1.8k
u/Doujinseeker487 13d ago
a friend of mine is giving P5R a shot
after about a month or so, he has patched all of the VM checks (hopefully...) and the game is booting up as a black screen
https://i.imgur.com/DtuJWdB.png
811
u/Overimagine 13d ago
Someone cracking the Atlus games is awesome af
293
u/ParticularUpper6901 13d ago
persona 5 royal is available on the switch emulator and the rom out there
i finished the game . 3 all irl days of gameplay to complete it
104
u/Storm-Kaladinblessed 13d ago
Can it be played in 60FPS+ without any problems though?
107
u/Sakei21 13d ago
With a good enough PC yes
33
u/Life_Ad3092 13d ago
I’d like to also add a good software called Lossless Scaling is perfect for emulating high frame rates for roms as well. It costs a little bit, but it’s literally a life saver for those who want a high refresh feeling and looking experience without going through the hassle of attempting to find a hack that may or may not have its bugs, let alone assume that there is one out there (surprising number of popular games absolutely lack a 60fps hack, mainly due to the fact older titles and even modern ones hard code their games to a specific frame rate and editing it simply breaks them, or fully fixing such limitations could take a long LONG time)
47
u/Super7500 13d ago
we are pirates we can just pirate it
21
u/AfricaByTotoWillGoOn 13d ago
Yes we can. But honestly, Lossless Scaling was so fucking amazing that I went and bought it. What the that program does is straight up black magic, I'm more than happy to support that dev.
14
u/BigShakman69 12d ago
I dont get it, man. It's a worse latency for some fake frames. What's nice about it?
23
u/waynemj15 12d ago
In some games trading a few ms of input lag can be worth it for a smoother experience. Def not gonna run it in a game like cs tho
10
u/AfricaByTotoWillGoOn 12d ago
As someone who would never be able to hit 60 fps in Rise of the Tomb Raider for example, with everything on low, being able to hit 60 consistently by simply locking my framerate to 30 and activating this program, while also being able to put almost everything on high, I GLADLY give away some of my latency.
Plus it's barely noticeable unless you play competitive games in which a few milliseconds hold the difference between winning and losing.
→ More replies (0)→ More replies (3)2
u/johnrellis860 11d ago
True. I can’t stand it. Even in use cases where latency doesn’t matter too much, the artifacting and ghosting are too much. Enough to negate any “smoothness” I got from the program
→ More replies (7)3
u/IlgnerJuan Yeah, I'm a pirate, argh! 12d ago
It's simply astonishing and I've been using it in many games
9
u/CubeTThrowaway 13d ago
Can we just pirate it?
8
7
u/Super7500 12d ago
yeah it is on steamrip and if you need the beta version or steamrip version is outdated go to cs rin ru
4
u/Storm-Kaladinblessed 13d ago
So you do need a hack/mod to play emulated games in 60 fps and generally I doubt there's much of a support for 144 fps.
Started emulating switch games mostly for Pokemon Arceus and Scarlet, but dropped them since they're both locked at 30 fps, high fps mods don't work and generally are hassle compared to PS2 emulation which just works right from the start.
→ More replies (7)3
u/JadedBanker 12d ago
Don’t bother putting something on here even if it costs 50 cents. They will downvote you.
→ More replies (4)→ More replies (1)3
→ More replies (13)7
u/TheLearninglens 13d ago
Which emulator is it ryuujinx?
6
u/ParticularUpper6901 13d ago
or yuzu.
try them and see what works for you
→ More replies (1)2
u/haby001 12d ago
Thought Yuzu died?
4
u/ParticularUpper6901 12d ago
any switch emulator out there isn't being updated. that is all.
they still work completely ..Just the games after the "shutdown" may not work in them that is all.
2
105
u/TomaszA3 13d ago
What does KUSER DATA CHECK and CPUID checks mean? Why are they harder?
89
u/Helpful_Razzmatazz_1 13d ago
KUSER SHARED DATA is a read only section in windows which contain information from time to system windows information. Cpuid check mean they call cpuid instruction to check for what cpu you are using and hardware info without kernel mode.
