Ghost Bits Verifier

Ghost Bits Verifier is a desktop security utility for studying and verifying Java char to byte truncation behavior.

In Java, char is 16-bit while byte is 8-bit. When code performs operations such as (byte) ch, ch & 0xFF, ByteArrayOutputStream#write(int), or DataOutputStream#writeBytes(String), only the low 8 bits are preserved. This tool generates Unicode BMP characters whose low 8 bits match selected input characters, making that behavior visible and easy to test.

Features

• Encode plain text or payload fragments into low-byte-equivalent Ghost Bits characters.
• Decode Ghost Bits text back to the low-byte representation.
• Convert all characters or only selected characters through the Only input.
• Show byte-level mappings for every converted character.
• Provide multiple generation strategies, including curated CJK samples and broader BMP coverage.
• Include common security payload templates under Tools, with automatic Only rules and instant conversion.
• Support English and Chinese UI switching from Settings -> Language.

Typical Example

If the input is:

1.jsp

and Only is:

j

the encoded output can become:

1.陪sp

Here, 陪 is U+966A, and its low 8 bits are 0x6A, which corresponds to ASCII j.

Use Cases

• Defensive verification of unsafe Java truncation paths.
• Security test-case generation for WAF/backend behavior differences.
• Code review support when auditing byte/char conversion logic.
• Demonstrating low-byte preservation behavior in Java APIs.

Notes

The Release package is intended to be downloaded as a compressed application folder. Keep the executable together with its bundled app and runtime directories.

This project is intended for defensive research, secure coding review, and controlled testing only.