Developer Update - 14 September 2023

Are they written in HLSL? The code I’ve seen looks like C to me

Which build version of unity 2022 will the sdk update to?

I appreciate all this insight, but again: encryption will not solve the problem.

Like I said before: If everyone has a key to your house, you do not have a lock.

Yes, they are HLSL as VRChat is a DX11 title (and I think Unity is in general). To my knowledge, the overwhelming majority of graphics shaders are written in HLSL (DX) or GLSL (OpenGL).

This is an example of an HLSL shader in Unity Shaders.
Shader "Unlit/NewUnlitShader"
        _MainTex ("Texture", 2D) = "white" {}
        Tags { "RenderType"="Opaque" }
        LOD 100

            #pragma vertex vert
            #pragma fragment frag
            // make fog work
            #pragma multi_compile_fog
            #include "UnityCG.cginc"

            struct appdata
                float4 vertex : POSITION;
                float2 uv : TEXCOORD0;

            struct v2f
                float2 uv : TEXCOORD0;
                float4 vertex : SV_POSITION;

            sampler2D _MainTex;
            float4 _MainTex_ST;
            v2f vert (appdata v)
                v2f o;
                o.vertex = UnityObjectToClipPos(v.vertex);
                o.uv = TRANSFORM_TEX(v.uv, _MainTex);
                return o;
            fixed4 frag (v2f i) : SV_Target
                // sample the texture
                fixed4 col = tex2D(_MainTex, i.uv);
                // apply fog
                UNITY_APPLY_FOG(i.fogCoord, col);
                return col;

You can use CUDA in C/C++, but that’s for CUDA computation. It’s not for graphics shaders.

I wouldn’t hold them to a particular version until the final release SDK is out. I am kinda curious why it matters.

But we can try to increase the difficulty so as to increase the cost.
You need to know that your opponents are just script kiddies and not professionals, which means there are some costs.

We just need to increase the cost so that the chance of giving up is higher, rather than choosing not to do it.

Just like when a person is stabbed by a sharp knife, he is very likely to die, but we protect him from being fatal.

Of course there are better ways, such as leaving the opponent without a sharp knife. If there is a better way, you can come up with it.

Okay, so what happens when people find a reliable way to grab the keys and decrypt the asset bundles?

People are going to circumvent that pretty easily. Sure, it may reduce some people from just grabbing the FOSS unity bundle rippers, but they will find a way.

Primarily: I don’t think the cost of adding encryption in this way is worth the downsides. There is too much dev time and there are too many possible bugs/performance issues to implement this.

I won’t believe it until i see it. Any time anyone’s made such claims it’s been bogus or some kind of catch or something. Like people misunderstanding what’s going on. Exported shaders come out in D3D11 assembly and usually show placeholder text like SubProgram "d3d11 " { "// shader disassembly not supported on DXBC" } or are otherwise just completely broken with attempts to automate decompilation. I also ran it by people i know that know about this kind of stuff, and also said they are unaware of any that actually work. Shaders are safe.

It generates blendshapes, it scrambles all of the transform values (pos,rot,scale), it obfuscates animators, and some other stuff, encrypted with an OSC decryptor. It’s not realistic to crack, because the decryption key exists independent of vrchat.

HLSL is a fork of Cg(raphics) essentially; it’s C for rasterization. D3D assembly is what it gets compiled into if rendering DX. Unity can run in OpenGL & WebGL, and DX12, Vulkan, and some previous versions of DX if using older unity versions. HLSL in unity get cross-compiled for GL rendering etc, but you can write shaders in GLSL if running GL rendering only. Ben Golus be like.

XeNTaX and other communities regularly collab to find and break encryption on game assets. Once the decryption is found, all you have to do is run it. If they change it, you just fetch the new one. They’d need layers of nested encryption, which makes it just as impractical for developers, and for runtime. The only realistic solution is independent localized decryption, which exists in utilities like the aforementioned dexprotect.

1 Like

I guess I was wrong. I never actually tested the ones I have. They come back with //DummyShaderTextExporter above the SubShader.

So: a) blendshapes that can be just slid back…? b) transform values that could just be manually replaced for each item c) doesn’t really matter anyways since a lot of people redo them.

Obviously it may be more complicated than that, but to me it seems pretty easy to just get around, at least to undo the blendshapes and have usable models + textures.

They’re encrypted and need OSC bits to decrypt. It’s not just a blendshape that you can set to 0 (that’s how CATs used to do it, and it was useless so it was canned), it’s multiple blendshapes that need specific values to be correct. Same with the transforms etc. This is why the system is uncracked, it’s been hard tested, like they even went looking for white hats to try.

So in other words, it spams the avatar with tons of blendshapes that need to be turned on or off, wasting a ton of performance just to make ripping an avatar slightly harder?

Edit: Also, given how blendshapes work, I’m sure it wouldn’t be hard to bring it into blender and go one by one. It’d be annoying and take time, but not difficult.

1 Like

It doesn’t affect performance that much, and it makes ripping significantly harder than literally any other method. This is the best, and again, tested. And no even with only 3 blendshapes, if they all have to be specific values, that’s 3 floats that have to be aligned like a combination lock. Again, this system has been white-hatted. It works.

With the content gating coming. Is there a way to double check the birthdate in your account? No clue if I even did it much less accurately. It’s sometimes a long way to scroll to get to the year.

Regarding the content gating, is there going to be an option to tag an instance, or is this going to be unique to avatars and worlds?

Also on Content Gating - for those who are 18+, will it be possible to enable content gating restrictions, but override it on a per-avatar and/or per-world basis (no need to fully disable it)?

This would offer an optional “content warning”-like system, akin to what’s available on some other social media platforms (Cohost, Mastodon/fediverse, etc).


I’m really happy about this security update people ripping my content is a nightmare as it is I work hard on this like my pizzaplex I hope it works

That “delay” is the point. Usually with these kinds of things it’s always a race, by not telling the malicious users what they have to look/try for, they can delay the inevitable and work on the next security layer on top of the established one.

Thats great, but if you can see the avatar correctly on your GPU you can acquire it. Dumping vertex data straight from your GPU will always be possible and impossible to block

They’d have to be there looking at your decrypted avatar in person to do that.

Not really. It’s not a race if that “delay” is in the order of weeks. It’s just being played with like prey. The amount of resources that needs to be put into it is extremely high if you are to play that game. It’s cheaper to just make it very difficulty requiring a lot of conditions and credentials to access data, as vrchat has done closing up the API.

Well if it’s only 3 blendshapes then the performance probably isn’t awful I guess. But still, that’s only 3 values then. It would be trivial to spend some time sliding them around in blender if someone is dedicated enough. And like Felis said, they can still dump from in-game.

This obviously does make it a bit harder to rip, but it surely doesn’t prevent it by any means and I doubt it would prevent rippers from spending an extra hour if it’s an avatar they really want.

Blendshapes will be a lot better for performance with unity 2022…

The point is that you aren’t gonna get any better than that really, the best realistic option already exists. Beyond that is diminishing returns.