Protect, analyze, and monetize applications

PreEmptive Solutions Magazine

Subscribe to PreEmptive Solutions Magazine: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get PreEmptive Solutions Magazine: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

PreEmptive Solutions Authors: Yeshim Deniz, Maureen O'Gara, Gabriel Torok, Keith Brown, Ed Zebrowski

Related Topics: Java Developer Magazine, PreEmptive Solutions

Java Developer : Article

DashO-Pro by preEmptive Solutions

DashO-Pro by preEmptive Solutions

I remember how I first got into Java. A friend called my attention to these neat little mini applications that could be easily embedded into HTML files. These applets provided a quick way to jazz up even the most mundane Web pages. She showed me some UseNet groups that contained huge libraries of these applets. I soon learned how to go into their code and change (dare I use the word "hack"?) them to fit my needs. Those applets were nobody's property; they were just there for the taking. Some people would come up with clever ways of making them run more efficiently, and would post their findings for all to use. When working with pubic archives, this is all well and good. The problem is many people learned how to hack Java applications that were not public domain. They would download applications, decompile the source and hack it to look like their own.

Today's complicated Java application involves many hours of hard work. Many of us do so under the employment of a company that stands to gain or lose hundreds of thousands of dollars based on the success of the application. We can't take the risk of unethical people using our code to suit their own needs. At the same time, code has to be quick and neat. What we need is a development tool that makes it literally impossible to hack source code without sacrificing speed and efficiency. What's needed is DashO-Pro from preEmptive Solutions.Obfuscation With Traditional and Advanced Methods
No program is totally safe from decompilers (to claim so would invite big trouble!), but DashO-Pro makes life as difficult as possible for them. Some of the methods used are:

  • The removal of extraneous debugging information from class files.
  • Removal of unused classes, fields and methods for maximum size reduction.
  • Renaming all possible methods, classes and fields. All methods, such as public and private, can be renamed as long as they don't override a method from a non-included class. This process does not effect methods such as init and paint. Renaming reduces all to one or two-character names. Since decompilers have the ability to rename unprintable names back to printable ones, DashO-Pro provides sophisticated renaming properties that can't be bypassed by decompilers.
  • The duplication of constant pool entries. This is a clever feature, as it won't rename multiply-used entries. Suppose the string "testing" is printed while there is a method called "testing;" the string would be printed as is but the method would be renamed.
  • The use of irreducible control flow graphs for obfuscation. These can't be produced in the Java language due to its control structure. Code is changed in such a way that it no longer has an equivalent sequence in Java at the source level.

    More Than Just an Obfuscator, It's an Advanced Optimizer, Size Reducer and Packaging System
    Anyone who has ever done programming knows the value of correct, efficient code. Traditionally, an optimizer is used to increase code performance. Optimizing tools for Java have been up until now immature at best. DashO-Pro implements many standard optimizing transforms unavailable in today's Java compilers, as well as some new transforms targeted specifically for Java bytecode.

    One classic optimization is dead code elimination. DashO-Pro takes this to the nth degree by removing all unused information in your program. preEmptive Solutions has provided the following sample code to demonstrate DashO-Pro's removal techniques:

    class MyClass {
    int Z;
    public static void main(String args[]) {
    System.out.println("Hello World");

    public void doesNothing() {
    Z = 5;
    OtherClass X = new OtherClass();

    In this example, DashO-Pro's algorithms detect that the "doesNothing" method is never called: therefore, it is removed along with "OtherClass" and the "Z" variable. DashO-Pro's output only includes the absolute minimum set of classes, methods and fields required by your application. Your code size is minimized, often a desired feature for applets and other code that needs to move around the network.

    Using DashO-Pro
    DashO-Pro can be run as a command line or GUI application. When running as a command line program there are five runtime options that can be used with DashO-Pro:
    1. -f :force execution. This option, as the name suggests, forces execution, even when your application uses dynamic class loading (e.g,. by using the Class forName method). To use this option, it is necessary to specify all dynamically loaded classes in the configuration file; alternatively, you may allow DashO-Pro to automatically detect possible dynamically loaded classes.
    2. -v :verbose output. When this option is used information is given about the progress of the execution.
    3. -i :investigate only. This option tells DashO-Pro not to create any disk files. A report will be generated which specifies the candidates for removal.
    4. -q :run quietly. In this mode, DashO-Pro runs completely without printed output. Use this option for inclusion into application build sequences. The verbose option will be overridden here.
    5. : configuration file. This allows the naming of a specific configuration file, which is required for running DashO-Pro. This is a handy option when using multiple, tailor-made configurations in DashO-Pro. Trigger methods are not entered on the command line, as they must be included in configuration file.

    When using the GUI, it is not necessary to write a configuration file, as the GUI is really a front end to the configuration file. The interface is initiated by running the DashO-ProGui class from the jar file. The Windows enthusiast will be delighted to know that double clicking the icon will run the interface. I found the GUI to be well laid out and a snap to move around in.

    DashO-Pro's triple feature of optimization, obfuscation and compression makes it an extremely valuable tool in the professional Java developer's bag of tricks. If you have a need to streamline and hide your code, it's a must have!

  • More Stories By Ed Zebrowski

    Edward Zebrowski is a technical writer based in the Orlando, Florida, area. Ed runs his own Web development company, ZebraWeb

    Comments (0)

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.