Anti TCC Enhanced Security Mutator v1.10

Description

Anti TCC is a mutator designed to perform a more detailed check of various packages and clientside settings. Its main goal is to detect SET command cheats, the so-called temporary console commands or "TCCs".

Targets

This release targets the following cheats and potentially unwanted actions:

Skin hacks and external aimbots and triggerbots that use them
Generic checking of any UT file
SET command tweaking
FOV cheats
Invisible player hack
Frequent NetSpeed changes
Center View usage

Installation

The ZIP archive you downloaded contains 11 files:

AntiTCC110.u – The main package file for Anti TCC.
AntiTCC110.int – Tells UT2003 about the Anti TCC mutator
AntiTCC110Loader.u – Anti TCC's ConfigManager support. You don't need it if you don't have ConfigManager on your server.
AntiTCC110Loader.int – Another file for Anti TCC's ConfigManager support.
AntiTCCGUIDs.u – This file contains the Anti TCC's package GUID in case the server admin forgets to add the default INI entries.
AntiTCC110DefINI.txt – Contains the default INI values. You should add these values to your UT2003.ini file.
AntiTCC110DefINI_League.txt – Contains recommended INI values for leagues. Simple Log is disabled, all checks are run and transgressions result in a kick.
AntiTCC110DefINI_Lite.txt – Contains a lightweight configuration of Anti TCC for public servers that want to allow non-critical SET command tweaks.
AntiTCC110DefINI_Silent.txt – Contains an example silent mode configuration. Again this is meant for public servers. All tests are run, but transgressions are only logged without a message or kick.
AntiTCC110.htm – This file.
AntiTCCChangeLog.txt – Anti TCC's version history.

Step 1

You should unzip the archive directly in to your root UT2003 directory with "expand folders" turned on.
This will place all files in your UT2003\System subdirectory except for the last two, which will be placed in UT2003\Help.

Step 2

Open the UT2003\System\UT2003.ini, UT2003\System\Server.ini or whatever main configuration file your server uses.

Step 3

(You can skip this step if your server is running ConfigManager.)
Find the section [Engine.GameEngine] and add the following two lines anywhere in that section:

ServerPackages=AntiTCC110
ServerActors=AntiTCC110.AntiTCCServerActor

The ServerActors entry automatically loads Anti TCC. If you don't want that, don't add it and manually start the Anti TCC mutator (AntiTCC110.MutAntiTCC).
IMPORTANT: You have to remove the UTSecureServerActor and also any references to older versions of UTSecure or AntiTCC. Anti TCC and UTSecure will not work together and the Anti TCC server actor will try to get rid of the UTSecure server actor.

Step 4

Add the changes found in AntiTCC110DefINI.txt (or one of the other default configurations included in the Anti TCC ZIP archive) to the end of your INI file.
Note: You shouldn't add UPlayersX1.upl or any files that were changed in a UT2003 patch to Anti TCC's list of file checks. The contents of UPlayersX1.upl is checked seperately through Anti TCC's skin checks.

Step 5

If you are using Anti TCC with version 2166 of UT2003, please verify the that the line "SecurityClass=UnrealGame.UnrealSecurity" is found under the [Engine.GameInfo] section of your ini file. Later versions should already have that line.
Note: I recommend using server version 2225 with Anti TCC. Client and server versions prior to UT2003 v2166, as well as beta patches and any newer versions than v2225 are not supported by this version of Anti TCC.

Make sure Anti TCC works properly by connecting to your server. The client console should display something similar to the following example.

