Slashdot Mirror

← Back to Stories (view on slashdot.org)

DRM Company Denuvo Forgets To Secure Its Server, Leaks Two Years Of Emails (torrentfreak.com)

Posted by EditorDavid on from the managing-digital-rights-wrong dept.

Denuvo "left several private directories on its website open to the public," TorrentFreak wrote Sunday, calling it "an embarrassing blunder" for the digital rights management company. "Members of the cracking community are downloading and scrutinizing the contents," the site reports, with one of the finds being an 11-megabyte text file which apparently contains every message sent through Denuvo's web site since 2014. An anonymous reader writes: There's a message from Google's security team, one from Capcom Japan, and "dozens of emails from angry pirates, each looking to vent their anger," according to TorrentFreak. Ars Technica reports that there's also a 2015 message from Microsoft about "an upcoming initiative," as well as messages several game studios, and even one from the producers of Mavis Beacon Teaches Typing. "Combing the log file brings up countless spam messages, along with complaints, confused 'why won't this game work' queries from apparent pirates, and even threats (an example: 'for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm')."

"Since Denuvo's contact page does not contain a link to a private e-mail address -- only a contact form and a phone number to the company's Austrian headquarters -- the form appears to also have been used by many game developers and publishers." And in addition, "much of Denuvo's web database content appears to be entirely unsecured, with root directories for 'fileadmin' and 'logs' sitting in the open right now."
In addition, there's also a slideshow -- which has since been uploaded to Imgur -- bragging that "With over 300 man years of development experience among us, we clearly know what we're doing."

23 of 77 comments (clear)

  1. lawyers as hired guns by harvey+the+nerd · · Score: 3, Insightful

    If they got the good stuff, they'll have a legal goldmine on felonies by management and lawsuits on the company.

  2. "Keep the pirates at bay" by K.+S.+Kyosuke · · Score: 2

    ...from the slide show. Hahaha! Very apt indeed.

    --
    Ezekiel 23:20
    1. Re:"Keep the pirates at bay" by AmiMoJo · · Score: 4, Interesting

      They claim an average of 272 days until games protected with their products are cracked. May be technically true, but the most recent one lasted a few weeks.

      They also neglect to mention the ratio of additional sales to lost/returned sales due to the shitty DRM being a pain in the arse.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:"Keep the pirates at bay" by K.+S.+Kyosuke · · Score: 2

      I mostly referred to a particular web site, though.

      --
      Ezekiel 23:20
    3. Re:"Keep the pirates at bay" by elvesrus · · Score: 2

      Try 5 days for Resident Evil 7 ;)

  3. "Apparent" pirates or actual customers by Anonymous Coward · · Score: 5, Informative

    There seems to be a presumption that the "why won't this game work" questions were from "pirates", when they could just as easily come from actual customers.

    You know, the ones the DRM actually fucks over?

    captcha: measures (in a sentence: DRM are ineffective measures against pirates)

    1. Re:"Apparent" pirates or actual customers by amiga3D · · Score: 4, Informative

      I've never had a problem in any pirated game with DRM. In fact that's often why I downloaded pirated versions of games I had bought. It got to the point where I bought the games to get the printed manuals, the other shit wasn't worth fuckall.

  4. What about the actual code? by jonwil · · Score: 4, Interesting

    I do wonder if the leaks include any kind of technical info or code related to their system. If that happened it would be far worse than a bunch of emails.

    1. Re:What about the actual code? by GameboyRMH · · Score: 4, Informative

      Was thinking the same thing. Denuvo has to be broken, they're coming dangerously close to inventing what will be, and forever remain, the worst invention in the history of computing: Working DRM. It's the weapon that could banish general-purpose computing to the dark corners of hacker basements forever. Curated computing has already been popularized.

      All attempts to summon this demon must be thwarted.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    2. Re:What about the actual code? by plover · · Score: 4, Interesting

      If DRM is ever successful, it won't be due to companies like Denuvo. Effective DRM requires some critical-path hardware to be complicit in the hiding of a secret from the device's owner. It can't just be pasted-on code that says "check for a valid dongle", because the attackers patch around that. The hardware has to hide something of great importance to the operation of the application, something that can't simply be replicated by software.

