Friday , September 24 2021

Doom Eternal reverses the course and removes Denuvo Anti-Cheat at the kernel level

in the a Wednesday post at Reddit Doom Community, Eternal fate Executive producer Marty Stratton confirmed that the next patch of the game will completely remove Denuvo Anti-Cheat from the game. “Despite our best intentions, player feedback has made it clear that we need to reevaluate our anti-cheat integration approach,” wrote Stratton. “How we examine every future of anti-cheat in Eternal fateAt the very least, we need to consider giving campaign-only players the ability to play without anti-cheat software installed, and ensuring that the overall timing of an anti-cheat integration is better aligned with player expectations clear initiatives such as ranked or competitive games match – where the demand for anti-cheat is far greater. ”

Stratton also claimed that the problems with the latest patch with “performance and frame rate degradation” were in no way due to the new Denuvo system, but rather problems with “customizable skins” and “a code change that we had in connection with VRAM -Assignment made “. id Software has not yet released this upcoming patch.

Original report::

Eternal fate is the latest game that uses a kernel-level driver to detect scammers in multiplayer matches.

The game’s new driver and anti-cheat tool was provided by Denuvo’s mother Irdeto, a company that was once known for its almost unbeatable piracy protection and is now known for its somewhat effective but often cracked piracy protection. However, the new Denuvo anti-cheat protection is completely different from the company’s Denuvo anti-tamper technology, which uses code obfuscation to prevent crackers (and which has already been discussed) Eternal fate anyway shortly after the start).

The new Denuvo anti-cheat tool is introduced in Eternal fate Players after “countless hours and millions of gameplay sessions” during a two-year early access program, Irdeto said in a blog post Announcement of its launch. But not how ValorantThe similar Vanguard system, the Denuvo anti-cheat driver, “has no annoying tray icons or splash screens” that players can use to monitor their system.

“This invisibility could raise some eyebrows,” admits Irdeto.

No running outside of the game

In order to alleviate possible fears, Irdeto writes that Denuvo Anti-Cheat is only executed when the game is active, and Bethesda’s patch notes Similarly, it says, “Use of the kernel mode driver starts when the game starts and ends when the game ends for any reason.” That is a big difference to ValorantVanguard system, in which the driver has to be loaded from system start to “monitor the system status for integrity”.

“There is no monitoring or data collection outside of multiplayer games,” Michail Greshishchev, Product Owner of Denuvo Anti-Cheat, told Ars via email. “Denuvo does not try to maintain the integrity of the system. It does not block cheats, game mods or developer tools. Denuvo Anti-Cheat only recognizes cheats.”

Denuvo announced a partnership with the Esports Integrity Coalition when anti-cheat technology was first announced in 2018.
Denuvo announced a partnership with the Esports Integrity Coalition when anti-cheat technology was first announced in 2018.

Greshishchev added that the company’s driver “has received certification from renowned (ed) kernel security researchers, has undergone regular whitebox and blackbox audits, and has been tested for penetration by independent cheat developers.” He said Irdeto also set up a bug bounty program to detect any bugs they might have missed.

And because of Denuvo Anti-Cheat’s design, Greshishchev says the driver is safer than others who may be more exposed to the Internet. “Unlike existing anti-cheats, Denuvo Anti-Cheat does not transfer shell code from the web,” Greshishchev told Ars. “This means that if compromised, attackers cannot send arbitrary malware to the players’ computers.

“The same slot machines already have a sea of ​​sub-par (security-related) administrative services with active internet connections,” he continued. “Drivers from mouse and keyboard manufacturers, lighting and overclocking services, etc. If attackers really wanted to compromise players’ computers, they would go through them – not the most powerful manipulation software in the world.”

When a driver exploit is discovered in the wild, Greshishchev told Ars that revocable certificates and self-expiring network keys can be used as “kill switches” to turn them off. “No security professional can say that his solution is infallible, but our penetration tests, certifications, and security checks are significantly higher than any reasonable standard,” he said.

Time for kernel panic?

The use of kernel mode drivers is widespread in anti-cheat tools for multiplayer games to ensure that lower privilege “user mode” tools that attempt to change the game code can be detected and stopped. While fraudsters can still get around this by using code signing exploits to install their own kernel-level cheat tools, the process is more difficult.

Loading an anti-cheat driver in kernel mode only when a game is running, as Denuvo does, is also very different from running an anti-cheat driver in rootkit style from the start for security reasons. The latter leads to a significantly higher risk of exploits at the system level that can be carried out without the knowledge of the user and creates “a large attack surface with little use,” as the independent security researcher Saleem Rashid told Ars ValorantVanguard security drivers.

Nevertheless, some members of the Eternal fate The community is not happy with how the Denuvo anti-cheat tool was introduced or what security risks it causes on their systems.

“No software, especially anti-cheat software, should have access to your system at the kernel level, and if so, we should have been informed about it before purchasing,” wrote Reddit user extant_dinero a popular thread on the Doom subreddit asks people to delete the game. “I wouldn’t have bought it if I knew it would be added. Just because other pieces of software do it doesn’t do it right.”

But Greshishchev tells Ars that such fear is out of place. Denuvo Anti-Cheat is “not to be different from Nvidia’s graphics drivers or Steam’s customer service,” he said. “Unlike anti-cheats of the past, there are no file system hooks, no need to start with the operating system, no annoying tray icons or splash screens.”

“It is human nature to be afraid of the unknown and not a lot of technical claims from us could address this. Over time, trust builds up, and we believe that if Denuvo Anti-Cheat unites you, we will Player in your favorite game. ” Gain your trust. “

About Ellice Watts

Ellice Watts is the child of a Greek family. He is a passionate and ambitious blogger who has lived in Manhattan since he was 20 years old.

Check Also

Audi parks drivers for using a ring tone in the charity esport race

The combination of racing driver and esport is dramatic. When COVID-19 stopped real racing in …

Leave a Reply

Your email address will not be published. Required fields are marked *