
Red Dead Redemption 2 DRM still has not been cracked (316 days) - tetris11
https://crackwatch.com/game/red-dead-redemption-2
======
tetris11
Quote from a piracy thread:

"Red Dead Redemption uses some obfuscation written by the same folks that sold
previous obfuscation as 'Arxan'. The HWID-bound license probably plugs into
the DRM such that it enables continued execution of the game code. This has
become a feature of complex DRM."

"It also has a lot of custom checks that Rockstar wrote."

"That's it. There's no grand mystery, it's a classically challenging problem
using new ways of writing frustrating-to-reverse bullshit."

src:
[https://www.reddit.com/r/Piracy/comments/h0j17y/red_dead_red...](https://www.reddit.com/r/Piracy/comments/h0j17y/red_dead_redemption_2_drm/ftnthhy?utm_source=share&utm_medium=web2x&context=3)

~~~
drmcometru
I work on anti-DRM techniques for a living.

The experience has shifted my views of DRM. Originally, I saw DRM as highly
anti-consumer, and a waste of time and clock cycles. Arguably I do still
believe that - but now I have great respect for the technical side of good DRM
implementations, and I acknowledge that they provide a time buffer to protect
against the first wave of piracy.

I've stripped Arxran's protections from software in the past, and I might just
have a look at breaking RDR2 now it's been brought to my attention...

~~~
the_af
It's definitely anticonsumer.

I've no doubt that from a technical point of view, both DRM and the efforts to
crack it are fascinating and interesting.

What I don't understand is this: consumers don't crack DRM; crackers and warez
groups do. Once cracked, DRM is as good as nothing and it's low effort for an
everyday gamer to get and play pirated games.

So this antipiracy "buffer" is only for crackers. For gamers it's just as if
the game had a delayed release date.

For legit customers, the DRM is often intrusive and, because it's so complex
and fiddly, often breaks in bizarre ways, giving rise to the paradoxical
situation that the legit game is harder to use than the pirated game!

Only legitimate buyers lose.

~~~
Camas
>For legit customers, the DRM is often intrusive and, because it's so complex
and fiddly, often breaks in bizarre ways, giving rise to the paradoxical
situation that the legit game is harder to use than the pirated game!

This is stuff you only read on certain forums. Most people don't even notice
DRM

~~~
the_af
No. I remember trying to play Batman Arkham Asylum back in the day and it was
a pain in the ass. First Steam. Then it wanted me to log in to some silly
Windows Game system. Why? It's a single player game and I bought it via Steam,
where I'm already logged in. Anyway, I couldn't register and got tons of
errors until I finally managed it. Then it wanted me to download a ton of
updates (almost as much as the original download) over a slow internet
connection. It's a single player game, for crying out loud -- let me choose
whether I want the updates! I had downloaded the game the day before, I had a
couple of spare hours and wanted to play _the goddamn game_ (spoiler: I wasn't
able to that day).

Had I downloaded the warezed version, I wouldn't have needed: a- Steam, b- the
Windows whatever login, c- the updates. Best experience goes to: pirated
version. (Had I wanted the patches: pirates eventually release updated
versions, too).

For the record, these days I do like Steam, though I far prefer GOG and DRM-
free games (when I have the time to play games at all, that is. Which is
almost never).

~~~
blackearl
There's even repackers who can get the file size down to less than a third of
the original size.

I buy all my games these days but there are people who do lots of thankless
work and I'm not sure why.

~~~
npongratz
Many enjoy exploring the limits of what is possible.

------
lacker
The frustrating thing about this DRM is that RDR2 requires an internet
connection in order to play the single-player game. At one point my internet
was down and I couldn't play it. Obviously not the biggest problem in the
world, but still an annoyance.

~~~
drmcometru
The biggest concern for me is, what happens when you want to play the game
again in 10 years time, when the DRM servers are offline?

When you buy DRM'ed media, you are merely renting it for an unspecified
duration.

~~~
dudus
In 10 years you're better off just playing the 8K remaster on PS6 or maybe
just playing red dead redemption 3 which is pretty much the same game but with
better graphics and combat.

~~~
arc-in-space
Yes, the remaster, on a locked-down hardware platform, both of which I will
have to pay for again. Hopefully by then I will also be too old to remember
what 'anti-consumer' means.

------
Medox
In the meantime the PS4 jailbreak went from version 5.05 (where it stagnated
for a long time) to 6.72 in July, which was also old by that time, being
released in mid July 2019, but which now can run RDR2 up to the patch 1.13
(last on 6.72).

Or to put it differently... If you can't crack the game, crack the os. At
least in the console world, this gives you the advantage that anything works
up a certain fw version afterwards.

If I remember correctly, the jump from 5.05 to 6.72, added more than 1000
playable games for those who kept the PS4 on 5.05 (myself included).

Sadly, there is not much talk around HN about console hacking. E.g. Here is
the bounty submission of Andy Nguyen (theflow0) for 6.72:
[https://hackerone.com/reports/826026](https://hackerone.com/reports/826026)

Sony might have shot itself in the foot by accepting the disclosure at the
end... But, then again, they had to and there's not much harm done when the
jailbroken fw is a year old.

