Denuvo, the strongest game DRM available, has allegedly been cracked

Scorpus

Posts: 2,159   +239
Staff member

To say that pirates have had trouble cracking Denuvo anti-tamper technology is an understatement. Pretty much every game that uses Denuvo DRM has remained uncracked, thanks to the extremely tough and very well engineered systems that prevent crackers from modifying game files without causing errors.

In the last couple of days, however, it appears as though a cracking team has finally managed to defeat Denuvo. TorrentFreak is reporting that 'scene' group CONSPIR4CY has released a version of Rise of the Tomb Raider that includes a full crack for Denuvo, the DRM tech that has prevented pirates from playing the game for free since its launch in January this year.

This Denuvo crack comes shortly after a bypass system for the DRM tech was discovered over the weekend, and then promptly patched by the developers of Denuvo. An exploit that used the Doom demo's Denuvo activation system allowed pirates to bypass Denuvo in other games, although this exploit was only usable for around three days before it was disabled.

However with the release of a cracked version of Rise of the Tomb Raider, it seems as if current iterations of Denuvo have been properly defeated. There is hope among the pirating community that other Denuvo titles, such as Doom, Mirror's Edge Catalyst, Far Cry Primal and more, could be cracked using a similar method.

The last Denuvo game to be playable by pirates was FIFA 16, although in this game Denuvo was bypassed rather than cracked. The company behind Denuvo patched this loophole in future versions of their DRM technology, which is why other games that use Denuvo have remained uncracked for so long.

There is a strong chance that whatever unpatched exploit has been discovered in Denuvo will be patched in a future version, however this will do little to prevent pirates from playing existing Denuvo titles.

Permalink to story.

 
The DRM they are using these days is getting insanely difficult to crack. But that also means it can be very intrusive and cause legitimate customers serious hassles. The constant battle between the cracking community and the devs is very tiring. I really wish some of the devs would just go back to the DRM free policy (remember Elder Scrolls: Oblivion just had a standard CD check? Well it sold well on PC). I admit that the Denuvo team did something amazing by creating a DRM that took so long to crack on PC. They don't have the benefit of hardware encrypted DRM that's built into gaming consoles, so they really have to be creative to prevent crackers from beating their software DRM.

However, as the saying goes, every copy protection system can be bypassed. It's just a matter of when. It's getting to the point where hardware based DRM is good enough now. Just look at Sony's PS3 as a good example. It was only cracked once (GeoHot) and even though GeoHot said it could NEVER be locked back down, it was quickly locked back down and he was taken to court. The only way to crack one is to have the old FW that he cracked and it's virtually impossible to downgrade once the FW has been updated past that. I haven't even looked into the PS4's DRM but I'm sure it's sound. On the PC, they will ALWAYS have trouble keeping their games crack proof so I think they should just save the millions of dollars they put into the DRM, which always fails in the end.
 
The DRM they are using these days is getting insanely difficult to crack. But that also means it can be very intrusive and cause legitimate customers serious hassles. The constant battle between the cracking community and the devs is very tiring. I really wish some of the devs would just go back to the DRM free policy (remember Elder Scrolls: Oblivion just had a standard CD check? Well it sold well on PC). I admit that the Denuvo team did something amazing by creating a DRM that took so long to crack on PC. They don't have the benefit of hardware encrypted DRM that's built into gaming consoles, so they really have to be creative to prevent crackers from beating their software DRM.

The good thing about Denuvo, unlike other DRMs like SecuROM, is that I haven't had a single issue playing my legitimate Denuvo-protected games.

I'm sure some people have, but it seems these complaints are relatively minor unlike the old days
 
What I would like to know is what positive influence Denuvo had on developers sales? And therefore, will the extra steam... I mean, stream of money will allow them to improve both the support of their current games and the quality of their future products? While in the past devs were crying out loud billion dollar losses from pirate hands, they are awfully quiet now about (I assume) billion dollars revenues?
 
