A very simple Gonso-removal method

can't believe i originally went the most complicated route instead of just throwing a brick at Unity through task manager lmao

good find, bravo

a rant for the rant

it's becoming a standard to use ThirdSDK or private uploader services directly for avatars that are in no way representative of their price tag - it's a bit comedic that a lot of the "ToS" or "commercial usage" licensing creators list on their store page doesn't actually come with a verifiable license file, tag, or signature; so they cannot be claimed as legal, original creations unless it's the creator of the kitbashed asset

or how about using systems that obfuscate the meshes? (i think we all know of a pretty prolific one on this site)
which rides the line of privacy, as such scripts have access to your filesystem and ping licensing servers you may not even know exist

lack of education on the topics, and an abundance of indifference/complacency plague the entire avatar creation community; it's sad that over the years we've allowed it to happen just to see the same asset on 5 avatars released hours after each other

@cxward you can enable shadowcopy in two ways:

• opening services.msc ( Win + R > type services.msc )
• scroll down and locate Volume Shadow Copy
• double click (or right click > properties) and set the startup type to automatic
• right click and start the service

on some systems that may not have the service, like Home, you can enable System Protection (which uses and enables the shadowcopy service):

• open Control Panel
• navigate to System > Advanced System Settings > System Protection
• select your Windows (C) drive
• click Configure
• turn on System Protection and set it to 5%
• click create

your system may need a reboot afterwards, but shadowcopy should be enabled - I run shadowcopy using the service on Windows 10 Pro, so I can a least confirm that works

many such cases.

@horsedraught Godfall makes extensive use of UV Tile Dissolve when overlaying clothes onto the body; allowing Poiyomi to discard vertices and "hide" the selected part entirely

unlock the Body material (Body_GodfallCustom Magi by default) and under Special FX > Dissolve > UV Tile Dissolve, you can control the parts that are hidden (0 is shown, 1 is hidden)

simply set all of these to 0 to show all parts of the body

also remember these are animated and most of these dissolves are automated through toggles and animations in the FX layer - you will have to remove these from the FX layer to prevent them from being overridden when the avatar loads

@PuppyPaws not many that are well known besides @halcyon, myself and maybe @totallyoriginal1 if they're still active, but for Hal and I, we're trying to move away from doing these things - the gumroad/payhip market is toxic and predatory and we really no longer have an interest in humoring these creators

I might release a tool to automate the process a bit, but as of right now it's either get familiar with someone who has proven they can perform a decrypt from this forum or just do it yourself

preferably stop giving these creators your money and a platform to exploit you for pixels

@Jdoe12666 GoGo contains a VRCFury prefab you can use to apply GoGo independently of the parameters/playable layers - highly recommend going this route

@blayzah post #16 - import GoGo from VCC and use that; this is likely the issue for most decrypted avatars as the GoGo included from the base package is also modified by the Licenser

this is stated in my guide as well, if you followed that

to my knowledge, hal's download (the latest backups provided) also have this issue fixed (if you're looking to download this model specifically)

as for the OGMeshes situation, i'm not really aware of what to do about that as i'm assuming you're working with a newer released model (and the licenser has a new update nearly every time, annoyingly) - in that case if you'd like to you can pm me and i'll try to give as much insight as i can

suppose that gives me an excuse to properly develop a bypass tool to abuse unity with, lol

for the programmers and more technically inclined, here's a very simple nodeJS based directory monitor, mentioned in footnote [3]

'use strict'
Object.defineProperty(exports, '__esModule', { value: true })
const chokidar = require('chokidar')

// Define the path of the directory you want to monitor
const directoryToWatch = 'path/to/project/directory/here'

const watcher = chokidar.watch(directoryToWatch, {
  persistent: true,
  ignoreInitial: false,
  awaitWriteFinish: { stabilityThreshold: 2, pollInterval: 5 },
  atomic: true
})

const alertUser = function (message) { console.log('Alert: '.concat(message)) }

watcher
  .on('add', function (path) { return alertUser('File added: '.concat(path)) })
  .on('change', function (path) { return alertUser('File changed: '.concat(path)) })
  .on('unlink', function (path) { return alertUser('File removed: '.concat(path)) })
  .on('error', function (error) { return console.error('Watcher error: '.concat(error)) })
console.log('Watching for changes in directory: '.concat(directoryToWatch))

it utilizes the chokidar package to monitor a directory for any incoming changes, additions, and deletions - users can use this to see immediately when GonsoLicense creates files in \Packages\com.vrchat.avatars\Samples\Dynamics\Robot Avatar\Animators (or wherever it may write to within the project directory), and should give ample notice to launch shadowcopy

you might even be able to modify this script to detect when the decrypted files are written and automatically launch shadowcopy

if there's enough interest i wouldn't mind writing a redistributable script to automate this whole process as much as possible

guide here; i'm sure there are users on ripperstore you may ask to perform this task for you if you're not inclined to do it yourself

guide here for anyone willing to get their hands a little dirty with extracting the files

(not really short) guide on one of the methods i mentioned earlier in this topic can be found here

precursor

---

non-extensive guide for bypassing GonsoLicense
requires:

