VRChat added VRCA (?maybe VRCW too) protection
-
AES-GCM and breaking it on nonce reuse
In this post, we will look at how the security of the AES-GCM mode of operation can be completely compromised when a nonce is reused.
frereit's blog (frereit.de)
@crystaldustie vrchat is encryted in aes gcm
-
so i went out of my way and memory dumped vrchat so if anyone want to look throw it go for it https://drive.google.com/file/d/1VsTPjzQY9LgPkNshV0nZHF6O3mmfIHsF/view
@crystaldustie how you do memory dump? there is a part i want to check
I'm bad at understanding english word
I fix .vrca stuff for free and for fun! Depending on file, every outcome and vary might be different than the original avatar has due to the toggles and much more, send me a pm if you need an avi that i can ripp (public avatar only, private still risky, unless you have the cache of those avatar you can send them over for request for fix) and fix for you or cracking a password locked avatar or send me .vrca file or vrchat avatar link through my pms!VRCHAT HAS ADDED SORT OF PROTECTION ON __DATA (aka .vrca or .vrcw) FILE, EVERY FUTURE REQUEST IS CLOSED UNTIL ALTERNATIVE PROGRAM FOR EXTRACTING FILE OUT IS MADE
-
@crystaldustie how you do memory dump? there is a part i want to check
-
and use process hacker
-
so i went out of my way and memory dumped vrchat so if anyone want to look throw it go for it https://drive.google.com/file/d/1VsTPjzQY9LgPkNshV0nZHF6O3mmfIHsF/view
@crystaldustie pretty cool, lotta data to shift through and sort. Put that bad boy in a hex editor and type "avtr" lmao. Or throw it into WinDbg.
Oh yea thought I'd share this, VRChat creates a __data file in C:\Users\username\AppData\LocalLow\Unity\Temp\
It's an avatar data file. VRChat creates it and instantly deletes it. I set permissions to not allow VRChat to delete files in that folder in hopes it might be some sorta briefly made unencrypted data file, I genuinely believe the VRChat devs would be that lazy to do something like this lol. Unfortunately file is still encrypted, though it's essential to loading the avatar.
Disable VRChat's access to the folder and the avatar throws an error bot.
-
@Reym run vrchat without eac
@crystaldustie sounds risky, do i just task kill eac as the game starts?
I'm bad at understanding english word
I fix .vrca stuff for free and for fun! Depending on file, every outcome and vary might be different than the original avatar has due to the toggles and much more, send me a pm if you need an avi that i can ripp (public avatar only, private still risky, unless you have the cache of those avatar you can send them over for request for fix) and fix for you or cracking a password locked avatar or send me .vrca file or vrchat avatar link through my pms!VRCHAT HAS ADDED SORT OF PROTECTION ON __DATA (aka .vrca or .vrcw) FILE, EVERY FUTURE REQUEST IS CLOSED UNTIL ALTERNATIVE PROGRAM FOR EXTRACTING FILE OUT IS MADE
-
@crystaldustie sounds risky, do i just task kill eac as the game starts?
-
@Reym u need to just go to vrchat main exe that is in a steam folder and launch that
@crystaldustie
That version of the game isn't very useful because from a server side perspective it doesn't even give the ok to download models that aren't yours, I guess it's ok if you need to rip models that are yours , but I checked the network traffic for this and it doesn't actually send data that isn't yours -
@Reym @crystaldustie @Dr.beep not sure if it is useful but you can still kill the EAC process post launch. still download models, go to public worlds and such. though im sure theres some background service running, however I tried poking around with Process Explorer and didnt see anything related to EAC running.
But I dont think this is useful as injections need to happen pre-launch unless someone has anything they can go off of with this?
-
Did anyone else see this? Lmao
https://youtu.be/QTq0nKzni5s?si=m4G_-t5paDo_eJtI -
Did anyone else see this? Lmao
https://youtu.be/QTq0nKzni5s?si=m4G_-t5paDo_eJtI -
@StinkerGuy115 lmao what is that
@DeepDishBussy No idea some dude ig showing that they can still rip models post encryption patch. Was poking around google and came across it.
-
I think the video may have been satirical based on the description
DM me if any of my links go down or if there's an update you need.
-
I think the video may have been satirical based on the description
@DeepDishBussy Honestly I agree, like some edgelord posting their clips of them using a client.
Been really interested in this whole thing myself. I ran wireshark with procmon and compared them to the Output log txt file in the LocalLow folder for VRChat so i can get time stamps of what happens.
There are several servers VRChat communicates with for like authentication. From what it looks like, it seems it just kinda is reading and confirming with a server as it's downloading the files. You find that it repeatedly is checking with a server while it is reading from the __data file.
I did a TCP stream follow of one of the addresses it was communicating with and I saw it initializes by communicating with a "photonengine.io" then it goes to a site called "http://www.digicert.com" and another one by the domain of rapidssl.com
VRChat also around this phase is repeatedly interacting with the PhotoEncryptorPlugin.dll while reading from the __data files in the cache folder. I dont know if any of this is user authentication or actual encryption of the files themself. Can reverse engineer the dll with Ghidra, or just pop it into a hex editor lol.
-
@Minako said in VRChat added VRCA (?maybe VRCW too) protection:
morals
I know y'all already stopped this conversation, but I would like to add that the "morality" statement and logic behind this is, is hella hypocritical.
It really isn't as simple as saying "Stealing people's edits of their avatars?! Heh, no. I steal from the person who created the model, but under the guise of it being sold to the public, so it's okay for me to steal months of someone else's hard work to even create the model, these people are editing. But don't you dare ever steal something someone else edited to look a certain way, or have a certain drag n drop prefab! Now, let me ride on my moral high horse into the sunset."
Stealing is stealing, period- and Booth avatar creators are not established companies. It is the literal same as stealing a singular person's work. They're literally indie workers using Booth as a platform. If you're gonna try to claim moral superiority about something, maybe that should be just not stealing anything at all.
-
@Minako said in VRChat added VRCA (?maybe VRCW too) protection:
morals
I know y'all already stopped this conversation, but I would like to add that the "morality" statement and logic behind this is, is hella hypocritical.
It really isn't as simple as saying "Stealing people's edits of their avatars?! Heh, no. I steal from the person who created the model, but under the guise of it being sold to the public, so it's okay for me to steal months of someone else's hard work to even create the model, these people are editing. But don't you dare ever steal something someone else edited to look a certain way, or have a certain drag n drop prefab! Now, let me ride on my moral high horse into the sunset."
Stealing is stealing, period- and Booth avatar creators are not established companies. It is the literal same as stealing a singular person's work. They're literally indie workers using Booth as a platform. If you're gonna try to claim moral superiority about something, maybe that should be just not stealing anything at all.
-
how the fuck did this thread turn into whatever this nonsense is? Nobody cares about your morals on ripping/leaking, this thread is to get information on cache encryption, not your dogshit takes.
@DeepDishBussy I said this 11 days ago and it somehow is an issue AGAIN. Please stop debating morality in this thread
DM me if any of my links go down or if there's an update you need.
-
@Visaeres Bro reacted to his own comment
its not desperation its fun, and its literally just running 2 simple programs, if you dont understand this stuff just say it and leave 