What I would like to know is what positive influence Denuvo had on developers sales? While in the past devs were crying out loud billion dollar losses from pirate hands, they are awfully quiet now about (I assume) billion dollars revenues?
Let's put it this way - given Ubisoft swore blind that PC gaming suffered from 95% rates of piracy (each one seemingly accounted as a "lost sale"), given that Far Cry 3 had 2.86m owners, you'd expect over 50m sales for the Denuvo ones right? Far Cry Primal (Denuvo) = ...wait for it... 189k. Anno 2070 = 838k. Anno 2205 (Denuvo) = 84.5k. Tomb Raider (2013 = 4.17m. Rise of the Tomb Raider (Denuvo) = 943k.

Hmmm. It's almost like their prior claims of lost sales due to "95% piracy" are 100% pure unadultered bullsh*t.

And therefore, will the extra steam... I mean, stream of money will allow them to improve both the support of their current games and the quality of their future products?
Bwahahahaha! Great joke there! Made me laugh. :-D
 

Maybe if you compared something that matters, like first month sales, your figures would have some point. It's silly to compare sales of old games and new games. Tomb Raider's lowest price on Steam was $3, it's regularly sold for $5 or less, and was even available for $1. Rise of the Tomb Raider's lowest Steam price was $39. So with this context the 943k figure suddenly looks quite good.
 
Maybe if you compared something that matters, like first month sales, your figures would have some point. It's silly to compare sales of old games and new games. Tomb Raider's lowest price on Steam was $3, it's regularly sold for $5 or less, and was even available for $1. Rise of the Tomb Raider's lowest Steam price was $39. So with this context the 943k figure suddenly looks quite good.
Unfortunately SteamSpy isn't that detailed. Do let me know though when ROTT's PC-only sales hit 79m and I'll happily correct the "95% piracy claims are BS" premise above. ;-)
 
I'll happily correct the "95% piracy claims are BS" premise above. ;-)

I don't think you're wrong, I just don't think you should be using bullshit stats to prove it.

I'd actually find it interesting to see any comparison which proves (or at least indicates) something either way. I.e., that having pirated versions helps or hinders sales in any way. What I do know is that good availability and low prices lower piracy.
 
The good thing about Denuvo, unlike other DRMs like SecuROM, is that I haven't had a single issue playing my legitimate Denuvo-protected games.

Good luck playing "your" games after Denuvo servers are shut down.

Main reason why I boycott Denuvo 100%.
 
I'll happily correct the "95% piracy claims are BS" premise above. ;-)

I don't think you're wrong, I just don't think you should be using bullshit stats to prove it.

I'd actually find it interesting to see any comparison which proves (or at least indicates) something either way. I.e., that having pirated versions helps or hinders sales in any way. What I do know is that good availability and low prices lower piracy.

100% Agree with this. After BSim500's first comment I immediately thought "Well that's not a fair comparison at all".
Also, you can't assume that piracy is a lost sale when it's been proven (at least in the music industry) that pirates buy more than those who don't pirate.
A significant proportion of the Piracy community are there to try before you buy, download things in other formats from ones they already own for convenience (Like downloading Skyrim on PC for mods if you already own it on Xbox, or downloading a TV show you could easily watch on a channel you pay for for convenience) so do eventually buy what they torrent.
 
The DRM they are using these days is getting insanely difficult to crack. But that also means it can be very intrusive and cause legitimate customers serious hassles. The constant battle between the cracking community and the devs is very tiring. I really wish some of the devs would just go back to the DRM free policy (remember Elder Scrolls: Oblivion just had a standard CD check? Well it sold well on PC). I admit that the Denuvo team did something amazing by creating a DRM that took so long to crack on PC. They don't have the benefit of hardware encrypted DRM that's built into gaming consoles, so they really have to be creative to prevent crackers from beating their software DRM.

The good thing about Denuvo, unlike other DRMs like SecuROM, is that I haven't had a single issue playing my legitimate Denuvo-protected games.

I'm sure some people have, but it seems these complaints are relatively minor unlike the old days
Hopefully Denuvo did learn from their crap SecuROM. SecuROM started having trouble with anything Win7 or newer and was totally hit or miss. I wonder if Denuvo anti-tamper has such a reliance on the OS itself...Although one being a DRM and the other anti-tamper, hopefully such a problem doesn't exist.

