What isn't mentioned in the article is why UD2 is chosen. It is a relic from the SecuROM days, in fact, one of the developers on SecuROM is the one who also works or worked at Denuvo.
I would imagine many things from the SecuROM era live on in Denuvo.
But if you read the article you will realize that certain games will not work in the future due to Denuvo.
"This destroyed any exception-based hooking since majority of the time an exception is triggered, Windows will write an EXCEPTION_RECORD high up in unused stack space. You can probably see where this is going. Now, whenever the CPUID is hooked via an exception, that important value will become overwritten with an EXCEPTION_RECORD, causing undefined behaviour later on. I believe this can be bypassed if you attach a debugger to the process and set certain flags when it comes to exception handling, but the method of patching every hardware check is still cumbersome due to randomness anyway."
As Windows matures, behaviour can change, breaking certain stuff.
23 hours ago [-]
musjleman 1 days ago [-]
> As Windows matures, behaviour can change, breaking certain stuff.
How do you expect the aforementioned tech to break the games it's on? If anything it "breaking" will just make the anti-tamper feature ineffective.
farmdve 22 hours ago [-]
The anti-tamper codes, if any tampering is detected will crash on undefined/unallocated regions. Meaning that if Windows ever were to overwrite that region for whatever reason, will trigger the crash.
Such was the case for SecuROM in early days. It featured the CRC checks mentioned, if any single byte was changed, including an INT (breakpoint) instruction, it would crash. Here it's unlikely that it wont crash. Rendering the game inoperable.
musjleman 18 hours ago [-]
> The anti-tamper codes, if any tampering is detected will crash on undefined/unallocated regions.
That's basically the whole point of any anti-tamper product. I just think you picked a terrible example of a feature that could break due to OS changes specifically.
> Meaning that if Windows ever were to overwrite that region for whatever reason, will trigger the crash.
We're talking about random stack memory inside of a virtual machine that likely doesn't call any external code whatsoever. There should be no real way for Microsoft to accidentally corrupt this memory.
degosuke 9 hours ago [-]
Wasn't there a story on HN about a GTA San Andreas bug that was caused by this? (or something very similar)
CodesInChaos 5 hours ago [-]
In that case the "unused" stack was overwritten by a function called on that thread. But I'd assume that Denuvo is careful to not call any third party code while it expects the "unused" stack data to remain unmodified, so this shouldn't happen here.
So this code can only break if the data is overwritten from code outside the control of that thread. On Unix, certain signals could cause that. Or the OS could decide to zero out the unused thread while the thread isn't running. Zeroing the thread could the helpful to wipe secrets spilled there (forward secrecy related), or if whole pages can be zeroed (via something like MADV_ZERO), it could reduce the memory consumption by allowing threads to shrink.
While I would like that thread zeroing feature, I think it's unlikely that MS will implement something like it. So the code should be unlikely to break in practice.
musjleman 5 hours ago [-]
Yes and no.
The GTA SA bug was reading of an uninitialized variable. The value it contained was correct simply by chance as it was placed there by the previous invocation of the function and never overwritten by something else intermittently. Any changes to functions that happened to be called in between these 2 could have changed the value of the stack memory.
The aforementioned check on the other hand is placing random value below the stack pointer. This means that by design it cannot call any external/os/game functions and is basically isolated/"pure" from any interactions with third party code.
ainiriand 23 hours ago [-]
I imagine that if some Denuvo servers enter legacy status at some point they'll be removed entirely.
sbarre 22 hours ago [-]
Yeah it's not uncommon to see Denuvo patched out of a game title once the initial sales window has passed..
I wonder if that's because they want to avoid these kinds of future incompatiblities with the underlying OS as it evolves.
transcriptase 22 hours ago [-]
IIRC Denuvo costs a fortune to keep in a game, since it’s a subscription model. Once sales sufficiently taper off there’s not much sense in paying for it anymore.
everyone 19 hours ago [-]
Some games have had it for an extremely long time. and some publishers never remove it (Eg. Sega). In some cases I guess they got a lifetime deal with an older version of Denuvo, but other cases are sus. I wonder is it for money laundering purposes.
I think the dev pays for the service window and after the Denuvo contact is up they update the game without it.
SchemaLoad 11 hours ago [-]
Not a horrible system. Protects the initial sales spike from piracy, but doesn't obstruct long term archival or playability after the servers go down.
yukIttEft 23 hours ago [-]
Had also a look at Denuvo a while ago. Used LLVM to remove the x86 obfuscation and broke it down to VM-Opcodes. Atleast back then, Denuvo seemd to translate gamecode into a stackmachine.
(vmreg_e268 is stackpointer, its decremented and stored in tempreg, then the value of vmreg_e560 is copied to stackpointeraddr, then new stackpointervalue is written back)
But i quickly lost interest when it became MBA galore:
(looks like its doing some operation with a constant to vmreg_ebe8, but obfuscated by MBAs and most likely the result won't ever being used, so its just noise to drown out the real operations)
BTW: anyone aware of LLVM optimizer passimplementations that can deal with MBAs ?
It is a C++ implementation of SiMBA [1] - a tool to handle linear MBAs, made available by Denuvo itself. Denuvo have another tool - Gamba for handling some variety of non-linear MBAs. And then further improvisation by another researcher - MSiMBA [3].
SiMBA++ since written in C++, it is fast and it integrates well into the LLVM passes to automatically identify the MBAs and replace them in the LLVM IR with simplified expressions. So no additional work required.
Shameless plug - me and my colleague (author of SiMBA++) recently gave a talk about using LLVM for deobfuscation of WASM, where we talk about MBAs, SiMBA++ etc. The idea is not limited to WASM, it is language agnostic once you have a binary lifted to LLVM IR. https://www.youtube.com/watch?v=gKRdOcuXbYI
why would Denuvo release tools that work against their core business?
no_time 5 hours ago [-]
They have many more tricks in the bag and a competitor would need to put in even more R&D to stay ahead of crackers.
yukIttEft 21 hours ago [-]
oh
jcranmer 23 hours ago [-]
> BTW: anyone aware of LLVM optimizer passimplementations that can deal with MBAs ?
Your best bet is InstCombine, but likely most of the MBA patterns aren't going to be InstCombine patterns because who writes that kind of code?
In principle, you might see if you can tickle Alive2 (which can map LLVM IR to SMT logic) to see if you can get a peephole optimizer that's querying an SMT solver. But I'm not aware of anyone who's built a pass like that yet, and it's definitely not a regular pass in the compiler.
It is clearly effective. Go to a PC game piracy site and most games will be available, but anything covered by Denuvo is unavailable even years later. Either nobody is willing to crack it (unlikely) or Denuvo have done an exceptional job.
bri3d 1 days ago [-]
The most important thing about Denuvo is that it's on a subscription license to the game publishers, so it's almost always removed after some length of time. This is critical in understanding why it isn't cracked as often, because they've shifted the economics to "spend 3 months tediously removing obfuscation methods or wait 1 year and the game is unprotected anyway."
> anything covered by Denuvo is unavailable even years later
I don't think this is true in the general case.
> Either nobody is willing to crack it (unlikely)
That's exactly what's going on - it's a matter of time-benefit, not "possible." What's groundbreaking with Denuvo isn't that the overall technique is incomprehensible but rather that it's insanely tedious to remove and very difficult to automate. They haven't made some groundbreaking theoretical technique, they've applied so many "standard" ways to obfuscate a binary that it becomes more annoying than it's worth to remove.
bee_rider 1 days ago [-]
Is this, uh… actually a good outcome? If games make most of their money in the first couple months anyway (I’m not sure about this claim but it seems intuitively possible, at least for AAA), then getting anti-piracy for that timeframe seems like a high priority.
Then, the subscription can be allowed to lapse… and the game can be preserved, at least to the extent to which it can run without servers. If we have any belief in the “games as art” idea, this seems like a good result for preserving art.
cthor 18 hours ago [-]
It's a pretty good outcome, yeah. Kind of makes one wonder why copyright needs to be 70 years + life, when the overwhelming majority of sales are in the first year...
xyzzy123 17 hours ago [-]
You make a good point, but there's a lot of money in sequels and IP.
mjevans 12 hours ago [-]
Trademark, not Copyright.
thaumasiotes 5 hours ago [-]
No, the IP is protected by copyright, not by trademark.
colejohnson66 1 hours ago [-]
The stories are copyrighted, but the characters inside are also trademarked. You can go distribute Steamboat Willie without consequences, but Mickey is still Disney IP.
nemomarx 1 days ago [-]
It works out pretty well as long as publishers follow that step yeah. it would be nicest to open source the game after it's life span maybe
phoronixrly 23 hours ago [-]
It would be nicest not to use unethical software (Denuvo or any other DRM) and distribute the game source with the binaries since the initial release. I can't believe that this needs to be repeated and that our understanding of open source has been perverted to 'is it on Github, and do the devs/community work for free so we can take advantage from them?' and that it's ok for games to be proprietary software...
nkrisc 12 minutes ago [-]
Nobody needs video games. It’s ok if you can’t play video games.
delta_p_delta_x 20 hours ago [-]
As someone who regularly used to visit the ship and heavy rain websites for video games, I actually feel the modern usage of Denuvo—protect sales for the first bit, and then remove it for the long tail—is a decent middle ground between EA-style DRM that locks down a game and its servers for ever, versus having a game completely blown open the first day, and a new-ish studio losing a considerable amount of genuinely-deserved revenue the first few days after release because they had no DRM on.
