VRChat added VRCA (?maybe VRCW too) protection

ExistingGod

This post is deleted!

ExistingGod

This post is deleted!

CodeAngel

Please stick to the original topic, thanks

cheatdev

Just saw this site on the same guy, can anyone confirm if it works? I don't know where to get the key
https://uabd.eeacks.cc/

StinkerGuy115

@cheatdev No idea. Cool find but unfortunately kinda useless though as it is asking for a key which is what this entire thread has been discussing how to find.

cheatdev

@StinkerGuy115 That's sad, I have a set of avis that I want to decrypt. wish there is easy way to get keys.

crystaldustie

@cheatdev only works for your won avatars or aka the __data keys VRCX IS THe only thing u can use to get your own keys mainly

crystaldustie

assetUrl https://api.vrchat.cloud/api/1/file//2/variant/security example of what i mean vrcx is reading from

or its making an api call to find this data just and idea maybe someone with some idea can code to do this idk
{
"id": "...",
"name": "...",
"assetUrl": "...",
"unityVersion": "...",
"version": 3,
"assetVersion": {
"platform": "standalonewindows",
"assetUrl": "...",
"unityVersion": "...",
"unityPackages": [ ... ],
"plugin": {
"pluginVersion": "2020.4.XXf1",
"platform": "standalonewindows",
"encrypted": true,
"encryptionKey": "=" <--
}
}
}
so idk this just idea info

StinkerGuy115

@crystaldustie Yea unfortunately the specific TCP stream that handles the avatar download and exchange is encrypted with TLS 1.2 Meaning we would need THOSE keys too lol. I am pretty sure it uses the PhotonEncryptorPlugin.dll for the TLS encryption because it makes a bunch of calls to bcrypt.dll for key generations, HTTPS encryption and such.

But what exactly encrypts the model is likely in the GameAssembly.dll this one has stuff for AesManaged encryption/decryption and such.

StinkerGuy115

Adding this in a second comment but just an observation. When you start up VRChat.exe and you try to load the Public avatars it still fetches them online. It still creates a __data file in your cache folder, yet the unencrypt vrca's for them are in C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat_Data\StreamingAssets\Avatars

This has been there before the encryption update. I thought they were there cause the game devs just wanted people to have models that they can use when theyre testing out stuff in the game running it directly from the exe.

Yet it still makes server requests to download them and encrypt them when theyre unencrypted and just sitting their on your PC? The game also does not use PhotonEncryptorPlugin.dll running from the exe, looking at procmon, but only calls GameAssembly.dll

Just kinda weird idk, why download the files from a server if theyre already on your PC? Why still encrypt them?

StinkerGuy115

Okay third and final comment, this is my proposal of whats going on based on what ive observed:

GameAssembly.dll is used for model encryption locally on your machine. PhotonEncryptoPlugin.dll in conjuction with bcrypt.dll is used for TLS stream encryption and generating "public use" keys for people getting an avatar thats not theirs (wearing an avatar is what i mean).

This lines up with their new market announcement which sells the ability to use the model. It generates a key that is determined likely by the usr_id and some padding.

Basically: Are you avatar uploader? You get a more special key. Are you not? You get a public use key.

You get approval for it to load on PC, game decrypts and encrypts with functions in the GameAssembly.dll

Just my hunch from my observations, keys are likely associated with user_id. Thanks for coming to my TedTalk