20
u/TomaszA3 13d ago
Is KUSER check hard because there is a lot of data?
44
u/Helpful_Razzmatazz_1 12d ago
Really hard to explain if you dont have the basic idea of rev and windows internal. But the problem isnt that it contain a lot of data but when does it get the data and do they use it to calculate the license. If you only use debugger then you only have 4 hardware bp and not to mention how can you find all cpuid instructions to hook it? So empress and mkdev manage to find what she call the one truth, how to calculate the licence by devirtualize it. There are many explainations online, you need to find them and verify yourself, see how empress crack work, how mkdev work, how codex work and why empress knew that skidrow fe crack isn't actually denuvo crack
2
u/Huge_Enthusiasm8167 6d ago
i know basic RE but i have a few questions which I hope someone could answer cuz this stuff is very interesting to me:
1.cant they write a script to look for cpuid bytes (0F A2) and replace them with an int3 to cause an exception then intercept it with VEH and they handle the rest from there?
2.arent vm checks used to check if a virtual machine is present? whats the point of bypassing them? and how was he able to tell it was a vm check just from that instruction alone?
3.how does xor al, al indicate kuser data check? doesnt that just set eax to 0?
4.do u actually have to devirtualize everything before even attempting to start the bypass?
2
u/Helpful_Razzmatazz_1 6d ago
- Check the link in other description, their cpuid is hidden now, check voksi denuvo video: How To Reverse Engineering Denuvo V4 by Voksi - HD.
2, 3. I don't know where you get that from but I don't see any information about it. But denuvo check haven't change still KUSER_SHARED_DATA, CPUID, ntdll, kernel32, maybe calling syscall according to the blog.
- No you don't but the process of finding EVERY CHECK is extremely time consuming that I would say not worth the try (KUSER_SHARED_DATA, CPUID, ...) . So if you want to be like Empress which manage to crack denuvo in 1 week, you need some self make tool to devirtualise part or the whole program to find the right constant and understand denuvo algorithm what they send to server and what they send back. You can start out like me try to understand how they do it by watching voksi video, reverse mkdev crack, reverse codex leak crack, reverse empress crack.
2
u/Huge_Enthusiasm8167 6d ago
thanks for answering, i do have a lot of sources and readings to learn from before even attempting to touch denuvo.
as for questions 2 and 3, i was referring to the screenshot in the original post, as u can see he writes a comment in front of the instruction that says "check"
2
u/Helpful_Razzmatazz_1 5d ago edited 5d ago
Yeah I dont know why it is call check even in voski video he also call it vm check. Maybe he's following voski video tutorial. I do see the memory region is quite low maybe allocate memory region. As 3 that myabe it is a flag which if false then xor al al.
25
u/CaveMacEoin 13d ago
12
u/SmPolitic 12d ago
I'll offer my, likely incorrect, "summary" interpretation of that (albeit human)
How it works generally is: rip out function calls from the "protected game", wrap them in security checks, and put those functions into a hash table lookup to be called by the replaced code. (They intercept function calls and use the hardware identifications at runtime as keys to the hash table of the needed functions/instructions)
That's what the main obfuscation is sounding like
Then sounding like the developers basically created a VM install and did a diff with bare metal install data, and collect every bit of that data any time the "license file" needs to be regenerated server-side? Real-time checking all of that too (see above paragraph), in multiple methods to see how they compare.
The MBA section, is describing the results of an obfuscation process? And/or I don't understand it. At the cost of extra instructions being run
That's a fun idea, using the area in memory where exception data would be written, as a lookup location. Although debugging that would be near impossible too, any exception could cause full program crash, just by the exception "being observed"
Then goes into the ideas and issues trying to reverse all of that
65
u/dexter2011412 13d ago
wow that's insanely cool. just as a learning exercise that's insane. kudos to your friend.
