Skip to main content

Security

ModKit includes several security layers to protect players from malicious mods.

Native Code Rejection

Always Active

ModKit always rejects native-code mods. This check cannot be disabled — a flagged mod is rejected with EModLoadResult::ContainsNativeCode.

A mod is rejected as native-code if either:

  1. Its ModDescriptor.json declares CppModuleNames (i.e. the mod ships a C++ UE module), or
  2. A .dll file is found anywhere in the mod's folder (a recursive scan runs at load — catches native code that wasn't declared).

This prevents mods from executing arbitrary machine code on players' machines. See C++ Mods below.

Version Validation

ModKit enforces version compatibility automatically:

  • Mods declaring a MinGameVersion higher than the game's GameVersion are rejected with EModLoadResult::GameVersionTooOld
  • Mods declaring a MaxGameVersion lower than the game's GameVersion are rejected with EModLoadResult::GameVersionTooNew

Update your GameVersion when you make breaking changes to your public API or asset structure.

C++ Mods

C++ mods are not supported. Any mod whose descriptor declares CppModuleNames (derived from the Modules section of its .uplugin) is rejected at load time with EModLoadResult::ContainsNativeCode — there is no opt-in.

Only asset and Blueprint mods are loaded. A drag-and-drop .pak never executes native code: a .dll shipped inside a PAK isn't in the game's Binaries/ folder, so it would not run anyway.

Roadmap

The IModKitMod interface exists for a future controlled-native-code mechanism (loading a module pre-compiled into the game build, not shipped in the PAK). It is not wired up yet — today every CppModuleNames entry causes a rejection.

Dependency Security

ModKit validates the full dependency graph before loading:

  • Missing dependencies → EModLoadResult::MissingDependency
  • Circular dependencies → EModLoadResult::CircularDependency
  • Duplicate ModIds → EModLoadResult::DuplicateModId

A broken or malicious mod chain cannot cascade — each failure is isolated, logged, and skipped.

Recommendations for Shipped Games

ConcernRecommendation
Cheating in multiplayerUse ModHandshakeComponent — see Multiplayer
DRM / no moddingSet bEnableModLoading = false in shipping config