VRChat added VRCA (?maybe VRCW too) protection
-
Vrchat now uses AES-GCM encryption. The only way to get any type of unencrypted vrca or vrcw is with a modded client. Otherwise dump the game and get the decryption method. And boom. But the method is lazy and there are ways around this. Cannot say more right now.
-
Vrchat now uses AES-GCM encryption. The only way to get any type of unencrypted vrca or vrcw is with a modded client. Otherwise dump the game and get the decryption method. And boom. But the method is lazy and there are ways around this. Cannot say more right now.
-
wrote on 30 Mar 2025, 11:42 last edited by
I usually used loadbundle, and I was hoping that at least this would become usable. But if encryption measures have been implemented, there’s almost no chance it will work in the future.
-
Vrchat now uses AES-GCM encryption. The only way to get any type of unencrypted vrca or vrcw is with a modded client. Otherwise dump the game and get the decryption method. And boom. But the method is lazy and there are ways around this. Cannot say more right now.
wrote on 30 Mar 2025, 12:38 last edited by@trejectt Yep, saw one video where client user was able to extract avtr file w/o encryption. And from other source I found out that it is indeed client-sided. Files on VRC servers are still un-encrypted, and encrypted locally. So if anyone have a backup of previous VRC client version, they can still load and rip. Or wait for someone to decompile VRC and make another tool...
-
It's added for VRCW as well. I heard about it and went on the mad scramble to back up memorable worlds from the early days and they're all scrambled. I have a feeling they only did this so people can't "port" user-made worlds to other social VR platforms since VRChat has gone down the shitter. They don't care one bit about their users and their concerns with "avatar ripping".
wrote on 30 Mar 2025, 19:19 last edited by@avatarofcorn I heard personally they did it because they've started a partnership with Booth, but unsure how true that really is. At least the community had time, but I fear vrchat is certainly gonna turn into Pokechat for vrca's.
-
@trejectt Yep, saw one video where client user was able to extract avtr file w/o encryption. And from other source I found out that it is indeed client-sided. Files on VRC servers are still un-encrypted, and encrypted locally. So if anyone have a backup of previous VRC client version, they can still load and rip. Or wait for someone to decompile VRC and make another tool...
wrote on 30 Mar 2025, 20:19 last edited by@Real-Visitor I havent found a version that lets you play. i have all the way back to last year. all force to update
-
wrote on 31 Mar 2025, 01:59 last edited by
I downgraded VRChat, but I can’t launch it because a warning message says, "Please update."
-
I downgraded VRChat, but I can’t launch it because a warning message says, "Please update."
wrote on 31 Mar 2025, 03:16 last edited by@chocolate yeah it only worked for a few hrs into the next day.(28th) i helped someone figured it out
-
@trejectt Yep, saw one video where client user was able to extract avtr file w/o encryption. And from other source I found out that it is indeed client-sided. Files on VRC servers are still un-encrypted, and encrypted locally. So if anyone have a backup of previous VRC client version, they can still load and rip. Or wait for someone to decompile VRC and make another tool...
wrote on 31 Mar 2025, 15:44 last edited by@Real-Visitor what if the connection download is intercepted? what would happen?
-
wrote on 31 Mar 2025, 17:23 last edited by
Can someone help me on DM for getting an avatar? i still have the ID of it.
extracting vrca from cache doesn't work anymore, and assetripper can't load assets folder and shows unity version as 0.0.0a0 -
@avatarofcorn I heard personally they did it because they've started a partnership with Booth, but unsure how true that really is. At least the community had time, but I fear vrchat is certainly gonna turn into Pokechat for vrca's.
wrote on 1 Apr 2025, 14:37 last edited by avatarofcorn 4 Jan 2025, 14:40@Hardware98 It was clear as day what the outcome would have been when EAC was rammed down everyone's throats to the protest of nearly forty thousand downvotes on the Canny. Didn't take long for them to charge for what mods and other social VR platforms do for free. Notice how development time now is spent on monetization, instead of fixing bugs and improving the existing system. I suppose the massive layoffs last year were to remove staff members who gave half a damn about the community. The rest aren't talking but you can figure it out from how angry Merlin got. (For those who don't recognize this name, he's the guy who brought us UdonSharp and was hired to overhaul the broken Udon system when he was suddenly fired.)
@Reym Try setting up a transparent MITM proxy with a self-signed TLS cert. Your mileage might vary, given the ring-0 rootkit on the machine.
-
wrote on 1 Apr 2025, 16:09 last edited by
@avatarofcorn ring-0?
-
S SeraphicRoses referenced this topic on 2 Apr 2025, 01:48
-
@Real-Visitor what if the connection download is intercepted? what would happen?
wrote on 2 Apr 2025, 11:15 last edited by@Reym Client users can still take pure VRCA files, due to them not being encrypted server side
-
wrote on 2 Apr 2025, 15:37 last edited by
I know nothing, but I have noticed that while the Avatar is in use a __lock file is created in that path. I cannot do anything with this file, but when unloaded it disappears.
-
wrote on 2 Apr 2025, 15:40 last edited by
So once the file on the cache is encrypted there is no way to revert it?
-
@Reym Client users can still take pure VRCA files, due to them not being encrypted server side
wrote on 2 Apr 2025, 18:10 last edited by@Real-Visitor Is that possible to intercept pure vrca and transmit it to another folder after it has been downloaded instantly?
-
@trejectt Yep, saw one video where client user was able to extract avtr file w/o encryption. And from other source I found out that it is indeed client-sided. Files on VRC servers are still un-encrypted, and encrypted locally. So if anyone have a backup of previous VRC client version, they can still load and rip. Or wait for someone to decompile VRC and make another tool...
wrote on 2 Apr 2025, 18:17 last edited by Linze 4 Mar 2025, 01:34@Real-Visitor Do oculus ver or non steam version have same encryption?
-
@Hardware98 It was clear as day what the outcome would have been when EAC was rammed down everyone's throats to the protest of nearly forty thousand downvotes on the Canny. Didn't take long for them to charge for what mods and other social VR platforms do for free. Notice how development time now is spent on monetization, instead of fixing bugs and improving the existing system. I suppose the massive layoffs last year were to remove staff members who gave half a damn about the community. The rest aren't talking but you can figure it out from how angry Merlin got. (For those who don't recognize this name, he's the guy who brought us UdonSharp and was hired to overhaul the broken Udon system when he was suddenly fired.)
@Reym Try setting up a transparent MITM proxy with a self-signed TLS cert. Your mileage might vary, given the ring-0 rootkit on the machine.
wrote on 2 Apr 2025, 20:07 last edited by@avatarofcorn Yeah I remember that shit. I also downvoted, I think everyone did. Horrible way the platform is going honestly and it's only going to get worse. Genuinely hope they don't start putting ads in the game, but I see that as the next step. Hopefully people will protest then too.
-
wrote on 3 Apr 2025, 00:03 last edited by
so how do i rip now?
-
@Real-Visitor Is that possible to intercept pure vrca and transmit it to another folder after it has been downloaded instantly?
wrote on 3 Apr 2025, 00:12 last edited by@Linze Idk, if it stores that file temporarily somewhere, then possibly, but not sure.
Give 90% that they store the file in ram.
