New Cracking Group May Have Delivered Denuvo Its Death Blow

from the we-hardly-knew-ye dept

Our posts about Denuvo have come at so furious a pace as of late that it feels silly to do any sort of recap here at the start of this post. If you aren't up on the DRM's saga, go read through our reporting, because it's a fascinating study in both hubris and inevitability in the DRM space. Suffice it to say that Denuvo was once thought to be an unbeatable DRM, except that in the past few months the timeline for breaking through it and cracking the games it is supposed to protect has been whittled down to mere days.

Through it all, Denuvo has made noise about the benefit of keeping games protected even for those first few days when games initially are released. Thanks to a new player in the group battling against Denuvo, it seems that claim may come to a dramatic and violent end. This chiefly has to do with the way a group calling itself SteamPunks cracked the Denuvo-protected game Dishonored 2.

Rather than simply pre-crack (remove the protection) from Dishonored 2 and then deliver it to the public, the SteamPunks release appears to contain code which enables the user to generate Denuvo licenses on a machine-by-machine basis. If that hasn’t sunk in, the theory is that the ‘key generator’ might be able to do the same with all Denuvo-protected releases in future, blowing the system out of the water. While that enormous feat remains to be seen, there is an unusual amount of excitement surrounding this release and the emergence of the previously unknown SteamPunks. In the words of one Reddit user, the group has delivered the cracking equivalent of The Holy Hand Grenade of Antioch, yet no one appears to have had any knowledge of them before yesterday.

Only adding to the mystery is the lack of knowledge relating to how their tool works. Perhaps ironically, perhaps importantly, SteamPunks have chosen to protect their code with VMProtect, the software system that Denuvo itself previously deployed to stop people reverse-engineering its own code.

Now, VMProtect is the security software that Denuvo is currently being accused of having used within Denuvo without properly licensing it. That accusation was made semi-anonymously on internet forums by a purported VMProtect employee. Shortly after that accusation, both Denuvo and VMProtect seemed to indicate that the claims were not accurate, with VMProtect going as far as to say everything was now properly licensed. It also indicated that Denuvo had the proper licensing for its use in the past, though whether that was applied retroactively through a more recent purchase of licensing isn't entirely clear. Because of all of that combined with SteamPunks using VMProtect in a keygen aimed at destroying Denuvo, many are drawing the obvious conclusion: there's some relationship between SteamPunks and VMProtect, possibly from a disgruntled current or former employee.

That's speculation, of course. Less speculative is what the future holds for Denuvo if this keygen works as advertised. Denuvo would barely be a roadblock against piracy, meaning it may be time to start chiseling its tombstone.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 9 Jun 2017 @ 12:56pm

    Good riddance.

    What else can I say about a story of the death of a DRM producer? :D

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jun 2017 @ 1:43pm

    All these DRM pieces are based on the problem of piracy while insisting isn't a problem. Techdirt always CHEERS failure of DRM. Here's why.

    Techdirt's position is that DRM does more harm to the company than brings benefits. -- It's mere coincidence that makes theft easy for pirates.

    Yet the fools running companies just stubbornly continue to worry about piracy! Should just put products on torrent sites, and wait for the money to roll in, right? Why don't they take Techdirt's brilliant advice?

    Because if the cultural milieu were to shift fully to notion that all content / software should be free -- including without advertising -- then HOW EXACTLY does a company ever get any income?

    ... It doesn't. Piracy itself is possible only when small relative to the number of honest people who pay the pittance, else the system would collapse and no new products put out.

    Pirates are taking value, not trading. To protect easily-stolen intellectual work from the lazy and greedy is precisely why the Copyright and Patents Clauses are in the US Constitution. New gadgets don't change the moral ground though do facilitate theft from creators.

    The above seems a lucid argument to me, entirely supported by the last hundred years of mass entertainments. -- Mass re-production by gadgets made intellectual work MORE valuable, not less! Copyright has directly enriched millions of people, and offers the rest expensive-to-make entertainments for a pittance.

