TR Member Perks!

Anti-piracy solution Denuvo was, until recently, a very viable option to bar pirates from playing illegally downloaded games. After it was first used in 2014, reports came out stating that the software would have a negative impact on performance due to the software allegedly encrypting and decrypting itself, a rumor that has since been debunked by Denuvo in an FAQ on their official website.

The software pretty much did what it was supposed to, to the point where notable cracking forum 3DM came out saying that they predicted that games would be uncrackable by 2018. Fast forward to 2016, and some games like Just Cause 3 and Dragon Age: Inquisition managed to remain uncracked until well after they were released to stores. Denuvo seemed to be the best answer to online piracy for a while until cracker group CONSPIR4CY managed to bypass Denuvo in Rise of the Tomb Raider by using a simulation of the Denuvo DRM process, marking this as the first time that Denuvo has been cracked. Most recently, the horror game Resident Evil 7: Biohazard‘s Denuvo protection was cracked within 5 days of its retail release. While the service definitely wasn’t cracked, it being bypassed means that Denuvo might have to go back to the drawing board.

Despite their success in staving off piracy in the first few days of release, their website apparently isn’t as secure as their anti-piracy solution. The Austrian company’s website apparently left some private directories on their servers open to the public, a mistake crackers immediately took advantage of before Denuvo corrected the mistake. Following the link to the directory now only gets you a good look at a 403. With the internet being the internet, the files were swiftly reuploaded to a different website which you’ll have to go and find yourself.

In the directories are a host of emails going as far back as 2014 from developers and companies interested in the technology, as well as emails written by, shall we say “slightly miffed”, people giving Denuvo’s customer support staff their honest thoughts on the anti-tampering software. The former group includes interested parties like Google and Capcom, while the latter is comprised of mostly angry yet hilarious raging from angry pirates (there’s a Reddit thread going on with people posting some of the exchanges here). Here’s the best one:

‘message’ => ‘Hello, I am the developer of ABZU game, thanks to your Anti-tamper system that prevented our game from getting cracked as of now. We have started working on another great game, and we plan to use Denuvo on that game as well. However, in our development process, we have come at a situation that we need our ABZU game\’s original executable files since our new game is based on that, could you send us the original executables of our game that we sent to you for implementing Denuvo?

Also included in the leak are access logs from Denuvo’s website as well as a list of email addresses third parties used to contact Denuvo’s customer service as well as addresses of some industry workers and a few executables which will probably be of great interest for crackers. The files also contains the names of a few games that may end up using Denuvo like Mount and Blade 2. The files also show that Rockstar Games were (or are) interested in Denuvo at some point. Regardless of all that, what crackers will be able to do with these files is anyone’s guess at this point, but we’ll be watching this situation as it unfolds so we can relay it back to you if and when something happens.

What do you think of this news? What are your thoughts on the Denuvo anti-piracy system?

Chris Anderson

Staff Writer

I've been playing games since I was just barely able to walk, and I never really stopped playing them. When I'm not fulfilling my duties as senior staff writer and tech reviewer, I'm either working on music, producing one of two podcasts or doing freelance work.

  • Kyle Haddad

    So denuvo forgot basic site security? Okay then. Depending on the type’s of files taken that are not just Emails, a Bunch of cracks could come out of this. It seems that denuvo’s biggest vulnerability is Basic Network security.

  • Riosine

    Good, The new 100% cracked ,exe will provide some hard evidence about denuvo impact in cpu performance

  • Charles Macer

    As a rule, most companies do not take web security as seriously as they should. One practice I avoid is hosting any data and processes used exclusively by backend services on the same domain as frontend services. From what I’ve seen, the accepted practice is to have one codebase for the frontend site and a separate codebase for the company intranet.

    Given the triviality of Denuvo’s public website, it should require no interaction with their database or other sensitive processes. There really is no realistic explanation for this beyond a Therac-25 level of incompetence.

