VRChat added VRCA (?maybe VRCW too) protection
-
@Real-Visitor Do oculus ver or non steam version have same encryption?
-
Hope someone in the future can find a way around this, but getting around encryption is a huge pain in the ass.
-
So heartbreaking, I lost a lot of personal scratch avis due to harddrive failure and planned on cache ripping them back a few days before this encryption shit happened, but guess I procrastinated a day or two too long
-
@Beeboo Since you can use the EAC-free version, maybe you can try using an older version of the client and spoof the version numbers. It'll be a band-aid fix since the updates so far have been network compatible.
-
@Beeboo Since you can use the EAC-free version, maybe you can try using an older version of the client and spoof the version numbers. It'll be a band-aid fix since the updates so far have been network compatible.
@avatarofcorn What do you mean by EAC-free version? Where can i get it?
AFAIK there is no simple way to just get file from RAM used by certain process. All RAM dump software i ever seen is designed to capture your whole RAM space, this requires a shit ton of time to process it, and most of this software just can't get you working files in the end. What's even worse, is that VRC cached files doesn't have extensions, so it will be hard to recover them from dump.
I think that development of encryption-free client is much easier approach now. -
@Real-Visitor
I have been looking into this for a few days now, was hoping someone would have a solution available, the only reason I even play VRC anymore past the EAC update was because it gave me access to an unfathomable amount of 3d assets to do as I pleased with. when I get the time I'm going to try a few methods to circumvent the encryption or maybe an alternative method for ripping from the game. Off the top of my head the best ideas I have at the moment are as follows
1:try to analyze where the models are coming from and intercept the download (ie using a network analysis tool like Wireshark)
2:maybe something simple like closing the game before the cache can encrypt (sounds ridiculous, but this IS VRchat devs we are talking about, don't rule this out)
3:Use a traditional model ripping tool such as ninja ripper or maybe even renderdoc, this method isn't ideal, because it'll be the raw output of the GPU and not a rigged character with blendshapes ect(something like this is difficult to almost impossible to patch because your GPU has to render the graphic at some point, however it is far from perfect and requires rigging as well as A TON of other work)
4:and this one is unfortunate, but we may actually have to look into bypassing the anti cheat and become client users ourselves, it's been 2 years so I'm not certain the method works anymore but I was able to get melon loader to work on Linux AFTER the easy anti cheat patch.
And finally 5: I heard multiple people mention that the game is using AES encryption, so our best course of action using this method would be to search the games files for a decryption key or maybe analyze the games network traffic and see if a key is sent to the game to decrypt the assets, once (or if) we get the key we should be able to decrypt the desired file.Something I will say off the bat right now is ripping is no longer going to be as open and simple as it once was, and the community built around it is going to take a serious hit in numbers, those that do remain are likely going to charge for their service,(more than they already do) if a method is discovered it's likely going to be gatekept for monetary gain and the only "methods" that slip through the cracks will be literal viruses and scams, and if a method does get big enough VRchat will likely step in a patch it, as it is definitely apparent they are putting an actual effort to stop rippers for once. I actually worry that the devs of the game will see forums like this and formulate ways to make our lives even harder but only time will tell.
This is where ripper boys will either become ripper men, or just give up entirely.Sorry for the blog post will update if anything works.
-
@Beeboo
1:try to analyze where the models are coming from and intercept the download (ie using a network analysis tool like Wireshark)
It should be inside the AvatarApi object, which represents the api response, there is assetUrl field that should point to a s3 url. I ignore if there are security on aws side, or if the files themselves are encrypted.
I was able to get melon loader to work on Linux AFTER the easy anti cheat patch.
Were you able to play online? join instances etc
-
@Beeboo
1:try to analyze where the models are coming from and intercept the download (ie using a network analysis tool like Wireshark)
It should be inside the AvatarApi object, which represents the api response, there is assetUrl field that should point to a s3 url. I ignore if there are security on aws side, or if the files themselves are encrypted.
I was able to get melon loader to work on Linux AFTER the easy anti cheat patch.
Were you able to play online? join instances etc
-
@Beeboo so you found potential bypass to get data again?
I'm bad at understanding english word
I fix .vrca stuff for free and for fun! Depending on file, every outcome and vary might be different than the original avatar has due to the toggles and much more, send me a pm if you need an avi that i can ripp (public avatar only, private still risky, unless you have the cache of those avatar you can send them over for request for fix) and fix for you or cracking a password locked avatar or send me .vrca file or vrchat avatar link through my pms!VRCHAT HAS ADDED SORT OF PROTECTION ON __DATA (aka .vrca or .vrcw) FILE, EVERY FUTURE REQUEST IS CLOSED UNTIL ALTERNATIVE PROGRAM FOR EXTRACTING FILE OUT IS MADE
-
@Reym I know of an anti cheat bypass, but I currently can't rip models, using Linux still works as an anti cheat bypass however the game randomly kicks you after a few minutes due to some type of checksum the cheat software runs. We may need to look into buying a Direct memory access board (DMA) Cheaters use them in games like fortnite and while I myself have no desire to cheat in a game played for fun, for the purpose of ripping I might invest in it
-
Hey, why don't we go back to what the first rippers did?
i.e. use second life to make an avatar there and rip it and port it to unity and then to vrchat ?
i really feel that we have to go back to that
or look for a new method to bypass the aes encryption. -
this is all that its know atm:
some people got around it
you have to modify the client
the file responsible for the encryption might be "vrc_fast_crypto.dll" in the plugins folder.
dm me for further info@dobyp
There is waiting for a modified DLL file to replace it, but unlikely we can do by self except expert of decompiled/reverse field who masters assembly code.
I have a little bit of disassembly relevant knowledge, as far as I know, I used to do what about using dll patch to bypass the protection of Genshin Impact so that you can do smth like injecting cheats or allowing modified clients to connect to the private game server.
I don’t know whether they have some common ‘cause GI needs like ll2CppDumer to get dll file info then gets them into some reverse analysis software like IDA Pro, the remaining thing I have no idea about them.
So ugh the basic idea is probably that replacing dll file to make encryption doesn’t work. -
Someone in the ARC discord said this "the fast_crypto.dll does nothing but work for udon and p2p encryption" I suspect this isn't related or the file at least is not responsible for the encryption.
-
@LeonKennedy that is such a interesting info
there is new file whenever you open the cache-windows, called vrc-version, i not sure what it is, back then it was not a thing, maybe they are used for decryption? Like sort of authetication
New or old file appear in plugin folder called mediapipe_c and lib_burst_generated, how do i check dll?
-
i've reversed the dll myself, and it's in fact not related to the avatar encryption, but it's known that everything happens on memory.
If you know about reverse engineering we could create a discord group to help each other, if you are interested dm me.
-
Touching the client is resource intensive. I believe that going around it by bumping TLS or getting bundles from the CDN is our best bet yet.
