Currently not a single Denuvo game released during 2024 has been cracked, and more games released during 2023 remain uncracked than those that were. It's actually pretty effective unlike most other PC DRM schemes.
> It's actually pretty effective unlike most other PC DRM schemes.
I wonder how much that has to do with the actual technical merits of this DRM scheme compared to older DRM schems. Piracy as a service problem has mostly been solved on PC by now, so there's not a lot of incentive to crack games anymore.
Most of what Denuvo does has been done by other DRM schemes before, VMProtect has been used by DRM schemes before Denuvo. It just seems that Denuvo is more aggressive with online verification than previous schemes.
It is most likely due to Denuvo being harder to crack because it is a widely hated DRM. Pirates probably want to crack it on principle.
I don't think most of the pirates actually care that much about whether people download their releases. They just want the credit within the scene of cracking something that's hard to crack or leaking something before street date. For-profit pirates would be an exception to this but I doubt they're very prevalent because most people are pirating to avoid paying.
Denuvo is also an exception to piracy as a service problem being solved because it is widely hated even by non-pirates. If pirates rendered it ineffective, companies would not be using it for their games but preventing piracy is worth the backlash as far as they're concerned.
I was going to say Lies of P was cracked, but turns out they just removed it from their game. It was up on piracy sites the same day.
I wonder why this happens? Does Denuvo cost a lot of ongoing subscription money for a developer or something? I’ve noticed this happens a decent amount.
I believe Denuvo charges for access to the activation servers. [0]
While the pricing structure has likely changed, for most game companies the long tail end [1] of the sales doesn't justify continuing.
For example, Square-Enix(Final Fantasy, Dragon Quest) removes Denuvo 6 months into a release. For a counter-example, Atlus(makers of Persona/Shin Megami Tensei) are known to never purposely remove the protection.
Every graph I’ve ever seen of video game sales from people who distribute via Steam etc typically has an initial spike if they caught on and got featured, and then a few spikes for things like holiday sales.
Maybe the devs of the game you mentioned decided that after the initial spike had passed, and they are in a long tail period, it is cheaper to remove Denuvo.
Or they just used Denuvo to protect the game during early time when most sales happen and they removed it because they want better performance and also they want people to be able to play the game 20, 50, 100, and 1000 years from now.
A side effect of temporary DRM is the decreased incentive to crack it. Sure the "street cred" is still important to some people but if you just wait a few months it will be gone.
Yes, Denuvo has recurring costs to the developer, it's not a one time payment.
In the case of Lies of P though, the developers accidentally included a debug build .exe without Denuvo in an update, only afterwards was it actually removed entirely because there was no point in including it anymore.
The devs removed Denuvo from Lies of P because they accidentally leaked an unprotected version. Basically the same is if it was cracked. No point to bug customers with longer loading times and the bloat that comes from D.
What I saw in a YT video related to piracy [0] was that game companies remove their DRM after the game has been effectively pirated, since it doesn't really matter anymore, and cost them money + worse experience for paying end-users.
The guy in the video makes the point that: Game is released --> paying users suffer the lower perf caused by DRM while pirates crack it --> pirates succeed, company removes DRM, paying users benefit from improved perf ^^
They aren't super public with their cost structure, though it appears to generally be a monthly cost for publishers. Most games remove Denuvu after about a year if it's going to get removed. Some of the bigger publishers may have better deals though as titles never remove it, even after multiple years and no new updates.
is it effective or just really everywhere in the codebase like this article suggest?
I don't fully get everything Denuvo does but it seems like if I replace Denuvo with my own mandatory HTTP call it would be as annoying to crack.
> It doesn’t do that very often. [..] It’s only once every few seconds. [..] To me personally, it tells that Denuvo executes checks so infrequently, that the likelyhood of it causing FPS drop seems rather low.
Keep in mind that FPS drops are only one issue with Denuvo's performance. Another common one (which i think is more common in recent releases, judging from comments i've seen) is frame pracing/stuttering/etc - people very often mention in Reddit threads about Denuvo's removal from a game that the update that removed Denuvo fixed these for them (of course it could also be some other change the game had, but this has been the case with more than one game and games receive other patches before removing Denuvo, so i have a hard time accepting all are coincidences).
A slow/lengthy call every few seconds wont affect your average framerate (which is what often developers check for performance measurement) but it will affect your frame pacing and give a stuttery feel. Most people tend to call this a "performance issue" (regardless if it is due to performance or not).
Keep in mind that modern games generate/compile shader and other caches during runtime, that is one of the reasons for stutter. So when they try version with the drm removed the cache is already generated and so there are no stutters
Shader compilation is well known though, and anyone halfway serious about benchmarking these things (like Digital Foundry) factor this in and control for it
The performance impact Denuvo is known for is not due to the license checks, it is due to running parts of the game in a custom vm. Hogwarts Legacy is new enough that they might be taking a different approach entirely after the whole vmprotect controversy
Denuvo protected games only let some functions go through that VM and typically not functions invoked every frame. Only when you screw up as a developer and hook the wrong thing will performance suffer.
On the other hand, functions that go through the VM messes with the Branch Predictor and increases Cache Miss, which affects anything that runs after (for a short period tho, depending on how often it runs).
You can argue that a good developer will configure Denuvo to only "compile" functions where those side effects doesn't matter (like after loading screens, during cutscenes, when the game is paused, etc). However, I've seen so many stupid mistakes in this industry that I would never trust the experience and skill of said developers, unless I can asses it myself by working on a daily basis with them.
