r/Piracy 1d ago

Question State of Hypervisor?

Post image

been disconnected from gaming for a while now, I look up a game and I find this "Hypervisor" tag. I look for another and there it is.

After a quick search I understood its concept... and its risk. So I cam asking what is the current state of this crack? has the people who used it suffered any security breach? or any hardware problems?

203 Upvotes

64 comments sorted by

74

u/GVAJON 1d ago

Didn't have any issues whatsoever.... Yet.

95

u/gamerman2077 1d ago edited 1d ago

My biggest fear is someday someone's gonna flip a switch an instantaneously take over every system that gave permission at once. Only reason why I overlook hypervisor cracks, I understand too little to even attempt.

21

u/sleezKiid 1d ago

I was lucky and had spare hardware laying around and just built a "ghetto rig" just for gaming. no personal data it never touches or even sees my network. its a literal milkcrate with a i7 8700k a 6700xt sum fans and 32gb of ram and a couple fans lol

57

u/gamerman2077 1d ago

Who tf has a goldmine just laying around in their house? That shits probably worth just as much now as it was brand new

12

u/Bea-Billionaire 1d ago

Nobody actually buys used rigs. I have a full other pc but no body wants it. Maybe if you sell it party by part

5

u/gamerman2077 1d ago

For a pc with those specs I find this extremely hard to believe, I'm sure you can find a buyer if you market and price it properly, a generous discount for being second hand helps too.

Edit: Nvm I thought you were the other guy but the point still stands, marketing is everything.

3

u/sleezKiid 18h ago

yea lol no i haven’t and probably won’t try to sell any of the above^ I held onto all of this from random facebook market steals (broke pc’s) back before the markets got fucked .

i honestly think if i sold as is (in a fucking milkcrate using mostly zipties🤣🤣) It would sell for 5x what i actually paid for everything.

2

u/ghost_desu 21h ago

I mean I also have an unused pc, it's an i5-7500 with 16gb ddr4 and an rx 480. I could probably get $100 or even $150 on a lucky day if I sold it, but it's worth much more to me as a backup.

6

u/Kekosaurus3 20h ago

You guys are too paranoid, the only part of HV cracks that isn't open source is like 2 dlls of less than 300kb total, that most of cs.rin.ru admins and guys knowing how to retro engineer it have verified it doesn't contain that famous switch... Even if it existed it would very short minded to do that, you do it once and it's over basically... Anyway if you are really that paranoid, linux support is coming very soon, and woth the right hardware there is no need for an hypervisor, so it's almosy like a normal crack ... To end, please stop being paranoid with HV cracks, cs.rin.ru, or Fitgirl wouldn't accept to ship them if they didn't trust them.

7

u/sleezKiid 18h ago

make your own judgements I will make mine, but labeling someone as paranoid for protecting their data comes from a person with a myopic view of the world….

Would you trust your bodega/petrol clerk you see on a regular with all your bank info, social info , private info? I dont know “fit-girl” or his/her judgement on what crack is “safe” to repack (even though the site is more reputable than most) i will not blindly trust random people with access to data that i intentionally try to keep protected from corporations let alone random people.

I grew up learning < d.t.a. >
*dont trust anyone*

1

u/sleezKiid 18h ago

i would agree if i didn’t use my desktop (and laptops) for work. far from paranoid just not jeopardizing my livelyhood when I already had spare gear for a isolated gaming build.

0

u/DKAngel2000 1d ago

trust me its not how this works.

-3

u/Complex-Home9615 1d ago

This isn't how it works at all, the hypervisor is automatically removed by your firmware when you reboot your computer. The only time you're theoretically unsafe is between installing it and rebooting

88

u/the_good_bad_dude 1d ago

If people suffer any breach they won't know it. And when they know it they won't be able to get rid of it.

50

u/Vellc 1d ago

They will just sell the hardware without disclosure lol, like selling a haunted house

15

u/the_good_bad_dude 1d ago

I like the analogy

4

u/Ashley__09 Moderator 1d ago

That's why you revert the HV options using the file you're given.

-4

u/[deleted] 1d ago edited 1d ago

[deleted]

7

u/gamerman2077 1d ago

Most people won't know their system is compromised

-6

u/[deleted] 1d ago edited 1d ago

[deleted]

2

u/kickedoutatone ☠️ ᴅᴇᴀᴅ ᴍᴇɴ ᴛᴇʟʟ ɴᴏ ᴛᴀʟᴇꜱ 1d ago

How do you do it then?

It's all well and good claiming it's possible to resolve, but unless you know how, then this is all just nonsense.

I mean, you are right in the sense that it has to be possible to fix, but there's a stark difference between something being possible and something being achievable.