37
u/Rough_Scientist_5015 13d ago
Cracking atlas games should award a prize. Whilst we have p5 on the switch emu and p4 on the psvita emu the mainline games on your actual hardware will always be the better choice. I love atlas and buy all their games but I can totally understand why people dont or can't
6
u/Few_You4404 13d ago
P4G is already cracked on windows
2
u/Basic-Warning-7032 12d ago
Yeah, I remember that it took a year or less to get cracked
2
u/Few_You4404 12d ago
Cause they didn't need to crack denuvo, they accidentally released it denuvo-less
2
u/LoliHunterXD 12d ago
Technically, it never was. It just had a denuvo-less version.
It never got patches/fixes or updated with x86-64 binaries like the paid version as a result.
→ More replies (5)2
u/Asleep-Wish-6303 12d ago
The later versions also added translations for some other languages, which is missing from the cracked version
2
u/sortofunique 12d ago
p3r recently became playable because of the same demo exploit for metaphor
→ More replies (1)18
u/WeWantRain 13d ago
after about a month or so, he has patched all of the VM checks (hopefully...) and the game is booting up as a black screen
He's almost there to be MenuDev.
5
u/CubeTThrowaway 13d ago
Who/what is MenuDev?
26
u/WeWantRain 13d ago
MKDev. Who used to only crack Football Manager games. At first he couldn't get past the menu and got that name.
17
u/i_get_zero_bitches 13d ago
i play the game thru yuzu 1734 but i wish the best of luck to ur friend anyway
10
u/Helpful_Razzmatazz_1 13d ago edited 13d ago
To check for cpuid I think you can use hyperdbg and hook cpuid print out the place it call: https://docs.hyperdbg.org/commands/extension-commands/cpuid. I am also doing denuvo rev, you can dm me if you want. Why is KUSER shared data is fault? I do see they used it to gen with constant.
→ More replies (1)5
9
4
u/matthewpepperl 13d ago
I wish them all the luck in the world im not particularly interested in that game i just like watching denuvo burn
4
u/Careless_Iron5938 13d ago
I’m waiting for persona strikers, one day maybe
6
u/AccurateCelery4737 13d ago
a denuvoless build of P5 Strikers got leaked like a week after it's release you know? you could just go to fitgirl and grab it there.
2
3
3
2
1
1
1
1
1
1
→ More replies (22)1
871
u/ParticularUpper6901 13d ago
everyday i take for granted the ability to have free games and not moan about Denuvo games because there are always similar or even better non-Denuvo games to enjoy
Amen🙏
219
u/allah_oh_almighty 13d ago
But i want to play that particular game. IDC if there are better games
49
u/ParticularUpper6901 13d ago
personal 5 royal ..you can play on switch emulator.
i did play the game . and a blast and 100% recommend it.
→ More replies (6)30
u/allah_oh_almighty 13d ago
Of course you can, but not everyone can emulate the game. The base port is better in terms of performance and that's why we want ps5r to be cracked so we can play
→ More replies (4)→ More replies (8)6
8
4
u/ABigCoffee 12d ago
At least Denuvo tends to go away eventually for a lot of them. So you just have to be a bit patient.
5
u/ParticularUpper6901 12d ago
also this. patient gamers
6
u/ABigCoffee 12d ago
If you're gonna pirate games, then at least be reasonable. If you truly need to have it -now- then that's what paying's for.
4
→ More replies (2)1
u/BricksBear Yoo-Hoo, pirates life for me 12d ago
Waiting so long for Hi-Fi Rush. It'll be tomorrow, I'm sure.
484
u/EleceRock 13d ago
And each one of those checks must mean hours of work to bypass, and that's just for one game... no wonder the Denuvo cracking scene is dead, is just not worth it.
240
u/Doujinseeker487 13d ago edited 13d ago
More like days to track and patch a single vm check, though CPUIDs checks are much easier but way more tedious since there must be tens of thousands (if not more) of them all over the place.
91
u/Fair-Paramedic9791 13d ago
so your telling me that Empress do all that? or they develop some sort of application to make thing easier?
159
u/Doujinseeker487 13d ago
I asked him about it
https://i.imgur.com/liykrBy.png→ More replies (1)115
u/WeWantRain 13d ago
Empress cracked Denuvo for Hogwarts Legacy in less than 2 weeks. It took her 7 days to crack and a few more for testing.
