Difference between revisions of "Denuvo"
m (→Denuvo Anti-Tamper: added citation needed and removed reference (it's expanded upon further down the page) |
m (restructured technical infomration) |
||
| Line 1: | Line 1: | ||
'''Denuvo Software Solutions GmbH''' is an Austrian company formed through the management buyout of Sony DADC DigitalWorks, the creators of [[SecuROM]]. Despite the management buyout, Denuvo Software Solutions and Sony DADC still have a close working relationship with the latter acting as a reselling partner of the former. Some games making use of the Denuvo Anti-Tamper product will therefor include mentions of this relationship in their EULAs, and refer to the product as one by Sony DADC or similar.<ref>{{Refsnip|url=https://tos.ea.com/legalapp/WEBTERMS/US/en/PC/|title=Electronic Arts - User Agreement|date=2018-12-12|snippet=EA utilizes certain technical or content protection measures to prevent piracy and the unauthorized copying or use of an EA PC Product. EA PC Products use Origin Online Activation and also may use Sony DADC Austria AG's Denuvo content protection technology.}}</ref> | '''Denuvo Software Solutions GmbH''' is an Austrian company formed through the management buyout of Sony DADC DigitalWorks, the creators of [[SecuROM]]. Despite the management buyout, Denuvo Software Solutions and Sony DADC still have a close working relationship with the latter acting as a reselling partner of the former. Some games making use of the Denuvo Anti-Tamper product will therefor include mentions of this relationship in their EULAs, and refer to the product as one by Sony DADC or similar.<ref>{{Refsnip|url=https://tos.ea.com/legalapp/WEBTERMS/US/en/PC/|title=Electronic Arts - User Agreement|date=2018-12-12|snippet=EA utilizes certain technical or content protection measures to prevent piracy and the unauthorized copying or use of an EA PC Product. EA PC Products use Origin Online Activation and also may use Sony DADC Austria AG's Denuvo content protection technology.}}</ref> | ||
| − | |||
{{ii}} [https://denuvo.com/ Official website] | {{ii}} [https://denuvo.com/ Official website] | ||
| − | + | : [[Wikipedia:Denuvo|Denuvo article on Wikipedia]] | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
==Denuvo Anti-Cheat== | ==Denuvo Anti-Cheat== | ||
| Line 23: | Line 17: | ||
{{ii}} Does not degrade storage drives lifetime,<ref>{{Refsnip|url=http://www.dsogaming.com/news/denuvo-ssd-rumor-is-false-no-system-is-infallible-striving-to-be-a-step-ahead-of-pirates/|title=DSOGaming - Denuvo: SSD Rumor Is False, No System Is Infallible, Striving To Be A Step Ahead Of Pirates|date=2017-09-01|snippet=Completely wrong rumor which is repeated over and over although many 3rd party tests (as well as we) state that our solution does not perform read / write operations to the HDD (hence we have no negative impact on the lifetime of SSDs or any other hardware component).}}</ref> performance in itself,<ref>{{Refurl|url=https://www.pcgamer.com/denuvo-drm-performance-final-fantasy-15/|title=Tested: Denuvo DRM has no performance impact on Final Fantasy 15 - PC Gamer|date=2018-03-10}}</ref> nor has ''ever'' enforced a persistent online connection.<ref>{{Refsnip|url=http://web.irdeto.com/cn/azbw5/7-myths-anti-tamper|title=Irdeto eBook - 7 Myths of Anti-Tamper Software - BUSTED!|date=2018-12-02|snippet=MYTH 4: Anti-tamper requires a permanent online connection<br>FALSE: Anti-tamper does not require a permanent online connection. Gaming platforms require users to be online at the first launch of the game. Anti-tamper uses this initial online connection to re-validate the game license. Any subsequent game launches do not require an online connection.}}</ref><ref>{{Refsnip|url=https://www.sega.com/denuvo|title=SEGA - Denuvo Q&A|date=2018-12-02|snippet=Will games with Denuvo require you to be always online?