ConfuserEx icon indicating copy to clipboard operation
ConfuserEx copied to clipboard
verified publisher icon mkaring

JIT AntiTamper not working as expected

Open ElektroKill opened this issue 6 years ago • 3 comments

When I protect a file with JIT antitamper the method bodies are still visible. The only visible differences are: a) The injected runtime b) the method inlining attribute image

ElektroKill avatar Oct 23 '19 16:10 ElektroKill

The JIT antitamper protection isn't working properly. If it actually applies properly, there is a good chance that the runtime does not work. Don't use it.

mkaring avatar Oct 23 '19 22:10 mkaring

In the original version I was able to get it to work on framework version 2.0. I believe JIT antitamper utilizes a trick that was broken by newer versions from what I tested.

ElektroKill avatar Oct 27 '19 13:10 ElektroKill

It's much worse ;) The main issue is this function. All the offsets here are set up our for a specific version of the JIT implementation. This function more or less relies on these interfaces not changing. For this exact case there is the getVersionIdentifier function. The structure is only guaranteed to be the same in case this version identifier matches. And that value was changed a lot since the time this JIT protection was written.

It may work with newer versions for some time, but adding and maintaining the support for the frequently changing JIT implementations, is something I just can't provide. The main issue here is that not the framework ConfuserEx is relevant when applying this protection, but the framework that is executing the protected application.

mkaring avatar Oct 27 '19 15:10 mkaring