Anti TCC Enhanced Security Mutator v1.09

Description

Anti TCC is a mutator that designed to perform a more detailed check of various packages and clientside settings. Its main goal is to detect SET command cheats, the so-called temporary console commands or "TCCs".

Targets

This release targets the following cheats and potentially unwanted actions:

Skin hacks and external aimbots and triggerbots that use them
Generic checking of any UT file
SET command tweaking
FOV cheats
Invisible player hack
Frequent NetSpeed changes
Center View usage

Installation

The ZIP archive you downloaded contains 4 files:

AntiTCC109.u the main package file for Anti TCC.
AntiTCC109.int is a needed system file
AntiTCC109DefINI.txt is a sample INI. You should add these values to your UT2003.ini file.
AntiTCC109.htm is this file

Step 1

You should unzip the archive directly in to your root UT2003 directory with "expand folders" turned on. This will place the first three files in your \System subdirectory and the last in \Help.

Step 2

Open your UT2003.ini (or whatever configuration INI you are using).

Step 3

Find the section [Engine.GameEngine] and add the following two lines anywhere in that section:

ServerPackages=AntiTCC109
ServerActors=AntiTCC109.AntiTCCServerActor

The ServerActors entry automatically loads Anti TCC. If you don't want that, don't add it and manually start the Anti TCC mutator (AntiTCC109.MutAntiTCC).
IMPORTANT: You have to remove the UTSecureServerActor and also any references to older versions of UTSecure or AntiTCC.

Step 4

Add the changes found in AntiTCC109DefINI.txt to the end of your INI file.
You shouldn't add UPlayersX1.upl to Anti TCC's list of file checks. This file's contents is checked seperately in a way that is more compatible to custom skins and models.
Note: With v1.08 of Anti TCC, there was a huge change in the configuration section and Anti TCC no longer depends on UTSecure to be installed.

Step 5

If you are using Anti TCC with version 2166 of UT2003, please verify the that the line "SecurityClass=UnrealGame.UnrealSecurity" is found under the [Engine.GameInfo] section of your ini file. Later versions should already have that line.

Make sure Anti TCC works properly by connecting to your server. The client console should display something similar to the following example.

==================================================
 Anti TCC v1.09 build 2003-10-08 19:09
 Copyright 2003 by Wormbo
==================================================
 
 * Check Timeout: 60 seconds
 * Reactions to insecurities:
     Insecure Clients:   Kick
     Set command cheats: Kick
     Center View:        Not Checked
     FOV cheats:         Llamaize
     NetSpeed Changes:   Kick, 3 Changes Allowed
     Invisible Players:  Kick
     High MipMap Bias:   Kick
 * Scanning for all SET command cheats...
 * Integrity check passed
 * Verified map DM-Antalus
 * Verified package Aliens
 * Verified package Bot
 * Verified package HumanMaleA
 * Verified package HumanFemaleA
 * Verified package Jugg
 * Verified package Weapons
 * Verified package PlayerSkins
 * Verified package BrightPlayerSkins
 * Verified package TTM2003_skins
 * Verified file AntiTCC109.u
 * Verified skins
You have been validated successfully.

The packages actually verified depend on which packages are loaded. Anti TCC explicitely preloads the packages Aliens, Bot, HumanFemaleA, HumanMaleA, BrightPlayerSkins and TTM2003_skins, the packages PlayerSkins, Jugg and Weapons are already loaded by default.
The default Anti TCC configuration checks the regular skins, the Epic bright skins and the TTM bright skins (if they are installed) as well as the standard model packages and the file AntiTCC109.u.
You should also check the server's log file (usually ucc.log or server.log) for Anti TCC warnings. Anti TCC will tell you if something went wrong or whether your configuration might cause problems.