  • Shivanshu Dhawan

    If denuvo affects performance at some level then it shouldn’t be used lately . I feel it’s actually the necessary evil which needs to developed further to a stage where it’ll be impervious to crackers.
    Also doing this would be like an upgrade to the world of gaming.
    But it has its negatives to according to me:
    1. Popularity of games will suffer a blow.
    2. Gaming would become a luxury that not everyone can afford.
    3. In coming years gaming will slowly will be a lost cause.(it can go extinct!!)

  • Chris Anderson

    Or it might turn out that they were telling the truth when they said that it didn’t impact performance. Time will tell!

  • Kyle Haddad

    Given what you’re saying about the triviality of denuvo’s frontend site. Am I right in saying that there is possibility in this being even more damaging to the company’s Rep than the cracks that have been coming out recently?

  • John

    Ooh, how embarassing, to thing that things like this could happen to a security oriented company.

  • Kyle Haddad

    That all those reasons you state sound more like a downgrade :/

  • Shivanshu Dhawan

    Can you be more expressive?

  • Charles Macer

    I’m not sure what Denuvo charges for their services, but I would imagine even holding off the pirates for 5 days would pay back the even the most generous fees for a AAA game studio. That calculation assumes there is a negligible impact of their DRM on performance.
    However, when companies sign up with Denuvo, they expect to pay a set fee and possibly a small royalty arrangement for the privilege. They are not expecting to have their private correspondence leaked. Unvetted comments like the “can you please send us back our exe, we lost it” message will obviously be embarrassing for the individual and affect the professional reputation of a studio, but the fact that attachments were leaked opens the possibility of companies losing control of valuable trade secrets and sensitive IP, not to mention the security concerns depending on how much debugging information is present or how much the hackers can decompile. I’m no expert in corporate law, but I would expect if the damage from these leaked attachments is significant (and it sounds like hackers are already putting them to good use), Denuvo could be liable for any damage that ensues.

    TL;DR yes.

  • Kyle Haddad

    Ah so it wasn’t just emails, but attachments as well. Thanks for the info.

  • Kyle Haddad

    All the negatives you stated in your original points are the kind of negatives that I personally consider such major flaws that would override any positives that making games uncrackable through Denuvo might achieve. Thus resulting In what I would think is a net downgrade in terms of gaming rather than the Upgrade you state it would be to the world of gaming.

    The primary reason you even touch upon. The communication with external servers that the implementation of denuvo requires could, and most likely will render games nigh impossible to archive.

  • Charles Macer

    Actually, I’m not really sure the attachments leaked. It could have just as easily been other executables that happened to share the leaked directories. I jumped to that conclusion assuming some logical hierarchy to the site, but they’ve got intranet-type files which should on the same domain as a dinky little $10 template site. Hence, to assume any coherent structure to the site or their online presence in general would actually be quite unreasonable.

  • Chris Anderson

    1: according to what metric? Gaming is insanely popular and is only becoming more popular.
    2: Gaming is already a luxury that not everyone can afford. It has never anything else.
    3: What do you base this on?

  • Shivanshu Dhawan

    Look for replying that I would need to go even in more detail so pls hold on.
    1.metric you said-
    I’m predicting the future of gaming based some basic human values and morals thereby stating that the population will, at some point later in time ,would slowly realise that they are absolutely gaining nothing from gaming and it’s not worth the money and time too.(they go hand in hand) . The average and middle class people who are now playing, will gradually loose interest and leave it altogether . Then gaming will only be for elites or upper middle class, and as we know most of the elites are not into gaming it comes down to upper middle class ppl buying games actually. So tell me how much can a big industry like gaming survive on that number of people..?
    2. Gaming is already a luxury you say:-
    For this let’s assume that denuvu hasn’t come in the picture. So now all the class of ppl can afford gaming (one way or the other), it therefore makes gaming more and more popular , no one in the current scenario would want to leave gaming , this is how the industry is surviving(on popularity). Now talking about denuvo getting in the picture this would no longer be a factor to fuel gaming , it would be up to only a higher and more organised class of ppl who actually like and are commited to gaming.
    3.what do I base this on :
    It’s pretty clear from above and I would like to add one more thing
    Making games uncrackable would be a short term gain but a long term loss. In my opinion it should be argued properly and then be done away with, or some permanent solution must be found.

