Crackers Claim Denuvo Anti-Tamper Tech Causes Stuttering in Injustice 2

Having recently cracked Injustice 2, hacking group CODEX has offered insight on how Denuvo could be affecting the game’s performance. Some of the fighter’s technical issues (e.g., stuttering) allegedly stem from the anti-tamper tech writing to memory and executing checks whenever certain attacks are performed.

“For example when Robin does one of his special attacks, throwing a smoke bomb on the ground, Denuvo starts writing a private key to the memory. Then it fills the buffer and when everything is filled and the key is obtained by Denuvo itself, it starts executing anti-tamper checks.”

DRMs have always had poor implementation. None of this is a surprise. At all.

DRM is killing my frames, the standard warcry of 1337 h4x0r & pirates the world over.

And sometimes that warcry is true. Its only the "haxors" who are able to showcase how it is possible, given that the developers/publishers/DRM creators etc... rarely if ever come out with an "our bad, it really was our tech". Instead its blamed on everything else, on both legit and pirate copies. Of course, its always proprietary software so only those who can hack, reverse-engineer, and remove obfuscation can see things like those described here how anti-tamper tech is calling certain functions with certain frequency. Sometimes after all the deflecting, it turns out that using a crack that removes anti-tamper tech or other forms of DRM means the game runs better.

Its worth noting that Injustice 2 has been out for quite a long time and has been cracked quite some time ago as well. Given that nearly all DRM can be cracked and even proponents claim they measure its supposed success in the weeks after release... why is it still included? I'm opposed to serious DRM of all sorts in principle (ie as opposed to things often characterized incorrectly as DRM such as Steamworks and Uplay - which are just integrated game services. Its also worth noting that these features rarely if ever have a performance impact), but I could at least understand the philosophy if they removed the Denuvo/Safedisc/Starforce/Custom nonsense etc... after the first month, major patch etc... as it has already done its job or if nothing else, when it has been cracked by 3rd parties remove it from authentic copies. Those who play on Mac / Linux who use things like WINE and virtualization etc.. often require cracks to DRM to run for instance depending on its severity and/or impact on performance. Overall its a poor idea and just hasn't seemed to evolve.

This is anti-denuvo FUD again unfortunately. If we drilll past the transposed headline, it's not Denuvo by itself causing a slowdown, it's shitty crack + denuvo causing the slowdown, as the cracker admits at the bottom of the nfo file:

"and therefore patching the required place causes some slowdowns thanks to Denuvo and devs"

Click to expand...

Facts:

1. It's a developer's choice how they implement Denuvo in the game, and where to place the anti-tamper checks.

2. The developer implemented anti-tamper checks in some unusual places, like during certain fights.

3. The overhead and lag created by CODEX's shitty crack to cat-and-mouse with denuvo, constantly scanning memory and re-patching denuvo every time it self heals, creates the stuttering/slowdown they are in turn blaming Denuvo for.

It took them a year to crack this game, they probably should have just left it alone.

Legit version with denuvo is smooth as silk:

From CODEX:

Some Denuvo Techtalk :

For example when Robin does one of his special attacks, throwing a
smoke bomb on the ground, Denuvo starts writing a private key to the
memory from 000000014C113692:

000000014C113692 44 88 07 mov byte ptr ds:[rdi],r8b
000000014C113695 5F pop rdi
000000014C113696 50 push rax
000000014C113697 21 C0 and eax,eax
000000014C113699 9C pushfq
000000014C11369A 44 01 C1 add ecx,r8d
000000014C11369D 4C 89 F0 mov rax,r14
000000014C1136A0 48 89 C1 mov rcx,rax
000000014C1136A3 48 C7 C0 00 00 00 00 mov rax,0
000000014C1136AA 48 09 D0 or rax,rdx
000000014C1136AD 48 83 C1 01 add rcx,1
000000014C1136B1 49 89 CE mov r14,rcx
000000014C1136B4 C1 C1 08 rol ecx,8
000000014C1136B7 9D popfq
000000014C1136B8 58 pop rax

Then it fills the buffer at: 000000014779F593.

