Slashdot Mirror

← Back to Stories (view on slashdot.org)

DRM Company Denuvo Forgets To Secure Its Server, Leaks Two Years Of Emails (torrentfreak.com)

Posted by EditorDavid on from the managing-digital-rights-wrong dept.

Denuvo "left several private directories on its website open to the public," TorrentFreak wrote Sunday, calling it "an embarrassing blunder" for the digital rights management company. "Members of the cracking community are downloading and scrutinizing the contents," the site reports, with one of the finds being an 11-megabyte text file which apparently contains every message sent through Denuvo's web site since 2014. An anonymous reader writes: There's a message from Google's security team, one from Capcom Japan, and "dozens of emails from angry pirates, each looking to vent their anger," according to TorrentFreak. Ars Technica reports that there's also a 2015 message from Microsoft about "an upcoming initiative," as well as messages several game studios, and even one from the producers of Mavis Beacon Teaches Typing. "Combing the log file brings up countless spam messages, along with complaints, confused 'why won't this game work' queries from apparent pirates, and even threats (an example: 'for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm')."

"Since Denuvo's contact page does not contain a link to a private e-mail address -- only a contact form and a phone number to the company's Austrian headquarters -- the form appears to also have been used by many game developers and publishers." And in addition, "much of Denuvo's web database content appears to be entirely unsecured, with root directories for 'fileadmin' and 'logs' sitting in the open right now."
In addition, there's also a slideshow -- which has since been uploaded to Imgur -- bragging that "With over 300 man years of development experience among us, we clearly know what we're doing."

13 of 77 comments (clear)

  1. lawyers as hired guns by harvey+the+nerd · · Score: 3, Insightful

    If they got the good stuff, they'll have a legal goldmine on felonies by management and lawsuits on the company.

  2. "Apparent" pirates or actual customers by Anonymous Coward · · Score: 5, Informative

    There seems to be a presumption that the "why won't this game work" questions were from "pirates", when they could just as easily come from actual customers.

    You know, the ones the DRM actually fucks over?

    captcha: measures (in a sentence: DRM are ineffective measures against pirates)

    1. Re:"Apparent" pirates or actual customers by amiga3D · · Score: 4, Informative

      I've never had a problem in any pirated game with DRM. In fact that's often why I downloaded pirated versions of games I had bought. It got to the point where I bought the games to get the printed manuals, the other shit wasn't worth fuckall.

  3. What about the actual code? by jonwil · · Score: 4, Interesting

    I do wonder if the leaks include any kind of technical info or code related to their system. If that happened it would be far worse than a bunch of emails.

    1. Re:What about the actual code? by GameboyRMH · · Score: 4, Informative

      Was thinking the same thing. Denuvo has to be broken, they're coming dangerously close to inventing what will be, and forever remain, the worst invention in the history of computing: Working DRM. It's the weapon that could banish general-purpose computing to the dark corners of hacker basements forever. Curated computing has already been popularized.

      All attempts to summon this demon must be thwarted.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    2. Re:What about the actual code? by plover · · Score: 4, Interesting

      If DRM is ever successful, it won't be due to companies like Denuvo. Effective DRM requires some critical-path hardware to be complicit in the hiding of a secret from the device's owner. It can't just be pasted-on code that says "check for a valid dongle", because the attackers patch around that. The hardware has to hide something of great importance to the operation of the application, something that can't simply be replicated by software.

      Denuvo makes it hard to crack, but without the hardware's participation, it will never be impossible.

      --
      John
    3. Re:What about the actual code? by Z80a · · Score: 4, Interesting

      Well, there are systems like that, but its quite hard to make a truly secure system when you can't even trust that the chip will run right.
      The playstation 3 DRM scheme was basically impossible to crack because the hardware itself locked any access to the code.
      The cell processor had this inaccessible internal ROM that was read and executed by one of the SPEs before the boot time, and it "locked itself from inside", making impossible to the rest of the system to read it.
      But the crackers managed to get it by glitching the cell processor just when the SPE tried to lock itself, making the instruction fail and exposing it to the other CPUs etc..
      This actually became a quite common tool for breaking into consoles now.

  4. Only Pirates sending angry emails? by Lumpy · · Score: 5, Interesting

    Sorry, but the customers I have are angry at DRM. They own 30 room Yachts that when they update the Firmware on their Kaleidescape it upgrades to HDCP 1.4 and BREAKS the whole system because their TV sets that are sealed and built in are NOT HDCP 1.4 compatible.

    I encourage these customers to complain to congress to strike down the DMCA because I tell them , "I could fix that, but the DMCA makes it a felony for me to do so."

    And it's affecting their homes, they add in the new 4K Dish TV to their 64 room home and BOOM the digital video system shuts down because of HDCP 2.2 and they did not replace all 64 TV sets in the house.

    DRM hits everyone, and a lot of the rich that I do work for I encourage to complain to companies as well as congress about it.

    --
    Do not look at laser with remaining good eye.
    1. Re:Only Pirates sending angry emails? by misexistentialist · · Score: 3, Funny

      Sell them a new updated yacht...it's like you're not trying

  5. Re:"Keep the pirates at bay" by AmiMoJo · · Score: 4, Interesting

    They claim an average of 272 days until games protected with their products are cracked. May be technically true, but the most recent one lasted a few weeks.

    They also neglect to mention the ratio of additional sales to lost/returned sales due to the shitty DRM being a pain in the arse.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. This is why I went with indie games by Opportunist · · Score: 3, Interesting

    Indie developers have a lot of advantages. First, you have WAY fewer (if any) useless management sponges and your money goes to the person actually doing the work. But mostly, because it's hassle-free. No need to be always-online, hoping and praying that the connection to the all-important DRM server stays stable (if you can reach it at all at launch), no worries that the game will break as soon as you dare to install something the game's maker considers a nono on YOUR computer, it just works.

    Yes, graphics are usually way below what you'll get from AAA titles. But let's face it, games sold on graphics alone age very, very poorly. Cutting edge graphics are like new car smell. It wears off very, very quickly. The next generation of graphics hardware and shading software is always just a few months away and compared to this, your "ohhh, shiny!" game will soon simply suck. And then you can shell out another 60 bucks (and then some for the pretty much mandatory DLC to complete it).

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. I can recall a pen-test. . . by Salgak1 · · Score: 3, Insightful

    . . . . when we did a simple port-scan, and found every single Solaris box on the net had FTP running. So we did an anonymous FTP login. And in the root of the public directory. . . . was a Kickstart file. With the root password.

    We had the entire network pwned in under 45 minutes. Simply because someone didn't bother to clean up. Probably because they'd already redlined the "maintenance" budget. . . .

  8. My idea for a virus by MrKaos · · Score: 3, Interesting

    The amount of hypocrisy on this issue considering how many set top boxes are out there that violate the GPL to provide DRM compliant streams is breathtaking.

    I'd love to see a virus that enforces the license terms on a windows box so that pirated versions of the OS, or any other software, won't run.

    --
    My ism, it's full of beliefs.