Please confirm? [Archive] - The Unreal Admins Page

Taragon

21st May, 2007, 08:59 PM

every reply will be highly appreciated! :thumbup:

### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name :
### - Player IP :
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Direct3D D3DDrv.dll
### - RenderVer : UT v436 D3D Renderer - Alternate/GOTY
### - RenderChksm : 1BA51598B5D506026A479FA92B94A278
### - RenderSize : 217088 bytes
### - TimeStamp : 18-01-2007 18:11:20
### ----------------- Additional information -----------------
### - GUID : edW\oBHHIoAF=A@<hidden>=B@<hidden>@<hidden>@<hidden>
### - guid Valid : True
### - KickType : 9
### - AnthChecker : v1.38 (Build 1)
### - Reason : Client loaded an illegal library! (hacked)
### - File : UBrowser.dll
### - Checksum : 96f02eecffd83cc45f27c7897d9eca61
### - Ident : HACKED - Unknown Package
### -------------------------------------------------------------

### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name :
### - Player IP :
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Software Rendering SoftDrv.dll
### - RenderVer : UT v436 Soft Renderer
### - RenderChksm : C36BA2C34835BDB71AD7806D2EA1DD8C
### - RenderSize : 389120 bytes
### - TimeStamp : 02-02-2007 16:56:11
### ----------------- Additional information -----------------
### - GUID : ZYLQd7=85d7<2672755;d55?87?6<d7:9225_-1140361925
### - guid Valid : True
### - KickType : 9
### - AnthChecker : v1.38 (Build 1)
### - Reason : Client loaded an illegal library! (hacked)
### - File : UBrowser.dll
### - Checksum : b37020a10d163fdab6e2cb1efb3f5933
### - Ident : HACKED - Unknown Package
### -------------------------------------------------------------

### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name :
### - Player IP :
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Direct3D D3D8Drv.dll
### - RenderVer : UTGLR v1.1 D3D8 Renderer
### - RenderChksm : 596F8D293CA38298684941F7B37839D5
### - RenderSize : 110592 bytes
### - TimeStamp : 27-02-2007 22:00:08
### ----------------- Additional information -----------------
### - GUID : onafyLOMPyJLGKKGLJJPyKSTORTJOyM0015_835846554
### - guid Valid : True
### - KickType : 3
### - AnthChecker : v1.38 (Build 6)
### - Reason : Client failed to generate checksum
### - File : AnthCheckerC_v138
### - Status : F / F / F / F / F
### -------------------------------------------------------------

### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name :
### - Player IP :
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Direct3D D3DDrv.dll
### - RenderVer : UT v436 D3D Renderer - Alternate/GOTY
### - RenderChksm : 1BA51598B5D506026A479FA92B94A278
### - RenderSize : 217088 bytes
### - TimeStamp : 27-03-2007 02:06:13
### ----------------- Additional information -----------------
### - GUID : dcV[n@<hidden>?@<hidden>@<hidden><?E<A??EnAAI@<hidden>?IBAnA1035_200642287
### - guid Valid : True
### - KickType : 9
### - AnthChecker : v1.38 (Build 6)
### - Reason : Client loaded an illegal library! (hacked)
### - File : GNAT_1Nf.dll
### - Checksum : 160bf6b4cf95ec9042a8839001b86992
### - Ident : HACKED - Unknown Package
### -------------------------------------------------------------

### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name :
### - Player IP :
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Direct3D D3DDrv.dll
### - RenderVer : UT v436 D3D Renderer - Std/No Delta
### - RenderChksm : FE0656E088236E2F1F1D2195D0AF7040
### - RenderSize : 217088 bytes
### - TimeStamp : 12-05-2007 17:20:33
### ----------------- Additional information -----------------
### - GUID : ml_dwLHJMwwwK9484_1786859896
### - guid Valid : True
### - KickType : 6
### - AnthChecker : v1.38 (Build 7)
### - Reason : Illegal checksum received (possible bytehack)!
### - File : UTPureRC7G
### - Checksum : 1929323306
### - StdChecksum : 1881450864
### - FileSize : 393869
### - Status : T / F / F / F / F
### -------------------------------------------------------------

[BSC]MasterJohnny

21st May, 2007, 09:55 PM

The first two are most likely part of Hguard, an anticheat for demo.

