PreEmptive Protection - DashO v8.2 User Guide

Tamper Check and Response

PreEmptive Protection - DashO can instrument applications to detect if they have been tampered with and optionally send a message to a PreEmptive Analytics server. Tamper checking requires that your application be signed either by DashO or by another process following instrumentation by DashO. The Tamper Checks and Responses are configured via the Tamper Check UI or by adding code annotations.

Tamper Check

To detect tampering place a TamperCheck on one or more methods in your application. DashO adds code that performs a runtime check that verifies the code has been signed by a particular certificate. This Check can be configured as described in the Overview, but may also require signing information.

An application can contain multiple uses of TamperCheck with various configurations. Using more than one Check or mixing the Responses will hamper attackers.

private static boolean tamperFlag;
private static Properties myProps;

@TamperCheck(sendMessage=true, customDataSource="@myProps", action="@tamperFlag")
public static void main(final String[] args){

}

@TamperCheck(response=ResponseType.Hang)
private int computeResult(){

}

Interaction with Signing

The Tamper Check is performed by verifying at runtime that the code has been signed by a particular certificate. If DashO is used to sign the resulting jars, then no further configuration is required. If the jars are signed by another process, after they have been obfuscated using DashO, you need to tell DashO about the signing information with additional attributes of the TamperCheck. This allows DashO to retrieve the key information required to perform the runtime tamper checking. The information specified is similar to what is found on the Output Signing panel.

@TamperCheck(sendMessage=true, action="@tamperFlag", storepass="${master.psw}",
    storetype="JKS", alias="ProdKey")
public static void main(final String[] args){

}

When you use the user interface to enter a password for storepass value and it does not contain property references DashO will store the password in an encrypted form.

Notes:

If your application uses a custom class loader, make sure it loads the signing certificates.

For Example: In an OSGI (Eclipse Equinox) based application, you must configure osgi.signedcontent.support. It needs to allow at least certificate and you cannot set osgi.support.class.certificate to false.

If your application utilizes code generation, make sure it works properly with signed jars before adding Tamper Detection. You may need to sign the jars which generate the code with the same certificate.
For Example: In a Spring-based application, you would need to sign spring-core-4.0.1.RELEASE.jar (or a similar jar).

The Tamper Check for Android requires access to the application's context; it expects a getApplicationContext() method to exist on the class where it is being injected. If you inject the Tamper Check into a class which extends android.context.Context, like android.app.Activity, android.app.Application, or android.app.Service, it is fine. If not, you will need to add the getApplicationContext() method and make sure it returns a proper Context. If you plan to send messages and want offline message support, you will also need to exclude the added getApplicationContext() method from renaming.

Tamper Response

The TamperResponse annotation interacts with the TamperCheck. This Response can be configured as described in the Overview.

private static boolean tamperFlag;

private Properties customData(){...}

@TamperCheck(action="@tamperFlag")
public static void main(final String[] args){

}

@TamperResponse(source="@tamperFlag", sendMessage=true, customDataSource="customData()")
private void init() {

}

@TamperResponse(source="@tamperFlag", response=ResponseType.Exit, probability=0.05f)
private int computeResult(){

}

@TamperResponse(source="@tamperFlag", response=ResponseType.Error, probability=0.1f)
private FileInputStream readInput(){

}

PreEmptive Protection - DashO Version 8.2.0. Copyright © 2017 PreEmptive Solutions, LLC