Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to the Power Users community on Codidact!

Power Users is a Q&A site for questions about the usage of computer software and hardware. We are still a small site and would like to grow, so please consider joining our community. We are looking forward to your questions and answers; they are the building blocks of a repository of knowledge we are building together.

Application check for updates will never succeed and blocks launch; can I intercept or bypass it?

+6
−0

I have a software application (Trope Trainer, from Kinnor Software) that I installed on my Mac (OS 10.12) several years ago. I don't use it often but it's always worked fine for me. The application uses only local storage as far as I know; cloud dependencies weren't common back when this software was written.

Last night I opened it and was greeted with a "checking for updates" message. I guess it's done that before; I don't remember, so it was probably very quick. This time, though, the check just spins. I suspect, but do not know, that the software is making some sort of call to a service run by the publisher. Unfortunately, the publisher has gone out of business and their former domain name is now for sale.

I can't just skip the update check; canceling it crashes the program with an out-of-bounds exception. (Clearly they did not anticipate being unable to check for updates.) I'd like to be able to use the program, and the first thing I would check would be whether auto-update is a user setting I can turn off.

It occurred to me that if I knew what URL the software was trying to hit, I could edit my hosts file to override it and intercept the call. I'd then need to guess what it's expecting me to send back. (I'm not quite sure how to create and send that response if I do identify it, but that's part two of the problem.)

I installed WireShark to see if I could find the outbound call that I assume it's making, but I am a complete newbie, their documentation is written for people who know more than I do, and I'm not sure how to find what I'm looking for. I set it to monitor Ethernet traffic and then started the application and let it run for a while, but I'm not sure what I'm looking for. I tried saving a "capture file", thinking this would give me a text file to search, but I don't recognize any of the file formats they offer. I searched (in WS) for the name of the publisher without success, and I don't know what their IP addresses were when they had a domain.

Am I on the right track in trying to use WireShark to find the call? If so, what should I be looking for? If not, what should I be trying instead?

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

1 comment thread

Just to see if maybe others workarounds are viable: does the app work if you are not connected to the... (2 comments)

3 answers

You are accessing this answer with a direct link, so it's being shown above all other answers regardless of its score. You can return to the normal view.

+4
−0

samcarter gave me a clue in a comment by asking if the same thing happens if I'm not connected to the Internet. The software does detect that and proceed, fortunately, with the following message:

Connection not available; click Help|Check for updates to adjust auto-updates

Clicking "ok" here allowed the program to launch. I then followed those instructions and found these checkboxes, which I'd never noticed before because they're not on a "preferences" menu:

Check for updates, don't ask first (2 checkboxes)

Unfortunately, the part of their message about how I can change those settings turned out to be wrong. I unchecked the boxes, but they were checked the next time I opened that menu. I tried this while disconnected and after reconnecting (with the program still running). Still checked, no matter what I do.

The good news is that, according to their UI, they do this check once a week, not every time. I restarted the program while connected to the Internet and it launched. Presumably in a week it will fail again.

This is a workaround, but I'm still interested in a more permanent fix. So I'm not ready to retire WireShark.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

1 comment thread

To avoid getting stuck next week, you could try to permanently disconnect the app, e.g. via https://o... (2 comments)
+6
−0

You certainly can use Wireshark to look for DNS traffic.

First off, because of caching, I strongly recommend that you reboot the computer, and as quickly as possible start Wireshark, start monitoring network traffic, set up a Wireguard filter, and then start the application in question, while doing as little else as possible. Also keep in mind that Wireshark will be looking at all network traffic, including loopback traffic, so you will likely get quite a lot of data quite quickly. (Hence my suggestion to do as little as possible other than the one task you want to monitor the network traffic for.)

You should be able to use Wireshark's filter toolbar to set up a filter. Filter rules support typical boolean operators combined with network-centric expressions, and DNS uses either TCP or UDP (you may find places that claim that DNS is UDP, but while DNS typically uses UDP, it can use TCP, and does so for large queries) but always port 53 on the server side. (DNS over TLS/DTLS normally uses port 853, and DNS over HTTPS normally uses port 443, but for a first approximation it's probably safe to assume old-style, plaintext DNS.) The general syntax for filtering on a protocol and port combination is [tcp|udp] [src|dst] port <port>, so simply specifying port 53 as the filter should get you all DNS traffic (queries and responses).

Although I don't immediately see this mentioned in the Wireshark manual, apparently it also natively supports a dns filter that does pretty much that. In that case, simply specifying dns as the filter should be sufficient.

Be sure to click the apply 🠲 button to actually apply the filter.

Either way, it looks like Wireshark has built-in support for decoding DNS queries and responses and displaying those in a somewhat user-friendly fashion, including showing the queried-for host name in the "Info" column. You will want to look for A (IPv4 address), AAAA (IPv6 address) or ANY (less likely, but possible) queries.

You can also set up a filter like (tcp port 80) or (tcp port 443) to look for HTTP and HTTPS traffic on the respective standard ports, and look at the hostnames or at least IP addresses referenced there. (QUIC uses UDP, but I wouldn't expect a years-old application to use that for its update checking mechanism.)

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

0 comment threads

+4
−0

This isn't a direct answer to your question, but a suggestion. Try specifically disallowing internet access to this program in your firewall. That may cause the program to realize it can't get to the internet at all and to stop trying.

It is unlikely that the writers of the software always required an internet connection for the software to work. They apparently didn't deal very well with the case of internet access but no access to their servers. Perhaps by denying internet access completely, the software will let you continue. You may then be able to disable the call-home "feature". If not, you'll have to put up with some broken internet access message each time you start it.


I just noticed your answer where you unplugged the network cable. Badly written software like that is annoying, especially if you can't disable it calling home.

Using the firewall to effectively make your internet look unplugged to only that program might be a useable way to proceed. You may still have to dismiss the popup every time you start the program.

You could also look around for where this program keeps static settings, like whether to check for updates or not. In Windows, that would be in the registry. MacOS probably has something equivalent that others here would know more about. Sometimes poking around in the registry to see what settings a particular program has can be quite useful.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

1 comment thread

disconnecting (4 comments)

Sign up to answer this question »