Denuvo has been cracked in all single-player games it previously protected

Posted by oceansky 5 days ago

Denuvo has been cracked in all single-player games it previously protected(www.tomshardware.com)

366 points | 216 commentspage 3

odie5533 14 hours ago|

Great news! I can finally feel comfortable buying games that have Denuvo day 1!

selectodude 14 hours ago|

Tough to decide who I trust less, denuvo or a ring-0 hypervisor I downloaded off BitTorrent.

MagicMoonlight 2 hours ago||

Oh shit. I just realised you could use LLMs to crack these protections. They almost entirely depend on adding bloat to make it hard to crack. That’s over now.

deno 16 hours ago||

This will be used as reason to introduce remote attestation to games.

Gigachad 15 hours ago|

That already is how it works. Denuvo can not authenticate your game without internet access.

no_time 6 hours ago||

well, right now Denuvo "remote attests" in a Play Integrity "MEETS_BASIC_INTEGRITY" sense that it has no hardware backing and relies on checking your runtime enviroment for signs of tampering manually and obfuscating said checks.

The endgame is certainly flexing the machinery that is being built up over the last 20 years and spawning a SEV-SNP container on your machine that cannot be debugged, inspected and modified in any way. I don't think this is possible as of writing though.

Neywiny 5 days ago||

Once again I'm at odds with TH reporting. Of course you can spoof a server. That happens all the time, especially with videogames. You may not immediately be able to figure out what the call/response is, but without knowing what the check is, it could just be a simple endpoint that returns "true" on every request. Very speculative to say that whatever they do will be impossible to mimic.

Kirby64 5 days ago||

> You may not immediately be able to figure out what the call/response is, but without knowing what the check is, it could just be a simple endpoint that returns "true" on every request. Very speculative to say that whatever they do will be impossible to mimic.

It’s trivially easy to use a signed response that is encoding some part of the metadata of your system in the signature to make it impossible to emulate the server. Don’t think the Denuvo devs would be stupid enough to provide a “return true” request for a server call.

Can the underlying function that checks if the server call is correct be bypassed? Sure, but that’s much harder.

jospeh554 5 days ago|||

Cryptography goes BRRRRR, with a proper implementation of cryptography you'd need to do things like patch out the keys in memory in order to "spoof" messages.

pen1slicker 16 hours ago||

[dead]

m3kw9 18 hours ago|

A great use of LLM