56 comments

[ 1.4 ms ] story [ 89.6 ms ] thread
Once again I'm at odds with TH reporting. Of course you can spoof a server. That happens all the time, especially with videogames. You may not immediately be able to figure out what the call/response is, but without knowing what the check is, it could just be a simple endpoint that returns "true" on every request. Very speculative to say that whatever they do will be impossible to mimic.
Are Denuvo using games marked on Steam these days?

I've been getting mostly indies so I feel safe, but maybe I should check...

good riddance. crazy to see game developers hemorrhaging money for malware
Wonder what will be the consequences of this. I dislike Denuvo for the performance and stability penalties it gives games, but I do wonder if the "security" it gave publishers wasn't a big part of the reason why we've been getting more and more big name games on PC.

This isn't about being right or wrong but about what the publishers will do when they see their games are again getting cracked day one, and if it'll be a catalyst to again return to getting either less PC releases or at least delayed releases compared to consoles.

I will hope that does not happen.

I honestly doubt it will make much of a difference.

A good percentage of people who would download the cracked games would not have bought those anyway. And with Steam being so convenient it's hard to decide to go for a cracked copy of dubious origin that might install god knows what into your machine.

We're not in the early 00s anymore.

> performance and stability penalties

There are none. Or rather they fall in the margin of error.

"Protected" is the wrong word. "Restricted" is much more honest regarding what Denovo does.

Good riddance.

> "Restricted" is much more honest regarding what Denovo does.

I'd suggest "encumbered" or even "infected".

Interesting to finally see some action from the mouse again. Was kinda sad to see that Denuvo embodies all the worst of DRM but was so thoroughly metastasized that it was nearly inoperable and they had effectively "won".
Don't forget that the guy behing Denuvo is the same person behind SafeDisc, SecuROM and similar bullshit siblings from the past PC gaming world.
[flagged]
SecuROM back in the day caused plenty of legitimately purchased copies to not work. You'd have a physical disc with the game on it from the store, and SecuROM decided it won't work on your computer for unknown, undebugable reasons. .

Piracy may be a problem, but that's a problem to customer who were willing to give a company money. We stopped buying anything with SecuROM on it after 1-2 of those situations.

(comment deleted)
It's fairly well demonstrated that piracy is a service problem. For example, many people will pay hundreds of dollars for a game on Steam rather than play it for free on Epic (Rocket League). So clearly the free price point is not the problem
Do we have a reasonable metric of pirate -> customer conversion rate of Denuvo?
I don't think piracy has much to do with it. AAA (of even AA) single player games sell really well. Just not well enough to be the equivalent of a money-printing machine like Fortnite. Spiderman 2 sold something like 17 million copies between PC and PS5. Still nothing compared to the $30+ billion in revenue that Fortnite has generated so far. So everyone is chasing that Fortnite $$$.
Ah, yes, a problem so huge it killed the industry… wait.

This is the same thing with music / cinema piracy : it’s a mix of "pirates will always pirate" (whatever the reason, be it financial issues or not), and anti-piracy solutions always hitting legitimate customers first.

People want convenience first and foremost. Piracy being a « massive issue is a lie defended by lobbies.

Case in point, I have a legit copy of a EA game I cannot play legitimately anymore, because SafeDisc relies on a vulnerable Windows driver (basically a free rootkit) that was blacklisted by MS. See also the other comment mentioning SecuROM that basically killed SPORE on launch.

Denuvo is owned by Irdeto, a digital rights management company in a broad sense. They not only do software and hardware DRM, but also work as a watchdog for movie and music companies to claim DMCA violations for BitTorrent, among all other stuff.
I've had to take a moral stance and move to just playing games on Gog that I can buy and own the files for. No I can't play the latest and greatest but it's not the end of the world as I've so many classics to still play and enjoy. I can't support lockdown and DRM anymore. If I buy I want to own, otherwise I've not bought. It is true, if buying isn't owning, then piracy isn't stealing.
Right where I've landed as well. I just won't buy titles with Denuvo DRM, ever, no matter how much I want the game.

Was pleasantly surprised to find Doom Eternal is now on GOG a couple of days ago. If you're willing to wait, some AAA titles show up that previously had draconian DRM.

I'm willing to buy on Steam, however not with intrusive DRM. Nor with 3rd party store requirements (like EA games on Steam).

E.G. I'd like to own a copy of the modern Persona games. I'm in no particular rush. If the studios want my money when they're on sale for like 50% off launch price, gain some profit per sale and additional sales by axing the useless DRM.

Exactly the same. I haven't played an Persona game but hear it come up on some podcasts and wanted to try it out. In fact, P5R is on sale right now for 80% off and would happily pay the A$20 for it, but it still includes Denuvo.
Generally any game you can buy on GoG is also DRM free on Steam. I mention since many people have the incorrect notion that all Steam games have DRM
Likewise, I will not even consider paying for games (or music) that don't have an unencumbered download option. If the game is open source I will usually buy it without even thinking very hard about whether I'll play it.
Surprisingly, there were DRM games praised for good UX, only these were hardware releases.

When Switch 1 launched, it got re-releases (eg: Diablo 3) that were: 1. complete editions with DLCs, 2. came on a cartridge that one could swap between devices or sell, 3. supported offline play.

Online game stores were supposed to offer better UX than hardware releases. I find it interesting, and perhaps a sign of how bad the online experience can get, that the opposite can happen too.

