Release 1.04, Copyright 2003 by Wormbo (wormbo@onlinehome.de)
Based on UT2003 Interim Security Mutator (UTSecure) Release 2.11, Copyright 2002-2003 by Epic Games.
UTSecure is a simple mutator that designed to perform a more detailed check
of various packages. Its goal is to provide additional protection in between
normal patch cycles by allowing server admins to perform more rigerous checking
of given files.
Anti TCC enhances UTSecure's ability to detect SET command cheats, the
so-called temporary console commands or "TCCs".
This interim release targets the following cheats:
The .zip that you downloaded contains 5 files.
Step 1: You should unzip the archive directly in to your root UT2003 directory with "expand folders" turned on. This will place the first 4 files in your \System subdirectory and the last in \Help.
Step 2: Open your UT2003.ini (or whatever configuration INI you are using).
Step 3: Find the section [Engine.GameEngine] and add the following two lines anywhere in that section:
ServerPackages=UTSecure211 ServerPackages=AntiTCC104 ServerActors=AntiTCC104.AntiTCCServerActor
IMPORTANT:You have to remove the UTSecureServerActor and also any references to older versions of UTSecure or AntiTCC.
Step 4: Add the changes found in AntiTCC104DefINI.txt to the end
of your INI file.
Note: With v2.00 of UTSecure, there was a huge change in the configuration section
so you will likely want to remove any section belonging to a previous version.
Starting with v2.07 of UTSecure, you no longer need to check UPlayersX1.upl.
This is now checked in different way which should increase compatibilty without
making it any less secure.
Step 5: If you are using Anti TCC or UTSecure with version 2166 of UT2003, please verify the that the line "SecurityClass=UnrealGame.UnrealSecurity" is found under the [Engine.GameInfo] section of your ini file. Later versions should already have that line.
Make sure Anti TCC works properly by connecting to your server. The client console should display something similar to the following example.
========================================== UTSecure - Interim security release 2.11 Copyright 2002-2003 by Epic Games ========================================== Anti TCC v1.04 build 2003-08-25 15:46 Copyright 2003 by Wormbo ========================================== * Insecure clients will be kicked * Scanning for SET command cheats... * Scanning for FOV cheats... * Verified package PlayerSkins * Verified package Bot * Verified package Aliens * Verified package HumanMaleA * Verified package HumanFemaleA * Verified package Jugg * Verified package Weapons * Verified package BrightPlayerSkins * Verified file UTSecure211.u * Verified file AntiTCC104.u * Verified skins You have been validated successfully.
The packages actually verified depend on which packages are loaded which in
turn depends on which models the players on the server use. Anti TCC explicitely
preloads the packages Aliens, Bot, HumanFemaleA, HumanMaleA and BrightPlayerSkins,
the packages PlayerSkins, Jugg and Weapons are already loaded by default.
The default Anti TCC configuration checks the regular skins, the Epic bright skins
and the TTM bright skins as well as the standard model packages and the files
UTSecure211.u and AntiTCC104.u.
The following options need to go under the enter [UTSecure211.UTChecker] in your UT2003.ini file (or whichever ini file configures your server.
The first configuration option is the Checks data set. All of the important data for each file is combined in to 1 entry in the ini. The format for the entry is seen here:
Checks=(FName="",MD5="",MD5Type=x,GUID="",MaxGenerations=x,Optional=True|False)
Notice that each sub-field is separated by a comma and mixes string and numeric data. Additionally, the GUID and MaxGenerations sub-fields are only relevant when MD5Type is 2 and can be excluded in all other cases. You can refer to the defaults for actual examples. The available sub-fields are:
| FName=<packagename> FName=<filename> |
The FName sub-field defines which files you wish to
check. How this field is handled is dependant on the MD5Type
sub-field below. If you are doing a QuickMD5, then you only need to include the
package name (ex: PlayerSkins, not PlayerSkins.utx). If you
are doing a Full MD5, then you need to include the full filename and
path (if needed). Paths are relative to your \System directory and can be relative or absolute. |
| MD5=<32 digit hash> | This is the MD5 that UTSecure will expect to see for this file. There is a considerable difference between a Quick MD5 and a Full MD5 so make sure you add the appropriate one depending on the MD5Type sub-field. |
| MD5Type=<0|2> | This sub-field determines what type of MD5 check to
perform.