12_throw_away 22 hours ago [-]
I mean, I'm pretty happy with the arrangement. People who buy day-1 bugfests for full price have to deal with awful DRM. But if you wait a year or two, then the most egregious bugs get fixed, it goes on sale, and the intrusive DRM is gone.
Of course, this means that casuals like me get a much better experience than their core, dedicated, day-1 customers ... but really, that sort of contempt for your core audience is a foundational principle of AAA these days.
KennyBlanken 20 hours ago [-]
> The most important thing about Denuvo is that it's on a subscription license to the game publishers, so it's almost always removed after some length of time.
No, the most important thing about Denuvo is that PC gamers are forced to upgrade their hardware because Denuvo is such a performance hog. All you have to do is wait until Denuvo is stripped and the game will run much faster.
Frankly, it wouldn't surprise me if there's a conspiracy between Denuvo and Intel/AMD/NVIDIA where Denuvo goes out of their way to hurt performance on a really popular title, thus forcing people to upgrade.
Idiot writers at gaming websites claim a new patch to a game that's been out for a while has "optimizations" and lauds the developers for slaving away to make an already-finished game faster. The reality is that they just stripped out Denuvo.
mnau 13 minutes ago [-]
I am more likely to believe someone who bypassed Denuvo.
> One can see that Denuvo does indeed intervene from time to time, but what one can clearly see: It doesn’t do that very often,
definitely not every frame.
> It’s only once every few seconds. Even less, sometimes it doesn’t do anything.
> To me personally, it tells that Denuvo executes checks so infrequently, that the likelyhood of it causing major performance issues seems rather low.
I agree that I've seen anecdotal evidence that Denovu slows down some games considerably. That said, a conspiracy between every major hardware manufacturer and Denovu is certainly a bridge too far. It's far more reasonable, especially after reading this article, that there's a significant cost to all this encryption and wrapping and redirection if it's not applied carefully and enters a hot path.
qualeed 1 days ago [-]
>anything covered by Denuvo is unavailable even years later.
That sounds like a marketing claim. There's a bunch of denuvo-protected games that have been cracked. As far as I am aware, although I am not completely up to date, there are more denuvo-protected games that have been cracked than not.
(I agree that Denuvo is generally effective for its goals, especially at game launch when it is most valuable. It's just not infallible, by any stretch.)
guizadillas 1 days ago [-]
Well you need to update, there no one right now actually cracking denuvo
Most "cracked" denuvo games are games cracked AFTER denuvo was removed by the publisher in an update (usually 6 months after release)
Just look at the Yakuza/Like a Dragon games
qualeed 23 hours ago [-]
>there no one right now actually cracking denuvo
The claim was that games protected by denuvo are uncracked years later.
What is happening right now is important and interesting, too, but not the claim the person I replied to made.
"anything covered by Denuvo is unavailable even years later" just isn't true. And that's what I was replying to.
xdfgh1112 19 hours ago [-]
One example is anno 1800. Games where the profit model is continually selling dlc (as opposed to making most of their money on day 1) will likely continue to pay for denuvo.
SSLy 24 hours ago [-]
by my best count there are ~80 uncracked and ~190 cracked denuvo games. Demo bypassess etc count as uncracked. Further ~130 games had Denuvo removed after release.
I think some of the recent 'cracks' were mostly errors by the developers, allowing the demo of a game to load the full data files or shipping an unprotected EXE on accident somewhere (sometimes they leave a debug EXE lying around).
mardifoufs 23 hours ago [-]
I thought EMPRESS (the only one that was able to consistently put out cracks and only for some games) retired. So there's literally no one who's cracking any recent games, which is all that matters for publishers.
qualeed 23 hours ago [-]
>no one who's cracking any recent games, which is all that matters for publishers.
Sure!
That wasn't the claim made by the person I replied to. They said "anything covered by Denuvo is unavailable even years later." which isn't true. That's what my comment is about.
sph 1 days ago [-]
There are cracked Denuvo games, and no anti-piracy scheme is unbreakable, ever.
If it can run on your PC when copy-protected, it means at some point the CPU executed the right instructions, so a crack is always possible to create. It's just a matter of how much effort and time is it to reverse-engineer it. You cannot copy-protect software indefinitely.
I remember feeling cool as fuck as a teenager because I cracked GTA 3 by dumping the live memory of the binary post decryption. Of course it's been 25 years, so the status quo has improved by a lot and god knows how many man-years and kWh are wasted on copy protection.
gpderetta 1 days ago [-]
Technically some CPUs support secure enclaves that should support end to end encryption which should be robust short of lifting the encryption keys from the die. In practice things like SGX have been full of holes.
hansvm 1 days ago [-]
Even assuming those are flawless, lifting keys is still O(n) in the key size, and the battle is just increasing the constant factor enough to make it unattractive. The problem is that lifting keys is attractive for reasons much more valuable than game cracking, so after a few years they should always be assumed compromised.
dist-epoch 1 days ago [-]
X-box is unbreakable.
phantompeace 1 days ago [-]
So was the PS3, until it wasn’t.
zeusk 1 days ago [-]
but afaik, we still don't have a break on xbox one released 2013 - 12 years later.
Perhaps it's just that xbox is irrelevant, when you have PC and Playstation?
To me, Xbox is that video-game you get when you ask for a Playstation and your parents don't understand video-games. Their versioning scheme even helps make sure the parents fail to purchase the latest generation.
ls612 3 hours ago [-]
The two main things that people jailbreak consoles for are dumping games to emulate on PC and running homebrew. Microsoft explicitly supports the latter use case with Dev mode and for all but a couple games (only Halo 5 nowadays?) explicitly supports the former use case by releasing their games on Steam and skipping the emulation bits. So there is little interest in hacking the Xbox consoles now. Yet I think someone still has managed in the past year to get decrypted game dumps from both XOne and Series X.
davikr 18 hours ago [-]
there has been one recently that led to the dumping of games on xbox one and série and the beginning of emulation projects
dahrkael 10 hours ago [-]
people lost interest in hacking the xbox after dev mode was introduced to run custom apps
jampa 1 days ago [-]
I think it is a combination of both. From what I heard, Denuvo hires many people from "the scene," and when someone cracks it, they pursue them aggressively.
Denuvo is also not a massive target because there are too many games nowadays to care about a specific one. The exception was when "Hogwarts Legacy" was released with Denuvo, and people went crazy for a crack which was delivered just 13 days later.
mathverse 1 days ago [-]
Denuvo does not need to hire from the scene. The scene is not some magical place full of uber leet crackers. People doing denuvo have the same or better skills.
rappatic 13 hours ago [-]
Denuvo definitely does attempt to hire from the scene. It's less that they necessarily need those specific peoples' skills, but rather because there are so few people who can crack Denuvo, so hiring a single such person dramatically reduces the number of people out there cracking your games. The most famous example being Empress, who was the only person in the world cracking Denuvo for a few years. I'm sure Denuvo would have loved to hire her, if only to stop her from releasing cracks.
spookie 2 hours ago [-]
Well, you're assuming "she" is a single soul ;)
clayhacks 1 days ago [-]
There’s definitely been plenty of denuvo games cracked, but I’d say most games that haven’t been cracked have denuvo. I think it also depends on the version of denuvo. Newer versions seem pretty well protected
0cf8612b2e1e 1 days ago [-]
Could some of that be the decreasing share of single player games? Multiplayer, always online games are a moving target vs an offline game you only need to crack once. Everything “needs” to be online, user experience be damned.
b8 13 hours ago [-]
Empress has cracked Denuvo protected games within a few days of launch, so not its not stopping everyone [0]. After one person bypasses it then others do from the inspiration they got from the OG. There's a formal theory for it, but I can't recall it currently.
Successfully got me out of gaming as a kid a decade ago when it started being implemented everywhere. Not exactly the business idea they had behind it I don't think. Now I just play F2P gachas and check in on Game Pass every now and then, so no conversion ever since either.
YurgenJurgensen 1 hours ago [-]
DRM getting you out of PC gaming only to switch to gacha and subscription services seems like quitting smoking to free up more money for your heroin habit.
perching_aix 1 hours ago [-]
Kind of my point, yes, although only just kind of.