  • Chris Anderson

    1: So no real evidence to back up your prediction other than tangential stuff.

    2: Gaming has always been a luxury product. It’s a form of entertainment, which is inherently not essential for day to day life. You also seem to be under the mistaken impression that the cost of a game for the consumer increases because Denuvo exists? What?

    3: that’s still not a very compelling explanation for why you feel the way you do. Gut feelings and casual observations do not equate to having an informed opinion.

  • Shivanshu Dhawan

    1. as far as evidence is concerned I would like you to just browse through web for the sales of games in previous year . Now if you extrapolate the trend of sales each year to let’s say 10-15 years and add this denuvo factor , the sales would see an short increment but also followed by long decrement.
    2. For this I would just say , are pirated games more expensive than original game.
    3. There are no gut feelings here ,I am good with graphs so I’m saying so .
    It’s an educated observation.
    Lastly I have not been too bold I said
    That it should be properly discussed and thereby arriving to a permanent solution.

  • BlueLight

    1) possible, but on the counter, for every X person that doesn’t play, what if X/2 more people buy the game?
    2) Already true. NEXT.
    3) lol wut? Look, piracy isn’t a necessary evil for the games industry to work. One could argue the sale increase because of it, but no it is not necessary.

  • BlueLight

    1) The average trend for a Tripp A game, is something like 80% of sales are done by the end of week 2. In other words, this trend you predict has been a trend before this product came to market.

    2) The fine for downloading i believe 12 items, ranges in the 100k+ range. So yes. It’s much cheaper to buy than pirate. Also, are you suggesting that illegally gotten data(game), should be treated the same as buying it from a trusted distributor?

    3) Arguments from authority carry little weight. Show us your data. Make a word or excel document and upload it to Google docs if you want. That said, most indies are likely not to use this, so if the entire industry will require it’s existence(Doubtful) than the indies will survive.

  • Shivanshu Dhawan

    I’m a 20yr old student ,and this denuvo thing will affect my playing interests and about all people of this age segment will in one way or the other gradually give it up.(10-15yrs ahead). Then tell me how will the industry survive on mere number of ppl aged 25maybe-40yrs..

  • Shivanshu Dhawan

    1)wait and watch.
    2)Since in coming times I guess that all games (if they’re uncrackable) will be realesed as a digital code . So basically either or the other way you will have to download those 12items. And no I don equate both of those , but almost comparable for getting idea of the original.
    3)I’m sure indies will survive, I’m speaking for other games.

    I would like to conclude this discussion from my side by arrive at this:
    Piracy(which is long term necessary evil) VS Anti piracy(which is short term necessary evil)
    One effects the other.

  • Chris Anderson

    1. That’s not how this works. You claim something and then leave it to me to justify your answer. Your claim, the responsibility of proof is on you. “Wait and watch” isn’t really a valid argument either.

    2. Again, citation needed.

    3. An educated observation is still just an observation and that isn’t worth much if you don’t back up your opinion with facts. Have you got some actual sources?

  • Shivanshu Dhawan

    Nope I don’t have more facts than what I already shared here .
    Since this discussion wasn’t taking any direction , that is why I tried to be a little diplomatic.
    After all I still believe what I stated .
    Leaving this aside the conclusion is good enough to let this discussion end in my opinion because neither you ppl want to agree nor do you want to disagree completely , anyways I tried my best.
    THE END.

  • Chris Anderson

    You didn’t share any facts, you just shared your opinions without showing how and where you got those opinions. It’s not on me to find evidence to support your claims, it’s up to you to do that. If you got facts, we’ve yet to see them.

    You can believe whatever you want to believe, but if you want to convince others of what you believe you best show them more than your opinion.

