Stringer Java Obfuscation Toolkit: Protecting Java and Android Applications

Dear Habr community, I would like to tell you about one of the products we are developing - the Stringer Java Obfuscation Toolkit ( https://jfxstore.com/stringer ). I think many Android and Java developers will be interested, especially in the light of such publications: habrahabr.ru/post/141522 .

I must say that the decision is commercial, in order to save someone, from reading this post, time.

Over the past, almost full, year, we have done quite a few interesting things:

• We have support for the Android platform
• Added support for annotations
• Java Mobile support
• Plugin for Eclipse
• Optimized string decryption algorithm
• Reduced the total size of the code embedded in the protected application
• Added examples of Ant and Maven projects.

')
As you probably already understood, the type of obfuscation is string encryption.

The biggest news is, of course, Android support. To make everything as convenient as possible for the developer, we made a plugin for the standard IDE of Android projects - Eclipse: the plugin is available on the Eclipse Marketplace - marketplace.eclipse.org/content/stringer-java-obfuscation-toolkit .
If you use Stringer on a pair with ProGuard , you will get a byte-code, which, firstly, will drop dex2jar (it was exactly like that on the tests), secondly, if it still doesn’t drop it, it will break your head to someone who is plotting evil deeds.
In combination with the possibility of using annotations, protection of sensitive string constants (ad IDs, various credentials, protocol parameters, non-public links, etc.) becomes pleasant and does not take much time.

In the near future: to implement one of the obfuscation algorithms, which will make the attacker's occupation almost meaningless, protecting resources within the application (properties, images, etc.).

There is an idea to make an open source configurator for ProGuard, your response is needed.

You can download Trial from the main jfxstore.com/stringer , just do not forget that the obfuscated trial version of the application will work as long as it remains until the end of the test license.