Thaxll 21 hours ago [-]
The goal is to get your game protected at release because this where most of the money is made.
devmor 1 days ago [-]
To some degree this is true, but it's cost-benefit analysis rather than being uncrackable. Denuvo is so invasive that software exploits aren't worth the effort (or risk on behalf of the user), and physical exploits are sold instead.
For example, physical FPS exploits include devices that sit in the HDMI/DP chain with a USB output and emulate a keyboard and mouse.
2c2c2c 22 hours ago [-]
years ago, a friend of mine built something functionally equivalent to Denuvo in his spare time over the span of a few years. I think his original idea was "DRM for the little guy", recognizing that indie games probably lose massive revenue from initial release piracy.
He had no idea how to sell it. After it sitting around for awhile, I tried pitching the technology to few friends in VC, who had absolutely no idea what I was talking about.
It bothered me for a long time to see such a culmination of talent and effort get 0 reward for it. I've wondered if such technology would be interesting to some large publisher to just buy outright, bringing their anti-piracy in-house rather than relying on Denuvo. Any ideas/help appreciated :)
HighGoldstein 21 hours ago [-]
> recognizing that indie games probably lose massive revenue from initial release piracy.
This seems like an odd claim _especially_ for indie games. Indie games tend to already have trouble attracting buyers, it feels like anyone considering pirating it would just move on if they couldn't do so.
AngryData 15 hours ago [-]
Plus having a pirate version is essentially advertising for them if their product is good. Many indie title success stories I think is thanks to pirates trying them out for free and then telling everyone "Wow I just played this awesome indie title that you never would have heard of because its an indie title with little to no marketing and it is really good!" which lead to people looking at it and talking about it and getting more sales. I myself have bought numerous titles that I never would have bought based on the steam shop page. This is especially true for building, survival, or physics based games, which are pumped out en-mass, but take real talent and vision to do well enough to be worth the time and money to buy and play. Just a few games off the top of my head that I own but never would have otherwise bought without first pirating and playing them include, Project Zomboid, World of Goo, Besieged, Neo Scavenger, Oxygen Not Included, Banished. And even some pretty large titles like Crusader Kings I would never have considered buying without playing it first, and now it is one of my favorite games. Factorio would be the same thing if they didn't have a old version as a demo to play.
b8 13 hours ago [-]
A indie game dev phoned home how many players were playing his game that pirated it and he addresses your claim too in the article he posted about it[0]>
I played both Oris for 1€ on gamepass only to buy it when it's in a steam sale (~11€ for both iirc).
I have free games from epic only to buy them on Steam for 5€.
I have no problem pirating games. The last big title was Cyberpunk. It runs like shit on my end but once I buy a GPU I'll buy Cyberpunk. Until then I can wait.
I pirated GTA5 to test it on my machine back in the days. Textures popped in seconds later because the HDD was way too slow to handle the game. I prefer pirating a game over dealing with refunds.
I have it for free from Epic. Would I buy it now? No. I don't like the game at all after playing for 4 hours.
What is my favorite single player game? Cyberpunk. Do I share that information? Yes.
mjevans 13 hours ago [-]
They'd play it for free* but how many would pay? Would that number go down if DRM were involved?
Personally, Steam's about where I draw the line. They've given me enough value as an ecosystem and their native 'DRM' doesn't seem that obtrusive, so they've got a lot of my money over the years.
I've regretted every single time I happened to buy a game, which turned out to have other DRM or any form of 'anti cheat' client side. They just never work in the long run.
npteljes 7 hours ago [-]
I really enjoyed this article, thanks for sharing!
It's a shame that OP didn't add a tracker to the pirate plea button. I would wager that he made practically zero sales from it - looking at how well donations seem to work in software development in general. I think that this is why microtransactions work well. They give away a nerfed version of the game for free, and after the player formed an attachment to it, the game can be upgraded for a price. In a way, this is a much more human design, than forking up the entire cost in advance.
2c2c2c 21 hours ago [-]
Can't say I was sold with the target market mostly because the sales problem becomes orders of magnitude harder
My thought regarding indie games were successful ones though. Something like Celeste or Balatro.
ronsor 20 hours ago [-]
I pay for games because it's convenient. Most DRM is decidedly inconvenient for me, especially Denuvo-tier DRM. The end result is that if there's DRM, I'm more likely to pirate it or not play it if there's no crack.
gruez 14 hours ago [-]
How's denuvo "inconvenient"? For the overwhelming majority of people, it just works and they don't even know it's there.
SchemaLoad 11 hours ago [-]
One situation it regularly fails is with no internet connection. You download a game on your steam deck, get on the plane, and then it refuses to launch. You can prime it by loading the game while connected, but every now and then it randomly unauthorises itself leading you to regularly get stuck in this situation.
andrewmcwatters 19 hours ago [-]
Many years ago I was publishing work independently with a few other colleagues, and yes, piracy was a big deal. It was flattering, because you knew the demand was there, but maybe the audience couldn't or wasn't willing to pay for the product, but you don't want to see your work obtained for free when you're charging for it.
mort96 2 hours ago [-]
It's nice to see such effort into user-hostile technology go unrewarded. When your product is, "what if we made everything we touch a bit worse?", you deserve to get 0 reward. It's sad to see that things like Denuvo haven't met the same fate as your friend's software.
cainxinth 1 days ago [-]
Lets see Empress's analysis
Culonavirus 14 hours ago [-]
Heh... Now that would be the fastest flag in the history of this site.
efilife 9 hours ago [-]
why?
ReptileMan 8 hours ago [-]
She is as unstable as she is talented.
mschuster91 8 hours ago [-]
Empress made a name for themselves not just with cracking Denuvo but for going on full blown transphobic rants in their NFOs such as in the Hogwarts Legacy crack [1].
Vote with your wallet and don't buy games with this junk.
npteljes 7 hours ago [-]
I factor it in as risk, and decide according to that. No chance in hell that I won't buy a game I'm interested in, just because it has this crap. But I do make a mental note that it can break if I have internet or whatever.
shmerl 2 hours ago [-]
I simply won't buy it. Let them release the game on GOG or other DRM-free store, then I'll buy it if I like it.
npteljes 2 hours ago [-]
I can see that. I just scrolled through a large denuvo list on pcgamingwiki, and honestly, not much temptation there for me, even though I really like gaming. Of all these games, I only played Persona 5 (and loved it), and I only want to play some more Atlus games.
Do you also abstain from other DRMs as well, or just some in particular? They can be quite nasty, and mobile games are also pretty horrible for privacy as well. As a compromise for myself, I use a separate Windows for gaming, and I have almost no real data on that partition.
shmerl 1 hours ago [-]
I try to. Games are honestly a decent case for this. Same goes for music, books etc. It's video that's really the worst scenario.
LightHugger 20 hours ago [-]
Worth noting that denuvo causes a lot of hitching, massive load time increases and overall performance problems. Denuvo marketing dept likes to say this isn't true but you only have to look at the before/after on games with and without it, monster hunter world was a very stark example. I have no doubt denuvo is also massively contributing to the performance problems on Monster Hunter Wilds as well.
GuB-42 20 hours ago [-]
I think Denuvo impact on performance is as much exaggerated by gamers as it is downplayed by Denuvo.
I didn't play MH:World on PC but from what I have seen MH:Wilds suffers from piss-poor optimization that is unrelated to the (two!) DRM they have put in. It may be Denuvo, but from what I've seen, it is just the usual laziness that is prevalent in most AAA games today. Instead of spending the performance budget where it matters by having programmers collaborate with artists, they just throw everything at the engine which ends up overwhelmed and in turn throws everything to DLSS and framegen resulting in an ugly mess (but a raytraced ugly mess!) if you don't have the latest overpriced hardware.
And it may be the same problem with Denuvo. Denuvo doesn't have to cause massive performance problems, but developers have to implement it correctly, using license checks sparingly, and certainly not in performance-critical code.
Also note that when the publisher removes Denuvo, it may also come with other performance optimizations, not everything comes from the removal of Denuvo.
accelbred 13 hours ago [-]
MH World didn't have Denuvo on release, but it was added with the expansion. It was thus easy to tell.
LightHugger 19 hours ago [-]
I don't think is exaggerated by gamers, if anything it's widely understated. The issue is that denuvo affects the 1% lows and latency much more than the average FPS. But the 1% lows and latency have an outsized effect on player experience, average framerate can be the same but if 1% lows and latency are miserable then you are playing a completely different game.
You are not wrong about the additional failure of AAA to keep their games optimized but the ways denuvo affects performance are particularly insidious.
billmcneale 16 hours ago [-]
> Worth noting that denuvo causes a lot of hitching, massive load time increases and overall performance problems.
There is pretty much zero evidence that this is true and some credible evidence that it is untrue.
For example, plenty of games have had Denuvo removed after a few months by the publisher and showed zero improvement in performance.
This fake narrative is being pushed by software pirates bitter that Denuvo is being so effective at preventing them from stealing games.
shmerl 20 hours ago [-]
Of course. DRM can never improve user experience, it's an anti-user feature by definition.
