A new anti-tamper technology with aims similar to those of Denuvo has been rapidly defeated. Valeroa has been touting itself as the latest anti-tamper technology "that cannot be cracked in a reasonable time." However, after appearing for the first time on the game City Patrol: Police, a cracker says he defeated the system in just 20 mins.

With online piracy still running rampant, content producers are keen to prevent copying wherever they can.

Music and movies are extremely vulnerable, with no effective technology available after several decades of trying. However, software and video games are able to put up a bit more of a fight when appropriate DRM and other technologies are put in place.

Situated on top of regular DRM, Denuvo has made its way to the top of the pile as one of the most effective and hated (by pirates at least) anti-tamper technologies. This reputation has in part been earned through its ability to prevent low-level crackers from defeating its locks but also due to a perception that it can be anti-consumer.

With this reputation, Denuvo is consistently targeted by crackers, who are getting more and more successful in defeating the technology. A few days’ protection now seems to be the most the product can offer, with the company itself now openly suggesting that a couple of weeks’ protection is a reasonable aim and valuable in itself.

Given Denuvo’s profile, it was interesting to see an apparently new technology being touted by its makers a few months ago. Dubbed ‘Valeroa‘, this new kid on the anti-tamper block seems to have Denuvo in its sights, with interesting marketing which presents the tech as a more consumer-friendly tool to achieve the same aims.

“Valeroa anti-tamper does [not] require you to have an internet connection. Not even when you launch your game for the first time or after you upgraded your hardware. Some games require you to be online, but this is not a Valeroa requirement,” the company claims.

“The protected game behaves as if there is no protection applied at all. Gamers don’t need to re-validate hardware or need an internet connection. They also don’t need to install additional software or drivers. They can play the game as it was intended by the game developer.”

Addressing other complaints usually aimed at Denuvo, Valeroa claims not to continuously write to the gamer’s hard drive while placing no limit on the number of daily installations or changes of hardware.

In common with Denuvo, however, the company behind Valeroa states that its tech is “extremely difficult to crack before and closely after the game release date.”

Curiously, it also adds that the protection “becomes a lot easier to crack after a predefined period” noting that the company has “no problem with organized pirate groups or individuals who crack Valeroa once the protection is weakened.”

This contrasts with statements made on the company’s website back in May (now deleted) that said the following:

“We closely watch the ‘Warez Scene’, P2P and reverse engineering communities. We report criminal activities to legal institutions. Pirate release groups, we know who you are and you have been warned!” the statement read.

On November 29, Valeroa made its debut on the game City Patrol: Police, a racing/action game that doesn’t appear to be particularly popular with early adopters. Doubling up on the disappointment, the Valeroa technology didn’t stand up as promised either.

On Saturday December 1, two days after launch, the game appeared online with its protection cracked. A user known online as ‘Steam006’ (who claims to be from Turkey) was reportedly responsible and if his report is to be believed, Valeroa didn’t put up much of a fight.

“It took about 20 minutes to make the crack,” he announced.

While this rapid defeat was greeted with amusement by the game cracking community, a number of questions about Valeroa remain.

The site itself gives no indication as to who is behind the technology and its domain WHOIS is protected, something which is not common when traditional corporate entities are involved. Its Linkedin page states the company is in the UK, providing a London postcode of EC1 and stating that Valeroa is “almost impossible to crack”.

However, an early version of the website claimed the company was situated in France, offering the address 54-56 Avenue Hoche, Paris 75008.

Adding to the unconventional approach, the site’s promotional material actually carries comments from users of Reddit’s /r/crackwatch forum which stop short of commending the technology but cautiously praise it for being less anti-consumer than some alternatives.

Valeroa cites Crackwatch user? Whatever next..



While Valeroa fell quickly on this first occasion, it did manage to hold up as long as some of the latest variations of Denuvo, which is an achievement in itself, if one discounts the low interest in the game itself.

Whether its strength will improve over time remains to be seen but the people behind the technology, whoever they are, do seem to understand why gamers hate DRM and similar technologies. That is certainly novel, if nothing else.

Update: German blog Tarnkappe has received a response from Valeroa, who claim that the “20 minute” claim isn’t accurate as tools had been developed in advance. The company also says that the defeat didn’t attack code protected by its technology:

“[T]he individual / group behind ‘Steam006’ released a pirated version of the title in question 2.5 days after its release. Technically Steam006 did not crack the anti-tamper solution in 20 minutes as it was used on emulation tool he worked on for years. This tool does not attack that is protected by the anti-tamper,” the statement reads.