Anti-piracy outfit Denuvo has taken a bit of a battering lately after chinks began appearing in the company’s armor. Last weekend, cracking group CPY defeated the protection on Resident Evil 7 in just five days, a record for the anti-tamper technology.
Just a week on, Denuvo has more problems to deal with. For reasons best known to them, the company has left several private directories on its website open to the public, as shown in the image below.
Most of the content appears relatively mundane but hidden away in the logs directory is an 11MB text file called Ajax.log, which appears to contain customer support emails dating back to 2014. While some are from companies looking to hire Denuvo, a notable email in slightly broken English appears to have been sent by Capcom.
“This is Jun Matsumoto from CAPCOM Japan. I have a interested in the Denuvo Anti-Tamper solution to protect our game software. If you have a white paper about details, please send me. (ex. platform, usage, price, etc…) And, if you have a sales agent in Japan, please tell me the contact point. Thank you for your cooperations,” it reads.
Another was sent by Jan Newger of Google, who wanted to learn more about Denuvo.
“I’m working in the security team at Google, and would like to evaluate the denuvo product to get an understanding on how it would integrate with existing solutions,” it reads.
“I’m specifically interested in further strengthening existing solutions to hinder understanding/tampering with binary programs. Is it possible to obtain some kind of demo version of the product? Also, could you send a quote to me?
But for every business opportunity, there are dozens of emails from angry pirates, each looking to vent their anger.
“Why do you have to make such shit software to fuck over pc gamers with DRM bullshit. Please inform the companies you work with that if your DRM is implemented on games they are selling, they will lose thousands of customers. Thanks,” wrote someone identifying themselves as Angry Customer.
While any leak of confidential data is a serious event, this developing situation appears to be getting worse. Within the last few minutes, more insecure directories have been discovered, some of them containing relatively large files.
Needless to say, the contents of these files will be of great interest to Denuvo’s adversaries. With that in mind, TF headed over to a platform where crackers meet and sure enough, they are extremely excited and all over this breach. Thus far it appears that most of the files have been downloaded, including one that appears to contain access logs for Denuvo’s website and others which carry executables.
It’s too early to say exactly what these files do but crackers will be hoping for any piece of information or clue explaining how Denuvo works and how it can be defeated. Another bad week for Denuvo is quickly getting worse.
Breaking news, updates to follow.
Update: One of the executables contained a Denuvo slide presentation.