Developer Hacks Denuvo DRM After Six Months of Detective Work and 2,000 Hooks

After six months of work, DRM developer Maurice Heumann successfully cracked Hogwarts Legacy's Denuvo DRM protection system to learn more about the technology. According to Tom's Hardware, he's "left plenty of the details of his work vague so as not to promote illegal cracking." From the report: Heumann reveals in his blog post that Denuvo utilizes several different methods to ensure that Hogwarts Legacy is being run under appropriate (legal) conditions. First, the DRM creates a "fingerprint" of the game owner's system, and a Steam Ticket is used to prove game ownership. The Steam ticket is sent to the Steam servers to ensure the game was legitimately purchased. Heumann notes that he doesn't technically know what the Steam servers are doing but says this assumption should be accurate enough to understand how Denuvo works.

Once the Steam ticket is verified, a Denuovo Token is generated that only works on a PC with the exact fingerprint. This token is used to decrypt certain values when the game is running, enabling the system to run the game. In addition, the game will use the fingerprint to periodically verify security while the game is running, making Denuvo super difficult to hack.

After six months, Heumann was able to figure out how to hijack Hogwart Legacy's Denuvo fingerprint and use it to run the game on another machine. He used the Qiling reverse engineering framework to identify most of the fingerprint triggers, which took him two months. There was a third trigger that he says he only discovered by accident. By the end, he was able to hack most of the Denuvo DRM with ~2,000 of his own patches and hooks, and get the game running on his laptop using the token generated from his desktop PC. Heumann ran a bunch of tests to determine if performance was impacted, but he wasn't able to get a definitive answer. "He discovered that the amount of Denuvo code executed in-game is quite infrequent, with calls occurring once every few seconds, or during level loads," reports Tom's Hardware. "This suggests that Denuvo is not killing performance, contrary to popular belief."

Long way from using SoftIce, but DRM still sux

[Seven Spirals]

DRM often harms the collectible status, replayability, and long term health of the game. This is probably okay with most players and vendors since they don't have much in the way of legs after a few years anyhow. However, I'll just point out that I have three stores within one mile of my urban dwelling that sell used games. They all have games for/from the NES, Genesis, and Super Nintendo, as well. So, I'm not talking about just having a couple of used PS3 games. Games with a bunch of online DRM or ones tha

Re:

[DamnOregonian]

However, if your car needs a bunch of vendor-locked automotive diagnostic/test gear just to be rebuilt properly, you can be sure collectors are going to avoid it like the plague.

No way in fuck.

It'll be annoyance #2,342,116 that collectors have to deal with when it comes to some car they wanted.
What will happen, is people will come up with workarounds, as they always have when trying to solve the problem of making a machine that hasn't had an OE part manufactured for it in 40 years.

The day I meet a collector who is like, "I've decided to stop being a 914/6 collector because it's too damn hard to find injectors for the MFI motor", or "I've decided I no longer want an E46 M3, bec

Re:

[Baron_Yam]

Collectors are a bit different. I know a guy who said, "I love my car. I've spent $60k getting it in tip top shape and could sell it for almost $20k any time I want to".

I stand to inherit an antique car and honestly, it's going to hurt to sell it but I wouldn't want to spend the money required to keep it. In fact, it's one of the few things our parents have where my siblings and I have gently and carefully expressed interest in NOT inheriting it.

Re:

[DamnOregonian]

That's just it- you're not a car collector.
I promise you, 30 years from now, 2015 Audi R8s will still fill the 27 car garages of collectors.

Re:

[Bentbob]

And many will likely have some issues that would be difficult / impossible to fix.

There might be some 3rd party options for the more popular contemporary car models in the future, but right now the future looks bleak for some cars with very expenseive to replace digital gauge clusters and infotainment modules.

If/when the computing modules start to fail, and require repair/replacement (or hacky work arounds) modern cars will have very unique challenges compared to older cars.