When everything is filled and the key is obtained by Denuvo itself,
it starts executing anti-tamper checks from 000000014774C37E:

000000014774C37E 41 89 7D 00 mov dword ptr ds:[r13],edi
000000014774C382 48 29 F3 sub rbx,rsi
000000014774C385 41 54 push r12
000000014774C387 C1 CB 0D ror ebx,D
000000014774C38A BE D4 72 4D 3E mov esi,3E4D72D4
000000014774C38F 4C 8D 25 4F B5 06 FE lea r12,qword ptr ds:[1457B78E5]
000000014774C396 4C 33 24 24 xor r12,qword ptr ss:[rsp]
000000014774C39A 48 8B 1C 24 mov rbx,qword ptr ss:[rsp]
000000014774C39E 4C 21 E3 and rbx,r12
000000014774C3A1 4C 09 24 24 or qword ptr ss:[rsp],r12
000000014774C3A5 0F BA F8 06 btc eax,6
000000014774C3A9 0F BA F6 0D btr esi,D
000000014774C3AD 48 29 1C 24 sub qword ptr ss:[rsp],rbx
000000014774C3B1 4C 89 E3 mov rbx,r12
000000014774C3B4 48 23 1C 24 and rbx,qword ptr ss:[rsp]
000000014774C3B8 4C 0B 24 24 or r12,qword ptr ss:[rsp]
000000014774C3BC 49 29 DC sub r12,rbx
000000014774C3BF C3 ret

Here it gets the addresses of the various functions inside the Denuvo code
from r13 register and forces the original bytes, a single DWORD per cycle,
essentially overwriting any potential patches that were applied to these
functions before.

The way our crack works is that it reads a huge amount of encrypted code,
(including the code that the anti-tamper tries to overwrite) and therefore
patching the required place causes some slowdowns thanks to Denuvo and
the devs.

Click to expand...

I personally detest DRM. The hackers and crackers are going to play whatever they want anyways. Why add crap to game to inconvenience legitimate buyers? DRM is a piracy check to keep legitimate people monitored because it sure doesn't seem to work against the pirates very well. If a pirate REALLY wants to crack software they will.

The best piracy check is distributing online multiplayer keys with software.

I've yet to play Crysis 1 and 2 since launch because of the DRM. EA can't help me so I just glance at them in my Origin library. The first Dragon Age games take me days of calling support to overcome the DRM. Silly crap.

So what has been more efficient.. DRM technology or the draconian sentences a person can get?

cageymaru said:

I personally detest DRM. The hackers and crackers are going to play whatever they want anyways.

Click to expand...

Just to unmuddy the terms here, Denuvo is actually anti-tamper, not DRM. It keeps the game executable from being modified so that the publisher's chosen DRM (Steam integrated launcher, UPlay, Origin, etc) is harder to bypass. The pirates have been unable to play the game in question for more than a year, and they still can't play it properly because the crack is shitty and it can't defeat Denuvo cleanly.

cageymaru said:

If a pirate REALLY wants to crack software they will. Why add crap to game to inconvenience legitimate buyers?

Click to expand...

Apparently they couldn't. See above. And legitimate buyers weren't inconvenienced in this case.

cageymaru said:

I've yet to play Crysis 1 and 2 since launch because of the DRM. EA can't help me so I just glance at them in my Origin library. The first Dragon Age games take me days of calling support to overcome the DRM. Silly crap.

Click to expand...

This has nothing to do with Denuvo, but I realize people have a tendency to conflate all anti-tamper and all DRM that's ever existed into a single 'I HATE DRM" kneejerk, when the reality is more nuanced.

