Originally published by Robert Beisert at fortcollinsprogram.robert-beisert.com

Pokemon Go Bots: A Case Study

Pokemon Go is a very popular game, and I don’t need to say any more than that.

What’s truly interesting is the hacking community dedicated to developing third-party applications around it. Around the time of release, several clever people reverse engineered the basic API, allowing for the development of useful maps and a number of fairly complex bots.

Problem

The problem with all these applications is that they needed direct access to the original servers to operate. The maps were perhaps the worst offenders – they refreshed all the nodes for thousands of locations worldwide every few seconds, which meant heavy server loads. The bots were less oppressive (because you only ever ran either your phone or the app at one time), but none of these tools were optimal for developer Niantic.

Update Complication

Around noon on Wednesday, Niantic changed the rules. A major update last week introduced a few unimplemented variables (which the API adopted rapidly), but the new rule is what changed the game.

All along, there was one block of data that nobody understood, usually referred to as Unknown6. Up until Wednesday this block didn’t seem to matter (so long as you put any random value in there), but following a brief downtime the server rules changed. Suddenly, none of the applications received useful responses to their requests, and all signs pointed to Unknown6 as the culprit.

The obvious conclusion: some cryptographic hash, almost certainly in the one place we didn’t understand, was suddenly relevant.

Reverse Engineering

This is where it starts to get cool.

Pokemon Go was built to be hard to read. It’s got C++ library code that passed through a half-dozen different cross-compilers before finally getting filtered through smali. In short, the code is ugly and nearly impossible to read.

Still, at time of writing, a collaboration of hundreds of developers has largely cracked the app open. Though I’m not among them (and thus, lack access to their chat logs), it looks like they’ve figured out what kind of encryption is in play and are still seeking out that few bytes of compiled code which represent the key(s).

In 36 hours.

I’m still coming to terms with the magnitude of this whole endeavor. The program has been available for a few short weeks, but various teams have not only cracked the API calls and built dozens of powerful tools, but now are coming close to reverse engineering the entire compiled program, sans sources. At present, they’ve narrowed the remaining issue down to a handful of unknown fields and perhaps 200 pages of unknown code (containing a custom encryption). How cool is that?

Some Philosophy

Bots are nothing new to the online gaming community. World of Warcraft has been fighting them for a dozen years, because they invariably break the delicate balance of the game. When it comes to completing repetitive tasks for long periods of time, nothing beats a computer.

Why are bots so popular with this particular game? Frankly, Pokemon Go is boring – it’s a whole lot of walking around (in the real world), throwing imaginary balls at imaginary floating monsters that are almost always the same, weak things. You catch, you release, and if you do enough of it you eventually get a bigger imaginary monster with high enough numbers to play a very simple fighting game against computer controlled opponents. Most bots automate the grind so you can get to the big numbers faster.

So what exactly makes this project sufficiently interesting to attract so many disparate developers to perform one of the hardest tasks in programming? Despite how boring it is, it’s got all the addiction techniques discovered and refined by online games over the decades. There are flashing lights, vibrating cues, bright colors, and achievements that are easy to get at the start and increasingly difficult to get as you play. Add to this the false socializing aspect refined by social media applications, and you have a killer app that rewards you for being in the same general area as other people. Wherever this many people gather, people will arise to exploit the system that gathers them.

I ride the fence on the ethical implications of third parties exploiting engines to produce unique and interesting projects. On the one hand, it breaks the spirit of the game and uses the provided service in an unintended and unlicensed manner, but on the other hand it creates opportunities for innovation and exploration. It’s a line too fine to arbitrate absolutely, but I’ll continue to be impressed by the dedication and ingenuity I see from people who, ultimately, are just breaking the engine for the thrill of the challenge.

It’s the spirit required to put a man on the moon, and I think it’s exactly the inquisitiveness, creativity, and determination required to truly Make America Great Again.

 

You can find the status of the reverse engineering attempt on this Reddit thread.