VRChat added VRCA (?maybe VRCW too) protection
-
@Minako said in VRChat added VRCA (?maybe VRCW too) protection:
morals
I know y'all already stopped this conversation, but I would like to add that the "morality" statement and logic behind this is, is hella hypocritical.
It really isn't as simple as saying "Stealing people's edits of their avatars?! Heh, no. I steal from the person who created the model, but under the guise of it being sold to the public, so it's okay for me to steal months of someone else's hard work to even create the model, these people are editing. But don't you dare ever steal something someone else edited to look a certain way, or have a certain drag n drop prefab! Now, let me ride on my moral high horse into the sunset."
Stealing is stealing, period- and Booth avatar creators are not established companies. It is the literal same as stealing a singular person's work. They're literally indie workers using Booth as a platform. If you're gonna try to claim moral superiority about something, maybe that should be just not stealing anything at all.
-
how the fuck did this thread turn into whatever this nonsense is? Nobody cares about your morals on ripping/leaking, this thread is to get information on cache encryption, not your dogshit takes.
@DeepDishBussy I said this 11 days ago and it somehow is an issue AGAIN. Please stop debating morality in this thread
DM me if any of my links go down or if there's an update you need.
-
@Visaeres Bro reacted to his own comment
its not desperation its fun, and its literally just running 2 simple programs, if you dont understand this stuff just say it and leave 
-
@Visaeres Bro reacted to his own comment
its not desperation its fun, and its literally just running 2 simple programs, if you dont understand this stuff just say it and leave @StinkerGuy115 2 simple programs? may i inquire more on what you mean or what i could do for that?
-
@StinkerGuy115 2 simple programs? may i inquire more on what you mean or what i could do for that?
@LeonaTaromati I just meant like running procmon (Microsoft program) and wireshark (packet capture program). Theyre useful tools, simple to use, require knowing what your doing to get anywhere with them. I just kinda poke around with them on my free time to see what I can dig up.
-
@LeonaTaromati but in all honesty if someone is seriously dedicated theyd need to decompile the game itself
Theres so many tools for this, main one is Ghidra. Or something like il2cppdumper on github for the GameAssembly.dll. Even using a hexeditor can tell you a lot.
But the hard part comes in know what to look for and where to look. Youd have to spend some time learning how vrchat works, looking through all the decompiled code in hopes of finding something.
The answer is unknown, could be a simple little trick or it could require making a tool that decrypts the files or anything. who knows. all i know is i like tearing stuff apart and seeing how it works
-
@Minako said in VRChat added VRCA (?maybe VRCW too) protection:
morals
I know y'all already stopped this conversation, but I would like to add that the "morality" statement and logic behind this is, is hella hypocritical.
It really isn't as simple as saying "Stealing people's edits of their avatars?! Heh, no. I steal from the person who created the model, but under the guise of it being sold to the public, so it's okay for me to steal months of someone else's hard work to even create the model, these people are editing. But don't you dare ever steal something someone else edited to look a certain way, or have a certain drag n drop prefab! Now, let me ride on my moral high horse into the sunset."
Stealing is stealing, period- and Booth avatar creators are not established companies. It is the literal same as stealing a singular person's work. They're literally indie workers using Booth as a platform. If you're gonna try to claim moral superiority about something, maybe that should be just not stealing anything at all.
@brycenBA It makes perfect sense when you don’t agree with people selling models for stupid prices. Spending money on a model for a social game when you’re going to be switching it up nearly everyday or frequently, makes it a waste of money. I stand by what I said. I couldn’t care less about ripping from people that sell avatars because 1) they’re the same recycled boring models (personally they don’t even interest me) and 2) the prices are ridiculous + most of them use recycled assets or secretly kitbash, whether they get caught/exposed or not. When someone puts time and effort to make their own avatars for either themselves or the community to wear and don’t do it for money, then it’s normal to want to respect that. There’s a difference between someone’s work and people that just want to make money with the same boring looking models. Now if the models were actually unique and out of the ordinary then giving them money would be worth it, as long as the price wasn’t insane for what the model was.
Agree with it or not, it won’t change what I think and I know other people think the same.
Personally, I’ve mainly wanted assets or particles or animations on here. Rarely whole models.
