Difference between revisions of "Denuvo"
m (added reselling partnership with Sony DADC.) |
m (→System interaction: added sentence about offline token generator being possible, and the dishonored 2 token generator) |
||
| Line 31: | Line 31: | ||
Beyond the mentioned online connection above, as well as read and write (if the offline token is invalid), no other online connection nor disk writes or reads are performed by Denuvo Anti-Tamper during play, based on extensive testing through the above mentioned tools across multiple protected titles. | Beyond the mentioned online connection above, as well as read and write (if the offline token is invalid), no other online connection nor disk writes or reads are performed by Denuvo Anti-Tamper during play, based on extensive testing through the above mentioned tools across multiple protected titles. | ||
| − | + | For Steam protected titles, if the online connection fails the user will get an "offline activation" option where they can make use of a secondary online connected device to retrieve the corresponding response code, an option not available for either Origin, Uplay, or possibly other supported platforms' protected titles as well. The availability of this second option means a local token generator is more than possible for a fully offline procedure, and was confirmed in 2017 with the release of an unofficial offline token generator for [[Dishonored 2]].<ref>{{Refsnip|url=https://predb.pw/y.php?type=nfo&id=OGJwUm54VjdzNk9uYlhoclJyTnh5RkFaUWxRMEY4NXdjckFzUGQrUVNWWT0|title=DISHONORED.2-STEAMPUNKS - NFO|date=2018-12-12|snippet=STEAMPUNKS are proud to bring you the first release including a real Denuvo license generator with untouched game executable. Your license will be regenerated if needed (hw change, os updates).}}</ref> | |
Revision as of 09:42, 12 December 2018
Denuvo Software Solutions GmbH is a company based out of Austria which were formed through the management buyout of Sony DADC DigitalWorks, the creators of SecuROM. That said, Denuvo Software Solutions GmbH and Sony DADC still have a close working relationship, with the latter acting as a reselling partner of the former. Some games making use of the Denuvo Anti-Tamper product will therefor include mentions of this relationship in their EULAs, and refer to the product as one by Sony DADC or similar.[1]
Products
- Anti-Tamper
- Anti-Cheat
- DRM scheme employed on retail discs in some regions "redeem.exe"
Denuvo Anti-Cheat
Despite being listed on the official website since at least January 2017, this product from Denuvo does not seem to have received much fanfare or use among video games publishers. In August 2018, Irdeto announced the Anti-Cheat technology would soon to be launches as a full end-to-end solution. With this renewed focus on the Anti-Cheat product it is to be expected at least some upcoming games will make use of the technology.
Denuvo Anti-Tamper
Denuvo Anti-Tamper is the current de-facto standard for securing DRM schemes on modern titles. Since its original release back in 2014, it have been used to strengthen the DRM of over 150 titles; some with great success, others less so. At its core, it uses various obfuscation techniques (such as unique hardware-based codepaths, or virtualization) to make tampering with the DRM protection of a game harder in an attempt to delay piracy.
A consequence of its use of unique hardware-based codepaths, Denuvo Anti-Tamper requires an online connection periodically as the system environment of the operating system changes with new hardware and/or Windows updates. While everything that might invalidate the token stored on the drive is not fully known, this happens frequently enough for the anti-tamper protection to be generally described as requiring a periodic online connection every two week or so. While this generally is not an issue or hindrance for those with an always present online connection, it can be a hindrance for people primarily roaming or gaming offline if not proper preparations are made in advance to ensure the validity of the offline token. The lack of transparency regarding this process from Denuvo Anti-Tamper is a hindrance for affected users, as it means few might be aware of Denuvo's presence before being put in a position where the existence of it negatively harms the user experience. More on this is discussed further down (to be written).
System interaction
Based on data gathered by monitoring operations performed by Denuvo protected titles through the use of Process Monitor, Fiddler, and in some instances also Wireshark, the basic overview in how the anti-tamper components interacts with the system is quite minimal:
- At the launch of a game a validation of the offline token is performed.
- If the offline token is invalid or missing, an appropriate request code is generated based on the system environment and sent to an online server.
- The online server responds with a corresponding response code.
