esamson · May 23, 2015 09:57
diff --git a/Secret.java b/Secret.java
 import java.lang.reflect.Field;
 import java.io.Console;

 public class Secret {

    public static void main(String[] args) throws Exception {
        Console console = System.console();
        String secret = console.readLine("secret: ");

        System.out.println("Capture secret in heap");
        System.in.read();

        clearString(secret);

        System.out.println("Removed from heap: " + secret);
        System.in.read();
    }

    static void clearString(String s) throws Exception {
        Field stringValue = String.class.getDeclaredField("value");
        stringValue.setAccessible(true);
        char[] mem = (char[]) stringValue.get(s);
        for (int i=0; i < mem.length; i++) {
            mem[i] = 'h';
        }
    }
 }
	import java.lang.reflect.Field;
	import java.io.Console;

	public class Secret {

	public static void main(String[] args) throws Exception {
	Console console = System.console();
	String secret = console.readLine("secret: ");

	System.out.println("Capture secret in heap");
	System.in.read();

	clearString(secret);

	System.out.println("Removed from heap: " + secret);
	System.in.read();
	}

	static void clearString(String s) throws Exception {
	Field stringValue = String.class.getDeclaredField("value");
	stringValue.setAccessible(true);
	char[] mem = (char[]) stringValue.get(s);
	for (int i=0; i < mem.length; i++) {
	mem[i] = 'h';
	}
	}
	}