Anti TCC Enhanced Security Mutator

Release 1.11, Copyright 2003 by Wormbo

If you have any problems with Anti TCC, please have a look at the Anti TCC homepage or post in the Anti TCC Forum.

Description

Anti TCC is a mutator designed to perform a more detailed check of various packages and clientside settings. Its main goal is to detect SET command cheats, the so-called temporary console commands or "TCCs".

Targets

This release targets the following cheats and potentially unwanted actions:

Please note that Anti TCC is not designed to detect aimbots directly.

Installation

The ZIP archive you downloaded contains 11 files:

Step 1
You should unzip the archive directly in to your root UT2003 directory with "expand folders" turned on.
This will place all files in your UT2003\System subdirectory except for the last two, which will be placed in UT2003\Help.
Step 2
Open the UT2003\System\UT2003.ini, UT2003\System\Server.ini or whatever main configuration file your server uses.
Step 3
(You can skip this step if your server is running ConfigManager.)
Find the section [Engine.GameEngine] and add the following two lines anywhere in that section: 
ServerPackages=AntiTCC111
ServerActors=AntiTCC111.AntiTCCServerActor
The ServerActors entry automatically loads Anti TCC. If you don't want that, don't add it and manually start the Anti TCC mutator (AntiTCC111.MutAntiTCC).
IMPORTANT: You have to remove the UTSecureServerActor and also any references to older versions of UTSecure or AntiTCC. Anti TCC and UTSecure will not work together and the Anti TCC server actor will try to get rid of the UTSecure server actor.
Step 4
Add the changes found in AntiTCC111DefINI.txt (or one of the other default configurations included in the Anti TCC ZIP archive) to the end of your INI file.
Note: You shouldn't add UPlayersX1.upl or any files that were changed in a UT2003 patch to Anti TCC's list of file checks. The contents of UPlayersX1.upl is checked seperately through Anti TCC's skin checks.

Make sure Anti TCC works properly by connecting to your server. The client console should display something similar to the following example.

==================================================
 Anti TCC v1.11 build 2004-02-25 17:38
 Copyright (c) 2003-2004 by Wormbo
==================================================
 
 * Your unique ID is [ 0123456789ABCDEF0123456789ABCDEF ]
 * Player ID logging is enabled
   Use 'Whois' to view other players' alias names.
 * Check Timeout: 60 seconds
 * Reactions to insecurities:
     Insecure Clients:   Kick
     Set command cheats: Kick
     Center View:        Not Checked
     FOV cheats:         Llamaize
     NetSpeed Changes:   Kick, 3 Changes Allowed, minimum NetSpeed 2600
     Invisible Players:  Kick
     High MipMap Bias:   Kick
 * Scanning for all SET command cheats...
 * Integrity check passed
 * Verified map DM-Antalus
 * Verified package Aliens
 * Verified package Bot
 * Verified package HumanMaleA
 * Verified package HumanFemaleA
 * Verified package Jugg
 * Verified package Weapons
 * Verified package PlayerSkins
 * Verified package BrightPlayerSkins
 * Verified skins
You have been validated successfully.

Everything Anti TCC displays in the client's console is also written to the file AntiTCC_ClientConsoleLog.log in the client's UT2003\UserLogs directory.

The packages actually verified depend on which packages are loaded. Anti TCC explicitely preloads the packages Aliens, Bot, HumanFemaleA, HumanMaleA, BrightPlayerSkins and TTM2003_skins, the packages PlayerSkins, Jugg and Weapons are already loaded by default.
The default Anti TCC configuration checks the regular skins, the Epic bright skins and the TTM bright skins (if they are installed) as well as the standard model packages and the file AntiTCC111.u.
You should also check the server's log file (usually ucc.log or server.log) for Anti TCC warnings. Anti TCC will tell you if something went wrong or whether your configuration might cause problems.

