Denuvo’s latest version of their DRM defeated by crackers

By now Denuvo’s developers must have gotten used to the pain of having to re-do all their work every few months, because their DRM keeps getting cracked time and time again. There’s even a website that tracks these events called CrackWatch, where it ranks games protected by Denuvo DRM on the basis of how long they’ve lasted against hackers looking to disable it.  The current version of Denuvo DRM is version 4.8, and it’s been able to stave off attacks for the last three months. But now it too is defeated, and a host of new games now have workarounds for pirates to play them.

Denuvo DRM version 4.8 currently protects a range of AAA titles, including Injustice 2, PlayerUnknown’s Battlegrounds, Star Wars: Battlefront 2, Assassin’s Creed Origins, Need for Speed Payback, and upcoming titles like Dragon Ball FighterZ and Far Cry 5. It was, until very recently, also protecting Sonic Forces. Sonic Forces was recently cracked by the cracking group CONSPIR4CY (CPY), which was responsible for the earliest workarounds for Denuvo. CPY hasn’t released the code or details for how the crack works yet, but there are some early details that might be of significance for future games using Denuvo.

The workaround for Sonic Forces doesn’t involve cracking or stripping Denuvo out of the game, or even spoofing activation. Rather, CPY has discovered a vulnerability in version 4.8 that lets them keep it running in the background, but disable any functionality to protect games using the DRM. If this hack persists across multiple titles protected by version 4.8, it would mean that the attack can be reused for any title that has been updated to use version 4.8, even older games.

Denuvo has also been in the news recently for its recent acquisition by software engineering firm Irdeto. The deal, which has an unknown value, is for the entire company, all its assets an IP, and all existing deals with game publishers like Ubisoft, Electronic Arts, and Square Enix.

“The success of any game title is dependent upon the ability of the title to operate as the publisher intended,” said Irdeto CEO, Doug Lowther, about the deal. “As a result, protection of both the game itself and the gaming experience for end users is critical. Our partnership brings together decades of security expertise under one roof to better address new and evolving security threats. We are looking forward to collaborating as a team on a number of initiatives to improve our core technology and services to better serve our customers.”

According to the press release, Denuvo will gain access to Irdeto’s Cloakware security, a decades-old program started by the company to provide tamper-proof security services to companies that need secure communications or on-premises identity control. Irdeto already has existing deals in place with some major film studios to provide DRM services, and they’re also one of the key providers for conditional access set-top boxes. You know, like DSTV’s decoders. The ones owned and sold by Naspers. Who also owns Irdeto. DUN DUN DUN!

Surprise! A South African mega-corporation based in Cape Town now owns Denuvo through its subsidiary. Whoop-de-doo.

Finally, the press release also announces that Denuvo’s technology won’t just be used for DRM controls, but will also be employed to protect games from hacking the in-game economies, manipulating or bypassing microtransaction controls, and preventing hackers from ruining the game for other players.

Sources: Techspot, Irdeto