Tadpole9181 18 hours ago [-]
Not going to take sides on the particular debate, but one could certainly argue that DRM is just a double-edge blade.
The world is less fun with less art and games. And those require money to be made. The cost of securing that or making legitimate purchases cheaper (broadening the legal market) may be the initial online requirement and potential performance impacts.
Again, I'm not saying Denuvo is or is not a net in one way or the other. Just that there is room for gray.
billmcneale 15 hours ago [-]
> it's an anti-user feature by definition.
That's an extremely naive take that shows some stark ignorance of the tech and market forces at work.
From a tech standpoint, Denuvo negatively impacting performance has been debunked many times over (see my previous post about that).
On the economical side, you need to realize that whenever you are playing and enjoying a game, it's most likely due to the fact that the previous games sold by that developer have been successful in making money, which was most likely made possible by Denuvo.
In other words, making piracy harder allows the next generation of games to be created.
kruczek 8 hours ago [-]
> On the economical side, you need to realize that whenever you are playing and enjoying a game, it's most likely due to the fact that the previous games sold by that developer have been successful in making money, which was most likely made possible by Denuvo.
>
> In other words, making piracy harder allows the next generation of games to be created.
That's an extremely bold claim. There are many games which are successful and don't use Denuvo. In fact I'm quite sure there are more successful games that don't use Denuvo, then those which use it - so I don't believe that "whenever [I'm] playing and enjoying a game" it was "most likely" created thanks to Denuvo.
And then there are people like me who simply refuse to play any game which uses Denuvo. There are thousands of excellent games out there, why should I waste time on those which treat me as a thief?
billmcneale 4 hours ago [-]
> I don't believe that "whenever [I'm] playing and enjoying a game" it was "most likely" created thanks to Denuvo
I never made that claim, please reread what I wrote, but here is my point again.
When you play a game from a publisher, they were able to create it because their previous games sold well. Therefore, anything that allows games to sell well is a positive for the entire gaming community, creators and players.
Denuvo is an important part of this picture, but it's obviously not the only one.
> And then there are people like me who simply refuse to play any game which uses Denuvo. There are thousands of excellent games out there, why should I waste time on those which treat me as a thief?
That's great, and I do that as well. And this is one of the reasons why Denuvo is not anti-user: everyone has the choice to not support it.
shmerl 15 hours ago [-]
It's the truth standpoint. DRM is an overreaching preemptive policing, i.e. by its mere definition it's always aimed against the user, therefore it's always an anti-feature.
Things like fourth amendment exist for a simple reason that overreaching policing skews into being abusive. Police could always argue abusive policing "helps prevent crime" same as copyright maximalists could argue DRM "helps prevent piracy". But both would be invalid due to overreaching nature or such policing.
To put this concept into perspective. DRM runs on your personal device, in your personal digital space, for the benefit of someone who tries to police you, treating you as an a priory criminal. So conceptually it's not any better than what fourth amendment is aimed to prevent.
Excusing such concepts with "market forces" is simply cringe.
billmcneale 13 hours ago [-]
> by its mere definition it's always aimed against the user, therefore it's always an anti-feature.
Describing it as "anti user" is theoretically correct but practically incorrect. It's true that it might prevent mods and possible future uses if the servers go down, but in practice, users don't care, as is demonstrated by the fact that games that contain Denuvo routinely sell in the millions and users have no idea it's even there, and they will never know.
Overreaching?
I don't know. Companies put out a product, you're free not to buy it if you don't like it. That's one of the reasons why I call this natural market forces.
> So conceptually it's not any better than what fourth amendment is aimed to prevent.
That's a gross exaggeration. The Fourth amendment is about unreasonable searches by the government, I completely fail to see how willingly buying a digital product from non governmental organizations is connected to Fourth amendment in any rational way.
Again, at the end of the day, nobody forces you to buy that product, hence "natural market forces".
The fact that millions of these games are being bought every month tells me users don't feel that whatever flaws, perceived or real, Denuvo has matters less to them than playing these games.
shmerl 11 hours ago [-]
Policing by some corpo isn't better than policing by the government. The basis of why overreaching policing is bad doesn't depend on it. Compare DRM to someone installing surveillance in your house to preemptively "stop any potential crimes" ... namely, by you. Are you going to be OK with that just because it's some corpo doing it and not the government?
You get the point of why the above is wrong. DRM is wrong exactly for the same reason. The ethical problem with DRM is that it invades your digital privacy based on presumption of guilt.
Whether users care or don't care doesn't really affect the concept. A lot of things in digital space are less tangible for people to care becasue they are clueless, which doesn't mean these things aren't as dangerous and damaging when abused.
And those are fundamental problems, before we even get to bad consequences that you mentioned, like DRM damaging digital preservation, losing access to your purchases and so on, which are bad too, but not on the level the above is bad.
So to sum it up, DRM is always anti user in many senses.
billmcneale 4 hours ago [-]
> Are you going to be OK with that just because it's some corpo doing it and not the government?
If I willingly let them in my home and I knew they were going to do that? I don't really have the option to complain, do I?
Your analogy doesn't make sense. People buy the game, Denuvo is clearly advertised on it. They have the option to not buy the game. Period. It's not overreach if I willingly accepted the reach.
> So to sum it up, DRM is always anti user in many senses.
How do you reconcile this claim with the fact that Denuvo games sell by the millions every month?
shmerl 2 hours ago [-]
Makes perfect sense to me. But I guess those in denial or DRM proponents will prefer to ignore the obvious.
The abusive and overreaching nature of DRM was expressed pretty clearly by those who actually abused it:
> The industry will take whatever steps it needs to protect itself and protect its revenue streams ... It will not lose that revenue stream, no matter what ... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source – we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC ... These strategies are being aggressively pursued because there is simply too much at stake.
Note the repeated usage of "your" which increasingly creeps into user's private digital space. Being in denial about this isn't an excuse for these problems.
billmcneale 56 minutes ago [-]
A lot of that verbiage is absurd exaggerations and most of these things never became true.
> Being in denial about this isn't an excuse for these problems.
I'm not in denial, I know exactly what Denuvo entails. Whenever I buy a game with Denuvo (which pretty much never happens any more), I know exactly what I'm giving away, and I'm doing so because I'm getting something in return.
Similar situation to someone dropping their business card in a jar at the exit of a restaurant with the hope they'll win a free meal. They give a bit of personal information because they think they'll receive more in return.
You don't get to take away the choice of customers to decide how to manage their information.
As long as everyone is free to make that choice, nobody is getting hurt and the market forces will ultimately land on an equilibrium, like we have today.
shmerl 29 minutes ago [-]
> A lot of that verbiage is absurd exaggerations
They express the intent behind DRM very precisely. I don't see anything about it being an exaggeration. DRM proponents will try to control as much as they can grab. There is no excuse for unethical garbage like that.
flerchin 1 days ago [-]
I'm confused by calling the identifying information "stolen constants" or "stolen instructions". I don't understand why it's considered stolen. Do we mean "intercepted"?
mpeg 1 days ago [-]
It's a very common term in reverse engineering, and low level programming in general. In VMs you usually say "stolen" to refer to bytes/instructions/constants that have been taken from the original binary and put somewhere else (whether obfuscated or not, whether still in the local binary or in a server like with denuvo)
nneonneo 1 days ago [-]
The “stolen” constants/instructions are bits of code that were in the original (VM-obfuscated) binary. These constants/instructions are deleted from the binary and provided by the server in an obfuscated form. Effectively, the binary you get when buying the game is incomplete: you get a dynamic, encrypted, system-dependent patch from the server that supplies the missing pieces (the “stolen” pieces).
mdaniel 1 days ago [-]
I haven't pirated games since I was in highshool, but this nonsense has resulted in the worst UX for games I have paid for - with no recourse on my part. I guess it's like Cloudflare: some people have to suffer because other people don't behave nicely
alias_neo 1 days ago [-]
I also haven't pirated games since I was a child, but I run Linux, and I game on Linux, whether desktop or on my ROG Ally (Bazzite).
The experience for me, when I buy a game, is that I either don't buy one with DRM, or, I buy one that _might_ work, and then I spend a little while trying to get the right version of Proton that runs correctly, and get banned / blocked temporarily for switching my machine identifiers or something too much.
It really is a sick joke that the experience for gaming, music and video is all far, far better for those who _don't_ pay than for those who do.
Kokouane 1 days ago [-]
> It really is a sick joke that the experience for gaming, music and video is all far, far better for those who _don't_ pay than for those who do.
Denuvo is effective enough that if a game has it, it is almost impossible to pirate. So in most cases, it is either pay or do not play the game at all.
