Is Denuvo Dying?

Before we begin, I recommend reading: Analog Hole

The Foundation:

For decades, video game piracy has been a persistent issue, severely impacting nearly every popular title on the market and costing the industry billions of dollars in lost revenue. In response, game developers and publishers have implemented various countermeasures, with Digital Rights Management (DRM) emerging as the most widely adopted tool to curb illegal distribution.

What is Denuvo?

Denuvo is an Austrian company that develops anti-tamper and DRM software, later acquired by Irdeto. Denuvo’s anti-piracy stack was developed in 2014 and first used in FIFA 15. The Chinese warez group 3DM tried to crack FIFA 15 quite aggressively but failed to do so with a stable cracked version for more than a hundred days. 131 days to be precise.

Like almost every other game out there, it was eventually cracked. Right?

While this is an accurate statement, let’s dig deeper here. Denuvo became a GOLD standard for video game protection post this success, Yes, it is indeed a success. How so? Let me explain this phenomenon-

Denuvo also acknowledges the fact that “every game eventually gets cracked” but the primary benefit in delaying this as much as possible is in the initial sales. Most games are able to build significant hype on their release and that is when most purchases happen, the first hours, days and maybe even weeks are incredibly important for a game publisher as they stand to make or lose the most money within this period. So all Denuvo had to do was delay the inevitable. Thus by delaying a stable cracked version long enough you have sold the game to likely a majority of buyers with potential to spend.

So this success established Denuvo as the undisputed champion in video game protection?

Yes, emphatically. However Denuvo has had its own set of challenges. Some games were cracked much earlier for some of the later titles. Denuvo and other DRM software have attracted criticism from the gaming community for several reasons, some of which are highlighted below:

• Performance Bottlenecks: Reduction in framerates has been a constant criticism, such is the severity that some gamers with a licensed purchase went on to install the pirated copies and confirmed they achieved better framerates which meant a smoother experience. This has been confirmed with some tests as well for games that were made Denuvo free a few months after release. There are also issues with games stuttering quite frequently due to the background processes - encryption/decryption.
• Outages: Any outage to the backend DRM server will lead to an authentication failure for games that require periodic authentication/license checks with these servers. This is to mitigate cracked versions of the game from remaining online for long.
• Abandonment: Probably the biggest risk. Tomorrow if Denuvo or the respective DRM vendor goes out of business the authentication/license checks would fail and lock you out of the game though you have a legitimate copy. The most at risk are the old/legacy titles that released with all these fancy content protection features and 10 years down the line the publisher may not bother maintaining these online services thus locking you out of these old titles permanently thus there is a popular opinion in the industry that pirates do more to preserve such titles than publishers as they would have cracked these titles and published a copy which does not require such checks.

The end is near?

Looks like it. TheDenuvOwO (a team/group often associated with users like kirigiri, 0xZeOn, and formerly known as MKDEV) have discovered what is quite an unprecedented method to break Denuvo. This method is so good that it could spell death for Denuvo’s piracy protection business. The chances of recovery are are quite slim.

What is this method and why is it so difficult to recover from?

The Hypervisor bypass. This is not your traditional cracked version of a new game. This method bypasses anti-piracy softtware at the Hypervisor. This is a sophisticated technique which involves creating a virtual environment (Hypervisor) that operates below the operating system thus intercepting DRM checks which are then responded to with fake data to bypass DRM checks. The Hypervisor operates at Ring -1, essentially underneath the operating system hence the nickname “The God Mode”. Ring 0 is the OS Kernel. This level is more privileged than the operating system kernel (Ring 0).

Does this pose a risk if I choose to break game protection with this method?

Firstly we do not recommend any form of piracy as it’s illegal and a punishable offense in most (if not all) countries. However if someone decides to use the hypervisor-based bypass to circumvent DRM they would need to turn off many security features (OS level checks - disabling secure boot, driver signature checks etc.). With this you are punching a deep hole into your computer as these security checks prevent kernel-level malware, rootkits etc. These vulnerabilities could be exploited by bad actors to inject malicious software that could take control of your OS or exfiltrate data etc.

Please note the operating system is at Ring 0 and so is your antivirus software (well at least the real-time protection part of it) while the Hypervisor operates at Ring -1 hence the antivirus loses its efficacy too, it cannot see what is happening at Ring -1 hence cannot protect you from vulnerabilities at this level. Denuvo DRM operates in Ring 3.

The Landscape.

This method has changed the landscape entirely. Denuvo’s key selling point to game publishers was the fact that their system could delay the game from being cracked for weeks if not months. These first few weeks/months are extremely critical for publishers to not only recover their money but also to make profits on their titles. Now with this method the Denuvo protection mechanisms are being bypassed within a few hours of the game release thus most major game reviewers and analysts have declared this as the death knell to Denuvo’s current content protection offerings.

How is Denuvo responding to this threat?

Irdeto has stated they are working on updated versions however this is not going to be easy. If they were to succeed they would likely require some kind of intervention from OS vendors along with daily license checks (which could be bypassed as well).

If you had to bet on any one vendor to overcome this seemingly daunting task it would be Denuvo/Irdeto thanks to their decade long legacy. They have been in this cat and mouse game for a very long time and they know what needs to be done - All that is needed is they stop the game from being cracked/bypassed for a few weeks if not months which was their previous state. Now can they find one more defense in them that takes them back to this state? We will find out soon.

This concludes today’s post. Thank you for reading.