    But here at Techdirt every piece on copyright jeers at the very notion of "intellectual property", and especially jeers at attempts to get income if means controlling copies. They keep chanting "new business model" without ever a working example that doesn't actually rely on the current moral milieu, of creators deserving rewards, remaining in place.

    Repeats endlessly. The pirates here at Techdirt simply refuse to concede that creators have any rights at all. They don't have a cogent argument, only demands to be entertained for free.

    And that's why I conclude that Techdirt is simply piratey kids having no concern for producers.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Jun 2017 @ 11:45am

      Re: All these DRM pieces are based on the problem of piracy while insisting isn't a problem. Techdirt always CHEERS failure of DRM. Here's why.

      And yet somehow companies like CDPR are rolling in dough after abandoning DRM for their titles. GOG is Steam's biggest competitor and DRM-free is their whole shtick.

      You seem to have forgotten that customers, not pirates, are the ones paying for games and DRM has never made me more willing to spend money. You're not entitled to my purchase any more than I'm entitled to your content.

      More to the point of the article, DRM only affects legitimate customers because pirates will inevitably crack the game anyway. Why would I want to fund your futile efforts to combat piracy when the only thing it accomplishes is removing value from the product I'm paying money for?

      reply to this | link to this | view in chronology ]

  • identicon
    Machin Shin, 9 Jun 2017 @ 1:44pm

    "meaning it may be time to start chiseling its tombstone."

    The time to do that is the second you start a DRM company. To build any DRM system is to throw down a gauntlet at the feet of the worlds hacking community saying "I am better than all you worthless slobs".

    The outcome of such a challenge is already set from the very start.

    reply to this | link to this | view in chronology ]

    • icon
      JoeCool (profile), 9 Jun 2017 @ 2:40pm

      Re:

      You're not betting that you're smarter than the hackers, you're betting that the software distributor execs are stupider than you... and I'd take that bet any time! The DRM business is all about parting a fool (the distributor exec) and his money.

      reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 9 Jun 2017 @ 2:02pm

    In last week's story Denuvo was headed for the cliff. This week they went over it, Wile E. Coyote style.

    Less speculative is what the future holds for Denuvo if this keygen works as advertised.

    This would be the puff of dust at the bottom. Unnecessary, yet satisfying to watch.

    reply to this | link to this | view in chronology ]

  • icon
    sehlat (profile), 9 Jun 2017 @ 2:05pm

    DRM will never die.

    Because there will always be idiots who tell DRM creators to "Nerd harder!"

    reply to this | link to this | view in chronology ]

    • identicon
      Thad, 9 Jun 2017 @ 3:00pm

      Re: DRM will never die.

      It died pretty conclusively in the music industry. I think it's inevitable that it'll eventually die off in other industries. Unfortunately, I don't think it'll happen soon.

      It could, though. The death of music DRM happened rapidly, as the result of a one-two punch: the labels realized they'd fucked themselves into a monopsony relationship with Apple, and Sony released a set of CDs with a rootkit on them.

      DRM is, inherently, bad for competition and bad for security. I think that more monopsonies like Apple's and more security fiascos like Sony's are inevitable; it's a matter of when, not if.

      In fact, the tipping point may have already happened, with John Deere's tractor DRM. They went and pushed it too far; now it's not just computer nerds complaining about DRM, they've gone and pissed off farmers. Result? A growing push for right-to-repair laws that would carve out important exceptions to the anti-circumvention clause.

      reply to this | link to this | view in chronology ]

      • identicon
        Paul, 9 Jun 2017 @ 5:32pm

        Re: Re: DRM will never die.

        Farmers have a lot more power then nerds, When you have 10,000 people per congress critter and 80% of them work around farming, you can get your critter to do stuff for you.

        Much less effective in non farming, higher population areas.

        reply to this | link to this | view in chronology ]

      • identicon
        Rekrul, 9 Jun 2017 @ 11:41pm

        Re: Re: DRM will never die.

        It died pretty conclusively in the music industry.

        The difference with music is that it's much easier to reproduce and play, so it's much harder to protect. There's not much point in trying to add DRM to music when a person can just hit record on their phone, another computer or even a tape deck and record the sound coming out of the speakers.

