Company promises countermeasures against new DRM bypasses — zero-day game releases become norm as security concerns mount over hypervisor-based bypass

you are viewing a single comment's thread
view the rest of the comments

[–] Encephalotrocity@feddit.online 75 points 14 hours ago* (last edited 14 hours ago) (12 children)

Good luck

Using the hypervisor bypass, even in its latest incarnation, requires users to disable:

Virtualization-Based Security (VBS): a layer that separates the Windows operating system from the its security enforcement features that run at a higher privilege level.

Credential Guard: a sub-feature of VBS that keeps login credentials in an container isolated from the rest of the operating system.

Driver Signature Enforcement: verification that any drivers installed in the system must have a digital signature issued by Microsoft to an identifiable company or developer, in order to prevent installing random drivers at the system level.

Core Isolation / Memory Integrity (HVCI): similar to the above, but prevents any kernel-level unsigned code entirely, as well as modifications to existing signed code so programs can't attempt to mess with existing drivers.

Installing a community-made hypervisor (HV) with Windows running on top of it. This HV fakes responses to the checks that Denuvo makes, and runs with higher permissions (ring level -1) than the operating system itself and has full, nearly untraceable access to hardware and software.

[–] balian@lemmy.libertarianfellowship.org 1 points 45 seconds ago

My gaming PC has no personally-identifiable information whatsoever and can be purged freely at a moment's notice.

Checkmate.

[–] LiveLM@lemmy.zip 2 points 1 hour ago* (last edited 1 hour ago)

It's gonna be really funny if the meta becomes Windows users booting into Linux just to boot a Single-GPU passthru Windows VM to play triple A's without getting pwned lol

[–] Cethin@lemmy.zip 2 points 2 hours ago

Just curious, does the crack work on Linux? Presumably you wouldn't have to do the same things, assuming it works at all.

[–] turdas@suppo.fi 6 points 3 hours ago

I can't help but wonder, shouldn't this all be possible on Linux without needing to install a hacked hypervisor? At most you would need a kernel patch, but since Denuvo operates through Wine, maybe an entirely userland solution would be possible too.

[–] mic_check_one_two@lemmy.dbzer0.com 7 points 5 hours ago

There will inevitably be some YouTube video that explains how to do all of this, and it will be followed without question by thousands of 12 year olds who don’t understand the security implications. They just want to play the new shiny game, and their parents told them they’d only buy the game if they got all A’s on their report card. So now their computer is orders of magnitude less secure (and likely running some mining/botnet in the background) because they wanted the game for free. This is just going to be the current generation’s version of “accidentally nuked the family computer with LimeWire downloads.”

[–] dorumon@lemmy.cafe 6 points 7 hours ago

Thanks for reminding me about why I have been exclusively playing older games or games from my backlog. Seriously with the prices of video games it's not worth it to buy them anymore let alone have the hardware to even play them. PC gaming sounds like a nightmare where you have to do all this crazy nonsense just to play some games at slightly better performance or if you are poor like me. I have long since stopped at pirating normal PC games though personally and have been pirating ROMs instead for emulators or buying from GOG. Much easier and you have like 4 decades worth of content just to play through. I say just let the modern gaming industry rot and toil. Play some Indie games instead like Deltarune or Silksong or I am your beast. Do anything but not support this dumb market of triple A games where they cost almost a hundred dollars now and require super computers hooked up to your actual computer to run.

[–] alakey@piefed.social 54 points 14 hours ago (2 children)

First 4 are disabled on unsupported systems anyway (4 is also sometimes disabled to squeeze out gaming performance), but 5 is scary as hell.

[–] upstroke4448@lemmy.dbzer0.com 22 points 13 hours ago (1 children)

Windows forcing users to have to pay extra for what should be default security features has always been an awful practice.

[–] boonhet@sopuli.xyz 5 points 11 hours ago (1 children)

The only one of those that is locked behind a specific Windows instance is Credential Guard, which only works on Enterprise and Education because it has to do with auth tokens of the domain, not local windows login AFAIK

The rest are locked behind hardware features like TPM and UEFI settings like secure boot.

I hate Microslop as much as the next person, but they do actually try to push their security features on everyone because of the reputation they've had as the most insecure OS.

[–] D06M4@lemmy.zip 2 points 3 hours ago (1 children)

If Microsoft were honest they'd change the name from Windows to Backdoors.

