Denuvo has been cracked in all single-player games it previously protected
tomshardware.com360 points by oceansky 6 days ago
360 points by oceansky 6 days ago
During the time of the Soviet Union, it was an urban legend that during supply shortages, Soviet factories would have no real work, but workers needed to keep up the appearance of working, so they would have one line of workers continuously assembling devices, feeding into another line that would continuously disassemble them, all in a loop where nothing gets produced.
In many ways, it feels like we are seeing this today in the digital world. As a specific example, GTA 5 (singleplayer) is a game that has been pirated for about 10 years now, and has received zero content updates in that time, yet somewhat recently (maybe a few years ago?) they updated the game on Steam to have new DRM that constantly conflicts with the Steam Deck sleep mode and kicks you out of the game at random after waking up, or just won't even let you launch if you're without internet and haven't launched it within a few days. Nothing worthwhile was produced by this endeavor, that's for sure.
I have a slightly different story, told by a Romanian coworker who was old enough to have worked in a factory under Ceaucescu: the workers stole from the factory, all the time, at every level. Managers would be able to take away complete items for "testing"; ordinary line workers would be limited to what parts they could plausibly conceal in their overalls at the end of the shift, then assemble them in their own time.
As someone who used to be a Pirate Party supporter, piracy has to exist in an equilibrium to avoid killing the host, and I don't know if that's possible on today's internet. Both "absurdly onerous DRM making the game unplayable, especially once abandoned" and "Rockstar spends $265m making the game, one person buys a copy, and everyone else pirates it" are bad outcomes. The optimal one is probably somewhere in the "a small number of people who Know A Guy pirate the game, gradually increasing over time" range. But that may not be sustainable either.
> Both "absurdly onerous DRM making the game unplayable, especially once abandoned" and "Rockstar spends $265m making the game, one person buys a copy, and everyone else pirates it" are bad outcomes.
Fortunately the second one isn't a real thing. There are many games that have already been cracked, or that never had any DRM to begin with, and there are still large numbers of people who pay for them. Because they want the publisher to continue making games more than they want to avoid paying <1% of their annual income for something.
Which is in turn why the DRM not only doesn't work but is actively harmful to the publisher. Getting people to want to pay is a lot easier when you're not actively pissing them off. Meanwhile the DRM gets cracked anyway and then you're worse off than when you started, because not only can they still pirate it, now more of them want to.
> the workers stole from the factory, all the time, at every level.
I think the context is important. These were people in poverty, in an extremely mismanaged society. You could get very little from actual shops. Most things would have to be bartered for. Stealing from the state accounted for a very important part of peoples' sustenance. My grandfather would try to explain it like this: even if you had money, there wasn't anything to buy. In that sense, even the factory managers were poor. Sarah C. M. Paine says that, in terms of buying power, the First Secretary of USSR's wife was poorer than an average American middle-class wife.
Yes. Hence the stories of people (Brezhnev?) being astonished and baffled at simply walking into an American supermarket.
Of course, one reason why there wasn't much on the shelves was it had been already stolen by other people closer to the source ...
(something of a generic problem of low trust societies, not specific to Communism. I think we sometimes don't appreciate how valuable a high trust society is to us in the West, which is why people trying to destroy it by looting from the top are particularly dangerous: the rot spreads from the top)
In Soviet times in Russia there been rhyme:
Тащи с завода каждый гвоздь - ты здесь хозяин а не гость.
Take every nail from the factory post,
You aren't a visitor, you are the host!
This is how some people end up with parts of ICBM or space ships as part of their country datcha landscape design.
After all propaganda loved to tell that everything is owned by people's.
most games make a very good chunk of their lifetime revenue during their first weeks. If you can avoid piracy during that period (through wishlisting, preorders and such) piracy is not going to eat into your revenue significantly.
On the other hand, having strongly anticonsumer DRM will certainly affect sales. If you have a loss of performance or make it too much a hassle (mandatory connections, updates, etc) that will eat into your revenue, and twice as you are paying money to third parties to have consumers be shun away.
That assembly line workers are constantly being kept fresh on their skills and processes. If you can't get some component for 3 months, new units can almost immediately be pushed out of the factory when the component does arrive. If you bring on new workers, you train them on the disassembly process first and then move them onto the assembly line once they understand the construction.
The only downsides are paying the factory workers to spin their wheels and the 2x wear and tear on tools and replacement costs of any components damaged by the constant handling.
The US does something similar with the national defense manufacturers. We don't necessarily need more of a vehicle but if that factory sits dormant for 2 years until we do need replacements, it's going to take a long time to train workers. And you run a risk of losing any tribal knowledge those workers carried. You can lower production rates so you aren't buying too many things at once but keeping a small crew busy will allow you to quickly ramp production if necessary.
> The US does something similar with the national defense manufacturers.
You also see this with the European space industry especially in the rocket building. A lot of money is poured into the industry even if there are no massive returns or advancements just in order to keep the people and skills. If you let these slip, rebooting the sector would be a decades long affair so doing busy work sometimes is the better option.
Heck, even most large tech companies do this type of busy work assignment. They hire en-masse but many of those people are never really put to work. Their greatest value is that they stay out of the competition's hands, if there is a massive project coming up the people are already there, and they can be dumped in case of emergency to prop up the stick price.
The “keep up the appearance of working” story feels like a misleading comparison to me, because the motivations are pretty much reversed. In the hypothetical factory, there's an external social element requiring the appearance of working, some observer to whom it looks good that this is happening: the way I read it, the assemblers and disassemblers may well be cooperating with each other to produce that appearance, so that the absurdity is visible from within (though they could also just be unaware of each other's assigned tasks). In the case of anti-copying technologies, game publishers trying to guard their revenue stream, and other groups trying to distribute or play unauthorized copies, are adversaries whose tactics create relative losses for each other that can bleed into the surrounding society: seems bad that it impacts other users / risks jobs and livelihood / is various forms of unfair (depending on one's moral feelings around which actions are ‘justified’), but their individual actions are incentive-aligned from within the conflict.
DRM authors and implementors know it doesnt work. The decision is made by people in suits based on traditional business culture that doesnt fit the digital world. The same people making denuvo are also the ones breaking it.