==================================================
 Anti TCC v1.10 build 2003-11-18 12:00
 Copyright 2003 by Wormbo
==================================================
 
 * Check Timeout: 60 seconds
 * Reactions to insecurities:
     Insecure Clients:   Kick
     Set command cheats: Kick
     Center View:        Not Checked
     FOV cheats:         Llamaize
     NetSpeed Changes:   Kick, 3 Changes Allowed, minimum NetSpeed 2600
     Invisible Players:  Kick
     High MipMap Bias:   Kick
 * Scanning for all SET command cheats...
 * Integrity check passed
 * Verified map DM-Antalus
 * Verified package Aliens
 * Verified package Bot
 * Verified package HumanMaleA
 * Verified package HumanFemaleA
 * Verified package Jugg
 * Verified package Weapons
 * Verified package PlayerSkins
 * Verified package BrightPlayerSkins
 * Verified package TTM2003_skins
 * Verified file AntiTCC110.u
 * Verified skins
You have been validated successfully.

The packages actually verified depend on which packages are loaded. Anti TCC explicitely preloads the packages Aliens, Bot, HumanFemaleA, HumanMaleA, BrightPlayerSkins and TTM2003_skins, the packages PlayerSkins, Jugg and Weapons are already loaded by default.
The default Anti TCC configuration checks the regular skins, the Epic bright skins and the TTM bright skins (if they are installed) as well as the standard model packages and the file AntiTCC110.u.
You should also check the server's log file (usually ucc.log or server.log) for Anti TCC warnings. Anti TCC will tell you if something went wrong or whether your configuration might cause problems.

Console Commands

Anti TCC offers some new console commands:

Mutate AntiTCC Version: This command displays the Anti TCC version on the client. If you run Anti TCC without mods that replace the PlayerController like TTM or Chaos UT KOTH this command can be shortened to Ver instead of Mutate AntiTCC Version.
Mutate AntiTCC ShowIDs: This command lists the ID hashes of all players connected to the server. If you run Anti TCC without mods that replace the PlayerController like TTM or Chaos UT KOTH this command can be shortened to ShowIDs.
You can disable this command for normal (non-admin) players by setting the bClientsMayGetIDs config property to False. (see Options below)
Admins will get the player IDs and their IP addresses.
Mutate AntiTCC SaveLog: This admin-only command is mainly meant for debugging purposes. It forces all custom log data to be written to disk.
You can and should use the LogFileSaveInterval config property to automatically do this. (see Options below)
Mutate AntiTCC SimpleLog: This admin-only command enables the Simple Log Mode. (see Options below)
Mutate AntiTCC NoSimpleLog: This admin-only command disables the Simple Log Mode. (see Options below)

Options

The following options need to go under the enter [AntiTCC110.AntiTCCSecurity] in your UT2003.ini file (or whichever ini file configures your server).

