Breaking Pokemon Go with a Raspberry Pi
Raspberry Pi Cryptocurrency Node
A few weeks ago I bought a Raspberry Pi starter kit on Amazon. I wanted one for a few months and finally found the perfect use case – running a cryptocurrency node. After flashing an SD card with Raspbian, I hooked it up to my network and configured Bitcoind. I left it to sync for a few days. I forgot about it and didn’t end up checking again until the following weekend. After more than a week of syncing, it was making almost no progress. Tired of waiting, I decided to wipe the pi and try something else. This time I would try running an Ethereum node. This was much worse. After a few unsuccessful days of trying to get it working with Geth, I switched to the Rust EVM, Parity. This got me far enough to start syncing, but the device never got very far. It grew extremely hot and continually crashed, so I gave up and stashed the little pi in my desk drawer.
Pokemon Go and Raspberry Pi
Around the same time, Pokemon Go took over the world. I joined the masses for a few days but was far too prideful to run around the park chasing fake monsters in real life.
Faking Location with XCode
I used XCode to create a basic app on my iPhone. Then I’d plot longitude and latitude waypoints in the app to go anywhere in the world. For example, I’d plot a path of coordinates along central park and other locations where people reported rare pokemon. I still had to go through the grind of trying to catch each pokemon my avatar encountered. This was way too laborious for my taste.
Pokemon Go Bot
Finally, I found the perfect setup… a python bot that I could modify to mimic a real user’s behavior. My avatar would run around a location automatically while trying to catch anything it encountered. This turned out to be the perfect use case for the Pi. I was able to run the bot 24/7 without bogging down my laptop, and before long I’d amassed a large collection of rare Pokemon.
Then, Niantic released a security update that killed all the bots. Amazingly, it only took a few days for hackers to reverse-engineer the patch. My Raspberry Pi Bot hummed along for the next 3 weeks as my avatar hit the level cap and my account contained all 300 pokemon. I could take over all the gyms in my area without leaving the couch. I’m sure the kids who were playing in these locations were looking all around for the person near them who had the maxed out Dragonite and Snorlax. The bot logged out one morning earlier this month. I tried logging in from my iPhone. The mobile app also rejected my credentials. This was strange. After a few hours, I checked my email and received this:
It was fun while it lasted and ended up being a great learning experience for configuring an always-running Raspberry Pi.