[–] boonhet@sopuli.xyz 1 points 3 hours ago

No backdoors here!

But the windows are all wide open and on the ground floor.

[–] AllNewTypeFace@leminal.space 3 points 11 hours ago

If the Russian Mafia can do it, theoretically so can you.

[–] tacosanonymous@mander.xyz 3 points 8 hours ago

100% this. If you find a nice, trusted source, you’ll play some really hard to get games.

But one mistake and your shit isn’t yours anymore.

[–] ayyy@sh.itjust.works 29 points 13 hours ago (1 children)

I don’t see how this is much worse than running Denuvo malware to begin with. I treat my windows gaming partition as a disposable DMZ anyway.

[–] upstroke4448@lemmy.dbzer0.com 16 points 13 hours ago (6 children)

This seems like a bad faith argument, the crack is basically installing a rootkit in your system. Its fair to assume a lot of casual users will be as ignorant as you are about the security issues and not re-enable the features.

If you truly can't see why that might be worse then DRM installed in a game your a fool.

[–] leftzero@lemmy.dbzer0.com 1 points 3 hours ago

the crack is basically installing a rootkit

So is denuvo.

I trust the random cracker's rootkit more than denuvo's.

Potential evil is less risky than proven, official, completely intentional evil.

Still, I have no interest in playing games infected with this shit. Their developers have evidently no interest in making good or even playable games, or they wouldn't infect them with this performance and usability killing malware, so to the blacklist they and their whole publisher go, cracked or not.

[–] cecilkorik@piefed.ca 26 points 12 hours ago (1 children)

If it's a question of installing a rootkit belonging to either the evil pirates who are closer to my kind of evil, or evil corporations who are literally destroying the internet, civilization, and the world in order to masturbate in their AI training gulags with my personal data? I'd choose to trust the pirates every time.

That said, if I have to install a rootkit from anyone to play a fucking game, I'm probably just not playing that fucking game.

[–] Cethin@lemmy.zip 1 points 2 hours ago* (last edited 2 hours ago)

That's assuming they're just pirates, not state actors or hackers taking advantage of it. Still though, Denuvo is possibly assisting state actors too, so 🤷. The ideal solutions is just don't play games with Denuvo. It's not that difficult.

[–] ayyy@sh.itjust.works 29 points 13 hours ago

Are you familiar with how denuvo works? It is also a literal root kit. Yes it doesn’t run on ring -1, but it is ring 0.

[–] OwOarchist@pawb.social 13 points 12 hours ago

the crack is basically installing a rootkit in your system

As is denuvo.

[–] ImgurRefugee114@reddthat.com 11 points 13 hours ago* (last edited 13 hours ago) (1 children)

Well... Nothing new then.

https://discuss.techlore.tech/t/psa-eac-apex-legends-anti-cheat-vulnerability/7768

https://arxiv.org/html/2408.00500v1

[–] AntiBullyRanger@ani.social 1 points 6 hours ago* (last edited 6 hours ago)

Could a kind soul repipe all that garbage JavaScript escape code for:
<discourse-assets-json> <div class="hidden" id="data-preloaded" data-preloaded="{"topic_7768":"{\"post_stream
to markdown, Creole, or Org?

[–] Imgonnatrythis@sh.itjust.works 2 points 11 hours ago (1 children)

Ok, I'll play the fool. Why is it worse? Is there some reason I should trust irdeto more than a guy in a hoodie?

[–] Cethin@lemmy.zip 1 points 2 hours ago

There is a reason, if it's just some guy in a hoodie. If it's a known cracker with a reputation for good cracks, it's probably fine. Some random person? I'd avoid it. I'd probably avoid it either way, but I agree there's no reason to trust the company either. Just don't trust either.

[–] lemmysmash@beehaw.org 23 points 13 hours ago

DRM, game launchers and generally 3/4 of modern software overall are a security threat anyway.

That said, the best solution for all this problems is to never buy, pirate or play any DRMed crap. Let them choke on their greedy tech.

[–] northernlights@lemmy.today 13 points 14 hours ago

WTH I've known HSMs easier to bypass. Just to prevent people from playing a game, it's ridiculous.

[–] Sims@lemmy.ml 5 points 12 hours ago

Never tried, but what about nested vm's ? It should be possible to have a normal secure vm, with a 'compromised' hp/vm running microslop running. In theory I guess..