The good thing about Denuvo, unlike other DRMs like SecuROM, is that I haven't had a single issue playing my legitimate Denuvo-protected games.

Good luck playing "your" games after Denuvo servers are shut down.

Main reason why I boycott Denuvo 100%.
Well you've been "boycotting" over something that doesn't exist. Denuvo merely protects DRM files and isn't one itself, hence anti-tamper. It has no server to work with. Steam, Origin, Uplay, etc still do all the server communication and authentication. Tldr: Denuvo isn't DRM.

@Tim Schiesser : Maybe you should fix your title. Denuvo isn't DRM and just protects the in place DRM.
 
Last edited:
Well you've been "boycotting" over something that doesn't exist. Denuvo merely protects DRM files and isn't one itself, hence anti-tamper. It has no server to work with. Steam, Origin, Uplay, etc still do all the server communication and authentication. Tldr: Denuvo isn't DRM.

Wrong. When you put steam into offline mode, you can play games offline mode for long time. Does not apply to some games, those that ... (make a guess).

Also without Denuvo, Steam/Uplay etc cannot patch Denuvo's CPU checks so Steam/Uplay always work with co-operation with Denuvo. Easiest way for this is Denuvo DRM servers.

Want more proof, look there http://www.neogaf.com/forum/showpost.php?p=204554239&postcount=217

So essentially Denuvo IS always-online DRM. No matter what marketing BS says.
 
Lords of the Fallen got cracked a while after release.

That game was notorious for bad performance that people blamed the DRM for.

I need to see if there's a detailed report on performance of the game with Denuvo compared to the cracked version..

All I can say, screw DRM. Steamworks is the only DRM I'm totally fine with, because it's beneficial to the consumer. Other than Steam, it's GOG or bust.

Oh and lost sales from piracy.. LUL.
 
I dont know the first thing about DRMs, and wont comment on such.. but I was thinking maybe if they offered more demos, and ease of returns, some policies for people to try games before they buy them, or free trials. Often times I only pirate a game if I'm not sure I'll like it. For example, We Happy Few. The game looked pretty good, and interesting, however I played it for about 30 minutes the first night and havent opened it back up since. Glad I didnt buy it! (I'm aware this was on Steam and Steam offers a return policy, which I've used quite a bit, but is still a little hassle, then the money is ONLY put back into your Steam account, NOT your bank account.)

How many people know to look for pirated games? I'm assuming most of you here do, because you are all tech savvy fellows who visit Techspot. I'll tell people to download something online, and they always tell me they dont know where or how to find it.... of course I always think, "Reaaaaalllly???? You mean to tell me you dont know how to use a search engine?" Pretty much everything I know about computers, is due to computers and the internet. I guess that all started with someone teaching me to use Google every time I have a question, and now when I do, it's like a natural reaction to search that question or whatever online.
 
I dont know the first thing about DRMs, and wont comment on such.. but I was thinking maybe if they offered more demos, and ease of returns, some policies for people to try games before they buy them, or free trials. Often times I only pirate a game if I'm not sure I'll like it. For example, We Happy Few. The game looked pretty good, and interesting, however I played it for about 30 minutes the first night and havent opened it back up since. Glad I didnt buy it! (I'm aware this was on Steam and Steam offers a return policy, which I've used quite a bit, but is still a little hassle, then the money is ONLY put back into your Steam account, NOT your bank account.)

How many people know to look for pirated games? I'm assuming most of you here do, because you are all tech savvy fellows who visit Techspot. I'll tell people to download something online, and they always tell me they dont know where or how to find it.... of course I always think, "Reaaaaalllly???? You mean to tell me you dont know how to use a search engine?" Pretty much everything I know about computers, is due to computers and the internet. I guess that all started with someone teaching me to use Google every time I have a question, and now when I do, it's like a natural reaction to search that question or whatever online.

You aren't wrong, the lack of trials or demos isn't a good thing. Most people have to substitute Let's play videos or reviews instead. You think it would be easy for devs on platforms like steam to simply limit demo users to 1 hour of gameplay. Heck devs could even offer discounts to those at the end of their demo time or they can ask the user to give the same a shoutout on social media if they liked it.
 
