Dotfuscator User's Guide
Tamper Check

With the Tamper Check, Dotfuscator injects code that verifies your application’s integrity at runtime.

To indicate where in your application's code you would like to place a Tamper Check, annotate the method with the InsertTamperCheck attribute, either by using a Dotfuscator GUI, or by placing the attribute in your code:

InsertTamperCheckAttribute
Copy Code
[PreEmptive.Attributes.InsertTamperCheck()]
public void DoStuff() { ... }

InsertTamperCheck attributes are not required at runtime; therefore, Dotfuscator strips them from the output application by default.

At runtime, if the injected Check detects tampering, it can notify the application, send telemetry reporting the tamper, and take defensive action, such as by shutting down the application.

Application Notification

After the Check occurs, the result can be given to application code via a Application Notification Sink. For an overview of Sinks, see the Application Notification section.

The InsertTamperCheck attribute defines three properties for specifying an Application Notification Sink:

These properties are described in more detail in the InsertTamperCheckAttribute section of the custom attribute reference.

The Application Notification Sink settings are optional. If they are omitted, the application is not notified when the tamper check is executed.

Note that configuring the ApplicationNotificationSinkElement to DefaultAction is now deprecated, and the Exit Action should be used instead (see below). However, if the ApplicationNotificationSinkElement is nevertheless set to DefaultAction, Dotfuscator will inject code that exits the application if tampering is detected. This value cannot be used in conjuction with an Action and will result in a build error if both are configured.

Telemetry

Tamper Checks support sending telemetry to a PreEmptive Analytics endpoint. Specifically, if the Check detects tampering, it can emit a "Tamper Detected" message, enabling tracking of tampered copies of the software.

Note that Tamper Check telemetry may be enabled or disabled for an entire Dotfuscator project using the "Send Tamper Messages"  Global Setting.

This Global Setting is disabled by default, and must be enabled for telemetry to function.

Additionally, in order for the Tamper Check to know where to send the message, the PreEmptive Analytics API must be configured:

  1. The assembly must have a BusinessAttribute and an ApplicationAttribute to state the CompanyKey and Application Guid for transmission.
  2. Some method in your application must have a SetupAttribute. Tamper Check messages will transmit to the endpoint specified here. If you want to use a SetupAttribute that has the EndpointSourceElement property set to something other than None, DefaultAction, or ApplicationSetting, you must ensure that the method with the SetupAttribute will be called prior to any calls to the method with the InsertTamperCheck attribute configured.

Even if the user opts-out of PreEmptive Analytics, Tamper Check messages will still be transmitted.

Telemetry supports extended keys (i.e. user-defined custom data). The InsertTamperCheck attribute defines four properties for specifying extended keys:

An application can contain any number of InsertTamperCheck attributes. In the event that an application has been tampered with and multiple Checks trigger, multiple "Tamper Detected" messages from the same application session will be sent with the same group ID.

Actions

Finally, the Check itself may take action to respond to a tampering, such as by exiting the application. For an overview of Actions, see the Actions section.

The InsertTamperCheck attribute defines two properties for specifying an Action:

These properties are described in more detail in the InsertTamperCheckAttribute section of the custom attribute reference.

The Action settings are optional. If they are omitted (and ApplicationNotificationSinkElement is not DefaultAction), the application continues on after the Check, even if tampering was detected.

Supported .NET Application Types

Dotfuscator can inject Tamper Detection code for all .NET assemblies except for the following:

See Also

Attribute Reference

 

 


© 2016 PreEmptive Solutions, LLC. All Rights Reserved.

www.preemptive.com