        Video is harder to reproduce, at least not without severely degrading the quality. Filming the screen looks horrible and even using screen recording software isn't perfect. Any buffering messages will get recorded as well. And even if you have a perfect connection, I have never seen a Windows machine play a video longer than a few minutes without stuttering at least once or twice. You know, because it decides that it absolutely has to access the drive a few thousand times for no apparent reason.

        Games have pretty specific needs for what they can run on. You can tweak the code, but it has to remain largely unchanged if you expect it to work properly.

        reply to this | link to this | view in chronology ]

        • identicon
          Thad, 10 Jun 2017 @ 9:21am

          Re: Re: Re: DRM will never die.

          That's a fair point in terms of the difficulty of reproduction, but I'm not sure how relevant it is to a discussion about why some media still have DRM and some don't. Ebooks and audiobooks aren't any more difficult to copy than music, and yet DRM is still extremely common on the former and almost ubiquitous on the latter.

          reply to this | link to this | view in chronology ]

        • identicon
          Darkhog, 10 Jun 2017 @ 2:19pm

          Re: Re: Re: DRM will never die.

          Regarding buffering messages, they can always be cut out just like commercials are edited out in tvrips.

          reply to this | link to this | view in chronology ]

      • icon
        Aaron Walkhouse (profile), 10 Jun 2017 @ 1:12am

        To be fair…

        …farmers have always been hardware nerds. ‌ ‌ ;]

        reply to this | link to this | view in chronology ]

  • identicon
    Darkhog, 9 Jun 2017 @ 2:37pm

    Why chisel the tombstone?

    I mean, it's a waste of precious building material and time. Unmarked grave will do in this case.

    reply to this | link to this | view in chronology ]

  • icon
    OldGeezer (profile), 9 Jun 2017 @ 2:49pm

    Key Generator: Possible Malware?

    When it already an established that this DRM can be completely removed from games why would anyone even want to generate a key that is supposed to appear real? The most recent cracker to put out a DRM free game that had this protection revealed that the latest desperate attempts by Denuvo has ramped up the phoning home checks into millions in a matter of minutes. Supposing your key could pass, who would want the horribly degraded performance when they could just get it without DRM? Key generators have long been used to spread viruses and trojan horses. Why trust this one?

    reply to this | link to this | view in chronology ]

    • identicon
      Thad, 9 Jun 2017 @ 3:08pm

      Re: Key Generator: Possible Malware?

      When it already an established that this DRM can be completely removed from games why would anyone even want to generate a key that is supposed to appear real? The most recent cracker to put out a DRM free game that had this protection revealed that the latest desperate attempts by Denuvo has ramped up the phoning home checks into millions in a matter of minutes. Supposing your key could pass, who would want the horribly degraded performance when they could just get it without DRM?

      RTFA.

      Through it all, Denuvo has made noise about the benefit of keeping games protected even for those first few days when games initially are released. Thanks to a new player in the group battling against Denuvo, it seems that claim may come to a dramatic and violent end.

      As of right now it takes days between a game's release and the release of a cracked version. Denuvo's entire value at this point derives from the premise that its DRM will work for the first few days after release.

      If there's a keygen now that will work on the day of release, then Denuvo no longer has any reason to exist. There is no financial justification for any company to pay for Denuvo anymore.

      Key generators have long been used to spread viruses and trojan horses.

      Er, and cracked game downloads haven't?

      reply to this | link to this | view in chronology ]

  • icon
    TheResidentSkeptic (profile), 9 Jun 2017 @ 3:07pm

    This is much better...

    instead of a "Golden Key" to the backdoor, we're just giving out free keys to the front door....

    reply to this | link to this | view in chronology ]

  • icon
    discordian_eris (profile), 9 Jun 2017 @ 3:08pm

    Does it work?

    reply to this | link to this | view in chronology ]

    • icon
      discordian_eris (profile), 9 Jun 2017 @ 3:21pm

      Re: Does it work?

