Introduction to Stringer
Overview
Overview
Stringer Java Obfuscator protects Java application binaries (JARs, WARs, EARs, Eclipse RCP projects, OSGi bundles) against reverse engineering and modification.
Stringer accepts as an input any of the following:
- Directory (or directories) containing class files and resources
- JARs with classes and resources
- Java containers: WARs, EARs
Protection can be executed via the command line; via the Stringer desktop GUI application; via the Stringer Eclipse plugin; or directly within your build pipeline via Ant, Maven or Gradle.
Stringer is compatible with JRE versions ≥ 1.7, and can process Java applications compiled for J2SE 5.0 and higher.
Features
- String Encryption
- Hide Access: Virtualization of Method Calls, Field Types, and Field Access
- Resource Encryption and Resource Name Obfuscation
- Integrity control: Certificate checks; file content checks; file sealing; runtime integrity checks
- Tamper detection notifications and callbacks
- Code optimization
- Flexible protection filters
- Secure Runtime Environment (anti-emulator, anti-debug)
- Transparent SSL Pinning / HTTP Public Key Pinning (HPKP)
- Watermarking
String Encryption
Encryption of strings is used to hide the contents of string constants in Java applications. It is based on a strong cryptographic algorithm with the dynamic keys. These keys are calculated during the work of the protected application based on many parameters, and they can't be extracted from the application's code. As a result, if the code is decompiled, the contents of strings will be hidden and will be inaccessible for static analysis and decryption.
Hide Access: Virtualization of Method Calls, Field Types, and Field Accesses
The Hide Access mechanism masks the calls of library methods and application methods using randomly generated dynamic functions. Virtualization of method calls, field types, and field accesses protects an application’s critical logic from analysis and modification.
Note: It is recommended using this function only for classes which logic must be protected from analysis and modification, for example, critical application's logic, work with the license, etc.
Note: This technique allows you to hide Java API calls or third-party API calls you use in your project. If your bytecode is targeted to Java 7 it hides method calls by replacing them with calls to 'invokedynamic' engine, so that reverse engineering of the logic is extremely difficult, not to say impossible.
Resource Encryption and Resource Name Obfuscation
Stringer can also be used to encrypt resources — media files, data files, etc. — to prevent IP and data theft. In addition to this, it can obfuscate resource file names.
Integrity control: Certificate checks; file content checks; file sealing; runtime integrity checks
A binary processed by Stringer will be inoperable - essentially corrupted - if it is modified after protection. This prevents adversaries from disabling a licensing subsystem or injecting malicious code in your app, e.g. to obtain sensitive information such as passwords or credit card numbers of your application's users. Stringer Enterprise allows you to manually configure the integrity control function: enable/disable the file signature checks, file contents checks, and to configure tamper detection notifications and responses - how the protected application behaves after it was modified.
Tamper detection notifications and callbacks
Stringer allows you to specify how the app should behave in the event it detects any attempts to modify applications' content and/or the signature.
Code optimization
Stringer can remove redundant information such as debugging data and local variable names from code, optimizing the app for both size and performance.
Flexible protection filters and performance tuning
An important part of the configuration process is specifying which packages and classes will be targeted for protection. Stringer therefore provides a flexible mechanism for setting custom filters for each of its code and resource protection mechanisms.
There is a reference configuration file stringer.xml in the distro. String Encryption, Hide Access are enabled in this configuration, with exclusions for common open source libraries. We recommend starting with the reference configuration and then modifying it according to requirements
Samples
Sample projects are available on GitHub.
-
Overview
Introduction to Stringer > Overview -
Features
Introduction to Stringer > Features -
Samples
Introduction to Stringer > Samples -
Introduction
Getting started > Introduction -
1. Download
Getting started > 1. Download -
2. Activate
Getting started > 2. Activate -
3. After Activation
Getting started > 3. After Activation -
Configuration file format
Configuring Stringer protection > Configuration file format -
Filters: A guide to targeting code and resources
Configuring Stringer protection > Filters: A guide to targeting code and resources -
Annotations
Configuring Stringer protection > Annotations -
Run Stringer via the CLI
Implementing Stringer protection > Run Stringer via the CLI -
Run Stringer via the Stringer GUI
Implementing Stringer protection > Run Stringer via the Stringer GUI -
Eclipse Plugin
Implementing Stringer protection > Eclipse Plugin -
Ant Task
Implementing Stringer protection > Ant Task -
Maven Plugin
Implementing Stringer protection > Maven Plugin -
Gradle Plugin
Implementing Stringer protection > Gradle Plugin -
NetBeans
Implementing Stringer protection > NetBeans -
JavaFX Projects
Implementing Stringer protection > JavaFX Projects
Link copied!