Are you grouping the implementors with the crackers because they understand the limitations of the technology, or are you saying they're directly working with each other to scam the publishers and/or audience (and that this is sufficiently common to overturn the whole framing—a conflict can have some proportion of double agents and defectors while centrally remaining a conflict)? If the former, even supposing that many individual implementors and crackers would agree that the technology is inefficient/breakable/whatever, I still think the driving conflict that causes the implementation and the cracking to happen at all is between a broad cluster of agents around the game publishing activity (including managers, investors, game developers and artists, and more indirectly DRM implementors, integrators, and salespeople) and a broad cluster of agents around the unauthorized copying activity (including people who do ripping and DRM cracks on a technical level, distribution channels, and people who look to those channels to play games without buying them the authorized way). That there are principal–agent inconsistencies within each cluster seems like more of a sideshow; a war doesn't stop being a war because enough of the soldiers have realized that their weapons don't work very well, or because they realize that in some other world they'd have been on the same side.
If you notice, if you said is correct, this means it would be incredibly easy to yank your ownership of GTA 5 simply by retiring denuvo related account.
All that would be publicised would be " GTA 5 denuvo key license is now over" and people would not know
> they updated the game on Steam to have new DRM that constantly conflicts with the Steam Deck sleep mode and kicks you out of the game at random after waking up, or just won't even let you launch if you're without internet and haven't launched it within a few days
Meanwhile the "pirates" enjoy a superior experience. They don't have to put up with this nonsense. They can use the devices they want. They can install the games on as many machines as they want. They can play the games offline. Their games are faster because there's no obfuscated nonsense code running. They don't have to suffer idiotic invasive kernel mode DRM nonsense on their computers, software whose only difference from literal malware is legal boilerplate in a document that nobody reads but that everybody theoretically accepted when they fast forwarded through the installation screens furiously clicking next so they could play the game they paid for.
Makes me feel like a total moron for buying games every single time.
I've heard that story (or a similar one) about Boeing on a cost-plus contract in the War; one group of employees would dump screws together, and the night shift would sort them apart.
the management must've forgot they literally gave gta 5 away on epic store like 5 years ago, lol.
GTA V got a major update last year that included eg DLSS support. It would perhaps make sense if the DRM changed at that point?
I've had to take a moral stance and move to just playing games on Gog that I can buy and own the files for. No I can't play the latest and greatest but it's not the end of the world as I've so many classics to still play and enjoy. I can't support lockdown and DRM anymore. If I buy I want to own, otherwise I've not bought. It is true, if buying isn't owning, then piracy isn't stealing.
Right where I've landed as well. I just won't buy titles with Denuvo DRM, ever, no matter how much I want the game.
Was pleasantly surprised to find Doom Eternal is now on GOG a couple of days ago. If you're willing to wait, some AAA titles show up that previously had draconian DRM.
Surprisingly, there were DRM games praised for good UX, only these were hardware releases.
When Switch 1 launched, it got re-releases (eg: Diablo 3) that were: 1. complete editions with DLCs, 2. came on a cartridge that one could swap between devices or sell, 3. supported offline play.
Online game stores were supposed to offer better UX than hardware releases. I find it interesting, and perhaps a sign of how bad the online experience can get, that the opposite can happen too.
I'm willing to buy on Steam, however not with intrusive DRM. Nor with 3rd party store requirements (like EA games on Steam).
E.G. I'd like to own a copy of the modern Persona games. I'm in no particular rush. If the studios want my money when they're on sale for like 50% off launch price, gain some profit per sale and additional sales by axing the useless DRM.
Likewise, I will not even consider paying for games (or music) that don't have an unencumbered download option. If the game is open source I will usually buy it without even thinking very hard about whether I'll play it.
Generally any game you can buy on GoG is also DRM free on Steam. I mention since many people have the incorrect notion that all Steam games have DRM
There's still a difference — GOG provides you with downloadable installers you can archive, Steam doesn't.
You can archive the installed files from Steam though. An example is the pixel art program Aseprite. The devs said just to copy the binary out of the Steam folder and place it elsewhere if you wish.
That's still not "archiving" though. It's one thing to download the installer, and quite another to install the game and copy the files hoping it will all still work. Especially on windows when registry entries are involved.
You have no clue what you are talking about. Registry entries that are required by games are like a thing of the past for like 25 years or something.
I am a heavy pirate and I my favorite games come as raw files torrents with the crack pre-applied. Games these days (with DRM removed) simply execute no matter where you copy and move them they just work. The cracks themselves do not modify any registry entries or make the game write them new or differently because they simply do not use the registry. Games write their savegames in AppData or Documents and THAT IS IT. Installers are glorified copy machines with ads on them (GOG) for example. They copy files and put a shortcut in your start menu and desktop and THAT IS IT, they do not write special registry entries for a game to work. Again this has not been a thing for like 25 years. I think it was when SecureROM was a thing.
So yes some steam games actually come DRM free, and you do not even have to move them out of the original steam install folder you just need to execute the EXE without steam running and they work. So indeed it is in fact achieving if you simply keep the files somewhere. For game with basic steam DRM you can use a crack or use steamless that basically removes the steam DRM that is very basic from the exe and use Goldberg Steam Emu to emulate steam. You do all this after the fact so you CAN for all the game that to not have some advanced DRM like Denovo just achieve the games files and make them work later on without Steam.
But it won't launch without being logging into your steam account
It will if it's DRM-free. The login check is an optional call that the developer has to intentionally use. Usually if you're a small developer releasing a DRM-free game you'd make your game degrade gracefully if Steamworks doesn't work, so you can publish the same builds on Steam and on any other store.
99% of games that use that sort of protection can be cracked in about 5 minutes by simply copying a steam emulator library into the game folder.
thus is not truely DRM free.
I love steam but even if it can barely be called a DRM, it still is. People not into computer science will have no clue how to do it, and that's what matters when talking about owning your own games, you should not require knowledge to keep something you paid for
"Not into computer science" lol. I knew how to copy a damn crack at 13 years or whatever and a barely figured out windows by that time. You act like people are stupid. Sure there are some console gamers who only use their phone for social media and are clueless about computers in 2026, but most people know how to copy some damn files over. They do not need to be in "computer science".
If you really want an installer, just pack the files into a self extracting archive. But IMO the loose files are easier to work with than an installer.
Or are you misunderstanding the fact that you can just copy/back up the Steam game and play it anywhere. That's why I say many people have that misconception about Steam games
The real difference is that for Steam the bulk of the catalog is made up of DRM games and that sends a message. As far as I know Steam isn't actively doing anything to promote "DRM free" in general, they just don't say no to the opportunity to sell those games too.