~~~
tetris11
what's the advantage of a jail broken ps4? Other than running 3rd party Linux
binaries, and maybe adding ad-blockers, is there a gaming benefit?

~~~
TAForObvReasons
Check out the Switch or PS3 scenes for some examples: save backups and save
editing, game mods, overclocking, normally unsupported game controllers.

~~~
p1necone
The Switch is a good example - afaik there's _still_ no official way to back
up saves for a lot of games (botw included), and for the ones where cloud
saves are supported it's still a monthly subscription. Your console dies, you
lose your saves, no way around it other than jailbreaking.

~~~
j-james
The Switch hacking scene is also a good example just because of the sheer
amount of effort poured into it - Atmosphere, the primary custom-firmware
solution, is aiming to be a _full reimplementation_ of the Switch's firmware,
kernel and all.

[https://github.com/Atmosphere-NX/Atmosphere/](https://github.com/Atmosphere-
NX/Atmosphere/)

[https://old.reddit.com/r/emulation/comments/hygtnx/mesospher...](https://old.reddit.com/r/emulation/comments/hygtnx/mesosphere_opensource_nintendo_switch_kernel_now/)

\---

(also, one more particularly cool application made possible through homebrew
is game streaming - from a desktop pc or other device.)

[https://github.com/rock88/moonlight-nx](https://github.com/rock88/moonlight-
nx)

------
jupp0r
Maybe it's just me not being a college student with a very constrained budget
anymore, but is using cracked games still a thing nowadays? My impression was
that it was very widespread until the mid/late 2000s because it was the most
convenient way to get a game (ie without going into a physical store or mail
ordering games). This should be alleviated by steam/stadia/etc nowadays,
right?

~~~
vmception
I'm generally curious about this too.

Cracking got harder and licensed distribution in the 2010s became as
convenient and consumer friendly as it unlicensed distribution was for pirates
in the early 2000s.

Region locked games started disappearing, coinciding with less physical media
needs to begin with.

Flagship titles started being released cross region simultaneously.

Downloads and streaming was available and fast.

The marketplaces and discovery gradually got better too, still limited here
but not better than what the marketplaces distributing unlicensed content
have.

There is also the part about the budget, but I'm not sure. Expense was a
factor, but I'm not sure how big of a factor. The things people do on Steam
and other marketplaces is similar to what pirates were doing: downloading a
ton of games for free because they could, but only playing the flagship games
and never touching the other ones. So the pirates-turned-consumers are still
only buying a handful of games, and now also have access to the promotions and
plethora of free stuff as the always-consumers.

~~~
withinboredom
I know a guy, makes minimum wage, poor as shit. Known him a long time, but for
how poor he his, he is rich in games. He doesn’t even pay for IAP on his
phone, somehow he gets that free. It’s always hilarious when he messages me:
“hey, have you played X yet?” And my response is, “no.” He sends me the
torrent. I just pay for the games, because I can afford it and I know if he
says it’s good, I’ll probably enjoy it.

I imagine there are other people like me, where the pirating actually drives
sales. But yeah, to the people who don’t make tons of money, it’s often the
only way they’ll ever play the game.

~~~
vmception
Yes, I was factoring that in but I dont think its that big of a factor, when I
was in the scene pirates were estimates to being 1-2% of players. So even
thinking about how pirates are advertisements for the game, I’m skeptical of
their impact. From what I can tell, technical literacy has gone down in Gen Z.

~~~
imtringued
I have seen some youtube game reviewers openly admit that they acquired some
of their games through piracy.

------
Benjamin_Dobell
It's worth keeping in mind that cracking DRM is pretty much universally
_criminally_ illegal these days.

In the past (admittedly a long time ago now) you would have just been butting
up against the game's terms of service / shrink-wrap license.

Since the WIPO Copyright Treaty has been ratified in local law almost world-
wide, no-one with even a semblance of professionalism would even attempt to
crack DRM. So it's not like the world's best security consultants have been
working on this non-stop for the last year.

 _EDIT: Just to clarify, security firms may of course be hired /green-lit by
the DRM's implementer to try break the software. However, DRM is not open
season for white-hat security engineers like a lot of other areas are._

~~~
pfundstein
Are you telling me it's illegal to reverse engineer [DRM] software that I paid
for and installed on my PC?

