News Developer hacks Denuvo DRM after six months of detective work and 2,000 hooks, allows running Hogwarts Legacy on other PCs

[Admin]

A DRM developer successfully hacked Hogwarts Legacy's Denuvo DRM protection system after six months of work and was able to run the game on another machine without proper credentials. He also discovered that Denuvo does not appear to meaningfully affect performance.

Developer hacks Denuvo DRM after six months of detective work and 2,000 hooks, allows running Hogwarts Legacy on other PCs : Read more

 

[garrett040]

Denuvo and others like it are a cancer. You will never eliminate piracy, the answer is to make the product so convienent/priced accessibly that its just easier to purchahse it.

 

[hotaru251]

This suggests that Denuvo is not killing performance, contrary to popular belief.

and was proven so it isn't "popular belief".

Devs released a game (accidentally) that lacked the Denuvo implementation....then they got aware of that and re-added it.

You literally had an apples to apples comparison as the only difference was the lack of denuvo. and as expected you lost performance w/ denuvo...or fact people will buy a steam game w/ denuvo and just dl a cracked version that stops denuvos crap and get better performance. (this is actually a thing some ppl do)

I don't support piracy myself, but defending Denuvo's lie is stupid.

edit: also heres more proof

Denuvo has been removed from The Callisto Protocol - OC3D

Krafton has removed Denuvo from The Callisto Protocol, and gamers are reporting performance gains and more stable performance on PC.

overclock3d.net

 

[Notton]

From what I've seen, Denuvo only kills performance when it is implemented poorly.
Which is like 95% of the time.

It seems like Hogawarts is the rare exception

 

[DingusDog]

and was proven so it isn't "popular belief".

Devs released a game (accidentally) that lacked the Denuvo implementation....then they got aware of that and re-added it.

You literally had an apples to apples comparison as the only difference was the lack of denuvo. and as expected you lost performance w/ denuvo...or fact people will buy a steam game w/ denuvo and just dl a cracked version that stops denuvos crap and get better performance. (this is actually a thing some ppl do)

I don't support piracy myself, but defending Denuvo's lie is stupid.

edit: also heres more proof

Denuvo has been removed from The Callisto Protocol - OC3D

Krafton has removed Denuvo from The Callisto Protocol, and gamers are reporting performance gains and more stable performance on PC.

overclock3d.net

Just because something has been proven doesn't mean it can't still be popular belief. If you look on gaming forums it's still very much a belief that Denuvo causes slowdowns and instability.

 

[Hundvd7]

It has been proven to cause performance problems.
You wouldn't call gravity a popular belief. It's practically a fact.

 

[nimbulan]

From what I've seen, Denuvo only kills performance when it is implemented poorly.
Which is like 95% of the time.

It seems like Hogawarts is the rare exception

Rather ironic considering the woeful technical state of the game otherwise. CPU performance is some of the worst I've ever seen, the game stutters heavily when CPU bottlenecked (which is quite common) and these issues have gotten continually worse with every game update. Not to mention every patch breaks the raytracing in different ways...

 

[atomicWAR]

Just because something has been proven doesn't mean it can't still be popular belief. If you look on gaming forums it's still very much a belief that Denuvo causes slowdowns and instability.

By proven...I believe he meant that it does hinder performance. So popular belief and fact do actually line up....thus his follow up with Callisto Protocol link which showed performance gains with the removal of Denuvo. Maybe I read it wrong but that was the way I took it.
And I couldn't agree more with @garrett040 that Denuvo is a cancer for gaming...

 

[mac_angel]

I can't speak for Denuvo specifically, but this game was cracked over a year ago.

 

[bujinkanrn]

A DRM developer successfully hacked Hogwarts Legacy's Denuvo DRM protection system after six months of work and was able to run the game on another machine without proper credentials. He also discovered that Denuvo does not appear to meaningfully affect performance.

Developer hacks Denuvo DRM after six months of detective work and 2,000 hooks, allows running Hogwarts Legacy on other PCs : Read more

As long as Denuvo requires online checks for single player offline games and hampers performance, I will never purchase a game that has it until it is removed. Pray tell if developers show data on how much piracy Denuvo actually stops. I doubt they would release such data if they kept it. If they did, they probably couldn't blame piracy for their lack of sales.

 

[JarredWaltonGPU]

and was proven so it isn't "popular belief".

Devs released a game (accidentally) that lacked the Denuvo implementation....then they got aware of that and re-added it.

