The clever thing here is that Denuvo is only used to protect certain functions, not the entire game. The functions it protects should be functions that run infrequently, but contain enough critical game logic that they can’t just be replaced wholesale by a cracker. I believe the game developer themselves chooses what functions to protect. If they protect too much (or protect the wrong functions) performance can suffer, whereas if they don’t protect enough, the crackers’ job is too easy.
I wonder if Denuvo the company charges more or less depending on how much function protection the developer chooses or if it is a flat rate.
From the "analysis" I gather it works by encrypting the .exe and the key's are server-side. The hardware info is used to further encrypt it.
I think the goal should be to fool the checks rather than remove the encryption which would be a nightmare. CPUID can output whatever you want, it just reads MSR's. I'm sure there are possibilities to use kernel drivers to make windows functions also read out whatever you want.
You need (1) a valid license file and (2) a list of all the checks that are made and (3) some way to override the output of each check. Furthermore, you want to ideally do this in a way that makes your cracked software actually deployable on random computers, so you don’t want to do any heavy kernel-mode hooking because people won’t be able to use your crack.
Oh and if you actually do distribute a crack that uses a stolen license file, they’ll ban the heck out of the hardware identified in the license (and probably any user/account/Steam IDs they manage to hoover up), which will no doubt be an annoyance to a cracker.