Checks	The first configuration option is the Checks data set. All of the important data is combined into one entry for each file to check. The format for the entry is seen here: Checks=(FName="",MD5="",MD5Type=0\|2,GUID="",MaxGenerations=x,Optional=True\|False) Notice that each sub-field is separated by a comma and mixes string and numeric data. Additionally, the GUID and MaxGenerations sub-fields are only relevant when MD5Type is 2 and can be excluded in all other cases. You can refer to the defaults in AntiTCC110DefINI.txt for actual examples. IMPORTANT: Make sure there are no whitespaces in the Checks entries. The available sub-fields are: FName The FName sub-field defines which files you wish to check. How this field is handled is dependant on the MD5Type sub-field below. If you are doing a QuickMD5, then you only need to include the package name (e.g. PlayerSkins, not PlayerSkins.utx). If you are doing a Full MD5, then you need to include the full filename and also the path to the file if it's not in the UT2003\System directory. If you specify a path it should be relative to UT2003's System directory, e.g. ..\Textures\BrightPlayerSkins.utx. Please keep in mind that not everyone installed the game on their first harddrive and neither Linux nor Mac systems use drive letters, so using absolute paths or paths outside the UT2003 directory generally is a bad idea. You are free to use slashes or backslashes for paths. Both will work equally on all clients. MD5 This is the MD5 that Anti TCC will expect to see for this file. There is a considerable difference between a Quick MD5 and a Full MD5 so make sure you add the appropriate one depending on the MD5Type sub-field. MD5 hashes are always 32-digit hexadecimal numbers with a-f in lowercase with the exception of the value "not allowed", which means the file or package is not allowed. In this case the Optional parameter must be set to True. MD5Type This sub-field determines what type of MD5 check to perform. Possible values are: 0 QuickMD5 checks are much faster as it utilizes the fact that the package is already preloaded by the game. The drawbacks are it only works on UT2003 packages and the package must be loaded by the game. 2 FullMD5 checks can be performed on any file but tend to be slower. IMPORTANT: Don't perform checks on UT2003's own .U or .DLL files or on xPlayersL1.upl or Packages.md5. These files are likely to change when patches, custom models or mods are installed. GUID This sub-field will be used in the case of a FullMD5 to perform an alternate check of a file in case that file is not found. Anti TCC will use the GUID and MaxGenerations to browse the player's UT2003\Cache directory looking for matches. GUIDs are always 32-digit hexadecimal numbers with A-F in UPPERCASE. MaxGenerations This is the maximum number of generations of the file to check for. It works in conjunction with GUID when a file is not found. Anti TCC will begin looking for the GUID-MaxGeneration.uxx and count backwards to 0 to maintain compatibility. Most times this number will be set to 1. Always set this higher than 0 if you also specified a GUID. Optional If this value is set to True and the file is either not loaded (in the case of MD5Type 0) or not found (in the case of MD5Type 2) then it will not be considered a bad file. Important: Always set this to True when using "not allowed" as the MD5.

Checks

The first configuration option is the Checks data set. All of the important data is combined into one entry for each file to check.
The format for the entry is seen here:

Checks=(FName="",MD5="",MD5Type=0|2,GUID="",MaxGenerations=x,Optional=True|False)

Notice that each sub-field is separated by a comma and mixes string and numeric data. Additionally, the GUID and MaxGenerations sub-fields are only relevant when MD5Type is 2 and can be excluded in all other cases. You can refer to the defaults in AntiTCC110DefINI.txt for actual examples.
IMPORTANT: Make sure there are no whitespaces in the Checks entries.
The available sub-fields are:

FName

The FName sub-field defines which files you wish to check. How this field is handled is dependant on the MD5Type sub-field below. If you are doing a QuickMD5, then you only need to include the package name (e.g. PlayerSkins, not PlayerSkins.utx).
If you are doing a Full MD5, then you need to include the full filename and also the path to the file if it's not in the UT2003\System directory. If you specify a path it should be relative to UT2003's System directory, e.g. ..\Textures\BrightPlayerSkins.utx.
Please keep in mind that not everyone installed the game on their first harddrive and neither Linux nor Mac systems use drive letters, so using absolute paths or paths outside the UT2003 directory generally is a bad idea.
You are free to use slashes or backslashes for paths. Both will work equally on all clients.

MD5

This is the MD5 that Anti TCC will expect to see for this file. There is a considerable difference between a Quick MD5 and a Full MD5 so make sure you add the appropriate one depending on the MD5Type sub-field.
MD5 hashes are always 32-digit hexadecimal numbers with a-f in lowercase with the exception of the value "not allowed", which means the file or package is not allowed. In this case the Optional parameter must be set to True.

MD5Type

This sub-field determines what type of MD5 check to perform.
Possible values are:

0: QuickMD5 checks are much faster as it utilizes the fact that the package is already preloaded by the game. The drawbacks are it only works on UT2003 packages and the package must be loaded by the game.
2: FullMD5 checks can be performed on any file but tend to be slower.

IMPORTANT: Don't perform checks on UT2003's own .U or .DLL files or on xPlayersL1.upl or Packages.md5. These files are likely to change when patches, custom models or mods are installed.

