Tamper Check
A Tamper Check is a type of Check that detects if the application has changed since it was processed by Dotfuscator.
For example, if an attacker modifies the application binaries to circumvent restrictions or remove licensing information, a Tamper Check can detect the modification and react by notifying the application and hindering the attacker. In other words, a Tamper Check detects and reacts to unauthorized tampering of your application.
Configuring Tamper Checks
To have Dotfuscator inject Tamper Checks into your application, first enable Checks.
Then, configure the Checks via the user interface or by annotating your source code with TamperCheckAttribute
.
Both of these methods allow you to specify various properties that determine how the Check operates; for a full listing, see the TamperCheckAttribute
section of the Check Attributes page.
Unsupported Application Types
Dotfuscator can inject Tamper Checks into all .NET assemblies except for the following:
- Assemblies that target .NET 1.0
- Managed C++ assemblies containing native and managed code
- Multi-module assemblies
- .NET Compact Framework assemblies
- Xamarin assemblies
- UWP assemblies
- .NET Core assemblies
- .NET 5+ assemblies
Testing
To test how the Tamper Checks injected into your application react to assembly tampering, Dotfuscator includes TamperTester.exe
, a command line utility to simulate tampering by modifying the assembly's metadata.
To test how your protected application reacts to tampering:
Open the Dotfuscator Command Prompt.
If not already there, change to the directory of the protected assembly. For instance:
cd C:\YourApp\Dotfuscated
Type
TamperTester.exe AssemblyName.exe
, whereAssemblyName.exe
is the name of the assembly for which you want to create a tampered version.- You may also specify, as a second argument to the utility, the directory where the tampered assembly will be placed.
If not specified, the tampered assembly is placed in a subdirectory of the assembly's directory named
tampered
.
- You may also specify, as a second argument to the utility, the directory where the tampered assembly will be placed.
If not specified, the tampered assembly is placed in a subdirectory of the assembly's directory named
The utility creates a tampered version of the assembly.
Copy other output assemblies to the directory of the tampered version. For instance:
xcopy /d *.* tampered
Run the tampered assembly and exercise the locations of your Tamper Checks to observe how the application reacts to being tampered.