VRChat added VRCA (?maybe VRCW too) protection

As far as I can tell from a few days worth of data I have collected, vrchat is using a client side AND server-side, session based encryption key. (Possibly based on the cookie used to authenticate the client with vrchat, and vrchat's servers providing a decryption key based on the files hash.)
The reasons I came to the conclusion:

1. The same world/avatar file having wildly different data but the same folder ID structure between downloads.
2. vrchat will reuse the same cache files, but not after clearing the cache.
3. vrchat will actively authenticate the files and verify the hash on the server before sending a decryption key. (Will not function in offline testing mode, but avatars uploaded yourself on your own account apparently function and can be used offline.)

As far as I can tell, you cannot decrypt any of the assets that are already encrypted because of the fact that the assets may be tied to a session id. (They have different encrypted data for the same exact file, but different session. I may be wrong, the __info file may be tied to it.)
The only way forward is to have some sort of mod that prevents vrchat from encrypting the cache, BUT you have to bypass any security features to keep from being detected.

I suspect that vrchat is utilizing session based encryption and using something in the __info file to encrypt it as there is a large numerical number that changes each download.