That's like making it illegal to open the bonnet of my car and take the engine
apart.

Or are you saying it's illegal to build a crack using my private computer?

Or are you just saying it's illegal to publish that crack?

~~~
ev1
From a legal risk POV, yes, assuming US-based. It is not fair use at all,
either.

CFAA and DMCA are quite nasty in this regard. It gets significantly worse if,
in the course of your inspection/EULA violation/whatever, you have to interact
with any third party DRM [online] services for authn/authz. Then you bring
even more crime into scope.

Ianal, but I'm fairly certain the answer is 'yes' to every single question,
even individually (the act of cracking and the act of publishing it might even
be two separate crimes)

EFF: > The anti-circumvention provisions of the DMCA, 17 U.S.C. 1201, prohibit
circumvention of “technological protection measures” that effectively control
access to copyrighted works. The law also prohibits trafficking in tools that
are primarily designed for circumvention, have only limited commercially
significant purpose other than circumvention or are marketed for
circumvention. While section 1201 can arguably apply to any security
researcher, those studying digital rights management (DRM) of music, movies or
other creative content are most likely to face section 1201 claims, since
Congress intended to protect these copyrighted works when it passed the
statute. Researchers looking for vulnerabilities in authentication handshakes,
code signing, code obfuscation, and protocol encryption also have to worry
about section 1201 because vendors have argued that these also qualify as
“technical protection measures” covered by the DMCA.

~~~
pfundstein
Right so how could they possibly define/prove/enforce it, since reverse
engineering is essentially the act of understanding how something works by
looking at it.

~~~
Benjamin_Dobell
There are examples of this specific provision of the DMCA being enforced (or
at the very least being used to threaten into submission) on EFF's website.
Dmitry Sklyarov, a Russian national, was even arrested and sent to jail in the
US:

[https://www.eff.org/pages/unintended-consequences-fifteen-
ye...](https://www.eff.org/pages/unintended-consequences-fifteen-years-under-
dmca)

 _EDIT: Probably worth noting Dmitry Sklyarov was released from jail after
testifying at the trial of his employer, who were themselves then found not
guilty of violating the DMCA._

------
chromedev
The game wouldn't even run for like the first 5 days because they required
BIOS updates from manufacturers for the game to even work.

~~~
zamadatix
I wouldn't associate the mess that was motherboard firmware around launch with
anything but AMD. The firmware didn't even boost the CPU right either.

~~~
exciteabletom
I have an Intel SKU and I couldn't launch the game for 2 months after release.

~~~
zamadatix
Because of BIOS issues?

~~~
exciteabletom
I updated the BIOS and nothing changed. After a few months they fixed it.

------
shmerl
DRM obsessed developers: we need to spend time on this junk and punish our
paying customers.

All other developers: we spend time on making better games and release them on
GOG on day one.

~~~
tetris11
There's some evidence that the DRM noticeably slows down the framerate of the
game. Plus there's the bloat required to actually launch it (Rockstar Social
Club)

The GTA V crack apparently trims away a lot of the fat and makes for a much
less intrusive installation and a faster game (with better access to custom
servers).

~~~
kevin_thibedeau
The guard mechanism inserts non-optimal code as part of its obfuscation
process. It does slow down the affected code. The amount depends on how the
developers configured the tools and what paths are affected.

------
bsder
Presumably this is simply a function of not cracking it within the
30,60,90-day critical window?

Sure, cracking it now would give you "street cred", but you probably gain more
by cracking something newer and more popular.

~~~
p1necone
I'm pretty sure the _only_ reason people crack games is for street cred, or at
least for the technical challenge. Seems like "I cracked the game that noone
else could for nearly a year" is a great reason to try to me.

------
ChildOfChaos
This is normal now.

Most of the cracking groups have given up, because of Denuvo, they just crack
small releases, the few people that were actually cracking Denuvo were not
even the big scene groups, most likely individuals with certain skills, but at
lot of them just disappeared as it became too hard/took too long to make it
worth the time.

------
dylan604
Is DRM so totally useless that this is a worthy thing of note?

~~~
recursive
RDR2 is one of the biggest of triple-As. It probably has more cracking effort
applied to it than most.

I don't think that's evidence that DRM is useless.

