[themoonisachees]

Intercepting a TLS call is dead easy if you are one of the endpoints, namely the client. You can just add your proxy's certificate to the machines valid certs and bobs your uncle. Cert pinning is a thing but it can also be defeated, especially if all the app is doing it to pin cert is asking the OS TLS facilities nicely to pin a cert, because OS TLS facilities are also user-controlled.

[Hellion]

Any shop worth their salt is going to embed the cert chain in their app. In fact, you get that for free with pretty much every drm lib, such as the ones major providers like steam, gumroad, etc suggest

Cert pinning can defeated, but like I said, easier said than done. Not super advanced, but still requires specialized knowledge and a willingness to put the effort in.