GOG on the other hand takes an active stance on promoting and supporting DRM-free games. Once storefronts like GOG disappear I don't think Steam will pick up the torch and fight the DRM-free fight. Once Gabe is no longer in charge it might just get overall worse for everyone, although fingers crossed Steam can at least continue as it is.
> the bulk of the catalog is made up of DRM games
Is it? Is there even a list of them? I know some are, some aren’t. Sometimes it’s even mixed (e.g. Pathfinder Kingmaker is DRM free, the DLCs use Steamworks DRM). As you say, they aren’t promoting it, but I’m not sure they expose that information at all.
While Valve isn't the worst company when you buy on GoG you support a company dedicated to keeping things DRM free and preserving older games. Plus fight the Steam monopoly.
If GoG starts supporting linux I'll be happy to support them.
They do, there will be a Linux penguin on the supported OSes list if the game has native support for Linux. If the game doesn't have native support, and you buy the game on a Linux machine, it will warn you about possible incompatibility.
In any case the reality is that every game I've bought on GOG has worked pretty much perfectly on Wine, I use winetricks. The main problem with Windows games these days is the DRM which on Wine will crash. Good thing GOG games don't come with any.
It's a website; it works just fine on Linux.
If you want a fancy launcher, there's always Heroic.
Note that they recently were hiring someone to work on the Galaxy launcher for Linux
GOG and CDPR are not the good guys. They released a complete disaster of an unfinished game with CP2077, and they KNEW it was broken and still shipped this gigantic pile of trash. Their promo also included a bunch of made up hype trash that was completely just artificially created in video, and they made it seem like it was gameplay. So they LIED to hype their unfinished trash game. Much of that never made it to the game.
Also even the fixed game now is just a silly boring sandbox game, what makes it good is the story, but It's for sure overrated. I enjoyed it but still overrated.
They also censor for the CCP, the removed the game Devotion because it had a JOKE inside that was not even visible to the normal player you needed to get out of your way to see some devroom or something with it. The BLACKLISTED a game simply because they make a JOKE of the Chinese president.
All big companies are EVIL by definition. Do not act like they are the good guys because they grift of selling games without DRM, they sell them at higher prices to make big money. They grew into this immoral dirt megacorp.
>Also even the fixed game now is just a silly boring sandbox game, what makes it good is the story
Insane statement
I would hope publishers would take note and remove it, having hundreds of megabytes of junk in the executable is just wasteful to put it mildly
Denuvo is there to prevent piracy within the first 90 days of release. Something like 60 to 80% of a game’s revenue is during that period. They don’t care that it’s eventually cracked, and they absolutely do not care about performance.
> Denuvo is there to prevent piracy within the first 90 days of release [...] They don’t care that it’s eventually cracked
Ah, so Denuvo is always removed after ~90 days after release, as there is no point for them to keep it there?
Not strictly after 90 days, but Denuvo is usually removed after the peak sales period for a game. It's really at a publisher's discretion when to remove it, as the sales model for Denuvo is that you have to continue paying for it on a subscription basis to keep it active.
This is untrue. Yes Denovo got removed from some games relatively early, but mostly it was long after this "peak sales window" I would have to make a list of how long it took for games, and I am too lazy to even ask AI, but I think it took years in some cases and a lot of community outrage for the devs to remove it, and they did not just remove it after some peak sales window but when the games were actually cracked and the steam forums were flooded with pissed of people who realized pirates had a better experience then actual buyers. THEN they removed it.
So it's more like after they were cracked rather than some time window, sometimes these may have been overlap.
1 year after release is for sure not "peak sales window".
Denuvo is sold as a subscription to developers, and it is often removed 6–12 months after release.
Yet I have a bunch of games on steam wishlist which I've been waiting for years to buy.
The stopper is of course denuvo, which they keep renewing the license of, for no good reason.
Maybe because a lot of users still have those games wishlisted?
Having the game wishlisted is a signal of players waiting for a sale, or future patches/correction, or simply not bothering to cleanup wishlist, not a signal of someone is eager to pirate the game.
A number of publishers have retroactively added Denuvo to their older games, inexplicably.
Then DRM should automatically remove itself after that period. Copyright durations should also be adjusted to that same time frame.
The bigger problem with Denuvo is that it appears to significantly impact game performance as well
It can, but that seems to be more related to poor implementations by the game devs, and not inherent to it. There are plenty of examples of games with Denuvo that still run fine (give or take your opinion on whether the presence of DRM is inherently "impacted performance").
If many of your users misuse your tool, that's a design problem not user error
Yeah, goddamn hammers needs to be way softer, do you know how many thumbs worldwide have been hurt by them? Clearly the fault of the hammer.
If I have you hammer with a wax coated handle then it will regularly slip out of your hand.
One could blame the user for not "just" holding it right. Or alternatively reconsider if the handle should have a grippy coating instead.
More modern version: No you are holding your iPhone wrong, it is not a design fault that makes a ground loop in the antenna if you hold two metal surfaces with your hands.
Isn't Denuvo actually implemented in a game by the DRM developers, though? I remember reading that they have a process where the game dev sends Denuvo an unprotected executable, who adds the DRM to that executable and sends it back.
Thus, I believe the poor implementations are directly the fault of Denuvo.
The games run terribly on release because they have Denuvo, and then when the sales volume no longer justifies the licensing costs of Denuvo, the devs strip it out and sell it to the players in patch notes as "optimizing performance."
Someone else mentioned GTA getting more aggressive copy protection out of nowhere. It's not out of nowhere. With GTA6 ads out for a while, sales of GTA5 are up as people either play it for the first time or replay it. Sales going up means they can justify copy protection.
Denuvo has layers upon layers of obfuscation that inflates nearly every instruction and function call, extra code execution that does nothing to throw off someone trying to follow code execution paths, and constant moving around where the game stores stuff in memory, again, to throw someone off watching via debugger.
It's pathetic because one company has been almost entirely responsible for people needing to buy faster and faster CPUs and GPUs trying to eek out more and more performance. CPUs, GPUs, memory - all of it has gotten enormously faster, we have more cores, etc. Despite all that, every new game barely runs at 60fps.
Do you really believe that year after year game developers and game engines get worse and worse at performance? Of course not.
