Categories
iOSDefender Change Log

iOSDefender Change Log V1.1 Build 0 Beta – Release Date May 17, 2021

Reading Time: < 1 minute

Change Log – Version 1.1.0 Beta – Release Date May 17, 2021

Enhancements

This release may contain protection enhancements not described here.

  • Created an evaluation version of iOSDefender SDK.
  • Updated the EULA.
Categories
Dotfuscator Pro Change Log

Dotfuscator Professional Edition, Version 6.4.0 – Release Date May 11, 2021

Reading Time: < 1 minute

Enhancements

Functional Changes

  • When using Automatic Input Management, such as with the recommended Protect Your App instructions, the Config Editor’s View menu will no longer allow access to report files if there could be multiple reports that vary by build configuration and platform. To access the full set of reports, check the DotfuscatorReports directory.
  • In cases where Dotfuscator downloads ILDasm and ILAsm tools via NuGet, you can now specify the NuGet feed, username, and password via environment variables. This should only be necessary if you do not have access to the public nuget.org feed.
  • When using an internet proxy requiring authentication, you can now specify the username and password via environment variables for Dotfuscator to use for licensing communications. For details, see Internet Connection Requirement.

Fixes

  • Fixed issues related to renaming obfuscation.
  • Fixed an issue where strong name re-signing doesn’t support spaces in the path to the key file.
  • Fixed an issue where Automatic Input Management would fail if a solution contains a non-filesystem path to a project. For instance, when an “Existing Website” is added to a solution, the solution can contain a web address. In these scenarios, Dotfuscator now warns and continues.
  • Fixed an issue where Dotfuscator errors when protecting an assembly whose name contains netstandard.
  • Fixed an issue where Dotfuscator errors when processing an assembly which has type forwards to nested types.
  • Fixed an issue where the Output tab in the Config Editor would not indicate types which were removed by Dotfuscator.
  • Fixed other minor issues.
Categories
DashO Change Log

DashO Java Obfuscator Change Log V11.2 Build 0 – Release Date May 11, 2021

Reading Time: 2 minutes

Change Log – Version 11.2.0 – Release Date May 11, 2021

Enhancements

This release may contain protection enhancements not described here.

  • Entry Points, Inclusions, and Exclusions can now use supertype and/or annotation based criteria.
  • Entry Points, Inclusions, and Exclusions can now match classes based on the existence of methods or fields that match the criteria.
  • Compiled bytecode from Java 16 (except the record type and the Sealed Classes preview feature) can now be processed.
  • Global Processing Excludes now allows for classes to never be updated by DashO.
  • Updated the New Project Wizard to include settings for generating Entry Point rules based on annotation based criteria, including a special set of entry points for Hibernate/JPA.
  • Improved the Android Project Wizard to support both ways the Android plugin can be applied.
  • Improved the "Method too large" errors to display the original name of methods when renaming has been performed. Methods from multiple classes will be displayed when necessary.
  • Updated the samples.

Changes

  • Added a warning for ambiguous Renaming Exclude class rules (will be changed to an error in a later release).
  • The Make Synthetic option now includes classes.
  • Updated to use ASM version 9.1.
  • Updated to include AdoptOpenJDK JRE version 11.0.11 in the installers.
  • Updated the End User License Agreement to match https://www.preemptive.com/eula.

Fixes

  • Fixed an issue where a class configured as an entrypoint could get renamed in rare circumstances.
  • Fixed an issue where the Config Editor showed unsupported settings on the Removal-Classes page.
  • Fixed an issue where the Config Editor could add a duplicate entry when dragging a class on the Removal-Classes page.
  • Fixed an issue where the x button on save dialog windows would proceed without saving instead of cancelling.
  • Fixed an issue where DashO would overflow a jump's boundaries in some cases.
  • Fixed an issue where the Browse dialog for selecting the Web project output folder would not allow selecting existing directories.
  • Fixed an issue where the Check Injection Locations list included native methods.
  • Fixed an issue where the splash screen would not scale properly on Windows.
  • Fixed an issue where deleting the last Method Call Removal rule would not save to the project file.
Categories
JSDefender Change Log

