Contact Us Blog Register Login
PreEmptive -
  • Home
  • Products
    • Application Protection
      • Dotfuscator for .NET
        • Overview
        • Features
        • Compare Editions
        • Xamarin Protection
        • Videos & Resources
        • Pricing
        • Downloads
      • DashO for Android & Java
        • Overview
        • Features
        • Videos & Resources
        • Pricing
        • Downloads
      • JSDefender for JavaScript
        • Overview
        • Features
        • Online Demo
        • Pricing
        • Downloads
      • PreEmptive Protection for iOS
        • Overview
  • Support
    • Product Support
      • Dotfuscator for .NET
      • DashO for Android & Java
      • JSDefender for JavaScript
      • PreEmptive Protection for iOS
    • Resources
      • White Papers
      • Glossary
      • Videos
  • Solutions
    • App Protection Solutions
      • Mobile App Protection
      • Desktop & Server App Protection
      • General Data Protection Regulation (GDPR)
      • Security Development Lifecycle
      • Application Integrity Protection
      • Mobile RASP
      • PCI Mobile Payment Acceptance Security
  • Company
    • About
      • Why PreEmptive?
      • About Us
      • Careers
      • Blog
    • Contact
    • Legal

You can’t see me, I’m obfuscating (on Windows Phone)

November 17, 2010 5393 Views Sebastian Holst

Recent communications from Microsoft have resulted in a wave of interest (to put it mildly) in obfuscation. Obfuscation is not new; nor are most of the questions, concerns, and critiques that have started flying around the WP7 dev community – but some are (because there are some unique aspects to the wp7 environment).

I have included some resources and comments here – but also, please stay tuned as PreEmptive will be pushing out a collection of resources on this subject specifically targeting Windows Phone.

Quick resources available now:

ISSA Journal: Assessing and Managing Security Risks Unique to Java and .NET (pdf). Tries to answer the questions “when and why should I worry?” and “then what can I do about it?” Specifically, this article “enumerates specific risks unique to managed code (.NET and Java), offers guidance on assessing organizational materiality of these risks, and lists broadly recognized risk mitigation technologies and practices.”

WP7 FAQ (short blog form)

Question: Why do I have to obfuscate my Windows Phone application? Has Microsoft dropped the ball?

Answer: You don’t have to – but if you want to prevent easy reverse engineering of your application, then you should. Managed code has always been easy to reverse engineer (see ISSA Article listed above), and WP7 is no better or worse. In fact, it may be helpful to compare Android’s policy and recommendations on obfuscation – see my blog here for a detailed comparison.

Question: I just obfuscated my application and it’s broken! Is this a bug? Why can’t it just work like encryption?

Answer: Obfuscation is fundamentally different than encryption in that meaning matters.

Encryption is only half of the equation – the other half is decryption . Encryption algorithms do not need to preserve the meaning of content because the content will be decrypted . Meaning is wiped out in the output (that is the intent of course) and a reconstituted at decryption time (that also means that encryption cannot be lossy).

Obfuscation is the entire equation – there is no “de-obfuscation” – in fact, that is its intent. Meaning must be preserved in the final output. When your program has tricky reflection, includes mixed-mode DLLs, incorporates 3rd party libraries, etc. – all of that must be accounted for. Some of this can be divined through static analysis – but some idioms/semantics cannot.

Question: I just want to keep Reflector from showing source code. Is that so hard?

Answer: That is actually easy. Turn-off renaming and turn-on “control flow.” The ISSA article defines these transforms, but the short answer is that renaming confuses humans and control flow confuses programs. Renaming is almost always the culprit when it comes to “breaking apps.”

Question: Where can I go to learn about the latest resources to help me obfuscate my app?