> With GTA6 ads out for a while, sales of GTA5 are up as people either play it for the first time or replay it. Sales going up means they can justify copy protection
How does that justify it? Adding stronger DRM when cracked copies of the same content are already out there is like trying to get insurance after your house has already burnt down.
> Do you really believe that year after year game developers and game engines get worse and worse at performance? Of course not.
If you strictly want to blame Denuvo then that assumes game developers cannot think of a way to spend their extra performance either. Which is obviously not the case.
The evidence for this supposed performance hit is basically zero.
https://www.youtube.com/watch?v=07NMuobVVwQ
This channel has many comparison videos like this one.
Loading times and 1% or 0.1% low FPS are usually hit the hardest and those stutters are the most immersion-breaking.
False. There's lots of side-by-side recordings of Denuvo and non-Denuvo versions of games on YouTube clearly showing that Denuvo does impact performance.
I would hope that users would just refuse to buy games that use Denuvo and similar malware. I do, but I know most users don't care.
Why would they care for a few hundred MBs when the games are in the 10s of GBs?
CPU cache space for code is much smaller than GPU memory for models (and the former is more important for performance since many CPU operations like pipeline parallelism are latency bound, not compute bound).
This. Why spend extra on x3d cpu when you can have a reasonable game size (not that it has large enough cache anyway)
>This. Why spend extra on x3d cpu when you can have a reasonable game size (not that it has large enough cache anyway)
Because game(SW) devs/publishers don't care about spending money to optimize for reasonable size, and the enthusiast gamers want to play the game either way and will gladly fork out the cash for the HW to play it, if anything for the bragging rights.
Remember "will it run Crysis?" vintage 2007? Yeah, enthusiasts will be enthusiasts.
I'm a fan of the free market here. Badly optimized games will hurt their sales and force the studios to change or go bust, if the market decides so.
Don't forget that the guy behing Denuvo is the same person behind SafeDisc, SecuROM and similar bullshit siblings from the past PC gaming world.
Denuvo is owned by Irdeto, a digital rights management company in a broad sense. They not only do software and hardware DRM, but also work as a watchdog for movie and music companies to claim DMCA violations for BitTorrent, among all other stuff.
[flagged]
Surely, this has nothing to do with the fact that live service and subscription games generate more revenue, whether or not piracy is involved.
For a long time now I've found it weird that people who like single player games on PC (and to a lesser extent older consoles which had piracy enabling mods) didn't acknowledge the long game consequences of their actions, or at least were willfully ignorant to them because everyone loves getting something for free. It seems to be a variation on Goodhart's law - you get what you reward - if the reward for a company (big or small) in spending lots of time and money isn't as good as other options, those other options will get more investment in the future and the ones you do like will get less.
The other option I can see for the large companies is that any project involving tens or hundreds of millions of dollars is likely to be insured, and a condition of that insurance is they take all reasonable options available to get the most success out of it that they can. If they don't they need to reduce the risk which probably means less resources allocated which again may not be interesting to the companies capable of making grand experiences versus other options.
> For a long time now I've found it weird that people who like single player games on PC (and to a lesser extent older consoles which had piracy enabling mods) didn't acknowledge the long game consequences of their actions
Isn't historically piracy positive for sales [1]?
That said, I'm pretty sure the real issue is that single / local coop games are just not appealing and so they get weaker sales. Like wtf was with Pikmen 2 not letting player 2 control louie? And then when local games start to sell poorly they get divestment but I'm pretty sure it was just lousey games and not piracy.
[1]: https://www.engadget.com/2017-09-22-eu-suppressed-study-pira...
> Isn't historically piracy positive for sales [1]?
That would mean that game developers pay license fees for anti-piracy solutions because they are completely economically illiterate. Is this really the most likely scenario or is it perhaps the one you’d like to believe the most?
> Is this really the most likely scenario or is it perhaps the one you’d like to believe the most?
You mean the companies that have an unnecessary 5 min file load wait in GTA5 are also the same companies that insert the same files into a binary multiple times to speed up load times by having sequential reads for all art assets?
The world is irrational.
I like how condescending the tone is in this post about how data can’t be right if it doesn’t really line up with somebody’s sort of general feelings about how smart game developers are, especially given that it’s usually publishers that make the call about things like Denuvo, not the developers.
>Isn't historically piracy positive for sales [1]?
if it was for the companies who use Denuvo and it added negative value then Denuvo wouldn't exist as a business and game publishers would happily post their games to pirate sites themselves.
The level of copium involved in piracy debates is always a sight to behold. I'm no saint, I've pirated stuff too but I did so because I was cheap, not because I'm doing the company a favor. That's a level of rationalization you expect from a drug addict
> if it was for the companies who use Denuvo and it added negative value then Denuvo wouldn't exist as a business and game publishers would happily post their games to pirate sites themselves.
Efficient market fallacy strikes again.
No, is is absolutely possible that use of Denuvo results in a net loss and it is still used. Executives don't always behave rational and it is not like you can AB Test that thing or even easily measure its impact.
How are the game companies supposed to determine that it adds negative value? Speak to the alternative universe where the same game wasn't bundled with it?
>How are the game companies supposed to determine that it adds negative value?
Look at their own/industry data of comparable games that have been published with or without protection. I worked in the game industry, for AAA studios it's a no brainer. Denuvo for a big title that sells millions of copies runs about high six or low seven figures in costs, so about 1-3% of the budget, whereas preventing piracy in the first 12 weeks meant something like a 10-20% increase (tens of millions) in sales.
The use of Denuvo has nothing to do with whether piracy hurts sales, only whether executives think piracy hurts sales. As we just saw, actual research on this topic has been suppressed because the results were wrongthink.
>if it was for the companies who use Denuvo and it added negative value then Denuvo wouldn't exist as a business and game publishers
If everyone colludes, then the game publishers wouldn't need to suffer for including Denuvo. And the nature of the collusion doesn't require some literal conspiracy, it just requires that the personalities at the top of the pyramids (of which there are but a few) are assholes who have an ideological bent. We are all aware of the type: they would spend themselves into the poorhouse making certain no one can "steal" from them, and what they consider theirs isn't entirely congruent with what the law says.
>The level of copium involved in piracy debates is always a sight to behold. I'm no saint, I've pirated stuff too b
I've never pirated anything. I don't hijack ships at sea. I have infringed copyright, but when copyright laws are bought and paid for my lobbyist slush funds, I don't feel any reason to give a shit about those laws. They were only ever utilitarian anyway, not some moral principle, and right now they're not even utilitarian.