GUID

This sub-field will be used in the case of a FullMD5 to perform an alternate check of a file in case that file is not found. Anti TCC will use the GUID and MaxGenerations to browse the player's UT2003\Cache directory looking for matches.
GUIDs are always 32-digit hexadecimal numbers with A-F in UPPERCASE.

MaxGenerations

This is the maximum number of generations of the file to check for. It works in conjunction with GUID when a file is not found. Anti TCC will begin looking for the GUID-MaxGeneration.uxx and count backwards to 0 to maintain compatibility. Most times this number will be set to 1. Always set this higher than 0 if you also specified a GUID.

Optional

If this value is set to True and the file is either not loaded (in the case of MD5Type 0) or not found (in the case of MD5Type 2) then it will not be considered a bad file.
Important: Always set this to True when using "not allowed" as the MD5.

The following options need to go under the enter [AntiTCC110.Settings] in your UT2003.ini file (or whichever ini file configures your server).
They can also be changed from the web admin interface.

WhatToDo WhatToDoSetHack WhatToDoInvisHack WhatToDoFOV WhatToDoCV WhatToDoNetSpeed WhatToDoMipBias	The WhatToDo options determine what your server will do if it detects an insecurity, a SET command cheat, an Invisible Player hack, a zoom cheat, center view usage, NetSpeed changes or a high DefaultTexMipBias setting respectively. The available options are: LogOnly Nothing, just log the transgression Message Log the transgression and display a message (if allowed) Llamaize A more subtile punishment that moves the player's view and crosshair to make it virtually impossible to place any well-aimed shots in the next 60 seconds. Kick Log the transgression and kick the user SessionBan Log and kick ban the user for just this session PermanentBan Log and kick ban the user for good.
TimeoutSeconds	This option determins how long the mutator will wait before it considers the whole system to have timed out, i.e. not functioning properly. Values lower than 10 seconds are not allowed. The recommended minimum value is 30 seconds.
bKickOnTimeout	If this option is true, when a player times out, he or she will be kicked from the server. NOTE: A timeout doesn't imply cheating. It is usually caused by lag.
bCheckMapMD5	If set to True, Anti TCC will automatically do a quick MD5 check of the map played before performing other file checks.
bSelfIntegrityChecks	If set to True, Anti TCC will perform checks to ensure its various lists for clientside checks aren't modified. (This check was always enabled in earlier versions.)
bCheckSkins	If set to True, Anti TCC will perform checks to ensure the player skins listed in XPlayersL1.upl are not modified. (This check was always enabled in earlier versions.)
CheckSets	If set to CheckBasic, CheckSome or CheckAll, Anti TCC will check for SET command tweaks and cheats. Possible values are: CheckNone No SET command checks CheckBasic Only critical SET command cheats are checked for CheckSome Partial SET command tweak scan CheckAll Complete SET command tweak scan
bGetClassDetails	Logs the received and the expected class properies summary when a SET command cheat was detected.
bAdditionalRandomSetChecks	Randomly perform additional checks for critical SET command tweaks if SET command checks are at least set to CheckSome.
ShowInServerDetails	Tells Anti TCC how it should show up in the server details. Possible values are: Hide Doesn't show Anti TCC in the server details at all. Fake Makes Anti TCC show up as UTSecure in the server details. NoDetails Only the Anti TCC mutator is displayed in the server details. Details Anti TCC lists its configured checks in the server details.
bLogClientPackages	Whether a list of all packages loaded on the client should be logged in the server's log file. This option probably is more useful in league matches than on public servers.
bNoHighMipBias	Prevents players from using a DefaultTexMipBias higher than 0. (aka. PicMip) DefaultTexMipBias > 0 can cause textures to look like a plain color and can give players unfair advantages e.g. in InstaGib matches. Note: This option was called bNoHighLODBias in earlier versions.
bCheckFOV	Enables or disables Anti TCC's FOV cheat checks. These checks have little to no visible performance impact and should stay enabled to prevent players from zooming with weapons that don't have a zoom feature.
bCheckInvisHack	Enables or disables Anti TCC's checks for invalid player classes like the invisible player exploit or the giant Gorge model.
