Release 1.07, Copyright 2003 by Wormbo (wormbo@onlinehome.de)
Based on UT2003 Interim Security Mutator (UTSecure) Release 2.11, Copyright 2002-2003 by Epic Games.
UTSecure is a simple mutator that designed to perform a more detailed check
of various packages. Its goal is to provide additional protection in between
normal patch cycles by allowing server admins to perform more rigerous checking
of given files.
Anti TCC enhances UTSecure's ability to detect SET command cheats, the
so-called temporary console commands or "TCCs".
This interim release targets the following cheats:
The .zip that you downloaded contains 5 files.
Step 1: You should unzip the archive directly in to your root UT2003 directory with "expand folders" turned on. This will place the first 4 files in your \System subdirectory and the last in \Help.
Step 2: Open your UT2003.ini (or whatever configuration INI you are using).
Step 3: Find the section [Engine.GameEngine] and add the following two lines anywhere in that section:
ServerPackages=UTSecure211 ServerPackages=AntiTCC107 ServerActors=AntiTCC107.AntiTCCServerActor
IMPORTANT:You have to remove the UTSecureServerActor and also any references to older versions of UTSecure or AntiTCC.
Step 4: Add the changes found in AntiTCC107DefINI.txt to the end
of your INI file.
Note: With v2.00 of UTSecure, there was a huge change in the configuration section
so you will likely want to remove any section belonging to a previous version.
Starting with v2.07 of UTSecure, you no longer need to check UPlayersX1.upl.
This is now checked in different way which should increase compatibilty without
making it any less secure.
Step 5: If you are using Anti TCC or UTSecure with version 2166 of UT2003, please verify the that the line "SecurityClass=UnrealGame.UnrealSecurity" is found under the [Engine.GameInfo] section of your ini file. Later versions should already have that line.
Make sure Anti TCC works properly by connecting to your server. The client console should display something similar to the following example.
========================================== UTSecure - Interim security release 2.11 Copyright 2002-2003 by Epic Games ========================================== Anti TCC v1.07 build 2003-09-05 11:31 Copyright 2003 by Wormbo ========================================== * Insecure clients will be kicked * Scanning for SET command cheats... * Scanning for FOV cheats... * Verified package PlayerSkins * Verified package Bot * Verified package Aliens * Verified package HumanMaleA * Verified package HumanFemaleA * Verified package Jugg * Verified package Weapons * Verified package BrightPlayerSkins * Verified file UTSecure211.u * Verified file AntiTCC107.u * Verified skins You have been validated successfully.
The packages actually verified depend on which packages are loaded which in
turn depends on which models the players on the server use. Anti TCC explicitely
preloads the packages Aliens, Bot, HumanFemaleA, HumanMaleA and BrightPlayerSkins,
the packages PlayerSkins, Jugg and Weapons are already loaded by default.
The default Anti TCC configuration checks the regular skins, the Epic bright skins
and the TTM bright skins as well as the standard model packages and the files
UTSecure211.u and AntiTCC107.u.
Note: You can also use Anti TCC's default configuration for UTSecure v2.11,
but you have to change the checks for the following packages to Optional=True:
Bot, Aliens, HumanMaleA, HumanFemaleA
The following options need to go under the enter [UTSecure211.UTChecker] in your UT2003.ini file (or whichever ini file configures your server).
The first configuration option is the Checks data set. All of the important data for each file is combined in to 1 entry in the ini. The format for the entry is seen here:
Checks=(FName="",MD5="",MD5Type=x,GUID="",MaxGenerations=x,Optional=True|False)
Notice that each sub-field is separated by a comma and mixes string and numeric data. Additionally, the GUID and MaxGenerations sub-fields are only relevant when MD5Type is 2 and can be excluded in all other cases. You can refer to the defaults for actual examples. The available sub-fields are:
| FName=<packagename> FName=<filename> |
The FName sub-field defines which files you wish to
check. How this field is handled is dependant on the MD5Type
sub-field below. If you are doing a QuickMD5, then you only need to include the
package name (ex: PlayerSkins, not PlayerSkins.utx). If you
are doing a Full MD5, then you need to include the full filename and
path (if needed). Paths are relative to your \System directory and can be relative or absolute. |
| MD5=<32 digit hash> | This is the MD5 that UTSecure will expect to see for this file. There is a considerable difference between a Quick MD5 and a Full MD5 so make sure you add the appropriate one depending on the MD5Type sub-field. |
| MD5Type=<0|2> | This sub-field determines what type of MD5 check to
perform.