~~~
dylan604
If no other DRM has withstood for 300+ days before being cracked, then it
seems pretty useless. Yay, it worked for one title. I think we can all agree
CSS was pretty useless. This stat makes it sound like AAA game DRM is about as
easy to crack. At least it's not as bad as the master key leaking for Blu-ray.

~~~
NoOneNew
You do realize whoever wrote the spec for this DRM now has free advertising to
be hired for more projects and make bank. If Rockstar did it in house, I'm
pretty sure they're going to make a spinoff DRM company. Useless, stupid,
whatever you want to call it, they're going to print fun-coupons now.

~~~
dylan604
DRM is and always will be a cat&mouse game. The hacker that breaks this DRM
will also get level up bonus for their resume. At that point, this theoretical
business model you propose will no longer be such a valuable thing. Those fun-
coupons will be as valuable as the Chuck E Cheese tickets recently discussed

~~~
NoOneNew
Your argument can easily apply to locks, safes and general physical security.
It will always be done. I've been hearing "DRM is will be useless soon" since
the early 2000s. Many DRM companies are 10-30+ years old, with multiple
international locations and many, many employees.

Look, I appreciate the hobby and skills it takes to crack DRM as a logic
puzzle. I used to work security integration and I may have had my own similar
hobbies. But at the end of the day, the argument of "DRM is useless" is people
truly saying, "I don't want to pay for things". Who likes to work for free? I
don't and I'm sure as shit you won't work for free either.

Do I like Rockstar? No. I think their games are shit from beginning to end.
They're edgelord, teenage wish fulfillment trash.

Do I respect when someone spends their time and wishes to get paid for it so
they can continue their craft with a roof over their head and food on the
table for them and their families? Yes.

If you don't approve of mandatory crunch times, story lines or whatever anti-
capitalist, anarchist, whatever manifesto you subscribe to... don't buy or
play their stuff. Fun part about a capitalist system, the best way to hurt
someone is to both ignore them and don't buy their stuff. Pirating their
stuff, as a lot of folks like to mention, "Doesn't hurt the company". But it
does give them reason to be more aggressive, issue lawsuits, get more press
attention and generally be bigger assholes that spiral the system out of
control. If they can make a profit, you bet your sweet ass they'll figure it
out even if it's a long con.

So yea, wait for DRM to go bye-bye. Let's see, RDR2 was in dev for around 7
years. You go ahead and work, for someone else, for 7 years on something,
about 40 hours a weeks (more if you want to include the "controversial working
conditions") and don't get paid during that entire time. Not on something YOU
want to do. Something that someone else wants done for them. Do that, then
come back to me with a real argument for people not to get paid for their
work. We're not a society that runs off hugs and kisses.

~~~
the_af
> _But at the end of the day, the argument of "DRM is useless" is people truly
> saying, "I don't want to pay for things"._

This is false.

A lot of people oppose DRM because it's a nasty bit of software running on
your hardware, or because it's unwieldy or plain doesn't work. Some people buy
a game (or ebook, or whatever) then use a DRM-stripped version because it's
_better_.

And yes, some people play pirated games because they don't want to pay. But
don't make it sound as if that was everyone.

DRM sucks.

~~~
NoOneNew
Dude, that's the biggest load of crap and you know it. That's what everyone
tells themselves so they sleep better at night and seem like some self-
righteous Robin Hoods to the public.

You pirate because you don't want to pay for it. People don't buy something,
then go out of their way to potentially get a bit of illegal virus/malware
induced "DRM-Free version". I was a teen back during Napster and Limewire
days... goddamn it I'm old... You pirate because you don't want to pay for it.
Stop acting like it's some great public service, saving the world, doing-the-
right-thing cause.

The folks that do the actual cracking, again, I actually respect for the
skills. That kind of stuff is a real fun hobby. They share their work as a way
to showoff. However, it's the users that get free-rides who I think are just
ridiculous and delusional. "Oh, I pirate games as a political statement for
anti-DRM because DRM is soooooo much worse on machines, and, and capitalism
bad." Yea... okay. Everything I have is DRM-filth and I never noticed.

~~~
tetris11
Anecdotally I own both a legal and a cracked copy of GTAV.

The legal copy was nice in the first year the game came out and I wanted
access to all features, so I grimaced and put up with the bloatware required
to actually log in to the game and play it. Then I got bored, uninstalled it
and didn't play it for a few years.

Recently I got a hankering to play it once more and shuddered at the memory of
all the intrusive software bloat, as well as the toxic online community
centrer around aggressive play. So I went with the crack (hassle-free and
self-contained in a single directory) and joined a FiveM online server for
multiplayer play, and the experience was painless, enjoyable even.

------
rabbitonrails
Maybe just a sign you can’t even give RDR2 away for free ;)

------
Johnny999
Well yeah, it's not going to be cracked.

------
google234123
Good for them!

