Binary obfuscation used in AAA Games

blog.farzon.org

72 points by noztol 2 days ago

This is decidedly not what I’d expect to be discussed at Thotcon. That said, super interesting!

As an avid pirate, I’ll say these days even the Denuvo game which were going years without cracks now have “cracks”, although they rely on hypervisor fixes and disabling secure boot and giving the hypervisor cracks unfettered access to your system to intercept the Denuvo checks. [0] It’s a dangerous game we’re playing to keep these AAA games bottom lines fat.

[0] https://www.thefpsreview.com/2026/04/03/denuvo-has-been-brok...

tossit444 - an hour ago

The main site to get these hypervisor cracks thoroughly vets them, requiring the devs to publish the source code to it all.
userbinator - an hour ago

disabling secure boot
...making it even more clear what "secure" boot actually secures: the control others have over your own computer.
- chii - an hour ago
  
  It has their uses. If, for example, a company wants to issue fleet computers to workers or school to students, you want to have secure boot on those devices to prevent tampering. Secure boot makes it so that physical access is not the end all of security.
  If you own the computer yourself, you "ought" to be able to turn off these measures in a way that is undetectable. Being unable to do so would be the red line imho - and looking at those hypervisor cracks available, it's not quite being crossed. The pessimistic, but realistic future prediction is that various media companies would want and lobby for machines to have unbreakable enclaves for which they can "trust" to DRM your machine, and it's just boiling the frog right now. Windows 11's new TPM requirement is testament to that.
  Switch to linux asap - that's about the only thing a consumer is capable of doing.
  - bitwize - 13 minutes ago
    
    This is coming. In particular, without a Secure-Boot-enforced allowlist of operating systems, it will be near impossible to verify that an OS connecting to the internet complies with your locality's age verification laws, so it will soon be illegal to run a computer that does not make Secure Boot mandatory and connect it to the network.
    If you're starting to think "huh, maybe that's why these age verification laws suddenly became all the rage", you're onto something. Whatever the case, "general purpose computing" is definitely cooked.
- 7bit - an hour ago
  
  Cheap take

NooneAtAll3 - 3 hours ago

> While security researchers love the entropy of randomized function layouts

I don't think any competent security researcher has anything positive to say about "security through obscurity"

at best this is lawyer position

landr0id - 13 minutes ago

It's not something to over-index on, but it's not a strong protection measure. It simply raises the overall cost to attack and analyze a system.
Take the PS5 for example. It has execute-only memory. Even if you find a bug, how do you exploit it if you can't read the executable text of your ROP/JOP target?
lm411 - an hour ago

I disagree, obscurity wastes attacker resources and easily fools a lot of simple vulnerability scanners.
Obscurity is totally underrated. Attacker resources are limited.
- dahcryn - 12 minutes ago
  
  thank you, I had this debate at work so many times.
  Sure it's not a security measure as such, but it's still a worthwile component to the overall defense system.
dagmx - 19 minutes ago

Security through obscurity is bad only if the obscurity is the only measure
hsbauauvhabzb - 3 hours ago

It’s not about security, it’s about wasting a crackers time.
Some people find cracking them interesting and fun.
- corysama - an hour ago
  
  Agreed. I’ve done trivial obfuscation for games. In my observation, if you make it trivial to hack your game, huge numbers will trivially hack it. If you make it even slightly non-trivial, the numbers decrease exponentially. The more you waste their time, put up hurdles, the lower the number of successful hackers goes.
  The goal is not perfect security in all situations for all products. The goal is to make the effort required for your particular product excessive compared to the payoff.
zer0zzz - an hour ago

ASLR (for example) is a pretty standard technique, I thought all commercial OSes enabled this generally. What's the purpose of picking at this portion?

maxwg - 2 hours ago

Link to the slides (almost missed it when i was reading): https://farzon.org/files/presentations/Thotcon_talk_may_2025...

Which provides way more information than the article

- 2 hours ago

[deleted]

mahmoudimus - 2 hours ago

oh fascinating. i just finished reverse engineering Aegis and now working on their newest Eidolon. pretty cool technology.

p1necone - 3 hours ago

Echoing the other comments here - why? What is the threat model here and how does this protect you from it?

john_strinlai - 2 hours ago

the threat is people who cheat in games. obfuscation slows them down, but incurs a performance cost. this work is focused on reducing the performance cost.
- from the slides
- zer0zzz - an hour ago
  
  Exactly. That and in game currencies. You like competing in games, or for game-bucks? Well you need some level of obfuscation and hardening to make that viable.

Fokamul - an hour ago

and this is insight from "other" side :) https://www.unknowncheats.me/forum/overwatch/639855-overwatc...

djmips - 3 hours ago

why bother?

LunicLynx - an hour ago

I guess it’s mainly to sell the technology and the illusion that comes with that.
So, money, for supposed control. Which is not true of course

brcmthrowaway - 4 hours ago

What is the fps hit?

bartvk - an hour ago

The reduction of Frames Per Second.

- 4 hours ago

[deleted]

- 4 hours ago

[deleted]