I didn’t play VRChat for a long time and quickly found out that modding is no longer a thing. I was disappointed, but I decided to try to make it work again. I’m going to share my findings in this series of posts.
What is VRChat?
VRChat is a social VR application where you can communicate with other people in a virtual world. It’s a great place to make friends and have fun. VRChat is available for free on Steam.
How does VRChat work?
VRChat is a Unity game. It uses the UdonSharp scripting language to run scripts. UdonSharp is a C#-like language that compiles to Udon, a custom bytecode. Udon is a custom bytecode, which means that it’s not the same as CIL or any other bytecode that .NET supports. UdonSharp is a custom scripting language that compiles to Udon. It’s not C#.
What changed?
VRChat now uses EasyAntiCheat, an anti-cheat service provided by Epic Games that run in kernel mode. This major change essentially broke modding in VRChat as It’s no longer possible to inject code into the game process under normal circumstances.
How can we mod VRChat again?
We’ll must deep dive into the game’s code and find a way to inject code into the game process. There are currently two plans on my mind:
- Find a way to spoof EasyAntiCheat when HTTP requests are made to the server.
- Inject our code just like normal.
OR
- Find differences between non-EAC and EAC version of the game.
- Mod the game till it works.
I decided to go with the latter.
Downloading an older version of the game
Luckily, the developers didn’t reset Steam branches. This makes it possible to download older versions using Steam’s console. To do this, I opened Steam and in my browser, I pasted this link to open the console steam://nav/console. Then type download_depot 438100 438101 1831754904438111685.
Launching the game with a debugger
Since this is an old, unprotected version, I decided to start my debugging tools and see what I can find.
Right after launching the game, it looked normal, however upon loading the world, I noticed that the game was getting stuck.
Thanks to the developers, it was very easy just by looking into logs.
2022.09.29 00:23:23 Error - [API] [39, 404, Get, 2] Request Finished with Error!
https://api.vrchat.cloud/api/1/instances/wrld_4432ea9b-729c-46e3-8eaf-846aa0a37fdd:81892~private(usr_61077107-4790-4b33-87c3-01737409bc16)~region(eu)~nonce(1E60B69DDD95E5E9D2A0EC0BDC920A34120CB70E37C1E274)/join?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
No Exception
{{"error":"The endpoint you're looking for is not implemented by our system.","status_code":404}}
Huh? That’s very weird, let’s try doing the same but with curl.
$ curl -k -X GET "https://api.vrchat.cloud/api/1/instances/wrld_4432ea9b-729c-46e3-8eaf-846aa0a37fdd:64813/?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26" -b "auth={REDACTED}" -H "X-Requested-With: XMLHttpRequest" -H "X-MacAddress: 34fdfe43895ba8f3f14699c66ae70912db9eb92f" -H "X-Client-Version: 2022.2.1p6-1207--Release" -H "X-Platform: standalonewindows" -H "X-Unity-Version: 2019.4.31f1" -H "Content-Type: application/x-www-form-urlencoded"
{"error":"The endpoint you're looking for is not implemented by our system.","status_code":404}
It seems like the developers changed some API stuff. Finding the new endpoint will be more tricky since the game is obfuscated and EAC protected, no dumping sadly.
Dumping URL requests from the old version
I decided to use MelonLoader since it was the program that started this all.
URLs
https://api.vrchat.cloud/api/1/config?organization=vrchat
https://api.vrchat.cloud/api/1/auth/user?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/message/usr_746a0cce-5441-448c-8f14-2c999524e522/message?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/message/usr_746a0cce-5441-448c-8f14-2c999524e522/response?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/message/usr_746a0cce-5441-448c-8f14-2c999524e522/request?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/message/usr_746a0cce-5441-448c-8f14-2c999524e522/requestResponse?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/auth/user/subscription?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/users/usr_746a0cce-5441-448c-8f14-2c999524e522/feedback?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/infoPush?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&include=avatar-world-category,avatar-category
https://api.vrchat.cloud/api/1/avatars/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&featured=true&releaseStatus=public&n=100&offset=0&order=descending&maxUnityVersion=2019.4.31f1&minUnityVersion=5.5.0f1&maxAssetVersion=1&minAssetVersion=0
https://api.vrchat.cloud/api/1/avatars/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&featured=true&releaseStatus=public&n=100&offset=0&order=descending&maxUnityVersion=2019.4.31f1&minUnityVersion=5.5.0f1&maxAssetVersion=1&minAssetVersion=0&tag=avatars2
https://api.vrchat.cloud/api/1/avatars/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&featured=true&releaseStatus=public&n=100&offset=0&order=descending&maxUnityVersion=2019.4.31f1&minUnityVersion=5.5.0f1&maxAssetVersion=1&minAssetVersion=0&tag=avatars3
https://api.vrchat.cloud/api/1/avatars/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&featured=true&releaseStatus=public&n=100&offset=0&order=descending&maxUnityVersion=2019.4.31f1&minUnityVersion=5.5.0f1&maxAssetVersion=1&minAssetVersion=0&tag=avatars4
https://api.vrchat.cloud/api/1/avatars?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&user=me&releaseStatus=all&n=100&offset=0&order=descending&maxUnityVersion=2019.4.31f1&minUnityVersion=5.5.0f1&maxAssetVersion=1&minAssetVersion=0