• a working Windows shadowcopy service (with some knowledge of it, preferably)
  • to check if shadowcopy service exists, open an admin command prompt and enter vssadmin list providers - it should respond with info about the vssadmin service
• a valid GonsoLicense key
• not-blacklisted vrchat account tied to said key

optional:

• if you would like to create a file monitor[3]: some basic programming knowledge

read the footnotes!
it might be intimidating, but it is very simple when you get used to it

step-by-step

---

1. load affected unitypackage into Unity, import any avatar requirements
2. log into the vrchat SDK panel
3. open GonsoLicense verifier, enter key and unlock avatar
4. initiate an avatar upload, as normal, and while it compiles shaders and shader variants:
   4a. call Windows' shadowcopy (or use a script[1]) on the drive where the project exists
5. navigate to the location where your shadowcopy is saved and browse to the copied project directory
6. copy decrypted avatar files (fx, menu, parameters) from Packages\com.vrchat.avatars\Samples\Dynamics\Robot Avatar\Animators and the Meshes.asset from the GonsoLicense folder inside Assets[2]
   6a. these will have psuedo-randomized names, copy everything if you need to
   6b. copy these files, trying to move them will not work
7. either cancel the ongoing upload or let it finish, you at this point have the decrypted files to do what you want with

• when importing the Meshes, you will most likely have to manually fix each SkinnedMeshRenderer and point it to the correct mesh - refer to this post for more info on how to do that
• GoGo might also be broken - refer to this post for more info on using GoGoLoco from the VCC

footnotes

---

[1]

we found using an administrator PowerShell script to directly call the shadowcopy service works best - here's a script you can use to do the same

$s1 = (Get-WmiObject -List Win32_ShadowCopy).Create("C:\\", "ClientAccessible")
$s2 = Get-WmiObject Win32_ShadowCopy | Where-Object { $_.ID -eq $s1.ShadowID }
$d  = $s2.DeviceObject + "\\"

cmd /c mklink /d C:\shadowcopy "$d"

Write-Host -NoNewLine 'Press any key to finish and delete the shadowcopy...';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');

$s2.Delete()

important: on line 1, change C:\\ to the letter of the drive that your targeted project exists on - e.g. for the D drive change it to D:\\

you can save this to a file with a .ps1 extension - e.g. shadowcopy.ps1 and launch it from an administrator powershell in the same directory using .\name-of-file.ps1

when launched, this will create a "snapshot" of the targeted drive, essentially freezing it, and everything in it, in time
it will then mount the shadowcopy that was just made in C:\shadowcopy (you may have to delete this directory if it already exists), where you can browse all of the files from the snapshot
it will then wait for any user input, and delete the shadowcopy when input is given

[2]

the location that GonsoLicense stores files in is variable and prone to change, as it can technically store files anywhere on the system

[3]

for the more technically inclined, a file monitor can be written to immediately update the user when files are changed - this can make it easier to signify when the shadowcopy service or script should be launched, as it is time sensitive

how does this actually work

---

unity and encrypted files

Unity does a lot of things right, but it cannot read encrypted files; this means that the SDK cannot just create an avatar from files that it can't read
at some point during the upload process, GonsoLicense needs to decrypt the encrypted files and store them out of sight while it builds the SDK-uploadable package
all the user needs to do, then, is access those files while this is being done

unity and file locking

while any file operation is happening, Unity locks the project directory, effectively preventing any external edits to the files while Unity works with them
this means the user cannot directly access the decrypted files while it is building, so there's one other way to get around that

shadowcopy

shadowcopy is a Windows service targeted towards server machines that allows server managers to create backups of entire drives, on the fly
the strength of this service is that it does not directly copy files, it creates a virtual "snapshot" of sorts that freezes the drive in time and saves the drive's virtual data at that very moment; this leads it to be unaffected by any file locks put in place by Unity or other programs
the user can then simply mount the snapshot as a directory and browse the saved files freely, copying anything directly from that virtual drive to their actual storage

ending notes

---

if you don't trust yourself performing this, it's better to ask someone who does (@halcyon has done quite a few by now and has been instrumental in finding a safer way to perform this method)

consider not supporting creators who use this on their models - it's sleazy at best and while Gonso has pure intentions at heart, this system's (and his) reputation is based on the reputation of the creators that use it
unfortunately, many of them are what we call "bad apples" in this community
i don't have anything directly against Gonso, but a handful of his partnered creators have histories of being generally unpleasant human beings

if the creator uses payhip's antileak as well as GonsoLicense, payhip antileak can still identify the file and user who purchased it; i've come up with some experimental bypasses for payhip's system but they require more testing to confirm stability

this method may get patched, but this takes advantage of a technically un-fixable flaw within Unity; more updates if and when that happens

---

this method was found and refined by a small group of software developers including myself (though i mostly did translation work)
feel free to ask any questions you have

funny, the creator didn't specify this was a gonso-protected avatar until literally a few hours ago

the lengths people go, huh

very hard to justify paying $40 just to be blacklisted or hunted down by an obsessive creator

if anything at least her obsessive nature prevents people from leaking her stuff, lol