There was one key player who knew how to crack Denuvo DRM. They went by the name Empress but haven't cracked anything in the past year, and also mentally deranged, often including very transphobic rants in the NFO file of the torrents they release.
alias_neo 1 days ago [-]
> it is either pay or do not play the game at all
That's still a net win for the pirate I'd argue; for them it's zero steps to "don't play the game at all", for someone like myself it's pay->waste time trying to get it run and fail->refund/no-refund.
charcircuit 1 days ago [-]
The wasting of time is because you are using an unsupported operating system. It sounds like if you switched to one you wouldn't have to waste time since the OS would support everything the game needs.
kbolino 22 hours ago [-]
There is quite a bit of anecdotal evidence that many Denuvo-protected games run worse on the recommended hardware and O/S until the Denuvo protection is removed. The end result is a worse day-one experience for the people who pay the most than for either the pirates (if any) or the people who wait for the game to fall out of the early hype phase.
protimewaster 1 days ago [-]
It feels optimistic to think that the DRM works perfectly on every possible configuration running a supported OS though, does it not?
>some people have to suffer because other people don't behave nicely
It's self fulfilling though. Some people won't behave nicely if a game comes with Denuvo.
izzydata 1 days ago [-]
What part of the experience suffers from Denuvo? I've had games with Denuvo and then had Denuvo removed and at least in my limited personal experience there has been no discernible difference.
I can understand the argument against DRM in general and owning things you buy, but that seems like a different problem.
Interesting. For how effective Denuvo is the impact is negligible. Less than 1% average framerate and seconds of loading time.
The disk space usage is weird, but 100mb to 300mb executables is irrelevant in the age of terabyte drives and 50gb game installs.
Nice to confirm that there was no way I was ever going to notice its impact.
DrammBA 2 hours ago [-]
> Less than 1% average framerate
Where did you see this? I quickly skipped through both videos and saw 5-20% difference in average framerates, 20%+ difference in 1% lows which is what makes a game feel choppy/laggy, and 5-10+ seconds difference in loading times.
And going by the techniques explained in the OP those numbers make complete sense, that's the cost I would expect for the advanced obfuscation/protection Denuvo uses.
nneonneo 1 days ago [-]
The clever thing here is that Denuvo is only used to protect certain functions, not the entire game. The functions it protects should be functions that run infrequently, but contain enough critical game logic that they can’t just be replaced wholesale by a cracker. I believe the game developer themselves chooses what functions to protect. If they protect too much (or protect the wrong functions) performance can suffer, whereas if they don’t protect enough, the crackers’ job is too easy.
izzydata 1 days ago [-]
I wonder if Denuvo the company charges more or less depending on how much function protection the developer chooses or if it is a flat rate.
Cold_Miserable 22 hours ago [-]
From the "analysis" I gather it works by encrypting the .exe and the key's are server-side. The hardware info is used to further encrypt it.
I think the goal should be to fool the checks rather than remove the encryption which would be a nightmare. CPUID can output whatever you want, it just reads MSR's. I'm sure there are possibilities to use kernel drivers to make windows functions also read out whatever you want.
nneonneo 10 hours ago [-]
You need (1) a valid license file and (2) a list of all the checks that are made and (3) some way to override the output of each check. Furthermore, you want to ideally do this in a way that makes your cracked software actually deployable on random computers, so you don’t want to do any heavy kernel-mode hooking because people won’t be able to use your crack.
Oh and if you actually do distribute a crack that uses a stolen license file, they’ll ban the heck out of the hardware identified in the license (and probably any user/account/Steam IDs they manage to hoover up), which will no doubt be an annoyance to a cracker.
StefanBatory 1 days ago [-]
Also unrelated, but seeing "A 2nd Year Computer Science Student" in the blog name was both breathtaking in a positive way, but also hurts a little. Kudos to the author, seriously.
mpeg 1 days ago [-]
Students are the only people with the patience for deep RE, I spent hours and hours in my teens unpacking binaries that used similar VMs and got pretty decent at it.
Nowadays, there is no way I could do it, I tried to get back into hackthebox recently and the new RE challenges make my brain hurt.
hoseja 5 hours ago [-]
Buy from GoG and indies
Don't play AAA slop
tristor 1 days ago [-]
Very interesting analysis and as someone who practiced reversing/cracking in my youth, it helps me to understand why Denuvo is so effective. I have, for awhile, had a policy that I will not buy any game with Denuvo, and I continue to stand by that policy. I only play games w/ Steam on Linux (Steam Deck or Framework 13 laptop) and Denuvo makes this impossible, so it's a hard no from me. But I respect the engineering they invested into this DRM.
akimbostrawman 1 days ago [-]
Denuvo DRM works on linux however it does require an internet connection and you can get banned for +24 hours if you play on more than 3-5 devices a day (a proton prefix also counts as 1 device).
mort96 2 hours ago [-]
Yeah I remember trying to debug some issue I had with DOOM Eternal (I think) and then randomly getting the message that I can't play for 24 hours because I'm an evil criminal. Not a great customer experience.
xienze 1 days ago [-]
> I only play games w/ Steam on Linux (Steam Deck or Framework 13 laptop) and Denuvo makes this impossible
Are you sure about that? I have a ROG Ally running Bazzite and I have played several games on this page[0] that use Denuvo.
I mean why shouldn't game developers protect their game from piracy?
kbolino 22 hours ago [-]
The best protection from piracy has always been making the product available at a reasonable price in a convenient fashion. This is echoed by Gabe Newell, founder of Valve, the makers of Steam, who said: "piracy is almost always a service problem and not a pricing problem...." I think the actual operation of Steam has shown that pricing matters too, since it is well known for its unusually generous sales compared to other (legitimate) digital stores. The point is that if you meet the customer where they're at, as frictionlessly as possible, you will outcompete the pirates.
DRM's primary purpose is to force consumers into an ultimatum: accept our inflated pricing and enforced inconveniences, or get nothing at all. For some products, this is part of their brand identity, since they bill themselves as "premium" or "AAA". For others, it's enforcement of their monopoly control (e.g., sports broadcasting). In all cases, it's treating the consumer like a disposable and squeezable commodity, which isn't necessarily inaccurate for some products and their target audiences, but certainly isn't the only way to do business.
andoando 20 hours ago [-]
1. There is certainly a large number of people who will pirate whether the game is $60 or $5. If you made pirating easier and consequence free, itd be a donation model. Gabe Newells statement speaks more to doing the best under bad circumstances, than openly espousing piracy (make games cheap enough that paying is worth the convenience of going through hoops to pirate it). If he was fully sincere in that statement he ought to allow all their steam store to be downloaded for free.
If you cut down the difficulty of cracking a game, and generally made it easier to pirate, wed just have a nice cracked Steam store anyone can download any play anything they want, do you really think thats going to help the market?
2. Characterizing the buying and selling of a goods, a non essential like a video games no less, as an "ultimatium" is ridiculous. By pirating youre just subsidizing the cost of the game onto people who paid for the game legitimately.
You developed the game, you have the right to charge whatever you want for it.
Perhaps there are arguments to be made since copies of digital goods are essentially free, but this isnt it
kbolino 20 hours ago [-]
You can characterize it as you wish, but the optimal amount of piracy is not zero, it's whatever amount costs more to quash than you will gain in revenue from quashing it. For many endeavors, this is quite a large amount of piracy, perhaps even larger in numbers than legitimate acquisition. For other endeavors, the balance lies somewhere that feels more favorable to the creator. There are many ways to find roughly where this line is, and DRM can be part of an effective scheme, but it can also be (and usually is) a crutch that obfuscates the line instead.
Valve is not a charity and tolerating some piracy pragmatically is not equivalent to wanting a free-for-all. What's good for the consumer can still be good for the creator and Steam has proved that. It doesn't need to meet some purity test.
tpxl 5 hours ago [-]
> There is certainly a large number of people who will pirate whether the game is $60 or $5
The intersection of people who will pirate a game at any price and people who will buy a game is an empty set.
I used to pirate everything, no matter the price, now I pirate nothing, no matter the price (except for Metro: Exodus, because it was pulled from Steam for anti-competitive bullshit).
yjftsjthsd-h 24 hours ago [-]
Because it punishes legitimate users
justsomehnguy 21 hours ago [-]
The pesky pirates don't have a problem running the game.
The legitimate buyers do have.
Who you want to annoy more - the people who gives you money or the people you never heard and you would never hear about?
larodi 19 hours ago [-]
ph34r!
op is top
Traubenfuchs 1 days ago [-]
What happened to the empress?
Is she (he?) still schizoposting via homophobic and transphobic .nfo files, combining super natural female moon goddess intuition with deep rooted cracking knowledge and has a growing telegram community full of G*mer simps?
For those not in the know, empress is/was THE famous denuvo cracker with a rather... eccentric online presentation of themself.
davikr 18 hours ago [-]
empress went dark after being exposed by a scene group as "voksi, the bulgarian". no one knows, but it did coincide with that.
dartharva 15 hours ago [-]
Voksi was a popular cracker and among the first to face against Denuvo in the early days. He got himself arrested because apparently his opsec was so nonexistent he used to lurk in steam using his real name and upload cracking tutorials on youtube.
