When software is tamper- proof, it is protected against reverse engineering
Tamper-proofing versus obfuscation:
Obfuscated software “cannot” be understood by humans. Nevertheless, the way a reverse engineer breaks obfuscated software is not too difficult: The attacker changes one little bit and observes the consequences of that change. Keep doing this until the software is understood.
Obfuscation is typically used as one component of software tamper-proofing.
Tamper-proofing versus encryption.
Encryption is very useful, but there are two problems left:
1) Encrypted software needs to be decrypted first before a processor can execute it.
2) Somewhere there must be a key and software to do the decryption. These need to be hidden against reverse engineering as well.
Encryption is typically used as another component of software tamper-proofing. Encryption benefits a lot from tamper-proofing. tamper-proofing makes liberal use of encryption.
Tamper-proofing versus virus-checking.
1) Virus checking protects the computer as whole at its perimeter and scans the file system. Tamper-proofing protects a particular application inside the computer.
2) Traditional virus checking is based on a large data base of patterns to recognize malicious software. tamper-proofing does not recognize unwanted software, but it detects changes in the protected software or its behavior.
Virus checking catches the majority of old fashioned attacks. tamper-proofing is an active defense against modern attacks. Nevertheless, tamper-proofing and virus checking should support each other. (This is less easy then it sounds.)
Tamper-proofing versus license checking.
License checking is a function within a program which verifies conditions for using the program.
License checking software usually uses tamper-proofing internally to protect itself from being disabled.
Tamper-proofing versus copy-protection.
These are quite different: Tamper-proofed software in theory can easily be copied. However the copy is as tamper-proof as the original. If the original would work on one computer only, so would the copy.
Copy protection is mostly done with some hardware support. Tamper protection is a good addition to harden the copy protection.
Tamper-proofing versus trusted hardware modules.
Both try to provide similar services. However in reality they don't compete but rather have synergistic effects.
Trusted hardware relies on very complex support software and obviously requires hardware support. Both cannot always be assumed to be present or correct. Trusted hardware can give a huge benefit to tamper-proofing, and vice versa, tamper-proofing can augment trusted hardware.
Tamper-proofing can (most the time) be applied without any hardware support. Tamper-proofing does not make absolute guarantees, but it can be made as tough as you require.
Tamper proofing versus a firewall.
The firewall is a perimeter feature. It prevents some bad software from entering, but typically does not protect against new or sophisticated attacks. Once the bad software is inside the computer, a firewall can only detect anomalies in the communication. Tamper-proofing on the other hand stays active, no matter where an attack originated.
A firewall is a good solution for generic protection; Tamper-proofing protects exactly that software which needs protection.
Is tamper-proofing fool-safe?
No. Mathematics can show where tamper-proofing has its limits. However, for a good tamper-proofing, these limits are far beyond any attackers capabilities or patience.
Tamper-proofing is not a single measure. Tamper-proofing consists of lots
of different mechanisms which individually protect each other as well as the
software to be protected.
A bad protection may suffer from the so called zipper-effect: One measure after the other can be cracked in the right order.
A good protection not only has no visible zipper effect, but the protection as a whole is stronger then the sum of the individual measures.
Does tamper-proofing have performance impacts?
Yes, absolutely. There is NO software protection which doesn't. The impact can become considerable. Good tamper-proofing tools allows the programmer to carefully direct the tamper-proofed regions, so that the total performance impact can be held in control. A software provider must decide between choosing extreme tamper-protection or providing the highest performance.
Does tamper-proofing make the software larger?
Yes, it does. That is, however, usually an advantage and not a disadvantage; it makes the attacker's job harder.
This is a small, not representative number of external links, but it might give an idea.
To find them, please use Google yourself.
|White Hawk Software||What is Software Tamper-proofing?||What to expect from our Tool?||Partnerships||About White Hawk Software||Use of this Website.|