8787 build

[Mad4poko]

I just manually evolve a weedle...Why it feel so Wrong?

Xposed working fine no softban...

[RedLFC1892]

@everyone Final Status Update:
Niantic has now began to obfuscate the API answers. This means that we will need to update the POGOProtos and implement the new hash b1f2bf509a025b7cd76e1c484e2a24411c50f0612. Reverse Engineering an App with SSL Pinning is hard to do, thanks to git user rastapasta & cstrachan88 we able to bypass these security measures.
Niantic took a big step to block Bots. But we are sure this is bypassable. Sorry for the inconvienience.

[Distiny]

there is this tool:
https://codeinspect.sit.fraunhofer.de/?q=video

it decompiles the apk into an intermediate language wich can be easily read by humans and is compiled into java byte code. this means, you can decompile evry app you want and without any changes you can compile and run it on an android device. i used this tool for several hacks in online games, so i can assure you that it works quite well^^ you can even inject your own java code into the app..

I'm using other tools

though this is the prev version not the latest..

[prrovoss]

I'm using other tools

though this is the prev version not the latest..

and can you edit its source code, compile it and run it on any android device? i think thats the most interesting part^^

[wingchunkuen]

as of now is there no working bot?

[prrovoss]

for example this is the actual HttpURLConnection that is used by the pokemon app to communicate with the servers, which i can use as i want^^:
https://pl.vc/rafm1

the byte array contains the content of the connections inputStream.
In the console output you see the system prints of my method (at runtime on an android device). i had to surround it with ugly marks, because the app is pretty verbose

i think the inputStreams content (after the header names) is the most interesting part here. this was my first look into the apps code, so i dont know if this is of actual importance but it looks like something^^

besides that, there is no part of the app that cannot be manipulated with this method...

[Distiny]

for example this is the actual HttpURLConnection that is used by the pokemon app to communicate with the servers, which i can use as i want^^:
https://pl.vc/rafm1

the byte array contains the content of the connections inputStream.
In the console output you see the system prints of my method (at runtime on an android device). i had to surround it with ugly marks, because the app is pretty verbose

i think the inputStreams content (after the header names) is the most interesting part here. this was my first look into the apps code, so i dont know if this is of actual importance but it looks like something^^

besides that, there is no part of the app that cannot be manipulated with this method...

now that is damn interesting! I never worked with APK's before, mainly cheated in FPS' or pc mmo's

Do you use the demo version or a cracked one?

[prrovoss]

now that is damn interesting! I never worked with APK's before, mainly cheated in FPS' or pc mmo's

Do you use the demo version or a cracked one?

of what? the tool i used? its the demo version.
the thing is, that this is all protobuffer encoded or whatever^^ there are tools out there that can decode it but i have no idea where to find one.
there is this article:
https://applidium.com/en/news/unbundling_pokemon_go/

they could decode an output very similar to mine to something like this:

Code:

1: 53
2: 6032429073588813826
3: "pgorelease.nianticlabs.com/plfe/226"
7 {
  1: "nr\026\335Z\206\241\317\257\275\224\'\353X\326\320_}\220
  \316~\227\361\3670\'@\205\315t\221\233-C\367\211\r<j8y\024
  \224\312v\342\2269~\304\202/\036\247\276\361\266,\033s\027\006\f^"
  2: 1468599616357
  3: "$\002\304\337.\034\270\361\214D\251nz\273fM"
}
100 {
}
100 {
}

or this:

Code:

100 {
  1: 1
  2 {
    1: 1467925951134
    2: "REDACTED: player name"
    7: "\000\001\003\004\a"
    8 {
      8: 1
    }
    9: 250
    10: 350
    11 {
    }
    12 {
    }
    13 {
    }
    14 {
      1: "POKECOIN"
    }
    14 {
      1: "STARDUST"
      2: 500
    }
  }
}

but i have no idea how

[Distiny]

of what? the tool i used? its the demo version.

Time to apply for a license then

[prrovoss]

Time to apply for a license then

yep, hf^^
its nearly 2am here and i think they approve the licenses manually, so you might have to wait till tomorrow.
in the mean time you can watch the two videos on their website the second one shows what i did.

edit
unfortunately the content of the server response is handed over to this method:
private static native void nativeCallback(long, int, String, ByteBuffer, int, int);
and i have no idea where to find the implementation to that. its probably somewhere in the unity resources (or somewhere totally else )
so its either to find this methods implementation or to decode the protobuffer stuff.

[cancelled]

What exactly is needed to make these bots start working again? If someone could explain to me I could possibly help or help in the future with these sorts of things, I want to try implementing the new hash & protos even if it takes a while a to learn thanks

[Mad4poko]

Quote Originally Posted by iFlame View Post
"I bet you a Lvl 25 account that we will have a working API by maybe tommorow evening at most :P"

"I'll take that bet seeing as how you probably don't realize API is now encrypted with SSL so unless the bot creators are very talented at decryption or can setup some MITM bot, it is very unlikely bots will be fixed by tomorrow, if at all. Niantic can simply change encryption hash every time bot developers manage to decrypt it."

what do you guys think? Bot for pokemon is over?...

[hjyg]

what do you guys think? Bot for pokemon is over?...

Looks like Niantic have an easy way of blocking all bots, and they've worked out how to use it, so yeah I think for the most part it is over. I'm not saying give up though. There's probably still a way around it, but as soon as botting becomes a significant problem again they'll probably just change their API once more.

I'm glad I got plenty of stardust and decent level before they went down though. Shame I didn't get to 40, as there's no way I'm gonna manage that in my remote little village. There's only one pokestop within about 4 miles of me, and you can't get signal next to it so it's unuseable.
I'm annoyed they killed spoofing. I can see why they did, but it's now virtually unplayable for people like me.

[hallda12]

Looks like Niantic have an easy way of blocking all bots, and they've worked out how to use it, so yeah I think for the most part it is over. I'm not saying give up though. There's probably still a way around it, but as soon as botting becomes a significant problem again they'll probably just change their API once more.

I'm glad I got plenty of stardust and decent level before they went down though. Shame I didn't get to 40, as there's no way I'm gonna manage that in my remote little village. There's only one pokestop within about 4 miles of me, and you can't get signal next to it so it's unuseable.
I'm annoyed they killed spoofing. I can see why they did, but it's now virtually unplayable for people like me.

Yesterday was the first day i really started botting hard as well haha. Was farming candys and was planning to mass evolve 1000's of pokemon today. Luckily managed to rack up nearly a million Dust and level 36 though

[mrkoekje]

There will be no more botting. RIP botting for pokemon GO.
Well atleast I've got a lil bit of benefit out of it.