YSM Has Been Cracked, but Copyright Protection Was Never the Point
YSM has been cracked.
Half the community is cheering, the other half is furious, and everyone has picked a side along the line of “copyright protection.” Supporters say creators have the right to protect their work. Opponents say encryption kills the spirit of sharing.
But there is one thing both sides agree on completely: everyone assumes that YSM’s encryption exists to protect copyright.
Is that assumption actually correct?
Background
If you play Minecraft, especially if you’ve spent time in Chinese servers and communities, you’ve almost certainly encountered YSM, or at least seen what it produces.
YSM, short for Yes Steve Model, is a mod that lets players replace the default blocky avatar with high-detail custom 3D models. Its success has been phenomenal. An entire commissioning and retail ecosystem has sprung up around it: modelers take orders, quote prices, and deliver finished products on the marketplace; buyers pay anywhere from a few to several dozen dollars for a custom model; Bilibili is filled with showcase videos made with YSM models; and many servers list YSM support as a selling point. In the Chinese Minecraft community, custom player models as a category has essentially one name. YSM is the de facto standard.
And every single model circulating in this ecosystem is locked inside YSM’s proprietary encrypted format.
VMProtect
Minecraft’s plugin and mod ecosystem has long been plagued by backdoors. The number of publicly distributed plugins found to contain backdoors is already too large to count, let alone those from dubious sources like secondhand marketplaces. In an ecosystem like this, being able to see what the code is doing is the only line of defense players and server operators have.
And the protection scheme YSM chose for its models is VMProtect.
Among commercially available code protection products, VMProtect is one of the strongest. Its code virtualization makes reverse engineering extraordinarily difficult; even professional researchers may spend weeks untangling a VMProtect-protected binary. Yet you will hardly find any mainstream commercial software using it. The contexts where VMProtect most commonly appears are gray-market and malicious software seeking to resist security analysis.
Using VMProtect inside a Java mod comes at an exorbitant cost. VMProtect is not the kind of obfuscation tool you enable with a single parameter. The developer must rewrite the logic to be protected in C/C++. Virtualized code paths run tens to hundreds of times slower. And Mac users are expelled entirely.
When YSM introduced VMProtect two years ago, Windows Defender began flagging it as malicious. YSM’s official response was: “This is a false positive; we have mitigated it with a code-signing certificate.” But antivirus software was never “flagging it falsely”: when faced with a program that actively hides its own behavior using the same adversarial techniques as malware, suspicion is entirely reasonable. The code-signing certificate only addressed Defender’s heuristic trigger conditions. VMProtect itself did not change at all, and the software’s behavior remained completely unauditable.
A Minecraft mod developer, willing to pay every price imaginable: tanked performance, antivirus detections, and the expulsion of Mac and Linux ARM users.
What, exactly, is being protected at such cost?
What the Encryption Actually Does
YSM’s encrypted model files are not bound to any user identity. Anyone who obtains the file can use it directly, or resell it on the spot. The encryption creates no barrier whatsoever against unauthorized copying or distribution.
If the purpose of this encryption is to prevent piracy, it has failed completely.
But is it really beyond the developer’s ability to prevent piracy?
According to the cracking group’s report, YSM has implemented full user binding for models distributed via servers. The server and client each hold independent session keys; when the client receives a model, it re-encrypts it with its own dedicated key before writing it to local cache. Even if someone copies the cached file to another machine, it cannot be decrypted without the corresponding client key. This is a complete DRM mechanism capable of preventing unauthorized copying, and YSM’s developer has already implemented and deployed it in production.
But in the retail scenario, they chose not to.
There could be many reasons for this. Designing such a DRM system for retail does sound dystopian. But from another angle, not binding models to user identities means models can circulate freely. Free circulation expands YSM’s install base, pulling more players, more servers, and more creators into the ecosystem. For a platform that depends on user scale to maintain its position, restricting circulation would be counterproductive.
Regardless of the reason, the encryption ultimately achieves one thing and one thing only: it prevents the buyer from editing, modifying, or exporting the model to other formats.
The retail market’s pricing structure confirms this. In YSM’s marketplace, encrypted finished products and editable zip source files are often priced separately, with the source file typically costing several times as much as the encrypted version. “The ability to modify” has been stripped out of the work and sold as a separate commodity.
If the purpose of encryption were to protect copyright, then the encrypted and source-file versions should have identical use value, since they contain the same content, and there should be no price difference. The fact that source files cost more can only mean one thing: the real function of encryption is to manufacture scarcity around “the right to modify.” And “modification rights” as a separately priced commodity has no counterpart anywhere in copyright law. This is a market that YSM’s encryption design conjured out of thin air.
Who Benefits
Every model is locked inside YSM’s proprietary encrypted format. Creators make models only for YSM, buyers can only load models through YSM, and the entire transaction ecosystem is sealed within a walled garden.
One might think: at least the creators benefit, right? After all, the source files sell for more.
But creators had almost no active choice in how this situation came about. YSM’s workflow implies the encrypted proprietary format as “the final distribution artifact” and the editable zip as “the production format.” Creators may never have actively considered format openness or interoperability. They simply followed the default path laid out by the tool: “encrypted” just sounds like “better, safer.”
