Denuvo, are we putting the keys to PC gaming in the hands of an unknown third party?

Vinland

Banned
Jun 27, 2015
597
0
0
And that is fair enough and something I completely back; it's not the consumers job to agree or justify a developers or publishers choices nor do they need to buy the products they don't feel like supporting. The feedback loop is extremely crucial and criticism is completely fair when we are talking about paid products. However, I was responding to posters ridiculous conspiracy theories and calling generally all developers "cunts, lazy, incompetent and spiteful", which is an accusation I don't take lightly without any proof.
We all know good developers and even publishers with good game. Immunity managers work hard and are not lazy. Sometimes good intentions are met with the greatest of problems from within. Executive decisions, he'll even middle management decisions, can cripple a game when made outside of that feedback loop. I see it everyday in enterprise software engineering and integration products products being purchased by idiots several layers removed from the engineer because someone convinced them with maths they would save money. I am happy you didn't take my post with any percieved disrespect and actually understood exactly how I meant it. :)

That is a good point; without concrete data consumers don't need to be able justify their opinions regarding DRM. It's unlikely that we'll ever see the research or data (nor will it be completely accurate as you can't A/B-test the world), but I also don't see why it would be hard to see how publishers can justify it, even if it's not necessarily cheap. I also wouldn't say that Steam was begrudgingly adopted, or that the general Jane Consumer on PC even cares about DRM, but that's beside the point.
I am not astonished one bit. I have a suspicion that DRM in any other form other than steam and its ilk actually cost more than it's worth. I am also suspicious that if steam didn't exist the PC gaming wouldn't exist as it does not. By, that I think it probably wouldn't. But that is neither here nor there.

Steam was forced on us. It certainly was met with truckloads of criticism. It really sucked for the longest time in many documented ways. also, I don't think people care about DRM because they don't know how vile it actually is.

Again, completely fair and I have definitely left some titles on the shelf because of an online-only integration that I felt had no value, and would rather spend my money elsewhere. I also have my doubts on the the functionality of individual services (I'm not too concerned about Steam or uPlay or Origin, but that's obviously a risk I'm willing to take) and I care deeply about archival purposes and being able to see our legacy, so yes, the service-based approach definitely has downsides without much direct value (though at least Steam offers some, especially tools like Steam Workshop or marketplace are a good example of how it can add value to the product).
It is all about cost to me and also knowing the risks if a title I can't live without does get some DRM I would normally oppose. Which is why I still buy console games which aren't much better these days. In the PS3 and 360 days I might day one a game if it didn't have a day one patch that prevented a good experience even if I may not play it until months later. Those days seem long gone. PC has been long gone for me since 2010 in regards to full price purchases. I miss out and developers miss out on my support.
 

MUnited83

For you.
Dec 14, 2013
26,795
1
570
You're asking this the wrong way - noone virtualizes entire executables (if we could do that, piracy and cheating alike would be all but impossible by now). Yes protected parts of the code run slower, but it's not like DRM checks are fast enough to run real-time to begin with.


It's not.
It prevents you from playing offline properly, it calls back home, it checks in online with their own activation servers. It's 100% DRM.
 

Sijil

Member
Feb 21, 2015
1,351
0
0
Arkham Knight, MGSV and Mad Max are all cracked.
I tried the cracks, they're bullshit. They crash more often than they work. The cracking group 3DM threw the towel a while ago, they just gave up.

Denuvo does nothing for user needs. It only caters to publishers. Denuvo also doesn't mean more PC games, that's been happening for a long time, before it was created.

One mod being stopped by Denuvo is one mod too much. Defending this is ridiculous, it does no good at all. Don't you care about authentication servers eventually going down and rendering the games unplayable? Don't you care about having to be online when you launch the game for the first time? Don't you care about some mods being stopped? All of this may not matter to you, but to frame it as pro-consumer or a good balance is nothing short of absurd.
My point is major publishers have shareholders to answer to, they want DRM to alleviate shareholders fears. So DRM is to be expected from them whether we like it or not, Denuvo seems like a good balance between publisher needs and user friendliness, it's not as draconian as Starforce or Ubi launcher.
 

CecilRousso

Member
Jun 29, 2008
10,349
0
0
My point is major publishers have shareholders to answer to, they want DRM to alleviate shareholders fears. So DRM is to be expected from them whether we like it or not, Denuvo seems like a good balance between publisher needs and user friendliness, it's not as draconian as Starforce or Ubi launcher.
Giving full control of your PC games to a relatively unknown third party that seem (deliberately?) struggle to explain how their system feels if not draconian then at least very uncomfortable.
 

nkarafo

Member
Nov 30, 2012
12,372
1,293
690
Some people definitely did start buying games when there is no crack. Just look at 3dmgame forums if you know the language. I cannot know how many percent among them will do though, maybe it's just a tiny fraction.
It could be a tiny fraction that doesn't worth the inconvenience of 1+million legit users.

Also, a pirate will download 100 games. If he doesn't have the option because there are no cracks and he is forced to buy games, he will only buy the games he likes or can afford (say 5 or 6 out of 100). That means, a pirated download is not the equivalent of a lost sale for the rest of the games he pirated.

I used to download full ROM sets back in the day, not to play all of them though. Most of it was for archival purposes and emulator testing. So, for instance, the full GBC rom pack had all the Barbie games (since it includes anything). These were worthless to me, i was never going to play 99% of all these games, let alone buy them. Yet, by publisher's logic, these Barbie games were pirated by me and that means they lost those sales.

Another case is when you pirate a game and you like it that much that you buy it afterwards. This means that they can sometimes work as a demo. As someone who used to pirate a few games (and has friends who used to pirate as well) i can confirm this. My legit STEAM collection would probably be much smaller if i wasn't the little asshole i was.

I'm not defending piracy btw, i'm just saying that a pirated copy can be a lost sale but it can also be one extra sale as well. Or it can be neither.
 

Pops Maellard

Member
Apr 7, 2013
4,816
0
380
Yes, and I really don't like it.
Steam as a form of DRM is fairly un-intrusive and functional. Stacking more DRM on top of that achieves nothing except adding new dependencies that are of no benefit to anyone except the company making Denuvo.
To be fair, you can't find cracked versions of Denuvo games because they don't exist. As far as I know (which could be inaccurate given that I don't pirate anything), Denuvo is flawlessly effective. Also, doesn't the way it functions allow for them to instantly fix any exploits that someone might find and abuse?

Honestly, the only time it's been frustrating was when I tried to use Revive with ADR1FT.
 

Gamezone

Gold Member
Nov 2, 2014
6,990
645
550
32
Norway
While all DRM is garbage, I don`t fear Denuvo as much as I fear digital gaming on consoles. Piracy is a huge problem on PC, and I rather have games like GTA on launch day with Denuvo, rather than having to wait for the publisher to milk the console market dry because they don`t want people to pirate their games on PC. Is it really that hard for them to deactivate Denuvo if they shut down?
 

Shari

Member
Nov 1, 2012
1,673
0
0
Another case is when you pirate a game and you like it that much that you buy it afterwards. This means that they can sometimes work as a demo. As someone who used to pirate a few games (and has friends who used to pirate as well) i can confirm this. My legit STEAM collection would probably be much smaller if i wasn't the little asshole i was.
Not that it matters but I do this and I have over three hundred games on steam (games bought on release).

