Denuvo has been broken, company promises countermeasures against new DRM bypasses — zero-day game releases become norm as security concerns mount over hypervisor-based bypass

(Image credit: Getty Images)

A good portion of the gaming- and piracy-adjacent internet has been on fire for the past few weeks, as a bypass for the (in)famous Denuvo copy-protection method has become popular. Not only did the new method enable the release of existing titles, but zero-day repacks are now the norm.

Contemporary versions of Denuvo and its multilayered DRM approaches have stood the test of time well and were widely regarded as the benchmark in the PC game DRM space. Naturally, this spells trouble for Denuvo and its parent company, Irdeto, as its primary source of revenue is now arguably useless.

Article continues below

Go deeper with TH Premium: AI and data centers

The performance remark refers to a past controversy in which Denuvo's checks caused CPU spikes that added strong stuttering and FPS drops in many titles and configurations. This fact was vehemently denied by Denuvo and subsequently mocked online, as cracked versions ran far better.

As usual for any DRM company or publisher, Irdeto also claimed that downloading games with the bypass is a security concern, but this time around, the company has a valid point. Using the hypervisor bypass, even in its latest incarnation, requires users to disable:

• Virtualization-Based Security (VBS): a layer that separates the Windows operating system from the its security enforcement features that run at a higher privilege level.
• Credential Guard: a sub-feature of VBS that keeps login credentials in an container isolated from the rest of the operating system.
• Driver Signature Enforcement: verification that any drivers installed in the system must have a digital signature issued by Microsoft to an identifiable company or developer, in order to prevent installing random drivers at the system level.
• Core Isolation / Memory Integrity (HVCI): similar to the above, but prevents any kernel-level unsigned code entirely, as well as modifications to existing signed code so programs can't attempt to mess with existing drivers.
• Installing a community-made hypervisor (HV) with Windows running on top of it. This HV fakes responses to the checks that Denuvo makes, and runs with higher permissions (ring level -1) than the operating system itself and has full, nearly untraceable access to hardware and software.

As you can imagine, disabling any one of those security features is not advisable, much less deactivating all of them at once. Once all those digital checkpoints are down, anything you run on your system has free rein to take it over completely, in ways that will be difficult to notice or fix, and will naturally evade detection by nearly any antivirus package.

Adding further concern, there's no telling that even without any malicious intent, the new HV won't have a security flaw of its own that, once exploited, runs at an access level beyond even that of the operating system itself.

To its credit, the community foresaw all of these issues, and game repacks include an easy-to-use script to disable and re-enable the security measures. The recommended procedure is to disable them, reboot, and play the game. Once your gameplay session is over, you would enable them again and restart. However, that's a chore for anyone, and one might guess your average user won't think twice about bothering with such trifles as "security."

Even within the piracy community, the team that designed the HV bypass and popular repackers like FitGirl have warned about the security implications of these releases, as trusted as they might be. Prospective gamers who are leery of bringing down their PCs' defenses will have to wait for an actual crack to come around.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.