Home
Documentation
Shop

Tampering Detection

Tampering detection is a critical aspect of ensuring the integrity and security of software applications. In the context of the .NET, Babel Obfuscator is one powerful tool for detecting tampering. By leveraging Babel's tampering detection feature, developers can add an extra layer of protection to their applications and execute custom logic in response to tampering attempts.

When an assembly is signed, the .NET Framework can already detect if an application has been tampered with. However, Babel Obfuscator takes this a step further by providing an additional safeguard. By activating the tampering detection feature in Babel, the obfuscated assembly becomes capable of verifying whether it has been tampered with or not. In the event of tampering, the application can be terminated, or custom methods within the assembly can be invoked to handle the tampering in a more controlled manner.

Tampering detection is not available on Xamarin for iOS and Android applications due to security measures and sandboxing mechanisms; accessing and monitoring the internal memory for tampering detection is not feasible within those environments.

Configuring Tampering Detection

Enabling tampering detection in Babel is straightforward. It can be achieved either through the command line by adding the appropriate switch or through the Babel task by including the TamperingDetection attribute in the project file.

Command Line

babel myapp.exe --tamperingdetection

MSBuild Babel Task

<PropertyGroup>
  <TamperingDetection>true</TamperingDetection>
</PropertyGroup>

<Babel TamperingDetection="$(TamperingDetection)" />

Once tampering detection is activated, the obfuscated assembly will automatically check for tampering during runtime. If the assembly has been tampered with, the application will be terminated.

Custom Action on Tampering Detection

To customize the response to tampering attempts, developers can define a specific method within their assembly. By applying the "on tampering detected method" feature using the [Obfuscation] attribute, a custom method can be designated to handle the tampering event. This allows developers to implement their own logic and take appropriate actions when tampering is detected. For example, they can set a hidden flag, generate incorrect results, or trigger specific countermeasures to mitigate the impact of the tampering.

class CustomTampering
{
    public static bool HasBeenTampered { get; internal set; }
    
    [Obfuscation(Feature = "on tampering detected method")]
    static void OnTamperingDetected()
    {
        HasBeenTampered = true;
    }
}

The code provides a basic implementation for handling tampering detection.

If HasBeenTampered is set to true, it implies that tampering has been detected. The suggested usage is to perform certain actions or execute specific code when tampering is detected:

if (CustomTampering.HasBeenTampered)
{
    // Tampering detected: Implement appropriate security measures or handle the 
    // situation accordingly.
    // Examples include logging the incident, notifying system administrators, 
    // disabling critical functionality or terminating the application.
}

In summary, by leveraging the tampering detection feature of Babel Obfuscator, developers can significantly enhance the security of their .NET applications. With the ability to detect and respond to tampering attempts, developers can safeguard their software from unauthorized modifications, maintain data integrity, and protect sensitive information.

Last updated