bCheckNetSpeed MaxNetSpeedChanges MinNetSpeed	Enables or disables Anti TCC's NetSpeed checks. Anti TCC will not allow a NetSpeed lower than MinNetSpeed or more changes than MaxNetSpeedChanges per game.
bBroadcastNetSpeedMessages	With bBroadcastNetSpeedMessages set to True all players are notified when somebody changes the NetSpeed. False sends the message only to the player changing the NetSpeed.
bNoCenterView	Enables or disables Anti TCC's checks for usage of the Center View key. Players who use Center View will never be banned, but they will be kicked when WhatToDo is greater than 0.
bClientsMayGetIDs	Enables or disables Anti TCC's ShowIDs console command which sends a list of all players connected and their IDs to the client. Note: This console command is only available when the PlayerControllers have been secured. Some mods like TTM or certain custom gametypes prevent this and clients have to use the Mutate AntiTCC ShowIDs command instead.
bMessageBeep	Enables or disables the beep sound played when Anti TCC detects illegal files, settings or activities on a client.
bAllowClientConsoleMessages	Anti TCC displays messages in the client's console and log file about security checks. This option can disable the console messages.
bBroadcastConsoleErrorMessages	Enables or disables Anti TCC's red console warning messages stating the reason for a kick. This will not display a client console warning when bAllowClientConsoleMessages is disabled, but the warning will still be logged in the client's log file.
bBroadcastClientScreenMessages	Enables or disables Anti TCC's a red warning message in the center of all clients screens when a client is kicked by Anti TCC.
MoreInformationURL	The "More Information" button in the dialog box Anti TCC displays for kicked clients will open a browser window with the specified URL. By default it points to the Anti TCC FAQ. You can use the placeholder ::code:: in the URL which will be replaced by a message code reflecting the problem the client was kicked for. Possible codes are: ModifiedPackage A modified file or package was detected. ModifiedCharacterEntry A modified character entry in xPlayersL1.upl was detected. SetHack A SET command tweak was found. ErrorVerifyingPackages Anti TCC couldn't check a file or package because the file doesn't exist or the package isn't loaded. IllegalConsoleCommand An illegal console command was used. IllegalFiles Anti TCC found illegal files on the client. ZoomCheat The client used a zoom cheat. ModifiedAntiTCC Some kind of modification to Anti TCC was found. (This could be caused by an outdated client version.) BadDetailSetting A DefaultTexMipBias setting greater than 0 was detected. (Not used by the Lite version.) BadPlayerClass The client tried to use Invisible Player or another cheat based on chaning the player class. CenterView The client used Center View. (Not used by the Lite version.) NetSpeedCheat The client changed the netspeed too often. (Not used by the Lite version.) CheckTimeout An Anti TCC check timed out.
bUseCustomLog	When set to true, Anti TCC will send most of it's log output to the log file specified in the next variable.
LogFileName	Holds the name of the log file to output to. This file gets stored in the \UserLogs directory and the file extension ".log" is automatically appended. You can use one or more of the following placeholders in the filename: %y Year (four digits) %m Month (two digits) %d Day (two digits) %h Hour (two digits) %n Minute (two digits) %s Second (two digits) %i Server IP %p Server port
LogFileTimestampFormat	The timestamp format to be used in the custom log file. This option has no effect when the custom log file is disabled. You can use the following placeholders in the timestamp: yyyy Year (four digits) yy Year (two digits) mm Month (two digits) dd Day (two digits) hh Hour (24 hours format, two digits) nn Minute (two digits) ss Second (two digits)
LogFileSaveInterval	Values greater than 0 will cause Anti TCC to close and re-open the custom log file once in a while to force all log data to be written to disk. This option is useful when dealing with server crashes possibly related to cheats and other exploits because without it the custom log would only be saved when switching maps.
bSimpleLogMode	When set to true, Anti TCC will only create the custom log file when an insecurity or important other problem is detected. The time placeholders of the log file name will use the map startup time, but the first logged line will show the time when the log file was actually opened. NOTE: Enabling this option will turn off the bLogClientPackages option.

