DRM Company Denuvo Forgets To Secure Its Server, Leaks Two Years Of Emails

Denuvo "left several private directories on its website open to the public," TorrentFreak wrote Sunday, calling it "an embarrassing blunder" for the digital rights management company. "Members of the cracking community are downloading and scrutinizing the contents," the site reports, with one of the finds being an 11-megabyte text file which apparently contains every message sent through Denuvo's web site since 2014. An anonymous reader writes: There's a message from Google's security team, one from Capcom Japan, and "dozens of emails from angry pirates, each looking to vent their anger," according to TorrentFreak. Ars Technica reports that there's also a 2015 message from Microsoft about "an upcoming initiative," as well as messages several game studios, and even one from the producers of Mavis Beacon Teaches Typing. "Combing the log file brings up countless spam messages, along with complaints, confused 'why won't this game work' queries from apparent pirates, and even threats (an example: 'for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm')."

"Since Denuvo's contact page does not contain a link to a private e-mail address -- only a contact form and a phone number to the company's Austrian headquarters -- the form appears to also have been used by many game developers and publishers." And in addition, "much of Denuvo's web database content appears to be entirely unsecured, with root directories for 'fileadmin' and 'logs' sitting in the open right now."
In addition, there's also a slideshow -- which has since been uploaded to Imgur -- bragging that "With over 300 man years of development experience among us, we clearly know what we're doing."

"Apparent" pirates or actual customers

There seems to be a presumption that the "why won't this game work" questions were from "pirates", when they could just as easily come from actual customers.

You know, the ones the DRM actually fucks over?

captcha: measures (in a sentence: DRM are ineffective measures against pirates)

Re:"Apparent" pirates or actual customers

[amiga3D]

I've never had a problem in any pirated game with DRM. In fact that's often why I downloaded pirated versions of games I had bought. It got to the point where I bought the games to get the printed manuals, the other shit wasn't worth fuckall.

What about the actual code?

[jonwil]

I do wonder if the leaks include any kind of technical info or code related to their system. If that happened it would be far worse than a bunch of emails.

Re:What about the actual code?

[GameboyRMH]

Was thinking the same thing. Denuvo has to be broken, they're coming dangerously close to inventing what will be, and forever remain, the worst invention in the history of computing: Working DRM. It's the weapon that could banish general-purpose computing to the dark corners of hacker basements forever. Curated computing has already been popularized.

All attempts to summon this demon must be thwarted.

Re:What about the actual code?

[plover]

If DRM is ever successful, it won't be due to companies like Denuvo. Effective DRM requires some critical-path hardware to be complicit in the hiding of a secret from the device's owner. It can't just be pasted-on code that says "check for a valid dongle", because the attackers patch around that. The hardware has to hide something of great importance to the operation of the application, something that can't simply be replicated by software.

Denuvo makes it hard to crack, but without the hardware's participation, it will never be impossible.

Re:What about the actual code?

[Z80a]

Well, there are systems like that, but its quite hard to make a truly secure system when you can't even trust that the chip will run right.
The playstation 3 DRM scheme was basically impossible to crack because the hardware itself locked any access to the code.
The cell processor had this inaccessible internal ROM that was read and executed by one of the SPEs before the boot time, and it "locked itself from inside", making impossible to the rest of the system to read it.
But the crackers managed to get it by glitching the cell processor just when the SPE tried to lock itself, making the instruction fail and exposing it to the other CPUs etc..
This actually became a quite common tool for breaking into consoles now.

Only Pirates sending angry emails?

[Lumpy]

Sorry, but the customers I have are angry at DRM. They own 30 room Yachts that when they update the Firmware on their Kaleidescape it upgrades to HDCP 1.4 and BREAKS the whole system because their TV sets that are sealed and built in are NOT HDCP 1.4 compatible.

I encourage these customers to complain to congress to strike down the DMCA because I tell them , "I could fix that, but the DMCA makes it a felony for me to do so."

And it's affecting their homes, they add in the new 4K Dish TV to their 64 room home and BOOM the digital video system shuts down because of HDCP 2.2 and they did not replace all 64 TV sets in the house.

DRM hits everyone, and a lot of the rich that I do work for I encourage to complain to companies as well as congress about it.

Re:"Keep the pirates at bay"

[AmiMoJo]

They claim an average of 272 days until games protected with their products are cracked. May be technically true, but the most recent one lasted a few weeks.

They also neglect to mention the ratio of additional sales to lost/returned sales due to the shitty DRM being a pain in the arse.