Are you sure about that? I have a ROG Ally running Bazzite and I have played several games on this page[0] that use Denuvo.
0: https://store.steampowered.com/curator/26095454-Denuvo-Watch...
DRM's primary purpose is to force consumers into an ultimatum: accept our inflated pricing and enforced inconveniences, or get nothing at all. For some products, this is part of their brand identity, since they bill themselves as "premium" or "AAA". For others, it's enforcement of their monopoly control (e.g., sports broadcasting). In all cases, it's treating the consumer like a disposable and squeezable commodity, which isn't necessarily inaccurate for some products and their target audiences, but certainly isn't the only way to do business.
If you cut down the difficulty of cracking a game, and generally made it easier to pirate, wed just have a nice cracked Steam store anyone can download any play anything they want, do you really think thats going to help the market?
2. Characterizing the buying and selling of a goods, a non essential like a video games no less, as an "ultimatium" is ridiculous. By pirating youre just subsidizing the cost of the game onto people who paid for the game legitimately.
You developed the game, you have the right to charge whatever you want for it.
Perhaps there are arguments to be made since copies of digital goods are essentially free, but this isnt it
Valve is not a charity and tolerating some piracy pragmatically is not equivalent to wanting a free-for-all. What's good for the consumer can still be good for the creator and Steam has proved that. It doesn't need to meet some purity test.
The intersection of people who will pirate a game at any price and people who will buy a game is an empty set.
I used to pirate everything, no matter the price, now I pirate nothing, no matter the price (except for Metro: Exodus, because it was pulled from Steam for anti-competitive bullshit).
The legitimate buyers do have.
Who you want to annoy more - the people who gives you money or the people you never heard and you would never hear about?
I would imagine many things from the SecuROM era live on in Denuvo.
But if you read the article you will realize that certain games will not work in the future due to Denuvo.
"This destroyed any exception-based hooking since majority of the time an exception is triggered, Windows will write an EXCEPTION_RECORD high up in unused stack space. You can probably see where this is going. Now, whenever the CPUID is hooked via an exception, that important value will become overwritten with an EXCEPTION_RECORD, causing undefined behaviour later on. I believe this can be bypassed if you attach a debugger to the process and set certain flags when it comes to exception handling, but the method of patching every hardware check is still cumbersome due to randomness anyway."
As Windows matures, behaviour can change, breaking certain stuff.
How do you expect the aforementioned tech to break the games it's on? If anything it "breaking" will just make the anti-tamper feature ineffective.
I wonder if that's because they want to avoid these kinds of future incompatiblities with the underlying OS as it evolves.
Theres a list of every game that currently has denuvo here... https://www.reddit.com/r/CrackWatch/comments/p9ak4n/crack_wa...
Such was the case for SecuROM in early days. It featured the CRC checks mentioned, if any single byte was changed, including an INT (breakpoint) instruction, it would crash. Here it's unlikely that it wont crash. Rendering the game inoperable.
That's basically the whole point of any anti-tamper product. I just think you picked a terrible example of a feature that could break due to OS changes specifically.
> Meaning that if Windows ever were to overwrite that region for whatever reason, will trigger the crash.
We're talking about random stack memory inside of a virtual machine that likely doesn't call any external code whatsoever. There should be no real way for Microsoft to accidentally corrupt this memory.
So this code can only break if the data is overwritten from code outside the control of that thread. On Unix, certain signals could cause that. Or the OS could decide to zero out the unused thread while the thread isn't running. Zeroing the thread could the helpful to wipe secrets spilled there (forward secrecy related), or if whole pages can be zeroed (via something like MADV_ZERO), it could reduce the memory consumption by allowing threads to shrink.
While I would like that thread zeroing feature, I think it's unlikely that MS will implement something like it. So the code should be unlikely to break in practice.
The GTA SA bug was reading of an uninitialized variable. The value it contained was correct simply by chance as it was placed there by the previous invocation of the function and never overwritten by something else intermittently. Any changes to functions that happened to be called in between these 2 could have changed the value of the stack memory.
The aforementioned check on the other hand is placing random value below the stack pointer. This means that by design it cannot call any external/os/game functions and is basically isolated/"pure" from any interactions with third party code.
