Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
First Person Shooters (Games) Security

'Doom Eternal' Is Using Denuvo's New Kernel-Level Anti-Cheat Driver (arstechnica.com) 68

Posted by EditorDavid from the achievement-unlocked dept.
"Doom Eternal has become the latest game to use a kernel-level driver to aid in detecting cheaters in multiplayer matches," reports Ars Technica: The game's new driver and anti-cheat tool come courtesy of Denuvo parent Irdeto, a company once known for nearly unbeatable piracy protection and now known for somewhat effective but often cracked piracy protection. But the new Denuvo Anti-Cheat protection is completely separate from the company's Denuvo Anti-Tamper technology... The new Denuvo Anti-Cheat tool rolls out to Doom Eternal players after "countless hours and millions of gameplay sessions" during a two-year early access program, Irdeto said in a blog post announcing its introduction. But unlike Valorant's similar Vanguard system, the Denuvo Anti-Cheat driver "doesn't have annoying tray icons or splash screens" letting players monitor its use on their system. "This invisibility could raise some eyebrows," Irdeto concedes.

To assuage any potential fears, Irdeto writes that Denuvo Anti-Cheat only runs when the game is active, and Bethesda's patch notes similarly say that "use of the kernel-mode driver starts when the game launches and stops when the game stops for any reason...."

"No monitoring or data collection happens outside of multiplayer matches," Denuvo Anti-Cheat Product Owner Michail Greshishchev told Ars via email. "Denuvo does not attempt to maintain the integrity of the system. It does not block cheats, game mods, or developer tools. Denuvo Anti-Cheat only detects cheats." Greshishchev added that the company's driver has received "certification from renown[ed] kernel security researchers, completed regular whitebox and blackbox audits, and was penetration-tested by independent cheat developers." He said Irdeto is also setting up a bug bounty program to discover any flaws they might have missed.

And because of Denuvo Anti-Cheat's design, Greshishchev says the driver is more secure than others that might have more exposure to the Internet. "Unlike existing anti-cheats, Denuvo Anti-Cheat does not stream shell code from the Web," Greshishchev told Ars. "This means that, if compromised, attackers can't send down arbitrary malware to gamers' machines...."

If a driver exploit is discovered in the wild, Greshishchev told Ars that revocable certificates and self-expiring network keys can be used as "kill switches" to cut them off.
This discussion has been archived. No new comments can be posted.

'Doom Eternal' Is Using Denuvo's New Kernel-Level Anti-Cheat Driver More

'Doom Eternal' Is Using Denuvo's New Kernel-Level Anti-Cheat Driver

Comments Filter:

  • How do you know? (Score:4, Interesting)

    by 110010001000 ( 697113 ) on Saturday May 16, 2020 @04:38PM (#60068238) Homepage Journal

    How do you know what it does? Is it Open Source? If it isn't it could be doing anything. I don't know "Michail Greshishchev", so what he says is worth nothing.

    • Cuz the press release says so.

      I didn't see any mention of a SOC2 or ISO or other audit by third party.

    • How do you know what it does? Is it Open Source? If it isn't it could be doing anything. I don't know "Michail Greshishchev", so what he says is worth nothing.

      I know him, he's totally cool, you can trust everything he says without any reservations.

