ixiodor Posted March 16, 2016 Share Posted March 16, 2016 Hi guys, I heared about DENUVO that uses a CPU bound code to make it harder to crack, some code that run only on your CPU. So i was looking for some nice trick and testings tring to emulate that. I started using CPUD changing values in EAX, my curiosity was on: MOV EAX, 0Bh CPUID This give me some values, including in EDX wich core is executing that CPUID. (core1 - core2 etc) BUT i found this "feature" , if you do: MOV ECX, 100h MOV EAX, 0Bh CPUID You reset all your registers and you get only a value in EDX, where is showed your current core... Is that normal?? I have a i7-2600, can someone with different CPU try if have same results? Link to comment
mrexodia Posted March 16, 2016 Share Posted March 16, 2016 The Denuvo thing is probably utter horseshit (especially if you read this on reddit). Anyways, you can find the documentation of the CPUID here: http://x86.renejeschke.de/html/file_module_x86_id_45.html On my PC, it clears EAX, EBX, ECX, EDX (which are registers that CPUID puts results in according to the documentation). It doesn't clear any other registers: Greetings 2 Link to comment
ixiodor Posted March 17, 2016 Author Share Posted March 17, 2016 Thanks for your time Link to comment
arlequim Posted March 17, 2016 Share Posted March 17, 2016 (edited) Someone in CPY might know much more about your target. Oh, sounds pretty interesting http://denuvo.com/#page-5 Edited March 17, 2016 by arlequim added link Link to comment
mrexodia Posted March 18, 2016 Share Posted March 18, 2016 CPY didn't unpack denuvo, they hooked some stuff to bypass license and integrity protections 1 Link to comment
arlequim Posted March 18, 2016 Share Posted March 18, 2016 Wow, they did even better. Thanks for info Mr.eXoDia Although i dont know at all this protector, i think they chose the most intelligent tactic and cracking approach, i mean no unpack and secured result Link to comment
evlncrn8 Posted March 19, 2016 Share Posted March 19, 2016 uses a fair bit more than just cpuid information like hdd info (boot drive serial number, and videocard data enum) to name a few Link to comment
ddev Posted April 2, 2016 Share Posted April 2, 2016 On 3/19/2016 at 8:48 AM, evlncrn8 said: uses a fair bit more than just cpuid information like hdd info (boot drive serial number, and videocard data enum) to name a few Anyone confirmed what info is actually used in denuvo(VMProtect) ? Link to comment
evlncrn8 Posted June 7, 2016 Share Posted June 7, 2016 well for the ea stuff, its the same thing in denuvo - hdd serial, video card enum, computer name etc, all built up into a hash.. for the steam stuff, steam user id etc along with he usual cpuid stuff securom used.. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now