It’s hard to see from a US/Euro salary perspective, where not spending $60 is a moral decision, but you can start seeing how someone in a 300/mo salary country doesn’t think “I’ll save a bit and buy it” and instead thinks “I’ll never be able to afford this and this studio made millions anyway” and just pirate it. I’m not that articulate with my words but I hope you get what I’m trying to say.
I think you're saying that piracy is often a no money issue, and you're not wrong.
Somehow I managed to build up a library of Steam games, $1-5 at a time. At that price I am willing to take my risks with possible inconveniences due to DRM and instead consider the convenience of being able to log into Steam anywhere and access my game library.
And though I am loath to admit it, I think "free to play" has shown that it can compete with piracy, though often by including dark patterns and slot machine mechanics to drive monetization.
It's also worth considering how much time you actually play the game. Mario Kart 8 delivered (for me at least) hundreds of hours of fun (often local multiplayer) gaming. If there's a game in that category, it can be worth saving up for (but the console itself can also be expensive.)
> For a long time now I've found it weird that people who like single player games on PC (and to a lesser extent older consoles which had piracy enabling mods) didn't acknowledge the long game consequences of their actions, or at least were willfully ignorant to them because everyone loves getting something for free
Why are you equating people who like single player games to pirates? Are you suggesting devs who made single player games were caving under some kind of market pressure that was ultimately unhealthy for them?
The difference in global, high-speed internet access between Quake and Fortnite is huge. I think that explains why live service games are a recent thing more than piracy. That, and Valve set the blueprint for gambling and loot boxes with TF2.
Regardless, I think the jury is out on Live Service games being "safer" to make. There's certainly a lot of people chasing what Fortnite has, but there's a lot of graves and layoffs. It seems like the single player studios are shutting down less because they were unprofitable, and more because building a sustainable business on selling good products doesn't sound good to investors trying to make an exit.
This single issue convinced me most people have zero moral convictions and will lie to themselves to preserve their self-image.
This looks weird in the context, because the grandparent comment's argument was purely interest-based? You probably mean there's a propensity for tragedy of the commons.
Regardless I'd argue gaming may be the one media category left (after the recent decade's value decline) where piracy remains to seem like more hassle than buying a copy^W license. I would also guess it is more concentrated on a few popular titles compared to music or films. Nowadays I hear more of people collecting games on Steam, to never play them, than of legitimate pirates.
He's a racist [1] with an agenda, don't try to read too much into that kind of comment.
> Brown hands typed these words.
Really? This single issue, and nothing else, convinced you that most people have zero moral convictions? Doesn't take much for you to draw a wrong, blanket conclusion now does it?
Then again I see in your comment below [1] (for the reference "Brown hands typed these words." in response to someone discussing a situation in India) what kind of "moral" convictions you have.
A lot of recessive genes will sadly do that to you buddy. You can't argue your way out of a wet paper bag but at least you can stay in there and argue about its color.
To give you an idea of the scale of the problem:
Greenheart Games famously released a "cracked" version of their own game (Game Dev Tycoon) onto torrent sites on launch day. In this version, the player's in-game studio eventually goes bankrupt because "pirates" steal their games.
The Data: Within 24 hours, 93.6% of players were playing the pirated version.
The Consequence: The developer's blog post highlighted the irony of pirates posting on forums complaining that the "in-game piracy" was unfair and "ruining" their fun. The experiment proved that even at a low price point ($8), a massive majority of the PC audience will choose "free" regardless of the developer's size or struggle.
https://web.archive.org/web/20161118042043/http://arstechnic...
https://web.archive.org/web/20131214165241/http://aussie-gam...
P.S.: It bears repeating that the game cost only 8 dollars.
The number of pirated copies doesn't translate to missed sales.
Someone playing/watching/listening to something for free doesn't mean they would still do it if they had to pay for it.
It’s certainly not a 1:1 loss, but it’s also not zero
Sure it can be zero. It can even be negative. As larger player numbers, including piracy, are a natural form of marketing. That means it's not hard to see this additional marketing could lead to larger sales figures compared to if piracy was not possible.
One reason anti piracy companies make a living is because companies that buy it see concrete increases in revenue as a result. It may not be every pirate who converts to a customer but DRM solutions are priced to be below the expected additional revenue. And it's not always cheap.
Do you have any data to support that? I'd actually be really interested to see. There are a lot of weird ass games with Denuvo (like Handball 17, Bus Simulator 18) I think at least sometimes paying a big DRM subscriptions is part of a money laundering scheme.
Don't have public data, but industry contacts confirmed to me in private on multiple occasions that DRM increased sales. One really old example was a copy protected expansion pack selling much better than the unprotected base game that is required.
There's data against it. The EU conducted a study then suppressed it until an MP eventually made a FOIA request to get the results, because the results weren't what they wanted it to say. https://www.engadget.com/2017-09-22-eu-suppressed-study-pira...
That report wasn't suppressed. It wasn't published because the methodology had a 44% margin of error, and subsequently it was totally useless.
(https://arstechnica.com/gaming/2017/09/eu-study-finds-piracy...)
It doesn't provide data suggesting that piracy doesn't hurt sales. It literally doesn't provide any data at all.
Only anecdata which I'm not allowed to publicize. All I'll say is that places that use this stuff are often operating at low margins and if they didn't see benefits they wouldn't pay for it.
> The experiment proved that even at a low price point ($8), a massive majority of the PC audience will choose "free" regardless of the developer's size or struggle.
Several points:
* A pirate can pirate infinity +1 games for free, that will skew any statistic compared to legitimiate buyers that have to manage a finite budget. It also means that you aren't looking at 93% lost sales.
* It wasn't a new indy game, but a port of an existing mobile game, so I wouldn't be surprised if legitimate buyers weren't in a rush to get their hands on it on day one. The steam statistics from the first month mention a peak concurrent player count of over 7000 so it certainly didn't stay at 200 copies.
I basically just Hoover up every new game on the pirate sites once a week. I spend thousands a year on video games. I own a 5090. I’m kind of obsessed.
Unhinged take I checked that was 2013 and the game cost almost as much as you you would pay in a month's rent in India in small towns.
Most pirates aren't people who could pay for this stuff. This is utterly meaningless.
So much in fact I don't even want to link counter examples to it.