    • Come to other side for a moment: Cheating is pervasive in PC gaming. The other day I was playing Need For Speed The Run, and there was one dude who would pick the slowest car in the game, for a top-speed-intensive race mind you, and somehow his car would rocket to first place at ridiculous speeds even seconds after he had just crashed. And no, there is no mechanism in the game that allows for this, especially with this car of choice. Yup, we get it dude, you are cheating, thanks for ruining it for everyone.
      • On the other hand you never suffer any real economic damage from a game. Even if someone cheats, games are purely simulations. While bugs in kernel drivers can lead to severe issues such as hard hangs and data loss since kernel code can run unchecked. The fact that such extreme measures are considered for properly running simulations just shows how ridiculously skewed people's priorities are.
        • Again, the kernel driver runs only when the game is running so any interruptions would happen only during gameplay which could as well happen because the application crashed. Very few people would be doing anything else (besides torrent downloading which it can resume itself after a crash) while playing Doom. Regarding priorities, people build PCs or buy expensive laptops exclusively to play games on them, so it is a serious thing for some people. So, installing a kernel driver that only runs while the acco
          • On the other hand cheaters can go kernelspace too, which will lead to arms race as kernel DRM would need to change a lot to adapt to new cheating techniques, while introducing new bugs, in kernel driver! And the only victims here will be users who don't run cheats yet are all subject to kernel driver bugs. At least hardware drivers don't need to change much.
            • Welcome to the realities of PC gaming, where all kinds of anti-cheat technologies have to constantly keep up with the cheaters so that cheating in a particular game is not casualised and ruins both the experience and the revenue potential of the game as a result. Cheaters were the ones to go kernel space first, much like some SecuROM emulation software moved to kernel space first (though unlike cheating mods this was a pro-user move) before new DRM (StarForce) also moved to kernel space to combat the emulat
              • It's absolute waste of time since cheaters will win in the end. There is no other possibility if the strategy for fighting cheats is 1. have kernel driver, 2. ... 3. profit! Detecting existing software via signatures won't work since they'll just go polymorphic. Advanced anti-debugger stuff will eventually lose too as long as user can install own kernel drivers. Since such heavy handed DRM is rarely ported to linux this basically shuts me off as a linux user. And due to reasons above this exclusion is worth

    • I'm 100% on board with you. Now more than ever this is such an important concept. But it's met with a bigger problem, I imagine most who would be subject to this software wouldn't understand even if they could see the code, and would be left taking assurances from others, as is this case.

      But I do think having more than one voice is important, and a ton of researchers do some amazing work.

      I guess my point is this, we run a ton of software we have little understanding of every internal working. I think thi

    • Comment removed based on user account deletion

  • Hardware itself can be emulated. Online gaming will always be ridiculously cheatable at.

    That said, in person (not online), controlled, e-sports will replace regular sports. The WWE (ie, fakey entertainment) is the future of all athleticism based sports, in the coming decades genetic engineering and other technologies will make the Olympics ridiculous. I mean, what detectable or undetectable extreme mods will we allow for someone to win medals?

    • When the Olympics get loot boxes, I'll know that it's all over.

      • What do you call the Olympic Committee's rule that a city must ban any shop or kiosk in a n mile radius around any stadium that isn't licensed by them?

    • That said, in person (not online), controlled, e-sports will replace regular sports.

      That's fine with me. I'll still have better things to do than watch.

    • Hey... I'd start watching the olympics (and sports in general) again if the goal became a competition of which athlete managed to juice themself the most. Every wrestling match should be ended with accidental ripped off limbs. Baseball games, the occasional head exploding in the audience by a stray ball.. bring it on! :)

  • Please give me access to the juicy ring 0 so i can do doom eternal things, instead of stealing the everything from the user or flashing his bios to install a commodore 64 emulator in it.

  • They used to be a powerhouse of weak protection of satellite TV.

    Sigh.

  • Main requirement for these things: trust. (Score:5, Insightful)

    by Cley Faye ( 1123605 ) on Saturday May 16, 2020 @05:47PM (#60068382) Homepage

    If you want to install something with that level of access on user's computers, you have to have their trust. So far, the only thing that would cause us to trust this is their words. And they are not reassuring at all for one simple reason: they actively ignore that putting backdoor out there is a thing hackers love. Let's assume they don't do anything shady; and that they'll never do (it's a big assumption, but let's roll with it). Let's assume their "certificate revocation" and other kill switch are effective and can actually be used to do what they say that is, to react to an exploit already in the wild. And, let's also assume that every user keep their games updated all the time.

