Pokémon X/Y Online Battle Exploit - "Battle Analyser"

#1
IMPORTANT UPDATE

The Pokémon X & Y Version 1.2 patch is out now!

http://nuggetbridge.com/news/pokemon-x-y-version-1-2-patches-wifi-exploit/

Version 1.2 has been released for Pokémon X and Y and is available from the eShop. This patch is required to go online with the games as of December 12th, 2013. This patch fixes the exploits which allowed players to see Pokémon data being transmitted during wireless communication (be it battles or trades).



DO NOT OFFER LINKS TO THIS PROGRAM OR POST WAYS TO OBTAIN IT IN THIS THREAD

In an effort to save honest players from undue grief in online battles, everyone should be made aware that there is a new exploit in use for Pokémon X/Y Wi-Fi battles.





The "Battle Analyser" program works much the same for battles as the "Instacheck" program does for trades. A PC is set up as a wireless hotspot to intercept data from the Pokémon games, and upon the opponent clicking confirm on the battle screen, the program loads information on their entire party and then displays the attacks selected before each turn during the battle. This affects all online battle modes.

This program is a tremendous detriment to the competitive nature of Pokémon battles. It is our hope that, in fully exposing this program to the public, Game Freak will quickly take the necessary steps to block the exploit.


Please use Twitter and any other social media outlets to let your displeasure be known!

https://twitter.com/Junichi_Masuda
https://twitter.com/Pokemon
https://twitter.com/Pokemon_cojp
https://twitter.com/Nintendo
https://twitter.com/NintendoAmerica
https://twitter.com/NintendoEurope


UPDATE:
In any case, an anti-cheat program is being developed as an interim solution if people would like to contribute: http://nuggetbridge.com/forums/topic/2995-wifi-anti-cheat-software-community-initiative

OmegaDonut said:
Fortunately, Kazo has developed a working prototype for a counter-program that renders the cheat program ineffective, which works by sending false team and move information to the opponent. The games are able to distinguish the real data and ignore the fake data, but the cheat program cannot.

This is where the community steps in. For the cheat jammer to be most effective, it needs to be able to send realistic-looking movesets, and have enough variation so that opponents can't be sure of which moveset you're running. I'm looking to the community to help create a database of standardized movesets to come with the cheat jammer. Players will still have the option of adding custom movesets to their own databases, tailored to suit their teams. Also, the jammer will randomly modify some of the spreads and IVs as to not look too uniform.
UPDATE 2:
Rated Battles are disabled until further notice.
http://3ds.pokemon-gl.com/information/fc0d552d-cbf1-45a6-a144-a4951990f512

Pokémon Global Link said:
Rating Battles Temporarily Disabled
We have temporarily disabled the ability to participate in Rating Battles in Pokémon X and Pokémon Y.
If you try to participate in Rating Battles in your game, you should receive the following error code: 004-3003

Please continue to check the Pokémon Global Link and the official Pokémon website for updates about when Rating Battles will be available again. We apologize for the inconvenience.
 
#4
Whoa. That sounds really cool from a technological standpoint.

Of course it's shitty for the players and ruins the game, but I'm amazed at the fact that this exists.
 
#7
Holy... that's bullshit. I really dislike when people make programs like this. There's hacking to get more knowledge about game mechanics and then there's shit like this.
 
#8
This is a serious issue for anyone trying to play online. I'd like to suggest that players send any concerns to @Junichi_Masuda, @Pokemon, @Pokemon_cojp, or @Nintendo on Twitter. Hopefully Game Freak can deliver a patch before this really ruins the game.
 
#9
I don't know which Nintendo-community impresses me more, Pokémon or Smash Bros.

I mean this is kind of crazy that this is possible and that someone spends time doing this :lol
 
#12
This is a serious issue for anyone trying to play online. I'd like to suggest that players send any concerns to @Junichi_Masuda, @Pokemon, @Pokemon_cojp, or @Nintendo on Twitter. Hopefully Game Freak can deliver a patch before this really ruins the game.
I don't know if a patch is even possible...
 
#13
This is a serious issue for anyone trying to play online. I'd like to suggest that players send any concerns to @Junichi_Masuda, @Pokemon, @Pokemon_cojp, or @Nintendo on Twitter. Hopefully Game Freak can deliver a patch before this really ruins the game.
Is there really anything they can do against packet sniffing though?
 