Console Commands

Anti TCC offers some new console commands:

Mutate AntiTCC Version
This command displays the Anti TCC version on the client. If you run Anti TCC without mods that replace the PlayerController like TTM or Chaos UT KOTH this command can be shortened to Ver instead of Mutate AntiTCC Version.
Mutate AntiTCC ShowIDs
This command lists the ID hashes of all players connected to the server.
If you run Anti TCC without mods that replace the PlayerController like TTM or Chaos UT KOTH this command can be shortened to ShowIDs.
You can disable this command for normal (non-admin) players by setting the bClientsMayGetIDs config property to False. (see Options below)
Admins will get the player IDs and their IP addresses.
Mutate AntiTCC Whois player
This command lists other names a player connected to the server has used on this server since ID logging started. Anti TCC will complete partial names, so you don't have to specify the player's full name.
If you run Anti TCC without mods that replace the PlayerController like TTM or Chaos UT KOTH this command can be shortened to Whois.
You can disable this command for normal (non-admin) players by setting the bClientsMayGetNames config property to False. (see Options below)
Admins will also see the player's ID and IP address. The Whois command requires player ID logging to be enabled.
Mutate AntiTCC SaveLog
This admin-only command is mainly meant for debugging purposes. It forces all custom log data to be written to disk.
You can and should use the LogFileSaveInterval config property to automatically do this. (see Options below)
Mutate AntiTCC SimpleLog
This admin-only command enables the Simple Log Mode. (see Options below)
Mutate AntiTCC NoSimpleLog
This admin-only command disables the Simple Log Mode. (see Options below)

Options

The following options need to go under the enter [AntiTCC111.AntiTCCSecurity] in your UT2003.ini file (or whichever ini file configures your server).

Checks The first configuration option is the Checks data set. All of the important data is combined into one entry for each file to check.
The format for the entry is seen here:
Checks=(FName="",MD5="",MD5Type=0|2,GUID="",MaxGenerations=x,Optional=True|False)
Notice that each sub-field is separated by a comma and mixes string and numeric data. Additionally, the GUID and MaxGenerations sub-fields are only relevant when MD5Type is 2 and can be excluded in all other cases. You can refer to the defaults in AntiTCC111DefINI.txt for actual examples.
IMPORTANT: Make sure there are no whitespaces in the Checks entries.
The available sub-fields are:
FName
The FName sub-field defines which files you wish to check. How this field is handled is dependant on the MD5Type sub-field below. If you are doing a QuickMD5, then you only need to include the package name (e.g. PlayerSkins, not PlayerSkins.utx).
If you are doing a Full MD5, then you need to include the full filename and also the path to the file if it's not in the UT2003\System directory. If you specify a path it should be relative to UT2003's System directory, e.g. ..\Textures\BrightPlayerSkins.utx.
Please keep in mind that not everyone installed the game on their first harddrive and neither Linux nor Mac systems use drive letters, so using absolute paths or paths outside the UT2003 directory generally is a bad idea.
You are free to use slashes or backslashes for paths. Both will work equally on all clients.
MD5
This is the MD5 that Anti TCC will expect to see for this file. There is a considerable difference between a Quick MD5 and a Full MD5 so make sure you add the appropriate one depending on the MD5Type sub-field.
MD5 hashes are always 32-digit hexadecimal numbers with a-f in lowercase with the exception of the value "not allowed", which means the file or package is not allowed. In this case the Optional parameter must be set to True.
MD5Type
This sub-field determines what type of MD5 check to perform.
Possible values are:
0
QuickMD5 checks are much faster as it utilizes the fact that the package is already preloaded by the game. The drawbacks are it only works on UT2003 packages and the package must be loaded by the game.
2
FullMD5 checks can be performed on any file but tend to be slower.
IMPORTANT: Don't perform checks on UT2003's own .U or .DLL files or on xPlayersL1.upl or Packages.md5. These files are likely to change when patches, custom models or mods are installed.
GUID
This sub-field will be used in the case of a FullMD5 to perform an alternate check of a file in case that file is not found. Anti TCC will use the GUID and MaxGenerations to browse the player's cache directory looking for matches.
GUIDs are always 32-digit hexadecimal numbers with A-F in UPPERCASE.
MaxGenerations
This is the maximum number of generations of the file to check for. It works in conjunction with GUID when a file is not found. Anti TCC will begin looking for the GUID-MaxGeneration.uxx and count backwards to 0 to maintain compatibility. Most times this number will be set to 1. Always set this higher than 0 if you also specified a GUID.
Optional
If this value is set to True and the file is either not loaded (in the case of MD5Type 0) or not found (in the case of MD5Type 2) then it will not be considered a bad file.
Important: Always set this to True when using "not allowed" as the MD5.