<br>No. Games will require initial online authentication via Steam during installation. At this point Denuvo will also automatically authenticate. You can then decide to play in offline mode if you wish. Some games sometimes need to be always online, but this isn’t a Denuvo requirement.}}</ref> | {{ii}} Does not degrade storage drives lifetime,<ref>{{Refsnip|url=http://www.dsogaming.com/news/denuvo-ssd-rumor-is-false-no-system-is-infallible-striving-to-be-a-step-ahead-of-pirates/|title=DSOGaming - Denuvo: SSD Rumor Is False, No System Is Infallible, Striving To Be A Step Ahead Of Pirates|date=2017-09-01|snippet=Completely wrong rumor which is repeated over and over although many 3rd party tests (as well as we) state that our solution does not perform read / write operations to the HDD (hence we have no negative impact on the lifetime of SSDs or any other hardware component).}}</ref> performance in itself,<ref>{{Refurl|url=https://www.pcgamer.com/denuvo-drm-performance-final-fantasy-15/|title=Tested: Denuvo DRM has no performance impact on Final Fantasy 15 - PC Gamer|date=2018-03-10}}</ref> nor has ''ever'' enforced a persistent online connection.<ref>{{Refsnip|url=http://web.irdeto.com/cn/azbw5/7-myths-anti-tamper|title=Irdeto eBook - 7 Myths of Anti-Tamper Software - BUSTED!|date=2018-12-02|snippet=MYTH 4: Anti-tamper requires a permanent online connection<br>FALSE: Anti-tamper does not require a permanent online connection. Gaming platforms require users to be online at the first launch of the game. Anti-tamper uses this initial online connection to re-validate the game license. Any subsequent game launches do not require an online connection.}}</ref><ref>{{Refsnip|url=https://www.sega.com/denuvo|title=SEGA - Denuvo Q&A|date=2018-12-02|snippet=Will games with Denuvo require you to be always online?<br>No. Games will require initial online authentication via Steam during installation. At this point Denuvo will also automatically authenticate. You can then decide to play in offline mode if you wish. Some games sometimes need to be always online, but this isn’t a Denuvo requirement.}}</ref> | ||
{{--}} Can increase the difficulty of binary modding, due to its obfuscation of certain parts of the executable. Doesn't ''necessarily'' disallow the practice,<ref>[https://steamcommunity.com/app/493200/discussions/0/1291817837616041996/#c1291817837618918468 Already in the third chapter and I can't launch the game on the same computer while my Steam is offline :: Steam Community Discussions]</ref> nor debugging.<ref>[http://steamcommunity.com/groups/SpecialK_Mods/discussions/0/1319962514590954694/?ctp=378#c1480982971162407922 Special K - "Kaldaien's Mod" :: Steam Community Discussions]</ref> | {{--}} Can increase the difficulty of binary modding, due to its obfuscation of certain parts of the executable. Doesn't ''necessarily'' disallow the practice,<ref>[https://steamcommunity.com/app/493200/discussions/0/1291817837616041996/#c1291817837618918468 Already in the third chapter and I can't launch the game on the same computer while my Steam is offline :: Steam Community Discussions]</ref> nor debugging.<ref>[http://steamcommunity.com/groups/SpecialK_Mods/discussions/0/1319962514590954694/?ctp=378#c1480982971162407922 Special K - "Kaldaien's Mod" :: Steam Community Discussions]</ref> | ||
| + | |||
| + | ===Redeem.exe=== | ||
| + | {{ii}} [https://support.codefusion.technology/redeem/ Official redeem website] | ||
| + | This is a DRM scheme employed on the retail discs in some regions, and is used to authenticate the physical disc as well as a one-time serial key to redeem a Steam key for a game. | ||
===Steam=== | ===Steam=== | ||
| Line 40: | Line 38: | ||
====Technical information==== | ====Technical information==== | ||
| − | + | {{ii}} All servers seems to be hosted on Amazon Web Services (AWS) datacenter EU West 1 in Ireland. | |
| − | * | + | |
| − | + | '''Support pages / "offline activation" pages / redeem.exe:''' | |
| − | + | * support.codefusion.technology [52.16.106.153] | |
| − | + | ||