You literally had an apples to apples comparison as the only difference was the lack of denuvo. and as expected you lost performance w/ denuvo...or fact people will buy a steam game w/ denuvo and just dl a cracked version that stops denuvos crap and get better performance. (this is actually a thing some ppl do)

I don't support piracy myself, but defending Denuvo's lie is stupid.

edit: also heres more proof

Denuvo has been removed from The Callisto Protocol - OC3D

Krafton has removed Denuvo from The Callisto Protocol, and gamers are reporting performance gains and more stable performance on PC.

overclock3d.net

That's a tinted view of how Denovo may or may not have impacted performance. The reality is that you need to do a lot of systematic testing, with two versions you are absolutely sure don't differ in any way other than the inclusion or lack of Denuvo.

Based on what has been demonstrated here, if there are thousands of hooks and the calls are only periodic (once every few seconds), that could indeed drop minimum fps at times — a slight stutter for one frame is all it would take. But there are absolutely ways to code around Denuvo (or any other similar function calls) that would not cause such issues.

Basically, you periodically fire off a low priority thread to check for Denuvo licensing or whatever you want to call it. You keep running everything else and if a check comes back as a failure, then you gracefully exit the rest of the code. You don't do a real-time check and wait for the response, except that's far easier and likely exactly what some games have done.

The only people who could truly prove Denuvo hurts performance would be the game developers. Take a fully optimized Denuvo implementation, benchmark a variety of hardware, and then remove Denuvo and repeat — with no other code fixes or changes. But to my knowledge, no one has done exactly this. Anecdotes claiming variety of things exist, but "proof" is harder to come by. At best, Denuvo hurting PC performance is a theorem that lacks a concrete proof.

The real issue is that so many games, without Denuvo, already have massive difficulty getting to the level of being decently optimized. Adding Denuvo on top of the cruft that already exists certainly isn't going to help the situation and certainly can go wrong. But FUD prevents most companies from trying to take a different approach than a tried and despised DRM solution.

 

[Vanderlindemedia]

DRM is only there to satisfy the sales upon release.

 

[CelicaGT]

That's a tinted view of how Denovo may or may not have impacted performance. The reality is that you need to do a lot of systematic testing, with two versions you are absolutely sure don't differ in any way other than the inclusion or lack of Denuvo.

Based on what has been demonstrated here, if there are thousands of hooks and the calls are only periodic (once every few seconds), that could indeed drop minimum fps at times — a slight stutter for one frame is all it would take. But there are absolutely ways to code around Denuvo (or any other similar function calls) that would not cause such issues.

Basically, you periodically fire off a low priority thread to check for Denuvo licensing or whatever you want to call it. You keep running everything else and if a check comes back as a failure, then you gracefully exit the rest of the code. You don't do a real-time check and wait for the response, except that's far easier and likely exactly what some games have done.

The only people who could truly prove Denuvo hurts performance would be the game developers. Take a fully optimized Denuvo implementation, benchmark a variety of hardware, and then remove Denuvo and repeat — with no other code fixes or changes. But to my knowledge, no one has done exactly this. Anecdotes claiming variety of things exist, but "proof" is harder to come by. At best, Denuvo hurting PC performance is a theorem that lacks a concrete proof.

The real issue is that so many games, without Denuvo, already have massive difficulty getting to the level of being decently optimized. Adding Denuvo on top of the cruft that already exists certainly isn't going to help the situation and certainly can go wrong. But FUD prevents most companies from trying to take a different approach than a tried and despised DRM solution.

Performance issues or not, if a Publisher wishes to treat me like a criminal (utilizing Denuvo, or its ilk) I'll return the favour and NOT DO BUSINESS WITH THEM. I have, and will continue, to vote with my wallet when it comes to invasive DRM like this. More should do the same if we want to see actual change.

 

[razor512]

A common combo is denuvo + VMProtect, which together, increases CPU overhead. One individual (goes by a name sometimes used to describe royalty) who regularly cracks that combo has posted about it before in terms of how much of an impact is has (you can often find discussions about that stuff on reddit, though those subreddits may still be rule violations here). The impacts vary from game to game, and Hogwarts legacy was a lighter implementation, especially after the initial release which had major performance issues., but most implementations add a significant overhead to more CPU intensive games.

 

[SethNW]

Whole impact thing really depends on implementation and hardware used. Obliviously you will get more impact of you got something older and not top end, like Ryzen 1600, than Ryzen 7800X3D. Also worse implementations will hurt performance more. To properly test impact one would need to completely remove it and not go around it. As long as DRM stays in code, it is still doing something.

As for whole impact on games that had it removed, I got unpopular opinion. Problem there is that very rarely if ever you can for 1000% guarantee that removal of DRM was the only change and that rest of the code remained exactly the same. Changelings aren't some kind of legal documents where every single change need to be stated and undocumented changes are illegal. Undocumented changes happen and as long as other changes are done, you can never say that performance change is 100% Denuvo. Might easily be mostly other changes or could also be extra optimizations developers did while they were removing Denuvo. Changes that may or may not be documented. That isn't to say there is no impact, just to say that impact might not be as big as people want to believe. And it is fully understandable why they want to believe it to be as big as it can, since DRM is there purely to secure sales and delay piracy, there is zero benefit to consumer. But proving extent of impact isn't as simple as comparing two different versions of game that may have other performance impacting changes there. Similar to pirated copies also having chances to impact performance in other ways or nit really showing difference because DRM wasn't removed, just bypassed.

