Currently not a single Denuvo game released during 2024 has been cracked, and more games released during 2023 remain uncracked than those that were. It's actually pretty effective unlike most other PC DRM schemes.
> It's actually pretty effective unlike most other PC DRM schemes.
I wonder how much that has to do with the actual technical merits of this DRM scheme compared to older DRM schems. Piracy as a service problem has mostly been solved on PC by now, so there's not a lot of incentive to crack games anymore.
Most of what Denuvo does has been done by other DRM schemes before, VMProtect has been used by DRM schemes before Denuvo. It just seems that Denuvo is more aggressive with online verification than previous schemes.
It is most likely due to Denuvo being harder to crack because it is a widely hated DRM. Pirates probably want to crack it on principle.
I don't think most of the pirates actually care that much about whether people download their releases. They just want the credit within the scene of cracking something that's hard to crack or leaking something before street date. For-profit pirates would be an exception to this but I doubt they're very prevalent because most people are pirating to avoid paying.
Denuvo is also an exception to piracy as a service problem being solved because it is widely hated even by non-pirates. If pirates rendered it ineffective, companies would not be using it for their games but preventing piracy is worth the backlash as far as they're concerned.
> If pirates rendered it ineffective, companies would not be using it for their games but preventing piracy is worth the backlash as far as they're concerned.
There sure is a lot of very ineffective/broken non-Denuvo DRM out there, but companies continue to include that too. I doubt it's being done to stop piracy (even if only temporarily), but I wouldn't doubt that they think they're getting their money's worth. https://www.techdirt.com/2024/01/19/ubisoft-says-it-out-loud...
>I don't think most of the pirates actually care that much about whether people download their releases.
they don't care about who downloads what, but you'd better believe that the market hype drives the attention and sets the rewarded merit for accomplishing the crack.
> Denuvo is also an exception to piracy as a service problem being solved because it is widely hated even by non-pirates.
Maybe in an abstract Reddit community kind of way. For paying end users I doubt Denuvo comes up much. It works behind the scenes and is pretty reliable.
> For paying end users I doubt Denuvo comes up much.
Unless their games run slowly, or they can't install a mod/fan patch, or they want to play offline, or they hate having some third party snooping around on their devices and collecting their data.
I am a paying user and i actively avoid games with Denuvo - there is even a curator on Steam that marks games that use Denuvo, which is helpful for doing exactly that.
The reason is simple: i want to have access to the games i bought regardless of Steam and when i buy a game there i also make a separate offline copy for my own archival. Denuvo - or any DRM really - makes that impossible. Fortunately most games (like pretty much all indie games, which are what i mainly buy these days) have no DRM at all on Steam and the few that do make enough of stink for me to know and avoid them.
So yeah, Denuvo is reliable for making me ignore a game (until it is removed at least - amusingly enough that'd often be after a bunch of patches have been released and the game had a bunch sales/price drops)
I'd probably buy a game with Denuvo if i REALLY wanted to play it (e.g. i bought Prey 2017 despite Denuvo) but i'd do that only after the price has dropped to "sandwich levels" (e.g. i bought Prey 2017 at a handful of dollars). Note that i also put money where my mouth is and when a major game that i want to play is released on GOG (which has DRM-free games) i do buy it full price or close to full price.
Steam also displays a notice on games that use Denuvo and other similar 3rd party DRM libraries. It's not super prominent, but it's better than nothing.
I do care if a game uses it. It is not an essential factor, but it can very well lead me to skip a title if it comes to my attention. And that didn't only happen once or twice that I didn't make a purchase.
That some platforms more aggressively inform you about these facts is very appreciated. Same applies to some rootkit anti-cheat software.
It might not often come up by name, but most people can tell when a game is stuttering badly, or when their frame rate is low enough to be making their experience worse.
Denuvo has often been the cause of these issues and less technical players will usually direct their annoyance at the game publisher (which is ultimately the right place) but they won't know to attribute it more directly to Denuvo itself.
I was going to say Lies of P was cracked, but turns out they just removed it from their game. It was up on piracy sites the same day.