I havent yet bought DOOM cause I'm not sure if I'm going to like it. Just for some more insight, I've bought a little over 10 games this year and the only one I didnt try first was Dark Souls 3.

I'm not the only one who does this among my friends, it felt like a "perk" of PC Gaming. For statistics, I'm 28 years old , got a job and disposable income.

If anyone says "just refund them" I dont want to be refunding several games per month and when I buy I do it on resellers, steam is way too expensive.

While all DRM is garbage, I don`t fear Denuvo as much as I fear digital gaming on consoles. Piracy is a huge problem on PC, and I rather have games like GTA on launch day with Denuvo, rather than having to wait for the publisher to milk the console market dry because they don`t want people to pirate their games on PC. Is it really that hard for them to deactivate Denuvo if they shut down?
I fully agree with this sentiment and I will sign if you put a contract in front of me saying that we will get paired releases with consoles in exchange for piracy, thats cool, but not through denuvo.

Is not hard for them to take away the denuvo code. Again, people from corporate have to give green light, they have to allocate the dev resources to do it and push a new version. If the game is too old, the company has dissapeared or simply it wont make anymore money, they won't do it, no one is going to give a damn.

Edit: I was thinking that I'll be completelly OK with this if they will put a condition in the code to simply skip validation two years after release. Nowadays games can be found dirty cheap passed that time and publishers wont be worried about piracy passed that time for the most part.
 

General Lee

Member
May 4, 2014
1,157
46
290
Denuvo might have its potential downsides, but I feel it does help devs/pubs put more effort on PC, and I do believe it will increase total sales during the lifetime of a game, compared to rampant piracy. It's not a black and white comparison, but ultimately I do think it's the choice of the devs if they want people to be able to pirate their game or not. If blocking it comes at a cost, well that's the cost of a working society. Whe have laws and law enforcement for a reason. It limits us in certain ways, but it also enables us to not get screwed by more unscrupulous people.
 

madjoki

Member
Jul 28, 2014
4,044
0
315
Finland
steamcommunity.com
Not that it matters but I do this and I have over three hundred games on steam (games bought on release).

I havent yet bought DOOM cause I'm not sure if I'm going to like it. Just for some more insight, I've bought a little over 10 games this year and the only one I didnt try first was Dark Souls 3.

I'm not the only one who does this among my friends, it felt like a "perk" of PC Gaming. For statistics, I'm 28 years old , got a job and disposable income.

If anyone says "just refund them" I dont want to be refunding several games per month and when I buy I do it on resellers, steam is way too expensive.



I fully agree with this sentiment and I will sign if you put a contract in front of me saying that we will get paired releases with consoles in exchange for piracy, thats cool, but not through denuvo.

Is not hard for them to take away the denuvo code. Again, people from corporate have to give green light, they have to allocate the dev resources to do it and push a new version. If the game is too old, the company has dissapeared or simply it wont make anymore money, they won't do it, no one is going to give a damn.

Edit: I was thinking that I'll be completelly OK with this if they will put a condition in the code to simply skip validation two years after release. Nowadays games can be found dirty cheap passed that time and publishers wont be worried about piracy passed that time for the most part.
I guess conditions would give pirates place to hook: Hook datetime functions to return date in future. or just turn the clock. And getting verified time from online, would make it require online always.
 

jmga

Member
Mar 28, 2013
1,712
0
0
I'm surprised so many people believe companies excuses about DRM, when I have yet to see a research that shows a correlation between software piracy and sales.
 

Shari

Member
Nov 1, 2012
1,673
0
0
I guess conditions would give pirates place to hook: Hook datetime functions to return date in future. or just turn the clock. And getting verified time from online, would make it require online always.
You're totally right. And getting the date online from a public source will make the crackers just proxify the call and return whatever they need to return to bypass the check.
 

_machine

Member
Oct 12, 2011
2,974
0
0
Germany
We all know good developers and even publishers with good game. Immunity managers work hard and are not lazy. Sometimes good intentions are met with the greatest of problems from within. Executive decisions, he'll even middle management decisions, can cripple a game when made outside of that feedback loop. I see it everyday in enterprise software engineering and integration products products being purchased by idiots several layers removed from the engineer because someone convinced them with maths they would save money. I am happy you didn't take my post with any percieved disrespect and actually understood exactly how I meant it. :)
Thank you, I definitely understood your important point and the fact that some of the decisions publishers or developers make, or they feel like they have to make (which actually important, as our job often is to maximize success, not just to achieve it because ultimately the times we fail will far outnumber the times we succeed, and the stakes are our livelihoods), can deeply go against what we might want as players or what would be the best solution from the perspective of enthusiast consumers. It sucks, but by addressing the topic with reasonable discussion we can at least try to work towards a better common goal.

I am not astonished one bit. I have a suspicion that DRM in any other form other than steam and its ilk actually cost more than it's worth. I am also suspicious that if steam didn't exist the PC gaming wouldn't exist as it does not. By, that I think it probably wouldn't. But that is neither here nor there.
Just to be sure, I meant from a consumer perspective not as a developer. These days the amount of tracking, the quality of research and learning of the past make it very clear that their pitch has to be strong and it has to be backed by concrete data for them not only sell an expensive product once, but repeatedly. There's history of poor DRM and measuring practices in the industry, but in general especially our analytics practices have taken such leaps that I definitely question the ability of not measuring any percetible results. Not to mention that anecdotally, there's enough backchatter data (including seeing sales curves like http://i.imgur.com/AcZb60e.png) that I strongly believe that achieving a 0.01 D1 conversion of pirated downloads would not be even close to reaching and could financially be worth the investment. Doesn't make it a fair decision, but it's very, very important for the discussion to understand the why of it. Since I really need to be clear that I do not want to defend a decision because I as a consumer don't agree with it, but explain the reasoned rationale behind it from their perspective.

Steam was forced on us. It certainly was met with truckloads of criticism. It really sucked for the longest time in many documented ways. also, I don't think people care about DRM because they don't know how vile it actually is.
It's way off-topic by now, but it'd be interesting to take a more analytical look at the rise of Steam, as I'm on the complete opposite camp. I started using Steam before it was the distribution platform on PC because of the value I saw in it, and was very happy that it became the major platform. I would expect a lot of people to disagree with me, but I do believe that it was more about creating new audiences rather than transforming all existing ones forcibly onto it.

It is all about cost to me and also knowing the risks if a title I can't live without does get some DRM I would normally oppose. Which is why I still buy console games which aren't much better these days. In the PS3 and 360 days I might day one a game if it didn't have a day one patch that prevented a good experience even if I may not play it until months later. Those days seem long gone. PC has been long gone for me since 2010 in regards to full price purchases. I miss out and developers miss out on my support.
I've given up on even trying, but I do think that a better longevity of titles would be great. I am not about to make backups of all my Steam games, but in the years to come, I do hope that there will be a way to enhance the archival possibilities and ensure that even though we have agreed to purchasing services rather than products, those products can easily outlive their parent companies. On mobile, it's going to be impossible due to the fact that they are so tied to backends, but at the same time the value added is on a completely other compared to for example PC games which only do it for rights protection.