2015 Audi R8 appears to have a ph

Re:

[Seven Spirals]

Injectors are one thing, a janky ass laptop from 2005 with a Sentinel DRM module is another. I simply do not agree that people have an unlimited bar for hassles from the vendor. I call bullshit.

Re:

[DamnOregonian]

There are hacked versions easily available ;)
Call bullshit all you like, if history has taught us anything, it's that you'll be wrong.

Re:

[Seven Spirals]

You sound mad. You mad?

Re:

[EvilSS]

. Games with a bunch of online DRM or ones that need an online server are going to be highly un-tradable in a few years after their release.

PC gaming is almost 100% digital anyway, so you aren't going to be trading any of them today anyway. Even physical PC releases were rarely tradable at game resale stores.

Re:

[Seven Spirals]

Even physical PC releases were rarely tradable at game resale stores.

They definitely did that in my area. The people at the game stores were often extremely knowledgable and several would look up what the DRM was and make sure you still had the manual or original disks, etc... Whatever it needed. On Ebay it's also extremely common. Most collectors are heavy Ebay users. Now, not that I disagree that most games are now fully digital etc... I'm just saying it's going to be relatively hard on collectors and I don't see any reason to alter that statement.

What does it block?

[Brain-Fu]

Does the "fingerprinting" mentioned in the summary mean that the game stops working if I upgrade some hardware components? Or if I get a new PC and install it on that?

Re:What does it block?

[vux984]

No. I've never really heard of that happening.

I expect what happens is that if the finger print changes / no longer matches the hardware, it treats it like a new install, and goes and verifies the purchase with steam again, and generates new fingerprints from that.

Re:What does it block?

[Luckyo]

Sort if. One of the big complaints with Dragon's Dogma 2 (which is Denuvo'd) is that a lot of hardware benchmark people had accounts temporarily banned from the game for installing it on too many hardware configurations.

The rest is the question of how many Denuvo tokens are allowed per account per time frame. That is set by the game publisher.

Re:

[ravenshrike]

The install limit itself is a separate restriction that Capcom paid for.

Re:

[Luckyo]

Like I said above:
>That is set by the game publisher.

Re:

[test321]

A modern illustration of the "Ship of Theseus" paradox.

"In its original formulation, the "Ship of Theseus" paradox concerns a debate over whether or not a ship that had all of its components replaced one by one would remain the same ship.[1] The account of the problem has been preserved by Plutarch in his Life of Theseus:[2]" https://en.wikipedia.org/wiki/... [wikipedia.org]

Surely the Steam ticket is enough

[caseih]

I don't get this insane urge to DRM everything up to the nines with basically malware. Surely the steam ticket is enough to prove ownership of a game, no? Kind of like a Kerberos for games. If they don't trust steam, they are more paranoid than anyone I'd like to do business with.

Re:

[radoni]

I don't get this insane urge to DRM everything up to the nines with basically malware. Surely the steam ticket is enough to prove ownership of a game, no? Kind of like a Kerberos for games. If they don't trust steam, they are more paranoid than anyone I'd like to do business with.

It is about restricting ownership of a game, not proving legitimacy. The value of being able to reach out and take something away from you is worth more to shareholders far beyond the retail price you paid for your license to temporarily view some content. If you aren't comfortable with that, you're old and cringe not living your best life.

Re:

[caseih]

Maybe they'd be better off just charging a monthly fee to run the game.

EMPRESS Cracked this game back in 2023.

[Anonymous Coward]

Not sure what he was trying to prove. It was "cracked" back in Feb 2023. It was released 02/10/23 and was cracked by 02/22/23.

Re:

[GameboyRMH]

It's good news that this "DRM developer" took 6 months to do what a DRM cracker did in less than 2 weeks. "DRM developer" is also one of the most openly villainous job titles I've ever run across.

Hack Denuvo

[Local ID10T]

Lizzie Borden style...

Or just opt out and don't buy games infected with it.

Re: Hack Denuvo

[EldoranDark]

Steam curators are great for this. I subscribe to, I think, Denuvo Sucks. Any time i view the store page for a game that has this DRM, I get a helpful info bar telling me Denuvo is present, or had been removed or addee at one point or another.