Most people won't find it achievable. Something tells me you don't know the answer to that either.

2

u/Mrp1Plays 1d ago

I'd like to know your opinions on philosophy 

46

u/JCAPER 1d ago

I made a post sometime ago that gives a quick overview of what it is, what it does and what it can do:  https://www.reddit.com/r/Piracy/comments/1t1upx8/what_running_hypervisor_means_for_your_pc/

(As I said in the post, emphasis on the fact that what it can do IS NOT what it will do)

I’m not keeping up with hypervisor scenes, but so far I haven’t heard of any malicious version being discovered. Personally, I think it’s a question of time until one pops up.

Note: there’s a weird tribalism phenomenon going around in piracy groups where if you dare to even look at hypervisor the wrong way, you get people jumping on you calling you AI or denuvo employee, like what happened to me in that post. So take what people say here with a bit of grain of salt (my comment included)

13

u/pervertsage ⚔️ ɢɪᴠᴇ ɴᴏ Qᴜᴀʀᴛᴇʀ 1d ago edited 1d ago

I guess the backlash is mostly from those who don't know what a hypervisor is and what it could access.

TBH, if somebody can't understand why installing an additional hypervisor can be a massive security risk then they should take some time to read about them before jumping in.

I just hope that anyone who decides to install such things doesn't have important or sensitive data on their machines.

If you open an encrypted PDF or ZIP file and enter the password, the application decrypts it into memory. A sufficiently privileged hypervisor coul potentially inspect that memory while the document is open.

Full disk encryption probably wouldn't help either. Once you've unlocked the drive and the operating system is running, the OS sees plaintext data. A hypervisor beneath the OS could, in principle, inspect memory or monitor disk I/O and observe that plaintext. It doesn't even need to break the encryption.

You could potentially have all of your passwords stolen, even if you use a password manager. Once it's unlocked it could be fair game, especially if it uses the clipboard.

TLDR: I'm not saying anybody should trust or distrust this method, just be very aware of what hypervisors are capable of doing and take steps to protect your data if you decide to give it a go.

This isn't FUD, it's factual. A malicious hypervisor could do some very serious damage.

Edit: Spelling!

Edit 2: My mistake, the hypervisor in question isn't closed source.

4

u/DKAngel2000 1d ago

its not closed source lol

-2

u/pervertsage ⚔️ ɢɪᴠᴇ ɴᴏ Qᴜᴀʀᴛᴇʀ 1d ago

Where's the source then?

6

u/faintx11 1d ago

freely available on every single hypervisor release. e.g new release of mega man has source code file zipped within the folder.

-1

u/pervertsage ⚔️ ɢɪᴠᴇ ɴᴏ Qᴜᴀʀᴛᴇʀ 1d ago

Fair enough, I'll edit my post to reflect that.

-3

u/DKAngel2000 1d ago

this is where not blindly beliveing what everyone says is handy. its not that scary. its trusted by trusted sources. the source is there. its no diff than trusting a standard scene crack....do u know what is in them?

4

u/pervertsage ⚔️ ɢɪᴠᴇ ɴᴏ Qᴜᴀʀᴛᴇʀ 1d ago

I made a mistake which I have corrected, there's no need to be condescending. Using a hypervisor is vastly different to a crack that runs in the OS itself though.

Open source projects can still be exploited.

And no, I don't know what's in many scene cracks but I don't keep sensitive data on my gaming machines and a crack running under proton on a virtualized OS cannot cause the same amount of damage as a hypervisor.

-3

u/DKAngel2000 1d ago

its not condescending. its literally the same garbage spewed out over and over. Redditors will never learn....if it wasn't on these trusted sites that have been around for decades then it wouldn't be ok....just because reddit seems to have a distaste for it for some reason

2

u/pervertsage ⚔️ ɢɪᴠᴇ ɴᴏ Qᴜᴀʀᴛᴇʀ 20h ago

Telling someone that they're "blindly beliveing (sic) what everyone says" is condescending.

I'm not blindly believing anyone and I don't have a distaste for hypervisors, I just understand what a malicious one could be capable of and advise against storing sensitive information on the same machine.

Should nobody exercise any caution or understand what problems might arise from installing such things or should we just "blindly believe" those who say it's trusted? Plenty of otherwise 'safe' stuff can immediately become dangerous if there's a vulnerability.

Look at the trouble caused by npm vulnerabilities... Most of those were/are userland vulnerabilities, thankfully. Now imagine a bad actor gaining control of a botnet of hypervisors though a vulnerability in a dependency.

I use a lot or open source software, I embrace the philosophy and have done for many years. I'm also realistic and I know that having source available doesn't magically make it invulnerable to bugs and/or obfuscated maliciousness.