 

[CmdrShepard]

A DRM developer successfully hacked Hogwarts Legacy's Denuvo DRM protection system after six months of work and was able to run the game on another machine without proper credentials. He also discovered that Denuvo does not appear to meaningfully affect performance.

This statement is so chock full of inaccuracies that I wonder how Tom's editors allowed it as such.

1. They didn't successfully hack Denuvo -- they admit game is unplayable, they just managed to get to the main menu. Game still crashes.

2. They had proper credentials (game was owned on Steam).

3. Just patching out calls to DRM functions is not the way to test performance impact. Either you test non-DRM executable (which can be better optimized and run through performance instrumentation after it is recompiled with DRM not included in the source code), or you do what pirates do -- strip the DRM fully, decrypt everything and rebuild the executable (much harder to accomplish that when they wasted 6 months on doing).

That said, Denuvo is cancer and we should boycott all games with it. Any DRM only impedes legitimate users. Pirates just strip it out and enjoy the game.

 

[CmdrShepard]

Undocumented changes happen and as long as other changes are done, you can never say that performance change is 100% Denuvo. Might easily be mostly other changes or could also be extra optimizations developers did while they were removing Denuvo.

That argument is kind of irrelevant and here's why -- if developers were not busy adding Denuvo in the first place they would have had more time to work on optimizing the game properly. Also, just adding all those DRM hooks throughout the game code definitely prevents some optimizations that compiler would otherwise be able to perform.

1. It increases the code size and changes what gets cached in CPUs L1 and L1D caches.
2. It impacts threading and synchronization thus changing MT performance.

It's like saying that transporting a 100 kg cop in a money transfer van along wit bags of money doesn't impact the money transfer performance when its clear that your payload is reduced and your interactions with money bags are impeded by it.

 

[circadia]

One individual (goes by a name sometimes used to describe royalty) who regularly cracks that combo...

who's also one of the most transphobic people I've ever seen, seriously. The person certainly has talent, but I swear, looking at the person's rants makes my brain rot like a zombie's.

as for Denuvo DRM itself... eh, I can't care less about games with that. After all, there are far too many free games to play and enjoy for me to care about games that still have DRM when you've already owned them for some reason.

 

[Miraglyth]

The more legitimate complaint about Denuvo has always been that it can lock legitimate buyers out from playing their game.

The article describes a token, whose existence has long been common knowledge. What it fails to mention is this token is temporary. It is generated with an expiration date.

If you try to play a game after this time, Denuvo sees the token is expired and phones home to generate another one. Oh, you're offline? Game won't run. Oh, the Denuvo service is down, or too busy? Game won't run.

This has locked out gamers for all WB games a few years ago. It has locked out gamers who were on holidays or in hospital.

If Denuvo as a service is ever terminated, several games will die.

There's also a regular 5 activation (i.e. token generation) within 24 hours limitation. The article describes your PC hardware profile, but doesn't mention changing Steam Deck settings counts as a different profile. Wanna tinker with your Deck a few times to get the best playing experience? Whoops, now you have to wait a day to pay the game. Thanks Denuvo!

 

[JarredWaltonGPU]

The more legitimate complaint about Denuvo has always been that it can lock legitimate buyers out from playing their game.

The article describes a token, whose existence has long been common knowledge. What it fails to mention is this token is temporary. It is generated with an expiration date.

If you try to play a game after this time, Denuvo sees the token is expired and phones home to generate another one. Oh, you're offline? Game won't run. Oh, the Denuvo service is down, or too busy? Game won't run.

This has locked out gamers for all WB games a few years ago. It has locked out gamers who were on holidays or in hospital.

If Denuvo as a service is ever terminated, several games will die.

There's also a regular 5 activation (i.e. token generation) within 24 hours limitation. The article describes your PC hardware profile, but doesn't mention changing Steam Deck settings counts as a different profile. Wanna tinker with your Deck a few times to get the best playing experience? Whoops, now you have to wait a day to pay the game. Thanks Denuvo!

I have never encountered the 5 PC limit while "tinkering with a Steam Deck." I have run into it many times in benchmarking, as it counts a new CPU or GPU as a new PC, which sucks. But if your core counts and GPU remain the same — clock speed changes don't count — you don't get locked out.

This statement is so chock full of inaccuracies that I wonder how Tom's editors allowed it as such.

1. They didn't successfully hack Denuvo -- they admit game is unplayable, they just managed to get to the main menu. Game still crashes.

