There is no spoon
Legacy:Security
From Unreal Wiki, The Unreal Engine Documentation Site
Base class for UT200x client security actors. It provides methods to perform MD5 checks on any file or loaded game package.
Download UTSecure and export its code if you want an example for using this class.
Properties
- int LastType
- Stores the last type of check requested.
- string LastParams[2]
- Stores the last values of the two additional parameters of ClientPerform().
Methods
- NativePerform (int SecType, string Param1, string Param2) [native]
Performs a check based on the SecType and Params specified and calls ServerCallback() with the check results.
| SecType | Param1 | Param2 | Result |
| 0 | package name | → | QuickMD5 of the specified package if it's loaded. |
| 1 | Package.ClassName.FunctionName | → | CodeMD5 of the function (1) |
| 2 | file name, can contain path name | → | FullMD5 of the specified file |
| 3 | → | → | pipe-separated ( | ) list of all packages loaded on the client (2) |
- CodeMD5 is unusable in all versions of UT200x: it returns a different MD5 every time you use it. The code (in memory) uses pointers to FName and UProperty objects as opposed to static index references to tables (i.e. name, import, and export tables) thus causing the client to calculate a different MD5 each time the game is loaded due to the randomness of memory allocation (i.e. the pointers in the code will point to different addresses every time the game loads.)
It can, however, still be used to detect if a certain function exists. - Usually this list is far too large to be replicated through ServerCallback(), to it will not reach the server. You will have to prevent ServerCallback from being replicated by spawning the Security actor on the client if you want to use the SecType=3 with NativePerform.
- LocalPerform (int SecType, string Param1, string Param2, out array<string> Results) [native]
Only UT2004. Performs a check based on the SecType and Params specified and puts the results in the Results[] array.
| SecType | Param1 | Param2 | Result |
| 0 | package name | → | QuickMD5 and GUID of the specified package as 64-digit hexadecimal number (1) |
| 1 | Package.ClassName.FunctionName | → | CodeMD5 of the function (2) |
| 2 | file name, can contain path name | → | FullMD5 of the specified file |
| 3 | → | → | List of packages loaded with their GUID and QuickMD5 and whether they are code packages (3) |
| 100 | → | → | List of Input aliases (UT2004 v3270) |
| 101 | → | → | List of Input keybinds (UT2004 v3270) |
- This is put into Results[0]. Left(Results[0], 32) gives the MD5, Right(Results[0], 32) gives the GUID.
- CodeMD5 is broken in all versions of UT200x: it returns a different MD5 every time you use it.
- The package list uses one array element per package and each array element consists of the package name, the package's GUID, the QuickMD5 and 0 for data package or 1 for code package like this:
Engine:17158B3B4FF9A24F520996A03FACE2BE:daa163bc08d4aa79e46ea9e5e4e3eca5:1
Shiptech:A0ADCAED408630B21D18DA933BE94B97:9aabf3549fbda7e8f49333f58bdd8af1:0
- ClientPerform (int SecType, string Param1, string Param2) [simulated, replicated to client]
- This just calls NativePerform with the specified parameters.
- ServerCallback (int SecType, string Data) [replicated to server]
- Called by the NativePerform function with the result of the checks. On success SecType will match the SecType specified for NativePerform and Data will contain the check result. On error SecType will be 255 and Data contains the error message like "Package not loaded" for a failed QuickMD5 or "File not found" for a failed FullMD5.
- Perform (int SecType, string Param1, string Param2, float TimeOut)
- This sets the LastType and LastParams class properties to the parameters specified, calls ClientPerform() with the specified parameters, sets the timer and goes to state Probation, which contains the Timer() function for detecting the timeout. You will most likely want to completely ignore this function in your security subclass just like UTSecure and Anti TCC do.
- BadClient (int Code, string Data)
- Called when the check times out. Again, you will most likely want to replace this with your own timeout handling.
- ClientMessage (string s) [simulated, replicated to client]
- By default this only logs the specified string, but you can also do something more interesting with the string. Anti TCC writes it to the ingame console, the client's main log file and a special Anti TCC client log file, for example.