I wonder why this happens? Does Denuvo cost a lot of ongoing subscription money for a developer or something? I’ve noticed this happens a decent amount.
I believe Denuvo charges for access to the activation servers. [0]
While the pricing structure has likely changed, for most game companies the long tail end [1] of the sales doesn't justify continuing.
For example, Square-Enix(Final Fantasy, Dragon Quest) removes Denuvo 6 months into a release. For a counter-example, Atlus(makers of Persona/Shin Megami Tensei) are known to never purposely remove the protection.
From a digital historian perspective, I do like the idea of DRM that is just there temporarily to ensure the fat-head of sales before being removed... especially when there's an economic cost spurring companies to not keep it around indefinitely.
The flipside of that is companies not bothering to remove it and ceasing the payments to denuvo effectively making the game not exist anymore until someone is able to crack it, and very few people seem to be able to do so. Not that much of a stretch when you look at the amount of abandonware we have.
Denuvo claims to have a solution to that as well, but to date it hasn't actually shown up in any games. I kind of hope at least one publisher bites just because I'm curious to find out what horrors they've cooked up to make emulation difficult.
There is precedent for that kind of thing, Wii emulation matured early enough that a handful of retail games had code specifically intended to frustrate running them in Dolphin. They abused some details of the real Wiis L1/L2 cache which aren't simulated by Dolphin, and couldn't be without adding an unreasonable amount of overhead.
It could be they are just waiting for the switch 2 to really focus on it. Somebody mentioned how atlus never removes denuvo and also aren't releasing persona 3 for the switch, but will release it for the switch 2.
Every graph I’ve ever seen of video game sales from people who distribute via Steam etc typically has an initial spike if they caught on and got featured, and then a few spikes for things like holiday sales.
Maybe the devs of the game you mentioned decided that after the initial spike had passed, and they are in a long tail period, it is cheaper to remove Denuvo.
Or they just used Denuvo to protect the game during early time when most sales happen and they removed it because they want better performance and also they want people to be able to play the game 20, 50, 100, and 1000 years from now.
I'm not sure how common that is, but I've definitely bought 2 games after the "removed DRM" event. (Basically allowing me to play on Linux in pre-steamdeck times) I'm aware that lots of people don't care.
Sure lots of people don't care, but if you save money on DRM subscription fees and see a tiny bump in sales it could be worth the tiny amount of dev time. Assuming you set it up to be easily removed ahead of time.
A side effect of temporary DRM is the decreased incentive to crack it. Sure the "street cred" is still important to some people but if you just wait a few months it will be gone.
Yes, Denuvo has recurring costs to the developer, it's not a one time payment.
In the case of Lies of P though, the developers accidentally included a debug build .exe without Denuvo in an update, only afterwards was it actually removed entirely because there was no point in including it anymore.
It's always funny when they go to the expense of licensing Denuvo but then accidentally release a DRM-free version one way or another. The other classic blunder is to release a free demo version with an executable that is complete enough to play the data packages from the full version of the game if they are swapped in. That's what "demo bypass" means in the Reddit table.
My (unnamed) favorite was an indie game that you could download with no payment required, but that would prompt you for a key at installation time. If you had 7zip installed, you could just hit context menu on it, do "extract all", click on <game name>.exe and there it was, the full version with no key required.
The devs removed Denuvo from Lies of P because they accidentally leaked an unprotected version. Basically the same is if it was cracked. No point to bug customers with longer loading times and the bloat that comes from D.
What I saw in a YT video related to piracy [0] was that game companies remove their DRM after the game has been effectively pirated, since it doesn't really matter anymore, and cost them money + worse experience for paying end-users.
The guy in the video makes the point that: Game is released --> paying users suffer the lower perf caused by DRM while pirates crack it --> pirates succeed, company removes DRM, paying users benefit from improved perf ^^
They aren't super public with their cost structure, though it appears to generally be a monthly cost for publishers. Most games remove Denuvu after about a year if it's going to get removed. Some of the bigger publishers may have better deals though as titles never remove it, even after multiple years and no new updates.
is it effective or just really everywhere in the codebase like this article suggest?