In the broader 3D asset industry, this sales model is unprecedented. Models traded on Sketchfab and Fab are delivered almost entirely in standard formats like FBX and glTF, and what the buyer receives is the editable source file. Unity Asset Store explicitly grants buyers the right to modify assets in its EULA. No platform charges separately for “the ability to modify.” The price gap between encrypted and source-file versions in the YSM marketplace looks like a business decision made by individual creators, but the precondition that makes this gap possible is YSM’s encryption design. Creators, like players, are subjects of this choice architecture.
Figura
If you have never used, or even never heard of Figura, that fact itself says something.
Figura is an open-source custom model mod with functionality identical to YSM. It uses the standard Blockbench format, uses standard Lua scripting for complex animations and interactions, and has a central server for automatic model synchronization between players. It does not depend on any proprietary authoring tools and does not require creators to surrender format control over their own work. In terms of technical capability, Lua’s expressiveness far exceeds the unconventional expression format that YSM provides.
It proves one thing: a functioning model ecosystem can be built without encryption.
VMProtect imposes another cost on YSM that is less often discussed. Because the core code is unauditable, developers of other mods cannot independently implement interoperability with YSM. All compatibility work can only be done unilaterally by YSM’s development team, and YSM’s ecosystem compatibility depends entirely on one team’s willingness and capacity.
Reverse Galápagos
From the late 1990s to the early 2000s, Japanese mobile phones, televisions, and internet services evolved to a highly advanced state within a closed domestic market. They were extraordinarily feature-rich, yet completely incompatible with global standards. When the global market converged on the iPhone and Android, Japanese manufacturers found their products unable to leave the country. A closed market bred exquisite but isolated evolution. This is “Galápagos syndrome.”
YSM’s story is a reverse Galápagos.
A traditional Galápagos product is at least functionally superior, just incompatible. Because of VMProtect, YSM’s user experience is far worse than its open-source alternative. Yet it precisely caters to a specific demand in the Chinese Minecraft community: encrypted models.
Across the global 3D asset market, from Sketchfab to Fab to Unity Asset Store, no platform offers “preventing the buyer from modifying” as a feature. The economic logic of copyright protection is to prevent unauthorized copies from undermining the creator’s commercial revenue, not to continue controlling how the buyer uses the work after a legitimate transaction has been completed. But in the Chinese Minecraft community, “I don’t want anyone else modifying my model” is regarded as an unquestionable right, one that outweighs user experience. YSM answered this demand with a proprietary encrypted format, offering something that no other solution was willing to offer, and leveraged that single advantage to establish a near-monopoly.
That monopoly, in turn, sustains an information asymmetry. The vast majority of YSM users have never encountered Figura and have never realized that a more open, more technically sustainable alternative exists. A model locked in a proprietary encrypted format cannot be migrated to another platform. A distribution ecosystem dominated by YSM will not let users know that “you have other options.”
Turning models into a kind of public skin service, as SkinMe or Ely.by once did, where any player with the mod installed can see other players’ models across any server: this should be a perfectly natural idea. But under YSM’s closed ecosystem, that future may never arrive.
An encryption that cannot prevent copying. A market that prices the right to modify separately. A platform that has the ability to implement DRM but chose not to. An ecosystem that locks both creators and players inside a proprietary format.
Every technical decision points to the same beneficiary.
“Protecting copyright” is just the excuse that makes everyone accept all of this.
Back to This Week
Who is actually threatened by this week’s crack?
The piracy risk facing creators has not increased one bit because of the crack. The encryption never prevented copying or reselling in the first place. Before the crack, anyone who got hold of the file could use it or resell it immediately. After the crack, nothing about this has changed.
What the crack truly disrupted is YSM’s monopoly over a proprietary format. The moment encryption is broken and models can be exported to standard formats, the walled garden that locked everyone inside the YSM ecosystem ceases to exist.
Ironically, the cracking group has stated that this publicly released crack did not even require defeating VMProtect itself. VMProtect’s code virtualization incurs severe performance penalties, and YSM’s developer most likely chose not to virtualize critical hot code paths in order to maintain acceptable runtime performance, leaving the cipher parameters fully exposed in unprotected code. In the end, the logic so painstakingly rewritten in C++ turned out to be unguarded at the very core.
After the crack went public, I learned within a very short time that at least three independent teams had each been pursuing similar approaches on their own. “No publicly available cracking tool” never meant “no one is capable of doing it.”
Adobe, Amazon, and Sony, with virtually unlimited resources, have never managed to effectively encrypt their e-books and music. Every generation of DRM is cracked shortly after release.
Encrypting pure data has never been effective in the long run. YSM will not be the exception.
Regarding the specific security threats VMProtect poses to Minecraft servers and the technical countermeasures server operators can take, I will cover that in a separate article. The deeper community-cultural questions behind “what encryption is really protecting” also deserve dedicated discussion, but that is not what this article set out to do.
2026-05-10: The sequel is now available. See: How Silence Is Manufactured