Encrypting String Constants with Dotfuscator

May 25, 2018 6021 Views Brent Prox

Welcome to the Support Corner, where we’ll occasionally talk about topics that we’re seeing while working with our customers. If you’d like to see more like this, please click the Support Corner Category.

In addition to Renaming and Control Flow, String Encryption is an obfuscation transform that can help protect your application. When customers enable String Encryption in Dotfuscator, they are often surprised to see that string constant definitions are still visible in decompiled code. Customers often contact us asking how to encrypt those string constants.

However, those string constants don’t need to be encrypted; they need to be removed entirely. Dotfuscator’s String Encryption feature takes the strings that have been inlined by the .NET compiler and encrypts them. That leaves the constant definitions behind, unused – and they can be removed.

Note: Dotfuscator Professional Edition is required in order to use String Encryption and Removal.

This leads us to Dotfuscator's Removal feature. If you are using String Encryption, you should also use Removal to remove those string constants. (This is another great example of how layered protection is far more valuable than any individual protection, alone.)

1. Within Dotfuscator, enable Removal by setting Settings > Global Options > Disable Removal to “No”
2. Select the “Remove only literals (const definitions)” option for Removal Kind in Removal > Options
3. Build your app with Dotfuscator
4. Decompile the assembly and verify the string constant definitions have been removed

Note: if you have Library Mode enabled, the public and protected constant definitions will not be removed. Turning on Library Mode for an assembly causes Dotfuscator to treat all visible types and members as entry points, automatically. Entry Points are excluded from Removal.

Please note: this is a basic overview of how to remove string constant definitions from your protected application. In applications with more complexity, there may be additional configurations necessary, such as removal exclusions. For more details, please see the documentation on Dotfuscator’s Removal Editor.

If you have any feedback on this topic, or other topics you would like us to discuss in the Support Corner, please feel free to contact us at support@preemptive.com.

Latest Blog Posts

Protecting Java applications that use Jackson for JSON

JSON is a standard format for sharing objects and data within an application. When working in Java, there is no built-in support for JSON processing. There are, however, several widely-used libraries and options to choose from. In this article, we will focus on Jackson, which is one of the most popular.

AutoMapper is an object-to-object mapping system used by many of our customers. It aims to simplify and organize code responsible for sharing instance values from an object of one type to an object of a different type.

Inventa, a Wireless Technology Company, Protects their Android Application with DashO

The Beginnings of Inventa

Having worked in the wireless mobile technology domain in the US, Anand Virani, became intrigued by the growing tech and wireless trends and wanted to explore the field more for himself. He noticed a boom in the Internet of Things (IoT) and that smartphones were becoming more central to how people interacted with each other at home, in the office, and in public places. What if there was a way phones could connect with each other without the need for Internet or cloud access? Smartphones were the future and Virani was determined to make a profitable business model based on this new trend.

Surgical Theater Protects their Medical Applications with Dotfuscator

How It All Started

How is flying a fighter plane similar to performing neurosurgery? They have more in common than you’d think. In 2005, Monty Avisar and Alon Geri, two Israeli fighter pilots were assigned to work with Lockheed Martin to build a $50 million F-16 Flight Simulator program for the Israeli Air Force to improve hand-eye coordination skills for their pilots during combat. Avisar took on the role of project manager and Geri served as senior engineer; the project was a success.

Four years later in 2009, the two finished their military service in Israel and moved to Cleveland, Ohio. Their experience working in virtual reality applications inspired them to wonder where this technology could also be applied. With several connections to surgeons, the two came to understand the ins and outs of operation procedures; in a similar way, surgeons were also working on a battlefield. What if surgeons could also train like fighter pilots and preview their surgical procedure, much like a fighter pilot could pre-fly their mission? The surgeons could pre-plan the operation from every angle and every approach to increase their situational awareness. And a year later, Surgical Theater was born.

Maven is perhaps the most widely-used project management tool for Java. Based on the Project Object Model (POM), it is used not only for compilation of source code, but also dependency management, documentation, running tests, packaging, deployment, and more. We are frequently asked if we have a Maven plugin for running DashO. Though we do not offer a specific Maven plugin, adding DashO to your Maven-based project is surprisingly easy by leveraging Ant.

Encrypting String Constants with Dotfuscator

Protecting Java applications that use Jackson for JSON

Protecting C# applications that use AutoMapper

Inventa, Wireless Technology Company, Protects their Android Application with DashO

Surgical Theater Protects their Medical Applications with Dotfuscator

Integrating DashO into a Maven Build

Latest Blog Posts

Protecting Java applications that use Jackson for JSON

Protecting C# applications that use AutoMapper

Inventa, Wireless Technology Company, Protects their Android Application with DashO

Surgical Theater Protects their Medical Applications with Dotfuscator

GlobalMed Finds Success by Switching to JSDefender

Twitter