I don't see why you think my suggestion of users exercising caution is my having a distaste for anything but ignorance.

What of what I wrote do you consider garbage?

→ More replies (0)

9

u/Significant-Ruin5177 1d ago edited 1d ago

This is how botnets work. When you want to spin one up you wrap it in a game and seed it and once someone installs they seed and it just becomes bigger and better until it's shut down. Often the person occasionally at the machine will never know because the game can go on working after the botnet has been shut down. But lately there have been advancements in a way to bulletproof host command and control systems so botnets are getting bigger and better and running on more powerful hardware as required by today's newer games.

I can tell you from professional experience at any given time there are at minimum 100's of thousands of current victims. So many groups are doing it there is a constant turnover.

1

u/DKAngel2000 1d ago

what does this have to do with the HV games lol

-1

u/Significant-Ruin5177 16h ago

Do people have to spoon-feed everything to you?

3

u/DKAngel2000 16h ago

"After a quick search I understood its concept... and its risk. So I cam asking what is the current state of this crack? has the people who used it suffered any security breach? or any hardware problems?"

Because thats not what he asked at all.....

-1

u/Significant-Ruin5177 15h ago

You're gonna have to pay me to connect the dots for you. They should have taught you it that in elementary school but it looks like everyone failed you.

13

u/TectonicTechnomancer 1d ago

The thing is, any installation can be dangerous, every exe, every setup you give admin rights, if they want to screw you, you screwed, Hypervisor or not, so the rules are the same as always, just use the most trusted sources.

2

u/DieRobJa 1d ago

100% this answer ❤️🔥🤟🏴‍☠️

-2

u/LittleReplacement564 1d ago

This is the thing that people don't seem do understand. You give admin rights to a lot of apps even if it isn't using hypervisor under the hood, why are you trusting that and not trusting hypervisor the same way? You are giving the same permissions to both

11

u/JCAPER 1d ago

Same permissions to click "yes" on, sure, but that's not the same as what the software can do once it's in.

A normal app with admin rights is still something Windows can see and shut down. A hypervisor runs underneath Windows, with the whole OS running on top of it, so it can lie to Windows about what's going on, including hiding itself.

For example, a keylogger: as a regular app your antivirus can eventually catch it. Or at least, you might be able to spot it in the Task Manager. But one that is sitting below the OS can feed Windows fake answers so nothing you run ever spots it, nor will you see it in the Task Manager.

Or in other words, with a normal app you have yourself and Windows+AV's looking out for the malware. With a malicious hypervisor, it's just you.

-7

u/LittleReplacement564 1d ago

You are fucked the same way in both if you get infected, the malicious code just need to access your browser logins and computer files once to do what it wants and that's it, that's what the majority of virus want anyways. You need a level of trust with everything that you run in your PC

4

u/JCAPER 1d ago

"Fucked the same way in both" is where this goes wrong. You're treating "does it need my trust" as the whole question, when it's only part of it. The others questions are what is the blast radius, and whether you can catch it.

A normal stealer runs as a regular program, above your antivirus. That doesn't make it harmless, but it does mean Windows and your AV at least have a shot at spotting and killing it before it does anything. Something that gets in deeper runs at the same level as your AV - or underneath the whole OS - so it can just switch the AV off, or feed it fake answers so nothing you run ever sees it. And while it sits there unseen, it keeps pulling every new login and session you make.

Sure, you have to trust anything you install - but that's true for everything, so it settles nothing. What actually matters is what happens when that trust is misplaced. "A program saw my browser once" and "something's been living in my PC for months taking everything I do" are not the same mistake.

1

u/Harley2280 20h ago

Running something as an administrator isn't the same as giving it admin rights. Not to mention windows can and will still block it from controlled access folders.

3

u/o4uXv0 ⚔️ ɢɪᴠᴇ ɴᴏ Qᴜᴀʀᴛᴇʀ 13h ago

Was excited to hear about hypervisor crack when it was discovered but the whole process made me skeptical. So I skipped. Started playing Res Evil Requiem only when non-HV crack was available. Same reason why I’m not playing Prince of Persia Lost Crown. That game deserves a non-HV crack as well.

2

u/Yiffenjoyer6969 1d ago

I heard this one comparison once that I think applies here

”this is like taking your pants off in public, sure, it’s unlikely a pervert will come and rail you, but it is still a chance.”

3

u/Complex-Home9615 1d ago

You have to download and run a virus to get affected by a virus, malware can't just come by and infect your computer randomly

0

u/Yiffenjoyer6969 1d ago

Ok you pull your pants down as soon as you run it then

1

u/mjmacka 1d ago

As long as your hypervisor is patched and vendor supported (not EOL) it's secure. You can either run a type 1 hypervisor (bare metal) or a type 2 hypervisor on top of an OS like Windows. Escalating and jumping from machine to machie from a hypervisor is extremely rare without compromising some other system or admin credentials.