Could you tell me more about payhips system, and do sellers normally notify buyers before they purchase?

payhip's anti-leak is currently in closed-beta and requires a vouch directly from another creator that has it enabled to gain access - some creators do explicitly state that a package is protected by payhip's anti-leak, but i've seen that most do not

payhip's anti-leak works by injecting identifying bits into the unitypackage per buyer, generating a completely unique unitypackage for you as you click the download button

as far as i can tell, older versions of the anti-leak would edit files within the package like animations which would cause GonsoLicense to throw errors upon uploading; it seems now that isn't the case

i don't know very well how the anti-leak works right now. from my testing, it seems it no longer edits files within the package, and instead injects identifying hex-data into the unitypackage in specific places (of which seem to be very consistent across many payhip-signed packages); i'm working with Hal to develop a potential bypass for it, but we cannot make any promises

So basically itd be in my best interest to wait for decrypted avatars to be shared? (Im fine with that)

yes, this is unfortunately one of those situations where it's better to leave these processes up to those who know properly how to manage them; but understand that we also don't have infinite funds and the generosity of this community that donates their avatars and license keys cannot be understated

behind shady business practices are some very expensive "products" that likely aren't worth the price, and very commonly should not be "protected" by these things to begin with; the entire idea of giving a user encrypted, unmodifiable files of mostly kit-bashed assets is absurd in both conception and practice

basically flags you to creators?

i'll add a bit more to this:

• the licenser itself logs your vrchat account's username and display_name - this is used to identify you to the key and that's how you are flagged
• many creators are using Payhip, and Payhip's anti-leak signs files with a nearly invisible identifier that allows the creator to upload a leaked unitypackage and immediately find the info of the buyer who leaked it - which also gives them the GonsoLicense key, and can be used to identify/blacklist the user
  • while Payhip's antileak is robust, i've personally found an interest in how it works and have been testing possible workarounds

at the end of the day, there isn't a reason for logging IPs; Gonso and the creators have simpler, more robust methods of identifying users

But i heard it logs your ip and basically flags you to creators?

unconfirmed, but given the closed-source nature of the system i wouldn't put it out of the equation - so far though Gonso himself has told me directly (and proven to me) that he does not have interest in logging IPs; as far as i can tell that remains the case now

What happens to a model with gonzo if the creator no longer uses gonzo?

hopefully, like Whituu's Sakura from a while ago, it is simply updated for the purchasers to not have the system in the package; otherwise it's just up to the creator to do that themselves

And, how does one manually remove gonzo?

this one is an involved process. there isn't a singular way to remove this system, and there is definitely not a simple way to do so without a decent handle on programming and cybersec tools

both @halcyon and i have worked on ways to get around this and she still works on them now; i just help with code stuff occasionally as i've mostly lost interest in it

it boils down to a few methods:

• the first, is to decompile the GonsoLicense DLL (most versions are obfuscated with ConfuserEX - it's very easy for a user to see this by loading the DLL into something like Ghidra or DnSpy); and once you've obtained the source code, you can write your own Unity scripts to "fake" requests to the API, basically copy-pasting the Decrypt method so it can be decrypted manually with the key from the API
  • there was a tool developed by a few acquaintances of mine that circulated around this forum a while ago; it was based off of my original methods and code that ended up being heavily edited for public use
• the second is to hijack the Unity process and "stall" it while the Licenser does its tricks. the drawback of GonsoLicense is that it has one major flaw: Unity cannot load or upload encrypted files. at some point during the upload process, these files have to be decrypted to be packaged - giving users a small window in which they can grab the files if they can get around Unity's directory locking. while simpler on paper, Unity's directory lock is pretty robust and isn't easy to bypass

Personally dont believe it but why lie to your buyers?

money. i wish i could say most creators using the GonsoLicense system are doing it without malicious intent, but the bottom line is many of them are looking for quick ways to maximize their profit margins for mediocre avatar work (not the case for all, but many), where some creators like Strawbunny don't even do most of the work and outsource it - there's a reason you don't see larger, more confident creators using the system (to name a few, such as Godfall and Nikkie) - the quality of their work speaks for itself (and is usually worth the price); most importantly their interaction with the community they've built doesn't give many users a reason to maliciously steal their products

it's all business practices, and predatory ones at that

i'm aware specifically for Birdy's case that they did actually stop using Gonso, but released the non-GonsoLicense'd package under a completely separate listing on their Gumroad. whether they forced previous buyers to re-buy it or not is unknown to me

feel free to ping myself or @halcyon for more answers - we're happy to help

@Rotting newest and quickest methods will probably require both a license key and the account details of the linked vrchat account - you're free to dm either @halcyon or myself about this, but i'll keep parroting these simple statements:

you cannot post files without a license key and just expect it to magically be decrypted. that is not how the licenser works

do a quick google search on encryption to understand why the key is required

most of all, if anyone pms either me or Hal to do a decrypt for you, how about not ghosting us as we're trying to help you? this isn't in specific to the user i'm replying to (my apologies, Rotting) - but in general we'd like to keep pms moving so we don't have to sit here for years bumping the same posts