VRChat added VRCA (?maybe VRCW too) protection
-
Okay, so some more testing.
I set my cache location to secondary drive and proceeded to download quite large in file size worlds and watched SSDs activity.
I found that D drive that cache was set to was idle during download and only shows large activity spike after download is complete so files arent being put into the cache folder until they are done downloading meanwhile C the system drive was showing write speed that match my download speed during download and was showing less and less disk space during large world downloads only for that space to come back seconds after download was done.So what I did was change my router settings to severly limit my download speed and then join the largest possible world I found to allow me some time to check where the game is writing temporary file during the download.
The game stores temporary _data file in C:\Users\username\AppData\LocalLow\Unity\Temp during the download before moving it to cache folder after download is done.
I tried to copy the file to another location just as ingame download hits 100% in hopes to get it before its encrypted but it ended up still being encrypted no matter how many times I tried so either its already encrypted on server or my Core i9 is too fast and gets encryption done before file gets copied or its simply being encrypted in realtime as its written even sa temp file.
I just hope decryption key is somewhere in the game and not sent by the server to the client as getting key from the game itself is gonna be easier because game has SSL pinning which make traffic sniffing harder.
@stetamatea this gave me an idea, i am gonna try it, with the slowest device ever imaginable, with celeron cpu
, i doubt it will work -
Okay, so some more testing.
I set my cache location to secondary drive and proceeded to download quite large in file size worlds and watched SSDs activity.
I found that D drive that cache was set to was idle during download and only shows large activity spike after download is complete so files arent being put into the cache folder until they are done downloading meanwhile C the system drive was showing write speed that match my download speed during download and was showing less and less disk space during large world downloads only for that space to come back seconds after download was done.So what I did was change my router settings to severly limit my download speed and then join the largest possible world I found to allow me some time to check where the game is writing temporary file during the download.
The game stores temporary _data file in C:\Users\username\AppData\LocalLow\Unity\Temp during the download before moving it to cache folder after download is done.
I tried to copy the file to another location just as ingame download hits 100% in hopes to get it before its encrypted but it ended up still being encrypted no matter how many times I tried so either its already encrypted on server or my Core i9 is too fast and gets encryption done before file gets copied or its simply being encrypted in realtime as its written even sa temp file.
I just hope decryption key is somewhere in the game and not sent by the server to the client as getting key from the game itself is gonna be easier because game has SSL pinning which make traffic sniffing harder.
-
Okay, so some more testing.
I set my cache location to secondary drive and proceeded to download quite large in file size worlds and watched SSDs activity.
I found that D drive that cache was set to was idle during download and only shows large activity spike after download is complete so files arent being put into the cache folder until they are done downloading meanwhile C the system drive was showing write speed that match my download speed during download and was showing less and less disk space during large world downloads only for that space to come back seconds after download was done.So what I did was change my router settings to severly limit my download speed and then join the largest possible world I found to allow me some time to check where the game is writing temporary file during the download.
The game stores temporary _data file in C:\Users\username\AppData\LocalLow\Unity\Temp during the download before moving it to cache folder after download is done.
I tried to copy the file to another location just as ingame download hits 100% in hopes to get it before its encrypted but it ended up still being encrypted no matter how many times I tried so either its already encrypted on server or my Core i9 is too fast and gets encryption done before file gets copied or its simply being encrypted in realtime as its written even sa temp file.
I just hope decryption key is somewhere in the game and not sent by the server to the client as getting key from the game itself is gonna be easier because game has SSL pinning which make traffic sniffing harder.
@stetamatea After a avatar finishes downloading a randomized folder name is created along with a 1KB __data file and a __lock file. The actual data size only shows up after the avatar finishes loading in-game, which is signified by the green loading bar, not immediately after the download.
Once the avatar is marked as loaded, VRChat attempts to move the folder to the cache folder. However, I’ve prevented VRChat from doing this by denying my user permission to delete folders, subfolders, and files in the Unity temp folder—just in case it tries to do anything during the process.
In the end the data file in the temp folder is encrypted, which suggests VRChat is encrypting the data while the avatar is loading. It doesn’t seem to create an unencrypted file in that folder, unless it's stored elsewhere or the encryption is handled server-side as of now.
Cache ripping seems to be impossible now without a modified client. But even if encryption is only done on the client side and can be tampered with to prevent it, it’s only a matter of time before VRChat starts encrypting old avatars on the server when they’re requested—then storing the newly encrypted version to avoid re-encrypting it again. They might also start encrypting avatars at the time of upload going forward on the new sdk.
Eventually, it seems to me that we’ll need a decryption method no matter what. But other then that I wish you luck finding something out.
-
@Visaeres ur on a ripping website lol what did ya expect?
-
T Thisistest2 referenced this topic
-
If there was a way to directly get the package from the API, what would someone need to format their request as to get another persons avatar? or what would you need to modify in the client?