Only when you screw up as a developer do games run below 144 fps on modern hardware. And yet most don't. This isn't a valid argument. Most games do not implement denuvo in a way that performance is magically unaffected
I thought the latest Doom was released "accidentally" without the DRM[0]. Not the first time the studio forgot to properly bake the DRM into the final product.
And he didn't prove that he actually did it at all. I will trust him on that given his reputation but the information in the article is so vague and basic that if we solely rely on that thin evidence literally everyone can claim the same.
There are already many games that are not playable because servers used for DRM were turned off. In this matter I support cracking such "play only online" DRMs, because when I pay for a game I want to play it even after a few years, and maybe even especially after a few years
Just off the top of my head, Ross Scott on youtube (AccursedFarms) has plenty of videos on the subject. A few of them are tucked away in reviews but he now has a dedicated "dead game news" series.
These may not be games you'd want to play but the important message is that it's concerning that the biggest publishers (Ubisoft, EA etc.) can release stuff that will randomly die at some point in the future for no good reason and that they won't even release a patch or server software so you can play the product you paid them for.
I'm really disappointed this doesn't include technical details, especially the bit about "The game can not run without the token, as it is used to e.g. decrypt certain values at runtime and similar things."
Is the game installed encrypted? What encryption schema allows you to decrypt the same set of data using multiple different keys in this way?
If the game isn't installed encrypted it seems easiest just to not allow it to encrypt itself before running.
My vague understanding is that Denuvo generates many redundant diverging paths through the executable, which are chosen at runtime based on pieces of the users hardware signature. The keys you get from the server only work for the paths your hardware is supposed to follow, so if you take those keys to a different machine it will branch in different ways and crash when it's not able to decrypt that path. That redundancy is probably why the protected executables are so large.
That makes sense, but how are these paths encrypted? If it's at runtime, you should be able to just not encrypt them. If it's at install time, do they generate a custom encrypted exe just for you per-download?
Readit News
Currently not a single Denuvo game released during 2024 has been cracked, and more games released during 2023 remain uncracked than those that were. It's actually pretty effective unlike most other PC DRM schemes.
I wonder how much that has to do with the actual technical merits of this DRM scheme compared to older DRM schems. Piracy as a service problem has mostly been solved on PC by now, so there's not a lot of incentive to crack games anymore.
Most of what Denuvo does has been done by other DRM schemes before, VMProtect has been used by DRM schemes before Denuvo. It just seems that Denuvo is more aggressive with online verification than previous schemes.
I don't think most of the pirates actually care that much about whether people download their releases. They just want the credit within the scene of cracking something that's hard to crack or leaking something before street date. For-profit pirates would be an exception to this but I doubt they're very prevalent because most people are pirating to avoid paying.
Denuvo is also an exception to piracy as a service problem being solved because it is widely hated even by non-pirates. If pirates rendered it ineffective, companies would not be using it for their games but preventing piracy is worth the backlash as far as they're concerned.
I wonder why this happens? Does Denuvo cost a lot of ongoing subscription money for a developer or something? I’ve noticed this happens a decent amount.
[0] https://www.techpowerup.com/275158/denuvo-drm-pricing-struct...
[1] https://en.wikipedia.org/wiki/Long_tail?useskin=vector
Maybe the devs of the game you mentioned decided that after the initial spike had passed, and they are in a long tail period, it is cheaper to remove Denuvo.
Or they just used Denuvo to protect the game during early time when most sales happen and they removed it because they want better performance and also they want people to be able to play the game 20, 50, 100, and 1000 years from now.
In the case of Lies of P though, the developers accidentally included a debug build .exe without Denuvo in an update, only afterwards was it actually removed entirely because there was no point in including it anymore.
You’re limited to 3 or 5 activations per day.
The guy in the video makes the point that: Game is released --> paying users suffer the lower perf caused by DRM while pirates crack it --> pirates succeed, company removes DRM, paying users benefit from improved perf ^^
[0]: https://youtu.be/_Fu4pE46-zM
Keep in mind that FPS drops are only one issue with Denuvo's performance. Another common one (which i think is more common in recent releases, judging from comments i've seen) is frame pracing/stuttering/etc - people very often mention in Reddit threads about Denuvo's removal from a game that the update that removed Denuvo fixed these for them (of course it could also be some other change the game had, but this has been the case with more than one game and games receive other patches before removing Denuvo, so i have a hard time accepting all are coincidences).
A slow/lengthy call every few seconds wont affect your average framerate (which is what often developers check for performance measurement) but it will affect your frame pacing and give a stuttery feel. Most people tend to call this a "performance issue" (regardless if it is due to performance or not).
You can argue that a good developer will configure Denuvo to only "compile" functions where those side effects doesn't matter (like after loading screens, during cutscenes, when the game is paused, etc). However, I've seen so many stupid mistakes in this industry that I would never trust the experience and skill of said developers, unless I can asses it myself by working on a daily basis with them.
[0] https://www.pcgamer.com/bethesda-accidentally-left-a-denuvo-...
https://www.youtube.com/watch?v=suABtb8_2Zk
I'll need a source for that.
These may not be games you'd want to play but the important message is that it's concerning that the biggest publishers (Ubisoft, EA etc.) can release stuff that will randomly die at some point in the future for no good reason and that they won't even release a patch or server software so you can play the product you paid them for.
https://www.pcgamingwiki.com/wiki/List_of_games_using_Always...
And Denuvo will be why I pirate it, should I get tired of waiting for the vendor to remove that crap.
Is the game installed encrypted? What encryption schema allows you to decrypt the same set of data using multiple different keys in this way?
If the game isn't installed encrypted it seems easiest just to not allow it to encrypt itself before running.