Console Commands

Anti TCC offers some new console commands:

Mutate AntiTCC Version: This command displays the Anti TCC version on the client. If you run Anti TCC without mods that replace the PlayerController like TTM or Chaos UT KOTH this command can be shortened to Ver instead of Mutate AntiTCC Version.
Mutate AntiTCC ShowIDs: This command lists the ID hashes of all players connected to the server. If you run Anti TCC without mods that replace the PlayerController like TTM or Chaos UT KOTH this command can be shortened to ShowIDs.
You can disable this command for normal (non-admin) players by setting the bClientsMayGetIDs config property to False. (see Options below)
Admins will get the player IDs and their IP addresses.
Mutate AntiTCC SaveLog: This admin-only command is mainly meant for debugging purposes. It forces all custom log data to be written to disk.
You can and should use the LogFileSaveInterval config property to automatically do this. (see Options below)
Mutate AntiTCC SimpleLog: This admin-only command enables the Simple Log Mode. (see Options below)
Mutate AntiTCC NoSimpleLog: This admin-only command disables the Simple Log Mode. (see Options below)

Options

The following options need to go under the enter [AntiTCC109.AntiTCCSecurity] in your UT2003.ini file (or whichever ini file configures your server).

Checks	The first configuration option is the Checks data set. All of the important data is combined into one entry for each file to check. The format for the entry is seen here: Checks=(FName="",MD5="",MD5Type=0\|2,GUID="",MaxGenerations=x,Optional=True\|False) Notice that each sub-field is separated by a comma and mixes string and numeric data. Additionally, the GUID and MaxGenerations sub-fields are only relevant when MD5Type is 2 and can be excluded in all other cases. You can refer to the defaults in AntiTCC109DefINI.txt for actual examples. IMPORTANT: Make sure there are no whitespaces in the Checks entries. The available sub-fields are: FName The FName sub-field defines which files you wish to check. How this field is handled is dependant on the MD5Type sub-field below. If you are doing a QuickMD5, then you only need to include the package name (e.g. PlayerSkins, not PlayerSkins.utx). If you are doing a Full MD5, then you need to include the full filename and path (if needed). You can either use an absolute path or a path relative to your \System directory. MD5 This is the MD5 that Anti TCC will expect to see for this file. There is a considerable difference between a Quick MD5 and a Full MD5 so make sure you add the appropriate one depending on the MD5Type sub-field. MD5 hashes are always 32-digit hexadecimal numbers with a-f in lowercase with the exception of the value "not allowed", which means the file or package is not allowed. In this case the Optional parameter must be set to True. MD5Type This sub-field determines what type of MD5 check to perform. Possible values are: 0 QuickMD5 checks are much faster as it utilizes the fact that the package is already preloaded by the game. The drawbacks are it only works on UT2003 packages and the package must be loaded by the game. 2 FullMD5 checks can be performed on any file but tend to be slower. IMPORTANT: Don't perform checks on UT2003's own .U or .DLL files or on xPlayersL1.upl or Packages.md5. These files are likely to change when patches, custom models or mods are installed. GUID This is a new sub-field that in the case of a FullMD5 will be used to perform an alternate check of a file in case that file is not found. Anti TCC will use the GUID to browse the \Cache directory looking for matches. GUIDs are always 32-digit hexadecimal numbers with A-F in UPPERCASE. MaxGenerations This is the maximum number of generations of the file to check for. It works in conjunction with GUID when a file is not found. Anti TCC will begin looking for the GUID-MaxGeneration.uxx and count backwards to 0 to maintain compatibility. Most times this number will be set to 1. Optional If this value is set to true and the file is either not loaded (in the case of MD5Type 0) or not found (in the case of MD5Type 2) then it will not be considered a bad file. Always set this to True when using "not allowed" as the MD5.
WhatToDo WhatToDoSetHack WhatToDoInvisHack WhatToDoFOV WhatToDoCV WhatToDoNetSpeed WhatToDoMipBias	The WhatToDo options determine what your server will do if it detects an insecurity, a Set command cheat, an Invisible Player hack, a zoom cheat, center view usage, NetSpeed changes or a high DefaultTexMipBias setting respectively. The available options are: LogOnly Nothing, just log the transgression Message Log the transgression and display a message (if allowed) Llamaize A more subtile punishment that moves the player's view and crosshair to make it virtually impossible to place any well-aimed shots in the next 60 seconds. Kick Log the transgression and kick the user SessionBan Log and kick ban the user for just this session PermanentBan Log and kick ban the user for good.
TimeoutSeconds	This option determins how long the mutator will wait before it considers the whole system to have timed out, i.e. not functioning properly. Values lower than 10 seconds are not allowed. The recommended minimum value is 30 seconds.
bKickOnTimeout	If this option is true, when a player times out, he or she will be kicked from the server. NOTE: A timeout doesn't imply cheating. It is usually caused by lag.