| − | + | '''Used for Steam protected titles:''' | |
| − | |||
| − | |||
| − | + | ''Currently load-balanced between two AWS instances using round-robin DNS.'' | |
| + | * srv01.codefusion.technology | ||
| + | * srv02.codefusion.technology | ||
| + | * srv03.codefusion.technology | ||
| − | + | '''Unknown usage:''' | |
| − | |||
| − | |||
| − | Test server? | + | ''Test server? Generates valid offline tokens.'' |
| − | * 52.50.151.143 | + | * srv00.codefusion.technology [52.50.151.143] |
| − | + | ''Also load-balanced between the two aforementioned AWS instances.'' | |
| − | * | + | * srv04.codefusion.technology |
| + | * srv05.codefusion.technology | ||
| − | Request/Response API | + | '''Request/Response API''' |
* Content-Type: text/plain | * Content-Type: text/plain | ||
| − | * POST | + | * Method: POST |
* Body: the generated request code (nothing else) | * Body: the generated request code (nothing else) | ||
* https://52.50.151.143/ | https://srv00.codefusion.technology/ <--- Unknown usage. Test server? | * https://52.50.151.143/ | https://srv00.codefusion.technology/ <--- Unknown usage. Test server? | ||
* https://52.16.106.153/validate/ | https://support.codefusion.technology/validate/ <--- Used for "offline activation" for Steam protected titles. | * https://52.16.106.153/validate/ | https://support.codefusion.technology/validate/ <--- Used for "offline activation" for Steam protected titles. | ||
| − | * https://52.17.173.247/ | https://srv01... -> https://srv03... <--- Used for Steam protected titles | + | * https://52.17.173.247/ | https://srv01... -> https://srv03... <--- Used for Steam protected titles. |
| − | * https://52.18.94.153/ | https://srv01... -> https://srv03... <--- Used for Steam protected titles | + | * https://52.18.94.153/ | https://srv01... -> https://srv03... <--- Used for Steam protected titles. |
| − | * Expected body reply: proper request code taking up 5000+ characters | + | * Expected body reply: proper request code taking up 5000+ characters, or a short reply (10~30 characters) which can be assumed to be an error code of sorts. |
====Warner Bros titles==== | ====Warner Bros titles==== | ||
Revision as of 21:43, 5 April 2019
Denuvo Software Solutions GmbH is an Austrian company formed through the management buyout of Sony DADC DigitalWorks, the creators of SecuROM. Despite the management buyout, Denuvo Software Solutions and Sony DADC still have a close working relationship with the latter acting as a reselling partner of the former. Some games making use of the Denuvo Anti-Tamper product will therefor include mentions of this relationship in their EULAs, and refer to the product as one by Sony DADC or similar.[1]
Denuvo Anti-Cheat
Despite being listed on the official website since at least January 2017, this product from Denuvo does not seem to have received much fanfare or use among video games publishers. In August 2018, Irdeto announced the Anti-Cheat technology would soon to be launches as a full end-to-end solution. With this renewed focus on the Anti-Cheat product it is to be expected at least some upcoming games will make use of the technology.
Denuvo Anti-Tamper
Denuvo Anti-Tamper is the current de-facto standard for securing DRM schemes on modern titles. Since its original release back in 2014, it have been used to strengthen the DRM of over 150 titles; some with great success, others less so. At its core, it uses various obfuscation techniques (such as unique hardware-based code paths and virtualization) to make tampering with the account-based DRM (e.g. Microsoft Store, Origin, Steam, or Uplay) protection of a game harder in an attempt to delay piracy. It is embedded in the executable of the game, and only stores licensing data (the "offline token" used to launch the game) separately on the disk. This licensing data is typically a couple of kilobytes in size, and is (re)created when the system environment changes enough to necessitate a new token.
