Once again I'm at odds with TH reporting. Of course you can spoof a server. That happens all the time, especially with videogames. You may not immediately be able to figure out what the call/response is, but without knowing what the check is, it could just be a simple endpoint that returns "true" on every request. Very speculative to say that whatever they do will be impossible to mimic.

> You may not immediately be able to figure out what the call/response is, but without knowing what the check is, it could just be a simple endpoint that returns "true" on every request. Very speculative to say that whatever they do will be impossible to mimic.

It’s trivially easy to use a signed response that is encoding some part of the metadata of your system in the signature to make it impossible to emulate the server. Don’t think the Denuvo devs would be stupid enough to provide a “return true” request for a server call.

Can the underlying function that checks if the server call is correct be bypassed? Sure, but that’s much harder.

Cryptography goes BRRRRR, with a proper implementation of cryptography you'd need to do things like patch out the keys in memory in order to "spoof" messages.