Denuvo Analysis

Summary

Foreword This post is intended for educational purposes only. Denuvo is arguably the most successful digital rights management solution to have ever existed, and is therefore an interest to many. This blog contains a large amount of my personal notes and correspondence with other reverse engineers (see kudos) which contains information about the recent iterations of Denuvo, lots of which I haven’t seen shared publicly before. I mean no harm towards Irdeto and thus certain information will be redacted from this post. Denuvo Denuvo is an anti-tamper and digital rights management system (DRM). It is primarily used to protect digital media such as video games from piracy and reverse engineering efforts. Unlike traditional DRM systems, Denuvo employs a wide range of unique techniques and checks to confirm the integrity of both the game’s code and licensed user. The General Idea The core idea behind Denuvo is nothing new. It can only be described as a semi-online DRM for reasons that will become clear shortly. The general idea is as follows: (1) User boots program.exe for the first time. (2) Before any original game code is executed, Denuvo will collect hardware identification information regarding the current system, and prepare it for sending over the internet. (3) program.exe then sends this hardware information to a Denuvo hosted server. What occurs at the server is obviously a mystery, but it likely applies reversible mathematical functions to combine the “stolen constants” (more on those later) with the hardware information provided by program.exe. The server then sends this now mixed information, we will refer to this as “the license file”, back to program.exe. (4) Once program.exe receives the license file, a local copy is created that program.exe can refer to on future boots; removing the need for another online request to be made (hence the use of “semi-online” earlier). (5) program.exe will be redirected to the original entry point (OEP) and begin executing the...