Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/EliotVU/UnrealScript-Unflect

exploit unreal-engine unrealscript

Last synced: 3 months ago
JSON representation

Host: GitHub
URL: https://github.com/EliotVU/UnrealScript-Unflect
Owner: EliotVU
License: mit
Created: 2022-12-24T04:11:35.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2023-09-30T17:15:27.000Z (over 1 year ago)
Last Synced: 2024-07-29T20:28:28.598Z (6 months ago)
Topics: exploit, unreal-engine, unrealscript
Language: UnrealScript
Homepage:
Size: 46.9 KB
Stars: 8
Watchers: 3
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Unflect

Unflect is a proof-of-concept that exploits the UnrealScript compiler to trick it into compiling an illegal class casting. For example, we can retrieve the values of strictly native fields by casting a UFunction instance into our own mirrored UFunction.

![image](Docs/media/example.png)

## Compiling

The source is written for Unreal Tournament 2004, but the code should compile for most UE2 games, possibly requiring some minor alignment changes in the native mirror classes.

* Requires /System/[MakeCommandletUtils.u](https://github.com/EliotVU/UnrealScript-MakeCommandletUtils)

* Run `make.bat` (The directory with the `/Classes/` directory has to be located at the root of the UE2 installation e.g. (`C:\\UT2004/Unflect/`).

* Run `test.bat` to confirm that everything's working.

## Usage

### Function Replacement

If you need to replace a function in a class, follow these steps:

* Create a new class that extends the class in which the function you want to replace is located.

* Declare that function in the created class.

* DO NOT change the function declaration and argument types/amount.

* DO NOT create new local variables, as this can cause random crashes. If you need additional variables, make them global and access them using the `class'myNewClass'.default.myNewVariable` syntax.

* If you want to call or override parent code, make sure to always specify the desired parent class name. For example, use `super(TargetClass).PostBeginPlay()` instead of `super.PostBeginPlay()`. This will prevent runaway loop crashes.

* Make your edits to the function's code, and then call the replacement function:

```unrealscript

class'CoreAPI'.static.ReplaceFunction(self, "package.class.targetFunction", "myNewClass.newFunction")

```

Following these steps will help ensure that your code changes are compatible with the rest of the codebase and do not cause unexpected crashes.

### Type Metadata

Works with `int`, `float`, `bool`, `byte`, `string`, `name` types, make sure that your variable name length >= 2 characters.

```unrealscript

var int MyCommentStringProperty "Hello world!";

log("MetaData: " $ class'CoreAPI'.static.GetTypeMetaData(Property'MyCommentStringProperty'));

```