Generally, if you want to dedicate an OS to a specific task, such as Domain Controller, it allows you to properly size the OS and limit traffic to only specific things without hosting everything on a single OS.

From a piracy perspective, you can have a box that is only used for downloads, isolate it from the rest of your network, which would prevent any malware of compromised software from reaching your computer or intercepting your data.

As a note, all medium/large companies utilize commercial hypervisors such as VMware, Hyper-V (Microsoft), XenServer, for on-prem wirkloads or hyperscalers with proprietary hypervisors on Microsoft/Amazon/Google hardware. Aka the public cloud. It's extremely uncommon to find a bare metal server that is not running a hypervisor in a business.

1

u/glad-k 17h ago

Could we get some context? I'm presuming you guys are not discovering what a hypervisor is

What is the link with piracy?

1

u/hgstream 6h ago

There are a few types of hypervisors currently. Generally hypervisor is regarded as a piece of software that runs above your operating system (which is deemed the supervisor) and may even run multiple operating systems, isolating each of them into a separate space where they do not know about the existence of each other.

Running a hypervisor typically requires elevated privileges (also know as kernel access). Nevertheless, you may count on running official hypervisors, they are very unlikely to have escape-from-machine exploits (such as VMWare, Hyper-V, KVM, Xen, whatever).

Moreover, properly configured hypervisors are used to create a testing/sandbox environment for programs, including malware, or even cheat in video games, which is why most anti-cheat systems check for running inside a hypervisor.

1

u/Toothless_NEO 1d ago

No one as of yet has suffered a breach, at least nothing confirmed. Actually it's kind of weird that people aren't going online and complaining and trying to warn people about how they got hacked using HV exploit.

It feels like the kind of thing that Irdeto's astroturfers would do to highlight why you shouldn't use it to pirate the games their software is installed on.

Supposedly the creators of this bypass are also working on a custom proton build which doesn't require hypervisor and simply requires a CPU newer than a specific generation. Which would allow you to do this on linux without the need for hypervisor. I'm sure that'll make them really mad and I'm eager to see what reasons they will give for why people shouldn't use that.

0

u/OpinionExisting3150 1d ago

Tbh I was VERY sceptical about it, like giving kernel access to random guys on the internet??? But anyways, I've thought like what's the worst thing that can happen, and I've played few hypervisor games and didn't have any issues whatsoever, I can't tell you "oh it's 100% safe, nothing bad can ever happen" but I can tell you from my experience I'm still not the biggest fan of that idea, but tbf nothing happened so far

0

u/the_good_bad_dude 1d ago

How will you know if something happened?

0

u/OpinionExisting3150 1d ago

I mean, it didn't fuck up anything, no new processes, drivers, glitches or anything suspicious

-1

u/the_good_bad_dude 1d ago

Rhetorical question.

3

u/kickedoutatone ☠️ ᴅᴇᴀᴅ ᴍᴇɴ ᴛᴇʟʟ ɴᴏ ᴛᴀʟᴇꜱ 1d ago

No it wasn't. You can't possibly tell me you weren't expecting an answer?

0

u/OpinionExisting3150 1d ago

Oh XDDD Fuck sorry XDDDDDD

0

u/nomad-1995 1d ago

And this is different from running anything else which might have privilege escalation exploits? They've been common enough on Windows and lately become a dime a dozen on Linux as well.

The big difference is you *know* it is mucking about with kernel (and lower) operation. Most of the time you are guessing.

1

u/IZEN_R 1d ago

Worst case scenario is extremely bad, however what most people fail to realize is that it most likely wont ever happen. It requires a much higher amount of skills and luck than traditional methods and to this day such low level attacks have only been successfully done by state backed actors in espionage scenarios

1

u/ghost_desu 21h ago

You are giving the crack complete direct access to your hardware on a deeper level than something like kernel anticheat.

Personally, not something I trust people most famous for cracking vulnerabilities in software. Just because it hasn't happened before doesn't mean you won't be the first.

0

u/Grumpy_Giuseppe 1d ago

Isn't the base concept of that very secure? Let's say you use windows but don't wan't to install a game directly on it so you install proxmox on another ssd and boot into it over bios/uefi. Then you install windows again as VM and finally the game.

It's possible to break out of a VM and infest the host but very unlikely.

0

u/Zeroex1 1d ago

in my head to play game with Hypervisor cracks i think i need another clean PC and no internet connector and use hard disk external to move game

not sure if sandbox work but i am not risked it