-
T Thisistest2 referenced this topic
-
T Thisistest2 referenced this topic
-
T Thisistest2 referenced this topic
-
T Thisistest2 referenced this topic
-
T Thisistest2 referenced this topic
-
Do y'all reckon it'll still make sense to keep the cache of anything we want and hold on to them until a method is found to decrypt, or would we just have to forget about it and have to download new ones when it does get figured out
@Alisan "Maybe" is all I can really say, since we have no idea what the decryption method is going to look like. It could be as simple as having a master key that works for everything, or it might be session-based, meaning you'd need to get a new one each time. The new method might not even involve decryption at all—it could just mean downloading unencrypted assets directly from VRChat (though the publicly available info on that is pretty hard to understand right now if you're just a regular person browsing). Honestly, it just depends on how much storage you have and whether you think it's worth it.
-
Do y'all reckon it'll still make sense to keep the cache of anything we want and hold on to them until a method is found to decrypt, or would we just have to forget about it and have to download new ones when it does get figured out
@Alisan I’ve been doing some more reading on the S.A.R.S (Avatar Recovery) Discord server, which is another place where people are discussing this topic in the general channel. From everything I’ve seen, there’s still no public or convenient method to bypass this—unless you use a modified client that disables encryption (which will most likely be paid for), or directly download from VRChat’s API, which isn't easy to learn without knowing someone and bannable.
People so far are not focusing on breaking or reverse engineering the decryption since VRChat is storing unencrypted files and serving them as is. As long as the avatars on VRChats end remain unencrypted then I doubt anyone will put in the effort for bypassing the decryption with such a "easy" method already found. I don't believe we’ll ever get a method as convenient as cache ripping used to be.
-
So... Yea, they added an encryption or custom method to load avatar bundles.
So usual methods of using AR or SARS doesn't work anymore.
What do you all think about it? (also share any news if you have any)@Real-Visitor
do not feel tired get up and start working on it soon you will success in that -
As far as I can tell from a few days worth of data I have collected, vrchat is using a client side AND server-side, session based encryption key. (Possibly based on the cookie used to authenticate the client with vrchat, and vrchat's servers providing a decryption key based on the files hash.)
The reasons I came to the conclusion:- The same world/avatar file having wildly different data but the same folder ID structure between downloads.
- vrchat will reuse the same cache files, but not after clearing the cache.
- vrchat will actively authenticate the files and verify the hash on the server before sending a decryption key. (Will not function in offline testing mode, but avatars uploaded yourself on your own account apparently function and can be used offline.)
-
As far as I can tell, you cannot decrypt any of the assets that are already encrypted because of the fact that the assets may be tied to a session id. (They have different encrypted data for the same exact file, but different session. I may be wrong, the __info file may be tied to it.)
The only way forward is to have some sort of mod that prevents vrchat from encrypting the cache, BUT you have to bypass any security features to keep from being detected.I suspect that vrchat is utilizing session based encryption and using something in the __info file to encrypt it as there is a large numerical number that changes each download.
-
Again, or just get avatars the normal way instead of putting so much effort into stealing avatars from a user in game lol
@Visaeres so real, stealing people's personal edits is weird anyway. and yeah yeah, ripping site, im aware. i obtain assets for free on here, or avatars that were sold to the public, but not people's personal work, just stop being lazy, learn how to use blender, and make your own edits with the assets you obtain lol
p u p p y ꒰ᐢ. .ᐢ꒱₊˚⊹
-
@Visaeres so real, stealing people's personal edits is weird anyway. and yeah yeah, ripping site, im aware. i obtain assets for free on here, or avatars that were sold to the public, but not people's personal work, just stop being lazy, learn how to use blender, and make your own edits with the assets you obtain lol
-
@Visaeres so real, stealing people's personal edits is weird anyway. and yeah yeah, ripping site, im aware. i obtain assets for free on here, or avatars that were sold to the public, but not people's personal work, just stop being lazy, learn how to use blender, and make your own edits with the assets you obtain lol
@c0tt0nc4ndy Can i have your personal works? I'm too lazy to make anything.
-
@Visaeres so real, stealing people's personal edits is weird anyway. and yeah yeah, ripping site, im aware. i obtain assets for free on here, or avatars that were sold to the public, but not people's personal work, just stop being lazy, learn how to use blender, and make your own edits with the assets you obtain lol
@c0tt0nc4ndy i agree with you guys re: personals but man do i already miss ripping public versions of bases i want to use lol. and i was just procrastinating grabbing old avatars off my own account so i could reuse the textures and remake them but without my ex's name on them... waited like a day too long. shit sucks.
-
Right? It’s one thing to rip models that are overpriced or sold by people that steal assets but it’s another thing to rip customs/edits from the game itself. If anything, I’m actually glad VRChat finally put an halt to it. The only bad thing is they probably did this because they intent on having an avatars market in-game or something, outside of the pre-existing currency thing they released a while back.