      Oopsy, hit return instead of tab.
      ---------------------------------

      INSTALLATION:
      1.Unpack, burn or mount iso
      2.Install the game (if you already have DX, VS, ... installed
      you can uncheck those at the end of the installation)
      3.Start the Game by launching our Keygenerator from your desktop
      shortcut or from the game folder (stp-xxx.exe)
      4.That's it, Enjoy the Game

      It is that simple, and while I haven't pirated the game, I do know several people who have. It works just fine.

      The keygen is not keygen that generates a license key you then have to manually enter but a wrapper for the games .exe that generates a license specific to the PC and HDD it is installed on. Basically, the crypto keys for Denuvo were obtained by the crackers somehow. Would much rather see a full crack from someone though.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Jun 2017 @ 6:27pm

        Re: Re: Does it work?

        Sounds like this system, then, does not risk having any of its generated keys invalidate a legitimate key. I.e, nobody will buy a Denuvo game only to find their key was used first by someone using this tool.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jun 2017 @ 4:44pm

    The keygen is for Denuvo v3, doesn't work against the current v4 (used by that millions-of-hooks game) or presumably earlier cracked editions. It means that a lot of games that lack cracks are now open, but new releases are another story.

    That said, it's a crushing blow if (it probably does) v4 uses the same family of algorithm. Denuvo has almost certainly been shitting bricks.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jun 2017 @ 6:22pm

    Welp CanadianByChoice, I think you called it. Now Denuvo games that haven't even come out can be cracked.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Jun 2017 @ 7:50pm

    Steampunks is Denuvo and they just released one hell of a honeypot.

    reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 9 Jun 2017 @ 11:29pm

    I've used some cracks and keygens in the past and the one thing that always bugs me is that every single one registers as a possible virus in a dozen different anti-virus programs. Why do the cracking groups insist on using programming tools which produce executable files that anti-virus program flag as a threat? There is absolutely no valid reason for doing this.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2017 @ 6:43am

    All the DRM pieces are based on the problem of piracy while insisting isn't a problem. Techdirt always CHEERS failure of DRM. Here's why.

    Techdirt's position is that DRM does more harm to the company than brings benefits. -- It's mere coincidence that makes theft easy for pirates.

    Yet the fools running companies just stubbornly continue to worry about piracy! Should just put products on torrent sites, and wait for the money to roll in, right? Why don't they take Techdirt's brilliant advice?

    Because if the cultural milieu were to shift fully to notion that all content / software should be free -- including without advertising -- then HOW EXACTLY does a company ever get any income?

    ... It doesn't. Piracy itself is possible only when small relative to the number of honest people who pay the pittance, else the system would collapse and no new products put out.

    Pirates are taking value, not trading. To protect easily-stolen intellectual work from the lazy and greedy is precisely why the Copyright and Patents Clauses are in the US Constitution. New gadgets don't change the moral ground though do facilitate theft from creators.

    The above seems a lucid argument to me, entirely supported by the last hundred years of mass entertainments. -- Mass re-production by gadgets made intellectual work MORE valuable, not less! Copyright has directly enriched millions of people, and offers the rest expensive-to-make entertainments for a pittance.

    But here at Techdirt every piece on copyright jeers at the very notion of "intellectual property", and especially jeers at attempts to get income if means controlling copies. They keep chanting "new business model" without ever a working example that doesn't actually rely on the current moral milieu, of creators deserving rewards, remaining in place.

    Repeats endlessly. The pirates here at Techdirt simply refuse to concede that creators have any rights at all. They don't have a cogent argument, only demands to be entertained for free.

    And that's why I conclude that Techdirt is simply piratey kids having no concern for producers.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2017 @ 11:39am

      Re: All the DRM pieces are based on the problem of piracy while insisting isn't a problem. Techdirt always CHEERS failure of DRM. Here's why.

      And that's why I conclude that Techdirt is simply piratey kids having no concern for producers.

      If DRM is solely to help companies protect against piracy, why is it that the only people who get burned by DRM are those who pay for the product?

      I used to purchase a lot of games. Now I don't, except for what comes from GoG or other DRM-free sites. I got so tired of buying another Triple-A title that wouldn't work on my computer because of DRM and then having to go look for the same pirated title online so I could play the game I paid for.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.