For example, physical FPS exploits include devices that sit in the HDMI/DP chain with a USB output and emulate a keyboard and mouse.
If it can run on your PC when copy-protected, it means at some point the CPU executed the right instructions, so a crack is always possible to create. It's just a matter of how much effort and time is it to reverse-engineer it. You cannot copy-protect software indefinitely.
I remember feeling cool as fuck as a teenager because I cracked GTA 3 by dumping the live memory of the binary post decryption. Of course it's been 25 years, so the status quo has improved by a lot and god knows how many man-years and kWh are wasted on copy protection.
To me, Xbox is that video-game you get when you ask for a Playstation and your parents don't understand video-games. Their versioning scheme even helps make sure the parents fail to purchase the latest generation.
Denuvo is also not a massive target because there are too many games nowadays to care about a specific one. The exception was when "Hogwarts Legacy" was released with Denuvo, and people went crazy for a crack which was delivered just 13 days later.
That sounds like a marketing claim. There's a bunch of denuvo-protected games that have been cracked. As far as I am aware, although I am not completely up to date, there are more denuvo-protected games that have been cracked than not.
For awhile I feel like there were monthly headlines along the lines of "Denuvo cracked within hours of game release" (e.g. https://www.techspot.com/news/71543-denuvo-protected-games-n...).
(I agree that Denuvo is generally effective for its goals, especially at game launch when it is most valuable. It's just not infallible, by any stretch.)
I think some of the recent 'cracks' were mostly errors by the developers, allowing the demo of a game to load the full data files or shipping an unprotected EXE on accident somewhere (sometimes they leave a debug EXE lying around).
Most "cracked" denuvo games are games cracked AFTER denuvo was removed by the publisher in an update (usually 6 months after release)
Just look at the Yakuza/Like a Dragon games
The claim was that games protected by denuvo are uncracked years later.
What is happening right now is important and interesting, too, but not the claim the person I replied to made.
"anything covered by Denuvo is unavailable even years later" just isn't true. And that's what I was replying to.
Sure!
That wasn't the claim made by the person I replied to. They said "anything covered by Denuvo is unavailable even years later." which isn't true. That's what my comment is about.
> anything covered by Denuvo is unavailable even years later
I don't think this is true in the general case.
> Either nobody is willing to crack it (unlikely)
That's exactly what's going on - it's a matter of time-benefit, not "possible." What's groundbreaking with Denuvo isn't that the overall technique is incomprehensible but rather that it's insanely tedious to remove and very difficult to automate. They haven't made some groundbreaking theoretical technique, they've applied so many "standard" ways to obfuscate a binary that it becomes more annoying than it's worth to remove.
Then, the subscription can be allowed to lapse… and the game can be preserved, at least to the extent to which it can run without servers. If we have any belief in the “games as art” idea, this seems like a good result for preserving art.
Of course, this means that casuals like me get a much better experience than their core, dedicated, day-1 customers ... but really, that sort of contempt for your core audience is a foundational principle of AAA these days.
Established law says that every publication of a work involving a copyrighted character creates a new version of that character whose copyright extends for the full period starting from the publication of that work. This came up when someone wrote a story about Sherlock Holmes, who was out of copyright, and they were sued, successfully, on the theory that they had used aspects of Sherlock Holmes' personality that were developed in stories still under copyright.
Sam Logan had some fun with the concept here: https://www.samandfuzzy.com/3429
> After nearly 100 years of acting, what's your favorite of your roles?
> Steamboat Willie.
> Really? Not any of your other--
> We don't talk about my other roles. They're a burden. A liability, used to control me. I have left them behind, so that I may be free.
No, the most important thing about Denuvo is that PC gamers are forced to upgrade their hardware because Denuvo is such a performance hog. All you have to do is wait until Denuvo is stripped and the game will run much faster.
Frankly, it wouldn't surprise me if there's a conspiracy between Denuvo and Intel/AMD/NVIDIA where Denuvo goes out of their way to hurt performance on a really popular title, thus forcing people to upgrade.
Idiot writers at gaming websites claim a new patch to a game that's been out for a while has "optimizations" and lauds the developers for slaving away to make an already-finished game faster. The reality is that they just stripped out Denuvo.
