Farewell post

farewell, godspeed to you and your journeys

it's good to have many methods, i'm glad we're finding so many consistent ones

@idkjustacat as far as i can tell, it's possible but highly unlikely if you were to create a completely new project and rename anything important. your idea would probably work for the most part

not sure though, try it if you're interested; i'm always open to taking a look at unitypackages that are signed by payhip in efforts to discover what specifically they're doing

@idkjustacat technically, you can mine specific assets; i just wouldn't put them back into the original unitypackage and instead build your own entirely

i admit i've been absent on researching payhip's method for a bit, but it regardless of what methods you use they cannot inject data that will remain injected if you were to take an FBX from unity to blender, modify it, and re-export it; as for the unitypackage itself i wouldn't be so sure that bypasses as the data payhip injects seems to be in an unused, but still persistent block of the byte data

there are ways to make a system that can persist tracking through this, but i highly doubt payhip is putting that much effort into theirs

ultimately, don't really take my word as the bible for anything - i'm still trying to verifiably figure out how payhip's thing works but don't have a lot of testing packages to go off of

can't believe i originally went the most complicated route instead of just throwing a brick at Unity through task manager lmao

good find, bravo

a rant for the rant

it's becoming a standard to use ThirdSDK or private uploader services directly for avatars that are in no way representative of their price tag - it's a bit comedic that a lot of the "ToS" or "commercial usage" licensing creators list on their store page doesn't actually come with a verifiable license file, tag, or signature; so they cannot be claimed as legal, original creations unless it's the creator of the kitbashed asset

or how about using systems that obfuscate the meshes? (i think we all know of a pretty prolific one on this site)
which rides the line of privacy, as such scripts have access to your filesystem and ping licensing servers you may not even know exist

lack of education on the topics, and an abundance of indifference/complacency plague the entire avatar creation community; it's sad that over the years we've allowed it to happen just to see the same asset on 5 avatars released hours after each other

@cxward you can enable shadowcopy in two ways:

• opening services.msc ( Win + R > type services.msc )
• scroll down and locate Volume Shadow Copy
• double click (or right click > properties) and set the startup type to automatic
• right click and start the service

on some systems that may not have the service, like Home, you can enable System Protection (which uses and enables the shadowcopy service):

• open Control Panel
• navigate to System > Advanced System Settings > System Protection
• select your Windows (C) drive
• click Configure
• turn on System Protection and set it to 5%
• click create

your system may need a reboot afterwards, but shadowcopy should be enabled - I run shadowcopy using the service on Windows 10 Pro, so I can a least confirm that works

many such cases.

@horsedraught Godfall makes extensive use of UV Tile Dissolve when overlaying clothes onto the body; allowing Poiyomi to discard vertices and "hide" the selected part entirely

unlock the Body material (Body_GodfallCustom Magi by default) and under Special FX > Dissolve > UV Tile Dissolve, you can control the parts that are hidden (0 is shown, 1 is hidden)

simply set all of these to 0 to show all parts of the body

also remember these are animated and most of these dissolves are automated through toggles and animations in the FX layer - you will have to remove these from the FX layer to prevent them from being overridden when the avatar loads

@PuppyPaws not many that are well known besides @halcyon, myself and maybe @totallyoriginal1 if they're still active, but for Hal and I, we're trying to move away from doing these things - the gumroad/payhip market is toxic and predatory and we really no longer have an interest in humoring these creators

I might release a tool to automate the process a bit, but as of right now it's either get familiar with someone who has proven they can perform a decrypt from this forum or just do it yourself

preferably stop giving these creators your money and a platform to exploit you for pixels

@Jdoe12666 GoGo contains a VRCFury prefab you can use to apply GoGo independently of the parameters/playable layers - highly recommend going this route

@blayzah post #16 - import GoGo from VCC and use that; this is likely the issue for most decrypted avatars as the GoGo included from the base package is also modified by the Licenser

this is stated in my guide as well, if you followed that

to my knowledge, hal's download (the latest backups provided) also have this issue fixed (if you're looking to download this model specifically)

as for the OGMeshes situation, i'm not really aware of what to do about that as i'm assuming you're working with a newer released model (and the licenser has a new update nearly every time, annoyingly) - in that case if you'd like to you can pm me and i'll try to give as much insight as i can

suppose that gives me an excuse to properly develop a bypass tool to abuse unity with, lol

for the programmers and more technically inclined, here's a very simple nodeJS based directory monitor, mentioned in footnote [3]

'use strict'
Object.defineProperty(exports, '__esModule', { value: true })
const chokidar = require('chokidar')

// Define the path of the directory you want to monitor
const directoryToWatch = 'path/to/project/directory/here'

const watcher = chokidar.watch(directoryToWatch, {
  persistent: true,
  ignoreInitial: false,
  awaitWriteFinish: { stabilityThreshold: 2, pollInterval: 5 },
  atomic: true
})

const alertUser = function (message) { console.log('Alert: '.concat(message)) }

watcher
  .on('add', function (path) { return alertUser('File added: '.concat(path)) })
  .on('change', function (path) { return alertUser('File changed: '.concat(path)) })
  .on('unlink', function (path) { return alertUser('File removed: '.concat(path)) })
  .on('error', function (error) { return console.error('Watcher error: '.concat(error)) })
console.log('Watching for changes in directory: '.concat(directoryToWatch))

it utilizes the chokidar package to monitor a directory for any incoming changes, additions, and deletions - users can use this to see immediately when GonsoLicense creates files in \Packages\com.vrchat.avatars\Samples\Dynamics\Robot Avatar\Animators (or wherever it may write to within the project directory), and should give ample notice to launch shadowcopy

you might even be able to modify this script to detect when the decrypted files are written and automatically launch shadowcopy

if there's enough interest i wouldn't mind writing a redistributable script to automate this whole process as much as possible

guide here; i'm sure there are users on ripperstore you may ask to perform this task for you if you're not inclined to do it yourself

guide here for anyone willing to get their hands a little dirty with extracting the files

