When we first wrote about the world of automated Pokémon Go-playing "bot" programs a few weeks ago, we predicted a brewing technological war. Developer Niantic was inevitably going to deploy cheat-detection technology, and hackers would subsequently work to break through that detection. Last week, we saw the first battle in that war, and so far it seems like the hackers are winning handily.
After largely ignoring the growing issues of bots (and related mapping hacks) for weeks, Pokémon Go developer Niantic rolled out a mandatory game update last Wednesday focused on cutting off server access for such unofficial apps. In a blog post last Thursday, Niantic cited "aggressive efforts by third parties to access our servers outside of the Pokémon Go game client and our terms of service." The developer argued these hacks were overloading its servers and its employees, slowing efforts to improve the game and bring it to new markets.
In examining the updated game, hackers quickly focused their efforts on a bit of hidden data called Unknown6 (or U6) in the code. After the update, API requests that didn't send valid U6 data returned a useless empty response (previously, the field could be left blank with no issue, suggesting this anti-cheat protection was present but not activated in the game as it launched).
The U6 data itself seems to be a hashed encryption of data collected from the current state of the actual game client, which changes with each tick of the game's internal "heartbeat" timer. Theoretically, only a valid game client would have that information and know how to use it to generate that U6 hash, leaving bots and other hacks in the cold.
What followed was a multi-day, multi-person effort to decrypt the U6 generation algorithm, organized through the PokemonGoDev subreddit (and livechat) as well as associated discord chat, Wiki, and Github repository. Together, the community traced through hundreds of thousands of lines of compiler-optimized assembly code, looking for the bits responsible for creating that crucial U6 hash.
After four days of tinkering, by Sunday the hackers had apparently managed to untangle and replicate the U6 encryption function. This led to the creation of a new unofficial API, which can generate valid U6 hashes and receive game data from Niantic's servers. That newly working API has been quickly reintegrated into the various bots, hacks, and other third-party applications that had been disabled since Wednesday.
Regardless, the team behind MyGoBot seem relatively confident in their ability to thwart any anti-cheat methods Niantic may lay down in the future. "We have been in the botting industry for a while now, and we have thwarted anti-cheat for years," said Jake. After working on bots for Runescape and Clash of Clans over the past two years, Jake believes that, so far, "Niantic's anti-cheat is very sad compared to some others. Everything they have been adding in, has been easy to thwart (with the help of the community)."
"It probably took [Niantic] hours, if not days, to write the encryption for Unknown6," Jake continued. "It took us three days to crack. This is just a never-ending game." (Niantic has not responded to a request for comment from Ars about its cheat-detection and prevention technologies).
Full article at the jump, http://arstechnica.com/gaming/2016/...ogy-stopped-pokemon-go-hackers-for-four-days/