- The local anti-tamper component uses the response code to write a new valid offline token to the local drive.
- The game continues to launch along with the now valid offline token.
- On subsequent launches the anti-tamper protection will automatically load and make use of the offline token stored on the disk, up until said token is made invalid again.
Beyond the mentioned online connection above, as well as read and write (if the offline token is invalid), no other online connection nor disk writes or reads are performed by Denuvo Anti-Tamper during play, based on extensive testing through the above mentioned tools across multiple protected titles.
For Steam protected titles, if the online connection fails the user will get an "offline activation" option where they can make use of a secondary online connected device to retrieve the corresponding response code, an option not available for either Origin, Uplay, or possibly other supported platforms' protected titles as well. The availability of this second option means a local token generator is more than possible for a fully offline procedure, and was confirmed in 2017 with the release of an unofficial offline token generator for Dishonored 2.[2]
---
This will hopefully end up being a completed article eventually that tries to inform and explain how Denuvo Anti-Tamper works from an end-user perspective, with sections covering often raised questions or concerns. The information listed here have been gathered by applying black-box testing on Denuvo Anti-Tamper protected titles in various scenarios and analyzing traffic and events through WireShark, Fiddler, and Process Monitor. Some aspects of it may also be based upon comments by cracking teams, as they are some of the ones most knowledgeable about the internal workings of it.
Note that the article is a work in progress, and may change frequently.
Topics that might or might not be covered:
- How does Denuvo interact with operating system? What does it rely upon? What options does the user have?
- Differences between Origin, Uplay, and Steam protected titles
- WB Games' own server revalidate.wbgames.com
- srv01-03.codefusion.technology / support.codefusion.technology
- Offline token files stored on the disk
- for Steam: game-specific under Steam\userdata\[userid]\[gameid]).
- Needs to be rechecked:
- for Uplay: under Uplay\cache\activations in a single account-specific file that stores all tokens for that account;
- for Origin: game-specific files under C:\ProgramData\Electronic Arts\EA Services\License;
- "Offline" activation proceedure
- Concerns
- Online reliance due to design
- Leftover files post-uninstall (aka the offline token files)
- Performance impact
- SSD read/writes
- Compatibility
- SSE4.1 instruction set
- Linux Wine/Steam Proton
---
Denuvo Steam related servers
Domains:
- srv00.codefusion.technology - Test server?
- srv01.codefusion.technology - Load-balanced between two AWS instances using round-robin DNS - Used for Steam protected titles #1.
- srv02.codefusion.technology - Load-balanced between two AWS instances using round-robin DNS - Used for Steam protected titles #2.
- srv03.codefusion.technology - Load-balanced between two AWS instances using round-robin DNS - Used for Steam protected titles #3.
- srv04.codefusion.technology - Load-balanced between two AWS instances using round-robin DNS - Unknown usage.
- srv05.codefusion.technology - Load-balanced between two AWS instances using round-robin DNS - Unknown usage.
- support.codefusion.technology - Redeem.exe, "offline activation", error support pages
Servers: (Hosted on AWS, EU West 1, Ireland)
Round-robin DNS load balanced:
- 52.17.173.247
- 52.18.94.153
Test server?
- 52.50.151.143
Support:
- 52.16.106.153
---
WB Games Denuvo servers
Domains:
- revalidate.wbgames.com - Load-balanced between two AWS instances using round-robin DNS - Used for Batman: Arkham Knight + Mad Max on Steam.
- Support pages:
Servers: (Hosted on AWS, US East 1, Virginia)
Round-robin DNS load balanced:
- 35.169.86.124
- 34.200.59.160
References
- ↑ Electronic Arts - User Agreement - last accessed on 2018-12-12
- "EA utilizes certain technical or content protection measures to prevent piracy and the unauthorized copying or use of an EA PC Product. EA PC Products use Origin Online Activation and also may use Sony DADC Austria AG's Denuvo content protection technology."
- ↑ DISHONORED.2-STEAMPUNKS - NFO - last accessed on 2018-12-12
- "STEAMPUNKS are proud to bring you the first release including a real Denuvo license generator with untouched game executable. Your license will be regenerated if needed (hw change, os updates)."