In Overwatch, textures and colored text are represented by a special code known as a <TX> code and <FG> code respectively. Normally, these codes are sanitized in strings by the Workshop. This article will go over a method of bypassing this check to allow for the use of any texture / color within strings.
Credits to Zezombye for discovering this method!
Contents
Mechanism
To prevent the use of <TX> and <FG> codes, strings are sanitized in the workshop with backslashes, where < gets replaced by \<. This is how the engine distinguishes text from an actual texture. [2]
Dummy bot names have a limit of 127 bytes, and cuts off the string indiscriminately. [1] We can change the name of a dummy bot via the Start Forcing Dummy Bot Name action.
Implementation
The following code snippet allows for the use of a escaped < character stored in a variable. [1]
variables
{
global:
0: txCharacter
}
rule("Bypass Implementation")
{
event
{
Ongoing - Global;
}
actions
{
Create Dummy Bot(All Heroes, Host Player, False, Null, Null);
Start Forcing Dummy Bot Name(Last Created Entity, Custom String(
"______________________________________________________________________________________________________________________________〼"));
Global.txCharacter = String Split(First Of(Last Created Entity), Empty Array);
Start Forcing Dummy Bot Name(Last Created Entity, Custom String(
"______________________________________________________________________________________________________________________________ࡀ"));
Global.txCharacter = String Slice(String Replace(Custom String(
"______________________________________________________________________________________________________________________________〼"),
Global.txCharacter, First Of(Last Created Entity)), 126, True);
Destroy All Dummy Bots;
"At this point the bypass is set up and you can use the txCharacter variable to get the unsanitized '<' char."
Create HUD Text(All Players(All Teams), Custom String(
"{0}fgFF0000FF>R{0}fgFF7F00FF>a{0}fgFFFF00FF>i{0}fg00FF00FF>n{0}fg0000FFFF>b{0}fg4B0082FF>o{0}fg8B00FFFF>w{0}fgFFFFFFFF> text\n{1}",
Global.txCharacter, Custom String("{0}tx C00000000000003>", Global.txCharacter)), Null, Null, Left, False, Color(White), Null,
Null, Visible To and String, Default Visibility);
}
}
A rule that stores the escaped
<character in a variable by using a dummy bot. A HUD Text is then created using the character as part of a<TX>and<FG>code.
Use Cases
<TX> Codes
A <TX> code is in the format <TX [C]> where [C] is the value in hexadecimal (e.g. <TX C0000000002DD5D>).
<TX> codes can be used in strings to show textures such as icons.
Codes can be obtained via the TX Browser or via the TX Reference Sheet.
<FG> Codes
A <FG> code is in the format <FG [R][G][B][A]> where [R][G][B][A] is the color in hexadecimal with four channels of color. (e.g. <FG 6C48C5FF> corresponds to the color (108, 72, 197, 255) in RGBA values).
<FG> codes can be used in strings to change the color of text (e.g. "<FG 6C48C5FF>Hello World!")
Trivia
- This method has not been patched as of November 15, 2024 (version 2.13.0 - 132453).
- <TX> and <FG> codes were originally patched to prevent abuse from players crashing the game with it. [3]
References
- ["<TXC00000000000003> shenanigans"][1] Zezombye on Discord, September 2024
- ["<tx> was a big problem tho. now there's a whole string sanitization system that scans like every string that can be input from a user"][2] Magzie on Discord, March 2022
- ["people were crashing the game with it"][3] Magzie on Discord, May 2020
[1]: https://discord.com/channels/570672959799164958/1280745526257647689
[2]: https://discord.com/channels/570672959799164958/570672959799164964/956638540320624700
[3]: https://discord.com/channels/570672959799164958/570672959799164964/706575501875085313