> One can see that Denuvo does indeed intervene from time to time, but what one can clearly see: It doesn’t do that very often, definitely not every frame.
> It’s only once every few seconds. Even less, sometimes it doesn’t do anything.
> To me personally, it tells that Denuvo executes checks so infrequently, that the likelyhood of it causing major performance issues seems rather low.
https://momo5502.com/posts/2024-03-31-bypassing-denuvo-in-ho...
Nowadays, there is no way I could do it, I tried to get back into hackthebox recently and the new RE challenges make my brain hurt.
There’s also multiplayer as anti piracy. It is impracticable to spoof unseen, complex server code forever.
Environment Integrity is the most flexible. That means you can’t pirate because you can’t sideload code that doesn’t belong to you, and that a remote license check cannot be spoofed. The environment also has to provide enough incremental value in updates that most people will keep auto-update on. Although, of course, Apple could force updates.
To me, the problem is how to avoid this conversation altogether. The kind of person who has the personality defect that makes him post rants about DRM doesn’t listen long enough to figure out “validity” in games.
Like imagine when people invoke that word, “valid.” This is what DRM is about to audiences, not technology. Video games are aesthetic experiences, you don’t have to play them to survive, to me it is valid to consider anything related to the game, like its DRM or the development team or whatever, as fair game for “valid.” But.
If you don’t think Denuvo is valid, you don’t think “AAA single player games on PC” is valid. And maybe that’s okay, maybe you can only go to iOS or the Switch or PS5 (Environment Integrity DRM) for AAA single player. There are no indie developers on consoles, so suddenly, you are also saying, “the only place for single player that costs money to make for self published is iOS.”
This is why I personally find the crusade against Denuvo so ironic: the people who could take the biggest creative risks and reap the most reward, including the right to keep making whatever it is they want, benefit the most from Denuvo.
[1] https://www.reddit.com/r/Asmongold/comments/119x8ht/heres_em...
Is she (he?) still schizoposting via homophobic and transphobic .nfo files, combining super natural female moon goddess intuition with deep rooted cracking knowledge and has a growing telegram community full of G*mer simps?
For those not in the know, empress is/was THE famous denuvo cracker with a rather... eccentric online presentation of themself.
Nobody knows what happened after, or whether he reached a deal with Denuvo or anything else. But Empress did arrive some time after he got arrested, so it could be speculated. He has denied it himself however, on multiple occasions, but even if he is Empress it's obviously something you won't expect him to admit after all that's happened.
F DRMs though. Good news is those AAA games are rarely worth anyone's time anyways. Better spin up indies or classic games - a good SNES game is worth a hundred of those garbo AAA license rehashes.
Generating an image or sound is seemingly child's play compared to actual complex software tasks. There's not 1,000 different open source DRM codebases you can train against. It's not a diverse field.
Generating code to do script kiddie hooking? Sure. Reversing a complex multi-tiered obfuscation and trust platform? Yeah, right.
This is how a VM push looks like:
temp[0]=add(mem[e268], fffffffffffffff8)
mem[temp[0]]]=mem[e560]
mem[e268]=temp[0]
But i quickly lost interest when it became MBA galore:
temp[7]=sub(add(add(and(mem[ebe8], b2f7), 3fd8), xor(lshr(mem[ebe8], 1), 2684)), lshr(add(mem[ebe8], b2f8), 1))
temp[d]=or(sub(sub(4ad, temp[7]), xor(and(shl(temp[7], 1), 95c), 95c)), 8000)
temp[e]=lshr(temp[d], 1)
temp[11]=lshr(add(temp[d], 8001), 1)
mem[ebe8]=sub(xor(xor(temp[e], 3fff), temp[11]), shl(and(and(temp[e], 3fff), temp[11]), 1))
BTW: anyone aware of LLVM optimizer passimplementations that can deal with MBAs ?
Your best bet is InstCombine, but likely most of the MBA patterns aren't going to be InstCombine patterns because who writes that kind of code?
In principle, you might see if you can tickle Alive2 (which can map LLVM IR to SMT logic) to see if you can get a peephole optimizer that's querying an SMT solver. But I'm not aware of anyone who's built a pass like that yet, and it's definitely not a regular pass in the compiler.
