Jump to content
Tuts 4 You
Sign in to follow this  
Ronar22

Denuvo - In The News

Recommended Posts

deepzero

Shouldnt Denuvo be removed entirely in a proper crack?

  • Like 1
  • Thanks 1

Share this post


Link to post
joker33337

This crack works slower than the original, uncracked game and to me this .nfo is CODEX indirectly explaining their incompetence. They made the Denuvo code section read-execute (originally it's RWE) so they can catch every access violation that appears when Denuvo tries to write to itself. They do it to catch self-modifying code writes and the anti-tamper. If you open a debugger and trigger Denuvo code by loading a new game there are exceptions thrown constantly. This doesn't happen in the original game. Their exception handler is also obfuscated with VMprotect which is retarded considering how often it's called 😐. At least the games with earlier Denuvo version they released don't have that issue.

But of course pirates believe crackers are the good guys here exposing some Denuvo shenanigans when in fact CODEX is blaming the protection developers for including things they can't handle in a way that doesn't slow down the game. Some may even think it's impossible to make a crack that doesn't slow down the game which isn't true.
 

4 hours ago, deepzero said:

Shouldnt Denuvo be removed entirely in a proper crack?

Yes, or it should come with license generator like CPY cracks. There's no scene rule that states that (that I know) but it's always what separated the best crackers from the rest.

  • Thanks 1

Share this post


Link to post
chickenbutt

Nothing to do with "exception handler" everything to do with mutex abuse from anti-patch showing on slow CPU.. Where can we see proof Denuvo is using VMProtect on it's design? Why would the top AAA game protector be at the mercy of a shareware grade protector that nukers defeat on a daily bases?

Using an exception to fix stolen bytes or "nanomites" or RE a VM is old if that's what you are talking about, but it has nothing to do with the performance issue

Quote

Some Denuvo Techtalk :


      
      For example when Robin does one of his special attacks, throwing a
      smoke bomb on the ground, Denuvo starts writing a private key to the
      memory from 000000014C113692:
      
      000000014C113692  | 44 88 07                  | mov byte ptr ds:[rdi],r8b
      000000014C113695  | 5F                        | pop rdi
      000000014C113696  | 50                        | push rax
      000000014C113697  | 21 C0                     | and eax,eax
      000000014C113699  | 9C                        | pushfq
      000000014C11369A  | 44 01 C1                  | add ecx,r8d
      000000014C11369D  | 4C 89 F0                  | mov rax,r14
      000000014C1136A0  | 48 89 C1                  | mov rcx,rax
      000000014C1136A3  | 48 C7 C0 00 00 00 00      | mov rax,0
      000000014C1136AA  | 48 09 D0                  | or rax,rdx
      000000014C1136AD  | 48 83 C1 01               | add rcx,1
      000000014C1136B1  | 49 89 CE                  | mov r14,rcx
      000000014C1136B4  | C1 C1 08                  | rol ecx,8
      000000014C1136B7  | 9D                        | popfq
      000000014C1136B8  | 58                        | pop rax
      
      Then it fills the buffer at: 000000014779F593.
      
      When everything is filled and the key is obtained by Denuvo itself,
      it starts executing anti-tamper checks from 000000014774C37E:
      
      000000014774C37E  | 41 89 7D 00               | mov dword ptr ds:[r13],edi
      000000014774C382  | 48 29 F3                  | sub rbx,rsi
      000000014774C385  | 41 54                     | push r12
      000000014774C387  | C1 CB 0D                  | ror ebx,D
      000000014774C38A  | BE D4 72 4D 3E            | mov esi,3E4D72D4
      000000014774C38F  | 4C 8D 25 4F B5 06 FE      | lea r12,qword ptr ds:[1457B78E5]
      000000014774C396  | 4C 33 24 24               | xor r12,qword ptr ss:[rsp]
      000000014774C39A  | 48 8B 1C 24               | mov rbx,qword ptr ss:[rsp]
      000000014774C39E  | 4C 21 E3                  | and rbx,r12
      000000014774C3A1  | 4C 09 24 24               | or qword ptr ss:[rsp],r12
      000000014774C3A5  | 0F BA F8 06               | btc eax,6
      000000014774C3A9  | 0F BA F6 0D               | btr esi,D
      000000014774C3AD  | 48 29 1C 24               | sub qword ptr ss:[rsp],rbx
      000000014774C3B1  | 4C 89 E3                  | mov rbx,r12
      000000014774C3B4  | 48 23 1C 24               | and rbx,qword ptr ss:[rsp]
      000000014774C3B8  | 4C 0B 24 24               | or r12,qword ptr ss:[rsp]
      000000014774C3BC  | 49 29 DC                  | sub r12,rbx
      000000014774C3BF  | C3                        | ret
      
