VRChat added VRCA (?maybe VRCW too) protection
-
A certain mod developer says that "the encryption is being done server-side," but I don’t know what’s actually correct
Dumping RAM should give you everything. Anyone want to see if the old Ninja Ripper trick works anymore?
@chocolate It's not. That's not a good source of information.
-
A certain mod developer says that "the encryption is being done server-side," but I don’t know what’s actually correct
@chocolate
I doubt it is, there have been several clips floating around of modders and client users still easily able to rip, not to mention there was an exploit where people were using an older version of the game and they were still able to rip, this flaw in the system was quickly patched (IIRC it was within 24 hours actually) -
So... Yea, they added an encryption or custom method to load avatar bundles.
So usual methods of using AR or SARS doesn't work anymore.
What do you all think about it? (also share any news if you have any)@Real-Visitor
I have been looking into this for a few days now, was hoping someone would have a solution available, the only reason I even play VRC anymore past the EAC update was because it gave me access to an unfathomable amount of 3d assets to do as I pleased with. when I get the time I'm going to try a few methods to circumvent the encryption or maybe an alternative method for ripping from the game. Off the top of my head the best ideas I have at the moment are as follows
1:try to analyze where the models are coming from and intercept the download (ie using a network analysis tool like Wireshark)
2:maybe something simple like closing the game before the cache can encrypt (sounds ridiculous, but this IS VRchat devs we are talking about, don't rule this out)
3:Use a traditional model ripping tool such as ninja ripper or maybe even renderdoc, this method isn't ideal, because it'll be the raw output of the GPU and not a rigged character with blendshapes ect(something like this is difficult to almost impossible to patch because your GPU has to render the graphic at some point, however it is far from perfect and requires rigging as well as A TON of other work)
4:and this one is unfortunate, but we may actually have to look into bypassing the anti cheat and become client users ourselves, it's been 2 years so I'm not certain the method works anymore but I was able to get melon loader to work on Linux AFTER the easy anti cheat patch.
And finally 5: I heard multiple people mention that the game is using AES encryption, so our best course of action using this method would be to search the games files for a decryption key or maybe analyze the games network traffic and see if a key is sent to the game to decrypt the assets, once (or if) we get the key we should be able to decrypt the desired file.Something I will say off the bat right now is ripping is no longer going to be as open and simple as it once was, and the community built around it is going to take a serious hit in numbers, those that do remain are likely going to charge for their service,(more than they already do) if a method is discovered it's likely going to be gatekept for monetary gain and the only "methods" that slip through the cracks will be literal viruses and scams, and if a method does get big enough VRchat will likely step in a patch it, as it is definitely apparent they are putting an actual effort to stop rippers for once. I actually worry that the devs of the game will see forums like this and formulate ways to make our lives even harder but only time will tell.
This is where ripper boys will either become ripper men, or just give up entirely.Sorry for the blog post will update if anything works.
-
@Real-Visitor Do oculus ver or non steam version have same encryption?
-
Hope someone in the future can find a way around this, but getting around encryption is a huge pain in the ass.
-
So heartbreaking, I lost a lot of personal scratch avis due to harddrive failure and planned on cache ripping them back a few days before this encryption shit happened, but guess I procrastinated a day or two too long
-
@Beeboo Since you can use the EAC-free version, maybe you can try using an older version of the client and spoof the version numbers. It'll be a band-aid fix since the updates so far have been network compatible.
-
@Beeboo Since you can use the EAC-free version, maybe you can try using an older version of the client and spoof the version numbers. It'll be a band-aid fix since the updates so far have been network compatible.
@avatarofcorn What do you mean by EAC-free version? Where can i get it?
AFAIK there is no simple way to just get file from RAM used by certain process. All RAM dump software i ever seen is designed to capture your whole RAM space, this requires a shit ton of time to process it, and most of this software just can't get you working files in the end. What's even worse, is that VRC cached files doesn't have extensions, so it will be hard to recover them from dump.
I think that development of encryption-free client is much easier approach now. -
@Real-Visitor
I have been looking into this for a few days now, was hoping someone would have a solution available, the only reason I even play VRC anymore past the EAC update was because it gave me access to an unfathomable amount of 3d assets to do as I pleased with. when I get the time I'm going to try a few methods to circumvent the encryption or maybe an alternative method for ripping from the game. Off the top of my head the best ideas I have at the moment are as follows
1:try to analyze where the models are coming from and intercept the download (ie using a network analysis tool like Wireshark)
2:maybe something simple like closing the game before the cache can encrypt (sounds ridiculous, but this IS VRchat devs we are talking about, don't rule this out)
3:Use a traditional model ripping tool such as ninja ripper or maybe even renderdoc, this method isn't ideal, because it'll be the raw output of the GPU and not a rigged character with blendshapes ect(something like this is difficult to almost impossible to patch because your GPU has to render the graphic at some point, however it is far from perfect and requires rigging as well as A TON of other work)
4:and this one is unfortunate, but we may actually have to look into bypassing the anti cheat and become client users ourselves, it's been 2 years so I'm not certain the method works anymore but I was able to get melon loader to work on Linux AFTER the easy anti cheat patch.
And finally 5: I heard multiple people mention that the game is using AES encryption, so our best course of action using this method would be to search the games files for a decryption key or maybe analyze the games network traffic and see if a key is sent to the game to decrypt the assets, once (or if) we get the key we should be able to decrypt the desired file.Something I will say off the bat right now is ripping is no longer going to be as open and simple as it once was, and the community built around it is going to take a serious hit in numbers, those that do remain are likely going to charge for their service,(more than they already do) if a method is discovered it's likely going to be gatekept for monetary gain and the only "methods" that slip through the cracks will be literal viruses and scams, and if a method does get big enough VRchat will likely step in a patch it, as it is definitely apparent they are putting an actual effort to stop rippers for once. I actually worry that the devs of the game will see forums like this and formulate ways to make our lives even harder but only time will tell.
This is where ripper boys will either become ripper men, or just give up entirely.Sorry for the blog post will update if anything works.
-
@Beeboo
1:try to analyze where the models are coming from and intercept the download (ie using a network analysis tool like Wireshark)
It should be inside the AvatarApi object, which represents the api response, there is assetUrl field that should point to a s3 url. I ignore if there are security on aws side, or if the files themselves are encrypted.
I was able to get melon loader to work on Linux AFTER the easy anti cheat patch.
Were you able to play online? join instances etc
-
@Beeboo
1:try to analyze where the models are coming from and intercept the download (ie using a network analysis tool like Wireshark)
It should be inside the AvatarApi object, which represents the api response, there is assetUrl field that should point to a s3 url. I ignore if there are security on aws side, or if the files themselves are encrypted.
I was able to get melon loader to work on Linux AFTER the easy anti cheat patch.
Were you able to play online? join instances etc
-
@Reym I know of an anti cheat bypass, but I currently can't rip models, using Linux still works as an anti cheat bypass however the game randomly kicks you after a few minutes due to some type of checksum the cheat software runs. We may need to look into buying a Direct memory access board (DMA) Cheaters use them in games like fortnite and while I myself have no desire to cheat in a game played for fun, for the purpose of ripping I might invest in it
-
Hey, why don't we go back to what the first rippers did?
i.e. use second life to make an avatar there and rip it and port it to unity and then to vrchat ?
i really feel that we have to go back to that
or look for a new method to bypass the aes encryption.