The Black Tutorials- 3)Unreal engine DRM

Get some cool tips about how to tweak your UT graphic, gameplay, and much more!
Post Reply
JackGriffin
Godlike
Posts: 3766
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

The Black Tutorials- 3)Unreal engine DRM

Post by JackGriffin » Sun May 22, 2016 4:22 pm

This is the only tutorial I'm not going to post the code for because it's a game changer and I was asked by someone I really respect to never release it. There's no reason not to discuss the theory though.

Years back I was struggling to find a way to hide something in a map that couldn't be reverse engineered at all (or at least easily). Yeah, you can do the mini-drawscale trick but ultimately the actor still shows up in the actor list and it's changes are evident in the logging. Can this be bypassed? Why yes... yes it can.

First take a look at this:
https://www.dropbox.com/s/65y88j3nfasdd ... t.pdf?dl=0

We all pretty much know about the package flags but did you really know about all the object flags? It's awesome what you can do with them once you take the time to understand how they work and how you can harness them to your desired results.

Everything you need is in that pdf provided you understand how to do the changes. What you have to do is manually hex edit the package to suppress or change all kinds of things about it. Start on page five and let your imagination run wild. I will tell you that there are relationships that exist that aren't completely apparent but in testing you will find.

Back some time ago when I was going to offer to lock people's work for them, this was the method I was going to use. It works, you can't see it, you can't find it, and you can't load it in editor, and it suppresses itself in the logging. It's the perfect storm of DRM and would take a very high level coder to remove the protection as they would have to find all the values and change them correctly. Even then you would end up with a different package because of the changes, ultimately protecting the original even more.

Yeah, <removed> was correct. This was way too dangerous to put out in the wild.
So long, and thanks for all the fish

HyPeR-X
Novice
Posts: 9
Joined: Mon Aug 12, 2013 10:23 am

Re: The Black Tutorials- 3)Unreal engine DRM

Post by HyPeR-X » Mon May 23, 2016 12:03 pm

Should be quite easy to remove this as long as the package gets loaded by client or server. Run a tool to modify the objectflags to default (or wished) values and serialize the stuff back to the file.

JackGriffin
Godlike
Posts: 3766
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: The Black Tutorials- 3)Unreal engine DRM

Post by JackGriffin » Mon May 23, 2016 2:00 pm

It seems like it's that easy but the byte structure of object flags is tricky. I'm not going to say more on this though because I only wanted it not to be lost that there are things possible that the cheat community has long taught but the mainstream community has largely ignored. People should just be aware that this sort of thing is out there.
So long, and thanks for all the fish

HyPeR-X
Novice
Posts: 9
Joined: Mon Aug 12, 2013 10:23 am

Re: The Black Tutorials- 3)Unreal engine DRM

Post by HyPeR-X » Mon May 23, 2016 2:14 pm

JackGriffin wrote:It seems like it's that easy but the byte structure of object flags is tricky. I'm not going to say more on this though because I only wanted it not to be lost that there are things possible that the cheat community has long taught but the mainstream community has largely ignored. People should just be aware that this sort of thing is out there.
That is why I prefer to use the UEngine to do this kind of stuff. That way you dont have to mess with the compact indices and preceding bytes manualy.

JackGriffin
Godlike
Posts: 3766
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: The Black Tutorials- 3)Unreal engine DRM

Post by JackGriffin » Mon May 23, 2016 2:55 pm

Yeah, don't get me wrong. I'm not trying to lay a template for people to follow that want to do bad things. I'm trying to educate the medium level coder so they know what's out there that isn't openly discussed.

Back in the day we had a newsletter that circulated among many of the server admins. In it players were named and shamed when they were either caught or strongly suggested of cheating. I liked the tone in that though because there was so much good information about potentially how this person was doing what they were doing and how it could be defended against. Somewhere along the line the community started to feel like discussions on those matters shouldn't occur and they mostly just stopped. I never understood that because it only strengthened the cheating community.

