DASHO FOR ANDROID&JAVA

DASHO FOR ANDROID&JAVA

Overview

How easy is it to Decompile Java or Android Apps?

All Java and Android applications and libraries are compiled to bytecode which maintains high-level information about your code including its structure and class, field, method, property and parameter names. With a free decompiler, it is very easy to recreate the source code. Obfuscation and related hardening and shielding techniques can make it much more difficult for a hacker or competitor to reverse-engineer your application.

Why use a Java Obfuscator or an Android Obfuscator on your Apps?

Apps are on our phones, inside our workplace, and powering the businesses and services we depend upon – it comes as no surprise to anyone that these apps have also become a favored target for cybercriminals, corporate competitors, and hostile nation states wanting crack licenses, steal valuable IP, trade secrets and confidential data, and attack critical infrastructure. By making your application much more difficult to reverse-engineer, you can help protect against intellectual property (trade secret) theft, bypassing licensing or other access checks, and searching for vulnerabilities and gaining access to data.

How we can help?

We offer PreEmptive Protection - DashO as a world-class, proven Java, Kotlin and Android application obfuscation and shielding tool. DashO provides smart application protection and runtime security controls that materially reduce these risks without costly programmer overhead or unacceptable hits to application performance or quality.

Passive Protection Includes:

• Patented Overload Induction obfuscation that is the gold standard in renaming symbolic entries
• Control flow obfuscation & optimization that is bolstered by our 20 years of optimization and performance experience ensuring both effective and efficient hardening
• Additional obfuscation transforms including extended string encryption, metadata stripping, and much more
• Performance transforms include optimal linking, pruning and more

Active Protection Includes Injecting Automated Detective, Corrective and Reporting Controls to:

• Protect against piracy via auto-expiration
• Prevent tampering and malware insertion
• Prevent probing for vulnerabilities and data breach via a debugger
• Prevent execution and inspection on rooted device

High Quality Protection against Hackers and Thieves

• Built to integrate with the high-precision and complex build environments of manufacturers as well as the automated, agile mobile developer
• Meets the highest quality and reliability standards backed by our 20-year track record of continuous improvement keeping ahead of bad actors and multiple waves of malicious tools
• Backed by dedicated, live support! Our dedicated, live support team are programmers with an average tenure of over four years supporting our products

Features

Protect Your Java, Kotlin and Android Applications

RENAMING

Renaming alters the names of methods, variables, etc., making source code more difficult to understand. DashO uses a deeper form of obfuscation, patented by PreEmptive Solutions, called Overload Induction™. Instead of substituting one new name for each old name, Overload Induction renames as many methods as possible to the same name. After this deep obfuscation, the logic, while not destroyed, is beyond comprehension. The following simple example illustrates the power of the Overload Induction technique:

Original Source Code Before Obfuscation	Reverse-Engineered Source Code After Overload Induction Obfuscation
private void CalcPayroll (SpecialList employeeGroup) {    while(employeeGroup.HasMore()) {       employee = employeeGroup.GetNext(true);       employee.UpdateSalary();       DistributeCheck(employee);    } }	private void a(a b) {    while (b.a()) {       a = b.a(true);       a.a();       a(a);    } }

 

CONTROL FLOW

Traditional control flow obfuscation introduces false conditional statements and other misleading constructs in order to confuse and break decompilers. This process synthesizes branching, conditional, and iterative constructs that produce valid forward (executable) logic, but yield non-deterministic semantic results when decompilation is attempted. Control Flow obfuscation produces spaghetti logic that can be very difficult for a cracker to analyze.

DashO employs advanced control flow obfuscation. In addition to adding code constructs, DashO works by destroying the code patterns that decompilers use to recreate source code. The end result is code that is semantically equivalent to the original but contains no clues as to how the code was originally written. Even if highly advanced decompilers are developed, their output will be guesswork.

Original Source Code Before Obfuscation	Reverse-Engineered Source Code After Control Flow Obfuscation
public int CompareTo(Object o) {    int n = occurrences –    ((WordOccurrence)o).occurrences;    if (n == 0) {       n = String.Compare(word,((WordOccurrence)o).word);    }    return(n); }	public virtual int _a(Object A_0) {    int local0;    int local1;    local 10 = this.a – (c) A_0.a;    if (local0 != 0) goto i0;    while (true) {       return local1;       i0: local1 = local10;    }    i1: local10 = System.String.Compare(this.b, (c) A_0.b);    goto i0; }

 

STRING ENCRYPTION

DashO allows you to hide user strings that are present in your assembly. A common attacker technique is to locate critical code sections by looking for string references inside the binary. For example, if your application is time locked, it may display a message when the timeout expires. Attackers search for this message inside the disassembled or decompiled output and chances are when they find it, they will be very close to your sensitive time lock algorithm.

DashO addresses this problem by allowing you to encrypt strings in these sensitive parts of your application, providing an effective barrier against this type of attack.

Since string encryption incurs a slight runtime penalty no string encryption is performed except on the parts of the application that you specify.

 

WATERMARKING

Watermarking helps track unauthorized copies of your software back to the source by embedding data such as copyright information or unique identification numbers into an application without impacting its runtime behavior. DashO’s watermarking algorithm does not increase the size of your application, nor does it introduce extra metadata that could break your application.

 

PRUNING

Small applications download faster, install faster, load faster and run faster. DashO's pruning feature statically analyzes your code to find the unused types, methods, and fields, and removes the, making the application smaller and reducing the data available to an attacker.

 

TAMPER DETECTION & DEFENSE

 

DashO injects code that verifies your application’s integrity at runtime. If it detects tampering, it can shut down the application, invoke random crashes (to disguise that the crash was the result of a tamper check), or perform any other custom action. For customers using PreEmptive Analytics, it can also send a message to the service to indicate that tampering was detected.

 

SHELF LIFE

Shelf Life is an application inventory management function that allows you to embed expiration, or de-activation, and notification logic into an application. DashO injects code that reacts to application expiration by exiting the application and/or sending a PreEmptive Analytics Service message. This feature is particularly helpful with beta or evaluation applications. Users can schedule an application’s expiration/de-activation for a specific date and optionally issue warnings to users that the application will expire/de-activate in a specific number of days.