      Here it gets the addresses of the various functions inside the Denuvo code
      from r13 register and forces the original bytes, a single DWORD per cycle,
      essentially overwriting any potential patches that were applied to these
      functions before.
      
      The way our crack works is that it reads a huge amount of encrypted code,
      (including the code that the anti-tamper tries to overwrite) and therefore
      patching the required place causes some slowdowns thanks to Denuvo and
      the devs.

Edited by chickenbutt (see edit history)
  • Thanks 1

Share this post


Link to post
evlncrn8

its well known they used vmp from the start, now though there are rumors they're using their own (heavily based on vmp as they had the source after all) on the later versions.. like from a few months ago, coincidentally round about then irdeto bought them

Share this post


Link to post
Progman
27 minutes ago, evlncrn8 said:

its well known they used vmp from the start, now though there are rumors they're using their own (heavily based on vmp as they had the source after all) on the later versions.. like from a few months ago, coincidentally round about then irdeto bought them

What is well known is certain games such as AC: Origins or Far Cry 5 did indeed use both Denuvo + VMProtect.  And Denuvo has had a license for VMProtect for a long time as confirmed by VMProtect themselves on their website despite rumors that circulated with accusations of piracy.  Probably Denuvo gives the developers the option to including VMProtect technology or not.  And probably the developers could purchase VMProtect separately and use both protectors independently which could also have a significant difference.

Regardless the situation, games which used both have also been cracked relatively quickly.

 

Share this post


Link to post
evlncrn8

you do realise the 2 games you decided to cite are ubisoft and use vmp anyway dont you ?

 

Share this post


Link to post
atom0s
On 8/26/2018 at 3:00 AM, joker33337 said:

Yes, or it should come with license generator like CPY cracks. There's no scene rule that states that (that I know) but it's always what separated the best crackers from the rest.

Does anyone even really care about the stupid 'scene rules' anymore? Who cares what some elitists want to state is required for something. If they can make the game run anywhere with or without Denuvo fully removed, that is what the players want. None of them care about the scene or what is still left in the exe as long as it works and plays.

  • Like 5

Share this post


Link to post
deepzero

Doesnt matter what the players want, if the protector isnt fully defeated/removed it's not a proper crack.The purpose isnt to bring players a playable game but rather to crack the protector.

  • Like 4

Share this post


Link to post
chickenbutt
  1. There hasn't been "virginized" releases since around the days when SafeDisc was as common as Denuvo is now.. Some of you weren't born yet..
  2. RELOADED and razor1911 did the cleanest SolidShield and SecuRom(the two most common AAA protectors before Uplay, Steam CEG, and Denuvo) releases for years and none of them were completely cleaned of protection code or restored to original-stack. But you're welcome to try and do better in a timely manner.. for free..
  3. There is a total lack of evidence that Denuvo integrated VMProtect design on their design, and I have the unpacked Denuvo handlers from Yakuza 0 to bindiff and check.. In fact this is something started by lazy reddit pirates that never even looked at the protection..
Edited by chickenbutt (see edit history)
  • Like 1
  • Thanks 1

Share this post


Link to post
evlncrn8

1. true, pretty much after the big busts from 2004 and 2006, a lot of the skilled crackers retired (or just werent as public), a lot of the talent was lost, before all this, the rules were respected, propering was done and there was a relative amount of professionalism.. after the busts and 'early retirements', the rules went out the window, along with quality and some shitty ones (that did steam cracks) 'rose' to stardom..

2. beg to differ on this, quite a few cracks from other teams including razor and fairlight were damn near surgically clean of the protection, reloaded and dev borrowed (some might claim stole) from the work of others.. 