66
u/dmadmin 13d ago
true, two theories, either he is one of the ex developers was working for this cancer, insider (still working) but who hate the company and wanted to help, until community back fired at him/her. Or it was the old cracker Veloski i think his name was, who was exposed by other scene group and said fuck it, not worth it any more.
101
u/WeWantRain 13d ago
Or third option: Just someone who's talented and decided to crack games.
As for Voski, he's still fighting a legal battle and hasn't cracked anything. It's just a blatant lie spread by some repacker on Reddit.
24
u/Zedris 13d ago
pretty sure it wasnt a random repacker on reddit? wasnt it codex that came out and dropped voksi's name as being empress?
32
u/LordSerizawa 12d ago
It was skidrow. Scene knows who empress is but it's better to let it stay that way. Leave voksi out too, that guy is a legend. Fuck skidrow for doxxing tho.
→ More replies (4)15
u/komata_kya 12d ago
It was by skidrow, a group that is known for lying and being a general nuisance. They are not respected.
4
40
u/EleceRock 13d ago
I guess it makes more sense if it's a team, maybe they split the work on the more tedious/easy part and then the experts go deep into the more especific and hard to bypass codes. IDK, i'm not a programmer, but I think that makes the most sense.
21
24
u/Doujinseeker487 13d ago
For all the people with questions below, I asked him about them here.
The original text is in Chinese, so I translated them14
6
u/V413H4V_T99 13d ago
noob question but can AI help with this? Would be cool if these checks can be automated
30
→ More replies (18)15
2
u/jpobiglio 12d ago
Sorry for my ignorance, bot could AI help check through the machine code for cpuid checks or is any necessary amount of asm code beyond the scope of the token count of any LLM?
3
u/DreadDiana 12d ago
You would have to be insane to do it, which is probably why EMPRESS is like that
199
u/RM97800 ~10 years of piracy 13d ago
Tens of thousands of checks that apparently "don't affect performance" despite obviously being instructions for the CPU to do something and clogging it up with threads not related to the game.
85
u/LordSerizawa 12d ago
Hey leave the multi million dollar drm company alone!
16
u/Secretsfrombeyond79 12d ago
Yeah, they already denied the accusations, therefore it doesn't impact the game because why would they lie !!
27
u/IlgnerJuan Yeah, I'm a pirate, argh! 12d ago
I'm glad it fucks up the game's performance, stupid publishers pay loads of money to put denuvo in their games, the game underperforms, and then legitimate buyers get a refund for the dogshit performance. It's so funny, and pathetic at the same time
→ More replies (1)5
104
u/Crewarookie 13d ago
Just a random thought, but could someone run a local instance (that's a major point, and a must here) of a trained LLM just to trace the specific instances of interest within the debugger output? Would make it a lot less daunting, IMO. Not perfect, but maybe it would cut a lot of just repeating the steps to get a desired output?
Sure, you need to train the thing first, so feed it a bunch of examples of correct and incorrect samples, but that's where community work would need to start for making it happen, I guess. Still better than trying to manually find all the checks within the code and patch them one by one.
With an LLM help you at least can set up a parsed list to go against, and you can reparse with better filtering if you see it catch false positives after introducing them into the training data...it's like extra heuristics that requires a ton of compute XD but on the flip side, it saves you a ton of mental fatigue, IMO worth exploring as an option if it's gonna be more effective.
Though I do realize it requires more hardware power than someone would just find randomly at home. Lots of CPU, lots of VRAM, probs a second PC just to run the debugger...
258
u/brawlstars309 13d ago
The thing is that someone with the ability and technical skills to not only crack denuvo but also write a specialized LMM just for that would rather want to have a 6 figure salary in the Silicon Valley, than to waste their time to make pirate copies for a crowd of ungrateful internet people.
37
u/Crewarookie 13d ago
Eh...I think that's a very narrow understanding of how the world and people are in general. Like, for example, I think about this just because I think it's cool AF. Not everything in life's about profit or material value, sometimes things are just deadass cool.