      Denuvo makes it hard to crack, but without the hardware's participation, it will never be impossible.

      --
      John
    3. Re:What about the actual code? by Z80a · · Score: 4, Interesting

      Well, there are systems like that, but its quite hard to make a truly secure system when you can't even trust that the chip will run right.
      The playstation 3 DRM scheme was basically impossible to crack because the hardware itself locked any access to the code.
      The cell processor had this inaccessible internal ROM that was read and executed by one of the SPEs before the boot time, and it "locked itself from inside", making impossible to the rest of the system to read it.
      But the crackers managed to get it by glitching the cell processor just when the SPE tried to lock itself, making the instruction fail and exposing it to the other CPUs etc..
      This actually became a quite common tool for breaking into consoles now.

  5. Only Pirates sending angry emails? by Lumpy · · Score: 5, Interesting

    Sorry, but the customers I have are angry at DRM. They own 30 room Yachts that when they update the Firmware on their Kaleidescape it upgrades to HDCP 1.4 and BREAKS the whole system because their TV sets that are sealed and built in are NOT HDCP 1.4 compatible.

    I encourage these customers to complain to congress to strike down the DMCA because I tell them , "I could fix that, but the DMCA makes it a felony for me to do so."

    And it's affecting their homes, they add in the new 4K Dish TV to their 64 room home and BOOM the digital video system shuts down because of HDCP 2.2 and they did not replace all 64 TV sets in the house.

    DRM hits everyone, and a lot of the rich that I do work for I encourage to complain to companies as well as congress about it.

    --
    Do not look at laser with remaining good eye.
    1. Re:Only Pirates sending angry emails? by misexistentialist · · Score: 3, Funny

      Sell them a new updated yacht...it's like you're not trying

  6. Re:Buddha - Devil's Workshop by Narcocide · · Score: 2, Funny

    Switching to the anti-Buddhist one now, since that biblical scholar schooled you over all the inaccuracies in the anti-Catholic one? Your life must be really sad. Certainly there's a forum somewhere that this drivel is on-topic for, so you can actually have your half-assed trolling pastebin monologues get the response you desire?

  7. Nothing personal, but by MayeulC · · Score: 2

    If that could bring down the company into flames, that would be a small relief for the consumer.

    That said, DRM is like an Hydra, when you think you won the battle against one, a handful more appear to take its place. I sincerely hope it will be outlawed at some point.
    I had a look at these slides, and they're very obviously marketing material. Anyone who has written a handful of those knows how full of exaggerated claims they can be. For example, assuming the 40% piracy figure holds true (for which I couldn't find trustworthy references), would that automatically translate to a 40% in sales? A 40% increase in profit for the company? I don't think so, to put it mildly.

    OK, I will stop my rant for now; but I've been burned too many times by DRM as a legit consumer to keep thinking that for media companies (not every one, but as a general trend, esp. from sales departments), "consumer is king" instead of a milk cow that you desperately need to milk until blood comes (and keep doing it, for good measure). [/rant]

  8. Are Denuvo really that bad? by RogueyWon · · Score: 2, Interesting

    Denuvo have become a popular company to hate recently. There are long-standing complaints that their DRM "harms performance" in the games that use it. The time-to-crack on some of the more recent Denuvo-protected releases has been down to around a week or so, which is a big reduction from the "several months" they could boast a year ago. They can also come over as a bit cocky in their public messaging at times.

    And yet... are they really that bad? The war against DRM in PC gaming at the conceptual level was lost years ago, the moment consumers (self included) decided that the convenience of Steam and its equivalents (and the general reduction in game prices that came with them) outweighed concerns about ownership and digital rights. There have been battles since then, to be sure, but those have generally been over the extent to which DRM inconveniences legitimate consumers.

    So we had (fairly successful) protests against Spore, which limited the number of installs possible from a single key (a practice which is more or less dead now). There is continuing pushback over the inclusion of always-on DRM in games which don't require it, which looks like it still has some way to run. We've had outcries, again generally successful, against DRM schemes which compromise the security of PCs they are run on (see the recent additional of such DRM to Street Fighter V and its subsequent removal).