3. denuvo had vmp from the outset, as it was a rushed project.. currently they might have their own vm and / or a hybrid, they had the vmp source code, so of course they have variations

Edited by evlncrn8 (see edit history)
  • Like 2
  • Thanks 1

Share this post


Link to post
oopsdonefu
11 hours ago, chickenbutt said:
  1. There is a total lack of evidence that Denuvo integrated VMProtect design on their design, and I have the unpacked Denuvo handlers from Yakuza 0 to bindiff and check.. In fact this is something started by lazy reddit pirates that never even looked at the protection..

any thoughts on this ? :)
 


 

  • Like 1

Share this post


Link to post
chickenbutt

Thanks for the video of someone showing Denuvo and VMProtect with their own thread contexts and stack frames to prove Denuvo isn't integrating VMProtect in it's engine..

 

If I use PECompact with TheMida it doesn't mean Oreans bought Bitsum source code to get all their secrets..

 

Also their "profiler" looks like a tool to make an emulator with.. You can still do this

Edited by chickenbutt (see edit history)
  • Like 1
  • Thanks 1

Share this post


Link to post
Progman

Just rumors that caused fake news articles as alluded to in the prior posts.  That is why I mentioned targets which clearly had Denuvo and VMP separately not combined.  This is all nonsense.

http://vmpsoft.com/20170606/vmprotect-and-denuvo-gmbh/

 

Quote

VMProtect and DENUVO GmbH

June 6th, 2017 :: 0 comments

Hi there!

We were informed that there are open questions and some uncertainty about the use of our software by DENUVO GmbH.
Referring to this circumstance we want to clarify that DENUVO GmbH had the right to use our software in the past and has the right to use it currently as well as in the future.
In summary, no open issues exist between DENUVO GmbH and VMProtect Software for which reason you may ignore any other divergent information.

 

 

Share this post


Link to post
evlncrn8

believe me, denuvo are not squeaky clean and i wouldnt be surprised if they paid vmp handsomely to put that page up, as the buy out from irdeto just happened (coincidentally ?) at around the same time, so there was a lot of business 'politics' going on... they're from the sony camp,. experienced corporate bullshitters... thats about the only good thing i can say about them

Share this post


Link to post
Kirbiflint
17 hours ago, deepzero said:

Doesnt matter what the players want, if the protector isnt fully defeated/removed it's not a proper crack.The purpose isnt to bring players a playable game but rather to crack the protector.

Some protectors are hard to unpack, I agree what atom0s said ^^, that the more important thing is that the game works on any machine. Also if the game works, but the protection is still present, that doesn't mean that it's not defeated.

It's not easy to crack certain protectors, so even if the protection isn't fully removed, but the game works fine, the protection is defeated anyway (For me).

Edited by Kirbiflint (see edit history)

Share this post


Link to post
chickenbutt

The hardest evidence Denuvo integrated VMProtect is a video clearly showing them both running independently in both thread contexts and stack frames. This is typical gossip BS you see on Reddit where there isn't anyone qualified there to say otherwise on the piracy subs..

Denuvo code making calls in to VMProtect isn't 'denuvo is using vmprotect in it's engine and are desperately trying to hide it'..... These same people will eventually start accusing people who say otherwise of working for one of those companies..

Share this post


Link to post
atom0s
On 8/27/2018 at 1:30 PM, deepzero said:

Doesnt matter what the players want, if the protector isnt fully defeated/removed it's not a proper crack.The purpose isnt to bring players a playable game but rather to crack the protector.

"not a proper crack" is exactly what I meant in my post, players do not care about that. I guarantee you that not a single normal player ever reads the .nfo/readme's that come with things ever. Unless its to find specific information on how to use said release/crack none of them are ever read. Normal players don't give a shit about whats in them, what the scene people want to say or bicker about, or any of that. Normal people just want the game, not the drama behind the scenes.

All the release drama that happens with the scene is completely in its own world separated from the majority of the users of things that are released. Normal people don't pay attention to what was done, who did what first, who did what best, who did what correctly/incorrectly, who "propered" a release, etc. People literally search until something releases and download it immediately as its available.

Go ask any normal player/user of things like game cracks/releases and I guarantee you none of them will have a clue about the scene, scene "rules", or any of the stupid drama associated with it.

