PreEmptive Protection - Dotfuscator 4.31
User Guide

Tamper Check

A Tamper Check is a type of Check that detects if the application has changed since it was processed by Dotfuscator.

For example, if an attacker modifies the application binaries to circumvent restrictions or remove licensing information, a Tamper Check can detect the modification and react by sending incident telemetry, notifying the application, and hindering the attacker. In other words, a Tamper Check detects and reacts to unauthorized tampering of your application.

Configuring Tamper Checks

To have Dotfuscator inject Tamper Checks into your application, first enable code injection. Then, configure the Checks via the user interface, or by annotating your source code with TamperCheckAttribute. Both of these methods allow you to specify various properties that determine how the Check operates; for a full listing, see the TamperCheckAttribute section of the Check Attributes page.

Supported Application Types

Dotfuscator can inject Tamper Checks into all .NET assemblies except for the following:

  • Assemblies that target .NET 1.0
  • Managed C++ assemblies containing native and managed code
  • Multi-module assemblies
  • .NET Compact Framework assemblies
  • Silverlight assemblies
  • Windows Phone assemblies
  • WinRT assemblies
  • Xamarin assemblies
  • Unity assemblies

Testing

To test how the Tamper Checks injected into your application react to assembly tampering, Dotfuscator includes TamperTester.exe, a command line utility to simulate tampering by modifying the assembly's metadata.

To test how your protected application reacts to tampering:

  1. Open the Dotfuscator Command Prompt.

  2. If not already there, change to the directory of the protected assembly. For instance:

    cd C:\YourApp\Dotfuscated

  3. Type TamperTester.exe AssemblyName.exe, where AssemblyName.exe is the name of the assembly for which you want to create a tampered version.

    • You may also specify, as a second argument to the utility, the directory where the tampered assembly will be placed. If not specified, the tampered assembly is placed in a subdirectory of the assembly's directory named tampered.
  4. The utility creates a tampered version of the assembly.

  5. Copy other output assemblies to the directory of the tampered version. For instance:

    xcopy *.* tampered /d

  6. Run the tampered assembly and exercise the locations of your Tamper Checks to observe how the application reacts to being tampered.

Dotfuscator Version 4.31.0.6091. Copyright © 2017 PreEmptive Solutions, LLC