For a long time, Denuvo's technology has been regarded as one of the most successful anti-piracy protections as the company's DRM scheme is notoriously hard to crack. Last year we wrote it often took many months to crack games protected by Denuvo, leading to speculation from piracy groups that video game piracy may soon become a thing of the past.
However, Denuvo's reputation was tarnished last month as Italian warez group CPY managed to crack Capcom's Resident Evil 7 in less than a week after its release, thereby setting a world record for the quickest time anyone managed to defeat Denuvo's DRM.
Now there's another bummer for Denovo as it appears the company did not follow security best practices for its web server. Someone discovered that several private directories on the company's website were left open to the public, enabling anyone to download various files, including a 11MB log file containing message submitted via the company's online contact form dating back to 2014.
Most of the messages in the log are spam or complaints gamers and would-be pirates, but because Denuvo did not list a public e-mail address the log also contains numerous queries from game developers and tech firms. TorrentFreak takes a look over here and discovered private messages from Capcom and Google:
While some are from companies looking to hire Denuvo, a notable email in slightly broken English appears to have been sent by Capcom.
“This is Jun Matsumoto from CAPCOM Japan. I have a interested in the Denuvo Anti-Tamper solution to protect our game software. If you have a white paper about details, please send me. (ex. platform, usage, price, etc…) And, if you have a sales agent in Japan, please tell me the contact point. Thank you for your cooperations,” it reads.
Another was sent by Jan Newger of Google, who wanted to learn more about Denuvo.
“I’m working in the security team at Google, and would like to evaluate the denuvo product to get an understanding on how it would integrate with existing solutions,” it reads.
“I’m specifically interested in further strengthening existing solutions to hinder understanding/tampering with binary programs. Is it possible to obtain some kind of demo version of the product? Also, could you send a quote to me?