I had some success with https://github.com/mrphrazer/msynth But its hard to glue this to LLVM.
It is a C++ implementation of SiMBA [1] - a tool to handle linear MBAs, made available by Denuvo itself. Denuvo have another tool - Gamba for handling some variety of non-linear MBAs. And then further improvisation by another researcher - MSiMBA [3].
SiMBA++ since written in C++, it is fast and it integrates well into the LLVM passes to automatically identify the MBAs and replace them in the LLVM IR with simplified expressions. So no additional work required.
Shameless plug - me and my colleague (author of SiMBA++) recently gave a talk about using LLVM for deobfuscation of WASM, where we talk about MBAs, SiMBA++ etc. The idea is not limited to WASM, it is language agnostic once you have a binary lifted to LLVM IR. https://www.youtube.com/watch?v=gKRdOcuXbYI
[1] SiMBA - https://github.com/DenuvoSoftwareSolutions/SiMBA [2] Gamba - https://github.com/DenuvoSoftwareSolutions/GAMBA [3] MSiMBA - https://github.com/mazeworks-security/MSiMBA
He had no idea how to sell it. After it sitting around for awhile, I tried pitching the technology to few friends in VC, who had absolutely no idea what I was talking about.
It bothered me for a long time to see such a culmination of talent and effort get 0 reward for it. I've wondered if such technology would be interesting to some large publisher to just buy outright, bringing their anti-piracy in-house rather than relying on Denuvo. Any ideas/help appreciated :)
This seems like an odd claim _especially_ for indie games. Indie games tend to already have trouble attracting buyers, it feels like anyone considering pirating it would just move on if they couldn't do so.
My thought regarding indie games were successful ones though. Something like Celeste or Balatro.
0. https://www.gamedeveloper.com/business/so-52-45-of-people-pl...
Personally, Steam's about where I draw the line. They've given me enough value as an ecosystem and their native 'DRM' doesn't seem that obtrusive, so they've got a lot of my money over the years.
I've regretted every single time I happened to buy a game, which turned out to have other DRM or any form of 'anti cheat' client side. They just never work in the long run.
It's a shame that OP didn't add a tracker to the pirate plea button. I would wager that he made practically zero sales from it - looking at how well donations seem to work in software development in general. I think that this is why microtransactions work well. They give away a nerfed version of the game for free, and after the player formed an attachment to it, the game can be upgraded for a price. In a way, this is a much more human design, than forking up the entire cost in advance.
I pirated GTA5 to test it on my machine back in the days. Textures popped in seconds later because the HDD was way too slow to handle the game. I prefer pirating a game over dealing with refunds. I have it for free from Epic. Would I buy it now? No. I don't like the game at all after playing for 4 hours.
What is my favorite single player game? Cyberpunk. Do I share that information? Yes.
I was right there with you with this opinion back in the day. Distribution was terrible, people didn't have near 24-7 access to internet. The times have changed. You're also not 11 years old anymore. You can afford to pay your peers in your industry.
The main problem with this is that some of us who buy indie games specifically buy them because they are available on DRM free platforms like Itch.io and GoG.
Adding DRM is just going to stop me from ever wanting to purchase the game. Its the same problem with Steam sucking up indie devs who started to only release on Steam. Will never purchase their game on a platform where I can't keep my own offline backup for when the service eventually fails.
The world is less fun with less art and games. And those require money to be made. The cost of securing that or making legitimate purchases cheaper (broadening the legal market) may be the initial online requirement and potential performance impacts.
Again, I'm not saying Denuvo is or is not a net in one way or the other. Just that there is room for gray.
That's an extremely naive take that shows some stark ignorance of the tech and market forces at work.
From a tech standpoint, Denuvo negatively impacting performance has been debunked many times over (see my previous post about that).
On the economical side, you need to realize that whenever you are playing and enjoying a game, it's most likely due to the fact that the previous games sold by that developer have been successful in making money, which was most likely made possible by Denuvo.
In other words, making piracy harder allows the next generation of games to be created.