This whole thing has attracted people to try and decrypt ripping which is understandable because it’s challenging, but if you people are genuinely going insane out of desperation to rip VRChat avatars and going through all this length just for that, you seriously have issues. Learn Blender and Unity and do something with all that free time that doesn’t involve spending months glued to your screen trying to break through an anti-rip just to steal models you’ll barely wear / get your accounts banned when you could be making 20 models by that time on your own instead.
-
Did anyone else see this? Lmao
[REMOVED BY ADMIN]This post is deleted! -
This post is deleted!
-
Just saw this site on the same guy, can anyone confirm if it works? I don't know where to get the key
https://uabd.eeacks.cc/ -
Just saw this site on the same guy, can anyone confirm if it works? I don't know where to get the key
https://uabd.eeacks.cc/@cheatdev No idea. Cool find but unfortunately kinda useless though as it is asking for a key which is what this entire thread has been discussing how to find.
-
@cheatdev No idea. Cool find but unfortunately kinda useless though as it is asking for a key which is what this entire thread has been discussing how to find.
@StinkerGuy115 That's sad, I have a set of avis that I want to decrypt. wish there is easy way to get keys.
-
Just saw this site on the same guy, can anyone confirm if it works? I don't know where to get the key
https://uabd.eeacks.cc/ -
assetUrl https://api.vrchat.cloud/api/1/file//2/variant/security example of what i mean vrcx is reading from
or its making an api call to find this data just and idea maybe someone with some idea can code to do this idk
{
"id": "...",
"name": "...",
"assetUrl": "...",
"unityVersion": "...",
"version": 3,
"assetVersion": {
"platform": "standalonewindows",
"assetUrl": "...",
"unityVersion": "...",
"unityPackages": [ ... ],
"plugin": {
"pluginVersion": "2020.4.XXf1",
"platform": "standalonewindows",
"encrypted": true,
"encryptionKey": "=" <--
}
}
}
so idk this just idea info -
assetUrl https://api.vrchat.cloud/api/1/file//2/variant/security example of what i mean vrcx is reading from
or its making an api call to find this data just and idea maybe someone with some idea can code to do this idk
{
"id": "...",
"name": "...",
"assetUrl": "...",
"unityVersion": "...",
"version": 3,
"assetVersion": {
"platform": "standalonewindows",
"assetUrl": "...",
"unityVersion": "...",
"unityPackages": [ ... ],
"plugin": {
"pluginVersion": "2020.4.XXf1",
"platform": "standalonewindows",
"encrypted": true,
"encryptionKey": "=" <--
}
}
}
so idk this just idea info@crystaldustie Yea unfortunately the specific TCP stream that handles the avatar download and exchange is encrypted with TLS 1.2 Meaning we would need THOSE keys too lol. I am pretty sure it uses the PhotonEncryptorPlugin.dll for the TLS encryption because it makes a bunch of calls to bcrypt.dll for key generations, HTTPS encryption and such.
But what exactly encrypts the model is likely in the GameAssembly.dll this one has stuff for AesManaged encryption/decryption and such.
-
Adding this in a second comment but just an observation. When you start up VRChat.exe and you try to load the Public avatars it still fetches them online. It still creates a __data file in your cache folder, yet the unencrypt vrca's for them are in C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars
This has been there before the encryption update. I thought they were there cause the game devs just wanted people to have models that they can use when theyre testing out stuff in the game running it directly from the exe.
Yet it still makes server requests to download them and encrypt them when theyre unencrypted and just sitting their on your PC? The game also does not use PhotonEncryptorPlugin.dll running from the exe, looking at procmon, but only calls GameAssembly.dll
Just kinda weird idk, why download the files from a server if theyre already on your PC? Why still encrypt them?
-
Okay third and final comment, this is my proposal of whats going on based on what ive observed:
GameAssembly.dll is used for model encryption locally on your machine. PhotonEncryptoPlugin.dll in conjuction with bcrypt.dll is used for TLS stream encryption and generating "public use" keys for people getting an avatar thats not theirs (wearing an avatar is what i mean).
This lines up with their new market announcement which sells the ability to use the model. It generates a key that is determined likely by the usr_id and some padding.
Basically: Are you avatar uploader? You get a more special key. Are you not? You get a public use key.
You get approval for it to load on PC, game decrypts and encrypts with functions in the GameAssembly.dll
Just my hunch from my observations, keys are likely associated with user_id. Thanks for coming to my TedTalk
