Denuvo has been cracked, company promises countermeasures against new DRM bypasses — zero-day game releases become norm as security concerns mount over hypervisor-based bypass
www.tomshardware.com
This time around the company might have a point, though.
    • rozodru@piefed.worldEnglish
      34·
      1 month ago

      the infuriating one is Capcom. after all these years, decades even, they STILL to this DAY do not understand PC games. they still have yet to figure out HOW to optimize their games for PC and would STILL keep using Denuvo even AFTER admitting that “yeah it slows our games down, yeah we remove it and then put it back”

      Either it’s old as Japanese execs at capcom that refuse to understand gaming on the PC or they just don’t care. But it boggles my mind how Capcom kept using Denuvo while admitting it fucks their shit up.

      • uzay@infosec.pubEnglish
        11·
        1 month ago

        Capcom puts Denuvo into everything, then after a while they replace it with enigma, which is presumably cheaper, and leave that shit in indefinitely. They also put DRM in games on Steam that they are already selling DRM-free on GoG, defeating any imagined benefit DRM could have and just punishing their actual customers.

        Sega meanwhile puts Denuvo into absolutely everything and just keeps it in forever. Square Enix puts Denuvo into everything, but at least usually removes it after a while. I’m thinking this might really be a Japanese thing. They also don’t only hate piracy but modding as well, so I’m not surprised they would all opt for the most heinous form of DRM.

  • Mwa@thelemmy.clubEnglish
    31·
    1 month ago

    Am still not playing any Video Game with Denuvo.
    (I only play games with Steam’s DRM)

  • thedeadwalking4242@lemmy.worldEnglish
    191·
    1 month ago

    On the one hand software freedom.

    On the other this has me thinking about how fascinating this problem is from academic standpoint.

    How can you ensure software can ONLY run on the machines you allow? Even if the user has ring 0 access?

    Is it mathematically impossible to achieve?

    • LedgeDrop@lemmy.zipEnglish
      92·
      1 month ago

      It’s totally possible to achieve. TPM is the desktop equivalent of the technology that runs on your cellphone to have apps detect if you have an unlocked bootloader or root. It’s the same technology prevents your favorite concole (ie: switch 2, ect) from running pirated games.

      This improved security does come at a price: we/the users are the enemy and cannot be trusted. This means modifying your system will be prohibited and we (the consumer) will have to trust that Big Tech has our best interests in mind. /s

    • redsand@infosec.pubEnglish
      3·
      1 month ago

      Only with a client server model like in multiplayer or always online games. DRM is a conceptual scam. This kind of attack is unpatchable. It’s essentially a blue pill attack against a single program.

  • Shanmugha@lemmy.worldEnglish
    51·
    1 month ago

    Wait, you mean client-side anticheat is not some holy unbreakable barrier? I am shocked (sarcasm)

  • NannerBanner@literature.cafeEnglish
    31·
    1 month ago

    I’m not the most familiar with hardware level stuff. With the security disabled as in the article, can a malevolent actor rewrite firmware or leave the equivalent of an undetectable rootkit on your hardware? It would be mildly amusing to see an entire generation of pirates fuck up here, but also reminds me of the arguments regarding the intel cpus having a secondary, unknown firmware in the form of the management thingamajig.

    • frongt@lemmy.zipEnglish
      7·
      1 month ago

      Firmware, unlikely. Rootkit, probably. The most likely attack is plain old malware. Attacks relying on those security features being disabled are uncommon.

      However! If a malicious actor says "hey here’s a guide to defeat denuvo on the latest game, and here’s the crack’, and the guide tells you to disable certain security features, the crack can contain malware specifically crafted to exploit that scenario. It’s one of the reasons that guides saying “disable uac, disable antivirus, run as admin” are a huge bright red flag.

    • BladeFederation@piefed.socialEnglish
      41·
      1 month ago

      Very much possible, yes. I don’t think any game is worth the risk. Even if you have a PC dedicated to just gaming, buying new hardware if it gets borked is more expensive than just buying the game. Or playing the hundreds of great games kn existence without Denuvo.

    • Ninjascubarex@lemmy.zipEnglish
      21·
      1 month ago

      Sharing chatgpt answer as I was curious myself

      Denuvo differs from older DRM by continuously protecting the game’s code instead of just checking ownership once. Traditional systems like Steam or SecuROM perform a one-time validation, but Denuvo embeds encryption, obfuscation, and constant runtime checks directly into the executable, making it much harder to analyze or modify. The recent bypass described by Tom’s Hardware didn’t actually “crack” Denuvo in the traditional sense. Instead, it used a hypervisor, a low-level virtualization layer, to sit between the game and the operating system and feed Denuvo fake “valid” responses so it believes everything is legitimate. This avoids removing the protection entirely and instead tricks it. The tradeoff is that the method requires disabling core Windows security features, which creates serious system-level risks and is why even some in the piracy community consider it unsafe.

    • AHemlocksLie@lemmy.zipEnglish
      0·
      1 month ago

      GOG is strictly anti-DRM, so you’ll never get Denuvo-enable games there. You miiiiiight get them after Denuvo gets pulled out since that often happens after… 6 months? A year or two? But the sort of publisher that wants Denuvo included is probably the same kind to refuse a totally DRM-free release.