It prevents you from playing offline properly, it calls back home, it checks in online with their own activation servers. It's 100% DRM.
Again, Denuvo by itself does none of that. If you only had Denuvo and it wasn't tied to any other service, none of that would be in, you could copy, distribute and run the executable wherever you wanted. It might sound a like technicality, but it means that the actual end-user implementations can be completely different and the future of it doesn't depend on Denuvo as a company. It can mean that if it's only tied to Steam Services, you can expect it to function as long as Steam (but it's more perceptible to cracking as you can possibly crack the end-point) or to a service run by a publisher that could be taken down at anytime. I mean what more do you want to hear when CA already gave a clear answer as to why it's not DRM and what their DRM actually is.
 

CecilRousso

Member
Jun 29, 2008
10,349
0
0
Again, Denuvo by itself does none of that. If you only had Denuvo and it wasn't tied to any other service, none of that would be in, you could copy, distribute and run the executable wherever you wanted. It might sound a like technicality, but it means that the actual end-user implementations can be completely different and the future of it doesn't depend on Denuvo as a company. It can mean that if it's only tied to Steam Services, you can expect it to function as long as Steam (but it's more perceptible to cracking as you can possibly crack the end-point) or to a service run by a publisher that could be taken down at anytime. I mean what more do you want to hear when CA already gave a clear answer as to why it's not DRM and what their DRM actually is.
See, here's what I don't understand from this.

If Denuvo doesn't actually have a server depency, why does the Denuvo games on Steam have server depencies that other Steam games doesn't have? Like Creative Assembly says they have.

Why does all developers using it on Steam go this extra mile, instead of just making sure that exe cannot be modified to be stipped away from the Steam depency?

And if you're so sure about how Denuvo works, that's your source for this? I don't fully understand Denuvo, so I would be glad to read a clear explanation that would ease my fears about the games using it.
 

madjoki

Member
Jul 28, 2014
4,044
0
315
Finland
steamcommunity.com
Again, Denuvo by itself does none of that. If you only had Denuvo and it wasn't tied to any other service, none of that would be in, you could copy, distribute and run the executable wherever you wanted. It might sound a like technicality, but it means that the actual end-user implementations can be completely different and the future of it doesn't depend on Denuvo as a company. It can mean that if it's only tied to Steam Services, you can expect it to function as long as Steam (but it's more perceptible to cracking as you can possibly crack the end-point) or to a service run by a publisher that could be taken down at anytime. I mean what more do you want to hear when CA already gave a clear answer as to why it's not DRM and what their DRM actually is.
Denuvo does in fact use Denuvo hosted servers:

Here's log of JC3 booting up after removing license file.



It contacts two webservers:

ec2-52-17-38-53.eu-west-1.compute.amazonaws.com:https
104.16.26.216:http

Let's check http first because it can be MITMed easily.




So it looks like http is checking certificate using OCSP. This is likely from above https connection above.

Let's move on to https server then:

Using browser we can see certificate this server sends:

Code:
ec2-52-17-38-53.eu-west-1.compute.amazonaws.com uses an invalid security certificate. The certificate is only valid for the following names: *.codefusion.technology, codefusion.technology Error code: SSL_ERROR_BAD_CERT_DOMAIN
So it belongs to "codefusion.technology"

using whois command we can query owner for that domain:

Domain Name: codefusion.technology
Domain ID: cf0dea9a3fe34b04a133885accd4797a-DONUTS
WHOIS Server: whois.udag.net
Referral URL: http://www.united-domains.de
Updated Date: 2015-11-08T14:46:03Z
Creation Date: 2014-09-24T14:45:19Z
Registry Expiry Date: 2016-09-24T14:45:19Z
Sponsoring Registrar: united-domains AG
Sponsoring Registrar IANA ID: 1408
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant ID: crb76208cklyyf
Registrant Name: Reinhard Blaukovitsch
Registrant Organization:
Registrant Street: Strubergasse 26
Registrant City: Salzburg
(snipped from here)
It's owned by "Reinhard Blaukovitsch"

Googling name gives this as first result:

http://denuvo.com/?page=imprint

And street adress does match one that Denuvo uses. It's likely same person.

codefusion.technology itself doesn't have any kind of webpage but we can use google to find subpages:

inurl:codefusion.technology

We find these pages for manual activation:

https://support.codefusion.technology/bak/
https://support.codefusion.technology/justcause3/

But no Total War there. Maybe it's just Square Enix and Warner Bros using it?

But wait we can try to guess & try to find Total Warhammer activation page. If we can't find it, it's possible that it's developers choice?

Could it be https://support.codefusion.technology/totalwar/?
Yup, there it is.

I assume same pages are used by Denuvo internally. But at least it is hosted on same server.

TL;DR: Denuvo DOES host activation servers used by games by games like Just Cause 3 and Total Warhammer.
 

Green Wiggly

Member
Aug 19, 2011
2,405
0
485
While all DRM is garbage, I don`t fear Denuvo as much as I fear digital gaming on consoles. Piracy is a huge problem on PC, and I rather have games like GTA on launch day with Denuvo, rather than having to wait for the publisher to milk the console market dry because they don`t want people to pirate their games on PC. Is it really that hard for them to deactivate Denuvo if they shut down?
While I don't know from a technical standpoint, you can look at the shutdown of Games for Windows Live as a similar situation. Some games were patched right away, some took months, and some never were. You never know if a publisher will care about its previous titles in the future.
 

_machine

Member
Oct 12, 2011
2,974
0
0
Germany
TL;DR: Denuvo DOES host activation servers used by games by games like Just Cause 3 and Total Warhammer.
That's some good reseach.

So, as I mentioned earlier there's no implication of such method being a mandatory part of Denuvo (as I don't remember other titles using their servers for authentication) so there are two realistic options:
-they have begun to offer a separate authentication server service (which in product terms is not Denuvo Anti-Tamper)
-publishers have commissioned them to create that server for them at request

Those aren't the only options (as independent entrepreneurs, it's possible they have as freelancers created these services outside of Denuvo's contract, and other not so realistic options), but also I know (from software engineers that may or may not have more in-depth information about the technology and VM encryption) that it's a not required part of the anti-tamper system. The key thing here is though that they are effectively ones providing that side of the service too for some games.

If Denuvo doesn't actually have a server depency, why does the Denuvo games on Steam have server depencies that other Steam games doesn't have? Like Creative Assembly says they have.

Why does all developers using it on Steam go this extra mile, instead of just making sure that exe cannot be modified to be stipped away from the Steam depency?
Because Anti-Tamper itself offers no rights management and because Steam's is not the most reliable. There's a higher chance that Steam's endpoint authentication can be replicated (which it has been done in the past) rather than having crack the anti-tamper itself. It still deeply ties into Denuvo as that's the reason the server authentication is much harder to replicate and why they have purchased the license in the first part; to strengthen their DRM.

And if you're so sure about how Denuvo works, that's your source for this? I don't fully understand Denuvo, so I would be glad to read a clear explanation that would ease my fears about the games using it.
I am not sure since I have no first-hand experience, but naturally having worked with GaaS and still having heard second-hand talk from actual engineers I'm confident in addressing how it works on a high-level. And I definitely have nothing to say that would ease any fears as it will still likely be paired with a proper connect-to-home DRM (which apparently they can now provide too as mentioned above) that makes it stronger than ever. What I trying to do is make sure we discuss the right things, which are DRM and Denuvo making sure it holds, rather Denuvo Anti-Tamper itself being the whole-stack and everything resting on them as a company.
 

