UCP Anti-Cheat | MTA FairplayKD Driver Reversed and Exploited for RPM

Official site anti-cheat Ultra Core Protector

Ultra Core Protector - is the client-server anti-cheat freeware, for server protection from unscrupulous players.

Abilities	Supported games
Protection from change and substitution game files Protection from injection and modification game process Protection from use of scripting cheats Ban system based on the PCs unique identifier Semi-automatic installation of anti-cheats client part Steam and non-steam support Ability to take screenshots from players Debug mode for quick identification of problems Ability to play on a server without anticheat	Half-Life Condition Zero Counter-Strike 1.6 Day of Defeat Adrenaline Gamer Team Fortress Classic Counter-Strike Source MU Online Ragnarok Online	Half-Life 2 Deathmatch Adrenaline Gamer 2 Team Fortress 2

MTA FairplayKD Driver Reversed and Exploited for RPM

So, I wanted to know how they make the HWIDs and I eneded up reversing most of their kernel driver
…and what I was searching for wasn’t there

Anyway, I’ll upload the IDA database so you can look at the pseudocode to see how basic kernel protection looks like
Also, it’s worth it to look at how they whitelist certain processes based on filename only

The driver is controlled using IOCTL and any usermode process can use it

It can be exploited for kernel mode memory reading but not writing
However only x86 processes can use it safely since it only accepts a 32bit pointer for the read buffer

I’ll also include an example project that demonstrates how to use it for RPM (compile in x86)
(You might need to traverse the module list from PEB)

Here is a part from their own RPM implementation

MTA FairplayKD

This is my example code in action

MTA FairplayKD 2

Now that I think about it, I didn’t see a command for closing the handle xP

Anticheat for MU Online
Anticheat for Gunz Online
Anticheat for Ragnarok Online