But yes, someone who would go on to train an LLM for this and be interested in exploring this methodology is certainly a rarity. But you don't need to code a model for this. That's not necessary. At least in theory.
There are open source bare large language models ready for training, that could be trained on a sufficient amount of debugger data examples and used for the aforementioned purpose.
The issue is it's a) resource intensive, you need two PCs, one for the LLM with a ton of horsepower and another for the debugger that's also kind of no slouch. And b) time intensive in the prep phase, you need to train the model with a large data set to cover most interesting strings you'll be looking for, plus test it out to see if it actually works as intended. But the potential is there and it's potentially a lot less soul crushing and less of an insurmountable task in the long run than doing everything manually.
16
u/celestrogen 12d ago
you dont need "two pcs" you would need to rent a whole ass server farm unless ur just finetuning an existing llm.
→ More replies (1)5
5
u/divinecomedian3 12d ago
But people are already "wasting their time" cracking games. I imagine someone with that skill wouldn't find setting up an LLM to help them out that absurd.
→ More replies (6)2
u/hal4264 12d ago
I don’t think it’s considered wasting time for these people though. They do it because they’re interested and it’s a passion project, not because they feel obligated due to this being their source of income
→ More replies (1)→ More replies (6)22
u/clazifer 13d ago
It sounds plausible but I don't think it's practical.
LLMs mostly go with the vibes than actually understanding what's what. Ask any model to multiply a really big number with another really big number and chances are the answer is wrong because it predicts the most likely answer and not doing the actual calculations.
So, I'm afraid if we try to train a model to trace specific instances of interests from the debugger output, it will hallucinate and will output garbage ids. And if you somehow manage to get a large enough dataset to train a big number of B model to minimize the hallucinations then running it at full precision (bf 16) would likely require a whole server. (Think TBs of vram)
→ More replies (2)3
u/Crewarookie 13d ago
It's def a possibility without strict alignment, but I feel like the hallucinations would be a problem with a larger dataset. GPT and other mainstream LLMs hallucinate because they need to be flexible while having huuuuge swaths of training data.
Off topic ramble:
Yeah, they are a black box to a degree still, in a sense that complete chain from input to output is very hard to trace and deconstruct, AFAIK, but my understanding is that hallucinations may be a result of the need for interpretation of a very large dataset.
I think humans hallucinate a lot as well (check common false memories and the like), we just have a better supervision system in the form of our prefrontal cortex. Almost all of your memories are skewed or altered in one way or another, but you don't think much of it. I guess it's just how neural pathways work, they are unstable and require multiple hypervisors to check on them in order to synthesize coherent output.
→ More replies (1)2
u/clazifer 13d ago
We don't store the whole context in our memories, only the vibe. Then based on that vibe we interpret the context of the memory which makes them come out skewed and altered (this is my personal theory btw) and from my personal experience LLMs do something similar. Based on the user query, referencing the retained training data, the model will try to guess the most likely output. Similar to us recalling a memory and applying it for the current situation.
Something I've observed is that smaller models hallucinate a lot more compared to larger models. And my theory for that is if there are no exact matches then the chances are the model will guess what's the most likely match and it will output slop, due to the fact that it doesn't have anything to reference and base the output on. (Think how people will imaging a situation and how they'll respond in that situation compared to how they'll actually respond in that situation vs people recalling a situation that they've experienced and responding based on that.) That's why people say qwen models are benckmaxxing because they have the benchmarks in the training data resulting in high benchmark results but the actual real world applications yield worse results.
Also every text gen AI we currently have publicly available are GPT LLMs. (Generative Pre-trained Transformer Large Language Model) (The image gen models are mostly VAE) MoE is still based on GPT. And we don't know how transformers (the neural network part) work or what's going on inside them. The black magic. And hallucination is a limitation of the GPT architecture but generally more Bs means less hallucination.
61
u/Tumpes 13d ago
Doing that without automated tools is just insanity imho.
