CSHP Client Side Hack Protection

CSHP
Client Side Hack Protection

Release 4a - Version 01.02.28

What have you just installed?

CSHP is a mod that will monitor clients that connect to your server. It works as follows: When a client connects to your server, CSHP scans the client looking for client-side mods that exploit known holes in UT. If it detects a hole, CSHP takes action. What action depends on how CSHP is setup.

Clients and Version Mismatches?

First off, CSHP is not designed to be installed on a client. It should only be installed on the server. Clients should allow for CSHP to replicate when needed. Sometimes CSHP can inadvertantly end up being install on the client. This usually happens if a client is using some sort of Cache manager.

If a user is running in to this problem, have them delete CSHP*.* from their System directory.

I have seen times when CSHP just resides in the cache but it still gives the Mismatch error. The usually occurs when a player plays on a server with a new version of CSHP, then tries to play on an old version. Usually just exiting UT and restarting will fix this error.

However, this doesn't happen all the time.

Starting with CSHP 4, there should never be another version mismatch error. From here out each new release will carry a different filename!

About Previous Versions?

Starting with CSHP2 v00.11.25, you no longer have to treat CSHP as a mutator. The base package will install a special server actor that will force the mutator portion to always be active. You can remove any mutator reference for HackProtection from your start up .BAT files or mutator lists.

The down side to this is CSHP no longer is displayed in the list of mutators in the server browser. If you really want it to display here, follow the instructions below in "Making CSHP show up as a mutator in the Server List".

Installing from a .ZIP

If you decided to install CSHP from a .ZIP file, you will need to manually add the following two lines to your UnrealTournament.INI file. The UMOD install should do this for you. The changes occur in the section [Engine.GameEngine]. Add these 2 lines:

ServerPackages=CSHP4
ServerActors=CSHP4.CSHPServerActor

Simple Mode?

Beginning with this version of CSHP, there are two different operating modes. The default installed mode is called "simple" mode. This mod is effective on 95% of all servers out there. It's design to catch FunBot, the only hack that's actually in distribution via the web. Simple mode also means that a server op can protect their server from the most common threat simply by double-clicking on a UMod. Anyone caught cheating is logged and kicked. There is no mess, no configuration, it's just "Simple"...

What are the benefits to running in Simple Mode?

Simple mode is the most forgiving way to use CSHP. In Simple mode, CSHP targets just console exploits like FunBot, FunBot2, JusticeMod 2.0 and ShamblerBot. By doing this, CSHP remains tolerant of other "client-side" modes such as Old Skool, Decal Stay or No Smoke.

How good is the simple protection?

Remember, Simple mode's job is to target and eliminate common bots, and it does it's job well. Anyone attempting to use a console Bot in anyway will be stopped. CSHP 4 can detect bots even hidden in UT packages such as UTMenu.

Who should run in Simple Mode?

Anyone running a public server is probably just fine with Simple mode. Server ops who are looking to return to the exact same environment that existed before the leak of FunBot.. Simple mode is also for you. Let's face it, Simple mode will stop 99.5% of the cheaters.

How do I setup CSHP to run in simple mode?

When you did this install, CSHP was automatically configured for simple mode. When operating this way, only 3 variables are needed in the INT file. For most servers, the defaults for these variables are more than adaquate. They are:

bSimple=True

The bSimple variable tells CSHP to run in simple mode. Confusing huh!

bTrackFOV=True|False

This variable tells CSHP to watch for people using the FOV zoom cheat. See the section on FOV cheating below for more information.

Advertise=0|1|2

When set to true, this will cause CSHP to append the tag [CSHP] to your server name. This allows players to easily tell where a fair game can be found. If you don't want the tag, just set Advertise to 0. Setting it to 1 will cause the tag to appear before the server name while setting it to 2 forces the tag after the name.

That's it. I told you this is simple!

Advanced Mode!

So, your super paranoid about hacks huh! CSHP still has all the power it used to, I've just hidden it under an advance mode. In this mode, CSHP will actively search out all modifications to UT and report them to the server. While I think this mode is as good as Uscript security can get, it still has the same drawbacks. Namely false positives. But even in this catagory, I've taken steps to make life better.

What are the benefits to running in Advanced Mode?

This is as good as it can get. Any package out of the ordinary in any part of UT is recorded and returned to the server. Hacked consoles, any rogue actors, even altered huds are detectable. CSHP's advanced mode is agressive and will insure your server is as close to pure as possible in uscript.

