djtaylor.me

Insert tagline here

The china bit

Pub. 2023 Jan 7

You've all heard the news. TikTok. TikTok is singlehandedly reducing zoomer's attention spans from 2 seconds to some amount less than 2 seconds. And the TikTok is taking their data and using it for unknown and inscrutible reasons!

Now fortunately America has had a long history of dealing with very difficult problems, and we've come up with a general solution:

We slap a sticker on it!

When we had a problem with vulgar and powerful lyrics that spoke to teenagers, we slapped a sticker on it!

When we had a problem of teenage obesity and long term health effects from heart disease caused by widespread unhealthy food, we slapped a sticker on it!

I'd feel honored to join this beautiful American tradition and propse a solution to the TikTok problem!

The China Bit

I've worked some with the internals of Java class files before, so I know that there are a number of reserved bits that can be used to signal Chinese origin. From the JVM spec:

A class file consists of a single ClassFile structure:

ClassFile {
u4 magic;
u2 minor_version;
u2 major_version;
u2 constant_pool_count;
cp_info constant_pool[constant_pool_count-1];
u2 access_flags;
u2 this_class;
u2 super_class;
u2 interfaces_count;
u2 interfaces[interfaces_count];
u2 fields_count;
field_info fields[fields_count];
u2 methods_count;
method_info methods[methods_count];
u2 attributes_count;
attribute_info attributes[attributes_count];
}


In case you're confused, the JVM spec uses the cursed int types u1, u2, u4 to mean 8-bit uint, 16-bit uint, and 32-bit uint resp. The field access_flags is expanded in table 4.1-B:

ACC_PUBLIC     0x0001  Declared public; may be accessed from outside its package.
ACC_FINAL      0x0010  Declared final; no subclasses allowed.
ACC_SUPER      0x0020  Treat superclass methods specially when invoked by the invokespecial instruction.
ACC_INTERFACE  0x0200  Is an interface, not a class.
ACC_ABSTRACT   0x0400  Declared abstract; must not be instantiated.
ACC_SYNTHETIC  0x1000  Declared synthetic; not present in the source code.
ACC_ANNOTATION 0x2000  Declared as an annotation interface.
ACC_ENUM       0x4000  Declared as an enum class.
ACC_MODULE     0x8000  Is a module, not a class or interface.

...

All bits of the access_flags item not assigned in Table 4.1-B are reserved for
future use. They should be set to zero in generated class files and should be
ignored by Java Virtual Machine implementations.


As you can see, the bits 1<<2, 1<<3, 1<<6, 1<<7, 1<<8, and 1<<11 are all free and reserved.

I suggest making a new ACC_CHINA and setting it equal to 1<<8. This bit will be mandated by any standards compliant compiler to be set if the compiler detects that the OS's language is set to Mandarin.

I posit that this will be relatively safe and resistant to tampering. I mean, just take a look at some code from OpenJDK. if, else, public, it's all English words! It'll be a long time before they can figure it out.

But just in case they do, we can coopt some more bits for security. There are a variety of known, solid private keys, like 0x09F911029D74E35BD84156C5635688C0, that can be used to sign the file. What I propose:

1. Do compilation as normal
2. Detect the presence of Mandarin, China geolocation, or probable Chinese heritage (p < 0.05)
3. Set ACC_CHINA accordingly
4. Compute the signature of the class file using a known secure NSA-approved, China-unapproved key
5. Truncate the signature to two bits and stick them in 1<<6 and 1<<7


After the .class files in the APK have been set and it's uploaded to the Google Play Store, the Play Store can slap a sticker on it if it contains any ACC_CHINA bits set!

God bless America.

Written by Daniel Taylor.
Email: contact@djtaylor.me