Answer: Go to www.preemptive.com/application-protection - we will update this page regularly. Also, follow us on Twitter - @PreEmptive

I have also posted on some related topics

  • A comparison of obfuscation policy and practice between Microsoft’s WP7 and Google’s Android
  • A discussion on the new category of analytics: Application Analytics
  • And a sillier one on Dumbphones: our first anthropomorphic retronym

Categories

  • Dotfuscator

  • Dotfuscator CE

  • DashO

  • JSDefender

  • Press Releases

  • Mobile Protection

  • Risk Management

  • Support Corner

Latest Blog Posts

Protecting Java applications that use Jackson for JSON



JSON is a standard format for sharing objects and data within an application. When working in Java, there is no built-in support for JSON processing. There are, however, several widely-used libraries and options to choose from. In this article, we will focus on Jackson, which is one of the most popular.

Read more

Protecting C# applications that use AutoMapper



AutoMapper is an object-to-object mapping system used by many of our customers. It aims to simplify and organize code responsible for sharing instance values from an object of one type to an object of a different type.

Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO



Inventa, a Wireless Technology Company, Protects their Android Application with DashO

The Beginnings of Inventa

Having worked in the wireless mobile technology domain in the US, Anand Virani, became intrigued by the growing tech and wireless trends and wanted to explore the field more for himself. He noticed a boom in the Internet of Things (IoT) and that smartphones were becoming more central to how people interacted with each other at home, in the office, and in public places. What if there was a way phones could connect with each other without the need for Internet or cloud access? Smartphones were the future and Virani was determined to make a profitable business model based on this new trend.

Read more

Surgical Theater Protects their Medical Applications with Dotfuscator



Surgical Theater Protects their Medical Applications with Dotfuscator

How It All Started

How is flying a fighter plane similar to performing neurosurgery? They have more in common than you’d think. In 2005, Monty Avisar and Alon Geri, two Israeli fighter pilots were assigned to work with Lockheed Martin to build a $50 million F-16 Flight Simulator program for the Israeli Air Force to improve hand-eye coordination skills for their pilots during combat. Avisar took on the role of project manager and Geri served as senior engineer; the project was a success.

Four years later in 2009, the two finished their military service in Israel and moved to Cleveland, Ohio. Their experience working in virtual reality applications inspired them to wonder where this technology could also be applied. With several connections to surgeons, the two came to understand the ins and outs of operation procedures; in a similar way, surgeons were also working on a battlefield. What if surgeons could also train like fighter pilots and preview their surgical procedure, much like a fighter pilot could pre-fly their mission? The surgeons could pre-plan the operation from every angle and every approach to increase their situational awareness. And a year later, Surgical Theater was born.

Read more

Integrating DashO into a Maven Build



Maven is perhaps the most widely-used project management tool for Java. Based on the Project Object Model (POM), it is used not only for compilation of source code, but also dependency management, documentation, running tests, packaging, deployment, and more. We are frequently asked if we have a Maven plugin for running DashO. Though we do not offer a specific Maven plugin, adding DashO to your Maven-based project is surprisingly easy by leveraging Ant.

Read more

preemptive logo

767 Beta Dr. Suite A
Mayfield Village, OH 44143

Tel: +1 440.443.7200

solutions@preemptive.com

Latest Blog Posts

Protecting Java applications that use Jackson for JSON

December 30, 2020
Read more

Protecting C# applications that use AutoMapper

November 18, 2020
Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO

November 10, 2020
Read more

Surgical Theater Protects their Medical Applications with Dotfuscator

October 30, 2020
Read more

GlobalMed Finds Success by Switching to JSDefender

October 21, 2020
Read more

Twitter

@baldbeardbuild @GirlsWhoCode @baldbeardbuild thanks so much for inspiring us to be BUILDERS in our own community!… https://t.co/U6AyqPDhsa Jan 14 • reply • retweet • favorite

Copyright © 2020 PreEmptive

  • Home
  • Contact Support
  • Blog
  • Contact
Scroll to Top

PreEmptive uses cookies to improve the functionality of our website. By using this site, you agree to the use of cookies.