I find it ironic people mad at Denuvo and yet play games like Battlefield which enforces kernel level spyware nonetheless haha
There is a user argument for anti cheat as a user = less cheater.

There is no user argument for DRM, if anything there are many against it = higher game price/less money for the actual game and devs, indirect funding of DRM software, worse performance, higher system requirements, worse preservation, worse privacy, longer loading times, online requirements, worse usability, machine activation restriction, bugs...

Kernel level anti-cheat also doesn't introduce a giant performance penalty like Denuvo-style DRM. People just want to play their games without it still stuttering on top of the line hardware.
Anticheats will still have obfuscated code for obvious reasons (they don’t want to be reversed). Not sure they don’t induce some performance drop too - though maybe smaller compared to bad Denuvo implementation.
Pretty strong to say there's no argument. I don't agree with it, but I imagine people would say reducing piracy leads to more money for the studio, which means more resources that can be put toward the game. Lots of people believe that, and we don't have a lot of data on opportunity costs for games including Denuvo.

I personally just hate it and think Piracy is overblown. The only other industry I've seen be this hostile to users is Music/Photoshop. Putting an iLok key into my computer feels bad.

How are you protecting yourself at the game itself spying on you?
That's all you need to know about DRM - when "pirates" bypass it, paying users are taking the hit.

And I'm not speaking about cost of implementing a technology to actively make the product worse.

No, it hasn't:

> in late 2025, the MKDev collective and the prolific DenuvOwO came up with a hypervisor-based bypass (HVB) that installs a kernel-level driver to intercept and respond to Denuvo's checks. While that's not an actual crack, it's good enough for piracy work, as the saying goes.

This. It's bypassed, not cracked. All the games released need HVB to work. They use legit Denuvo licenses from other systems.
Yeah, the headline is sensational and the body of the article doesn't do enough to distinguish between the bypass and a real crack. They only resemble one another only in the most shortsighted of ways.

One big difference is that the bypass method _requires_ Microsoft Windows in order to function. You cannot use the bypass on Linux.

I don't have a Windows install anywhere, so if I want to play the game I have to either purchase it, or wait for a crack that will remove Denuvo from the executable.

I get this probably doesn't matter to most people because they're on Windows anyway and will happily disable whatever security is required to access free games, but it's disappointing to have the technical distinctions and broader implications glossed over.

A great use of LLM
I would hope publishers would take note and remove it, having hundreds of megabytes of junk in the executable is just wasteful to put it mildly
Why would they care for a few hundred MBs when the games are in the 10s of GBs?
Denuvo is there to prevent piracy within the first 90 days of release. Something like 60 to 80% of a game’s revenue is during that period. They don’t care that it’s eventually cracked, and they absolutely do not care about performance.
Remove DRM and let buyers suffer less? Crazy talk.
I would hope that users would just refuse to buy games that use Denuvo and similar malware. I do, but I know most users don't care.
Do any of the legit scene groups sign their binaries? How do you know a release isn’t tainted?
Fyi, most of them have not been cracked, but bypassed using a hypervisor that operates in ring-1, so it is certainly a security risk..

Personally I've been voting with my wallet and *never* supporting DRM, so there have been some games where I'm just "Well, I guess I'll never play that game." At least I have an ethical option to play certain games now, I'm just gonna use a seperate blank pc cus these bypasses are novel.

This will be used as reason to introduce remote attestation to games.
Do the cracks still need you to disable Hyper-V (which leads to disabling WSL and whatever else)?

In addition, I’m not sure why they’re enabling test signing instead of using kdmapper or the like. Sure, anticheats will get way more mad at you having a manual mapped driver, but one imagines rebooting once (after playing your cracked video game) beats rebooting twice (to enable test signing, then after playing the game).

The funny thing is I remember reading about using hypervisor crap to bypass Denuvo in ~2020 (actually the post is from 2019, https://www.unknowncheats.me/forum/2410412-post14.html)

During the time of the Soviet Union, it was an urban legend that during supply shortages, Soviet factories would have no real work, but workers needed to keep up the appearance of working, so they would have one line of workers continuously assembling devices, feeding into another line that would continuously disassemble them, all in a loop where nothing gets produced.

In many ways, it feels like we are seeing this today in the digital world. As a specific example, GTA 5 (singleplayer) is a game that has been pirated for about 10 years now, and has received zero content updates in that time, yet somewhat recently (maybe a few years ago?) they updated the game on Steam to have new DRM that constantly conflicts with the Steam Deck sleep mode and kicks you out of the game at random after waking up, or just won't even let you launch if you're without internet and haven't launched it within a few days. Nothing worthwhile was produced by this endeavor, that's for sure.

Great news! I can finally feel comfortable buying games that have Denuvo day 1!
I'm very interested to see how it was cracked, and how the anticheat works.
Does anyone have a link to how the crack works? I would love to see something more technical.
Wow. Great. Congratulations. Achievement earned. You've persisted so long.

Now stop creating new DRMs. You can see what is the outcome. The definition of insanity is doing the same thing over and over again and expecting a different result.

The only thing that made me switch to Netflix from π-rated movies was the accessibility, availability, languages support, speed and quality. The same with games. I buy games from gog mostly because they are missing DRM (and because I'm an old dinosaur so not interested in the bleeding edge new games).

Please focus on the added value. And the wealth will come. Don't pay for denuvo - it's waste of money

Couldn't have happened to a nicer piece of software, etc.
Oh shit. I just realised you could use LLMs to crack these protections. They almost entirely depend on adding bloat to make it hard to crack. That’s over now.