What is software tamper-proofing?
What is software tamper-proofing? When software is tamper- proof, it is protected against reverse engineering
and modifications.
Tamper-proofing versus obfuscation:
Obfuscated software “cannot” be understood by humans. Nevertheless, the
way a reverse engineer breaks obfuscated software is not too difficult: The
attacker changes one little bit and observes the consequences of that change.
Keep doing this until the software is understood.
Obfuscation is typically used as one component of software tamper-proofing.
Tamper-proofing versus encryption.
Encryption is very useful, but there are two problems left:
1) Encrypted software needs to be decrypted first before a processor can execute
it.
2) Somewhere there must be a key and software to do the decryption. These need
to be hidden against reverse engineering as well.
Encryption is typically used as another component of software tamper-proofing.
Encryption benefits a lot from tamper-proofing. tamper-proofing makes liberal
use of encryption.
Tamper-proofing versus virus-checking.
1) Virus checking protects the computer as whole at its perimeter and scans
the file system. Tamper-proofing protects a particular application inside the
computer.
2) Traditional virus checking is based on a large data base of patterns to recognize
malicious software. tamper-proofing does not recognize unwanted software, but
it detects changes in the protected software or its behavior.
Virus checking catches the majority of old fashioned attacks. tamper-proofing
is an active defense against modern attacks. Nevertheless, tamper-proofing and
virus checking should support each other. (This is less easy then it sounds.)
Tamper-proofing versus license checking.
License checking is a function within a program which verifies conditions for
using the program.
License checking software usually uses tamper-proofing internally to protect
itself from being disabled.
Tamper-proofing versus copy-protection.
These are quite different: Tamper-proofed software in theory can easily be copied.
However the copy is as tamper-proof as the original. If the original would work
on one computer only, so would the copy.
Copy protection is mostly done with some hardware support. Tamper protection
is a good addition to harden the copy protection.
Tamper-proofing versus trusted hardware modules.
Both try to provide similar services. However in reality they don't compete
but rather have synergistic effects.
Trusted hardware relies on very complex support software and obviously requires
hardware support. Both cannot always be assumed to be present or correct. Trusted
hardware can give a huge benefit to tamper-proofing, and vice versa, tamper-proofing
can augment trusted hardware.
Tamper-proofing can (most the time) be applied without any hardware support.
Tamper-proofing does not make absolute guarantees, but it can be made as tough
as you require.
Tamper proofing versus a firewall.
The firewall is a perimeter feature. It prevents some bad software from entering,
but typically does not protect against new or sophisticated attacks. Once the
bad software is inside the computer, a firewall can only detect anomalies in
the communication. Tamper-proofing on the other hand stays active, no matter
where an attack originated.
A firewall is a good solution for generic protection; Tamper-proofing protects
exactly that software which needs protection.
Is tamper-proofing fool-safe?
No. Mathematics can show where tamper-proofing has its limits. However, for
a good tamper-proofing, these limits are far beyond any attackers capabilities
or patience.
Tamper-proofing is not a single measure. It consists of lots
of different transformations which individually protect each other as well as the
software to be protected.
A weak protection may suffer from the so called zipper-effect: One measure after
the other can be cracked in the right order.
A strong protection not only has no visible zipper effect, but the protection
as a whole is stronger then the sum of the individual measures.
Does tamper-proofing have performance impacts?
Yes, absolutely. There is NO software protection which doesn't. The impact can
become considerable. Good tamper-proofing tools allows the programmer to carefully
direct the tamper-proofed regions, so that the total performance impact can
be held in control. A software provider can decide between choosing extreme
tamper-protection or providing the highest performance.
Does tamper-proofing make the software larger?
Yes, it does. That is, however, usually an advantage and not a disadvantage;
it makes the attacker's job harder.
This is a small, not representative number of external links, but it might give an idea.
To find them, please use Google yourself. Be aware that only few companies can provide strong protections for real native code.
| White Hawk Software | What is Software Tamper-proofing? | What to expect from our Tool? | Partnerships | About White Hawk Software | Use of this Website. |