What's new from the last release?

The advanced mode protection has been redesigned to be more flexible. There are 3 major types of exploits in UT. Two of the exploits are very straight forward, but the third is not. I call this third type rogue actors. What happens is a hack (or mod) will create an item on the client that is used to provide script time to the cheat (or mod). In previous versions of CSHP, any rogue actor was consider a cheat.

In the new Advanced mode, CSHP will not flag rogue items right away. By default, CSHP will first attempt to remove the rogue item. In 99% of the cases, this will disable the cheat (or mod). My goal here is to stop the insane amount of false positives. However, it still has the annoying side effect of shutting down harmless mods. Another source of false positives is the method in which Epic handled user skins/models. This hopefully has been fixed.

However, should rogue item reappear in the world, CSHP assumes this is a cheat. This is unavoidable.

Also new to CSHP is an authentication key that is outputed to the log when someone is detected. I've heard rumors of people faking logs. This should put a stop to that crap.

Who should run in Advanced Mode?

THE ONLY TIME ADVANCED MODE SHOULD BE USED IS DURING CLAN MATCHES, TOURNAMENTS, OR IF SOMEONE IS TRULY SUSPECTED OF CHEATING ON YOUR SERVER. AS I HAVE SAID, FUNBOT IS THE ONLY BOT IN DISTRIBUTION SO SIMPLE MODE SHOULD BE FINE FOR 95% OF THE SERVER.

I hate to have to shout here, but the # of people who just disregarded the last bit of advice was staggering. If you do not fall in to this category, don't run in advance mode. Any type of hack tends to appear in the clan matches first. I also have many people watching the net looking for new hacks.

Using Advanced Mode?

Ok, let's look at all the changes you need to make to your CSHP4.INT file to use Advanced mode. Most are exactly the same as previous versions.

bSimple=False

Setting bSimple to false tells CSHP to run in Advanced mode!

bTrackFOV=True|False

This variable tells CSHP to watch for people using the FOV zoom cheat. See the section on FOV cheating below for more information.

Advertise=0|1|2

SecurityLevel=0-2

God no other feature has caused me more problems. I hate to be right, but I said I'd probably have to kick myself and I did. I've removed level 3 by popular request. This does not mean you can't determine who is cheating online. See the section on console commands below. Here is what the SecurityLevels do..

Level 0 - Log the user to the "Server.log" file (or UnrealTournament.log on a listen server). No other action will occure.

Level 1 - Same as 0, but this time kick the user from the game

Level 2 - Same as 1 but the user will also be banned.

I DO NOT SUGGEST USING LEVEL 2 UNLESS YOU FIND A RASH OF IDIOTS CONSTANTLY GETTING KICKED. A KICK SHOULD BE ENOUGH.

CSHP will now display a message to the user when they are flagged. This message is sent to the console, and the console is displayed. There is a known bug where if the player launches UT from an external program such as GameSpy, this message will be lost. This is because the console isn't yet created so the message goes nowhere. There is a work around but I didn't have time to get it in this release. If it really bugs you, use the internal browser until the next release.

SecurityFrequency=0 to XXX seconds

This variable tells CSHP how often to police the client. The good news is CSHP no longer has to replicate data across the network when this happens (not like it sent a large amount of data). The bad news is now much more is checked. My suggestion is to leave this at the default 30 seconds.

bOnlyAdminKick=True|False

This variable allows you to limit the use of the "Mutate CheatKick" command to just people with Admin Access.

bKickOnTimeOut=True|False

The previous versions of CSHP would sometimes timeout users. To this day we have not been able to figure out why. It might be because there is too much packet loss or it might be a bug. We simply do not know. bKickOnTimeOut allows the server op to decide what to do. If you set it to false, CSHP will allow people to stay online if they should have timed out.

I still suggest leaving this to true. Since (A) advanced mode should only be used in somewhat controlled situtations a timeout every now and then isn't a huge deal and (B) I've added some output code when this happens to help try and track it down. If you are a client and get Timed Out.. please email me your log. If your the server, do the same.

bCleanUpRogues=True|False

This option deals with the "Rogue Actors" I mentioned above. When set to true, CSHP will first attempt to clean up rogue actors. Only when the Rogue actor keeps reappearing will CSHP consider it a cheat. If set to false, CSHP will act as it used to and log any rogue actors as hacks.