Last edited:
Developers should always release a chapter or partial chapter of any game with full features that they release. With the prices they want to charge, why shouldn't a potential buyer have the opportunity to justify the expense. If the developers are confident that people will like game, then why aren't they're showcasing it? Games today are often long and offer many hours of playability. Most people are honest and very much willing to fork out the cash for a game that they like. Without rewarding the developers for a job well-done, most recognize that it would eventually lead to low quality games or none at all. We(most) all have jobs and nobody wants to work for free. There will always be those who will thumb there nose and pirate everything that they can just because they can. It's a hassle and takes time to find one that actually works all the while hoping you don't get a virus.
 
Well you've been "boycotting" over something that doesn't exist. Denuvo merely protects DRM files and isn't one itself, hence anti-tamper. It has no server to work with. Steam, Origin, Uplay, etc still do all the server communication and authentication. Tldr: Denuvo isn't DRM.

Wrong. When you put steam into offline mode, you can play games offline mode for long time. Does not apply to some games, those that ... (make a guess).

Also without Denuvo, Steam/Uplay etc cannot patch Denuvo's CPU checks so Steam/Uplay always work with co-operation with Denuvo. Easiest way for this is Denuvo DRM servers.

Want more proof, look there http://www.neogaf.com/forum/showpost.php?p=204554239&postcount=217

So essentially Denuvo IS always-online DRM. No matter what marketing BS says.
That was my bad to say no servers at work, not sure what I was thinking about then. But to be specific about it, it's only technically for the first activation on a system, assuming no major changes happen. Even says so on their own site, as well as the person's post you referenced with the traces. However then that means that a game that won't work offline ever, such as the ones you talk about, could be due to a developer decision. Not sure if either there's a TTL (aka lifetime) for a check when your system goes offline either (I.e. Can a system remain offline for 30 days and still access the game). So as far as I know, it isn't technically an always-on connection. Some games like MGS5 seem to be, but others don't...the former had a hurdle to go through if you didn't want to be present in the online world.

My laptop that I played Far Cry Primal on while traveling was on 3 days offline the last I played it. I'll try it again out of curiosity since it's around 10 days since I've used it at all, so hasn't gone online for all that time.

You do make me want to get a white paper from them though. Would make an interesting topic for another security course I have to take :)
 
That was my bad to say no servers at work, not sure what I was thinking about then. But to be specific about it, it's only technically for the first activation on a system, assuming no major changes happen. Even says so on their own site, as well as the person's post you referenced with the traces. However then that means that a game that won't work offline ever, such as the ones you talk about, could be due to a developer decision. Not sure if either there's a TTL (aka lifetime) for a check when your system goes offline either (I.e. Can a system remain offline for 30 days and still access the game). So as far as I know, it isn't technically an always-on connection. Some games like MGS5 seem to be, but others don't...the former had a hurdle to go through if you didn't want to be present in the online world.

My laptop that I played Far Cry Primal on while traveling was on 3 days offline the last I played it. I'll try it again out of curiosity since it's around 10 days since I've used it at all, so hasn't gone online for all that time.

You do make me want to get a white paper from them though. Would make an interesting topic for another security course I have to take :)

You need to connect those Denuvo servers also if you change hardware. It's not always online like that Ubisoft system that required constant internet connection but it anyway requires connection to Denuvo servers after certain time period. So even if you activate Dnuvo game, you need to reactivate it after some time and so Denuvo can be called online-DRM.

I think you can prepare for this http://I.imgur.com/hm32xle.png

Denuvo don't publish any spesific white papers as they fear cracks.
 
Myself, I always question the claims of sales lost from piracy. They like to tie it all up as every pirate download is a sale lost. That simply is not even close to being the truth. A lot of peeps who download a pirate game would not buy it in the first place and a lot of peeps who download a pirate game will end up buying it anyway. The game makers should look at it as free advertising. I just question the whole premise of sales gained from DRM vs the DRM cost of doing business. There never could be facts to show one way or another (too many variables), it's all speculation which ends up being turned into fact with no real evidence or dubious evidence at best. Personally I think it's all bullshit and it puts a smile on my face every time I hear some DRM has been cracked.
 
Back