I don't fully get everything Denuvo does but it seems like if I replace Denuvo with my own mandatory HTTP call it would be as annoying to crack.
> It doesn’t do that very often. [..] It’s only once every few seconds. [..] To me personally, it tells that Denuvo executes checks so infrequently, that the likelyhood of it causing FPS drop seems rather low.
Keep in mind that FPS drops are only one issue with Denuvo's performance. Another common one (which i think is more common in recent releases, judging from comments i've seen) is frame pracing/stuttering/etc - people very often mention in Reddit threads about Denuvo's removal from a game that the update that removed Denuvo fixed these for them (of course it could also be some other change the game had, but this has been the case with more than one game and games receive other patches before removing Denuvo, so i have a hard time accepting all are coincidences).
A slow/lengthy call every few seconds wont affect your average framerate (which is what often developers check for performance measurement) but it will affect your frame pacing and give a stuttery feel. Most people tend to call this a "performance issue" (regardless if it is due to performance or not).
Keep in mind that modern games generate/compile shader and other caches during runtime, that is one of the reasons for stutter. So when they try version with the drm removed the cache is already generated and so there are no stutters
Shader compilation is well known though, and anyone halfway serious about benchmarking these things (like Digital Foundry) factor this in and control for it
DF's claims isn't that it doesn't have any noticeable effect in performance (in fact in a recent video[0] they claim the opposite when Denuvo was introduced to Assassin's Creed Mirage after reviews were done - it can affect performance and thus because of that introducing it after the fact invalidated the CPU performance metrics reviewers had done) but - at least in the cases i remember - they cannot tell if the issues were due to Denuvo or not.
Note though that in a case where they could test both versions, they did find Denuvo to both have lesser performance and affect frame pacing[1] (though that is for a 2yo game, things might be better more recently).
The performance impact Denuvo is known for is not due to the license checks, it is due to running parts of the game in a custom vm. Hogwarts Legacy is new enough that they might be taking a different approach entirely after the whole vmprotect controversy
Denuvo protected games only let some functions go through that VM and typically not functions invoked every frame. Only when you screw up as a developer and hook the wrong thing will performance suffer.
On the other hand, functions that go through the VM messes with the Branch Predictor and increases Cache Miss, which affects anything that runs after (for a short period tho, depending on how often it runs).
You can argue that a good developer will configure Denuvo to only "compile" functions where those side effects doesn't matter (like after loading screens, during cutscenes, when the game is paused, etc). However, I've seen so many stupid mistakes in this industry that I would never trust the experience and skill of said developers, unless I can asses it myself by working on a daily basis with them.
Only when you screw up as a developer do games run below 144 fps on modern hardware. And yet most don't. This isn't a valid argument. Most games do not implement denuvo in a way that performance is magically unaffected
I thought the latest Doom was released "accidentally" without the DRM[0]. Not the first time the studio forgot to properly bake the DRM into the final product.
And he didn't prove that he actually did it at all. I will trust him on that given his reputation but the information in the article is so vague and basic that if we solely rely on that thin evidence literally everyone can claim the same.
There are already many games that are not playable because servers used for DRM were turned off. In this matter I support cracking such "play only online" DRMs, because when I pay for a game I want to play it even after a few years, and maybe even especially after a few years
Just off the top of my head, Ross Scott on youtube (AccursedFarms) has plenty of videos on the subject. A few of them are tucked away in reviews but he now has a dedicated "dead game news" series.
These may not be games you'd want to play but the important message is that it's concerning that the biggest publishers (Ubisoft, EA etc.) can release stuff that will randomly die at some point in the future for no good reason and that they won't even release a patch or server software so you can play the product you paid them for.
You're talking about games that were online-only where the servers have been shutdown. This is not at all what the comment I'm responding to is about, which is games that rely on a DRM that connects to the internet to validate your installation, meaning that even full solo, fully offline games would stop working.