A consequence of its use of unique hardware-based code paths, Denuvo Anti-Tamper requires an online connection periodically as the system environment of the operating system changes with new hardware and/or Windows updates. While everything that might invalidate the token stored on the drive is not fully known, this happens frequently enough for the anti-tamper protection to be described as requiring a periodic online connection every two week or so. This generally is not an issue or hindrance for those with an always present online connection, but can be for people primarily roaming or gaming offline if not proper preparations are made in advance to ensure the validity of the offline token. The lack of transparency regarding this process from Denuvo Anti-Tamper is a hindrance for affected users, as it means few might be aware of Denuvo's presence before being put in a position were the existence of it negatively harms the user experience.
- Requires an online connection at the first launch of a game, after a game update or some Windows updates, when changing specific hardware, or the built-in expiration[citation needed] (if used) has passed.
- Limited to five daily activations per game, which resets 24 hours after the first activation.
- Capable of offline token renewal through a support page (e.g. Metal Gear Solid V: The Phantom Pain) if supported by the game. Origin and Uplay titles do not support this as their token generation is handled within their respective internal activation process where offline is not an option.
- Does not degrade storage drives lifetime,[2] performance in itself,[3] nor has ever enforced a persistent online connection.[4][5]
- Can increase the difficulty of binary modding, due to its obfuscation of certain parts of the executable. Doesn't necessarily disallow the practice,[6] nor debugging.[7]
Redeem.exe
This is a DRM scheme employed on the retail discs in some regions, and is used to authenticate the physical disc as well as a one-time serial key to redeem a Steam key for a game.
Steam
Based on data gathered from Steam-based Denuvo protected titles by monitoring operations performed by Denuvo protected titles through the use of Process Monitor, Fiddler, and in some instances also Wireshark, the basic overview in how the anti-tamper components interacts with the system is quite minimal:
- At the launch of a game a validation of the offline token is performed.
- If the offline token is invalid or missing, an appropriate request code is generated based on the system environment and sent to an online server.
- The online server responds with a corresponding response code.
- The local anti-tamper component uses the response code to write a new valid offline token to the local drive.
- The game continues to launch along with the now valid offline token.
- On subsequent launches the anti-tamper protection will automatically load and make use of the offline token stored on the disk, up until said token is made invalid again.
Beyond the mentioned online connection above, as well as the disk read, and disk write if the offline token is invalid, no other online connection nor disk reads/writes are performed during play.
For Steam protected titles, if the online connection fails the user will get an "offline activation" option where they can make use of a secondary online connected device to retrieve the corresponding response code, an option not available for either Origin, Uplay, or possibly other supported platforms' protected titles as well. The availability of this second option means a local token generator is more than possible for a fully offline procedure, as was confirmed in 2017 with the release of an unofficial offline token generator for Dishonored 2.[8]
Technical information
- All servers seems to be hosted on Amazon Web Services (AWS) datacenter EU West 1 in Ireland.
Support pages / "offline activation" pages / redeem.exe:
- support.codefusion.technology [52.16.106.153]
Used for Steam protected titles:
Currently load-balanced between two AWS instances using round-robin DNS.
- srv01.codefusion.technology
- srv02.codefusion.technology
- srv03.codefusion.technology
Unknown usage:
Test server? Generates valid offline tokens.
- srv00.codefusion.technology [52.50.151.143]
Also load-balanced between the two aforementioned AWS instances.
- srv04.codefusion.technology
- srv05.codefusion.technology
Request/Response API
- Content-Type: text/plain
- Method: POST
- Body: the generated request code (nothing else)
- https://52.50.151.143/ | https://srv00.codefusion.technology/ <--- Unknown usage. Test server?
- https://52.16.106.153/validate/ | https://support.codefusion.technology/validate/ <--- Used for "offline activation" for Steam protected titles.
- https://52.17.173.247/ | https://srv01... -> https://srv03... <--- Used for Steam protected titles.
- https://52.18.94.153/ | https://srv01... -> https://srv03... <--- Used for Steam protected titles.