bCheckMapMD5	If set to True, Anti TCC will automatically do a quick MD5 check of the map played before performing other file checks.
bSelfIntegrityChecks	If set to True, Anti TCC will perform checks to ensure its various lists for clientside checks aren't modified. (This check was always enabled in earlier versions.)
bCheckSkins	If set to True, Anti TCC will perform checks to ensure the player skins listed in XPlayersL1.upl are not modified. (This check was always enabled in earlier versions.)
CheckSets	If set to CheckBasic, CheckSome or CheckAll, Anti TCC will check for SET command tweaks and cheats. Possible values are: CheckNone No SET command checks CheckBasic Only critical SET command cheats are checked for CheckSome Partial SET command tweak scan CheckAll Complete SET command tweak scan
bGetClassDetails	Logs the received and the expected class properies summary when a SET command cheat was detected.
bAdditionalRandomSetChecks	Randomly perform additional checks for critical SET command tweaks if SET command checks are at least set to CheckSome.
ShowInServerDetails	Tells Anti TCC how it should show up in the server details. Possible values are: Hide Doesn't show Anti TCC in the server details at all. Fake Makes Anti TCC show up as UTSecure in the server details. NoDetails Only the Anti TCC mutator is displayed in the server details. Details Anti TCC lists its configured checks in the server details.
bLogClientPackages	Whether a list of all packages loaded on the client should be logged in the server's log file. This option probably is more useful in league matches than on public servers.
bNoHighMipBias	Prevents players from using a DefaultTexMipBias higher than 0. (aka. PicMip) DefaultTexMipBias > 0 can cause textures to look like a plain color and can give players unfair advantages e.g. in InstaGib matches. Note: This option was called bNoHighLODBias in earlier versions.
bCheckFOV	Enables or disables Anti TCC's FOV cheat checks. These checks have little to no visible performance impact and should stay enabled to prevent players from zooming with weapons that don't have a zoom feature.
bCheckInvisHack	Enables or disables Anti TCC's checks for invalid player classes like the invisible player exploit or the giant Gorge model.
bCheckNetSpeed MaxNetSpeedChanges	Enables or disables Anti TCC's NetSpeed checks. Anti TCC will not allow a NetSpeed lower than 2600 or more changes than MaxNetSpeedChanges per game.
bBroadcastNetSpeedMessages	With bBroadcastNetSpeedMessages set to True all players are notified when somebody changes the NetSpeed. False sends the message only to the player changing the NetSpeed.
bNoCenterView	Enables or disables Anti TCC's checks for usage of the Center View key. Players who use Center View will never be banned, but they will be kicked when WhatToDo is greater than 0.
bClientsMayGetIDs	Enables or disables Anti TCC's ShowIDs console command which sends a list of all players connected and their IDs to the client. Note: This console command is only available when the PlayerControllers have been secured. Some mods like TTM or certain custom gametypes prevent this and clients have to use the Mutate AntiTCC ShowIDs command instead.
bMessageBeep	Enables or disables the beep sound played when Anti TCC detects illegal files, settings or activities on a client.
bAllowClientConsoleMessages	Anti TCC displays messages in the client's console and log file about security checks. This option can disable the console messages.
bBroadcastConsoleErrorMessages	Enables or disables Anti TCC's red console warning messages stating the reason for a kick. This will not display a client console warning when bAllowClientConsoleMessages is disabled, but the warning will still be logged in the client's log file.
bBroadcastClientScreenMessages	Enables or disables Anti TCC's a red warning message in the center of all clients screens when a client is kicked by Anti TCC.
bUseCustomLog	When set to true, Anti TCC will send most of it's log output to the log file specified in the next variable.
LogFileName	Holds the name of the log file to output to. This file gets stored in the \UserLogs directory and the file extension ".log" is automatically appended. You can use one or more of the following placeholders in the filename: %y Year (four digits) %m Month (two digits) %d Day (two digits) %h Hour (two digits) %n Minute (two digits) %s Second (two digits) %i Server IP %p Server port
LogFileTimestampFormat	The timestamp format to be used in the custom log file. This option has no effect when the custom log file is disabled. You can use the following placeholders in the timestamp: yyyy Year (four digits) yy Year (two digits) mm Month (two digits) dd Day (two digits) hh Hour (24 hours format, two digits) nn Minute (two digits) ss Second (two digits)
LogFileSaveInterval	Values greater than 0 will cause Anti TCC to close and re-open the custom log file once in a while to force all log data to be written to disk. This option is useful when dealing with server crashes possibly related to cheats and other exploits because without it the custom log would only be saved when switching maps.
bSimpleLogMode	When set to true, Anti TCC will only create the custom log file when an insecurity or important other problem is detected. The time placeholders of the log file name will use the map startup time, but the first logged line will show the time when the log file was actually opened. NOTE: Enabling this option will turn off the bLogClientPackages option.