MUnited83

For you.
Dec 14, 2013
26,795
1
570
Thank you, I definitely understood your important point and the fact that some of the decisions publishers or developers make, or they feel like they have to make (which actually important, as our job often is to maximize success, not just to achieve it because ultimately the times we fail will far outnumber the times we succeed, and the stakes are our livelihoods), can deeply go against what we might want as players or what would be the best solution from the perspective of enthusiast consumers. It sucks, but by addressing the topic with reasonable discussion we can at least try to work towards a better common goal.


Just to be sure, I meant from a consumer perspective not as a developer. These days the amount of tracking, the quality of research and learning of the past make it very clear that their pitch has to be strong and it has to be backed by concrete data for them not only sell an expensive product once, but repeatedly. There's history of poor DRM and measuring practices in the industry, but in general especially our analytics practices have taken such leaps that I definitely question the ability of not measuring any percetible results. Not to mention that anecdotally, there's enough backchatter data (including seeing sales curves like http://i.imgur.com/AcZb60e.png) that I strongly believe that achieving a 0.01 D1 conversion of pirated downloads would not be even close to reaching and could financially be worth the investment. Doesn't make it a fair decision, but it's very, very important for the discussion to understand the why of it. Since I really need to be clear that I do not want to defend a decision because I as a consumer don't agree with it, but explain the reasoned rationale behind it from their perspective.


It's way off-topic by now, but it'd be interesting to take a more analytical look at the rise of Steam, as I'm on the complete opposite camp. I started using Steam before it was the distribution platform on PC because of the value I saw in it, and was very happy that it became the major platform. I would expect a lot of people to disagree with me, but I do believe that it was more about creating new audiences rather than transforming all existing ones forcibly onto it.


I've given up on even trying, but I do think that a better longevity of titles would be great. I am not about to make backups of all my Steam games, but in the years to come, I do hope that there will be a way to enhance the archival possibilities and ensure that even though we have agreed to purchasing services rather than products, those products can easily outlive their parent companies. On mobile, it's going to be impossible due to the fact that they are so tied to backends, but at the same time the value added is on a completely other compared to for example PC games which only do it for rights protection.


Again, Denuvo by itself does none of that. If you only had Denuvo and it wasn't tied to any other service, none of that would be in, you could copy, distribute and run the executable wherever you wanted. It might sound a like technicality, but it means that the actual end-user implementations can be completely different and the future of it doesn't depend on Denuvo as a company. It can mean that if it's only tied to Steam Services, you can expect it to function as long as Steam (but it's more perceptible to cracking as you can possibly crack the end-point) or to a service run by a publisher that could be taken down at anytime. I mean what more do you want to hear when CA already gave a clear answer as to why it's not DRM and what their DRM actually is.
It is absolutely DRM. Games with it have to connect to Denuvo owned servers for activation. This not something a regular Steam game does, and its not a Valve owned server. No matter the way you try to slice it, Denuvo is definitely DRM.
 

SneakyStephan

Banned
Jan 23, 2011
18,402
0
0
But that's more of an issue with the distribution platforms rather than the publisher/developer and game/drm, and something that largely hasn't been possible in most games, DRM or not (as Steam installs the latest build by default, and there is no alternative to it). Yes, it's possible to set multiple revision on Steam these days, but it does come with it's setbacks, and again, in both publisher relations and support costs is not necessarily a wise choice.

And, again, way to be fucking insulting to what's probably most of my friends, myself and other people who have worked tirelessly years to even try to make great games and serve audiences way bigger than here. They sure as fuck are not incompetent when you factor in the amount of experience you need to have to reach a position where you work with these systems, they sure as hell are not lazy working 60+ hours a week (which I'm glad I don't need to) and they sure as fucking hell are not spiteful to the general player base who actually help them make a living. I'm honestly too tired for this discussion want to use expletives that are not suited for this forum because you have absolutely no clue about anything with regards to game development.
Every industry has tons of incompetent people, tons of spiteful people who burn bridges after they are done with something.

PC users have always enjoyed a healthy separation layer between themselves and the people selling them software. Once you bought something it was truely yours (which is rare for digital content).

Now that is gone and you instantly see the consequences with jc3

You're way too emotionally invested in defending your friends' honor to be unbiased about this.

Again, there is shitloads of incompetence in the game industry, just like in every other industry. Your industry is not special.
 

madjoki

Member
Jul 28, 2014
4,044
0
315
Finland
steamcommunity.com
While I don't know from a technical standpoint, you can look at the shutdown of Games for Windows Live as a similar situation. Some games were patched right away, some took months, and some never were. You never know if a publisher will care about its previous titles in the future.
GFWL hasn't been shutdown. It's still alive. And GFWL games still work, although you might need to manually update GFWL client on Windows 8 and 10.

That's some good reseach.

So, as I mentioned earlier there's no implication of such method being a mandatory part of Denuvo (as I don't remember other titles using their servers for authentication) so there are two realistic options:
-they have begun to offer a separate authentication server service (which in product terms is not Denuvo Anti-Tamper)
-publishers have commissioned them to create that server for them at request

Those aren't the only options (as independent entrepreneurs, it's possible they have as freelancers created these services outside of Denuvo's contract, and other not so realistic options), but also I know (from software engineers that may or may not have more in-depth information about the technology and VM encryption) that it's a not required part of the anti-tamper system. The key thing here is though that they are effectively ones providing that side of the service too for some games.

Because Anti-Tamper itself offers no rights management and because Steam's is not the most reliable. There's a higher chance that Steam's endpoint authentication can be replicated (which it has been done in the past) rather than having crack the anti-tamper itself. It still deeply ties into Denuvo as that's the reason the server authentication is much harder to replicate and why they have purchased the license in the first part; to strengthen their DRM.
At least Total Warhammer devs are claiming they don't use Denuvo as DRM, only as Anti-tamper for Steam DRM.

But then again Denuvo can use Steam's DRM functions (such as encrypted app tickets, this is suggested by inclusion of "sdkencryptedappticket64.dll" in game files for Just Cause 3).

What it does is Steam Client requests proof of ownership from Steam Servers (think app tickets like CD-keys used by some other DRMs, but invisible to user).

Then game sends this to a trusted server (Denuvos) for verification and gives data required if it's valid.

So while Denuvo doesn't necessarily require using their DRM inside protected game files, it sure seems like in case of these games it does. This is despite some of developers claiming "Denuvo is not DRM".

Which while isn't straight out lie, would be very inhonest to say, if they indeed use some code from Denuvo for checks.

I also got an idea, there's non-steam Denuvo games, so I can later try to see if it's any different.

Another idea is trying to cheat a game connecting to false server (which almost 100% sure is impossible as they should be checking against that)
 

_machine

Member
Oct 12, 2011
2,974
0
0
Germany
It is absolutely DRM. Games with it have to connect to Denuvo owned servers for activation. This not something a regular Steam game does, and its not a Valve owned server. No matter the way you try to slice it, Denuvo is definitely DRM.
Did you really not read the post? They do not have to. Denuvo is always couple with DRM, but by itself is not (I guess you can go back and check where FIFA 15 connects and come back with some proof). At this point you're doing nothing but detracting from the discussion that we should be having, which is how can we address the future, prove value of being able to confidently play the products you have purchases even if the service holders exist no longer etc.