- Expected body reply: proper request code taking up 5000+ characters, or a short reply (10~30 characters) which can be assumed to be an error code of sorts.
Warner Bros titles
- Currently only known to be used for Mad Max and Batman Arkham Knight.
Domains:
- revalidate.wbgames.com - Load-balanced between two AWS instances using round-robin DNS
- Support pages:
Servers: (Hosted on AWS, US East 1, Virginia)
Round-robin DNS load balanced:
- 35.169.86.124
- 34.200.59.160
Request/Response API
- Content-Type: text/plain
- POST
- Body: the generated request code (nothing else)
- https://35.169.86.124/ | https://34.200.59.160/ | https://revalidate.wbgames.com/
- https://35.169.86.124/validate/ | https://34.200.59.160/validate/ | https://revalidate.wbgames.com/validate/ <--- Used for "offline activation" for Steam protected titles.
- Expected body reply: proper request code taking up 5000+ characters. a short reply (10~30 characters) can be assumed to be an error code of sorts.
Work in progress
Topics that might or might not be covered:
- How does Denuvo interact with operating system? What does it rely upon? What options does the user have?
- Differences between Origin, Uplay, and Steam protected titles
- WB Games' own server revalidate.wbgames.com
- srv01-03.codefusion.technology / support.codefusion.technology
- Offline token files stored on the disk
- for Steam: game-specific under Steam\userdata\[userid]\[gameid]).
- Needs to be rechecked:
- for Uplay: under Uplay\cache\activations in a single account-specific file that stores all tokens for that account;
- for Origin: game-specific files under C:\ProgramData\Electronic Arts\EA Services\License;
- "Offline" activation proceedure
- Concerns
- Online reliance due to design
- Leftover files post-uninstall (aka the offline token files)
- Performance impact
- SSD read/writes
- Compatibility
- SSE4.1 instruction set
- Linux Wine/Steam Proton
References
- ↑ Electronic Arts - User Agreement - last accessed on 2018-12-12
- "EA utilizes certain technical or content protection measures to prevent piracy and the unauthorized copying or use of an EA PC Product. EA PC Products use Origin Online Activation and also may use Sony DADC Austria AG's Denuvo content protection technology."
- ↑ DSOGaming - Denuvo: SSD Rumor Is False, No System Is Infallible, Striving To Be A Step Ahead Of Pirates - last accessed on 2017-09-01
- "Completely wrong rumor which is repeated over and over although many 3rd party tests (as well as we) state that our solution does not perform read / write operations to the HDD (hence we have no negative impact on the lifetime of SSDs or any other hardware component)."
- ↑ Tested: Denuvo DRM has no performance impact on Final Fantasy 15 - PC Gamer - last accessed on 2018-03-10
- ↑ Irdeto eBook - 7 Myths of Anti-Tamper Software - BUSTED! - last accessed on 2018-12-02
- "MYTH 4: Anti-tamper requires a permanent online connection
FALSE: Anti-tamper does not require a permanent online connection. Gaming platforms require users to be online at the first launch of the game. Anti-tamper uses this initial online connection to re-validate the game license. Any subsequent game launches do not require an online connection."
- "MYTH 4: Anti-tamper requires a permanent online connection
- ↑ SEGA - Denuvo Q&A - last accessed on 2018-12-02
- "Will games with Denuvo require you to be always online?
No. Games will require initial online authentication via Steam during installation. At this point Denuvo will also automatically authenticate. You can then decide to play in offline mode if you wish. Some games sometimes need to be always online, but this isn’t a Denuvo requirement."
- "Will games with Denuvo require you to be always online?
- ↑ Already in the third chapter and I can't launch the game on the same computer while my Steam is offline :: Steam Community Discussions
- ↑ Special K - "Kaldaien's Mod" :: Steam Community Discussions
- ↑ DISHONORED.2-STEAMPUNKS - NFO - last accessed on 2018-12-12
- "STEAMPUNKS are proud to bring you the first release including a real Denuvo license generator with untouched game executable. Your license will be regenerated if needed (hw change, os updates)."