Death Warrant Forums

This is a warning aimed at the whole UT2004 community:

For those of you who did not hear of NHK yet:

* An anti-cheat software/mutator called NudeHaxKiller (shortform: NHK) has been discovered recently.
* The Clanbase uses this software since min. two years and neither has it been mentioned in the rules nor anywhere else! It was approved by the Clanbase-ACT.
* NHK is also in use on [ST2] servers - also since min. two years!

__________________

Here are some information about NHK

What is NHK?

* NHK has been made by the clan [ST2] (Sanctuary*Tigers), [ST2]DavVador coded it.
* As previously mentioned it's an anti-cheat software/mutator

What does NHK do?

* It scans your whole HDD, your USB devices and your network! Everything that is suspicious for this software will be noted in a log the NHK admins have access to.
* NHK creates a list that contains all your Windows usernames on the server.
* Unknown keybinds in the User.ini will be added to the log on the server.
* NHK does not only search for UT2004 cheats but also for other cheats like CoD4 cheats.
* NHK searches for the UT3 directory. However, it is 100% not clear why it does this. It might be that it searches for unknown and suspicious files there too.
* Even spectators will be scanned when they join the server!

What can NHK admins do?

* NHK admins are determined via a configurable GUID list. There are no admin logins with a password, the admins have always full rights and no player can check this.
* NHK admins can use console commands on any client. This way they can "manipulate" the game of any player. The player might have problems to join Anti-TCC servers after such an "attack".

How can I identify a server that runs NHK?

* NHK is not listed as a mutator
* NHK does not ask you before it starts to scan your PC. [UPDATE] Apparently a "message of the day" has been added that contains the "rules" a link to the "rules" ("if you stay on the server you get scanned") and you have some time to leave before it starts to scan you. However, it still does not ask you like Anti TCC does. If you notice such a m.o.t.d. with a link on a server without Anti TCC I recommend to immediately leave the server.
* You cannot see that NHK scans you in the console (unlike in Anti TCC).
* A scan can be about 30 seconds up to 2 minutes long. While it scans your PC you will encounter very strong lags. You cannot compare those to the lags that Anti TCC causes while scanning.

__________________



The following call is aimed at the whole UT2004 community:


I ask you to not join the [ST2] servers or play at the Clanbase as long as NHK is still in use!

If you recognize any of the characteristics of NHK mentioned in the list above and if the server doesn't run Anti TCC, you should disconnect. It is for your own safety.
And do not forget to spread the word! Put a link to this article on other UT2004 forums and warn the people of NHK!



__________________

An example of what NHK can do is the following situation:

Donzi, an admin at UTzone, serves the community since 2003. He adds cheats to the Anti TCC blacklist and exchanges the updated list with other admins.

One day he got a mail by {FA2K}-dm. It had an attachment with a cheat that was at first quite unknown and Donzi should add it to the blacklist.
After he added the cheat to the blacklist he forgot to remove the files from his network HDD.

Some time later he had a conversation with [ST2]DavVador (an admin) about NHK.
This is the conversation:
Quote:
[22:27] ([ST2]DavVador) any mounted partition on the computer
[22:32] ([ST2]DavVador) so people dont have any informations while being scanned
[22:32] ([ST2]DavVador) except their computer is lagging like hell
[22:34] ([ST2]DavVador) as i said to death, i would really appreciate if it stays as secret as possible
[22:40] (Donzi|UTzone) without an agree we cant scan the complete hdd, agaionst the law
[22:40] ([ST2]DavVador) yeah i know
[22:41] ([ST2]DavVador) if you wanna experience the lag and see the kind of motd we use
[22:43] (Donzi|UTzone) ok,but, i test some hax, because to write them into my blacklist. so, i hope it doenst find anything ^^
[22:44] ([ST2]DavVador) we'll see ^^
Donzi joined the server. It was not a real match, just a demonstration of NHK.
Not a single shot has been fired and no other player was on the server (except for [ST2]DavVador of course). The reason for the connection was the functionality and the spreading of the mutator.

The mutator found the *.dll and *.exe files, created a log and DavVador sent it to the Clanbase - without Donzi's knowledge!

After this conversation between the two admins the Clanbase banned Donzi for using cheats although this has not been an official match or a match at all. As a reason it has been said that he was banned for traces of cheats and that he became better in the last time. However, he had a bad stroke of fate and did not want to think about what happened recently so he played UT2004 more often and of course he improved his skills. His ban is not justified.

Special thanks to the following people:

* Donzi - Thank you for being our guinea pig. I feel sorry for you but thanks to you we all know about NHK and how to identify it.
* Wormbo - Also a big thank you to you for taking a look at this mutator and for providing all the useful information about its functionality and the possibilities the admins have.

__________________

One last thing:

Using a game as a backdoor to access someone's PC - does not matter for what reason - is a violation of privacy, thus it is illegal!

__________________
source:
This article at http://www.UTzone.de, a German UT fansite.

By the way, seems like RuinatioN is the one that wanted Donzi to get banned.
__________________

PS: If I have missed any important information or something is not clear, please contact me and I'll add it to this post.