Sections

Hackers finally breach Denuvo's impenetrable defences

"Denuvo allowed 650,000 pirates to breach their servers for 3 days. And they call themselves the most secure company?"

The seemingly impervious Denuvo security solution has finally been cracked, with pirates having now breached its defences on two separate occasions with two distinct methods.

Denuvo is the DRM solution that frustrated one prominent Chinese hacker group attempting to crack Just Cause 3 to the point that one of its members proclaimed, "according to current trends in the development of encryption technology, in two years time I'm afraid there will be no free games to play in the world."

The fact that PC games using Denuvo - like Just Cause 3, Dragon Age: Inquisition and Rise of the Tomb Raider - had resisted piracy for so long after launch was, the company said, "almost unprecedented in the games industry." Now, though, Denuvo's touted resilience has been undermined.

According to a report on Vice Gaming, a 19 year-old Bulgarian hacker known as "Voksi" managed to crack id Software's Doom with a workaround that involved the game's playable demo. The solution exploited a weakness in Denuvo's security that, "viewed the demo and full game interchangeably," allowing the full product to be accessed for free.

Voksi's workaround ultimately led to a "legitimate crack" from a hacking group known as "Conspiracy," which managed to remove Denuvo from Rise of the Tomb Raider entirely.

Both loopholes have since been closed, but Voksi claimed, "The damage is done... 650,000 unauthorized pirated copies were able to [run] with my bypasser and partial crack... The most breaking news of all is that Denuvo allowed 650,000 pirates to breach their servers for 3 days. And they call themselves the most secure company?"

More stories

Japanese prefecture considers restrictions on gaming time for minors

Proposed ordinance in Kagawa Prefecture would limit those under 18 to one hour of gaming per day

By Rebekah Valentine

Crytek seeks to dismiss its own Star Citizen lawsuit until Squadron 42 launches

Creator of CryEngine believes Star Citizen's single-player game will be delayed past June, moves for October trial

By James Batchelor

Latest comments (3)

Morville O'Driscoll Blogger & Critic 3 years ago
The solution exploited a weakness in Denuvo's security that, "viewed the demo and full game interchangeably,"
This seems to be a fairly basic flaw that should never have existed - using, essentially, a demo .exe to run a full game is something that's as old as the sun. Whilst the mechanics behind the crack are I'm sure more complicated than it appears, Denuvo shouldn't have let this slip through in the first place.

Good that it's been patched, though.
1Sign inorRegisterto rate and reply
Andrew Jakobs Lead Programmer 3 years ago
Well, the title is highly clickbait, as the denuvo's servers hadn't been breached, there was as loophole which used the hacker his own server, and it was used by 650K pirates, but all those pirates have only been able to use it for 3 days, now it's dead in the water again.
12Sign inorRegisterto rate and reply
Shaun Young Mastering Technician & Build Engineer, Sega Europe Ltd3 years ago
Seems fairly reasonable to me, running a pirated copy and allowing it to be downloaded are two seperate things. So, if the pirated copies were being run, data about how and how fast an exploit spreads could be collected making it a reasonable case study to further clamp down on piracy and its enablers.

As for the exploit itself, do the exploited copies still work? As the wording in this article implies that the exploit was remotely closed, and therefore would mean that Denuvo is "still secure".

What we are missing is how successful the second mentioned exploit was, which by the very lack of details would imply that its possible that it could also be remotely shutdown but that further work is required to enable that.

Denuvo's servers weren't technically breached, but were exploited in some way to return a 'success message' allowing the game to run. (This is how I've interpreted this writing, so please correct me if I'm wrong).
3Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.