Performance hit varies from game to game

[Sarusa]

We've seen cracks where removing the Denuvo vastly improves performance. It all depends on how the game devs cram it in. There are various things you can have Denuvo do, like generate that token, check the code RAM for alterations, check the disk files for changes, check for suspicious stuff running with the game, check everything at startup...

And crucially you get to decide when to do these things. If you check only on startup, no big performance hit (except loading time). If you check a lot of things things every single frame of the game, then yes, you are going to have performance issues.

DRM usually gets crammed in at the last minute because even the game devs hate it (and it plays hell with your debugging), so often the choices made and the defaults Denuvo suggests are... complete overkill. They'd rather you tank the performance than have the game pirated and make them look bad - because they will deny causing any performance issues at all because they're liars and can always say 'well, if you just checked things once there would be no frame rate hit.'

Malware creator claims malware does not effect

[waspleg]

system performance contrary to popular belief.

What a fucking sad waste of intelligence and talent on shit like this.

Re:

[Anonymous Coward]

don't worry it only hijacks you *checks notecard* every few seconds?? jesus christ, i hope the game doesn't have any platforming elements

even a fraction-of-a-second hiccup every 15-30 seconds (i have experienced clockwork stutters in other games, may or may not be DRM-based) is enough to fuck up anything needing even a little amount of timing or precision (i.e. combat)

if that didn't smell of propaganda enough, the crack has a whiff too, directly defeating the fingerprint may be the more impressive means to

Frequency suggest what?

[NomDeAlias]

"He discovered that the amount of Denuvo code executed in-game is quite infrequent, with calls occurring once every few seconds, or during level loads," reports Tom's Hardware. "This suggests that Denuvo is not killing performance, contrary to popular belief."

How is a frequency of a few seconds infrequent? Why would that suggest it doesn't harm performance? Calling on a process every few seconds can certainly impact performance depending on what that process does.

Re:

[Can'tNot]

Why would that suggest it doesn't harm performance?

Well, in the rest of the summary they talk about what the process does (not very much) and how he had difficulty figuring out whether performance was impacted. And, of course, if performance had been impacted greatly then he probably wouldn't have had so much difficulty determining that.

Re:

[NomDeAlias]

I skimmed for the details but didn't find much. What it's actually doing would support the claim to me much better than the reasoning given. I'm not sure difficulty determining it supports the assertion either. The difficulty would be not knowing how much faster it would be running without the DRM and it appears he didn't strip the DRM completely to find out but rather tricked the DRM into running successfully on a different machine.

Of course that also means claims that it is hurting the performance ar

Re:

[NomDeAlias]

It comes across as an oxymoron to me.

I thought Empress already did it?

[G00F]

I thought Empress already did it? Feb 2023.. https://en.wikipedia.org/wiki/... [wikipedia.org]

S what makes his work so special? (not saying it's an easy thing) But I don't recall her cracking it making news here

Re:

[asaa00]

EMPRESS definitely did it and has been cracking Denuvo for some time

"Contrary to popular belief"

[thegarbz]

No one has said that Hogwarts Legacy has a performance issue. Denuvo absolutely can annihilate performance, it's also completely up to the developer in how it gets implemented which is why it is a such a pain to crack.

We have plenty of documented evidence of Denuvo causing large performance hits, especially in games where other hackers (you're not the first) have shown that Denuvo runs checks every x frames of gameplay, rather than just during level loads.

We have plenty of documented evidence that *some* cr

Always on for local single player games

[stikves]

This is the "endgame" for game ownership. It no longer exists.

Even for single player games you buy physically on a disc (I know this particular one's on Steam), you still need an always on internet connection to verify ownership, and has draconian anti-copy measures to make it difficult to preserve the game.

Historically, after a generation ended, almost all games were available as backups. Don't get me wrong, I don't condone piracy, this is for preserving your own paid copy for the future. For example, I ca