This is decidedly not what I’d expect to be discussed at Thotcon. That said, super interesting!
As an avid pirate, I’ll say these days even the Denuvo game which were going years without cracks now have “cracks”, although they rely on hypervisor fixes and disabling secure boot and giving the hypervisor cracks unfettered access to your system to intercept the Denuvo checks. [0] It’s a dangerous game we’re playing to keep these AAA games bottom lines fat.
It has their uses. If, for example, a company wants to issue fleet computers to workers or school to students, you want to have secure boot on those devices to prevent tampering. Secure boot makes it so that physical access is not the end all of security.
If you own the computer yourself, you "ought" to be able to turn off these measures in a way that is undetectable. Being unable to do so would be the red line imho - and looking at those hypervisor cracks available, it's not quite being crossed. The pessimistic, but realistic future prediction is that various media companies would want and lobby for machines to have unbreakable enclaves for which they can "trust" to DRM your machine, and it's just boiling the frog right now. Windows 11's new TPM requirement is testament to that.
Switch to linux asap - that's about the only thing a consumer is capable of doing.
This is coming. In particular, without a Secure-Boot-enforced allowlist of operating systems, it will be near impossible to verify that an OS connecting to the internet complies with your locality's age verification laws, so it will soon be illegal to run a computer that does not make Secure Boot mandatory and connect it to the network.
If you're starting to think "huh, maybe that's why these age verification laws suddenly became all the rage", you're onto something. Whatever the case, "general purpose computing" is definitely cooked.
General purpose computing as it was done in the 1900s is cooked for the average user because there is no market incentive for it to exist. The actual market incentive revolves around apps as they provide user value along with the ability to deploy custom apps.
The laws in my locality place requirements on the service provider (e.g. the adult website operator), not on random computer owners or manufacturers or software vendors.
Newsom signed a law that places those requirements on every operating system in California, and in practice, organizations tend to comply with California's terrible laws no matter where you are, rather than stopping doing business there or making two variants of their products.
With software it's trivial to have a switch for "California compliant" mode, but in any case, that makes it clear that such criticisms should be directed at California. Other (generally "red") states already had a more reasonable solution: make the sites offering the restricted service liable for their actions just like other businesses.
> If, for example, a company wants to issue fleet computers to workers or school to students, you want to have secure boot on those devices to prevent tampering. Secure boot makes it so that physical access is not the end all of security.
Measured boot is actually better for that: You can still boot whatever you want however you want, but hashes are different which can be used for e.g. remote attestation. Secure boot has to prevent that "unauthorized" code (whatever that means for each setup) can ever run. If it does, game over. That means less freedom and flexibility.
Having an operating system purposefully allow support to installing rootkits should clearly be a bad idea. It shouldn't be surprising you have to turn off security features to install a rootkit.
it is stupid to turn it off. It is incredibly easy to infect your system components without your knowning.
that being said, it does assume a certain trust in firmware vendors / oems. If you dont trust those, then dont buy from them.
i think for most ppl trusting OEM or trusting rando from interwebz with a custom hypervisor and requirement to cripple my system security are totally different things ..
u know they could actually make theyr HV support secure boot etc. to do it properly and have ur system run the cracks but not have gaping holes left by them -_-. lazy.
What I'm wondering for a while now: How do the game streaming services run the Denuvo titles? Do they get special builds? They will not run on bare metal hardware but in some kind of VM right? Wouldn't Denuvo detect that and stop working?
I'm a bit perplexed by the choice of Nintendo Switch as the example hardware. I was under the impression that the switch was locked down and you can't run offset based cheat software like cheatengine on it.
I’ve noticed that LLMs can effortlessly read minified JS. How does it do with obfuscated binary code? I wonder if the days of obfuscation are numbered when the tedious job of de-obfuscation can be automated.
96 comments
As an avid pirate, I’ll say these days even the Denuvo game which were going years without cracks now have “cracks”, although they rely on hypervisor fixes and disabling secure boot and giving the hypervisor cracks unfettered access to your system to intercept the Denuvo checks. [0] It’s a dangerous game we’re playing to keep these AAA games bottom lines fat.
[0] https://www.thefpsreview.com/2026/04/03/denuvo-has-been-brok...
...making it even more clear what "secure" boot actually secures: the control others have over your own computer.
If you own the computer yourself, you "ought" to be able to turn off these measures in a way that is undetectable. Being unable to do so would be the red line imho - and looking at those hypervisor cracks available, it's not quite being crossed. The pessimistic, but realistic future prediction is that various media companies would want and lobby for machines to have unbreakable enclaves for which they can "trust" to DRM your machine, and it's just boiling the frog right now. Windows 11's new TPM requirement is testament to that.
Switch to linux asap - that's about the only thing a consumer is capable of doing.
If you're starting to think "huh, maybe that's why these age verification laws suddenly became all the rage", you're onto something. Whatever the case, "general purpose computing" is definitely cooked.
> If, for example, a company wants to issue fleet computers to workers or school to students, you want to have secure boot on those devices to prevent tampering. Secure boot makes it so that physical access is not the end all of security.
Measured boot is actually better for that: You can still boot whatever you want however you want, but hashes are different which can be used for e.g. remote attestation. Secure boot has to prevent that "unauthorized" code (whatever that means for each setup) can ever run. If it does, game over. That means less freedom and flexibility.
that being said, it does assume a certain trust in firmware vendors / oems. If you dont trust those, then dont buy from them.
i think for most ppl trusting OEM or trusting rando from interwebz with a custom hypervisor and requirement to cripple my system security are totally different things ..
u know they could actually make theyr HV support secure boot etc. to do it properly and have ur system run the cracks but not have gaping holes left by them -_-. lazy.
> While security researchers love the entropy of randomized function layouts
I don't think any competent security researcher has anything positive to say about "security through obscurity"
at best this is lawyer position
Which provides way more information than the article