This is an incredibly misleading link. Most of those are online-only games that have been shutdown (or the multiplayer part of the game has been), it's not at all the same as having a DRM that needs to reach a server for a purely solo experience.
I'm really disappointed this doesn't include technical details, especially the bit about "The game can not run without the token, as it is used to e.g. decrypt certain values at runtime and similar things."
Is the game installed encrypted? What encryption schema allows you to decrypt the same set of data using multiple different keys in this way?
If the game isn't installed encrypted it seems easiest just to not allow it to encrypt itself before running.
My vague understanding is that Denuvo generates many redundant diverging paths through the executable, which are chosen at runtime based on pieces of the users hardware signature. The keys you get from the server only work for the paths your hardware is supposed to follow, so if you take those keys to a different machine it will branch in different ways and crash when it's not able to decrypt that path. That redundancy is probably why the protected executables are so large.
That makes sense, but how are these paths encrypted? If it's at runtime, you should be able to just not encrypt them. If it's at install time, do they generate a custom encrypted exe just for you per-download?
It's all done ahead of time when the game is packaged by the developer. The executable you download contains every encrypted path that might be executed, but the authentication handshake only gives you the keys for a subset of those.
If it were possible to fully sandbox an exe, so that it will always be presented the same hardware/system configuration, would that function as a universal denuvo bypass?
From my understanding of looking at denuvo, yes, but at the moment that would require something close to full system emulation -- it's hard to "hide" everything about your 3d hardware in particular, because engines often include different code depending on your exact card, it's GPU power, amount of memory, etc. Emulating a "standard" 3d card would introducing a fairly huge overhead.
Feels within the cost reward for comercial pirates to activate a few copies of the game across every model of GPU. Full emulation with a GPU passthrough...
Ohhh, gotcha! How do they prevent replay attacks? Assuming you were only interested in cracking the game on your specific hardware, could you not just record the decryption key you get and use that offline? Then in theory you could just enumerate every hardware combo and aquire all the keys.
The so-called "rumors" that Denuvo kills performance are not rumors. It's just not true ANYMORE. Older versions impacted performance heavily, but later on the performance impact became negligible.
I used to work at Ubisoft during the whole controversy about Denuvo killing performance in one of the recent Assassins Creeds - all I can say is we've done extensive investigation into this internally, as well as worked with Denuvo to assess these claims and they were just not true, but of course the court of public opinion has spoken so nothing we did or said could have changed it at that point.
There were some cases where there was a noticeable impact, there's quite some benchmarks out there that show a clear difference in FPS and frametimes. But it always seemed like a borked implementation to me, rather than a problem with the product itself.
All I'm saying is that at ubisoft this kind of issue was treated very seriously, not least because if we found out Denuvo was making our game look poor it would put the entire business relationship in jeopardy. We've devoted significant engineering resources on our end to investigate these reports(and yes, we have seen the benchmarks people have done), and no one was able to reproduce this with Denuvo enabled and Denuvo fully removed from the game - obviously we were able to make internal builds where Denuvo was not even present at all, and those builds performed exactly the same as those with Denuvo enabled.
All I'm going to say is that the benchmarks you see online are for pirated versions of the game where the binary isn't the same as the official patched product, and that has various implications beyond our product or Denuvo.
I think the skepticism towards internal testing is because Ubisoft is known to often release broken games that need to be patched up after release. I can't fault people for not trusting them to do internal evaluations if the public releases are in such state.
The benchmarks are sometimes comparing an old build with bypassed denuvo with a newer build with optimizations and no DRM, and claiming that performance increase is only because of no drm and not because of optimizations.
> if we found out Denuvo was making our game look poor it would put the entire business relationship in jeopardy
I think Denuvo is going to have that effect regardless of the performance impact.
> All I'm going to say is that the benchmarks you see online are for pirated versions of the game where the binary isn't the same as the official patched product, and that has various implications beyond our product or Denuvo.
Wait, are you suggesting that pirated versions might run better than the official ones, regardless of their DRM?
>>I think Denuvo is going to have that effect regardless of the performance impact.