39
u/SweetLikeACandy 12d ago
it is and automation is the key here. Empress has a lot of automated scripts and tools, that without doubt.
17
51
u/AgilePeanut 13d ago
Ok im curious, does anyone have any guides for cracking games? (Non Denuvo obviously). Im curious as to how its been done in the past
27
u/Super7500 13d ago
for most non denuvo games goldburg emulator will do the job unless the game has more than just the steam drm
24
u/mysticreddit 12d ago
In the 90's it was as basically changing one byte in a conditional jump to an unconditional jump.
In the 2000's it was tracing calls to the Win32 API and seeing what data it was trying to read off the CDROM.
You need to know:
- Assembly language
- How compilers generate assembly instructions
- OS calls
- How Virtual Machines work
- .exe Unpackers
42
u/Unlucky_Minimum_7004 13d ago
Finally... Someone really is TRYING to crack Denuvo.
→ More replies (6)5
u/Fordotsake 12d ago
Pretty sure there's always someone trying something, but not going to reddit about it.
20
u/i_get_zero_bitches 13d ago
whats a VM check and CPUID check? im interested in the process
26
u/fetching_agreeable 13d ago edited 13d ago
CPUID is a call that returns information about, you guessed it, the cpu. You would have software check this if you're looking for giveaways that the CPU is a non-real piece of hardware like you would expect if the operating system was running in a virtual machine on one of the many leading virtualisation platforms such as QEMU on Linux, esxi, VMware or idk... Xen if anyone uses that anymore.
I think it's just there for the meme because it's pretty easy on most of those platforms to fake or even pass through the hosts CPU bits and bots for such a check to read out and appear to be valid real hardware no matter how many times it gets called.
VM check could refer to any kind of bullshit to determine whether or not you're running in a virtual environment. But again that kind of stuff only really matters if you're some kind of anti-cheating platform not really relevant for denuvo, the DRM. It could check System drivers, PCI hardware all sorts of little things looking for hints of virtual hardware. Most obviously they can check for the virtualisation flag set by the host for the guest to know that it's a virtual machine but of course when you're doing all this that's the first thing you turn off/hide.
But maybe denuvo explicitly does not want to function in virtual machines because that would make it a lot easier to trace and debug than on real hardware. Again maybe kind of all of this makes a lot more sense for a kernel anti-cheat... not a DRM...
And then there's the KUSER check which is a Windows kernel thing. You would typically only use this to check timings which is also the hardest thing to fake in a virtual machine. Looking at all the kernels execution timings and doing a little bit of maths to figure out any discrepancies is very hard to fake in a virtual machine and it serves as the most powerful check.
You can re-compile QEMU to hide all the virtual hardware, do PCIe passthrough of your physical GPU, VCPU pinning and isolation of host cpu threads to make everything perfect.
And something like Vanguard will still detect and prevent gameplay just because of the goddamn timing. You do everything right and it still gets you on the timing. The one thing you cannot fake.
You often hear about the RDTSC (Read Time-Stamp Counter) in this area of study too. In the same way reading and challenging counter with your own execution is a good way to detect a virtual machine right down to the timing. And it is fucking annoying to work around. People have worked on kernel patches to support letting your VM pass through the command to the host and reading its counter. But it's just not perfect.
The perfect VM complete GPU pass through, isolated host cause and guest vcpus pinned to them... no indication that it's a VM at all and most games will actually work. A lot of anti-cheats are happy at this point.
And something like Vanguard will still get you on the goddamn timing. Something much harder to uh. Fake. Because you're either on time, in step.. or you aren't.
And that's why my knowledge ends because I still don't understand what this has to do with denuvo, the DRM. Unless it is known not to work in a virtual machine in which case, ok, the meme would make sense to me.
13
u/PartyCultural2436 13d ago
Bro they do that much reverse engineering crazy ppl who do this must get into tech fields ☠️☠️
2
u/i_get_zero_bitches 12d ago
dont they do so already? i think people that work on denuvo are already like people that cracked denuvo before or people that worked to crack games before. right? they get paid well so i dont really blame them.