No/very few paying user pirates even single player games these days if they can afford it as a luxury please understand that.
I would likemy regular updates bug fixes patches and new feaures ASAP. And on sale at 8$ for a game is less than 0.01% of my income so sure.
But if it costs 800 USD I will get it for free because I am literally too poor for it.
Anyone who thinks otherwise is beyond deluded.
Instead of denuvo you can use simple steam drm, non trivial to pirate for small games cracks will take days or weeks to appear and updates won't be available instantly.
It's safe simple and easy. And doesn't hurt any one.
Denuvo is just invasive bullcrap that deluded people think helps anyone.
"simple steam drm, non trivial to pirate"
Steam DRM is trivial to the point where you may as well not use it and just release on GOG. Until the one actual cracker in combination with the hypervisor guys showed up a few months ago Denuvo had been unassailable for years.
Alright I will like to ask you for the exact steps for every language other than steam DLL swtichroo which can easily proofed against.
It's not as trivial to crack for a relatively non invasive and easy to enable feature.
Denuvo is hardly uncrackable there's a big reason Rockstar went to their own anti piracy tools.
Seeing unhinged takes about Denuvo shilling on HN is nutz. Honestly well what I would expect from folks here.
Thats playing with statistics and you know it. Why such game?
If they would release only the paid game, there wouldn't be 93% + 7% of the gamers playing, far from it.
Cost is almost irrelevant to pirates, either its free or its not, like it or not. There is mix of folks who do it for the lulz, some do it to have higher performance gaming without denuvo taking resources and computing power, and some are outright poor. Even 8-usd-is-too-much poor.
I've lived like that. Don't judge too easily. Don't do stupid mistakes and count those as otherwise-paying-gamers. Thats PR for denuvo and similar, not a fair discussion.
Ah, yes, a problem so huge it killed the industry… wait.
This is the same thing with music / cinema piracy : it’s a mix of "pirates will always pirate" (whatever the reason, be it financial issues or not), and anti-piracy solutions always hitting legitimate customers first.
People want convenience first and foremost. Piracy being a « massive issue is a lie defended by lobbies.
Case in point, I have a legit copy of a EA game I cannot play legitimately anymore, because SafeDisc relies on a vulnerable Windows driver (basically a free rootkit) that was blacklisted by MS. See also the other comment mentioning SecuROM that basically killed SPORE on launch.
SecuROM back in the day caused plenty of legitimately purchased copies to not work. You'd have a physical disc with the game on it from the store, and SecuROM decided it won't work on your computer for unknown, undebugable reasons. .
Piracy may be a problem, but that's a problem to customer who were willing to give a company money. We stopped buying anything with SecuROM on it after 1-2 of those situations.
It's fairly well demonstrated that piracy is a service problem. For example, many people will pay hundreds of dollars for a game on Steam rather than play it for free on Epic (Rocket League). So clearly the free price point is not the problem
To some extent. But in the first month where the game is $100 and the pirate version is free, there are plenty of people willing to pirate even if it’s inconvenient.
IMO drm is understandable at the games release, but it should be removed after the initial period.
Do we have a reasonable metric of pirate -> customer conversion rate of Denuvo?
I don't think piracy has much to do with it. AAA (of even AA) single player games sell really well. Just not well enough to be the equivalent of a money-printing machine like Fortnite. Spiderman 2 sold something like 17 million copies between PC and PS5. Still nothing compared to the $30+ billion in revenue that Fortnite has generated so far. So everyone is chasing that Fortnite $$$.
Do the cracks still need you to disable Hyper-V (which leads to disabling WSL and whatever else)?
In addition, I’m not sure why they’re enabling test signing instead of using kdmapper or the like. Sure, anticheats will get way more mad at you having a manual mapped driver, but one imagines rebooting once (after playing your cracked video game) beats rebooting twice (to enable test signing, then after playing the game).
The funny thing is I remember reading about using hypervisor crap to bypass Denuvo in ~2020 (actually the post is from 2019, https://www.unknowncheats.me/forum/2410412-post14.html)
“A friend of mine” told me that disabling hyper V and all that stuff is needed to play Crimson Desert cracked version.
Support GOG, support no DRM.
What games that are on GOG without DRM have DRM on, say, Steam? (Many Steam games have no DRM.)
These games all released with Denuvo on Steam and DRM-free on GOG. (Some of them have subsequently removed Denuvo on Steam.)
Mad Max Middle-earth: Shadow of War Deus Ex: Mankind Divided Yakuza: Like a Dragon
It's impossible to know which Steam games are DRM-free since Steam games without DRM are not marked in the store. They have to all be assumed to have DRM.
Steam flags kernel-level DRM in a game's store page. Denuvo is identifiable (and named!) this way.
Recent example: https://store.steampowered.com/app/3357650/PRAGMATA/
Well, all Steam games have Steam DRM? The Steam store will tell you if there is additional DRM on top of Steam, at least it has in the past.
To the parents question, it is better to use GOG if you care about DRM.
Sometimes the Steam version is qualitatively better because the publisher/dev has supported the Steam version with more updates. Often the updates do turn up on GOG, but it's possible there is a delay.
DRM is an optional Steamworks feature, the developer can opt out by simply not using it.
Very few games on Steam are without drm.
Total number of DRM-free games: 1,744 out of 41,266 games in total.
https://www.pcgamingwiki.com/wiki/List_of_DRM-free_games_on_...
Wonder what will be the consequences of this. I dislike Denuvo for the performance and stability penalties it gives games, but I do wonder if the "security" it gave publishers wasn't a big part of the reason why we've been getting more and more big name games on PC.
This isn't about being right or wrong but about what the publishers will do when they see their games are again getting cracked day one, and if it'll be a catalyst to again return to getting either less PC releases or at least delayed releases compared to consoles.
I will hope that does not happen.
Denuvo’s market is ‘first 90 days’ revenue protection, not lifelong revenue protection. Lots of games using their crap remove it after a few months to shut down the flood of support issues the DRM causes. If only Microsoft hadn’t fucked up so badly with Windows 11 requiring an account, they’d have a way to stop using it altogether.
>Lots of games using their crap remove it after a few months to shut down the flood of support issues the DRM causes.
No, the overwhelming majority of denuvo games released after ~2020 (when they changed there licensing model to SaaS) have it removed after 2-4 years not because of user complaints but because of licensing costs, contracts and compliance.
