All images courtesy of id Software
Piracy isn’t new to video games. But as new methods for combating piracy are invented, hackers are finding news ways to get around them. Over the weekend, hackers made a breakthrough that, for a brief moment, allowed hundreds of thousands to freely download and play some games for free again.
Videos by VICE
It’s been a rough year for gaming piracy. Denuvo, a relatively new form of Digital Data Rights Management (DRM), has been packed into a series of high-profile PC releases—Rise of the Tomb Raider, DOOM, Inside—and hasn’t been broken. Some companies deploy DRM in order to prevent people from downloading games without paying for them. Conversely, other companies like the developer of The Witcher 3, believe DRM’s restrictions are alienating and simply trust that most people will pay. For the games using Denuvo, however, piracy has became essentially nonexistent. But things shifted last Friday, when a Bulgarian 19-year-old hacker called Voksi found a loophole.
“Its [sic] like the whole scene has come alive suddenly within 24 hours,” said one reddit user.
Thanks to Voksi, pirates were having a field day. Voksi’s loophole used a demo that game developer id Software released for their DOOM reboot, which could be exploited into letting people play the full game without paying for it. This trick was quickly used to make games like Rise of the Tomb Raider (and others that had avoided piracy for months) free for anyone with an Internet connection.
Not all games use Denuvo, of course, but game publishers like Square Enix, Electronic Arts, Warner Bros., and Ubisoft regularly deploy it.
Voksi had spent dozens of hours trying to break Denuvo, but when this idea sprung to mind, it only took four hours to test, implement, and release to the world. It spread like wildfire.
That loophole has since been shut down, but other methods are rising from its ashes.
When asked about Voksi’s workaround, Denuvo and id Software did not respond to my requests for comment.
Denuvo works as a shield on top of existing DRM like Steam or Origin. Steam’s DRM is terrible, but Denuvo hasn’t been cracked. What makes Denuvo so powerful is the way it works in conjunction with these services.
When a game is purchased and installed, Denuvo generates a unique key for their computer. So if someone buys a Denuvo-backed game on Steam and uploads their files as a torrent, anyone who downloads it would also need the exact hardware setup as the person who bought it in the first place. That’s not very likely. If you even manage to launch a Denuvo-backed game without the same hardware configuration, the game will become an unplayable mess—the game will boot you out, the frame rate will slow down, etc.
Voksi didn’t actually break Denuvo, but he found a clever way to go around it. This is different than what’s traditionally called a “crack,” which removes the DRM (in this case, Denuvo) from the game.
Here’s how this new method worked. Voksi released an application, called a “loader,” that automatically launched Steam and downloaded a copy of the DOOM demo.
“This is so the account ‘owns’ the demo, which is essential,” said another hacker I spoke with, who goes by the pseudonym MTW. “Denuvo needs to see that the account owns the Steam App ID of the title that is being activated.” (The Steam App ID is a unique identifier given to every product available on Steam.)
This method requires users to have a pirated copy of DOOM installed. When DOOM is booted up, the loader swaps the Steam App ID to that of the demo, instead of the full game. If it was the full game, Denuvo would deny you access. But for whatever reason, Denuvo’s servers viewed the demo and full game interchangeably, so the full game would load up.
The damage is done. […] The most breaking news of all is that Denuvo allowed 650,000 pirates to breach their servers for 3 days. And they call themselves the most secure company? -Voksi
“It’s a very clever work around,” said MTW, “but Denuvo can easily fix it, preventing it from working for people who have not already generated tokens using the tool.”
He was right. It was fixed a few days later, but not before a pretty significant impact.
“The damage is done,” said Voksi, the hacker who engineered the workaround. “650,000 unauthorized pirated copies were able to [run] with my bypasser and partial crack. […] The most breaking news of all is that Denuvo allowed 650,000 pirates to breach their servers for 3 days. And they call themselves the most secure company?”
Mere hours after Voksi’s loophole was patched, something more significant emerged: A legitimate crack from the hacking group Conspiracy, whose mantra is “always outnumbered, never outgunned.” Remember, cracks are a different beast. Voksi found a way to go around Denuvo, while Conspiracy was able to remove it entirely.
So far, Conspiracy’s crack only applies to Rise of the Tomb Raider.
It’s normal for hacking groups to find an exploit, release it, and wait for the company behind the tech to fix it. This whac-a-mole approach is expected, and in many ways, required for security to continue getting better and better; hackers and pirates identify weaknesses and then security companies address those faults. With Denuvo, though, it’s been a long time since the DRM suffered a significant breach.
“Denuvo fixed what they were doing to crack it back then,” said MTW. “This is the normal back and forth. ” [Conspiracy] has not shown that they are reliably able to crack newer versions of Denuvo in a timely manner. Quite the opposite, actually.”
Even still, hackers like Voksi are newly energized. Just a few hours ago, Voksi told me he’d “found another loophole” for Denuvo. His anti-DRM crusade can continue. That may work for a bit, but like clockwork, it’ll get patched. For a little while, though, Voksi has bucked the system and he’s in control.
“Welcome to the new world,” he said.
Follow Patrick Klepek on Twitter, and if you have a news tip you’d like to share, drop him an .