So while Denuvo doesn't necessarily require using their DRM inside protected game files, it sure seems like in case of these games it does. This is despite some of developers claiming "Denuvo is not DRM".

Which while isn't straight out lie, would be very inhonest to say, if they indeed use some code from Denuvo for checks.
Yeah, this ultimately a place where we end up with conjecture and how we define the term "Denuvo". Because we know there's Denuvo Anti-Tamper that does not access their own servers and one that accesses servers registered by one of their members. As I mentioned, it being a separate deal commissioned by publisher would definitely end up in the same result, but it would not necessarily be a part of the Anti-Tamper product itself. Not that it matters a ton, since regardless there will be a DRM and it's more likely than not that going forward it's going to be a service other than Steam.

Every industry has tons of incompetent people, tons of spiteful people who burn bridges after they are done with something.

PC users have always enjoyed a healthy separation layer between themselves and the people selling them software. Once you bought something it was truely yours (which is rare for digital content).

Now that is gone and you instantly see the consequences with jc3

You're way too emotionally invested in defending your friends' honor to be unbiased about this.

Again, there is shitloads of incompetence in the game industry, just like in every other industry. Your industry is not special.
Sure there's a ton bad shit, but you generalized it, you specifically said "news at 11". How am I not supposed to take that as an insult that covers many of us? And don't get me wrong, I totally agree with all the actual negatives of functional DRM, of rights managment, of GaaS, of anti-tamper. But I'm not interested in discussing insults or ridiculous conspiracy theories that have no basis in reality. Because that detracts from addressing the problem, and I deeply care about being able to play all games 20 years down the line, I want to see better archival of the history of games, I want to see the least amount of restrictions on modifying that we can argue makes sense on both sides. Also, I have no need to defend either myself or anyone else in the industry, because we know better, but I want to have a healthy discussion for the negative aspects that need to be addressed better in this industry, and that can be done with reasonable discussion and without vulgar insults.
 

CecilRousso

Member
Jun 29, 2008
10,349
0
0
Because Anti-Tamper itself offers no rights management and because Steam's is not the most reliable. There's a higher chance that Steam's endpoint authentication can be replicated (which it has been done in the past) rather than having crack the anti-tamper itself. It still deeply ties into Denuvo as that's the reason the server authentication is much harder to replicate and why they have purchased the license in the first part; to strengthen their DRM.
So in the end, no matter how you want to differentiate the parts of Denuvo being used, and what responsibility you might want to lay on the devs or Denuvo, we get the same result - games with Denuvo are games with added server depencies, and questionable future, where we will have to rely on Denuvo continuing to make our game accessible and workable on future OS upgrades, and where have to hope that no terms of useage will be altered any further.

I really don't care what differences between Denuvos different components are, or how close or far they are from the definition of DRM. For me, as a paying customer, it's the same shit and Denuvo useage makes the games worth less to me.

Whether or not it has to be like that or not doesn't matter when all implementations of it so far seem to be like this.
 

madjoki

Member
Jul 28, 2014
4,044
0
315
Finland
steamcommunity.com
So I went ahead and checked with Far Cry Primal (uPlay-version).

Like with Just Cause 3 it does contact similar (different IP, but it might just be because it's hosted in cloud).

It does also contact Ubisoft servers, these seems to be related to DRM process, as they are only contacted if license file is missing. If license file exists, neither these nor Denuvo servers are contacted (at least not always).

TL;DR Far Cry Primal depends on Denuvo owned servers too

Edit: Far Cry Primal game stores license files

C:\ProgramData\dbdata\[uplay account id]\[unknown, possibly game id].dbdata
 

_machine

Member
Oct 12, 2011
2,974
0
0
Germany
So in the end, no matter how you want to differentiate the parts of Denuvo being used, and what responsibility you might want to lay on the devs or Denuvo, we get the same result - games with Denuvo are games with added server depencies, and questionable future, where we will have to rely on Denuvo continuing to make our game accessible and workable on future OS upgrades, and where have to hope that no terms of useage will be altered any further.

I really don't care what differences between Denuvos different components are, or how close or far they are from the definition of DRM. For me, as a paying customer, it's the same shit and Denuvo useage makes the games worth less to me.
I might have worded it wrong then, but my point is that it's more than possible that we end up with games which have authentication servers are taken down, and games that even with Denuvo are fully functional in 50 years, and support executable injection modding etc. It's a point that should be taken into account when talking about how will a particular game work in the future, is there anything that can be done in the future to ensure that it remains playable in the future if the implementation is not shared across all games. But I do agree that since it's usually a call-to-home implementation, it also is less valuable as a product to my eyes if it makes archival and future support harder. It's not something consumers need to discuss, but I strongly believe that addressing it might help us actually achieve something on both sides of the fence.

So I went ahead and checked with Far Cry Primal (uPlay-version).

Like with Just Cause 3 it does contact similar (different IP, but it might just be because it's hosted in cloud).

It does also contact Ubisoft servers, these seems to be related to DRM process, as they are only contacted if license file is missing. If license file exists, neither these nor Denuvo servers are contacted (at least not always).

TL;DR Far Cry Primal depends on Denuvo owned servers too

Edit: Far Cry Primal game stores license files

C:\ProgramData\dbdata\[uplay account id]\[unknown, possibly game id].dbdata
Yeah, thanks for taking a look, though does the similar IP mean ownership, because as far as I know most major publishers all favor AWS for their cloud services?
 

Vinland

Banned
Jun 27, 2015
597
0
0
So in the end, no matter how you want to differentiate the parts of Denuvo being used, and what responsibility you might want to lay on the devs or Denuvo, we get the same result - games with Denuvo are games with added server depencies, and questionable future, where we will have to rely on Denuvo continuing to make our game accessible and workable on future OS upgrades, and where have to hope that no terms of useage will be altered any further.

I really don't care what differences between Denuvos different components are, or how close or far they are from the definition of DRM. For me, as a paying customer, it's the same shit and Denuvo useage makes the games worth less to me.

Whether or not it has to be like that or not doesn't matter when all implementations of it so far seem to be like this.
And _machine already acknowledged their confirmation of understanding towards this opinion which I share too. I guess the real question is if the publishers and developers that do believe in DRM, despite criticism, care if about the delta between what we feel the game is worth and the retail price.

I don't think they do. Multiplayer games will still sell ok because of front loaded communities doing their thing and the Steam and their ilk late life sales bring in money on the backend.

But that is clearly my opinion. I can't speak to anything but that. I love video games and I play games from the 80s, 90s, 2000s and this decade. In 20 years when I start approaching my 60s I would still like to play today's games too. And hopefully the devs and publishers who earn their respect today will raise up like minded cohorts to keep that paying forward.
 

