데누보의 하이퍼바이저 우회 관한 지침

오늘 지하동네(G**)에서도 하이퍼바이저의 관한 공지가 올라옴 다른 곳에서도 이것 가지고 몇주 동안 시끌시끌 한데 지금까지 누구하나 안 올리는거 보면 굳이 말 안해도 알겠지만 정리는 해야하니까 말함

What is a hypervisor bypass?

A hypervisor bypass is not a proper crack because it does not actually defeat or disable DRM; it's simply a DRM bypass via kernel. When you use such a crack, Denuvo is still active and running on your PC. The hypervisor method modifies your system to look like the original licensed system the Denuvo key was generated for. In essence, it is tricking Denuvo into thinking your PC is the original owner's PC (the system the Denuvo key was generated for).

What is a proper crack for Denuvo?

In contrast to the above method, a proper crack (like those made by EMPRESS and voices38) bypasses Denuvo by constant spoofing, such as eliminating constant online validity checking, removal of anti-tamper routines, disabling DRM layers that hog system RAM, etc. As we all know, this is not a simple thing to do.

What are the security concerns with hypervisor bypasses?

There are several security concerns with hypervisor bypasses. Among them are the following:
- Execution Level: Unlike traditional cracks, which run in userland, hypervisor bypasses must run at a kernel/hardware level (below Windows OS). These cracks have direct access to your hardware and can do pretty much what they want.
- BIOS Changes: In order to run a hypervisor bypass, you must disable Secure Boot, disable driver signature enforcement and enable CPU virtualization. Disabling driver signature enforcement is particularly problematic.
- Security/Trust: A traditional crack runs in userland, so there are limits to the damage any potentially malicious crack can do. Since a hypervisor bypass needs to run at a hardware level, you are essentially trusting the cracker with full kernel control. With a hypervisor bypass you're trusting random strangers on the internet with the keys to your house and hoping they don't break in and steal everything.

How can I keep myself safe when using a hypervisor bypass?

Short answer, you can't. There are some things you can potentially try to help mitigate any risk. You can run it on a spare air-gapped PC that is not used for anything sensitive and contains no personal information; this should help limit the blast radius in the event of malware. You can attempt to run the hypervisor within a VM, but this will likely not work (due to issues with nested virtualization).

따라서 하이퍼바이저(VM Bypass)는 커널을 통해 우회하는 보안 리스크를 동반한 방법이며 이는 데누보 DRM을 무력화 하거나 실제로 우회하는 방법이 아닌 정상적인 크랙 방식으로 볼 수 없으므로 하이퍼바이저 자료는 업로드를 일체 금함