arstechnica.com/security/2017/02/denuvo-forgets-to-secure-server-leaks-years-of-messages-from-game-makers[h=1]Denuvo forgets to secure server, leaks years of messages from game makers[/h] [h=2]Massive log file includes user complaints, apparently legitimate developer requests.[/h]
The developers at Denuvo have been in the news thanks to cracks against their notoriously tough digital rights management (DRM) tools, which are normally used to lock down video games from leaking online. On Sunday, the company faced a different kind of crack—not against a high-profile video game, however, but of its depository of private web-form messages. A significant number of these appear to come from game makers, with many requesting information about applying Denuvo's DRM to upcoming games.
The first proof of this leak appears to come from imageboard site 4chan, where an anonymous user posted a link to a log file hosted at the denuvo.com domain. This 11MB file (still online as of press time) apparently contains messages submitted via Denuvo's public contact form dating back to April 25, 2014. In fact, much of Denuvo's web database content appears to be entirely unsecured, with root directories for "fileadmin" and "logs" sitting in the open right now.
Combing the log file brings up countless spam messages, along with complaints, confused "why won't this game work" queries from apparent pirates, and even threats (an example: "for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm"). But since Denuvo's contact page does not contain a link to a private e-mail address—only a contact form and a phone number to the company's Austrian headquarters—the form appears to also have been used by many game developers and publishers.
The log, as hosted at Denuvo.com, contains queries with legitimate reply addresses at current game studios. Those include a requests from the following: 343 Industries, about applying Denuvo to upcoming Halo Wars games on PC; Microsoft, in a 2015 message describing Denuvo as something that would fit with "an upcoming initiative"; TaleWorlds, about adding DRM to the sequel to its Mount & Blade franchise; Harmonix Games, about scheduling an in-person meeting at this March's Game Developers Conference to talk DRM; Capcom, with multiple requests—one of which is described as a Windows 10 UWP release for 2016 (which could mean this past December's Dead Rising 4, which indeed shipped on UWP with Denuvo DRM); Ninja Theory, who sent a query about DRM for its upcoming adventure game Hellblade: Senua's Sacrifice; and many more.
Codemasters, Relic Entertainment, 505 Games, Kalypso, and even the producers of Mavis Beacon Teaches Typing all appear to have sent queries to Denuvo, though these do not necessarily mean their products will eventually ship with the company's DRM product in place. There's also, of course, the chance that some of these queries were not legitimate, since any e-mail address and information can be entered into the contact form. We have sent queries to listed developers and publishers to confirm their queries' legitimacy.
We also tried to send questions to Denuvo regarding the leaked messages and the company's security practices going forward, but the send button on the aforementioned contact-form page is currently not functioning. We will update this report with any public statement from the company.
Gilrond-i-Virdan;n7675740 said:ABZÛ looks interesting, but even on Humble it only sells a Steam key, and it's Windows only too.
No kidding. It's also disappointing to see from the message leak that DONTNOD is considering using it for an upcoming game. Presumably Vampyr.Gilrond-i-Virdan;n7693040 said:Really? That's beyond stupid.
227;n7693100 said:No kidding. It's also disappointing to see from the message leak that DONTNOD is considering using it for an upcoming game. Presumably Vampyr.
227;n7693100 said:On the bright side, Denuvo has helped me save a great deal of money in the past year. Speaking of which, have you noticed that almost every title that uses it mysteriously undersells? Titanfall 2, Dishonored 2, Deus Ex: Mankind Divided, etc
227;n7692990 said:It also uses Denuvo.
Steam didn't start mentioning it until fairly recently (I think it was around when Dishonored 2 was released), and titles released before that point don't seem to have been updated with the notice. Lords Of The Fallen is another one that doesn't have the Denuvo requirement show up. Probably comes down to laziness more than malice or anything shady, honestly.volsung;n7696050 said:Edit: Normally the Steam store shows which games require third-party DRM, including UPlay or Denuvo. I don't see anything for this game. Are they hiding it intentionally?
227;n7693100 said:Speaking of which, have you noticed that almost every title that uses it mysteriously undersells? Titanfall 2, Dishonored 2, Deus Ex: Mankind Divided, etc. Even Resident Evil 7 sold less than previous games in the series, causing stock prices to fall.
sv3672;n7817480 said:While those games do not necessarily undersell specifically because of Denuvo, there has not been much evidence yet that Denuvo particularly improves sales, either.