    But Denuvo doesn't really do any of these things. From the end-users point of view, provided they have a legitimate copy of the game, it is pretty much invisible. The rumours of it having a performance impact persist, but when credible sources like Eurogamer's Digital Foundry have investigated, they've never been able to substantiate them. In many cases, Denuvo appear to have become the scapegoat for poorly optimised PC ports.

    PC gaming is actually in quite a good place right now. Most major releases find their way to PC; considerably more than did so 5 or even 10 years ago. Previously console-only developers have realised that they can expand their market for relatively little effort by producing a PC port. This has gone hand-in-hand with a general improvement in the quality of DRM, which appears (though I'll admit the link is not validated) to have deterred at least casual pirates (accepting that the hardcore will likely never be deterred). If DRM is here to stay, I would much prefer Denuvo to some of the alternatives.

  9. This is why I went with indie games by Opportunist · · Score: 3, Interesting

    Indie developers have a lot of advantages. First, you have WAY fewer (if any) useless management sponges and your money goes to the person actually doing the work. But mostly, because it's hassle-free. No need to be always-online, hoping and praying that the connection to the all-important DRM server stays stable (if you can reach it at all at launch), no worries that the game will break as soon as you dare to install something the game's maker considers a nono on YOUR computer, it just works.

    Yes, graphics are usually way below what you'll get from AAA titles. But let's face it, games sold on graphics alone age very, very poorly. Cutting edge graphics are like new car smell. It wears off very, very quickly. The next generation of graphics hardware and shading software is always just a few months away and compared to this, your "ohhh, shiny!" game will soon simply suck. And then you can shell out another 60 bucks (and then some for the pretty much mandatory DLC to complete it).

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  10. I can recall a pen-test. . . by Salgak1 · · Score: 3, Insightful

    . . . . when we did a simple port-scan, and found every single Solaris box on the net had FTP running. So we did an anonymous FTP login. And in the root of the public directory. . . . was a Kickstart file. With the root password.

    We had the entire network pwned in under 45 minutes. Simply because someone didn't bother to clean up. Probably because they'd already redlined the "maintenance" budget. . . .

  11. My idea for a virus by MrKaos · · Score: 3, Interesting

    The amount of hypocrisy on this issue considering how many set top boxes are out there that violate the GPL to provide DRM compliant streams is breathtaking.

    I'd love to see a virus that enforces the license terms on a windows box so that pirated versions of the OS, or any other software, won't run.

    --
    My ism, it's full of beliefs.
  12. Idiots by kelemvor4 · · Score: 2

    In that powerpoint they were bragging about being the DRM that protects Game of Thrones. Game of Thrones is constantly in the news for being the most pirated show in history. Not exactly geniuses there at denuvo 'eh?

  13. Thomas Goebl, update your resume... by Smerta · · Score: 2

    Holy crap. After reading the slide show on Imgur, I think we should call a doctor to help Mr. Thomas Goebl, Director of Marketing and author of the presentation. He patted himself and the company so much on the back, he must have broken his arm! I have never seen a more self-indulgent, self-congratulatory presentation in my life.

  14. Re:Early adopter price by Cederic · · Score: 2

    Is HDCP 1.4 or 2.2 support part of the ratified standard, or updates to it?

    Waiting doesn't help. Getting fucked over by anti-consumer DRM implementations is going to happen anyway.

  15. Re:Arkham Knight Has Denuvo? by Cederic · · Score: 2

    Can we no longer trust Valve to tell us when a game contains 3rd-party DRM?

    Never did: http://pcgamingwiki.com/wiki/T...

    I'm not sure how much control Valve have over third party DRM notifications. I suspect it's a "Please indicate" but not mandatory.

    http://forums.steampowered.com... does have a commentator suggesting that Denuvo isn't DRM. I'm not sure how they reached that conclusion but it may be worth sanity checking Valve's definition for DRM too - could be that Denuvo slips through a crack.