Potentially Asked Questions

Do I still need to install UTSecure?: No. Anti TCC does not complement but replace UTSecure. Actually when you run both mutators Anti TCC will disable itself to prevent problems.
How do I find out the MD5 and GUID values for the Checks list?: There are two different types of MD5's that can be generated. QuickMD5 rely on the fact that the package is already loaded. This is a very fast MD5 that's great for large files (like PlayerSkins.utx). The downside is it's only available for actual UT2003 packages. Full MD5s generate a full fledge MD5 hash of any file.
You can obtain a Full MD5 (and the GUID for Unreal packages) of any file by using the following UCC commandlet:
UCC mastermd5 -f <filename>
This will give you the 32 digit MD5 you need for the MD5 field above. Please keep in mind that only files that will not change can be checked using Anti TCC. Do not attempt to check core .U files (they are already protected and have a different MD5 in every version).
You can obtain a quick MD5 of any package by using the UCC commandlet:
UCC mastermd5 -q <packagename>
Rember that you do not need to include the path or file extension for quick MD5's as UT2003 will use its internal package loading code to open it.
IMPORTANT NOTE: You can only obtain the MD5 using a UT2003 patch released after 10/27/02.
How can I prevent a client from having a certain file?: Due to the nature of AntiTCC's MD5 checks you can prevent clients from connecting when they have with certain files. To do this, just create a new Checks entry like this:
Checks=(FName="OpenGL32.dll",MD5="file not allowed",MD5Type=2,Optional=True)
This will disallow the file OpenGL32.dll in the \System directory. Of course you can also specify absolute or relative paths in FName. It is important that you use MD5Type=2 and Optional=True.
Note: A lot of cheat files do not need to have a specific name to work or can be put in other directories, making a check like this useless.
Can I put Anti TCC in some kind of "silent mode"?: Anti TCC can be hidden almost completely from players, all you have to do is setting all the WhatToDo options to LogOnly, bAllowClientConsoleMessages=False, bKickOnTimeout=False and ShowInServerDetails=Hide.
The mutator will not show up in the server details or send messages about insecurities to clients if WhatToDo is set to LogOnly. Anti TCC's client status messages and console commands are disabled by setting the bAllowClientConsoleMessages to false. The console commands are still available to players logged in as admins.
Will the custom log file work with server versions prior to 2220?: Yes. While earlier versions of Anti TCC and UTSecure relied on a special mutator function to be called on mapchange, this version can also detect map changes without this function and can close the custom log file on map change to prevent crashes.
This feature also prevents crashes when using UT2Vote or other mods that use a different way to switch maps.
What does the "Security ID" in the log file mean?: The Security ID is a unique number associated with the Anti TCC security actors. This number is increased by one every time an AntiTCCSecurity actor is spawned and will be reset when the server is restarted.
A player keeps the same Security ID until he or she disconnects. When the player reconnects a new security actor is spawned and a new Security ID is assigned.
What does a specific Anti TCC message mean?: Descriptions of Anti TCC's kick messages and information on what causes them and how to avoid them can be found in the Anti TCC FAQ.