GoKawiilA good portion of the gaming- and piracy-adjacent internet has been on fire for the past few weeks, as a bypass for the (in)famous Denuvo copy-protection method has become popular. Not only did the new method enable the release of existing titles, but zero-day repacks are now the norm.
Contemporary versions of Denuvo and its multilayered DRM approaches have stood the test of time well and were widely regarded as the benchmark in the PC game DRM space. Naturally, this spells trouble for Denuvo and its parent company, Irdeto, as its primary source of revenue is now arguably useless.
Irdeto sent a statement to popular DRM and copyright news site TorrentFreak, wherein it claims that it is already working on countermeasures, promising that "performance will not be compromised" by said improvements and that they will not go deeper into the operating system.
Article continues below
The performance remark refers to a past controversy in which Denuvo's checks caused CPU spikes that added strong stuttering and FPS drops in many titles and configurations. This fact was vehemently denied by Denuvo and subsequently mocked online, as cracked versions ran far better.
As usual for any DRM company or publisher, Irdeto also claimed that downloading games with the bypass is a security concern, but this time around, the company has a valid point. Using the hypervisor bypass, even in its latest incarnation, requires users to disable :
Virtualization-Based Security (VBS): a layer that separates the Windows operating system from the its security enforcement features that run at a higher privilege level. Credential Guard: a sub-feature of VBS that keeps login credentials in an container isolated from the rest of the operating system. Driver Signature Enforcement: verification that any drivers installed in the system must have a digital signature issued by Microsoft to an identifiable company or developer, in order to prevent installing random drivers at the system level. Core Isolation / Memory Integrity (HVCI): similar to the above, but prevents any kernel-level unsigned code entirely, as well as modifications to existing signed code so programs can't attempt to mess with existing drivers. Installing a community-made hypervisor (HV) with Windows running on top of it. This HV fakes responses to the checks that Denuvo makes, and runs with higher permissions (ring level -1) than the operating system itself and has full, nearly untraceable access to hardware and software.
As you can imagine, disabling any one of those security features is not advisable, much less deactivating all of them at once. Once all those digital checkpoints are down, anything you run on your system has free rein to take it over completely, in ways that will be difficult to notice or fix, and will naturally evade detection by nearly any antivirus package.
Adding further concern, there's no telling that even without any malicious intent, the new HV won't have a security flaw of its own that, once exploited, runs at an access level beyond even that of the operating system itself.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter Get Tom's Hardware's best news and in-depth reviews, straight to your inbox. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
... continue reading