VRChat added VRCA (?maybe VRCW too) protection
-
Hey, why don't we go back to what the first rippers did?
i.e. use second life to make an avatar there and rip it and port it to unity and then to vrchat ?
i really feel that we have to go back to that
or look for a new method to bypass the aes encryption. -
this is all that its know atm:
some people got around it
you have to modify the client
the file responsible for the encryption might be "vrc_fast_crypto.dll" in the plugins folder.
dm me for further info@dobyp
There is waiting for a modified DLL file to replace it, but unlikely we can do by self except expert of decompiled/reverse field who masters assembly code.
I have a little bit of disassembly relevant knowledge, as far as I know, I used to do what about using dll patch to bypass the protection of Genshin Impact so that you can do smth like injecting cheats or allowing modified clients to connect to the private game server.
I don’t know whether they have some common ‘cause GI needs like ll2CppDumer to get dll file info then gets them into some reverse analysis software like IDA Pro, the remaining thing I have no idea about them.
So ugh the basic idea is probably that replacing dll file to make encryption doesn’t work.Free sharing is a costly charity.
Once sharing becomes others' resale, that's a monopoly. -
Someone in the ARC discord said this "the fast_crypto.dll does nothing but work for udon and p2p encryption" I suspect this isn't related or the file at least is not responsible for the encryption.
-
@LeonKennedy that is such a interesting info
there is new file whenever you open the cache-windows, called vrc-version, i not sure what it is, back then it was not a thing, maybe they are used for decryption? Like sort of authetication
New or old file appear in plugin folder called mediapipe_c and lib_burst_generated, how do i check dll?
-
i've reversed the dll myself, and it's in fact not related to the avatar encryption, but it's known that everything happens on memory.
If you know about reverse engineering we could create a discord group to help each other, if you are interested dm me.
-
Touching the client is resource intensive. I believe that going around it by bumping TLS or getting bundles from the CDN is our best bet yet.
-
there is multiple people who have a working method i dont know it myself but i would like the eac bypass because i could probably make a melon loader mod to do it
-
I may be wrong (I don't think so though) but I just ripped an avatar just fine I know that with the newest sdk 3.8 or something they have detections for ripped avis so if you import an avatar it's got to be renamed and all folders need to be moved and renamed to trick it into thinking it's normal. It really pissed me off but it doesn't seem to be impossible, took me a bit but def. doable.
I wasn't able to rip with UTiny like the old days but I have an old bit of software that for my continued use will not be naming but FYI I believe you can. -
Can I ask where you heard about the ripping detections for sdk 3.8? If this is true, that is very frustrating
-
I don't know much about the ripping detection, but recently I ran into a public avatar that in their radial wheel they had a toggle which stated "I know when you rip this avatar" and in the description it outed 2-3 people that have before. But that's as far as I've heard about it
-
I don't know much about the ripping detection, but recently I ran into a public avatar that in their radial wheel they had a toggle which stated "I know when you rip this avatar" and in the description it outed 2-3 people that have before. But that's as far as I've heard about it
@mrblueskelly That sounds more like the original creator found the ripped versions, could be a user thats part of a small community/fandom that got told about their model getting ripped or the people who ripped the model making their versions public since thats what i generally see happen
-
Yeah that sounds more likely honestly, the only "ripping detection" I've heard about is Gonzo which in my opinion the weirdest shit, on the creator side of things I wouldn't touch it with a 10ft pole
-
If anyone knows/finds a way to decrypt encrypted vrcw/world __data files, or a workaround to download/extract the unencrypted files before they're encrypted, please let me know (preferably without requiring a modified VRChat client). Or if someone doesn't want to share how to do it but is willing to provide at least 1 specific unencrypted world file (I have ~40 that I saved from before the update, but not of some worlds that I'm interested in).
-
V vrchat_account referenced this topic
-
V vrchat_account referenced this topic
-
Thread for sharing unencrypted cached world files from before the update:
https://forum.ripper.store/topic/56387/share-any-unencrypted-before-vrchat-update-world-cache-files-__data-vrcw-here -
So few things I discovered from my analysis.
-
For now encryption is client side and assets are encrypted only after they are downloaded
-
Seems they are using AES which is very strong BUT the game has to have a key to decrypt it so just like with Unreal Engine PAK files it should be possible to eventually find where the key is and get it, there are three possibilities, one is that key is hardcoded into the game and is same for all users, second is that key is derived from some sort of unique ID like HWID so that every user has different key (I have yet to test it by transfering cache to another PC) third option is that the decrpytion key isnt even in the game at all and that its sent by the server upon loading into the world.
-
Using Fiddler doesnt work as game seems to use SSL Pinning so when running network sniffing asset related connections are rejected, Fiddler used to work few years ago for getting VRCA and VRCW files from CDN but looks like thats now fixed and VRCX JSON asset URL field is empty and even if you get the URL to asset on CDN connection is rejected because its expecting VRC user agent and auth key, it should be possible to spoof VRC user agent and somehow get users auth key but I havent tried that
I think SARS already does that but I havent tested it for now. -
Even tho encryption is currently done client side its possible that in the future any new uploads of bundles might be encrypted upon upload either in SDK or on server after upload.
Whats already unencrypted on CDN will probably stay that way because it would be very hard on servers CPUs to go and encrypt all the old content but future content is uncertian.
I still gotta check if there is some sort of temp file during encryption process but Im gonna have to do that on old laptop since my main desktop is done with encryption in less than a second while old laptop I dug up freezes for a few seconds during encryption after download is done so I might try killing the game during that process
-
-
Okay, so some more testing.
I set my cache location to secondary drive and proceeded to download quite large in file size worlds and watched SSDs activity.
I found that D drive that cache was set to was idle during download and only shows large activity spike after download is complete so files arent being put into the cache folder until they are done downloading meanwhile C the system drive was showing write speed that match my download speed during download and was showing less and less disk space during large world downloads only for that space to come back seconds after download was done.So what I did was change my router settings to severly limit my download speed and then join the largest possible world I found to allow me some time to check where the game is writing temporary file during the download.
The game stores temporary _data file in C:\Users\username\AppData\LocalLow\Unity\Temp during the download before moving it to cache folder after download is done.
I tried to copy the file to another location just as ingame download hits 100% in hopes to get it before its encrypted but it ended up still being encrypted no matter how many times I tried so either its already encrypted on server or my Core i9 is too fast and gets encryption done before file gets copied or its simply being encrypted in realtime as its written even sa temp file.
I just hope decryption key is somewhere in the game and not sent by the server to the client as getting key from the game itself is gonna be easier because game has SSL pinning which make traffic sniffing harder.