If anything with many games it is very clear that the developer/publisher do not care for the user, since even when the DRM gets broken and has lost its purposes, many still refuse to remove it and give paying customers the same better non DRM experience as pirates.
>If only Microsoft hadn’t fucked up so badly with Windows 11 requiring an account
I don't understand how that is related at all.
This is not true at all as evidenced by the fact that most games do not get Denuvo removed once they are cracked. And the companies that DO remove denuvo only do so after several years because of licensing costs as denuvo transitioned to a SaaS model.
I feel like the "first 90 days" is just because games no longer include a demo, so they force players to commit to a purchase before a wide consensus forms. A lot of people pirate simply to try the game out. Most people who can afford the game would then purchase the game if it were good.
I have not read a study on this but I suspect the percentage of people who would buy a genuine copy of a game they already have pirated would be something like 3-5%
If this was the case, I'd wait the 90 days before buying a game.
As this isn't the case, I have been waiting for several years to buy many games. Denuvo still hasn't been removed, so I continue to wait.
Untrue, where are all the after-90-days-hacked AAA games? Nowhere, denuvo lives on as long as publisher is willing to pay continuous licence, which is usually years.
And users complaining because denuvo messes up their Windows, sometimes games don't run and so on? Just cost of doing business, as long as enough people buy it who cares.
I honestly doubt it will make much of a difference.
A good percentage of people who would download the cracked games would not have bought those anyway. And with Steam being so convenient it's hard to decide to go for a cracked copy of dubious origin that might install god knows what into your machine.
We're not in the early 00s anymore.
> performance and stability penalties
There are none. Or rather they fall in the margin of error.
i think your underwstimating the anticheat value that still exists. many of the online games are trash when theres not strict cheat control.
Run anti-cheat server-side. Give us private servers again. There's no reason we should have to put up with client-side rootkits written by non-kernel-devs to play a game.
Cheating is a social issue, not a technical one. Communities are the solution.
Private servers are a nice way to do this and do still exist in places. My favorite online game uses them along with server side anti-cheat and while cheating occasionally happens, it has never been an ongoing issue. I've maybe seen a cheater once or twice in all my many hours playing the game over 10 years (elite dangerous, in case you were curious).
Community servers don't want server-side anti-cheat either. Hell they invented client-side anti-cheats back in the day. Even current day community servers like Face-IT have additional anti-cheats, not less. Same with modded GTAV FiveM (even before the main game added anti-cheats)
>written by non-kernel-devs
What exactly separates a kernel dev from a non-kernel dev?
One has experience writing secure, stable code for drivers, memory management, etc that is subject to broad review by other experienced devs. The other is looking at those things adversarially and pushes out whatever they think is good enough. Crowdstrike served as a useful reminder for who should be allowed in kernel space, and video game anti-cheat has far less justification to be there.
It's not possible, technically, to run effective anti-cheat server-side. Clients need precise enemy location data for things like sound effects. The server can't tell if the client is using the data for unfair purposes or not.
Too bad. It's not possible for rootkits to be a good idea for a video game.
Once the data is sent to the client, in an untrusted setting, all bets are off. Not your hardware, no control over it.
This. There are a lot of online games I loved playing but the cheating got so bad it made it impossible to play. MW1, MW2, Battlefield, CS, etc... you could see the wallhacks and aimbots taking over every lobby. I eventually stopped playing. I tried using Consoles for online gaming after that but never really got into using joysticks.... still prefer mouse and keyboard. Now I play limited games where the cheating isn't quite that rampant.
Im not a big gamer, but playing GTA Online, and getting taken out as soon as you spawn. Or items just spawning in front of you, like ramps. REALLY ruins the experience
Or everyone in the lobby getting nuked over and over.
Or trying to do heists and having a cheater in every session.
I'd like to play the game again but it's just not fun.
There are still some servers online for games like the first CoD or United Offensive. No hackers as far I can tell anymore. They have all moved on
"Protected" is the wrong word. "Restricted" is much more honest regarding what Denovo does.
Good riddance.
> "Restricted" is much more honest regarding what Denovo does.
I'd suggest "encumbered" or even "infected".
Does anyone have a link to how the crack works? I would love to see something more technical.
I only know of the one text file MKDEV added to their Persona bypass: https://pastebin.com/hps67mkh
Couldn't have happened to a nicer piece of software, etc.
I find it ironic people mad at Denuvo and yet play games like Battlefield which enforces kernel level spyware nonetheless haha
The main difference that Denuvo does nothing to improve the experience of the end user.
I don't like Anti-Cheat solutions with elevated privileges but they have (at least for some time) reduced the number of Cheaters in games like Valorant or BF, for most users this is at least a somewhat understandable tradeoff. Denuvo on the other hand is DRM and a pure tradeoff in favor of the publisher at the cost of the consumed.
There is a user argument for anti cheat as a user = less cheater.
There is no user argument for DRM, if anything there are many against it = higher game price/less money for the actual game and devs, indirect funding of DRM software, worse performance, higher system requirements, worse preservation, worse privacy, longer loading times, online requirements, worse usability, machine activation restriction, bugs...
Kernel level anti-cheat also doesn't introduce a giant performance penalty like Denuvo-style DRM. People just want to play their games without it still stuttering on top of the line hardware.
Anticheats will still have obfuscated code for obvious reasons (they don’t want to be reversed). Not sure they don’t induce some performance drop too - though maybe smaller compared to bad Denuvo implementation.
Pretty strong to say there's no argument. I don't agree with it, but I imagine people would say reducing piracy leads to more money for the studio, which means more resources that can be put toward the game. Lots of people believe that, and we don't have a lot of data on opportunity costs for games including Denuvo.
I personally just hate it and think Piracy is overblown. The only other industry I've seen be this hostile to users is Music/Photoshop. Putting an iLok key into my computer feels bad.
>but I imagine people would say reducing piracy leads to more money for the studio
they be wrong, there have been multiple studies even by the EU on how piracy does not reduce revenue.
Besides that studios continue to pay for denuvo even after there game has been cracked. The article literally is about how all games with denuvo get bypassed on the day of the release, which means they pay for nothing except a worse experience for there paying customers. At this point it's just a compliance checklist by corporate suits and actual people working on games and paying customer pay the price.
>a worse experience for there paying customers
Actually, the legit buyers experience is better because this bypass is not a "proper" crack
1. They have to disable Windows security features before playing
2. Reboot their PC twice (before and after)
3. They're still running Denuvo code, same as legit buyer
Legit buyers experience is thus significantly better than pirates.