Nobody knows what happened after, or whether he reached a deal with Denuvo or anything else. But Empress did arrive some time after he got arrested, so it could be speculated. He has denied it himself however, on multiple occasions, but even if he is Empress it's obviously something you won't expect him to admit after all that's happened.
doctorpangloss 1 days ago [-]
Game developers have Denuvo as an anti-piracy option. This is your choice for single player PC games.
There’s also multiplayer as anti piracy. It is impracticable to spoof unseen, complex server code forever.
Environment Integrity is the most flexible. That means you can’t pirate because you can’t sideload code that doesn’t belong to you, and that a remote license check cannot be spoofed. The environment also has to provide enough incremental value in updates that most people will keep auto-update on. Although, of course, Apple could force updates.
To me, the problem is how to avoid this conversation altogether. The kind of person who has the personality defect that makes him post rants about DRM doesn’t listen long enough to figure out “validity” in games.
Like imagine when people invoke that word, “valid.” This is what DRM is about to audiences, not technology. Video games are aesthetic experiences, you don’t have to play them to survive, to me it is valid to consider anything related to the game, like its DRM or the development team or whatever, as fair game for “valid.” But.
If you don’t think Denuvo is valid, you don’t think “AAA single player games on PC” is valid. And maybe that’s okay, maybe you can only go to iOS or the Switch or PS5 (Environment Integrity DRM) for AAA single player. There are no indie developers on consoles, so suddenly, you are also saying, “the only place for single player that costs money to make for self published is iOS.”
This is why I personally find the crusade against Denuvo so ironic: the people who could take the biggest creative risks and reap the most reward, including the right to keep making whatever it is they want, benefit the most from Denuvo.
keyringlight 24 hours ago [-]
One thing I try to bear in mind with this is while there's a lot of anti-corporate discussion alongside video games, they're quite often contrary to what happens in the wider world when you compare against what games or companies are successful. A lot of it skirts around the concept that developers big or small take money to be made and don't seem to have a good idea on how success should be rewarded (or differing rules depending on who you are). The video game audience is also going to be incredibly broad across a huge range of circumstances around the globe, so the question of what something is worth will have a wide range too.
22 hours ago [-]
menthe 24 hours ago [-]
Nothing a well-trained model won't be able to instantly solve. It's literally just grunt work, not rocket science.
F DRMs though. Good news is those AAA games are rarely worth anyone's time anyways. Better spin up indies or classic games - a good SNES game is worth a hundred of those garbo AAA license rehashes.
andrewmcwatters 19 hours ago [-]
I can't stress enough how much this is not true for any meaningful production threat detection software. Models regularly fail reversing even basic obfuscation tasks. Try it yourself. No, ChatGPT is not going to break Denuvo. Probably not even in OpenAI's wildest dreams.
Generating an image or sound is seemingly child's play compared to actual complex software tasks. There's not 1,000 different open source DRM codebases you can train against. It's not a diverse field.
Generating code to do script kiddie hooking? Sure. Reversing a complex multi-tiered obfuscation and trust platform? Yeah, right.
mort96 2 hours ago [-]
Source?
formerly_proven 21 hours ago [-]
It’s hard to overstate how poor the technical quality of modern games is. Pretty much every DX12/Raytracing title is just a stuttering mess with absurd shader compilation and traversal stutter. Nevermind ridiculous ghosting artifacts and the like produced by Lumen. Modern games are optimized to look good on screenshots and not-realtime in-engine renders for trailers. Hardware and APIs have never been more powerful, and engine developers turn out the worst-running games since 30 fps hardlocked Xbox ports from the 2000s.
ainiriand 23 hours ago [-]
Not for normies.
Rendered at 17:07:31 GMT+0000 (Coordinated Universal Time) with Vercel.
I would imagine many things from the SecuROM era live on in Denuvo.
But if you read the article you will realize that certain games will not work in the future due to Denuvo.
"This destroyed any exception-based hooking since majority of the time an exception is triggered, Windows will write an EXCEPTION_RECORD high up in unused stack space. You can probably see where this is going. Now, whenever the CPUID is hooked via an exception, that important value will become overwritten with an EXCEPTION_RECORD, causing undefined behaviour later on. I believe this can be bypassed if you attach a debugger to the process and set certain flags when it comes to exception handling, but the method of patching every hardware check is still cumbersome due to randomness anyway."
As Windows matures, behaviour can change, breaking certain stuff.
How do you expect the aforementioned tech to break the games it's on? If anything it "breaking" will just make the anti-tamper feature ineffective.
Such was the case for SecuROM in early days. It featured the CRC checks mentioned, if any single byte was changed, including an INT (breakpoint) instruction, it would crash. Here it's unlikely that it wont crash. Rendering the game inoperable.
That's basically the whole point of any anti-tamper product. I just think you picked a terrible example of a feature that could break due to OS changes specifically.
> Meaning that if Windows ever were to overwrite that region for whatever reason, will trigger the crash.
We're talking about random stack memory inside of a virtual machine that likely doesn't call any external code whatsoever. There should be no real way for Microsoft to accidentally corrupt this memory.
So this code can only break if the data is overwritten from code outside the control of that thread. On Unix, certain signals could cause that. Or the OS could decide to zero out the unused thread while the thread isn't running. Zeroing the thread could the helpful to wipe secrets spilled there (forward secrecy related), or if whole pages can be zeroed (via something like MADV_ZERO), it could reduce the memory consumption by allowing threads to shrink.
While I would like that thread zeroing feature, I think it's unlikely that MS will implement something like it. So the code should be unlikely to break in practice.
The GTA SA bug was reading of an uninitialized variable. The value it contained was correct simply by chance as it was placed there by the previous invocation of the function and never overwritten by something else intermittently. Any changes to functions that happened to be called in between these 2 could have changed the value of the stack memory.
The aforementioned check on the other hand is placing random value below the stack pointer. This means that by design it cannot call any external/os/game functions and is basically isolated/"pure" from any interactions with third party code.
I wonder if that's because they want to avoid these kinds of future incompatiblities with the underlying OS as it evolves.
Theres a list of every game that currently has denuvo here... https://www.reddit.com/r/CrackWatch/comments/p9ak4n/crack_wa...
This is how a VM push looks like:
(vmreg_e268 is stackpointer, its decremented and stored in tempreg, then the value of vmreg_e560 is copied to stackpointeraddr, then new stackpointervalue is written back)But i quickly lost interest when it became MBA galore:
(looks like its doing some operation with a constant to vmreg_ebe8, but obfuscated by MBAs and most likely the result won't ever being used, so its just noise to drown out the real operations)BTW: anyone aware of LLVM optimizer passimplementations that can deal with MBAs ?
It is a C++ implementation of SiMBA [1] - a tool to handle linear MBAs, made available by Denuvo itself. Denuvo have another tool - Gamba for handling some variety of non-linear MBAs. And then further improvisation by another researcher - MSiMBA [3].
SiMBA++ since written in C++, it is fast and it integrates well into the LLVM passes to automatically identify the MBAs and replace them in the LLVM IR with simplified expressions. So no additional work required.
Shameless plug - me and my colleague (author of SiMBA++) recently gave a talk about using LLVM for deobfuscation of WASM, where we talk about MBAs, SiMBA++ etc. The idea is not limited to WASM, it is language agnostic once you have a binary lifted to LLVM IR. https://www.youtube.com/watch?v=gKRdOcuXbYI
[1] SiMBA - https://github.com/DenuvoSoftwareSolutions/SiMBA [2] Gamba - https://github.com/DenuvoSoftwareSolutions/GAMBA [3] MSiMBA - https://github.com/mazeworks-security/MSiMBA
https://github.com/binsec/xyntia
Your best bet is InstCombine, but likely most of the MBA patterns aren't going to be InstCombine patterns because who writes that kind of code?
In principle, you might see if you can tickle Alive2 (which can map LLVM IR to SMT logic) to see if you can get a peephole optimizer that's querying an SMT solver. But I'm not aware of anyone who's built a pass like that yet, and it's definitely not a regular pass in the compiler.
I had some success with https://github.com/mrphrazer/msynth But its hard to glue this to LLVM.
> anything covered by Denuvo is unavailable even years later
I don't think this is true in the general case.
> Either nobody is willing to crack it (unlikely)
That's exactly what's going on - it's a matter of time-benefit, not "possible." What's groundbreaking with Denuvo isn't that the overall technique is incomprehensible but rather that it's insanely tedious to remove and very difficult to automate. They haven't made some groundbreaking theoretical technique, they've applied so many "standard" ways to obfuscate a binary that it becomes more annoying than it's worth to remove.
Then, the subscription can be allowed to lapse… and the game can be preserved, at least to the extent to which it can run without servers. If we have any belief in the “games as art” idea, this seems like a good result for preserving art.