Things like fourth amendment exist for a simple reason that overreaching policing skews into being abusive. Police could always argue abusive policing "helps prevent crime" same as copyright maximalists could argue DRM "helps prevent piracy". But both would be invalid due to overreaching nature or such policing.
To put this concept into perspective. DRM runs on your personal device, in your personal digital space, for the benefit of someone who tries to police you, treating you as an a priory criminal. So conceptually it's not any better than what fourth amendment is aimed to prevent.
Excusing such concepts with "market forces" is simply cringe.
Describing it as "anti user" is theoretically correct but practically incorrect. It's true that it might prevent mods and possible future uses if the servers go down, but in practice, users don't care, as is demonstrated by the fact that games that contain Denuvo routinely sell in the millions and users have no idea it's even there, and they will never know.
Overreaching?
I don't know. Companies put out a product, you're free not to buy it if you don't like it. That's one of the reasons why I call this natural market forces.
> So conceptually it's not any better than what fourth amendment is aimed to prevent.
That's a gross exaggeration. The Fourth amendment is about unreasonable searches by the government, I completely fail to see how willingly buying a digital product from non governmental organizations is connected to Fourth amendment in any rational way.
Again, at the end of the day, nobody forces you to buy that product, hence "natural market forces".
The fact that millions of these games are being bought every month tells me users don't feel that whatever flaws, perceived or real, Denuvo has matters less to them than playing these games.
You get the point of why the above is wrong. DRM is wrong exactly for the same reason. The ethical problem with DRM is that it invades your digital privacy based on presumption of guilt.
Whether users care or don't care doesn't really affect the concept. A lot of things in digital space are less tangible for people to care becasue they are clueless, which doesn't mean these things aren't as dangerous and damaging when abused.
And those are fundamental problems, before we even get to bad consequences that you mentioned, like DRM damaging digital preservation, losing access to your purchases and so on, which are bad too, but not on the level the above is bad.
So to sum it up, DRM is always anti user in many senses.
If I willingly let them in my home and I knew they were going to do that? I don't really have the option to complain, do I?
Your analogy doesn't make sense. People buy the game, Denuvo is clearly advertised on it. They have the option to not buy the game. Period. It's not overreach if I willingly accepted the reach.
> So to sum it up, DRM is always anti user in many senses.
How do you reconcile this claim with the fact that Denuvo games sell by the millions every month?
The abusive and overreaching nature of DRM was expressed pretty clearly by those who actually abused it:
https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...
> The industry will take whatever steps it needs to protect itself and protect its revenue streams ... It will not lose that revenue stream, no matter what ... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source – we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC ... These strategies are being aggressively pursued because there is simply too much at stake.
Note the repeated usage of "your" which increasingly creeps into user's private digital space. Being in denial about this isn't an excuse for these problems.
> Being in denial about this isn't an excuse for these problems.
I'm not in denial, I know exactly what Denuvo entails. Whenever I buy a game with Denuvo (which pretty much never happens any more), I know exactly what I'm giving away, and I'm doing so because I'm getting something in return.
Similar situation to someone dropping their business card in a jar at the exit of a restaurant with the hope they'll win a free meal. They give a bit of personal information because they think they'll receive more in return.
You don't get to take away the choice of customers to decide how to manage their information.
As long as everyone is free to make that choice, nobody is getting hurt and the market forces will ultimately land on an equilibrium, like we have today.
They express the intent behind DRM very precisely. I don't see anything about it being an exaggeration. DRM proponents will try to control as much as they can grab. There is no excuse for unethical garbage like that.
That's an extremely bold claim. There are many games which are successful and don't use Denuvo. In fact I'm quite sure there are more successful games that don't use Denuvo, then those which use it - so I don't believe that "whenever [I'm] playing and enjoying a game" it was "most likely" created thanks to Denuvo.
And then there are people like me who simply refuse to play any game which uses Denuvo. There are thousands of excellent games out there, why should I waste time on those which treat me as a thief?
I never made that claim, please reread what I wrote, but here is my point again.
When you play a game from a publisher, they were able to create it because their previous games sold well. Therefore, anything that allows games to sell well is a positive for the entire gaming community, creators and players.
Denuvo is an important part of this picture, but it's obviously not the only one.