So why allow the option. It's conceivable that deleting a rogue actor could cause a system crash. It shouldn't but since I don't have control over what's happening, it could. I have tested CSHP with several client side mods (both legit and hacks) and the cleanup did nothing but disable the mod. But I wanted to be on the safe side.

AllowablePacks[x]=<package_name_without_the_dot_u>

The AllowablePacks array stores the name of any client-side packages the server will tolerate. Simple add the package name to an empty slot. Make sure you do not include the .U when you add it. For example, if you wanted to allow NoSmoke, you would add the line..

AllowablePacks[0] = NoSmoke

There are downsides to allowing packages. Any package you allow can be used to sneak a hack in. But it's your call. Also, keep in mind that CSHP will auto-detect any packages that are running on server and auto-add them to the AllowablePacks array. You have 35 slots. Use them wisely.

FOV Cheats!

It's possible to use certain console commands to adjust your FOV irregardless to the rules set on the server. CSHP allows you to stop this cheat. While some people in the InstaGib community are not happy with my method, here is how it works.

If bTrackFOV is true and the server's bAllowFOV setting is false, CSHP will record the FOV setting a player has when they enter the game. This setting is automatically verified by UT to be in the 80-130 range. Any attempt by a user to change their FOV (if they don't have the sniper rifle) will result in CSHP forcing it back to the original setting.

But since the InstaGib community asked for it, you can now toggle this off so CSHP works better with EZTeams.

CONSOLE COMMANDS!

CSHP has 3 mutate commands available. Right now they are available at any time. I do plan on allowing the server op to limit the kicks to just admins but time is short right now. The commands are:

MUTATE CHEATINFO

This command will display the current CSHP settings to the user.

MUTATE CHEATSHOW

This command will display any players who are using a hacked client. It's only really valid in SecurityLevel 0.

MUTATE CHEATKICK

When used, all cheaters will get the boot.

How can I tell if CSHP is autodetecting my packages?

Look to your logs baby.. look to your logs. When CSHP starts up, it will create something like the following message:

ScriptLog: ###############################
ScriptLog: # Client Side Hack Protection #
ScriptLog: # version 01.02.25 #
ScriptLog: ###############################
ScriptLog: Defulat Security Level is...... 0
ScriptLog: Security Frequency is.......... 30.000000
ScriptLog: Clean up Rogue Objects......... True
ScriptLog: Tracking FOV................... False
ScriptLog: .INT Allowable Packs ..

This message shows you what the current settings of CSHP are, and it also shows you what packages are forced using the AllowablePacks settings in the INT file. This is helpful, but you need to search for the follow line:

ScriptLog: [CSHP] Final Allowable Packages: CSHP4?

This line "[CSHP] Final Allowable Packages:" will list all of the packages that were autodetected by the server, with the exception of the 19 default epic packages. These default packages never changes and are removed to save on bandwidth during replication. If you do not see your package on this list, then you need to add it to the AllowablePacks[x] section of the CSHP4.INT file!

Are you completely confused yet? :)

Making CSHP show up as a mutator in the Server List

The latest version of UT has a bug where mutators are not displayed. However, if your server is an older version that does show the mutators, you can force CSHP to show up on that list. By default, CSHP now installs and uses a server actor to activate. This makes setup for the server op really easy, but keeps it from showing in the list.

You can cause CSHP to show up in your list of mutators (or so you use the mutator= command line switch or the menus in game) by adding the following lines to the begining your CSHP4.INT file.

[Public]
Object=(Name=CSHP4.HackProtection,Class=Class,MetaClass=Engine.Mutator,Description="Client Side Hack Protection")

Using CSHP on multiple servers

Many server ops running multiple UT servers using the same files in the same directory. It's been pointed out to me that this can cause a problem using a .INT file for CSHP4's settings. Unfortunately there doesn't seem to be a way around this. The # of servers that benefit from the easy to install and configure CSHP that uses the .INT file far out number the others. But I'll keep looking for a solution.

Reporting Bugs | Suggestions

I'm no longer answering CSHP questions at my normal email address and I'm also only answer questions/bugs from server ops and admins. If you fit in to this group, join the CSHP mailing list. Details can be found at http://www.creativecarnage.com/CSHP! I can also sometimes be found on #unrealscript on GamesLink.