The following options need to go under the enter [AntiTCC111.Settings] in your UT2003.ini file (or whichever ini file configures your server).
They can also be changed from the web admin interface.

WhatToDo
WhatToDoSetHack
WhatToDoInvisHack
WhatToDoFOV
WhatToDoCV
WhatToDoNetSpeed
WhatToDoMipBias		 The WhatToDo options determine what your server will do if it detects an insecurity, a SET command cheat, an Invisible Player hack, a zoom cheat, center view usage, NetSpeed changes or a high DefaultTexMipBias setting respectively.
The available options are:
LogOnly
Nothing, just log the transgression
Message
Log the transgression and display a message (if allowed)
Llamaize
A more subtile punishment that moves the player's view and crosshair to make it virtually impossible to place any well-aimed shots in the next 60 seconds.
Kick
Log the transgression and kick the user
TempBan
Log and kick ban the user for ten minutes or until the next map change (whichever happens first)
SessionBan
Log and kick ban the user until the next map change
PermanentBan
Log and kick ban the user for good.
MaxOffenseCount Anti TCC counts transgressions that have a WhatToVo value of Message or Llamaize associated and will TempBan the player if the MaxOffenseCount is exceeded.
Setting this to 0 will disable the MaxOffenseCount.
TimeoutSeconds
bKickOnTimeout		 TimeoutSeconds determins how long the mutator will wait before it considers the whole system to have timed out, i.e. not functioning properly. Values lower than 10 seconds are not allowed. The recommended minimum value is 30 seconds.
If bKickOnTimeout is true, when a player times out, he or she will be kicked from the server.
NOTE: A timeout doesn't imply cheating. It is usually caused by lag.
bCheckMapMD5 If set to True, Anti TCC will automatically do a quick MD5 check of the map played before performing other file checks.
bSelfIntegrityChecks If set to True, Anti TCC will perform checks to ensure its various lists for clientside checks aren't modified.
(This check was always enabled in earlier versions.)
bCheckSkins If set to True, Anti TCC will perform checks to ensure the player skins listed in XPlayersL1.upl are not modified.
(This check was always enabled in earlier versions.)
CheckSets If set to CheckBasic, CheckSome or CheckAll, Anti TCC will check for SET command tweaks and cheats. Possible values are:
CheckNone
No SET command checks
CheckBasic
Only critical SET command cheats are checked for
CheckSome
Partial SET command tweak scan
CheckAll
Complete SET command tweak scan
bGetClassDetails Logs the received and the expected class properies summary when a SET command cheat was detected.
bAdditionalRandomSetChecks Randomly perform additional checks for critical SET command tweaks if SET command checks are at least set to CheckSome.
ShowInServerDetails Tells Anti TCC how it should show up in the server details. Possible values are:
Hide
Doesn't show Anti TCC in the server details at all.
Fake
Makes Anti TCC show up as UTSecure in the server details.
NoDetails
Only the Anti TCC mutator is displayed in the server details.
Details
Anti TCC lists its configured checks in the server details.
bLogClientPackages Whether a list of all packages loaded on the client should be logged in the server's log file.
This option probably is more useful in league matches than on public servers.
bNoHighMipBias Prevents players from using a DefaultTexMipBias higher than 0. (aka. PicMip)
DefaultTexMipBias > 0 can cause textures to look like a plain color and can give players unfair advantages e.g. in InstaGib matches.
Note: This option was called bNoHighLODBias in earlier versions.
bCheckFOV Enables or disables Anti TCC's FOV cheat checks.
These checks have little to no visible performance impact and should stay enabled to prevent players from zooming with weapons that don't have a zoom feature.
bCheckInvisHack Enables or disables Anti TCC's checks for invalid player classes like the invisible player exploit or the giant Gorge model.
bCheckNetSpeed
MaxNetSpeedChanges
MinNetSpeed		 Enables or disables Anti TCC's NetSpeed checks.
Anti TCC will not allow a NetSpeed lower than MinNetSpeed or more changes than MaxNetSpeedChanges per game.
bBroadcastNetSpeedMessages With bBroadcastNetSpeedMessages set to True all players are notified when somebody changes the NetSpeed. False sends the message only to the player changing the NetSpeed.
bNoCenterView Enables or disables Anti TCC's checks for usage of the Center View key. Players who use Center View will never be banned, but they will be kicked when WhatToDoCV is set to Kick or one of the ban options.
