PreEmptive Protection - DashO v8.1 User Guide

Introduction

PreEmptive Protection - DashO is a Java obfuscator, compactor, optimizer, and watermarker. This section provides an overview of the benefits of using DashO.

Why Obfuscate?

Java uses expressive file syntax for delivery of executable code. Being higher-level than binary machine code, class files contain identifiers metadata that makes source code recovery possible. Attackers can use a decompiler to reverse engineer code, exposing software licensing code, copy protection mechanisms, or proprietary business logic.

Obfuscation is a technique that provides seamless renaming of symbols in applications as well as other tricks to foil decompilers. Properly applied obfuscation increases the protection against decompilation by orders of magnitude, while leaving the application intact.

Goal of Obfuscation

The goal of obfuscation is to create confusion. As the confusion builds, the ability to recover source from class files deteriorates. This says nothing about altering the executable logic - only representing it incomprehensibly.

An obfuscator works at the byte code level to confuse a human interpreter and break decompilers while preserving the executable logic. As a result, attempts to reverse-engineer the instructions fail or produces code that fails to compile.

PreEmptive Protection - DashO Features

PreEmptive Solutions has been protecting and improving intermediate compiled software since 1996, beginning with its DashO tools for Java. Its products for both Java and .NET have enjoyed market-success due to their power, versatility, and patented features.

Pruning

Starting with entry points into the application DashO determines the classes, methods, and fields that an application uses and creates a package of just those elements. This extends to third-party libraries allowing you to ship only the pieces that your application uses.

Renaming

DashO uses Overload Induction™, a patented algorithm devised by PreEmptive Solutions. Overload Induction will rename as many methods as possible to the same name. The following example illustrates the technique.

First the original source code:

private void calcPayroll(SpecialList employeeGroup) {
    while (employeeGroup.hasMore()) {
    employee = employeeGroup.getNext(true);
    employee.updateSalary();
    distributeCheck(employee);
    }
}

And now reverse-engineered source after Overload Induction:

private void a(a b) {
    while (b.a()) {
        a = b.a(true);
        a.a();
        a(a);
    }
}

DashO also generates a name-mapping file so that obfuscated names can be reapplied between successive releases. This allows patched files to integrate into the previously deployed systems.

Control Flow Obfuscation

DashO works by destroying the code patterns that decompilers use to recreate source code. The end result is code that is semantically equivalent to the original but thwarts decompilers.

String Encryption

DashO encrypts strings in all or part of your application, providing a barrier against attackers searching for specific strings in an application to locate logic for registration or serial numbers. If producing multiple jars, DashO will, in most cases, keep the decryption logic within each jar where it is used.

Byte Code Optimization

Byte code optimizations can be performed on all or part of your application. DashO performs algebraic identity, strength reduction, and other peephole optimizations.

Watermarking

DashO can add watermarks to obfuscated jar files that can be used to track unauthorized copies of software back to the source. Watermarking is used to unobtrusively embed data such as unique customer identification numbers or copyright information into an application without impacting its runtime behavior.

Incremental Obfuscation

DashO supports Incremental Obfuscation allowing you to re-use the same class name, method names, and string encryption/decryption methods from a previous run. This functionality is needed for patch releases and the consistent renaming of serialized classes between releases.

PreEmptive Protection - DashO Version 8.1.0. Copyright © 2017 PreEmptive Solutions, LLC