Of course, this means that casuals like me get a much better experience than their core, dedicated, day-1 customers ... but really, that sort of contempt for your core audience is a foundational principle of AAA these days.
No, the most important thing about Denuvo is that PC gamers are forced to upgrade their hardware because Denuvo is such a performance hog. All you have to do is wait until Denuvo is stripped and the game will run much faster.
Frankly, it wouldn't surprise me if there's a conspiracy between Denuvo and Intel/AMD/NVIDIA where Denuvo goes out of their way to hurt performance on a really popular title, thus forcing people to upgrade.
Idiot writers at gaming websites claim a new patch to a game that's been out for a while has "optimizations" and lauds the developers for slaving away to make an already-finished game faster. The reality is that they just stripped out Denuvo.
> One can see that Denuvo does indeed intervene from time to time, but what one can clearly see: It doesn’t do that very often, definitely not every frame.
> It’s only once every few seconds. Even less, sometimes it doesn’t do anything.
> To me personally, it tells that Denuvo executes checks so infrequently, that the likelyhood of it causing major performance issues seems rather low.
https://momo5502.com/posts/2024-03-31-bypassing-denuvo-in-ho...
That sounds like a marketing claim. There's a bunch of denuvo-protected games that have been cracked. As far as I am aware, although I am not completely up to date, there are more denuvo-protected games that have been cracked than not.
For awhile I feel like there were monthly headlines along the lines of "Denuvo cracked within hours of game release" (e.g. https://www.techspot.com/news/71543-denuvo-protected-games-n...).
(I agree that Denuvo is generally effective for its goals, especially at game launch when it is most valuable. It's just not infallible, by any stretch.)
Most "cracked" denuvo games are games cracked AFTER denuvo was removed by the publisher in an update (usually 6 months after release)
Just look at the Yakuza/Like a Dragon games
The claim was that games protected by denuvo are uncracked years later.
What is happening right now is important and interesting, too, but not the claim the person I replied to made.
"anything covered by Denuvo is unavailable even years later" just isn't true. And that's what I was replying to.
I think some of the recent 'cracks' were mostly errors by the developers, allowing the demo of a game to load the full data files or shipping an unprotected EXE on accident somewhere (sometimes they leave a debug EXE lying around).
Sure!
That wasn't the claim made by the person I replied to. They said "anything covered by Denuvo is unavailable even years later." which isn't true. That's what my comment is about.
If it can run on your PC when copy-protected, it means at some point the CPU executed the right instructions, so a crack is always possible to create. It's just a matter of how much effort and time is it to reverse-engineer it. You cannot copy-protect software indefinitely.
I remember feeling cool as fuck as a teenager because I cracked GTA 3 by dumping the live memory of the binary post decryption. Of course it's been 25 years, so the status quo has improved by a lot and god knows how many man-years and kWh are wasted on copy protection.
To me, Xbox is that video-game you get when you ask for a Playstation and your parents don't understand video-games. Their versioning scheme even helps make sure the parents fail to purchase the latest generation.
Denuvo is also not a massive target because there are too many games nowadays to care about a specific one. The exception was when "Hogwarts Legacy" was released with Denuvo, and people went crazy for a crack which was delivered just 13 days later.
0. https://en.m.wikipedia.org/wiki/Empress_(cracker)
For example, physical FPS exploits include devices that sit in the HDMI/DP chain with a USB output and emulate a keyboard and mouse.
He had no idea how to sell it. After it sitting around for awhile, I tried pitching the technology to few friends in VC, who had absolutely no idea what I was talking about.
It bothered me for a long time to see such a culmination of talent and effort get 0 reward for it. I've wondered if such technology would be interesting to some large publisher to just buy outright, bringing their anti-piracy in-house rather than relying on Denuvo. Any ideas/help appreciated :)
This seems like an odd claim _especially_ for indie games. Indie games tend to already have trouble attracting buyers, it feels like anyone considering pirating it would just move on if they couldn't do so.
0. https://www.gamedeveloper.com/business/so-52-45-of-people-pl...
I pirated GTA5 to test it on my machine back in the days. Textures popped in seconds later because the HDD was way too slow to handle the game. I prefer pirating a game over dealing with refunds. I have it for free from Epic. Would I buy it now? No. I don't like the game at all after playing for 4 hours.
What is my favorite single player game? Cyberpunk. Do I share that information? Yes.
Personally, Steam's about where I draw the line. They've given me enough value as an ecosystem and their native 'DRM' doesn't seem that obtrusive, so they've got a lot of my money over the years.
I've regretted every single time I happened to buy a game, which turned out to have other DRM or any form of 'anti cheat' client side. They just never work in the long run.
It's a shame that OP didn't add a tracker to the pirate plea button. I would wager that he made practically zero sales from it - looking at how well donations seem to work in software development in general. I think that this is why microtransactions work well. They give away a nerfed version of the game for free, and after the player formed an attachment to it, the game can be upgraded for a price. In a way, this is a much more human design, than forking up the entire cost in advance.
My thought regarding indie games were successful ones though. Something like Celeste or Balatro.
[1] https://www.reddit.com/r/Asmongold/comments/119x8ht/heres_em...
Do you also abstain from other DRMs as well, or just some in particular? They can be quite nasty, and mobile games are also pretty horrible for privacy as well. As a compromise for myself, I use a separate Windows for gaming, and I have almost no real data on that partition.
I didn't play MH:World on PC but from what I have seen MH:Wilds suffers from piss-poor optimization that is unrelated to the (two!) DRM they have put in. It may be Denuvo, but from what I've seen, it is just the usual laziness that is prevalent in most AAA games today. Instead of spending the performance budget where it matters by having programmers collaborate with artists, they just throw everything at the engine which ends up overwhelmed and in turn throws everything to DLSS and framegen resulting in an ugly mess (but a raytraced ugly mess!) if you don't have the latest overpriced hardware.
And it may be the same problem with Denuvo. Denuvo doesn't have to cause massive performance problems, but developers have to implement it correctly, using license checks sparingly, and certainly not in performance-critical code.
Also note that when the publisher removes Denuvo, it may also come with other performance optimizations, not everything comes from the removal of Denuvo.
You are not wrong about the additional failure of AAA to keep their games optimized but the ways denuvo affects performance are particularly insidious.
There is pretty much zero evidence that this is true and some credible evidence that it is untrue.
For example, plenty of games have had Denuvo removed after a few months by the publisher and showed zero improvement in performance.
This fake narrative is being pushed by software pirates bitter that Denuvo is being so effective at preventing them from stealing games.
The world is less fun with less art and games. And those require money to be made. The cost of securing that or making legitimate purchases cheaper (broadening the legal market) may be the initial online requirement and potential performance impacts.
Again, I'm not saying Denuvo is or is not a net in one way or the other. Just that there is room for gray.
That's an extremely naive take that shows some stark ignorance of the tech and market forces at work.
From a tech standpoint, Denuvo negatively impacting performance has been debunked many times over (see my previous post about that).
On the economical side, you need to realize that whenever you are playing and enjoying a game, it's most likely due to the fact that the previous games sold by that developer have been successful in making money, which was most likely made possible by Denuvo.
In other words, making piracy harder allows the next generation of games to be created.
That's an extremely bold claim. There are many games which are successful and don't use Denuvo. In fact I'm quite sure there are more successful games that don't use Denuvo, then those which use it - so I don't believe that "whenever [I'm] playing and enjoying a game" it was "most likely" created thanks to Denuvo.
And then there are people like me who simply refuse to play any game which uses Denuvo. There are thousands of excellent games out there, why should I waste time on those which treat me as a thief?
I never made that claim, please reread what I wrote, but here is my point again.
When you play a game from a publisher, they were able to create it because their previous games sold well. Therefore, anything that allows games to sell well is a positive for the entire gaming community, creators and players.
Denuvo is an important part of this picture, but it's obviously not the only one.
> And then there are people like me who simply refuse to play any game which uses Denuvo. There are thousands of excellent games out there, why should I waste time on those which treat me as a thief?
That's great, and I do that as well. And this is one of the reasons why Denuvo is not anti-user: everyone has the choice to not support it.
Things like fourth amendment exist for a simple reason that overreaching policing skews into being abusive. Police could always argue abusive policing "helps prevent crime" same as copyright maximalists could argue DRM "helps prevent piracy". But both would be invalid due to overreaching nature or such policing.
To put this concept into perspective. DRM runs on your personal device, in your personal digital space, for the benefit of someone who tries to police you, treating you as an a priory criminal. So conceptually it's not any better than what fourth amendment is aimed to prevent.
Excusing such concepts with "market forces" is simply cringe.
Describing it as "anti user" is theoretically correct but practically incorrect. It's true that it might prevent mods and possible future uses if the servers go down, but in practice, users don't care, as is demonstrated by the fact that games that contain Denuvo routinely sell in the millions and users have no idea it's even there, and they will never know.
