Introduction

If you're a gamer, you've almost certainly heard of Denuvo. It's a revolutionary new digital-rights protection technology that was introduced some years ago. Until then, games were cracked almost immediately, often on official release day or before due to the simplicity of the copy protections employed. Things changed with Denuvo, which set its mission not for "complete protection", but to protect games only for several weeks to cover the most busy sales period immediately following launch, under the guiding principle that "everything will be cracked eventually". While this approach was successful for several years, over time, scene groups figured out ways to crack Denuvo titles more quickly, usually taking just a few days nowadays.

A special gift came from Capcom during launch of their Devil May Cry 5 game. The company put up a Steam Depot that had a QA testing version of the game without Denuvo protection. For some reason (or by mistake), that depot was set to public without a password, so people quickly found it and discovered the game's unprotected EXE in it.

Capcom has since deleted the QA branch of DMC5, but the damage was done, and I saved a copy of the EXE because I always wanted to do such an investigation. Previously, this wasn't possible. Cracked versions of games only bypass Denuvo and do not completely remove it; it is still likely that the full Denuvo code runs in such a game and only a single instruction of "if is valid" is turned into "always valid" to achieve the crack. Some publishers have removed Denuvo from their games in the past, but making a version-to-version comparison is difficult because it's impossible to know what other changes are present in the new version that could affect performance, too.


Capcom's Denuvo-free EXE is only a fraction the size of the original EXE (128 MB vs. 475 MB), which is not unexpected considering how Denuvo works—more on that later. Please also note that both files are digitally signed with Capcom's publisher signature, which ensures they are unmodified and legit.

How Denuvo Works

Unlike most other protection technologies, Denuvo isn't just tacked on to the final executable, but rather, developers have to integrate it into their codebase during the development process. Denuvo is supposed to run continuously in the background while the game is running; i.e. there is not just a single check at the start of the game (which would be easy to bypass). Rather, the company recommends integrating it into "only non-critical functions" of the game, which isn't surprising. If a game's performance is bad, it will receive negative community feedback, which could affect sales, leading to lower profits, and profits is what all this trouble is about in the first place.

As a programmer, you're taught to reuse code by creating functions that can be called upon many times from various section of your code. Denuvo does the opposite for its protection task; the validation code gets inserted right into the middle of the code stream for every invocation instead of calling a function, which makes sense because that one function would be an easy target for pirates to work around.

Denuvo doesn't run as a background process with its own PID or separate thread in the game, which both would be easy to bypass, too, but rather, it's executed as part of the game's own code and logic. Thanks to this tight method of integration, Denuvo doesn't install a driver or rootkit on your machine because it doesn't have to. Denuvo code is interweaved so tightly with the game code that it's (almost) impossible to separate both.

For each installation on an individual PC, a "ticket" is generated, which contains system information, such as CPU architecture, number of processors and cores, attached storage with physical parameters, and more. All this information is used to generate a fingerprint of a specific system, and this fingerprint is used to "unlock" the game. This ensures that the "tickets" can't just be shared online or with friends (who all have different hardware configurations).

During startup, if the game can't find a ticket or if the ticket isn't matching the installed system (due to a hardware change, for example), Denuvo will try to contact their servers to request a new ticket for that specific system. This process is limited to five activations per 24 hours. Besides that, and while the game is running, there is no communication by Denuvo. This achieves support for offline play while still ensuring some sort of activation-count-limited online validation.

Performance Testing

For testing, I used my VGA review test system with the same specs, drivers, and settings as in our Devil May Cry 5 Performance Analysis article.

I paid very close attention to achieving high accuracy during testing. For example, graphics cards are always heated up properly before the test run to ensure Boost Clock (which is tied to temperature) doesn't play a role in the performance results. Also, since two installations of the game are used (on the same SSD), prior to every measured test run, I did a non-measured warmup run, which prepares disk cache and ensures results do not get skewed due to random disk latency. Still, it's impossible to reach perfect accuracy as some random variation between runs is to be expected.