[Protection] Add Denuvo detection #56

New Issue

Closed

opened 2026-01-29 21:05:27 +00:00 by claunia · 3 comments

claunia commented 2026-01-29 21:05:27 +00:00

Owner

Copy Link

Originally created by @TheRogueArchivist on GitHub (Jan 18, 2022).

Originally assigned to: @mnadareski on GitHub.

New protection, needs more research.

http://redump.org/discs/quicksearch/Denuvo/protection/only

Originally created by @TheRogueArchivist on GitHub (Jan 18, 2022). Originally assigned to: @mnadareski on GitHub. New protection, needs more research. http://redump.org/discs/quicksearch/Denuvo/protection/only

claunia added the enhancement label 2026-01-29 21:05:27 +00:00

claunia closed this issue 2026-01-29 21:05:28 +00:00

claunia commented 2026-01-29 21:05:28 +00:00

Author

Owner

Copy Link

@PurpleNekoNova commented on GitHub (Jan 18, 2022):

Common in newer Capcom games (Resident Evil 7, Marvel vs. Capcom: Infinite)

Some of these may have had physical releases [Check Europe]
https://www.game-debate.com/games/gamesWithDenuvo
https://store.steampowered.com/curator/26095454-Denuvo-Games/

@PurpleNekoNova commented on GitHub (Jan 18, 2022): Common in newer Capcom games (Resident Evil 7, Marvel vs. Capcom: Infinite) Some of these may have had physical releases [Check Europe] https://www.game-debate.com/games/gamesWithDenuvo https://store.steampowered.com/curator/26095454-Denuvo-Games/

claunia commented 2026-01-29 21:05:28 +00:00

Author

Owner

Copy Link

@TheRogueArchivist commented on GitHub (Jun 17, 2022):

It seems that this is able to detect Denuvo, and based on a quick glance through the source, it should be an easy detection to add with samples. https://github.com/horsicq/Detect-It-Easy

@TheRogueArchivist commented on GitHub (Jun 17, 2022): It seems that this is able to detect Denuvo, and based on a quick glance through the source, it should be an easy detection to add with samples. https://github.com/horsicq/Detect-It-Easy

claunia commented 2026-01-29 21:05:28 +00:00

Author

Owner

Copy Link

@Sewer56 commented on GitHub (Apr 1, 2024):

(Note that I'm still super tired, so apologies if I do a silly)

Anyway, I noticed most of the Denuvo code is commented, as there's TODOs in there.

---

An alternative version agnostic way of detecting Denuvo (that works for games at least as far back as 2016) is scanning for the null terminated string https://support.codefusion.technology (UTF16). This is the activation portal (support website) they use when the binary is unable to connect to their activation servers.

You then get 4 bytes (unknown purpose) and (in all my samples) 01 00 00 00 66 66 66 2E 0F 1F 84 00 00 00 00 00. Following that is another null terminated string which contains the specific product ID. For example, in Persona 5 Royal, this is P5R_9AG4H12

Combine the two, you get
https://support.codefusion.technology/P5R_9AG4H12

Of course, this is an extremely hacky approach, but a 3rd party program is very unlikely to have the same memory layout there, and the net it catches in terms of DRM versions is extremely wide.

Note: This does not apply to some EA games because they have a more custom solution and don't use this web portal.

@Sewer56 commented on GitHub (Apr 1, 2024): (Note that I'm still super tired, so apologies if I do a silly) Anyway, I noticed most of the Denuvo code is commented, as there's TODOs in there. ---------------- An alternative version agnostic way of detecting Denuvo (that works for games at least as far back as 2016) is scanning for the null terminated string `https://support.codefusion.technology` (UTF16). This is the activation portal (support website) they use when the binary is unable to connect to their activation servers. You then get 4 bytes (unknown purpose) and (in all my samples) `01 00 00 00 66 66 66 2E 0F 1F 84 00 00 00 00 00`. Following that is another null terminated string which contains the specific product ID. For example, in `Persona 5 Royal`, this is `P5R_9AG4H12` Combine the two, you get `https://support.codefusion.technology/P5R_9AG4H12` Of course, this is an extremely hacky approach, but a 3rd party program is very unlikely to have the same memory layout there, and the net it catches in terms of DRM versions is extremely wide. Note: This does not apply to some EA games because they have a more custom solution and don't use this web portal.

claunia referenced this issue 2026-01-29 21:07:28 +00:00

[PR #56] [MERGED] Add support for Microsoft SFX CAB detection #257

claunia referenced this issue 2026-01-29 21:07:29 +00:00

[PR #56] Add support for Microsoft SFX CAB detection #260

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

rolling

3.5.0

3.4.6

3.4.5

3.4.4

3.4.3

3.4.2

3.4.1

3.4.0

3.3.4

3.3.3

3.3.2

3.3.1

3.3.0

3.2.3

3.2.2

3.2.1

3.2.0

3.1.16

3.1.15

3.1.14

3.1.13

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

3.0.2

3.0.1

3.0.0

2.9.0

2.8.0

2.7.0

2.6.0

2.5.0

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.1.0

2.0.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.1

1.5.0

1.4.1

1.4.0

1.03.9.1

1.03.9

1.03.8.2

1.03.8.1

1.03.8.0

1.03.7.1

1.03.5

1.03.7

1.03.6

Labels

Clear labels

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

question

No Label enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SabreTools/BinaryObjectScanner#56