(not really short) guide on one of the methods i mentioned earlier in this topic can be found here

precursor

---

non-extensive guide for bypassing GonsoLicense
requires:

• a working Windows shadowcopy service (with some knowledge of it, preferably)
  • to check if shadowcopy service exists, open an admin command prompt and enter vssadmin list providers - it should respond with info about the vssadmin service
• a valid GonsoLicense key
• not-blacklisted vrchat account tied to said key

optional:

• if you would like to create a file monitor[3]: some basic programming knowledge

read the footnotes!
it might be intimidating, but it is very simple when you get used to it

step-by-step

---

1. load affected unitypackage into Unity, import any avatar requirements
2. log into the vrchat SDK panel
3. open GonsoLicense verifier, enter key and unlock avatar
4. initiate an avatar upload, as normal, and while it compiles shaders and shader variants:
   4a. call Windows' shadowcopy (or use a script[1]) on the drive where the project exists
5. navigate to the location where your shadowcopy is saved and browse to the copied project directory
6. copy decrypted avatar files (fx, menu, parameters) from Packages\com.vrchat.avatars\Samples\Dynamics\Robot Avatar\Animators and the Meshes.asset from the GonsoLicense folder inside Assets[2]
   6a. these will have psuedo-randomized names, copy everything if you need to
   6b. copy these files, trying to move them will not work
7. either cancel the ongoing upload or let it finish, you at this point have the decrypted files to do what you want with

• when importing the Meshes, you will most likely have to manually fix each SkinnedMeshRenderer and point it to the correct mesh - refer to this post for more info on how to do that
• GoGo might also be broken - refer to this post for more info on using GoGoLoco from the VCC

footnotes

---

[1]

we found using an administrator PowerShell script to directly call the shadowcopy service works best - here's a script you can use to do the same

$s1 = (Get-WmiObject -List Win32_ShadowCopy).Create("C:\\", "ClientAccessible")
$s2 = Get-WmiObject Win32_ShadowCopy | Where-Object { $_.ID -eq $s1.ShadowID }
$d  = $s2.DeviceObject + "\\"

cmd /c mklink /d C:\shadowcopy "$d"

Write-Host -NoNewLine 'Press any key to finish and delete the shadowcopy...';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');

$s2.Delete()

important: on line 1, change C:\\ to the letter of the drive that your targeted project exists on - e.g. for the D drive change it to D:\\

you can save this to a file with a .ps1 extension - e.g. shadowcopy.ps1 and launch it from an administrator powershell in the same directory using .\name-of-file.ps1

when launched, this will create a "snapshot" of the targeted drive, essentially freezing it, and everything in it, in time
it will then mount the shadowcopy that was just made in C:\shadowcopy (you may have to delete this directory if it already exists), where you can browse all of the files from the snapshot
it will then wait for any user input, and delete the shadowcopy when input is given

[2]

the location that GonsoLicense stores files in is variable and prone to change, as it can technically store files anywhere on the system

[3]

for the more technically inclined, a file monitor can be written to immediately update the user when files are changed - this can make it easier to signify when the shadowcopy service or script should be launched, as it is time sensitive

how does this actually work

---

unity and encrypted files

Unity does a lot of things right, but it cannot read encrypted files; this means that the SDK cannot just create an avatar from files that it can't read
at some point during the upload process, GonsoLicense needs to decrypt the encrypted files and store them out of sight while it builds the SDK-uploadable package
all the user needs to do, then, is access those files while this is being done

unity and file locking

while any file operation is happening, Unity locks the project directory, effectively preventing any external edits to the files while Unity works with them
this means the user cannot directly access the decrypted files while it is building, so there's one other way to get around that

shadowcopy

shadowcopy is a Windows service targeted towards server machines that allows server managers to create backups of entire drives, on the fly
the strength of this service is that it does not directly copy files, it creates a virtual "snapshot" of sorts that freezes the drive in time and saves the drive's virtual data at that very moment; this leads it to be unaffected by any file locks put in place by Unity or other programs
the user can then simply mount the snapshot as a directory and browse the saved files freely, copying anything directly from that virtual drive to their actual storage

ending notes

---

if you don't trust yourself performing this, it's better to ask someone who does (@halcyon has done quite a few by now and has been instrumental in finding a safer way to perform this method)

consider not supporting creators who use this on their models - it's sleazy at best and while Gonso has pure intentions at heart, this system's (and his) reputation is based on the reputation of the creators that use it
unfortunately, many of them are what we call "bad apples" in this community
i don't have anything directly against Gonso, but a handful of his partnered creators have histories of being generally unpleasant human beings

if the creator uses payhip's antileak as well as GonsoLicense, payhip antileak can still identify the file and user who purchased it; i've come up with some experimental bypasses for payhip's system but they require more testing to confirm stability

this method may get patched, but this takes advantage of a technically un-fixable flaw within Unity; more updates if and when that happens

---

this method was found and refined by a small group of software developers including myself (though i mostly did translation work)
feel free to ask any questions you have

funny, the creator didn't specify this was a gonso-protected avatar until literally a few hours ago

the lengths people go, huh

very hard to justify paying $40 just to be blacklisted or hunted down by an obsessive creator

if anything at least her obsessive nature prevents people from leaking her stuff, lol