Full MD5's can be performed on any file but tend to be slower. |
| GUID | This is a new sub-field that in the case of full MD5's will be used to perform an alternate check of a file in case that file is not found. UTSecure will use the GUID to browse the \Cache directory looking for matches. |
| MaxGenerations | This is the maximum number of generations of the file to check for. It works in conjunction with GUID when a file is not found. UTSecure will begin looking for the GUID-MaxGeneration.uxx and count backwards to 0 to maintain compatibility. Most times this number will be set to 1. |
| Optional | If this value is set to true and the file is either not loaded (in the case of types 0s) or not found (in the case of type 2s) then it will not be considered a bad file. |
The following options are considered global.
| WhatToDo=<0-3> | The what to do option determines what your server will
do if it detects an modified file. The available options are:
|
| TimeoutSeconds | This option determins now how the mutator will wait before it considers the whole system to have timed out. (ie: not functioning properly). |
| bKickOnTimeout | If this option is true, when a player times out, he will be kicked from your system. |
| bCheckSets | If set to true, UTSecure will check for the following
SET command cheats:
|
| bUseCustomLog | When set to true, UTSecure will
attempt to send most of it's log output to the log file specified in
the next variable. IMPORTANT If you enable logging on a server running a version of UT2003 2220 or lower, it will crash on map change every time. Later version of UT2003 have the bug fixed. |
| LogFileName | Holds the name of the log file to output to.
This file gets stored in the \UserLogs directory. IMPORTANT: If you enable logging on a server running a version of UT2003 2220 or lower, it will crash on map change every time. Later version of UT2003 have the bug fixed. |
The following options need to go under the enter [AntiTCC104.MutAntiTCC] in your UT2003.ini file (or whichever ini file configures your server.
| bConfigured | Just making sure you really read this file. ;-) Other values than bConfigured=True will display warning messages about Anti TCC not being configured correctly and Anti TCC will use its default configuration. |
| bCheckFOV | Enables or disables Anti TCC's FOV cheat checks. These checks have little to no visible performance impact and should stay enabled to prevent players from zooming with weapons that don't have a zoom feature. |
| bMessageBeep | Enables or disables the beep sound played when Anti TCC detects illegal files, settings or activities on a client. |
| bAllowClientConsoleMessages | Anti TCC displays messages in the client's console and log file about security checks. This option can disable the console messages. |
| bBroadcastConsoleErrorMessages | Enables or disables Anti TCC's red console warning messages stating the reason for a kick. This will not display a client console warning when bAllowClientConsoleMessages is disabled, but the warning will still be logged in the client's log file. |
| bBroadcastClientScreenMessages | Enables or disables Anti TCC's a red warning message in the center of all clients screens when a client is kicked by Anti TCC. |
| bNoOpenGLWindows bNoOpenGLOtherOS |
Allowes or disallowes players to use the OpenGL rendering
mode when connecting to this server. These options are disabled by default and I only recommend to enable bNoOpenGLWindows because other operating systems don't have much of choice other than using OpenGL. |
| bNoHighLODBias | Prevents players from using a
DefaultTexMipBias (aka. PicMip) higher than 0. DefaultTexMipBias > 0 can cause textures to look like a single color and can give players unfair advantages e.g. in InstaGib. |
IMPORTANT NOTE: You can only obtain the MD5 using a UT2003 patch released after 10/27/02. You are on the save side if you use v2225 or later.
There are two different types of MD5's that can be generated. QuickMD5 rely on the
fact that the package is already loaded. This is a very fast MD5 that's great for
large files (like PlayerSkins.utx). The downside is it's only available for actual
UT2K3 packages. Full MD5s generate a full fledge MD5 hash of any file.
You can obtain a Full MD5 (and the GUID for Unreal packages) of any file by using the
following UCC commandlet:
UCC mastermd5 -f <filename>
This will give you the 32 digit MD5 you need for the MD5 field above. Please keep
in mind that only files that will not change can be checked using UTSecure. Do not
attempt to check core .U files (they are already well protected).
You can obtain a quick MD5 of any package by using the UCC commandlet:
UCC mastermd5 -q <packagename>
Rember that you do not need to include the path or file extension for quick MD5's as UT2K3 will use its internal package loading code to open it.
You can use UTSecure or Anti TCC to prevent clients from connecting with certain files. To do this, just create a new Checks entry like this:
Checks=(FName="OpenGL32.dll",MD5="file not allowed",MD5Type=2,Optional=True)
This will disallow the file OpenGL32.dll in the \System directory. Of course you can also specify absolute or relative paths in FName. It is important that you use MD5Type=2 and Optional=True.