Gattsu25

Banned
Jun 6, 2004
33,448
0
0
USA
blog.gattsu25.com
Again, Denuvo by itself does none of that. If you only had Denuvo and it wasn't tied to any other service, none of that would be in, you could copy, distribute and run the executable wherever you wanted. It might sound a like technicality, but it means that the actual end-user implementations can be completely different and the future of it doesn't depend on Denuvo as a company. It can mean that if it's only tied to Steam Services, you can expect it to function as long as Steam (but it's more perceptible to cracking as you can possibly crack the end-point) or to a service run by a publisher that could be taken down at anytime. I mean what more do you want to hear when CA already gave a clear answer as to why it's not DRM and what their DRM actually is.
Denuvo does in fact use Denuvo hosted servers:

Here's log of JC3 booting up after removing license file.



It contacts two webservers:

ec2-52-17-38-53.eu-west-1.compute.amazonaws.com:https
104.16.26.216:http

Let's check http first because it can be MITMed easily.




So it looks like http is checking certificate using OCSP. This is likely from above https connection above.

Let's move on to https server then:

Using browser we can see certificate this server sends:

Code:
ec2-52-17-38-53.eu-west-1.compute.amazonaws.com uses an invalid security certificate. The certificate is only valid for the following names: *.codefusion.technology, codefusion.technology Error code: SSL_ERROR_BAD_CERT_DOMAIN
So it belongs to "codefusion.technology"

using whois command we can query owner for that domain:



It's owned by "Reinhard Blaukovitsch"

Googling name gives this as first result:

http://denuvo.com/?page=imprint

And street adress does match one that Denuvo uses. It's likely same person.

codefusion.technology itself doesn't have any kind of webpage but we can use google to find subpages:

inurl:codefusion.technology

We find these pages for manual activation:

https://support.codefusion.technology/bak/
https://support.codefusion.technology/justcause3/

But no Total War there. Maybe it's just Square Enix and Warner Bros using it?

But wait we can try to guess & try to find Total Warhammer activation page. If we can't find it, it's possible that it's developers choice?

Could it be https://support.codefusion.technology/totalwar/?
Yup, there it is.

I assume same pages are used by Denuvo internally. But at least it is hosted on same server.

TL;DR: Denuvo DOES host activation servers used by games by games like Just Cause 3 and Total Warhammer.
I seriously wanted to point out this post.

Thanks for going through all that.
 

madjoki

Member
Jul 28, 2014
4,044
0
315
Finland
steamcommunity.com
Yeah, thanks for taking a look, though does the similar IP mean ownership, because as far as I know most major publishers all favor AWS for their cloud services?
That IP (ec2-52-19-31-111.eu-west-1.compute.amazonaws.com) still uses same Denuvo certificate.

Actual Ubisoft servers/IPs involved (for me) were:

local62-mtl-38.ubisoft.qc.ca
local62-mtl-27.ubisoft.qc.ca

after game has launched, unlikely denuvo related:

local62-mtl-28.ubisoft.qc.ca
ec2-54-210-80-231.compute-1.amazonaws.com
 

JaseC

gave away the keys to the kingdom.
Jul 30, 2009
73,803
6
890
Western Australia
And again: Creative Assembly's Denuvo FAQ explicitly states that Denuvo acts as a verification layer and, at least in the case of Total Warhammer, imposes a restriction of no more than five installations per 24-hour period, the latter of which could not be enforced if Denuvo weren't "phoning home" to the former degree. It is absolutely and unequivocally DRM, just not quite as obnoxious as, say, SecuROM.
 

Shawsie64

Banned
Mar 27, 2007
4,025
0
0
Whats with these Russian websites selling Denuvo offline activation cracks? Looks dodgy as hell.

I wonder if this is a new market pirates are willing to go through, I mean $4 is what Warhammer is going for.

http://antidenuvo.com/game.php?game=TW

I just wait for sales, give me a reasonable price on Steam and I have no issues supporting the devs.
 

madjoki

Member
Jul 28, 2014
4,044
0
315
Finland
steamcommunity.com
Whats with these Russian websites selling Denuvo offline activation cracks? Looks dodgy as hell.

I wonder if this is a new market pirates are willing to go through, I mean $4 is what Warhammer is going for.

http://antidenuvo.com/game.php?game=TW

I just wait for sales, give me a reasonable price on Steam and I have no issues supporting the devs.
Sellers: 46
Buyers: 1247
Reviews: 786
Seems like there is market. But it seems risky and stupid to pay $4 for activation that works for month or so. But I'm fairly patient so.
 

CecilRousso

Member
Jun 29, 2008
10,349
0
0
I might have worded it wrong then, but my point is that it's more than possible that we end up with games which have authentication servers are taken down, and games that even with Denuvo are fully functional in 50 years, and support executable injection modding etc. It's a point that should be taken into account when talking about how will a particular game work in the future, is there anything that can be done in the future to ensure that it remains playable in the future if the implementation is not shared across all games.
And I'm not seeing the solution to this, being very cynical about DRM and have it has turned out in the past. I don't see devs using Denuvo today taking that responsibility, and I don't see Denuvo having any interest in it.

A hypothetical "let's hope they fix it later!" scenario is not really an argument as to why we should feel that putting the future of our PC games in the hands of that Amazon server is a good thing that benefits us as customers. Why should we defend this?

But I do agree that since it's usually a call-to-home implementation, it also is less valuable as a product to my eyes if it makes archival and future support harder. It's not something consumers need to discuss, but I strongly believe that addressing it might help us actually achieve something on both sides of the fence.
It's not? Why not?
 

prudislav

Member
Mar 15, 2012
2,762
0
445
obligatory RIP Darkspore post :-( (aka singleplayer game killed by its DRM and abandonment of the servers)
 

texhnolyze

Banned
Aug 13, 2014
17,737
1
0
Indonesia
Wait, so the "Denuvo means no modding" chants is finally invalid due to this Warhammer game?

But yeah, Denuvo-protected games do check your games at installation. But other than that I don't think it affects anything else. I believe they can easily unlock the DRM from their side if they ever going bankrupt in the future. That is if they don't want to face the numerous trials from the raging gamers around the world.
 
Feb 28, 2012
882
0
0
Some technical stuff about Denuvo from posts around the web, for those interested:
https://www.reddit.com/user/throwawaycracker00
I've looked at past versions of Denuvo. It uses a modified version of VMProtect 3 to virtualize many game functions, and a custom library that's different from VMProtect's for anti-debug, initial game decryptions as well as to implement some SDK features that lets the game check if it has been unpacked (known as "triggers" in older protections).

Before running game code, it will call a DRM library which is specific to the underlying platform, such as Steam or Origin and others.

I don't know why people call Denuvo not DRM, it's as much DRM as all the other protectors that came before it, and it has custom code written for Steam that is used in all Steam games, and the same for Origin games. It seems to me to be a PR stunt.

Besides VMProtect, some versions of Denuvo also have integrity checks, and random chunks of useless code and obfuscation inserted throughout the game code. Compared to the virtualization this is an insignificant problem, especially if you were to see what the obfuscations look like. Standard compiler techniques are sufficient for recovering most of the code, both obfuscation and virtualization.

If Denuvo isn't cracked it isn't because it's special, it's because there are no crackers left that seem to have the skills any more. VMProtect has existed since 2006 and the version used in Denuvo does still look the same as it always has looked. People have cracked and made VMProtect tools many times in the past, although not all the good ones are public.