#15
Wait, so instead of just sending a "ready" message to the opponent and sending the actual data when both players confirm they're ready, it just sends all the information instantly in one go? That's ridiculous. Major oversight by GameFreak.

Exploits like this ruins Pokemon and kills any motivation to actually train and battle with anyone but friends. Pokemon Bank is opening eventually and the flood of hacked-but-undetectable Pokemon will come into X/Y. Glad I jumped ship sooner with all those other games to play.
 
#16
Encrypt packets somehow? Iunno.

I mean it's cool that we got the shiny thing, but I hate that it got extended to this bullshit.

EDIT: Hedja, that's actually a damned good way to check that shit. Just don't send it until the last moment. But you have to wonder if the game loads all the models and animations for each Pokemon as the battle starts. But at least we'd get Attacks out of the way.
 
#17
I don't know if a patch is even possible...
Is there really anything they can do against packet sniffing though?
Is it possible for them to implement some sort of encryption?
Wait, so instead of just sending a "ready" message to the opponent and sending the actual data when both players confirm they're ready, it just sends all the information instantly in one go? That's ridiculous. Major oversight by GameFreak.

Exploits like this ruins Pokemon and kills any motivation to actually train and battle with anyone but friends. Pokemon Bank is opening eventually and the flood of hacked-but-undetectable Pokemon will come into X/Y. Glad I jumped shit sooner with all those other games to play.
Hacked but undetectable Pokemon are no longer a problem since you can easily breed for those kind of Pokemon now.
 
#19
This is truly awful. I'm okay with the checking eggs for shinies or whatever, but this is too much. I really hope we don't have to wait until another game to get this fixed.
 
#22
Whoa. That sounds really cool from a technological standpoint.

Of course it's shitty for the players and ruins the game, but I'm amazed at the fact that this exists.
It isn't. It's just that the game was kind of silly designed. Or lazily. Or just not from a hackable perspective. The game sends out all the data that's obtained at the beginning of a battle. Why is sort of beyond me, especially considering that this data is so easily obtainable. It'd be from a performance perspective, that while the battle is starting up, everything you need is received, so you don't get breaks during the battle while you receive the name of the next Pokémon. However, that's completely trivial, seen how it's basically just an identifier that needs to be sent, so it seems to be lazy design.

Is there really anything they can do against packet sniffing though?
I see no reason to send all that data at the beginning of the match, anyway. I don't know the game at all, though. But if the thing is that you don't know what your opponent has, then why send it? Even encrypted.
 
#23
I don't know if a patch is even possible...
It's more than possible.

Player 1 chooses Pokemon, sends a message to Player 2 that they're ready to start then waits for Player 2 to send his message. Player 2 does the same. Both ready and send their data over. You can't have any foresight with that.

Similar system when picking turns. The most basic anti-cheat system, honestly can't believe GameFreak never thought of this.
 
#27
They just need to change when the relevant data is sent.

From the looks at it, data on what you're doing (using a move, switching a Pokemon, etc) is sent to the opponent the moment you choose it, which allows this program to check it. If instead the game simply sends a flag saying "I'm ready", and then only sends the meaningful data when both players have made their choices, it should at least be impossible to check the opponents move and then make decisions with it in mind.

Preventing them from checking team data might not be so simple though, since I'd assume it's sent beforehand to prevent people tampering with the data during battle, but who knows.

EDIT: Beaten by Hedja. =[
 
#29
Does that cheating program that aids in finding shiny pokemon use packet sniffing as well?
Yes. Each egg has a specific value assigned to it which, if matched with a player with the same value, hatches into a shiny. You can see this value when you intercept packets between trades.

That's what I've read anyway.
 
#30
Encryption would solve this easily but GameFreak has proven repeatedly to have no idea what the hell they're doing when programming online functionality.
 
#31
Well that fuckin sucks. Do we have any download numbers or something? I might need to get all my online battling done before this becomes too common. And just when I was starting to get into the rating matches too :(
 
#33
Is there really anything they can do against packet sniffing though?
GTS is encrypted as they likely didn't want fans making competing products to Pokebank (something similar to Pokebank was released for Gen 5 by fans for free). They would need to put that same encryption on battles (which they should have done from the start but apparently didn't feel like doing) and force players to update when connecting online (which is what I assume Mario Kart did).
Why would anybody make this type of program?
attention whorin'
 
#34
Wow. Just... Wow.