> And then there are people like me who simply refuse to play any game which uses Denuvo. There are thousands of excellent games out there, why should I waste time on those which treat me as a thief?
That's great, and I do that as well. And this is one of the reasons why Denuvo is not anti-user: everyone has the choice to not support it.
I didn't play MH:World on PC but from what I have seen MH:Wilds suffers from piss-poor optimization that is unrelated to the (two!) DRM they have put in. It may be Denuvo, but from what I've seen, it is just the usual laziness that is prevalent in most AAA games today. Instead of spending the performance budget where it matters by having programmers collaborate with artists, they just throw everything at the engine which ends up overwhelmed and in turn throws everything to DLSS and framegen resulting in an ugly mess (but a raytraced ugly mess!) if you don't have the latest overpriced hardware.
And it may be the same problem with Denuvo. Denuvo doesn't have to cause massive performance problems, but developers have to implement it correctly, using license checks sparingly, and certainly not in performance-critical code.
Also note that when the publisher removes Denuvo, it may also come with other performance optimizations, not everything comes from the removal of Denuvo.
You are not wrong about the additional failure of AAA to keep their games optimized but the ways denuvo affects performance are particularly insidious.
There is pretty much zero evidence that this is true and some credible evidence that it is untrue.
For example, plenty of games have had Denuvo removed after a few months by the publisher and showed zero improvement in performance.
This fake narrative is being pushed by software pirates bitter that Denuvo is being so effective at preventing them from stealing games.
Do you also abstain from other DRMs as well, or just some in particular? They can be quite nasty, and mobile games are also pretty horrible for privacy as well. As a compromise for myself, I use a separate Windows for gaming, and I have almost no real data on that partition.
op is top
Don't play AAA slop
mdaniel•1d ago
alias_neo•1d ago
The experience for me, when I buy a game, is that I either don't buy one with DRM, or, I buy one that _might_ work, and then I spend a little while trying to get the right version of Proton that runs correctly, and get banned / blocked temporarily for switching my machine identifiers or something too much.
It really is a sick joke that the experience for gaming, music and video is all far, far better for those who _don't_ pay than for those who do.
Kokouane•1d ago
Denuvo is effective enough that if a game has it, it is almost impossible to pirate. So in most cases, it is either pay or do not play the game at all.
There was one key player who knew how to crack Denuvo DRM. They went by the name Empress but haven't cracked anything in the past year, and also mentally deranged, often including very transphobic rants in the NFO file of the torrents they release.
alias_neo•1d ago
That's still a net win for the pirate I'd argue; for them it's zero steps to "don't play the game at all", for someone like myself it's pay->waste time trying to get it run and fail->refund/no-refund.
charcircuit•1d ago
protimewaster•1d ago
kbolino•1d ago
josu•1d ago
It's self fulfilling though. Some people won't behave nicely if a game comes with Denuvo.
izzydata•1d ago
I can understand the argument against DRM in general and owning things you buy, but that seems like a different problem.
RedCardRef•1d ago
https://youtu.be/1VpWKwIjwLk?si=JxjXuhJJAutXp1ww
izzydata•1d ago
The disk space usage is weird, but 100mb to 300mb executables is irrelevant in the age of terabyte drives and 50gb game installs.
Nice to confirm that there was no way I was ever going to notice its impact.
nneonneo•1d ago
izzydata•1d ago
Cold_Miserable•1d ago
I think the goal should be to fool the checks rather than remove the encryption which would be a nightmare. CPUID can output whatever you want, it just reads MSR's. I'm sure there are possibilities to use kernel drivers to make windows functions also read out whatever you want.
nneonneo•23h ago
Oh and if you actually do distribute a crack that uses a stolen license file, they’ll ban the heck out of the hardware identified in the license (and probably any user/account/Steam IDs they manage to hoover up), which will no doubt be an annoyance to a cracker.
DrammBA•14h ago
Where did you see this? I quickly skipped through both videos and saw 5-20% difference in average framerates, 20%+ difference in 1% lows which is what makes a game feel choppy/laggy, and 5-10+ seconds difference in loading times.
And going by the techniques explained in the OP those numbers make complete sense, that's the cost I would expect for the advanced obfuscation/protection Denuvo uses.
onli•1d ago