bClientsMayGetIDs
bClientsMayGetNames		 Enable or disable Anti TCC's ShowIDs and Whois console commands respectively.
Note: This console command is only available when the PlayerControllers have been secured. Some mods like TTM or certain custom gametypes prevent this and clients have to use the Mutate AntiTCC ShowIDs command instead.
bMessageBeep Enables or disables the beep sound played when Anti TCC detects illegal files, settings or activities on a client.
bAllowClientConsoleMessages Anti TCC displays messages in the client's console and log file about security checks. This option can disable the console messages.
bBroadcastConsoleErrorMessages Enables or disables Anti TCC's red console warning messages stating the reason for a kick. This will not display a client console warning when bAllowClientConsoleMessages is disabled, but the warning will still be logged in the client's log file.
bBroadcastClientScreenMessages Enables or disables Anti TCC's a red warning message in the center of all clients screens when a client is kicked by Anti TCC.
MoreInformationURL The "More Information" button in the dialog box Anti TCC displays for kicked clients will open a browser window with the specified URL. By default it points to the Anti TCC FAQ.
You can use the placeholder ::code:: in the URL which will be replaced by a message code reflecting the problem the client was kicked for.
The ::code:: placeholder will be replaced with one of the following codes:
ModifiedPackage
A modified file or package was detected.
ModifiedCharacterEntry
A modified character entry in xPlayersL1.upl was detected.
SetHack
A SET command tweak was found.
ErrorVerifyingPackages
Anti TCC couldn't check a file or package because the file doesn't exist or the package isn't loaded.
IllegalConsoleCommand
An illegal console command was used.
IllegalFiles
Anti TCC found illegal files on the client.
ZoomCheat
The client used a zoom cheat.
ModifiedAntiTCC
Some kind of modification to Anti TCC was found. (This could be caused by an outdated client version.)
BadDetailSetting
A DefaultTexMipBias setting greater than 0 was detected.
BadPlayerClass
The client tried to use Invisible Player or another cheat based on chaning the player class.
CenterView
The client used Center View.
NetSpeedCheat
The client changed the netspeed too often.
CheckTimeout
An Anti TCC check timed out.
bUseCustomLog When set to true, Anti TCC will send most of it's log output to the log file specified in the next variable.
LogFileName Holds the name of the log file to output to. This file gets stored in the \UserLogs directory and the file extension ".log" is automatically appended.
You can use one or more of the following placeholders in the filename:
%y
Year (four digits)
%m
Month (two digits)
%d
Day (two digits)
%h
Hour (two digits)
%n
Minute (two digits)
%s
Second (two digits)
%i
Server IP
%p
Server port
LogFileTimestampFormat The timestamp format to be used in the custom log file. This option has no effect when the custom log file is disabled. You can use the following placeholders in the timestamp:
yyyy
Year (four digits)
yy
Year (two digits)
mm
Month (two digits)
dd
Day (two digits)
hh
Hour (24 hours format, two digits)
nn
Minute (two digits)
ss
Second (two digits)
LogFileSaveInterval Values greater than 0 will cause Anti TCC to close and re-open the custom log file once in a while to force all log data to be written to disk.
This option is useful when dealing with server crashes possibly related to cheats and other exploits because without it the custom log would only be saved when switching maps.
bSimpleLogMode When set to true, Anti TCC will only create the custom log file when an insecurity or important other problem is detected. The time placeholders of the log file name will use the map startup time, but the first logged line will show the time when the log file was actually opened.
NOTE: Enabling this option will turn off the bLogClientPackages option.
SavePlayerIDsTo Set this to PlayerIDsINI or PlayerIDsxINI (where x is any number between including 1 and 9) to log all players' IDs to PlayerIDsx.ini. All other values will disable player ID logging and also Anti TCC's Whois command, which requires this feature.
bLinkGunFix When set to true, Anti TCC will modify the Linkgun to prevent "Accessed None" warnings that might decrease performance serverside and clientside as well in certain situations.

