Pokemon GO 's companion' Pokémon GO Plus' is reverse engineered and a fierce fighter emerges as' Fast duplication! '


Pokémon GO (Pokémon GO) is a game to help you play the item " Pokémon GO Plus " to help reverse engineer "Pokémon GO Plus can now replicate!" People who speak loud, Pokémon GO Plus I'm publishing a blog that I made naked in details such as the authentication algorithm used in Plus.

Reverse Engineering Pokémon GO Plus - Tinyhack.com
https://tinyhack.com/2018/11/21/reverse-engineering-pokemon-go-plus/

Yohanes Nugroho, an Indonesian programmer, challenged the reverse engineering of Pokémon GO Plus. Nugroho has succeeded in familiarizing the contents so much that it gets ridiculous that "Pokémon GO Plus can be duplicated!"

Pokémon GO Plus has also been reviewed by GIGAZINE. If you want to know what kind of terminal please check the following articles.

Pokemon GO official wearable device "Pokémon GO Plus" haste photo review, real thing like this - GIGAZINE



According to Nugroho, the key to duplicating Pokémon GO Plus is to use BLOB to clarify the BD address assigned to each Pokémon GO Plus. Using a BLOB allocated to another person 's Pokémon GO Plus seems likely to be able to BAN account to Niantic in the future in the future. Nugroho explains the authentication algorithm necessary for duplicating Pokémon GO Plus in its own blog and the method for extracting BLOB that we have created independently.

Nugroho said that, at the beginning of the release in September 2016, Pokémon GO Plus was completely resistant to reverse engineering and was in a state of nakedness that is not protected at all. But then in a short time Niantic has come to implement a complex hash algorithm for server requests. After that, in January 2017, users of the reddit bulletin board posted detailed posts on reverse engineering of Pokémon GO Plus, "This was not perfect," Nugroho wrote.

Also, Nugroho said that Datel and other companies are selling alternate devices from third-party Pokémon GO Plus, "Datel does not disclose details on reverse engineering of Pokémon GO Plus" It is unknown how to make a device that behaves like Pokémon GO Plus. Therefore, for general users "Pokémon GO Plus remained as a mysterious device as usual". So, Nugroho seems to decide to independently try to reverse reverse engineering Pokémon GO Plus.



In order to elucidate the authentication algorithm, it seems necessary to understand the three elements related to Bluetooth Low Energy (BLE) adopted by Pokémon GO Plus "battery state" "LED and button" "certificate". According to Nugroho, in order to recognize peripheral devices such as Pokémon GO Plus with Pokemon GO, it is necessary to first notify names such as "Pokémon GO Plus" and "Nintendo Switch". And before we can use LEDs and buttons (Pokémon GO Plus), we have to clear the authentication before the pairing with the smartphone side is not completed.

Some people tried reverse engineering based on BLE traffic in order to solve this authentication algorithm, but then it was not possible to know details of the authentication algorithm. For that reason, Nugroho says "Because the protocol used AES encryption ." It is said that " CTR " and so on are also used as a cryptographic mechanism.



In Nokroho's blog , Nogroho's blog details what algorithms work in Pokemon GO and Pokémon GO Plus in the authentication process, and what data exchange is being done. Although it is quite complicated and difficult, when the last transmission including the character string "PokemonGoooooooo" is over, the application agrees with the button notification, and each time it finds a gym, a pocket stop, or a Pokemon it fits the characteristics of each LED I will send notifications.

When it ends, the monster ball on the screen switches from gray out display to normal display, and Pokemon GO and Pokémon GO Plus are connected.



Nugroho who understood the authentication algorithm tries to test whether the authentication is actually possible using Raspberry Pi Zero W of the microcomputer board in order to check the correctness of the authentication algorithm which I solved, but eventually I will use ESP 32 I heard that he decided in particular. The reason is that it takes too much time for Raspberry Pi Zero W to debug the Bluetooth stack BlueZ . Mr. Nugroho seems to have never programmed BLE in the past, but BLE programming on ESP 32 adopted for "reasonably cheap and easy programming" is written as "It was very easy".

In addition, the Pokemon GO Plus emulator for ESP32 created by Nugroho at this time is released on GitHub. In this emulator, Nugroho tested whether ESP32 could be paired with Pokemon GO. In the test, "Three pairing, disconnection, reconnection possible?" "Can you be notified if there are Pokemon around?", "Can you catch Pokemon if you press the button?" It seems to have been tested, it seems that each is clearly clear.

GitHub - yohanes / pgpemu: Pokemon GO Plus emulator using ESP 32



As a result of reverse engineering, Nugroho said that companies such as Datel and Codejunkies are able to sell counterfeit products of the perfect Pokémon GO Plus, "There are only a few combinations of BD addresses, BLOBs and keys" Because there is a simple formula to tie together and we do not need a secret key "" The algorithm has leaked out of the manufacturing factory of Pokémon GO Plus "and so on.

In addition, it seems to have thought about publishing BLOQ and key of Pokémon GO Plus, but then it says that Niantic, the operation source, is likely to block certain BD addresses from connecting, so we abandoned it . Also, many users use BD addresses obtained from distributed BLOBs, so everyone is worried that Niantic will be disinclining account suspension.

In addition, it also points out that Niantic is not comfortable with third-party devices like Pokémon GO Plus, and in the worst case also refers to the possibility of account suspension.

Related Posts:

in Software,   Hardware,   Game, Posted by logu_ii