Interesting to finally see some action from the mouse again. Was kinda sad to see that Denuvo embodies all the worst of DRM but was so thoroughly metastasized that it was nearly inoperable and they had effectively "won".
No, it hasn't:
> in late 2025, the MKDev collective and the prolific DenuvOwO came up with a hypervisor-based bypass (HVB) that installs a kernel-level driver to intercept and respond to Denuvo's checks. While that's not an actual crack, it's good enough for piracy work, as the saying goes.
Yeah, the headline is sensational and the body of the article doesn't do enough to distinguish between the bypass and a real crack. They only resemble one another only in the most shortsighted of ways.
One big difference is that the bypass method _requires_ Microsoft Windows in order to function. You cannot use the bypass on Linux.
I don't have a Windows install anywhere, so if I want to play the game I have to either purchase it, or wait for a crack that will remove Denuvo from the executable.
I get this probably doesn't matter to most people because they're on Windows anyway and will happily disable whatever security is required to access free games, but it's disappointing to have the technical distinctions and broader implications glossed over.
This. It's bypassed, not cracked. All the games released need HVB to work. They use legit Denuvo licenses from other systems.
Do any of the legit scene groups sign their binaries? How do you know a release isn’t tainted?
Info from veeery long ago because I have been out of this stuff for over a decade:
The release will have an .sfv file with a CRC32 checksum for each rar file.
The FTP server checks them after the upload completes. Back in the day glftpd with zipscript was a very popular tool to manage an FTP site. This Readme sums it up well: https://github.com/pzs-ng/pzs-ng
The sfv can be tampered with but the propagation of releases to FTPs happens very fast, within minutes. It would take you longer to meaningfully alter it than it takes the racers to distribute the original files. And once the release is completely uploaded you can't modify the files anymore.
If the release is bad, for example if it doesn't work at all or if it contains a virus, then it simply gets nuked. This propagates within minutes.
Relying on CRC32 for integrity under hostile circumstances feels deeply flawed.
A) there is no real scene any more
B) no one is getting “proper scene releases” from “proper sources” any more.
It's not a scene release. You know a release isn't tainted when you grab it from the source...
That's the whole problem. There's no way to verify the authenticity of a release aside from "getting it from a trusted source" or whatever, whereas digital signatures would easily solve this issue.
Wow. Great. Congratulations. Achievement earned. You've persisted so long.
Now stop creating new DRMs. You can see what is the outcome. The definition of insanity is doing the same thing over and over again and expecting a different result.
The only thing that made me switch to Netflix from π-rated movies was the accessibility, availability, languages support, speed and quality. The same with games. I buy games from gog mostly because they are missing DRM (and because I'm an old dinosaur so not interested in the bleeding edge new games).
Please focus on the added value. And the wealth will come. Don't pay for denuvo - it's waste of money
good riddance. crazy to see game developers hemorrhaging money for malware
That's all you need to know about DRM - when "pirates" bypass it, paying users are taking the hit.
And I'm not speaking about cost of implementing a technology to actively make the product worse.
Fyi, most of them have not been cracked, but bypassed using a hypervisor that operates in ring-1, so it is certainly a security risk..
Personally I've been voting with my wallet and *never* supporting DRM, so there have been some games where I'm just "Well, I guess I'll never play that game." At least I have an ethical option to play certain games now, I'm just gonna use a seperate blank pc cus these bypasses are novel.
All software piracy is a security risk since they could embed malware in the game.
Running Windows is a massive risk cus its made by Microsoft and it has ring 0 access to your system. I personally trust a cracker in good standing far more that I would any corp.
Cracking refers to all methods of circumventing copy protection. Bypassing is just another way of cracking something.
Untrue, cracking software necessitates _removing_ the protection from the executable completely. Whereas with a bypass, Denuvo is still running on your computer, albeit ineffectually.
This has implications - the bypasses cannot run on Linux for example where a cracked executable could. They are not the same thing.
Ehhh, afaik thats not the case in the community. These hypervisor bypasses are considered a different category. Like look at any scene page, they will 100% say Hypervisor or HV for these.
They are referred to as Hypervisor cracks.
They are (correctly and most commonly) called hypervisor bypasses because they do not remove the DRM from the executable.
Yeah I guess I was being pedantic. It doesnt matter. The important thing is that Deunvo is getting royally fucked.
I'm very interested to see how it was cracked, and how the anticheat works.
Great news! I can finally feel comfortable buying games that have Denuvo day 1!
Tough to decide who I trust less, denuvo or a ring-0 hypervisor I downloaded off BitTorrent.
Are Denuvo using games marked on Steam these days?
I've been getting mostly indies so I feel safe, but maybe I should check...
There's a yellow? box just above payment options that informs you of DRM.
Oh right, it's still there. Nothing on my wish list has it :) I had to go to the store page for NBAsomething to see it.
This will be used as reason to introduce remote attestation to games.
That already is how it works. Denuvo can not authenticate your game without internet access.
well, right now Denuvo "remote attests" in a Play Integrity "MEETS_BASIC_INTEGRITY" sense that it has no hardware backing and relies on checking your runtime enviroment for signs of tampering manually and obfuscating said checks.
The endgame is certainly flexing the machinery that is being built up over the last 20 years and spawning a SEV-SNP container on your machine that cannot be debugged, inspected and modified in any way. I don't think this is possible as of writing though.
Once again I'm at odds with TH reporting. Of course you can spoof a server. That happens all the time, especially with videogames. You may not immediately be able to figure out what the call/response is, but without knowing what the check is, it could just be a simple endpoint that returns "true" on every request. Very speculative to say that whatever they do will be impossible to mimic.
> You may not immediately be able to figure out what the call/response is, but without knowing what the check is, it could just be a simple endpoint that returns "true" on every request. Very speculative to say that whatever they do will be impossible to mimic.
It’s trivially easy to use a signed response that is encoding some part of the metadata of your system in the signature to make it impossible to emulate the server. Don’t think the Denuvo devs would be stupid enough to provide a “return true” request for a server call.
Can the underlying function that checks if the server call is correct be bypassed? Sure, but that’s much harder.
Cryptography goes BRRRRR, with a proper implementation of cryptography you'd need to do things like patch out the keys in memory in order to "spoof" messages.
A great use of LLM