Overreaching?
I don't know. Companies put out a product, you're free not to buy it if you don't like it. That's one of the reasons why I call this natural market forces.
> So conceptually it's not any better than what fourth amendment is aimed to prevent.
That's a gross exaggeration. The Fourth amendment is about unreasonable searches by the government, I completely fail to see how willingly buying a digital product from non governmental organizations is connected to Fourth amendment in any rational way.
Again, at the end of the day, nobody forces you to buy that product, hence "natural market forces".
The fact that millions of these games are being bought every month tells me users don't feel that whatever flaws, perceived or real, Denuvo has matters less to them than playing these games.
You get the point of why the above is wrong. DRM is wrong exactly for the same reason. The ethical problem with DRM is that it invades your digital privacy based on presumption of guilt.
Whether users care or don't care doesn't really affect the concept. A lot of things in digital space are less tangible for people to care becasue they are clueless, which doesn't mean these things aren't as dangerous and damaging when abused.
And those are fundamental problems, before we even get to bad consequences that you mentioned, like DRM damaging digital preservation, losing access to your purchases and so on, which are bad too, but not on the level the above is bad.
So to sum it up, DRM is always anti user in many senses.
If I willingly let them in my home and I knew they were going to do that? I don't really have the option to complain, do I?
Your analogy doesn't make sense. People buy the game, Denuvo is clearly advertised on it. They have the option to not buy the game. Period. It's not overreach if I willingly accepted the reach.
> So to sum it up, DRM is always anti user in many senses.
How do you reconcile this claim with the fact that Denuvo games sell by the millions every month?
The abusive and overreaching nature of DRM was expressed pretty clearly by those who actually abused it:
https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...
> The industry will take whatever steps it needs to protect itself and protect its revenue streams ... It will not lose that revenue stream, no matter what ... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source – we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC ... These strategies are being aggressively pursued because there is simply too much at stake.
Note the repeated usage of "your" which increasingly creeps into user's private digital space. Being in denial about this isn't an excuse for these problems.
> Being in denial about this isn't an excuse for these problems.
I'm not in denial, I know exactly what Denuvo entails. Whenever I buy a game with Denuvo (which pretty much never happens any more), I know exactly what I'm giving away, and I'm doing so because I'm getting something in return.
Similar situation to someone dropping their business card in a jar at the exit of a restaurant with the hope they'll win a free meal. They give a bit of personal information because they think they'll receive more in return.
You don't get to take away the choice of customers to decide how to manage their information.
As long as everyone is free to make that choice, nobody is getting hurt and the market forces will ultimately land on an equilibrium, like we have today.
They express the intent behind DRM very precisely. I don't see anything about it being an exaggeration. DRM proponents will try to control as much as they can grab. There is no excuse for unethical garbage like that.
The experience for me, when I buy a game, is that I either don't buy one with DRM, or, I buy one that _might_ work, and then I spend a little while trying to get the right version of Proton that runs correctly, and get banned / blocked temporarily for switching my machine identifiers or something too much.
It really is a sick joke that the experience for gaming, music and video is all far, far better for those who _don't_ pay than for those who do.
Denuvo is effective enough that if a game has it, it is almost impossible to pirate. So in most cases, it is either pay or do not play the game at all.
There was one key player who knew how to crack Denuvo DRM. They went by the name Empress but haven't cracked anything in the past year, and also mentally deranged, often including very transphobic rants in the NFO file of the torrents they release.
That's still a net win for the pirate I'd argue; for them it's zero steps to "don't play the game at all", for someone like myself it's pay->waste time trying to get it run and fail->refund/no-refund.
It's self fulfilling though. Some people won't behave nicely if a game comes with Denuvo.
I can understand the argument against DRM in general and owning things you buy, but that seems like a different problem.
https://youtu.be/1VpWKwIjwLk?si=JxjXuhJJAutXp1ww
The disk space usage is weird, but 100mb to 300mb executables is irrelevant in the age of terabyte drives and 50gb game installs.
Nice to confirm that there was no way I was ever going to notice its impact.
Where did you see this? I quickly skipped through both videos and saw 5-20% difference in average framerates, 20%+ difference in 1% lows which is what makes a game feel choppy/laggy, and 5-10+ seconds difference in loading times.
And going by the techniques explained in the OP those numbers make complete sense, that's the cost I would expect for the advanced obfuscation/protection Denuvo uses.
I think the goal should be to fool the checks rather than remove the encryption which would be a nightmare. CPUID can output whatever you want, it just reads MSR's. I'm sure there are possibilities to use kernel drivers to make windows functions also read out whatever you want.
Oh and if you actually do distribute a crack that uses a stolen license file, they’ll ban the heck out of the hardware identified in the license (and probably any user/account/Steam IDs they manage to hoover up), which will no doubt be an annoyance to a cracker.
Nowadays, there is no way I could do it, I tried to get back into hackthebox recently and the new RE challenges make my brain hurt.
Don't play AAA slop
Are you sure about that? I have a ROG Ally running Bazzite and I have played several games on this page[0] that use Denuvo.
0: https://store.steampowered.com/curator/26095454-Denuvo-Watch...
DRM's primary purpose is to force consumers into an ultimatum: accept our inflated pricing and enforced inconveniences, or get nothing at all. For some products, this is part of their brand identity, since they bill themselves as "premium" or "AAA". For others, it's enforcement of their monopoly control (e.g., sports broadcasting). In all cases, it's treating the consumer like a disposable and squeezable commodity, which isn't necessarily inaccurate for some products and their target audiences, but certainly isn't the only way to do business.
If you cut down the difficulty of cracking a game, and generally made it easier to pirate, wed just have a nice cracked Steam store anyone can download any play anything they want, do you really think thats going to help the market?
2. Characterizing the buying and selling of a goods, a non essential like a video games no less, as an "ultimatium" is ridiculous. By pirating youre just subsidizing the cost of the game onto people who paid for the game legitimately.
You developed the game, you have the right to charge whatever you want for it.
Perhaps there are arguments to be made since copies of digital goods are essentially free, but this isnt it
Valve is not a charity and tolerating some piracy pragmatically is not equivalent to wanting a free-for-all. What's good for the consumer can still be good for the creator and Steam has proved that. It doesn't need to meet some purity test.
The intersection of people who will pirate a game at any price and people who will buy a game is an empty set.
I used to pirate everything, no matter the price, now I pirate nothing, no matter the price (except for Metro: Exodus, because it was pulled from Steam for anti-competitive bullshit).
The legitimate buyers do have.
Who you want to annoy more - the people who gives you money or the people you never heard and you would never hear about?
op is top
Is she (he?) still schizoposting via homophobic and transphobic .nfo files, combining super natural female moon goddess intuition with deep rooted cracking knowledge and has a growing telegram community full of G*mer simps?
For those not in the know, empress is/was THE famous denuvo cracker with a rather... eccentric online presentation of themself.
Nobody knows what happened after, or whether he reached a deal with Denuvo or anything else. But Empress did arrive some time after he got arrested, so it could be speculated. He has denied it himself however, on multiple occasions, but even if he is Empress it's obviously something you won't expect him to admit after all that's happened.
There’s also multiplayer as anti piracy. It is impracticable to spoof unseen, complex server code forever.
Environment Integrity is the most flexible. That means you can’t pirate because you can’t sideload code that doesn’t belong to you, and that a remote license check cannot be spoofed. The environment also has to provide enough incremental value in updates that most people will keep auto-update on. Although, of course, Apple could force updates.
To me, the problem is how to avoid this conversation altogether. The kind of person who has the personality defect that makes him post rants about DRM doesn’t listen long enough to figure out “validity” in games.
Like imagine when people invoke that word, “valid.” This is what DRM is about to audiences, not technology. Video games are aesthetic experiences, you don’t have to play them to survive, to me it is valid to consider anything related to the game, like its DRM or the development team or whatever, as fair game for “valid.” But.
If you don’t think Denuvo is valid, you don’t think “AAA single player games on PC” is valid. And maybe that’s okay, maybe you can only go to iOS or the Switch or PS5 (Environment Integrity DRM) for AAA single player. There are no indie developers on consoles, so suddenly, you are also saying, “the only place for single player that costs money to make for self published is iOS.”
This is why I personally find the crusade against Denuvo so ironic: the people who could take the biggest creative risks and reap the most reward, including the right to keep making whatever it is they want, benefit the most from Denuvo.
F DRMs though. Good news is those AAA games are rarely worth anyone's time anyways. Better spin up indies or classic games - a good SNES game is worth a hundred of those garbo AAA license rehashes.
Generating an image or sound is seemingly child's play compared to actual complex software tasks. There's not 1,000 different open source DRM codebases you can train against. It's not a diverse field.
Generating code to do script kiddie hooking? Sure. Reversing a complex multi-tiered obfuscation and trust platform? Yeah, right.