Full MD5's can be performed on any file but tend to be slower. |
| GUID | This is a new sub-field that in the case of full MD5's will be used to perform an alternate check of a file in case that file is not found. UTSecure will use the GUID to browse the \Cache directory looking for matches. |
| MaxGenerations | This is the maximum number of generations of the file to check for. It works in conjunction with GUID when a file is not found. UTSecure will begin looking for the GUID-MaxGeneration.uxx and count backwards to 0 to maintain compatibility. Most times this number will be set to 1. |
| Optional | If this value is set to true and the file is either not loaded (in the case of types 0s) or not found (in the case of type 2s) then it will not be considered a bad file. |
The following options are considered global.
| WhatToDo=<0-3> | The what to do option determines what your server will
do if it detects an modified file. The available options are:
|
| TimeoutSeconds | This option determins now how the mutator will wait before it considers the whole system to have timed out. (ie: not functioning properly). |
| bKickOnTimeout | If this option is true, when a player times out, he will be kicked from your system. |
| bCheckSets | If set to true, UTSecure will check for the following
SET command cheats:
|
| bUseCustomLog | When set to true, UTSecure will
attempt to send most of it's log output to the log file specified in
the next variable. NOTE: Anti TCC ignores this setting. |
| LogFileName | Holds the name of the log file to output to.
This file gets stored in the \UserLogs directory. NOTE: Anti TCC ignores this setting. |
The following options need to go under the enter [AntiTCC107.MutAntiTCC] in your UT2003.ini file (or whichever ini file configures your server).
| bConfigured | Just making sure you really read this file. ;-) Other values than bConfigured=True will display warning messages about Anti TCC not being configured correctly and Anti TCC will use its default configuration. |
| bCheckFOV | Enables or disables Anti TCC's FOV cheat checks. These checks have little to no visible performance impact and should stay enabled to prevent players from zooming with weapons that don't have a zoom feature. |
| bMessageBeep | Enables or disables the beep sound played when Anti TCC detects illegal files, settings or activities on a client. |
| bAllowClientConsoleMessages | Anti TCC displays messages in the client's console and log file about security checks. This option can disable the console messages. |
| bBroadcastConsoleErrorMessages | Enables or disables Anti TCC's red console warning messages stating the reason for a kick. This will not display a client console warning when bAllowClientConsoleMessages is disabled, but the warning will still be logged in the client's log file. |
| bBroadcastClientScreenMessages | Enables or disables Anti TCC's a red warning message in the center of all clients screens when a client is kicked by Anti TCC. |
| bNoHighLODBias | Prevents players from using a DefaultTexMipBias (aka.
PicMip) higher than 0. DefaultTexMipBias > 0 can cause textures to look like a single color and can give players unfair advantages e.g. in InstaGib matches. |
| bCheckInvisHack | Enables or disables Anti TCC's checks for invalid player classes like the invisible player exploit or the giant Gorge model. |
| bLogClientPackages | Whether a list of all packages loaded on the client should
be logged in the server's log file. This option probably is more useful in league matches than on public servers. |
| LogFileSaveInterval | Values greater than 0 will cause Anti TCC to close and re-open
the custom log file once in a while to force all log data to be written to disk. This option is useful when dealing with server crashes possibly related to cheats and other exploits because without it the custom log would only be saved when switching maps. |
| LogFileTimestampFormat | The timestamp format to be used in the custom
log file. This option has no effect when the custom log file is disabled.
You can use the following placeholders in the timestamp: yyyy – year (four digits) yy – year (two digits) mm – month dd – day hh – hour (24 hour format) nn – minute ss – second |
| LogFileName | Holds the name of the log file to output to.
This file gets stored in the \UserLogs directory. You can use the following placeholders in the filename: %y – year (four digits) %m – month %d – day %h – hour %n – minute %s – second (not really useful but still available) %p – server port IMPORTANT: Logging is disabled on servers running a UT2003 version lower than v2220 because it would crash on map change every time. Later version of UT2003 have the bug fixed. |
IMPORTANT NOTE: You can only obtain the MD5 using a UT2003 patch released after 10/27/02. You are on the save side if you always use the latest patch.
There are two different types of MD5's that can be generated. QuickMD5 rely on the
fact that the package is already loaded. This is a very fast MD5 that's great for
large files (like PlayerSkins.utx). The downside is it's only available for actual
UT2K3 packages. Full MD5s generate a full fledge MD5 hash of any file.
You can obtain a Full MD5 (and the GUID for Unreal packages) of any file by using the
following UCC commandlet:
UCC mastermd5 -f <filename>
This will give you the 32 digit MD5 you need for the MD5 field above. Please keep
in mind that only files that will not change can be checked using UTSecure. Do not
attempt to check core .U files (they are already well protected).
You can obtain a quick MD5 of any package by using the UCC commandlet:
UCC mastermd5 -q <packagename>
Rember that you do not need to include the path or file extension for quick MD5's as UT2K3 will use its internal package loading code to open it.
Due to the nature of UTSecure's MD5 checks you can prevent clients from connecting when they have with certain files. To do this, just create a new Checks entry like this:
Checks=(FName="OpenGL32.dll",MD5="file not allowed",MD5Type=2,Optional=True)
This will disallow the file OpenGL32.dll in the \System directory. Of course you can also specify absolute or relative paths in FName. It is important that you use MD5Type=2 and Optional=True.
Note: A lot of cheat files do not need to have a specific name to work or can be put in other directories, making a check like this useless.