Which the article goes on to describe. The whole point wasn't to "crack" the game completely — that was done days after the game launched, AFAIK. The point was for the developer to more or less fully understand exactly what it is that Denuvo is doing.

He reached the stage where further work was irrelevant to his purpose. The game was partially playable — sometimes it would work, sometimes not, but he was done investigating things. And just because he was intercepting a token on a different PC doesn't mean he couldn't have cracked the game, just that he never intended to go that route.

 

[thisisaname]

Which the article goes on to describe. The whole point wasn't to "crack" the game completely — that was done days after the game launched, AFAIK

The only thing it then does is make it harder for people who buy the game to play it than someone who pirates it. In which case it is not doing it is worse than doing nothing as it just punishes legitimate buyers and does at best just a only how back pirates a few days.

 

[JTWrenn]

Denovo only effects performance when it is implemented poorly and that happens often. That seems to be the consensus of this forum.

That said, it doesn't matter if it could be done without performance hits if it often is. It goes to how hard Denovo is to implement cleanly at lest to some degree.

It's low hanging fruit to screem at companies for having it because of these issues. I can understand both sides pretty clearly. It's just hard to accept it when it goes bad and as some have said making games a bit more reasonable for what you get is the better answer. I support the hell out of games without instant DLC and microtransactions. Seems like a never ending merrygoround of too much DRM vs over pricing vs micro transactions vs piracy vs convenience.

 

[parkerthon]

Anyone else going to state the fact that this game was cracked many months ago and recently updated too in warez sites? DRM and anticheat only slow down the pirates and hackers and at the cost of introducing new many issues/inconveniences/vulnerabilities that devs sweep under the rug. They see blatant piracy. They see lost sales. They see hackers ruining online play. They act because doing nothing when faced with a glaring issue is rarely something groups of people have the discipline to do. I keep posing the question across the interwebs and have yet to see a thoughtful reply… is there a better alternative than simply doing nothing on either of these issues that practically forces aggressive developer intervention?

 

[purposelycryptic]

He discovered that the amount of Denuvo code executed in-game is quite infrequent, with calls occurring once every few seconds, or during level loads.

So, Denuvo only checks EVERY FEW SECONDS that you aren't running a pirated copy - just in case your copy happens to become unlicensed while you were scratching your butt?

Depending on what those calls actually do, that could have effectively no impact (checking fingerprint file still exists, etc) on performance, or some impact (pinging Denuvo servers to cross-check the validity of your fingerprint file, running other random background checks), to massive impact (recomputing the fingerprint file and validating it with Steam, contacting an orbital satellite to take a sub-mm level scan of your PC, face and body via mass-particle bombardment, etc).

But, no matter what, that amount of activity is way beyond overboard, and, if badly optimized for the hardware setup and game, could easily have a significant impact on performance, even if it is only a tiny operation being performed.

It's like having a prison guard standing in front of a cell, actively watching the prisoner 24/7, never taking their eyes off of them for more than a second or two. Except, in this case, the prisoner is a customer who legally bought and paid for the product - anyone running an illegal copy has both the cell and guard removed.

 

[atomicWAR]

That's a tinted view of how Denovo may or may not have impacted performance. The reality is that you need to do a lot of systematic testing, with two versions you are absolutely sure don't differ in any way other than the inclusion or lack of Denuvo.

I don't disagree. The issue I have is Irdeto swears up and down Denuvo doesn't impact gaming performance but I have yet to see solid believable and testable evidence to the contrary. It doesn't help hacked copies compared to ones with Denuvo still properly implemented do appear to run faster some, not all, of the time. If Irdeto is SO sure Denuvo doesn't impact or barely impacts the game experience/FPS... they need to prove it yet in some ways they realisticaly can't. I'd say show both a launch title with and without Denuvo running with a 3rd party inspecting the code to ensure parity but I am not sure anyone would believe it assuming the 3rd party is on the take. The other option would be to open source the game code both with and without Denuvo so it can be checked by all for parity but that wouldn't likely work as I assume Denuvo wouldn't want their raw code out there nor would the dev want the games code out there either to test for obvious reasons of IP theft and hacking. And this is the crux of the problem imo. There is no REAL way to "trust" Denuvo IMHO.

End of the day things like Denuvo feel like an assualt on gamers and their rights. You shouldn't be attacking your user base. I feel as if this only encourages piracy in one form or another (ie pirated after buying for performance/perservation and straight up pirates who never purchased a thing). I do not condone outright piracy. Work gained is work that should always be paid for but when it is to perserve your game title or allow it to run properly/faster...then I start to relunctantly embrace greyer solutions to these problems. For me Denuvo is an all around bad product, even IF it does exactly what it says with zero performance hit, which I mostly doubt it does.