Well, I got in more than 100 battles with a complete team and came away from them with some great Battle Videos. I don't really have incentive to come back until GameFreak fixes this situation, though.

For those who keep playing, I'd advise not choosing your move until the last second of command time. This makes it harder for a cheater to react accordingly.

Still sucks they know which Pokemon you brought and everything about those Pokemon.
 
#35
I heard about this a few days ago. I'm kinda expecting GameFreak to release a patch that changes the way the transfer of data in the game works or something.

Does that cheating program that aids in finding shiny pokemon use packet sniffing as well?
If they fix this Instacheck dies with it.
 
#36
Sigh.

Seriously, I swear there's no other game series out there with such a dedicated amount of people trying to break it. I've seen Assembly code out there for some of the game's algorithms. Assembly.
 
#37
I love Pokémon but I feel compelled to post this which applies to the fanbase too :
Just gotta say that this is a very complex way of representing the very foundation of RPGs. 0xff and 0xffff are numbers those of us that know about this type of thing know by heart. Once you've reverse-engineered the FFVII battle-system, you start getting a feel for these things, and the things in that picture isn't complex, really. You should see the way damage is calculated in FFVII, or the way crits happen.
 
#39
I love Pokémon but I feel compelled to post this which applies to the fanbase too :
Catch rate is actually one of the simpler things lol. Competitive is way more complex than a lot of people realize.

Ontopic, I was already not feeling the online play, and I will definitely not touch it now until it gets fixed. I don't even get why people do this, people are assholes simply because they can be.
 
#42
Hacked but undetectable Pokemon are no longer a problem since you can easily breed for those kind of Pokemon now.
Why bother wasting hours/days breeding and training when Jimmy is using Pokewhatever to get his perfect Pokemon in less than a minute?

The only reason to bother is for self-satisfaction which kind of kills the point of Pokemon X/Y; which to me seems like it's about sharing experiences with everyone around the world. Trading will pretty much become pointless since the hacked Pokemon will flood and devalue pretty much everything. This only adds further to the problem.

Pokemon is about trading and battling. Both have pretty much been compromised and always will be.
 
#43
Not sure why people are pointing out the amount of research and documentation of Pokemon's mechanics when Battle Analyzer is more like a cheat program like you would see in an online first person shooter (yes, I know those work differently but I can't think of any other comparison).
 
#44
Man, and this gen was the first time I've ever really gotten into battling because of how they streamlined the breeding process. =/
Yep, same here. The competitive scene opened up big-time for me this generation, thanks to how they greatly streamlined IV breeding, and EV training, and connecting with others for trading and battles. Even hatching eggs is simpler thanks to the straight shot breeding route and the way people can send you hatching O-Powers over the Internet. I raised numerous "perfect" specimens to their full potential, and created several complete teams that made for some of the most exciting multiplayer sessions in any game ever. The Battle Video feature even allowed me to retain and share those victories.

But now this "battle analyzer" comes along and makes every random opponent suspicious. Now one will wonder, "Did they -really- predict my move, or did they check a computer program to know I was going to use Earthquake and they should switch to a Flying-type?" As an example. :-\
 
#46
Yep, same here. The competitive scene opened up big-time for me this generation, thanks to how they greatly streamlined IV breeding, and EV training, and connecting with others for trading and battles. Even hatching eggs is simpler thanks to the straight shot breeding route and the way people can send you hatching O-Powers over the Internet. I raised numerous "perfect" specimens to their full potential, and created several complete teams that made for some of the most exciting multiplayer sessions in any game ever. The Battle Video feature even allowed me to retain and share those victories.

But now this "battle analyzer" comes along and makes every random opponent suspicious. Now one will wonder, "Do they -really- predict my move, or did they check a computer program to know I was going to use Earthquake and they should switch to a Flying-type?" As an example. :-\
If you go to places where people actually care about the competitve aspect of the game you probably won't run into people using this program and its pretty easy to tell when an opponent is predicting and countering every single move you make.

Ughhhhh this sounds awful. Hopefully they can stop it before it get's too big.
It doesn't matter how big it gets if they force you to patch it.