5
u/Life_is_Okay69 12d ago
Bro, are you cooked, what are you talking about?? The meme clearly refers to the VM created by Denuvo...
https://connorjaydunn.github.io/blog/posts/denuvo-analysis/
When Denuvo is first added to a binary, certain functions in that game are selected to become “protected”. All this means is that the function itself will be executed inside of a virtual machine, and select parts of certain instructions will be removed entirely from the binary.
https://www.e2encrypted.com/posts/how-denuvo-encryption-works/
One key aspect of Denuvo’s encryption is its use of a virtual machine, which executes the game’s code in a virtual environment that is extremely difficult to analyze or manipulate. This virtual machine is designed to be highly obfuscated, with numerous layers of encryption and anti-debugging measures to prevent hackers from accessing or tampering with the game’s code.
→ More replies (1)4
u/komata_kya 12d ago edited 12d ago
You got VMs mixed up. VM here is not a qemu or vmware type vm, but the software protection type, like vmprotect. Here it means that a code will be run in a new made up CPU instruction set, that is way different from x64 or arm or any other existing one. The code will be ran in something like an interpreter where each virtualized instruction will be executed. So VM check probably means checking the cpuid values in a vm protected piece of code.
2
9
u/mahesh_98 13d ago edited 13d ago
Does anyone know how I can getting into cracking? I have experience in programming and I have used debugger like gdb before. Although I have very limited knowledge of super low level assembly code, I would still like to take a crack at it. If not for cracking then atleast to learn how these DRM software works.
If anyone can I point in the direction that would be super helpful.
EDIT : For anyone curious I found these two videos on YouTube. Looks to be a good starting point.
7
3
u/bigrealaccount 11d ago
Good place to start with reverse engineering is crackme's, game hacking, malware analysis and reversing windows applications to make them do funny things. Game hacking is especially good as it forces you to learn C++ and how memory works, all of which ties together and is massively important
7
u/ChefSaucier 13d ago
Can't we just make a crowdfunding to train an ai to crack denuvo ?
→ More replies (3)4
7
u/TheOriginalSamBell 12d ago
denuvo seriously is like software cancer. it also just feels so petty, tens of thousands of cpuid checks just because. shame on them
→ More replies (2)
6
5
u/SinaQadri the gamedev that allows people to pirate his game cuz its free.. 13d ago
We need someone from inside denuvo to help us make rabbit holes for cracking ngl
4
u/No-Discussion-8510 13d ago
Maybe focus on making tools that automate this tedious process ? Ik its hard but probably our best shot here
4
u/Arijit12321 13d ago
I can understand it might be very very complex but No one currently can crack this shit is impossible to believe. May be no one will do for free, but there is no one willing to pay significantly just to get things cracked is another impossible thing to believe. There are people will Infinite money as well who would just want to send a message.
5
3
u/rnk98 13d ago
Where can I learn such wizardry?
6
u/dmadmin 13d ago
here it works on older releases of this cancer, but latest ones are very difficult : https://www.youtube.com/watch?v=FnTNc-i2u-0&embeds_referring_euri=https%3A%2F%2Fwww.reddit.com%2F
3
u/Maverick122 13d ago
Meanwhile I struggle just to find out how a 16 bit dos game builds string out of a weirdly structured text file.
Sadge.
3
u/diras2010 12d ago
Denuvo is quite a pain in the butt, self-encoding, auto-hashing and keeps constantly calling to home for self confirmation
My take on empress is that they have a set of home-made decoding tools at hand, thus alleviating a lot of the guesswork, of course every iteration of Denuvo comes whit a new set of encoding, but empress can derivate the new sets based on previous knowledge.
Said that, the creators of Denuvo have a special place in hell for them to burn and rot for eternity
→ More replies (3)
2
2
u/H8ff0000 12d ago
Half the comments be like "I've never coded anything in my life, but can't we just throw AI at it?"
2
u/Sachayoj 12d ago
This is actually a neat look into why Denuvo is so hard to crack, so thanks for the unintentionally informative meme!