    Now that's a lot of assumptions, and some of them are only built on "trust us" message in press releases. But even then, this remain a huge liability. Kill switch only works when they are triggered. Selling out an exploit that takes advantage of already installed software like this is way more profitable than going after a bug bounty. And doing it silent for as long as possible is also a given in this kind of business.

    What's the added value of this, when you can already detect a plethora of things from userspace? That's the shadiest part. "But we need full access to your whole computer to detect running program and debug hooks" no you don't, simple as that. If you intend to detect cheats that are also implemented as kernel drivers, it's most likely that they can disguise themselves and prevent detection the same way this Denuvo thing expect to find them. Root can hide himself from root.

    Finally, how to deal with cheaters online? That's a problem for people playing online. Just don't automatically install this, and don't depend on it for the singleplayer. Simple fix, will appease people, will not diminish the experience of online play how hard can it be?

    So far, I was reluctant to buy this game because of Denuvo anti-tamper solely on moral ground that DRM only have negative effects all across the board and when they go wrong they only affect legitimate user's experience. Now, there's no chance in Hell I touch this.

    • Finally, how to deal with cheaters online? That's a problem for people playing online. Just don't automatically install this, and don't depend on it for the singleplayer. Simple fix, will appease people, will not diminish the experience of online play how hard can it be?

      I'm still salty about the fact that this was a solved problem that seems to have been completely unsolved: Let users host their own dedicated servers. Want to play with everyone online? We'll implement garden variety server-side checks, but there may be cheaters just the same. Want to play against a handful of friends you know aren't cheating? Spin up your own server and add a password to it; if someone's clearly playing too good, you know everyone in the game and they won't be allowed in next time. Want to

      • I'm still salty about the fact that this was a solved problem that seems to have been completely unsolved: Let users host their own dedicated servers.

        Sigh, you don't seem to get why dedicated servers went away young padawan. In 1997 Ultima online was released, aka the plot was to con the gullible public out of PC RPG ownership by renaming PC RPG's mmo's. Once they had control of the software microtransation experiments began, aka world of warcraft you could purchase in game items. This taught the game industry not to give us level editors or dedicated servers because they were literally cheating a gullible public out of all the stuff we used to get

    • 14 year old retards will install anything. "Trust" is not required.

    • They'd better hope their self-expiring network keys do the job, because we have at least twenty years of experience that certificates won't. It's already bad enough under benign circumstances, but when the computer user has a strong interest in making sure they don't work then they're never going to do the job.

    • So far, I was reluctant to buy this game because of Denuvo anti-tamper solely on moral ground that DRM only have negative effects all across the board and when they go wrong they only affect legitimate user's experience. Now, there's no chance in Hell I touch this.

      You're not missing much regardless of the DRM. It's like Doom II with modern graphics. Basic. Boring by today's standards.

  • Just use 2FA instead and absolutely no one will bother because it's such an extremely inconvenient hassle.

  • Even if I paid for a license*.

    Because I trust even Russian crackers more than the Content Mafia.
    (And I can verify what the crack actually changed.)

    Also... this will not help fuck-all. Denuvo's code is still running on my CPU at my grace, and I can tell my CPU to do whatever I want. Like alter the code, skip parts, etc. (Which is why DRM is, and will always be snake oil, created by the organized crime, exclusively to steal people's money, by using the works of those who actually worked.)

    (* Which only ever ha

  • Please don't try to make it into one. We had many large companies try it, Alienware, Steam machines, Windows Store, and so on. People want a PC for "general purpose" computing (meaning doing whatever damn they want to do with it).