JSDefender Change Log V2.4 Build 0 – Release Date May 6, 2021

Reading Time: < 1 minute

Change Log – Version 2.4.0 – Release Date May 6, 2021

Features

  • jsdefender-core: JSDefender has a couple of changes that make it harder to reverse-engineer.
  • jsdefender-core: ControlFlowTransform allows injecting fake test conditions with the injectFakeCode configuration option.
Categories
iOSDefender Change Log

iOSDefender Change Log V1.0 Build 0 – Release Date March 29, 2021

Reading Time: < 1 minute

Change Log – Version 1.0.0 – Release Date March 29, 2021

Initial release of iOSDefender SDK!

Enhancements

This release may contain protection enhancements not described here.

Categories
DashO Change Log

DashO Java Obfuscator Change Log V11.1 Build 2 – Release Date March 29, 2021

Categories
Support Corner

Protecting .NET Applications that Use Excel Interop

Reading Time: 2 minutes

Microsoft Office primary interop assemblies give us the ability to create and modify Excel Spreadsheets from a .NET application.  Office applications like Excel are written in unmanaged code.  The primary interop assembly provides wrappers to call unmanaged COM objects from our managed .NET application. 

By default, when you reference an Office primary interop assembly, the interop types are embedded into your application to avoid having to deploy extra assemblies.  When applying protection, we must preserve some of these embedded types and methods to maintain COM interoperability.

Please consider the following example.  This simple C# application uses Excel Interop to create a spreadsheet and populate cells:

When applying for full protection with Dotfuscator, I experience a TypeLoadException at runtime:

To avoid this error, I will configure a rename exclusion for the embedded interop types.  All the embedded Interop types are in the Microsoft.Office.Interop.Excel namespace.  The specific types I need to preserve are interfaces, most of which contain placeholder methods of the form “_VtblGapX_XX” that also must be preserved.

Based on these patterns, I can leverage custom rules to simplify the Renaming configuration.  From my DotfuscatorConfig.xml:

After configuring this rule, the protected output runs properly, and my spreadsheet is created.

The above pattern is general enough to work if the Office primary interop assembly is used for creating any type of Office document: Excel spreadsheet, PowerPoint presentation, Word document, etc.

The full example can be downloaded here.

If you have any feedback on this topic or other topics you would like us to discuss in the Support Corner, please feel free to contact our Support Department.

Categories
Mobile Application Protection

17 Online Accounts to Follow on Software Development

Reading Time: 3 minutes

We asked our top Software Engineers what they’re reading and listening to lately to stay up to date on software development. Here are their recommendations on top accounts to follow:

YouTube

  1. Fireship
    These high-intensity code tutorials can help you build and ship your apps faster. This channel has new videos every week that cover intermediate to advanced lessons about JavaScript, Flutter, Firebase, and modern app development. You can even get project support, advanced full courses, and more at www.fireship.io.
  2. Google Developers
    The Google Developers channel features talks from events, educational series, best practices and tips, and the latest updates across Google products, platforms, and services including Android, Firebase, TensorFlow, Flutter, Google Assistant, and more.

Blogs

  1. Eric Elliott on Medium
    Read all things JavaScript in Eric Elliott’s JavaScript Scene and The Challenge to make sure you’re up to date on the latest JavaScript news, frameworks, tricks and techniques, software management, and more.
  2. CSharp Digest
    This newsletter is great for busy techs who want the news delivered right to their inbox. You’ll receive weekly updates, interesting stories, and more in the .NET and C# space.
  3. Scott Hanselman Blog
    As a prominent web developer for the Web Platform Team at Microsoft, Scott Hanselman has been blogging for the past decade on his personal web development experience. Topics range from technology, culture, gadgets, diversity, code, the web, and more. He also has three podcasts, a YouTube channel, and a Twitter account, which you can subscribe to as well.
  4. Microsoft Developer Blogs
    Just like it sounds, these series of blogs have the inside scoop on the latest information, insights, announcements, and news from Microsoft, specifically written about Visual Studio, Xamarin, Azure, .NET, and various other development languages. There’s also an option to pull the RSS feed so you can have the news and announcements delivered to you.
  5. Hackaday
    Get lost in mountains of fresh, playful hacks on the Hackaday blog written by developers all around the Internet where new ideas and information are exchanged daily. The term “hacking” tends to have a negative connotation to the public, but Hackaday embraces the act as an art that is highly creative, technical, and clever. When used for good intent, it can positively promote the exchange of new ideas and information. So, if you have any projects you’re proud of and want to show them off, you can document your work on their hosting site, hackaday.io.
  6. Adafruit
    With Adafruit blog, you’ll get the latest trends, news, and resources on open-source hardware, electronics, gadgets, kits, and more to help you get the machine build of your dreams.

