You must log in or # to comment.
Sounds useful for reverse-engineering use but impractical for end users.
Hypervisor is too much of a security risk for me to want to use it. I’ll either get the game without Denuvo on console, wait for it to be removed, or not play it at all.
FuckDenuvo. Let’s see to which lengths they’ll go to block hypervisor.
This crack sounds too scary to use. Impressive, but scary.
As usual for any DRM company or publisher, Irdeto also claimed that downloading games with the bypass is a security concern, but this time around, the company has a valid point.
Using the hypervisor bypass, even in its latest incarnation, requires users to… [install] a community-made hypervisor (HV) with Windows running on top of it. This HV fakes responses to the checks that Denuvo makes, and runs with higher permissions… than the operating system itself and has full, nearly untraceable access to hardware and software.
I wouldn’t touch this without air-gapping the machine it’s run on. The funny thing here is that Denuvo can’t do much to prevent this hack.
The HV is intentionally malicious and modifies the guest on the fly to archive the Denuvo hack. The hack requires to disable all major security protections in the victim OS, so the HV can more freely poke at the victim kernel. A
jne-instruction to check if running under a compromised HV? It’s now anop-instruction.The HV has access to everything that is plugged in physically, or run on top of it. In theory it e.g. extract encryption keys of https connections from any process in the guest.
Well, you could potentially get a cheap office special PC to use as a guinea pig. (Depending on what it takes to run this software)
The problem with well-coded malware is it won’t execute unless it thinks it’s not being watched. And based on everything else in this article, it sounds like you’d also be opening your computer up to other parties exploiting security holes in the process.
So a separate computer might work, but it would have to stay separate.
If you think that’s scary wait til you hear about what it’s circumventing is capable of.
On a technical level… Less.
The exploit completely guts and opens up your system to pretty much anything. More access than even denovo.
Use the included scripts (or manually do it yourself or make your own script) to re enable everything after you’re done playing the game and reboot the system. I’d also leave the router unplugged while you play. This denovo bypass seriously leaves your system super unsecured. Only get your games using this exploit from very trusted sources and don’t be lazy about enabling everything again and rebooting before plugging back into the internet.
It’s pretty funny how things have turned out. 20 years ago (and now, really) we had rootkits as DRM, now we’ve got rootkits as game cracks.
Nasty stuff I don’t want on my computer either. As an amateur, was really hoping the cracks would remove it, not circumvent it…
Wow, wait until you hear about the Intel Management Engine
Do you have a moment for our lord and savoir Coreboot? Also RISC
Empress building a high end botnet?
Would running an os in a separate partition just for games mitigate the risks?
Not really? No reason it couldn’t just read those separate partitions too
lol, get rekd, malware.
DRM to prevent copying games without official license has always been a waste of money. It is always just a matter of time until even the hardest DRM measure is broken. Always has been like this. I remember when Ubisoft was very proud of their new fancy DRM shitware that prevented running unlicensed copies of some Assassin’s Creed title, only for it to be cracked a month later and the crackers saying “thanks for this interesting challenge”.
Not only has that always been the case, but that’s the only possibility: DRM, on a fundamental level, is just encryption where Bob and Eve are the same person.
(For the uninitiated, the basic problem statement for cryptography is that Alice wants to send a message to Bob without Eve knowing what it says.)
‘Loss’ due to piracy was always like 3%. It costs way more than that for this mess. They don’t have to be good, just annoying enough to keep 97% of people paying.
Sure, it’s always been a question of time, but Denuvo has been very effective for decades. There were very few people who were able or willing to crack Denuvo games before. Publishers really only cared about the initial release anyway, and after a few months, it wasn’t worth paying for it anymore so they’d remove it from their games.
Suck my balls Denuvo
Lmao, fucking fantastic. Hope they crash and burn.
Noice
Finally get to check out Black Myth. Still won’t buy it until it just doesn’t have Denuvo at all, tho.
There is 0 details on specifics of how Denuvo was broken. Article goes into detail why Denuvo is bad and not much more (which is also debatable because vast majority of Denuvo implementations do not cause performance impact).
A custom driver emulates the environment of an already activated token to the DRM. It’s comparable to root hiding techniques on Android.
Thank you, I found it - just commenting on how entirely unhelpful this article was.
FitGirl wrote some decent information about the tactic on their website. There’s already repacks specifically marked as Hypervisor repacks.
Every single aspect of DRM, whether it is denuvo or otherwise, is either neutral or negative for the end user.
Correct but irrelevant to what I’ve said, which is that the performance impact of Denuvo is usually minimal. There’s a couple of very bad cases that got a lot of publicity but there’s boatloads of Denuvo games running fine.
It’s cool Denuvo was cracked. It’ll be fixed eventually and the never ending game of cat and mouse continues.
It’s not about performance for me. I’m not paying for a single player offline game that requires internet. I was around for the Spore DRM. That started with 3 activations and having to call EA for more. Even the current 5 activations per day is too restrictive, as I’ve heard changing proton version counts as an activation. If I don’t own it (yes technically you don’t steam games, but I think I could easily bypass steam protection and still play my games if it came down to it) I’m not buying it.
How is that relevant to anything I’ve said. It’s like this article, „forget what this news is about, let’s dunk on Denuvo”. I guess they know their audience.
article goes into why Denuvo is bad but not much more (which is debatable…
I mentioned why denuvo is bad. I wasn’t replying specifically to your argument about performance, because that’s only a slice of the reason why denuvo is bad.