From what I've seen, both now and in the past, it gets some encryption keys from Steam through a ticket, which serve to function as a temporary license for your PC, this license contains hardware id, expiration date, and possibly a code decryption key.

Despite all the claims people are making about Denuvo not affecting performance, the VM does come with a few orders of magnitude of slowdown:

1) code is compiled from x86 to a virtual machine's instruction set, an x86 instruction will be translated into about between 2 to 50 VM instructions. A VM instruction is 1 to 4 bytes (depending on version of VMProtect, old was 1, new is 4) for fetching the next instruction opcode, and either 0, 1, 2 or 8 bytes for arguments. This will result in new instructions taking a lot more space, possibly between 2 bytes to 600 bytes per original x86 instruction, depending what the instruction is and the used version of the protector, newer ones being bigger.

2) the interpreter for this machine tends to take between 3 to 100 x86 instructions in its un-obfuscated form.

3) the interpreter is obfuscated, usually resulting in a 4-10 times increase in code size, and the code isn't localized in the same space (jumps throughout a 100MB executable will hurt cache) and access to the interpreter's "registers" and memory is done indirectly, again resulting in more sluggish performance.

Given these estimations, even if not perfectly accurate without doing actual statistics, you can expect between 24-50000 times slower code execution for protected instructions, possibly with an average 10000 times slow down. It would be insanity to do this on anything but initialization functions if you don't want your games to be very slow. If that wasn't enough to be bad, there are also threads running in parallel that performs anti-debugging features and they run virtualized code.

I haven't seen any gaps as you mention in protected game code once it's decrypted in memory, there are hundreds of virtualized functions per game, there are a lot of integrity checks in certain functions which are bound to be very slow, but if the developers were clever, they placed them in initialization code only. Some performance loss is unavoidable as certain code seems to be inserted indiscriminately throughout most functions, such as hiding integer constants using rather simple obfuscations, import protection by decrypting import addresses at runtime, and the integrity checks. Some games don't use most of these features, including the game 3DM was complaining about.

If the virtualized code is encrypted with a key, the key should be fixed and contained in the ticket. The size of this key for VMProtect was 64bits. It could be different here, in VMProtect they didn't even encrypt the code, rather the location of the code was encrypted.

While CPU-specific code is possible, in general, x86/x64 is a standard and it just works the same everywhere. CPUID might work differently and there are some far more evil recent features in Intel CPUs, but they aren't used by Denuvo. Exploiting CPU bugs might be possible, but the solution would be to just get all the versions: they can't all fit in the exe, and I haven't even seen any space there for all these versions you're talking about. Nor have I seen online code that does anything but get the time-locked license from Steam. "Encrypted" virtualized functions may exist, but this key should be game-specific and not user-specific.

Even if your idea was somehow feasible, it could be defeated by requesting older or more generic versions, or getting recent versions, and removing their architecture specific tricks as they are bound to be glaringly obvious, as most of Denuvo's code is, once you view it in a disassembler and study it a bit.

Your timing checks idea is feasible and has been done on some platforms like ARM that are more predictable than x86. While feasible in principle, it's incredibly hard to do it reliably and have stable code. It is also not undefeatable at all, it can be dealt with standard compilation and temporary emulations techniques to generate the original code from the modified code. I am doubtful of this technique being used on x86 as all implementations of it are very unreliable and buggy and it's very hard to implement it on x86 without bugs creeping up on you. I would consider your post speculation, unless you provide evidence or proof of your claims.

If you haven't realized it by now, the only real way of defeating Denuvo is with a specialized tool, this tool once written will defeat all current versions, removing it completely. Why doesn't this tool exist? I don't know, maybe sceners retired or lost interest? Maybe no skilled people outside of it? Lack of interest? You want to see it done? Set aside a few months, reverse engineer the protection and write a tool. It's not as hard as you may think, but you might want to cut your teeth on simpler ones first. Having such a tool would grant you better executables that run faster and are more stable.

You don't want to do that? You could take the the approach web groups like 3DM or even scene groups like CPY have and replace the keys in memory while patching the integrity checks in a few hundred places after making some scripts to detect them. This may be more difficult than you think because you will have to take a partial black box approach at studying memory and tracing differences between activated/non-activated versions. It won't be pleasant and it won't give you a better game or the satisfaction of having a better product than the original, it will also make you want to tear your hair out as you trace through the same VM interpreter code each time, duplicated dozens of times.

There is nothing special or new in Denuvo that hasn't been seen in Starforce 3 or 4, Securom 7 or 8, Solidshield and other big name game protections or cheaper commercial application protectors, and it's as much a protection and a DRM as those were, especially as they reuse the DRM code for each game. All you're seeing here is a PR stunt from a re-branded protection company and a not very active cracking scene, compounded by the fact that x64 reverse engineering tools are still young, although they are usable and enough to crack this: people have worked with far less usable tools in the past and have succeeded.

This is a throwaway account, I don't want to be given "gilded" or thanked. Please do your own research people, stop believing in things without sufficient evidence, especially when that evidence can be obtained merely by examining a file that is public. The game code is out there and you can read it as well as everyone else can, learn to reverse engineer and stop reading so many made up stories (SSD killer, processor "unique" code, constantly re-encrypting memory and other myths). The only reason I posted this is that it gets very tiring to read all these unfounded speculations about this protector on the internet, especially since it's a very standard protection in its design.
Russian board I don´t know if I´m allowed to link:
This is well known, but it uses a custom version of VMProtect 3 to virtualize: loader/wrapper library, license checks, steam authorization and on average a hundred or more game functions.
Why is it applying it to so many functions? To hide the fact that the game's functions perform a decryption of various constants used by the game using your CPUID values, as well as to perform integrity checks (their so-called "anti-tamper") on the VM's own code.

If the game license is invalid, it will not fill in those constants and your game will crash if you try to run it, such as by skipping the license check. Sometimes OEP is also virtualized together with the license checks, which are done before OEP.
Are there ways to crack it? Yes, it can be removed if you can recover the virtualized code. Can it be emulated? Yes, in more than a few ways, but the most simple way would need using someone else's license and hardware id: a copy of a dbdata and their cpuid values, or the CPU brand string. Can it be emulated without revealing someone's license and CPUID values? Maybe, but it's more difficult, only slightly easier than unvirtualization. Why does dbdata from one game not work across different exes from the same game? Probably because it contains values unique to the exe which are needed for the game to run. The last part about how these constants are filled from dbdata is something I still need to reverse.
And last, but not least, the Denuvo version "3", "4", "5" business is bogus: ProtectionID's detection of Denuvo is wonky and it's looking at section flags and thinks they represent the version, when they don't. Denuvo internals have changed slightly since it began, mostly with small incremental changes. Certain clever, but simple, changes have made emulation harder than it used to be, and that's why you're not seeing "cracks" (if emulating the hardware id checks can be called cracking, as the protected code is still there, running as slow as it always has, much slower than the original code, before protection has been applied to it).
I will not go into VMProtect internals in detail here, even if they're the most interesting part of the protection, as that would be far too lengthy and complex. Short overview of VMProtect internals: x64 code is translated to a stack machine, stack machine byte code is obfuscated and interspread with integrity and timing checks realized in various ways. The encryption of the bytecode is polymorphic and bound in such a way that the next instruction's key depends on the current instruction. The interpreter of this bytecode is obfuscated as well, and the interpreter is unique in that it contains randomly generated decryptors for the bytecode. There are 10 of these interpreters in use for all the game-related code, and they're unique to the game, but they're all generated from the same template, this is true even for the very first Denuvo games.
The loader/wrapper part has anti-debug checks, decryption code and it also creates events and environment variables that the game can check for their presence to know if the game has been unpacked or cracked.
TL:DR: Denuvo is nothing special, it´s just a modified version of VMProtect 3 and that was fully reversed/cracked years ago.
It just takes someone that has the time and the skills to fully reverse this fucker and then you will be able to fully remove this "anti-tamper" from game exes.
(Like scene group RELOADED recently removed ARXAN anti-tamper from GTA V, which in return improved performance of the game)

Bonus: Yes, Denuvo affects performance.
 