Sure, but as always it's a business decision - is the impact of Denuvo on the number of copies sold big enough to offset the fact that Denuvo does actually work and stops some games from being pirated for weeks if not months after launch? I don't know, I never had any view into that data, but I assume it must be the case or otherwise no one would use it.
>>Wait, are you suggesting that pirated versions might run better than the official ones, regardless of their DRM?
No, I'm not suggesting anything. I'm just saying that it's not directly comparable, for instance because the binary will be treated differently by graphics drivers, for better or worse. Also you don't know exactly which version was being compared by who and when and how.
Obviously, you don't have to believe me that Ubisoft engineers have spent significant amount of time testing this in all kinds of configurations - I have no way to prove that, especially since I don't work there anymore.
Lol I used to wonder if the opposite is actually true. The current flavor of Denuvo cracks need to detour so many CPUID checks and winapi calls while also having most of the virtualization and obfuscation intact I wouldn't be surprised if this ends up costing more performance then just having the original protection intact.
It seems you did not actually read what I wrote. I put anymore in caps for a reason.
I never said any recent AC title or any newer Denuvo version suffers from any FPS issues. The loading of games (startup only I think, not level loading) is in fact still very much impacted, especially in the first run.
So all what you wrote is pretty pointless. Denuvo in the past in fact slowed down FPS of games early on as it was making calls the slowed down FPS on every single frame. People did the testing of games after they got cracked, and the cracked versions ran faster.
>>It seems you did not actually read what I wrote. I put anymore in caps for a reason.
And.....did you read what I wrote? I brought up AC specifically because people online have been saying that the cracked version is faster, which I know we have tested at Ubisoft alongside with engineers from Denuvo and found it not to be true. You can of course choose to not believe me, it's the internet after all.
If you say "well I didn't mean AC" then cool, but I had no possible way of knowing what you mean, or what your cut off point is, "anymore" is not a very definitive point in time.
Yes, I did read what you wrote, and you wrote is as a rebuttal or a debunking of my factual statement.
> If you say "well I didn't mean AC" then cool, but I had no possible way of knowing what you mean, or what your cut off point is, "anymore" is not a very definitive point in time.
So because I not specifically mention any title, you just make it about yourself and what you are to have worked on ... that is an incredible cheap and dishonest excuse. "Oh you not specific X enough so I just assume you mean Y." Silly.
> You can of course choose to not believe me, it's the internet after all.
See, and STILL you assume or are so desperate that I suddenly choose not to believe you after I told you never I was obviously talking about old versions that were proven to have an FPS impact. Childish.
If I wanted to argue against that I would mock you for working with en engineer from Denuvo on it, hardly and bias there ;)
End if the day face is Denovo still sucks ass, even if you can not measure any FPS loss anymore, dev remove it after cracks/leaks or even just time passed for a reason that is not just money, its insane bloated shitty VM layer that slows down the games' startup, bloats the games executables up to insane sizes. Legit consumers hate it and want it gone.
And I am aware that certain idiots on Reddit and YouTube post fake videos of more up-to-date titles claiming huge FPS loses, and they continue to claim even recent versions of Denovo eats FPS because they just want it to be true so bad, or they actually compare different versions for games where It's not about the removed D but about the updated game. I never made any indication that I am like that, in fact I made it very clear that I am not. If you actually read what I wrote, it makes your answer even worse. You are just desperate. Go on Reddit r/crackwatch or something like that you will find plenty of people you can fight with, they won't take you working with an Denuvo dev on figuring out supposed facts serious either ;)
You've taken it waaaaaay too personally. No one is attacking you, your statement, it wasn't even meant to be a rebuttal of what you said, I literally just wanted to share a story from my experience.
From reading upthread it sounds like performance impact is heavily dependent on the skill of the game development team, ie: if they pick the wrong things to hook during the in-game runtime checks performance can suffer greatly
Currently not a single Denuvo game released during 2024 has been cracked, and more games released during 2023 remain uncracked than those that were. It's actually pretty effective unlike most other PC DRM schemes.