  • Shivanshu Dhawan

    As Fact and evidence I previously also talked about checking the trends of game sales in recent years it has gone down gradually and now, I am to add denuvo factor in it then predicting the forward trend of sales i am predicting it to first rise a little then go down dramatically based on what I have explained previously.
    That’s all ,what more evidence you want for a future prediction.

  • BlueLight

    “I’m a 20yr old student, […]”
    Your age doesn’t matter. I’m in my early 20s myself.
    “[…]and this denuvo thing will affect my playing interests[…]”
    Cool. The entire world does not revolve around you!

    “and about all people of this age segment will in one way or the other gradually give it up.(10-15yrs ahead).”

    1) your age demographic doesn’t not matter. The average gamer is 31. I’ll leave a link down below and i think there are a few holes for you to poke with a counter argument.

    2) You’re making future predictions that are half to more than half your age. From an argument from authority stand point, it’s not really convincing. especially since most people reading this article are likely older than you. So since your age isn’t convincing, maybe your evidence is? Oh right, all you got are claims.

    3) Hitchens razor: what can be asserted without evidence can also be dismissed without evidence. Your argument boils down to, THIS DRM exist, therefore my age group will abandon gaming in the near future. There are steps between the DRM existing and your conclusion which you need to fill out.

    4) you used ‘and’ twice in one sentence. Sorry. It bugs me.

    “Then tell me how will the industry survive on mere number of ppl aged 25maybe-40yrs..”

    1) i don’t believe that your earlier conclusion is correct because of a lack of evidence, so why should i have to justify a second conclusion you have that requires the first to be true?

    2) (I might as well since you asked.) Ages 35+ are the largest demographic. You’ve just increased it with 25+. They’re also the people with more money than 20 years old. From a stand point of largest group with largest sum of money, i think it’s fairly safe to say gaming will survive, even if every person ages 20 – 24 dropped dead today.


  • BlueLight

    1) So basically “result X has been happening since before product A existed. But i think product A will cause result X. Just wait and watch”. *Shrug*

    2) *Shrug* congrats, you noticed i forgot the adjective illegal in front of download. if you don’t equate both as the same thing, why should their pricing be compared even if the data at the end of the tunnel is nearly the same.

    3) Congrats, you’re not talking about indies. Can you show us your graphs, and data used, As i asked before, Word or excel document on google docs would stratify me. In an earlier post you said ” it should be properly discussed and thereby arriving to a permanent solution.” and the only way we can have a discussion with the result being a “permanent solution” is by you showing evidence (The document i’m asking for) of your claim. Look you are talking with a TR staffer right now. If the document shows the claim you’re making, and is properly cited i bet they’d do an article on your claim. I can’t speak for them but i think they would so long as you presented quality.

    As for your “I conclude”… I don’t think piracy is necessary, nor do i think DRM is evil. You haven’t demonstrated either.

  • BlueLight

    BLAHHAHAHAAHAHAHAHA “I don’t have more than what i already shared here.”

    I am the type of idiot that wrote college level papers defending video game piracy as a way to increase sales. I think DRM is horrible. I told you what you needed to do to convince me.

    The fact you couldn’t convince even me, shows how bad your argument was.

  • BlueLight

    Sales of video games seems to be increasing and here are the predictions up until 2020

    You haven’t explained anything previously.
    Also clear data laid out in a document. This shouldn’t be hard since as you said before “I’m good with graphs”

  • Shivanshu Dhawan

    You’re right, I saw data of games with metacritic score 90+ (Gareth and Mike .
    Sorry my bad , thank you guys for putting up with me . But still this can be the worst scenario possible, won’t it?
    It’s now just a view not an opinion..:)

  • Shivanshu Dhawan

    I also didn’t factor in rescesion for the sales between 1999-2010. I made a blunder really very sorry ppl.

  • Shivanshu Dhawan

    Now my opinion regarding whole thing is +ve(much similar to Mr Anderson who earlier stated “Or it might turn out that they were telling the truth when they said that it didn’t impact performance. Time will tell! “) and what I argued about is just a gut feeling so no facts are necessary now I guess.
    Will you guys forgive me??