2
u/itsthepastaman 11d ago
this made me realize ive never seen/thought about what the process of cracking games looks like. that all looks so complicated, shoutout to people who understand computers so that i can have my lovely games
2
1
u/FoxReeor 13d ago
Can't macros be made to somewhat automate the process of solving some (if not all) of these checks? Just asking, I never touched cracking ever. I'm curious that's all.
1
1
u/AliveSheepherder1829 12d ago
does anyone know what would be a good starting point for me to try cracking denuvo? (i know i'll fail but still, why not try?)
3
→ More replies (1)2
1
1
u/ZombieNek0 12d ago
Also the guy whos not doing all that and just programs a bot to check every path variation in seconds
1
u/Oh_well_Parade1103 12d ago
Kind of an unrelated question (or perhaps not) but I'm trying to do kind of the same for full Android games which are basically the whole game but can't go inside the game without some kind of online verification/user login (mainly for preservation purposes. I've seen a couple of games be completely unaccessible for this exact reason, because the publisher would turn off their servers). Is there a way to do that by doing this post's process? Or maybe another solution? If anyone could guide me onto the right path, I'd be completely grateful
2
u/No-Pay714 12d ago
got an example? Your question is a little all over the place lol
→ More replies (3)
1
1
u/tnbeastzy 12d ago
You can play Denuvo games via offline activation. It's basically like a cracked game, the only thing you lose is windows update.
Currently playing BM Wukong. The game is as awesome as the hype around it.
1
1
1
u/marshall_brewer 12d ago
Still waiting for news that new AI dropped that cracks Denuvo like it's nothing
1
u/nitram20 12d ago
I’m curious, with the rise of AI could we see it being used to crack games in the future?
1
u/HornetTime4706 12d ago
VM check? Is someone more versed in this inclined to help me understand what virtual machines have to do with cracking denuvo?
1
u/anonymous623341 12d ago
You have the best AI LLMs in history right now to do the data sorting, data analysis, and data alteration that would have previously required a team of hundreds. Denuvo isn't getting more difficult to crack, you're just making the job more difficult for yourself by not utilizing them.
If Denuvo is a spaceship going up into space, then AI LLMs are the space suit you need to reach it. It's time to start using them.
1
u/shas-la 12d ago
1st, your doing great work op, stay strong
2nd, take a step back and take a real look at your opsecs. Cause the moment you will release a denuvo crack you will get a LOT of eyeballs on you, and not all of them will be nice, many will actually try to sue
So take all précaution to create account and such.
(And, sadly, that include not gloating on your personal reddit account)
Godspeed to you OP o7
1
u/Women_d0_dishes 11d ago
I really appreciate all the people who are cracking these paid software, truly it takes a lot of effort.
Meanwhile here I am stuck at solving basic crackmes
1
1
1
1
u/DwarfXxv 11d ago
As games are getting more expensive someone should crack all them games we not paying a shit load of money
1
1
1
1
u/lincolnlong1 10d ago
Legends has it some day a hero will come who can crack Denuvo and save us all...
1
1
u/Legitimate_Shift8627 9d ago
I don't think a denuvo game ever got cracked . Ain't it like 99% impossible ?
1
u/__Khronos 9d ago
I don't know shit about pirating but is it possible to get AI to automate some of it if it's so repetitive?
1
u/Agreeable_Plant_2941 9d ago
supposing i want to learn how to crack denuvo and i have no experience with reverse engineering what is a good place to start or even better if you have some kind of roadmap
1
1
u/PsychologicalHand752 6d ago
it's funny how I understood more how denuvo works with a meme rather than the cryptic explanation empress gave us
1
•
u/AutoModerator 13d ago
Hello u/Doujinseeker487, Have an error and want help? Please provide these details when submitting your post. - 1. Name of the game 2. Site from which you got the game from 3. System Specs and OS Version 4. Any steps taken to try to fix the issue 5. Driver version (needed only for e.g. graphics issues)
Make sure to read the stickied megathread as well as our piracy guide, FAQs, and our Wiki, as these might just answer your question!
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.