    I can understand where they are coming from (won't anyone think about online competitions?), well I frankly do not give a hoot. Ninety nine percent of the people will never attend an online competition (not counting amateur ranked matches), and the anti-cheat measures have existed

  • What Ring? (Score:3)

    by meerling ( 1487879 ) on Saturday May 16, 2020 @10:10PM (#60068976)
    Valorants Vanguard System runs in Ring 0, but it doesn't say what Ring the one from Denuvo runs in.
    However, not even most of the operating system runs in Ring 0. No game stuff should EVER be in Ring 0. They shouldn't go past Ring 2, it's a (*****) game!

    Of course the companies say it never causes any problems. DRM companies say it doesn't cause problems even as they're chewing up peoples drives and spitting out corruption like an erupting volcano. Anyone who's ever worked in any software knows that there's no way to test a majority of user configurations and environments in house, and that's just ONE of the reasons you do NOT give more Ring access than absolutely necessary!

    I don't doubt this will go bad, I just don't know when it will blow up.

    Ring 0 to a game anti-cheat program is like giving a toybox of live grenades to a toddler.

    I'll admit that Denuvo, this time, doesn't sound as bad as Vanguard, but that's like saying the Werewolf doesn't seem as bad as the Vampire Swarm.

  • Will a uninstall remove this intrusive software?

    • Maybe.

      The next time the game executable is run, it re-installs the Denuvo malware.

      Personally I wouldn't trust an uninstaller from the likes of Denuvo - an untrustable company.

  • I think it is hilarious that there are people out there that are so disconnected from reality that this is even worthy of brain cycles. But apparently, there are. With all of the real problems in the world to solve, there are people out there that are developing kernel modules to prevent children (mentally or physically) from cheating in games.

    Wow.

  • When Doom Eternal launched it was done so with an accidental non-Denuvo binary in a subfolder. A few interesting things happened when people played the game with that second binary:
    a) loading times reduced
    b) frame rates increased significantly

    The Denuvo binary was also a full order of magnitude larger in size than the nonDRM one.

    At what point do we buy dedicated hardware just to process Denuvo's shitty overhead?

  • So they not only rolled out Denuvo Anti-cheat but actively require it running if you wish to play a single player offline game.

    The game is being review bombed everywhere. Steam's historical is "very positive", and now has been demoted to "mixed" https://store.steampowered.com... [steampowered.com]

  • I wish there would be competitions where the idea is to find the best cheat/algorithm and then win in a game. That would effectively be a hacking competition combined with game play skills (if needed).

    It would be an interesting add rather than endlessly having humans play against each other.

  • It was supposed to be a single play experience. The best single play experience. So why are they wasting their time with multiplay?

    Let's be blunt. You can't beat this shit. They've done the whole online only thing and knew what was coming. The cheaters were coming. It only ever ends that way.

    Even the great John Carmack couldn't fix this one. He helped put rockets in space and have them land end up on a platform at sea. But he couldn't fix cheaters in ID games. Bethesda ain't got a hope in hell.

    • Can't the shared state information needed for multiplayer online games be monitored on the server? especially for serious tournaments and not peer-to-peer connections.

      If you are cheating you are sending unusual to impossible state information back to the server which distributes it but it could also look for odd behaviors to flag you for cheating. Given the latency, this becomes a problem in real time; however, you can log and post process it as slowly as you'd like. Cheaters can do impossible things and

  • Not now though. Stay the fuck out of my kernel.
  • Not being satisfied with shitting all over the Fallout franchise, Bethesda Softworks have now managed to effectively ruin the Doom franchise.

    It's a bait and switch, two months after a successful release, swapping a decent game with a malware-ridden executable. No way in hell is Denuvo getting to run anything in kernelspace on my systems. They can fuck right off in fact. The only non-Microsoft kernelspace items in my system are items controlling hardware I've installed. There's no software-only components,

  • A hex-edit view of the original Doom Eternal exec reveals strings that refer to Denuvo Anti-cheat. Good luck defending yourselves from a lawsuit, Bethesda!

Slashdot Top Deals

I don't have any use for bodyguards, but I do have a specific use for two highly trained certified public accountants. -- Elvis Presley

Close