  • Like 2
  • Thanks 1

Share this post


Link to post
Blah
https://torrentfreak.com/hitman-2s-denuvo-protection-cracked-three-days-before-launch-181112/
Quote

Hitman 2 is due to hit the streets on November 13, protected by the most up-to-date variant of Denuvo's anti-tamper technology. However, a cracking group appears to have obtained a version of the game destined for pre-order buyers, cracked it, and released it online three days early

 

😎

Share this post


Link to post
evlncrn8

it would also appear theres a new denuvo-a-like in town..

https://valeroa.com/

havent seen anything 'protected' with it though so if anyone comes across any targets, please let me know

  • Like 1

Share this post


Link to post
Blah
Quote

ABOUT VALEROA

Valeroa is a protection for PC games that use a DRM. The software was invented and created by experienced software reverse engineers and experts with many years of experience in Government Legal Department projects. We are proud to launch the first anti-tamper security ever that has links to the Piracy scene from a legal background. Valeroa assures that the gameplay performance is not affected although Valeroa is extremely difficult to crack! By a unique combination of seven state-of-the-art techniques, each protected game is “unique” in order to make cracking-automation (considering a successful defeat) impossible. Each new protected game will introduce the same cracking effort, but we discourage this by providing (besides the top-notch protected version) a less protected delivery to the game publisher. From now on the game publisher decides when the game can be made publicly available in the illegal circuit by publishing the less secured version upon a new revision. This version can then be “cracked” using the traditional techniques that our competitors apply on their protection.

 

Quote
gdc2018.png

GDC ANNOUNCEMENT

FOR IMMEDIATE RELEASE – VALEROA GDC ANNOUNCEMENT – SAN FRANCISCO 03/19/2018

Valeroa introduces a brand new concept for Anti-Tamper protection of PC based video games. A limited number of carefully selected Proof-of-Concept video games will be protected for evaluation purposes during the next quarter. A temporary website was set up in order to support the ongoing activities, and after the POC evaluation Valeroa will decide to do a broader market introduction launch.

Quote

E3 ANNOUNCEMENT

FOR IMMEDIATE RELEASE – VALEROA E3 ANNOUNCEMENT – LOS ANGELES 06/12/2018

Since the Valeroa official product-launch in march 2018, all Proof-of-Concept video game protections have remained un-cracked. Because of this successful market introduction, Valeroa.com now proposes an introduction offer for all games that were officially announced during E3 in 2018: Publishers who have announced a new game release can have their video games protected by Valeroa at a total cost of USD 1000, all costs and taxes included and without any further obligations whatsoever by the publisher.

 

will be interesting to see this out in the wild and how it holds up (if a game ever has it lol)

Edited by Blah (see edit history)

Share this post


Link to post
Blah
Quote
RELEASE NAME ÄÄÄÄÄÄÄþ City.Patrol.Police-CPY 
RELEASE DATE ÄÄÄÄÄÄÄþ 22/12/2018 
SHOP RELEASE DATE ÄÄþ 29/11/2018
PROTECTION ÄÄÄÄÄÄÄÄÄþ   Valeroa + VMProtect + Steam 

 

don't make the DRM guy mad. Please give our regards to your             
        friends and foes in TFA, PCD and PHASE. Email us if you want to         
        be greeted on our next release: hello@valeroa.com. You and your         
        friends are not allowed to pirate this game. We will release a          
        weaker version of this protection on a future update of this            
        game for your pleasure. Never sail in a storm!                          
        
		
		Rly Valeroa?

 

  • Haha 1

Share this post


Link to post
blackpirate

@Blah u still alive bro???? :) i thought so much viagra killed ya

 

nice to see ya mate!!!

  • Like 1
  • Haha 1

Share this post


Link to post
deepzero

So the much hyped Valeroa stuff has already fallen? Disappointing.

edit: i didnt see it's three weeks. Well, ok.

edit2: seems Team Valeroa is threatening Crackers personally and pretends to know more? CPY dumped some messages in their nfo...

Edited by deepzero (see edit history)

Share this post


Link to post
evlncrn8

if anyone has the files, and can hook me up, would be appreciated so i can add the detection into pid.. i have no intentions of buying the game, it looks crap, so it was already protected by its content itself

  • Haha 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...