JSON is a widely used format for sharing objects and data within an application. To protect .NET applications that serialize and deserialize JSON objects, you should be aware of some special considerations.
Consider a basic Employee class:
With our recent DashO releases, we’ve been working to make our Android support even easier to use. A great example of this is our evolved support for Crashlytics, which is an analytics framework that can provide detailed reports on application crashes from the field.
When applications have been obfuscated, the stack traces will contain obfuscated class and method names. To prevent this from complicating debugging, Crashlytics provides a utility to automatically deobfuscate stack traces, so that the reporting server shows the original class and method names. It does so by reading the map file, which is a file created by the obfuscation tool to pair the obfuscated class and method names with the original names. Crashlytics expects this map file to be in a ProGuard-compatible format, which differs from the DashO map file format.
If you were using Crashlytics with a version of DashO prior to our 8.5, this would likely have caused issues. You might have experienced an error during the Gradle build, from the Crashlytics plugin:
Welcome to the Support Corner, where we’ll occasionally talk about topics that we’re seeing while working with our customers. If you’d like to see more like this, please click the Support Corner Category.
In addition to Renaming and Control Flow, String Encryption is an obfuscation transform that can help protect your application. When customers enable String Encryption in Dotfuscator, they are often surprised to see that string constant definitions are still visible in decompiled code. Customers often contact us asking how to encrypt those string constants.
However, those string constants don’t need to be encrypted; they need to be removed entirely. Dotfuscator’s String Encryption feature takes the strings that have been inlined by the .NET compiler and encrypts them. That leaves the constant definitions behind, unused – and they can be removed.
Welcome to the Support Corner, where we’ll occasionally talk about topics that we’re seeing while working with our customers. If you’d like to see more like this, please click the Support Corner Category.
Recently, we’ve worked with a handful of customers who are using the Spring Boot framework. Spring Boot provides a simple way to create Spring-based applications. This blog explains how to protect jars created with the framework.
Spring Boot jars use an embedded class file structure which DashO does not directly recognize. DashO processes the regular class and package hierarchy. However, it does not embed the class files from the BOOT-INF/classes directory when writing the obfuscated jar.