Potentially Asked Questions

Do I still need to install UTSecure?: No. Anti TCC performs its own file and character entry checks. Actually when you run both mutators Anti TCC will disable itself to prevent problems.
What's the difference between Anti TCC and Anti TCC Lite?: Beginning with version 1.10 two different flavors of Anti TCC are available. The Lite version only performs basic SET tweak checks and doesn't check for Center View usage, NetSpeed cheats or high MipBias.
You shouldn't install both versions at the same time unless you also have ConfigManager installed.
What is this "ConfigManager" you keep talking about?: ConfigManager is a useful serverside add-on which can be used to add and remove the ServerActors of other mods via the web admin interface if those mods have ConfigManager support.
See ConfigManager download page for more details.
How do I find out the MD5 and GUID values for the Checks=... list?: There are two different types of MD5's that can be generated. QuickMD5 rely on the fact that the package is already loaded. This is a very fast MD5 that's great for large files (like PlayerSkins.utx). The downside is it's only available for actual UT2003 packages. Full MD5s generate a full fledge MD5 hash of any file.
You can obtain a Full MD5 (and the GUID for Unreal packages) of any file by using the following UCC commandlet:
UCC mastermd5 -f <filename>
This will give you the 32 digit MD5 you need for the MD5 field above. Please keep in mind that only files that will not change can be checked using Anti TCC. Do not attempt to check core .U files (they are already protected and have a different MD5 in every version).
You can obtain a quick MD5 of any package by using the UCC commandlet:
UCC mastermd5 -q <packagename>
Rember that you do not need to include the path or file extension for quick MD5's as UT2003 will use its internal package loading code to open it.
IMPORTANT NOTE: You can only obtain the MD5 using a UT2003 patch released after 10/27/02.
How can I prevent a client from having a certain file?: Due to the nature of AntiTCC's MD5 checks you can prevent clients from connecting when they have with certain files. To do this, just create a new Checks entry like this:
Checks=(FName="OpenGL32.dll",MD5="file not allowed",MD5Type=2,Optional=True)
This will disallow the file OpenGL32.dll in the \System directory. Of course you can also specify absolute or relative paths in FName. It is important that you use MD5Type=2 and Optional=True.
Note: A lot of cheat files do not need to have a specific name to work or can be put in other directories, making a check like this useless.
Can I put Anti TCC in some kind of "silent mode"?: Anti TCC can be hidden almost completely from players. Have a look at the file AntiTCC110DefINI_Silent.txt that came with Anti TCC for an example.
In this kind of "silent mode" the mutator will not show up in the server details or send messages about insecurities to clients if WhatToDo is set to LogOnly. Anti TCC's client status messages and console commands are disabled by setting the bAllowClientConsoleMessages to false. The console commands are still available to players logged in as admins.
Will the custom log file work with server versions prior to 2220?: Yes. While earlier versions of Anti TCC and UTSecure relied on a special mutator function to be called on mapchange, this version can also detect map changes without this function and can close the custom log file on map change to prevent crashes.
This feature also prevents crashes when using UT2Vote or other mods that use a different way to switch maps.
What does the "Security ID" in the log file mean?: The Security ID is a unique number associated with the Anti TCC security actors. This number is increased by one every time an AntiTCCSecurity actor is spawned and will be reset when the map changes.
A player keeps the same Security ID until he or she disconnects. When the player reconnects a new security actor is spawned and a new Security ID is assigned.
What does a specific Anti TCC message mean?: Descriptions of Anti TCC's kick messages and information on what causes them and how to avoid them can be found in the Anti TCC FAQ.