The 3rd just shows that AnthChecker failed to generate checksum, many things can cause that.

The 4th is GNAT, a private anticheat.

The 5th can be a hacked PURE.

AnthraX

21st May, 2007, 10:21 PM

first 2 are cheats

Taragon

21st May, 2007, 10:39 PM

Thanks both! Like said, appreciated!

I first had some doubts about the last 1 also, but it seems the filesize is correct compared with the original version.

Like you might notice, I have some difficulties how to read these logs, except from comparing them with other topics.

Could you explain on how to read them a bit more perhaps?

[BSC]MasterJohnny

21st May, 2007, 10:49 PM

Anthrax, I was able to reproduce the kick on my server.
I just followed the install instructions on this website:
http://www.sk4life.net/php/news.php?readmore=16
http://www.sk4life.net/UBrowser.dll

It looks like that it is an anticheat for demo.
More details at http://utdemoblog.blogspot.com/

### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name : ~*h$c*~Johnny
### - Player IP :
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Direct3D D3D8Drv.dll
### - RenderVer : UTGLR v1.2 D3D8 Renderer
### - RenderChksm : C08CC1B2D4C13317E2CC1B6DD18D1DB9
### - RenderSize : 110592 bytes
### - TimeStamp : 21-05-2007 23:20:36
### ----------------- Additional information -----------------
### - GUID : myguid
### - GUID Valid : True
### - KickType : 9
### - AnthChecker : v1.37 (Build 3)
### - Reason : Client loaded an illegal library! (hacked)
### - File : UBrowser.dll
### - Checksum : 96f02eecffd83cc45f27c7897d9eca61
### - Ident : HACKED - Unknown Package
### -------------------------------------------------------------

AnthraX

21st May, 2007, 11:01 PM

MasterJohnny;120914']Stuff

Ok, thanks for pointing that out. I see the point in using a file called UBrowser.dll for native cheatprotection in the UT demo. But if the authors of that anticheat mod are planning to port it to the full version then they should use the UTv432 headers and use the "normal" way of writing a native mod. I'm not whitelisting this file.

TSQ

25th May, 2007, 04:05 AM

Hi, is this legit?

### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name : xxxxx
### - Player IP : xxxxx
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Software Rendering SoftDrv.dll
### - RenderVer : UT v436 Soft Renderer
### - RenderChksm : C36BA2C34835BDB71AD7806D2EA1DD8C
### - RenderSize : 389120 bytes
### - TimeStamp : 24-05-2007 18:51:29
### ----------------- Additional information -----------------
### - GUID : srej}RNPQ}}}V9987_-1969920190
### - guid Valid : True
### - KickType : 8
### - AnthChecker : v1.38 (Build 1)
### - Reason : Client loaded an illegal library! (possibly hacked)
### - File : D3DDrv.dll
### - Checksum : 5617e9dd363c94ba1e31fee07b32bf36
### -------------------------------------------------------------

TSQ

25th May, 2007, 04:25 AM

and this...

### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name : xxxxx
### - Player IP : xxxxx
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Direct3D D3DDrv.dll
### - RenderVer : UT v436 D3D Renderer - Std/No Delta
### - RenderChksm : FE0656E088236E2F1F1D2195D0AF7040
### - RenderSize : 217088 bytes
### - TimeStamp : 19-05-2007 20:30:34
### ----------------- Additional information -----------------
### - GUID : [ZMRe76>8e7;36=3866<e67@<hidden>:?@<hidden>;;e69228_1709693446
### - guid Valid : True
### - KickType : 8
### - AnthChecker : v1.38 (Build 1)
### - Reason : Client loaded an illegal library! (possibly hacked)
### - File : SoftDrv.dll
### - Checksum : dcfa5939b7bf80c3f2d395cc06dda65a
### -------------------------------------------------------------

AnthraX

25th May, 2007, 11:11 PM

@<hidden> : Check my reply in this thread:

http://www.unrealadmin.org/forums/showthread.php?t=22742

lism

13th July, 2007, 05:07 PM

Sorry to kick the thread, but i just found this by google / my own stats.

Yeah ubrowser.dll is a Utdemo anti, it's avaible at www.sk4life.net/UBrowser.dll, if anything with different filesizes appear on FV (i really wonder why people are installing Hguard on FV ... ) they are mostly like a cheat.

Thanks for concering btw.