Hi All,
I have an upcoming project (legit) that requires me to stop our software calling home yet tricking the program into thinking it is still legit(which it is). What sort of techniques are the best to use for this type of project. The software is written specifically for one version of the software.
Any language welcome :)
Thanks in advance
To trick the program, you will have to either replace the server, or disable the calling home function.
Monitor the communication between the program and the call home server with a traffic monitor like wireshark. If the protocol is simple enough and does not employ any kind of secure authentication (i.e. a server certificate), you can replace the server with something that acts alike. Deploy a fake server, and redirect name server lookups from the original server to that server.
To disable the calling home function, you will have to reverse engineer the program. Depending on the language the program is written in, and the level of obfuscation, you may be able to decompile it to more or less high-level constructs. In principle, you want to disable the whole home-calling part, and trick the return value of that function to return 'Yes, I have successfully called home'.
Usually, the security engineer of that software will have taken precautions to make that as messy as possible.