Ways to protect against macro cheaters and stop them in their tracks*

*(Or at least slow them down)

Recently it was mentioned in the discord that Mac would rework the AFK prompt so that it was a little more involved, for example - solving a maze.


Personally, while I believe this is a step in the right direction, it needs further fleshing out.

Why not instead of relying on one simple type of puzzle, a variety of simple puzzles is considered - each with their own variety of solutions? Make them unpredictable as possible in order to catch out those who are blatantly cheating.

1. Vulnerable targets

First, one has to consider which systems in TU are most vulnerable to automated play.

The systems that are at the most risk that I can see of are:-

  • Casino Slots, and any other single-player casino games (video poker, et al.), that require a significant time investment.
  • Typing Derby (A savvy cheater need only perform a web search with part of the text, copy the remainder of the text in to their clipboard, followed by using a custom AutoHotkey keybound command to loop through the contents of their clipboard and send automated keystrokes for each character in the text.)

2. Keystroke Throttling

Above all else, the first thing that should be considered is enforcing an upper limit of how many keystrokes that can be sent per second, on both the server and the client, on a per player basis.

I’ve personally not witnessed any natural WPM count faster than 120-130wpm in Typing Derby, which is still insanely faster than the standard speed of 70wpm that is required in office-based work.

With this in mind, it makes sense to enforce a strict timeout/cooldown on keystrokes being sent faster than one every ~0.4 seconds. Not only does this protect Typing Derby against macro-based copy and paste shenanigans, it also prevents Casino Slots from being so easily sniped.

However, a stricter keystroke rate being enforced on slots is ideally preferred, so that the most cunning of cheaters can’t simply place their character behind the seat of already occupied Triple Diamonds game that has a jackpot that is close to popping, in hopes that the current occupant’s connection drops so that they may snipe the hotseat in an inhuman reaction time.

3. Grace Periods

On Casino Slots with hotly contested jackpots, grace periods for players who lost the hotseat because of their connection dropping, or being disrupted beyond their control for any reason – is something that should be considered. Block any other players from claiming the hotseat until the grace period is up. I think 60 seconds is fair. This could also be extended to all of the games in the Arcade.

4. Variations of the AFK prompt

Personally, I don’t think that the current system is deterrent or effective enough, and I think it should be thrown out and replaced with something that requires some degree of effort on the player’s part. I refer back to Mac’s mention of implementing a maze puzzle, which is a good jumping off point.

Here are my suggestions:-

  • Triple key prompt (instead of just one)
  • 3x3 sliding puzzle
  • CAPTCHA style puzzle
  • A grid-based ‘Hacking Minigame’ style puzzle (eg. BioShock)
  • Among Us style tasks

5. Extend AGC

TU ships with AGC binaries in DLL form, and has the potential to become its own anti-cheat toolkit. It could be extended to scan the player’s system for any running instances of known executables of common cheat software, AutoHotkey and Cheat Engine to name a couple, among hex editors.

That’s not to say that AutoHotkey doesn’t have its legitimate uses in the real world, as it can be used to bypass any anti-copy/paste scripts that are active in the password fields on web forms of some sites, should you need to copy and paste your password from an offline password manager.

6. Jackpot Killers

Rolling any jackpot winning combination on Casino Slots or Video Poker should trigger an instant AFK prompt, though this time the AFK prompt has consequences for failure.

The player is given no less than three attempts to pass the AFK prompt successfully, with the jackpot being rightfully paid out if successful.

The fair and just option…

Upon failure, that player is kicked off and effectively barred from playing again immediately until after the jackpot is won and cleared by someone else.

The nuclear option…?

Alternatively; upon failure, that player is kicked off immediately with the jackpot being rendered NULL and VOID, and is started over from scratch.