1

I have bought a few expensive apps in my mac with registration/serials. Problem is that as soon as I connect my SSD to another mac it wants the registration number again. No problem so far as the registration server is still running and company in business. But one day in future this will not be the case.

So can I log now the interaction between software (client) as pcap (wireshark) and registration and somehow fake it later once the server is down?

schroeder
  • 125,553
  • 55
  • 289
  • 326
user7336305
  • 11
  • 1
  • 2
    I'm not sure this is a unique question. You are simply asking how to capture TLS using Wireshark. There are tons of questions like that here (and hundreds more tutorials on YouTube, I'm sure) – schroeder Dec 24 '16 at 21:46
  • 1
    What's going to be possible to 'fake' will be up to each service. No way for us to tell. There could be rotating keys, IP restrictions, or any number of other measure in place to prevent what you are doing. Or none at all. – schroeder Dec 24 '16 at 21:48
  • 1
    Well simpy I just want a MITM device to give back the same TLS packages/contents like I "recorded" earlier. IP adress can be changed in a raspberry pi for example. Any experience with things like that? I only found how to change unencrypted http requests.. – user7336305 Dec 24 '16 at 21:54
  • 1
    You appear to be asking 3 questions and confusing them. Can you record the interaction now? Yes, use Wireshark and a proxy. Can you replay those packets later? Sure, there is `tcpreplay`. Can you reverse engineer that interaction so that it works? No idea, and will be up to how each program works. You can test all that now by using the above and then simply killing your internet connection. But, it is likely that they use a rotating key and you would have to know the algorithm to be able to replicate it. – schroeder Dec 24 '16 at 21:59
  • 1
    Think 2FA for apps (the actual term is OTP). You would need to know the password and the algorithm to duplicate the code. – schroeder Dec 24 '16 at 22:00
  • Replaying a SSL/TLS session won't work, see http://security.stackexchange.com/questions/20105/are-ssl-encrypted-requests-vulnerable-to-replay-attacks . If you can MitM the TLS (_only_ if the app doesn't pin the server key or cert) the app-level protocol might or might not be subject to replay or other forgery. – dave_thompson_085 Dec 25 '16 at 09:29
  • Thank you both for the replies. @dave_thompson_085 This link realy helped. I was lucky and found a way to register the app offline with a offline registration process from the company itself. Good that they did not take that down so far :) For the future: never buy software if you cannot register it offline/without a registration server. – user7336305 Dec 25 '16 at 10:40

0 Answers0