VRChat added VRCA (?maybe VRCW too) protection
-
@Reym Client users can still take pure VRCA files, due to them not being encrypted server side
-
@trejectt Yep, saw one video where client user was able to extract avtr file w/o encryption. And from other source I found out that it is indeed client-sided. Files on VRC servers are still un-encrypted, and encrypted locally. So if anyone have a backup of previous VRC client version, they can still load and rip. Or wait for someone to decompile VRC and make another tool...
-
@Hardware98 It was clear as day what the outcome would have been when EAC was rammed down everyone's throats to the protest of nearly forty thousand downvotes on the Canny. Didn't take long for them to charge for what mods and other social VR platforms do for free. Notice how development time now is spent on monetization, instead of fixing bugs and improving the existing system. I suppose the massive layoffs last year were to remove staff members who gave half a damn about the community. The rest aren't talking but you can figure it out from how angry Merlin got. (For those who don't recognize this name, he's the guy who brought us UdonSharp and was hired to overhaul the broken Udon system when he was suddenly fired.)
@Reym Try setting up a transparent MITM proxy with a self-signed TLS cert. Your mileage might vary, given the ring-0 rootkit on the machine.
@avatarofcorn Yeah I remember that shit. I also downvoted, I think everyone did. Horrible way the platform is going honestly and it's only going to get worse. Genuinely hope they don't start putting ads in the game, but I see that as the next step. Hopefully people will protest then too.
-
so how do i rip now?
-
@Real-Visitor Is that possible to intercept pure vrca and transmit it to another folder after it has been downloaded instantly?
@Linze Idk, if it stores that file temporarily somewhere, then possibly, but not sure.
Give 90% that they store the file in ram. -
A certain mod developer says that "the encryption is being done server-side," but I don’t know what’s actually correct
Dumping RAM should give you everything. Anyone want to see if the old Ninja Ripper trick works anymore?
@chocolate It's not. That's not a good source of information.
-
A certain mod developer says that "the encryption is being done server-side," but I don’t know what’s actually correct
@chocolate
I doubt it is, there have been several clips floating around of modders and client users still easily able to rip, not to mention there was an exploit where people were using an older version of the game and they were still able to rip, this flaw in the system was quickly patched (IIRC it was within 24 hours actually)Currently investigating ways to bypass VRC's new encryption on VRCA's and VRCW's. Msg me if you have any leads
-
So... Yea, they added an encryption or custom method to load avatar bundles.
So usual methods of using AR or SARS doesn't work anymore.
What do you all think about it? (also share any news if you have any)@Real-Visitor
I have been looking into this for a few days now, was hoping someone would have a solution available, the only reason I even play VRC anymore past the EAC update was because it gave me access to an unfathomable amount of 3d assets to do as I pleased with. when I get the time I'm going to try a few methods to circumvent the encryption or maybe an alternative method for ripping from the game. Off the top of my head the best ideas I have at the moment are as follows
1:try to analyze where the models are coming from and intercept the download (ie using a network analysis tool like Wireshark)
2:maybe something simple like closing the game before the cache can encrypt (sounds ridiculous, but this IS VRchat devs we are talking about, don't rule this out)
3:Use a traditional model ripping tool such as ninja ripper or maybe even renderdoc, this method isn't ideal, because it'll be the raw output of the GPU and not a rigged character with blendshapes ect(something like this is difficult to almost impossible to patch because your GPU has to render the graphic at some point, however it is far from perfect and requires rigging as well as A TON of other work)
4:and this one is unfortunate, but we may actually have to look into bypassing the anti cheat and become client users ourselves, it's been 2 years so I'm not certain the method works anymore but I was able to get melon loader to work on Linux AFTER the easy anti cheat patch.
