Holy Piracy: A new class of hypervisor-based cracks is turning Denuvo into an unprecedented business nightmare. Major game productions protected by the Irdeto-owned anti-tamper tech are turning into day-one cracked releases, but Denuvo said it is already working on potential countermeasures.
In recent years, Denuvo has managed to fight widespread PC piracy thanks to its hard-to-crack anti-tamper technology. However, Denuvo's aura of invincibility has recently melted away like snow in the sun. A new virtualization-based method is apparently good enough to crack even the latest triple-A game releases, although the cracks require some potentially significant security compromises.
As explained by Voices38, developing a proper Denuvo crack for a modern game such as Doom: The Dark Ages still is a complex, time-consuming endeavor. The new virtualization method is much simpler as it requires a custom or modified hypervisor driver to fool Denuvo's anti-tamper code and isolate it from the Windows host system. Denuvo's code is left untouched, and the game can run in its original state despite its pirated nature.
Notorious game repacker FitGirl clearly explains what hypervisor-based cracks are and how they work. A hypervisor is a key component in virtualization platforms, as it manages, creates, and runs virtual machines and virtualized OS instances. The new cracks require users to disable the Windows-native bare-metal hypervisor (Hyper-V), plus a few other security features designed to prevent unsigned code and drivers from running below the Windows kernel privilege level.
Early hypervisor cracks also forced users to disable Secure Boot, but the developers have now created a much-improved version of the bypass. The cracks can still cause some stability issues, mostly on older Intel CPUs. Known as "DenuvOwO," the resourceful programmers are announcing their cracked releases mostly through the Steam Underground (Cs.rin.ru) forums.
Both SU and FitGirl have joined forces to improve the safety of the hypervisor cracks, but they still involve some significant changes to Windows' security settings. The Cs.rin.ru community provides a (mostly) user-friendly guide about the whole ordeal, asking users to inform themselves before trying to bypass Denuvo with an unsigned hypervisor driver.
In any case, the hypervisor cracks are becoming a significant turning point in the PC piracy scene – something I have never seen before despite coming from the floppy disk era. Major game releases such as Resident Evil: Requiem and Crimson Desert have been cracked/bypassed in just a few hours, while older games are being cracked at an accelerated pace. DenuvOwO now brings tens of new Denuvo hypervisor releases every day, while the list of Denuvo uncracked games on the CrackWatch subreddit is being decimated by the day.
Is Denuvo going to become irrelevant anytime soon? Irdeto has now confirmed to TorrentFreak that the company is working on a countermeasure against the hypervisor bypass method. Irdeto said that the new version will neither require hypervisor-style access to the PC hardware (Ring -1) nor affect game performance at the user level.
The piracy community is actively debating the countermeasure issue. Denuvo's anti-tamper technology was apparently a bit harder to crack in the Mega Man Star Force Legacy Collection release, which means it took DenuvOwO a few days rather than hours to ultimately bypass the protection.