ChryZ

Member
Jun 21, 2004
9,021
1
0
twitter.com
But yeah, Denuvo-protected games do check your games at installation. But other than that I don't think it affects anything else. I believe they can easily unlock the DRM from their side if they ever going bankrupt in the future. That is if they don't want to face the numerous trials from the raging gamers around the world.
You might want to read up on SafeDisc and SecuROM DRM, for reference. Lots of games were left in the dust and aren't playable under Win10 anymore.

I, for one, will only buy Denuvo "protected" games when 75-80% off and regard them as extended, but time limited digital rentals. I also would take a good look at the game's publisher and developer. Let's take DOOM for example, Bethesda would probably make sure that the game lives on for many years to come. Then we have corporate shitshows like Warner Bros, who barely manage to ship working PC games to boot.
 

CecilRousso

Member
Jun 29, 2008
10,349
0
0
But yeah, Denuvo-protected games do check your games at installation. But other than that I don't think it affects anything else. I believe they can easily unlock the DRM from their side if they ever going bankrupt in the future. That is if they don't want to face the numerous trials from the raging gamers around the world.
They maybe can, but it's naive to rely on that happening.

And the risk of trials actually happening if they don't is almost zero.
 

Camp Freddie

Member
Aug 15, 2012
1,899
0
0
UK
Bonus: Yes, Denuvo affects performance.
Thanks for the info dump. When people say Denuvo affects performance, is this limited to the initial boot time (i.e. when it presumably runs the DRM checks) or would it continue to run slow virtualised instructions during actual gameplay?
 

finley83

Banned
Dec 10, 2011
1,697
0
0
Nobody knows as there's no versions of the exes stripped of DRM to compare against. Apparently GTA 5 uses similar technology which was recently cracked, resulting in performance increases, so theoretically it could be the same here too.

Have to say it's concerning how many people are defending this without any real knowledge of how it works and outright saying there's no need to discuss it. Either it's a clear case of lack of interest / concern (aka "works fine for me, nothing else matters") or some other motive that I just can't figure out...
 

Mub!

Member
Feb 2, 2016
128
0
190
I'm not a fan of the history of video games as an artform being held at gunpoint. The sooner denuvo dies a fiery death, the better gaming will be.
 

CecilRousso

Member
Jun 29, 2008
10,349
0
0
Have to say it's concerning how many people are defending this without any real knowledge of how it works and outright saying there's no need to discuss it. Either it's a clear case of lack of interest / concern (aka "works fine for me, nothing else matters") or some other motive that I just can't figure out...
It's interesting. It's a system that's only there for control, sets restrictions and gives nothing back. One would assume that reluctant acceptance would the most anyone should be able to give it.
 

Mifec

Member
Oct 11, 2014
8,191
0
285
Btw I did a little research yesterday and found out that people are selling Denuvo activaton for like 4 bucks. They let you activate the game on their steam acc with teamviewr and then go offline and include reactivation when they expire rofl.

I tried the cracks, they're bullshit. They crash more often than they work. The cracking group 3DM threw the towel a while ago, they just gave up.
Except when they're not I guess since most of my RL friends who can't afford the games finished both MGS and Mad Max with it, had to tinker with timezone for MM but got it stable.
 

Cake Boss

Banned
Dec 17, 2011
23,544
0
0
So it seems like Denuvo is winning the short game lately. Not sure about long term but it seems like crackers have yet to figure out how to crack Deshit games.
 

Wereroku

Member
Jan 10, 2013
5,153
0
365
NC
Btw I did a little research yesterday and found out that people are selling Denuvo activaton for like 4 bucks. They let you activate the game on their steam acc with teamviewr and then go offline and include reactivation when they expire rofl.



Except when they're not I guess since most of my RL friends who can't afford the games finished both MGS and Mad Max with it, had to tinker with timezone for MM but got it stable.
Apparently some of the earlier versions weren't encrypted well enough. However later games have closed those holes and are still not cracked. It's kind of interesting to see a new market open up around this since pirates can't get it for free anymore. Going into the threads it's great to see these people complain about having to pay 4 dollars to play a brand new game. Also quite a few of them have been scammed out of their 4 dollars.
 

SneakyStephan

Banned
Jan 23, 2011
18,402
0
0
Sure there's a ton bad shit, but you generalized it, you specifically said "news at 11". How am I not supposed to take that as an insult that covers many of us? And don't get me wrong, I totally agree with all the actual negatives of functional DRM, of rights managment, of GaaS, of anti-tamper. But I'm not interested in discussing insults or ridiculous conspiracy theories that have no basis in reality. Because that detracts from addressing the problem, and I deeply care about being able to play all games 20 years down the line, I want to see better archival of the history of games, I want to see the least amount of restrictions on modifying that we can argue makes sense on both sides. Also, I have no need to defend either myself or anyone else in the industry, because we know better, but I want to have a healthy discussion for the negative aspects that need to be addressed better in this industry, and that can be done with reasonable discussion and without vulgar insults.
I never said all developers, I said plenty of developers.

There's enough rotten eggs out there that we need every single last layer of consumer protection and self sufficiency and control over the software we buy that we can possibly get, because without them we will get screw over many times.

The developers who treat their communities well (say those rare ones who will work on a drm removal patch after their company is told to shut down, those who will not abuse denuvo to stop people from modding their game, or even better those rare ones who don't relase a game that requires a dsfix to turn it into a proper pc port) are not the issue, the ones that don't give a fuck about their customer are.

And again, there's plenty of those.

I have no idea where you get that I said every developer is a cunt, I didn't.

Look at UWE (unknown worlds entertainment):
They released a game that :
-was finished and polished at launch
-had full mod support
-they released a server build so the community could host their own servers
-they still also paid for their own servers to exist alongside community servers (with no restrictions or differences between them)
-they released free content patches instead of paid dlc
-when they eventually did stop developing further content because they started on a new game they handed the entire game off to the community , who can now make community patches/content for it that goes into the official client

Guys like those exist, but for every one of those there are a few who will go out of their way to kill modding in their game, or who won't let the community host their own servers , or who release a 30 fps cap 720p cap port without a proper pc ui or proper pc input detection.

And for those we NEED to have full control over the software we buy.
 

CecilRousso

Member
Jun 29, 2008
10,349
0
0
And for those we NEED to have full control over the software we buy.
Yep. I think that any customer who accepts to run his purchase through a client like Steam has already done more then what devs and pubs can ask. To add things like Denuvo is to ask way way too much from your customer base.