Twitch TV

  1. Bald Bearded Builder
    This year, PreEmptive sponsored this channel and PreEmptive’s JSDefender was implemented in various live coding projects. For software development and clever banter, tune in. With nearly 20 years of experience designing and developing software, Michael Jolley (aka the Bald Bearded Builder) loves sharing his knowledge with others and watching them excel. While still building custom applications for clients today, Jolley spends considerable time pouring into others via his live-coding sessions on Twitch and talks at conferences and meet-ups.

Twitter

  1. The Hacker News (@TheHackerNews)
    This widely read account has daily news and technical coverage on cybersecurity, information security, and hacking to make sure you’re one step ahead of trending malicious attacks.
  2. Mobile Security (@mobilesecurity_)
    Are you a mobile app developer? This is a must-follow account. Stay informed on mobile security trends, specifically with Android and iOS platforms, and how you better adapt to safeguard your applications.
  3. David Heinemeier Hansson (@DHH)
    If you haven’t heard of David Heinemeier Hansson, you should. As the creator of Ruby on Rails and co-founder and CTO at Basecamp, Hansson is a must-follow leader in the technology space. With a slew of perspectives and opinions, his tweets offer great insight on software development for developers who want to grow professionally.
  4. Kelly Sommers (@kellabyte)
    Given away by the name of her Twitter handle, Kelly Sommers has a witty personality. She’s also a highly influential developer with over 43K followers to date with an impressive background as a four-times Windows Azure MVP and former two times DataStax MVP for Apache. You’ll get a combination of playful and insightful development tweets.
  5. Sara Ownbey Chipps (@sarajchipps)
    As a developer at Stack Overflow, Sara Ownbey Chipps is a prominent influential developer in the space. While some of her tweets feature development news and personal opinions, she also engages in a mix of current events she feels worthy of a mention.
  6. Nick Quaranto (@qrush)
    Nick Quaranto is the developer you’ll instantly feel like a friend. Quaranto has a more laid-back feed where he talks about development news, in addition to worldwide events he feels deeply passionate about.
  7. Eric Lippert (@ericlippert)
    Eric Lippert designs programming languages at Facebook and is a former C# language design team member at Microsoft. Over the years in his professional career, he’s learned a lot about programming language design and likes to share those said learnings with the development community on Twitter by fielding thousands of questions about C#, JavaScript, and other programming languages. He also has a blog worth checking out.
  8. Jared Parson (@jaredpar)
    Meet the creator of VsVim, Jared Parson. Parson is also a C# compiler team developer lead at Microsoft working on a language and operating system incubation project. Give him a follow and he won’t disappoint.

Categories
DashO Change Log

DashO Java Obfuscator Change Log V11.1 Build 1 – Release Date February 15, 2021

Categories
JSDefender Change Log

JSDefender Change Log V2.3 Build 0 – Release Date February 2, 2021

Reading Time: < 1 minute

Change Log – Version 2.3.0 – Release Date February 2, 2021

Features

  • jsdefender-core: The engine uses a new, significantly stronger domain lock and date lock protection.
  • jsdefender-core: The engine has a totally-rewritten, hardened protection for its JSDefender Runtime.
  • jsdefender-core: LocalDeclarationTransform now supports three new name mangling method: runicglagolitic, and tifinagh.
  • jsdefender-cli: The CLI issues an error when any global protection options is used with an inline protection directive.
  • jsdefender-cli: The CLI applies coloring to the log messages of the protection engine and just for the CLI messages.