That's why I'm posting this stuff. It's certainly not to stir the pot. Hopefully it will bring out some discussion on the 'how' part that I've seen so many people ask and then be chastised for 'cheat talk'. We ought to be openly posting this so everyone sees how it's done. It's pretty obvious there will not be another ACE so if the online community wants to go back to policing itself the medium level coders ought to be aware of what they could potentially face.

Do I think I can make some method that's foolproof that you can't crack? Not at all, but I can promise you it would be much harder than you are thinking to reverse engineer. It's not a challenge, so don't take it that way. It's so that someone who doesn't really 'get' object flags, etc can have an idea what is possible by direct manipulation. You understand this all so I'm not really aiming this at someone of your level.
So long, and thanks for all the fish

HyPeR-X
Novice
Posts: 9
Joined: Mon Aug 12, 2013 10:23 am

Re: The Black Tutorials- 3)Unreal engine DRM

Post by HyPeR-X » Mon May 23, 2016 3:59 pm

JackGriffin wrote:Yeah, don't get me wrong. I'm not trying to lay a template for people to follow that want to do bad things. I'm trying to educate the medium level coder so they know what's out there that isn't openly discussed.

Back in the day we had a newsletter that circulated among many of the server admins. In it players were named and shamed when they were either caught or strongly suggested of cheating. I liked the tone in that though because there was so much good information about potentially how this person was doing what they were doing and how it could be defended against. Somewhere along the line the community started to feel like discussions on those matters shouldn't occur and they mostly just stopped. I never understood that because it only strengthened the cheating community.

That's why I'm posting this stuff. It's certainly not to stir the pot. Hopefully it will bring out some discussion on the 'how' part that I've seen so many people ask and then be chastised for 'cheat talk'. We ought to be openly posting this so everyone sees how it's done. It's pretty obvious there will not be another ACE so if the online community wants to go back to policing itself the medium level coders ought to be aware of what they could potentially face.

Do I think I can make some method that's foolproof that you can't crack? Not at all, but I can promise you it would be much harder than you are thinking to reverse engineer. It's not a challenge, so don't take it that way. It's so that someone who doesn't really 'get' object flags, etc can have an idea what is possible by direct manipulation. You understand this all so I'm not really aiming this at someone of your level.
Most people here know my roots, some have a huge amount of hate towards me because of those roots.

I like the open mindset which allows people to discuss this kind of stuff. Most knowledge is available in both serveradmin and cheat world, but rarely ever shared or spokend about with the general public.

Higor
Godlike
Posts: 1767
Joined: Sun Mar 04, 2012 6:47 pm

Re: The Black Tutorials- 3)Unreal engine DRM

Post by Higor » Mon May 23, 2016 5:40 pm

A custom package serializator/linker would be able to crack this.
The problem is... how many are capable of writing such a tool? :loool:

BTW JackGriffin.
The cheat community knows it all already, except for the new (year old) kind of ban enforcers that are being used in the UnrealKillers servers.
Boy seeing so many bypassers hit a wall during those first weeks was hilarious.
ImageImage
Image unreal://23.111.157.138:7777
Image unreal://46.228.199.205:7788

HyPeR-X
Novice
Posts: 9
Joined: Mon Aug 12, 2013 10:23 am

Re: The Black Tutorials- 3)Unreal engine DRM

Post by HyPeR-X » Mon May 23, 2016 7:35 pm

Higor wrote:A custom package serializator/linker would be able to crack this.
The problem is... how many are capable of writing such a tool? :loool:

BTW JackGriffin.
The cheat community knows it all already, except for the new (year old) kind of ban enforcers that are being used in the UnrealKillers servers.
Boy seeing so many bypassers hit a wall during those first weeks was hilarious.
I've written my own (de)obfuscator commandlet which does exactly that using the internal UEngine. Never had the need to 'unlock' other people their files though.

I promised TimTim not to mess with the servers (and newnet) anymore and tend to keep my word on that. I however highly doubt the ban enforcer would keep me out and am very tempted to give it a try haha :P (cant really ID me on anything unless it uses a new method of creating (and storing) a PlayerID (HWID, MAC, OS, NIC etc) which I have not spoofed)

Post Reply