And finally 5: I heard multiple people mention that the game is using AES encryption, so our best course of action using this method would be to search the games files for a decryption key or maybe analyze the games network traffic and see if a key is sent to the game to decrypt the assets, once (or if) we get the key we should be able to decrypt the desired file.Something I will say off the bat right now is ripping is no longer going to be as open and simple as it once was, and the community built around it is going to take a serious hit in numbers, those that do remain are likely going to charge for their service,(more than they already do) if a method is discovered it's likely going to be gatekept for monetary gain and the only "methods" that slip through the cracks will be literal viruses and scams, and if a method does get big enough VRchat will likely step in a patch it, as it is definitely apparent they are putting an actual effort to stop rippers for once. I actually worry that the devs of the game will see forums like this and formulate ways to make our lives even harder but only time will tell.
This is where ripper boys will either become ripper men, or just give up entirely.Sorry for the blog post will update if anything works.
-
@Real-Visitor Do oculus ver or non steam version have same encryption?
-
Hope someone in the future can find a way around this, but getting around encryption is a huge pain in the ass.
-
So heartbreaking, I lost a lot of personal scratch avis due to harddrive failure and planned on cache ripping them back a few days before this encryption shit happened, but guess I procrastinated a day or two too long
-
@Beeboo Since you can use the EAC-free version, maybe you can try using an older version of the client and spoof the version numbers. It'll be a band-aid fix since the updates so far have been network compatible.
-
@Beeboo Since you can use the EAC-free version, maybe you can try using an older version of the client and spoof the version numbers. It'll be a band-aid fix since the updates so far have been network compatible.
@avatarofcorn What do you mean by EAC-free version? Where can i get it?
AFAIK there is no simple way to just get file from RAM used by certain process. All RAM dump software i ever seen is designed to capture your whole RAM space, this requires a shit ton of time to process it, and most of this software just can't get you working files in the end. What's even worse, is that VRC cached files doesn't have extensions, so it will be hard to recover them from dump.
I think that development of encryption-free client is much easier approach now. -
@Real-Visitor
I have been looking into this for a few days now, was hoping someone would have a solution available, the only reason I even play VRC anymore past the EAC update was because it gave me access to an unfathomable amount of 3d assets to do as I pleased with. when I get the time I'm going to try a few methods to circumvent the encryption or maybe an alternative method for ripping from the game. Off the top of my head the best ideas I have at the moment are as follows
1:try to analyze where the models are coming from and intercept the download (ie using a network analysis tool like Wireshark)
2:maybe something simple like closing the game before the cache can encrypt (sounds ridiculous, but this IS VRchat devs we are talking about, don't rule this out)
3:Use a traditional model ripping tool such as ninja ripper or maybe even renderdoc, this method isn't ideal, because it'll be the raw output of the GPU and not a rigged character with blendshapes ect(something like this is difficult to almost impossible to patch because your GPU has to render the graphic at some point, however it is far from perfect and requires rigging as well as A TON of other work)
4:and this one is unfortunate, but we may actually have to look into bypassing the anti cheat and become client users ourselves, it's been 2 years so I'm not certain the method works anymore but I was able to get melon loader to work on Linux AFTER the easy anti cheat patch.
And finally 5: I heard multiple people mention that the game is using AES encryption, so our best course of action using this method would be to search the games files for a decryption key or maybe analyze the games network traffic and see if a key is sent to the game to decrypt the assets, once (or if) we get the key we should be able to decrypt the desired file.Something I will say off the bat right now is ripping is no longer going to be as open and simple as it once was, and the community built around it is going to take a serious hit in numbers, those that do remain are likely going to charge for their service,(more than they already do) if a method is discovered it's likely going to be gatekept for monetary gain and the only "methods" that slip through the cracks will be literal viruses and scams, and if a method does get big enough VRchat will likely step in a patch it, as it is definitely apparent they are putting an actual effort to stop rippers for once. I actually worry that the devs of the game will see forums like this and formulate ways to make our lives even harder but only time will tell.
This is where ripper boys will either become ripper men, or just give up entirely.Sorry for the blog post will update if anything works.
