VRChat added VRCA (?maybe VRCW too) protection
-
-
AES-GCM and breaking it on nonce reuse
In this post, we will look at how the security of the AES-GCM mode of operation can be completely compromised when a nonce is reused.
frereit's blog (frereit.de)
-
M Myong referenced this topic
-
so i went out of my way and memory dumped vrchat so if anyone want to look throw it go for it https://drive.google.com/file/d/1VsTPjzQY9LgPkNshV0nZHF6O3mmfIHsF/view
-
so i went out of my way and memory dumped vrchat so if anyone want to look throw it go for it https://drive.google.com/file/d/1VsTPjzQY9LgPkNshV0nZHF6O3mmfIHsF/view
@crystaldustie can this be used to rip models again ?
-
Since VRC is a DX11 game, would it be possible to use gpu buffer rippers like NinjaRipper to extract at least the mesh & textures? Or would anticheat cause problems here?
-
AES-GCM and breaking it on nonce reuse
In this post, we will look at how the security of the AES-GCM mode of operation can be completely compromised when a nonce is reused.
frereit's blog (frereit.de)
@crystaldustie vrchat is encryted in aes gcm
-
so i went out of my way and memory dumped vrchat so if anyone want to look throw it go for it https://drive.google.com/file/d/1VsTPjzQY9LgPkNshV0nZHF6O3mmfIHsF/view
@crystaldustie how you do memory dump? there is a part i want to check
I'm bad at understanding english word
I fix .vrca stuff for free and for fun! Depending on file, every outcome and vary might be different than the original avatar has due to the toggles and much more, send me a pm if you need an avi that i can ripp (public avatar only, private still risky, unless you have the cache of those avatar you can send them over for request for fix) and fix for you or cracking a password locked avatar or send me .vrca file or vrchat avatar link through my pms!VRCHAT HAS ADDED SORT OF PROTECTION ON __DATA (aka .vrca or .vrcw) FILE, EVERY FUTURE REQUEST IS CLOSED UNTIL ALTERNATIVE PROGRAM FOR EXTRACTING FILE OUT IS MADE
-
@crystaldustie how you do memory dump? there is a part i want to check
-
and use process hacker
-
so i went out of my way and memory dumped vrchat so if anyone want to look throw it go for it https://drive.google.com/file/d/1VsTPjzQY9LgPkNshV0nZHF6O3mmfIHsF/view
@crystaldustie pretty cool, lotta data to shift through and sort. Put that bad boy in a hex editor and type "avtr" lmao. Or throw it into WinDbg.
Oh yea thought I'd share this, VRChat creates a __data file in C:\Users\username\AppData\LocalLow\Unity\Temp\
It's an avatar data file. VRChat creates it and instantly deletes it. I set permissions to not allow VRChat to delete files in that folder in hopes it might be some sorta briefly made unencrypted data file, I genuinely believe the VRChat devs would be that lazy to do something like this lol. Unfortunately file is still encrypted, though it's essential to loading the avatar.
Disable VRChat's access to the folder and the avatar throws an error bot.
-
@Reym run vrchat without eac
@crystaldustie sounds risky, do i just task kill eac as the game starts?
I'm bad at understanding english word
I fix .vrca stuff for free and for fun! Depending on file, every outcome and vary might be different than the original avatar has due to the toggles and much more, send me a pm if you need an avi that i can ripp (public avatar only, private still risky, unless you have the cache of those avatar you can send them over for request for fix) and fix for you or cracking a password locked avatar or send me .vrca file or vrchat avatar link through my pms!VRCHAT HAS ADDED SORT OF PROTECTION ON __DATA (aka .vrca or .vrcw) FILE, EVERY FUTURE REQUEST IS CLOSED UNTIL ALTERNATIVE PROGRAM FOR EXTRACTING FILE OUT IS MADE
-
@crystaldustie sounds risky, do i just task kill eac as the game starts?
-
@Reym u need to just go to vrchat main exe that is in a steam folder and launch that
@crystaldustie
That version of the game isn't very useful because from a server side perspective it doesn't even give the ok to download models that aren't yours, I guess it's ok if you need to rip models that are yours , but I checked the network traffic for this and it doesn't actually send data that isn't yours -
@Reym @crystaldustie @Dr.beep not sure if it is useful but you can still kill the EAC process post launch. still download models, go to public worlds and such. though im sure theres some background service running, however I tried poking around with Process Explorer and didnt see anything related to EAC running.
But I dont think this is useful as injections need to happen pre-launch unless someone has anything they can go off of with this?
-
Did anyone else see this? Lmao
https://youtu.be/QTq0nKzni5s?si=m4G_-t5paDo_eJtI -
Did anyone else see this? Lmao
https://youtu.be/QTq0nKzni5s?si=m4G_-t5paDo_eJtI
