD LOCALS
                LocalGenerator l = new LocalGenerator(body);               
                // Create $r3 = $r0.<com.example.simpleapplication.MainActivity: com.example.simpleapplication.Hello contract>;
                LinkedList<Value> ContractInitArgs = new LinkedList<>();
                AssignStmt AssignStmtContract = Jimple.v().newAssignStmt(Return_Local(body, "Hello"),Jimple.v().newVirtualInvokeExpr(Return_Local(body,"MainActivity"), Scene.v().getMethod("<"+ EntryPointApp +": "+ EntryPointBlockchain +" ContractInit()>").makeRef(), ContractInitArgs));
                units.insertAfter(AssignStmtContract, LastKnownUnit);
                // Create $r2 = virtualinvoke $r3.<com.example.simpleapplication.Hello: org.web3j.protocol.core.RemoteFunctionCall SetName(java.lang.String)>("John");
                LinkedList<Value> ContractPersonName = new LinkedList<>();
                AssignStmt AssignStmtContractFunc = Jimple.v().newAssignStmt(Return_Local(body, "RemoteFunctionCall"),Jimple.v().newVirtualInvokeExpr(Return_Local(body,"Hello"), Scene.v().getMethod("<"+ EntryPointBlockchain +": "+ RemoteFunctionCallWeb3J +" SetName(java.lang.String)>").makeRef(), ContractPersonName));
                units.insertAfter(AssignStmtContractFunc, AssignStmtContract);
                // Create virtualinvoke $r2.<org.web3j.protocol.core.RemoteFunctionCall: java.util.concurrent.CompletableFuture sendAsync()>();
                List<String> BlockchainArgumentsForSendAsync = new LinkedList<>();
                SootMethodRef SendAsyncMethodRef = makeMethodRef("org.web3j.protocol.core.RemoteCall","sendAsync", "java.util.concurrent.CompletableFuture",BlockchainArgumentsForSendAsync, false);
                VirtualInvokeExpr InvokeExprSendAsync = Jimple.v().newVirtualInvokeExpr(Return_Local(body,"RemoteFunctionCall"), SendAsyncMethodRef, Collections.<Value>emptyList());
                InvokeStmt InvokeStatementSendAsync = Jimple.v().newInvokeStmt(InvokeExprSendAsync);
                units.insertAfter(InvokeStatementSendAsync, (Unit) AssignStmtContractFunc);
    public static SootMethodRef makeMethodRef(String cName, String mName, String rType, List<String> pTypes,
            boolean isStatic) {
           SootClass sc = SootResolver.v().makeClassRef(cName);
           Type returnType = null;
           if (rType == "") {
            returnType = VoidType.v();
           } else {
            returnType = RefType.v(rType);
           List<Type> parameterTypes = new ArrayList<Type>();
           for (String p : pTypes) {
           return Scene.v().makeMethodRef(sc, mName, parameterTypes, returnType, isStatic);
    private static Local Return_Local(Body b, String name) {
        for (Local local : b.getLocals()) {
	         if (local.getType().toString().contains(name)) {
	          return local;
        return null;

    private static boolean Check_If_SetContentView_Exists(String StringLastKnownUnit) {
        if(Contains_Match_Case(StringLastKnownUnit, EntryPointApp) && Contains_Match_Case(StringLastKnownUnit, "SetContentView")) {
            return true;
        }else {
            return false;
    public static boolean Contains_Match_Case(String str, String subString) {
        return str.toLowerCase().contains(subString.toLowerCase());

UB GenCyber Smart Contract Page

BARTS Blockchain Documents DSI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s