How does Tamper Detection work? |
|
|
|
||
|
How does Tamper Detection work? |
|
|
|
|
How does Tamper Detection work?
|
How does Tamper Detection work? |
|
|
|
||
|
How does Tamper Detection work? |
|
|
|
|
Every license file has a Run Number that starts with 0 and is increased every time the license file is altered and stored. An older version of the same file would have a lower Run Number than a newer version.
How does Licence Protector know that once there was a higher Run Number of that file?
Well, it simply stores the latest Run Number locally in the Windows Registry. Let’s assume the Run Number inside the license file is 15 and the locally stored Run Number is 7. That is ok, because an other computer has worked with the license file and so it increased the Run Number to 15. But if the Run Number inside the file is 3 and therefore it is smaller than the locally stored Run Number 7 this is a signal that this license file is tampered.
On a stand-alone application the Run Number in the license file should always be equal to the locally stored Run Number.
The locally stored Run Number in the Registry is encoded and could not be manually modified. It also can not be moved to another machine. But it can be deleted. Then there is the same situation as before the first usage of the application: There is no locally stored Run Number. In that case Licence Protector can work with two different settings:
If the Tamper Detection Mode is set to Automatic, Licence Protector checks if the locally stored Run Number was already created on that machine. If not, there is no problem and the registry is updated. If yes we can assume that the entry was deleted and so it returns a security violation - the application stops. This check also works if the application is reinstalled, the registry is deleted and the license file is the original file from the evaluation version.
If the Tamper Detection Mode is set to Manual, Licence Protector always returns an error if no locally stored Run Number can be found. The Application now is responsible to solve that conflict. Typically it makes a WebRegisterExt call to the Web Activation Server to check if that license is already registered. If yes then it returns a security violation error, if not then it can create the entry.
Use Manual mode only if your application always has an Internet connection available.
Network Environment
If a network license is used, then the scenario is very complex because the Run Number is tracked on each machine and in case the license file is restored all machines are blocked.
To ensure that registry settings cannot be copied between computers, the system also combines the hostname with the Run Number. Changing the hostname on a PC will therefore result in a Tamper Detection violation.