DPI said:

This is anti-denuvo FUD again unfortunately. If we drilll past the transposed headline, it's not Denuvo by itself causing a slowdown, it's shitty crack + denuvo causing the slowdown, as the cracker admits at the bottom of the nfo file:

Facts:

1. It's a developer's choice how they implement Denuvo in the game, and where to place the anti-tamper checks.

2. The developer implemented anti-tamper checks in some unusual places, like during certain fights.

3. The overhead and lag created by CODEX's shitty crack to cat-and-mouse with denuvo, constantly scanning memory and re-patching denuvo every time it self heals, creates the stuttering/slowdown they are in turn blaming Denuvo for.

It took them a year to crack this game, they probably should have just left it alone.

Legit version with denuvo is smooth as silk:

Click to expand...

no, no it isn't. I got a refund through steam because Injustice 2 ran like a steaming pile of shit on every computer i own (gaming pcs for me, wife and 3 kids). Injustice 1 ran just fine, along with all 200+ other games in my library.

It also has redshell in it. Which you can't remove and play.

DPI said:

Just to unmuddy the terms here, Denuvo is actually anti-tamper, not DRM. It keeps the game executable from being modified so that the publisher's chosen DRM (Steam integrated launcher, UPlay, Origin, etc) is harder to bypass. The pirates have been unable to play the game in question for more than a year, and they still can't play it properly because the crack is shitty and it can't defeat Denuvo cleanly.



Apparently they couldn't. See above. And legitimate buyers weren't inconvenienced in this case.



This has nothing to do with Denuvo, but I realize people have a tendency to conflate all anti-tamper and all DRM that's ever existed into a single 'I HATE DRM" kneejerk, when the reality is more nuanced.

Click to expand...

It's not a kneejerk reaction. I honestly despise DRM because I actually buy my games to support game developers. And my reward for supporting them is monitoring, not being able to play unless I'm connected to the internet, being told that I installed my games too many times when reinstalling Windows because I can't get the stupid game to work because of the DRM being triggered by who knows what on my PC, etc.

What I USED to do was buy the game on Steam, then immediately get the NOCD crack so I could actually play the game. But the newer DRM structures require more time to crack so now I have stopped buying as many games. Also relying on game crackers to do something means that you are forced to run software code that has a high chance of being malicious.

What is the point in gaming if you can't play your game library when you want to? For example where I live on the East Coast of the USA; our weather patterns create yearly hurricanes. It is as guaranteed as taxes. When they hit, the internet goes out for up to weeks at a time, but our lights are usually back in a couple of days. All of a sudden many of your games that require server checks, even though they have been installed on your system for years and are SINGLE player games, will stop working. Why? Because the game developers think that all of their customers are thieves. Gamers are thieves that will steal from us so we are forced to install this DRM on our products to keep our customers that paid $60 for our software license and another $30 - $60 for a season pass from stealing our intellectual property. One of the main culprits? Nier Automata that uses that stupid Denuvo crap.

Ever tried to install a Denuvo single player title from a Steam backup without internet access? You can't as it requires a DRM check to a server to install the software even though the game is single player and can be played offline supposedly.


Oh the fact that you can't play your single player titles when there is a storm in your area is a minor inconvenience! Think of all the people that would steal our games if this DRM wasn't installed! Let's punish the paying customer to keep the people in society that aren't going to pay a red cent for our wares today, tomorrow or any other day from stealing them. Great logic!

That's how I see DRM. Annoying crap installed onto my system to keep me from playing my games in the manner in which I choose. I'm sorry but I see it as attaching a mill stone to a customer's neck and telling them to jump through hoops to use the product that they can provide a receipt to prove that they paid a license for.


I really wonder if all those slowdowns in games are caused by wonky coding from the programmers or the DRM schemes? Every time that I see customers with their proverbial pitchforks in a Steam thread complaining about the game they purchased having bad performance, and then you see the game developer remove Denuvo or whatever else they have installed for DRM checks, and the game suddenly runs smoother, I get even more jaded by PC gaming.