Potentially Asked Questions

Do I still need to install UTSecure?
No. Anti TCC completely replaces UTSecure since version 1.08. Versions prior to 1.08 only required the UTSecure211.u file to be placed in the server's System directory and in the ServerPackages, but UTSecure had to be disabled in those versions as well for Anti TCC to run without any problems.
When you try to run both mutators Anti TCC will try to disable UTSecure's ServerActor and the UTSecure mutator.
I installed Anti TCC but it doesn't seem to start. What's wrong?
Anti TCC will only run on dedicated servers of UT2003 version 2199 and later. You can't use it in Instant Action, on a listen server or on servers running older versions of UT2003. Please note that versions newer than 2225 may be incompatible to Anti TCC's SET command checks.
Anti TCC will also refuse to start if you manually added the UTSecure mutator. Please use Anti TCC for file and skin checks instead.
Why is there an Anti TCC Lite and what happened to it?
Anti TCC Lite was supposed to provide easier configuration by removing some less important checks and options, but development was discontinued for various reasons. Anti TCC v1.10 and later versions provide a 'lite' config preset which disables the checks the 'lite' version didn't have
What is this "ConfigManager" you keep talking about?
ConfigManager is a useful serverside add-on which can be used to add and remove the ServerActors of other mods via the web admin interface if those mods have ConfigManager support.
See ConfigManager download page for more details.
How do I find out the MD5 and GUID values for the Checks=... list?
There are two different types of MD5's that can be generated. QuickMD5 rely on the fact that the package is already loaded. This is a very fast MD5 that's great for large files (like PlayerSkins.utx). The downside is it's only available for actual UT2003 packages. Full MD5s generate a full fledge MD5 hash of any file.
You can obtain a Full MD5 (and the GUID for Unreal packages) of any file by using the following UCC commandlet:
UCC mastermd5 -f <filename>
This will give you the 32 digit MD5 you need for the MD5 field above. Please keep in mind that only files that will not change can be checked using Anti TCC. Do not attempt to check core .U files (they are already protected and have a different MD5 in every version).
You can obtain a quick MD5 of any package by using the UCC commandlet:
UCC mastermd5 -q <packagename>
Rember that you do not need to include the path or file extension for quick MD5's as UT2003 will use its internal package loading code to open it.
IMPORTANT NOTE: You can only obtain the MD5 using a UT2003 patch released after 10/27/02.
How can I prevent a client from having a certain file?
Due to the nature of AntiTCC's MD5 checks you can prevent clients from connecting when they have with certain files. To do this, just create a new Checks entry like this:
Checks=(FName="OpenGL32.dll",MD5="file not allowed",MD5Type=2,Optional=True)
This will disallow the file OpenGL32.dll in the \System directory. Of course you can also specify absolute or relative paths in FName. It is important that you use MD5Type=2 and Optional=True.
Note: A lot of cheat files do not need to have a specific name to work or can be put in other directories, making a check like this useless.
Can I put Anti TCC in some kind of "silent mode"?
Anti TCC can be hidden almost completely from players. Have a look at the file AntiTCC111DefINI_Silent.txt that came with Anti TCC for an example.
In this kind of "silent mode" the mutator will not show up in the server details or send messages about insecurities to clients if WhatToDo is set to LogOnly. Anti TCC's client status messages and console commands are disabled by setting the bAllowClientConsoleMessages to false. The console commands are still available to players logged in as admins.
Will the custom log file work with server versions prior to 2220?
Yes. While earlier versions of Anti TCC and UTSecure relied on a special mutator function to be called on mapchange, this version can also detect map changes without this function and can close the custom log file on map change to prevent crashes.
This feature also prevents crashes when using UT2Vote or other mods that use a different way to switch maps.
What does the "Security ID" in the log file mean?
The Security ID is a unique number associated with the Anti TCC security actors. This number is increased by one every time an AntiTCCSecurity actor is spawned and will be reset when the map changes.
A player keeps the same Security ID until he or she disconnects. When the player reconnects a new security actor is spawned and a new Security ID is assigned.
Help, Anti TCC breaks my mod's linkgun modifications!
By default Anti TCC adds a fix for the linkgun's secondary firing mode to prevent the Accessed None log spam in UT2003 version 2225 which can sometimes cause a heavy performance impact.
Set bLinkGunFix=False in the Anti TCC configuration if you intend to run a mod or mutator which modifies the Linkgun.
What does a specific Anti TCC message mean?
Descriptions of Anti TCC's kick messages and information on what causes them and how to avoid them can be found in the Anti TCC FAQ.