ixiodor Posted March 16, 2016 Posted March 16, 2016 Hi guys, I heared about DENUVO that uses a CPU bound code to make it harder to crack, some code that run only on your CPU. So i was looking for some nice trick and testings tring to emulate that. I started using CPUD changing values in EAX, my curiosity was on: MOV EAX, 0Bh CPUID This give me some values, including in EDX wich core is executing that CPUID. (core1 - core2 etc) BUT i found this "feature" , if you do: MOV ECX, 100h MOV EAX, 0Bh CPUID You reset all your registers and you get only a value in EDX, where is showed your current core... Is that normal?? I have a i7-2600, can someone with different CPU try if have same results?
mrexodia Posted March 16, 2016 Posted March 16, 2016 The Denuvo thing is probably utter horseshit (especially if you read this on reddit). Anyways, you can find the documentation of the CPUID here: http://x86.renejeschke.de/html/file_module_x86_id_45.html On my PC, it clears EAX, EBX, ECX, EDX (which are registers that CPUID puts results in according to the documentation). It doesn't clear any other registers: Greetings 2
arlequim Posted March 17, 2016 Posted March 17, 2016 (edited) Someone in CPY might know much more about your target. Oh, sounds pretty interesting http://denuvo.com/#page-5 Edited March 17, 2016 by arlequim added link
mrexodia Posted March 18, 2016 Posted March 18, 2016 CPY didn't unpack denuvo, they hooked some stuff to bypass license and integrity protections 1
arlequim Posted March 18, 2016 Posted March 18, 2016 Wow, they did even better. Thanks for info Mr.eXoDia Although i dont know at all this protector, i think they chose the most intelligent tactic and cracking approach, i mean no unpack and secured result
evlncrn8 Posted March 19, 2016 Posted March 19, 2016 uses a fair bit more than just cpuid information like hdd info (boot drive serial number, and videocard data enum) to name a few
ddev Posted April 2, 2016 Posted April 2, 2016 On 3/19/2016 at 8:48 AM, evlncrn8 said: uses a fair bit more than just cpuid information like hdd info (boot drive serial number, and videocard data enum) to name a few Anyone confirmed what info is actually used in denuvo(VMProtect) ?
evlncrn8 Posted June 7, 2016 Posted June 7, 2016 well for the ea stuff, its the same thing in denuvo - hdd serial, video card enum, computer name etc, all built up into a hash.. for the steam stuff, steam user id etc along with he usual cpuid stuff securom used..
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now