https://api.vrchat.cloud/api/1/avatars?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&user=me&releaseStatus=all&n=100&offset=0&order=descending&maxUnityVersion=2019.4.31f1&minUnityVersion=5.5.0f1&maxAssetVersion=1&minAssetVersion=0&tag=author_quest_fallback
https://api.vrchat.cloud/api/1/avatars/licensed?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&n=100&offset=0
https://api.vrchat.cloud/api/1/avatars?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&releaseStatus=public&n=100&offset=0&order=descending&maxUnityVersion=2019.4.31f1&minUnityVersion=5.5.0f1&maxAssetVersion=1&minAssetVersion=0&tag=admin_quest_fallback_extended
https://api.vrchat.cloud/api/1/avatars?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&releaseStatus=public&n=100&offset=0&order=descending&maxUnityVersion=2019.4.31f1&minUnityVersion=5.5.0f1&maxAssetVersion=1&minAssetVersion=0&tag=admin_featured_legacy
https://api.vrchat.cloud/api/1/avatars/avtr_c8a98d81-120d-42de-ad3a-bd9512ea6539?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/avatars/avtr_f8325fcd-28eb-43b6-afb7-318412b2729d?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/avatars/avtr_31322edd-c616-4325-9f40-3b676611655f?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/avatars/avtr_89fafa2d-4974-4ba9-a688-7ee0024184ff?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/avatars/avtr_52358a1b-9d27-45e3-a8f4-ff09f5757d47?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/files?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&n=64&offset=0&order=descending&tag=icon
https://api.vrchat.cloud/api/1/auth/user/friends?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&offset=0&n=100&offline=false
https://api.vrchat.cloud/api/1/auth/user/friends?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&offset=0&n=100&offline=true
https://api.vrchat.cloud/api/1/auth/user/moderations?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/auth/user/playermoderations?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/infoPush?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&include=platform-all,platform-pc,platform-desktop,platform-steam,platform-store-steam,version-all,version-2022.2.1p6,version-build-number-1207,version-build-hash-aff04cef72,user-all,user-no-vrcplus,user-creator,user-trust-level-new-user,language-all&require=high-priority
https://api.vrchat.cloud/api/1/auth/permissions?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/worlds/wrld_ba913a96-fac4-4048-a062-9aa5db092812?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/favorite/groups?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&n=32
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=worlds1&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=world&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=worlds2&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=world&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=worlds3&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=world&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=worlds4&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=world&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=avatars1&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=avatar&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=avatars2&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=avatar&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=avatars3&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=avatar&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=avatars4&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=avatar&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_0&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_1&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_2&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_1&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_0&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_2&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_1&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/worlds/wrld_4432ea9b-729c-46e3-8eaf-846aa0a37fdd?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/worlds/wrld_4432ea9b-729c-46e3-8eaf-846aa0a37fdd?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_0&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_1&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/favorites?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat&tag=group_2&ownerId=usr_746a0cce-5441-448c-8f14-2c999524e522&type=friend&n=100
https://api.vrchat.cloud/api/1/file/file_3caaf07f-363e-4b84-89d1-ee827f12afb5?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
https://api.vrchat.cloud/api/1/instances/wrld_4432ea9b-729c-46e3-8eaf-846aa0a37fdd:64813~private(usr_746a0cce-5441-448c-8f14-2c999524e522)~region(eu)~nonce(10981D2D83298B9C5567C180E3823CA93639656FD29E548F)/join?apiKey=JlE5Jldo5Jibnk5O5hTx6XVqsJu4WJ26&organization=vrchat
Looking at this more closely, the only thing that changed was the instances endpoint.
A good idea is a bad idea in practice
Me being a silly little catgirl, I asked myself: “What if I fuzz the endpoint?”.
This was a BAD IDEA. Not only did I get banned by Cloudflare (again), but I also got banned by VRChat.
Tsk tsk tsk…
The end?
Definitely not! I’m still working on this, and I’ll keep you updated on my progress. I’m also working on a tool to make this easier for everyone, so stay tuned! Please take in mind that not everything will be shown to prevent possible future patches.
Sources
VRChat API Community docummentation
SteamDB
Without these amazing people, this post wouldn’t be possible. Thank you!