PokemonGo…back: Reverse engineering at work

By Marc Laliberte, Information Security Analyst at WatchGuard Technologies Unless you’ve been living in the wilderness since March 2016, you can’t help but be aware (albeit vaguely) of...

By Marc Laliberte, Information Security Analyst at WatchGuard Technologies

Unless you’ve been living in the wilderness since March 2016, you can’t help but be aware (albeit vaguely) of the global phenomenon that is PokemonGo. An augmented reality game played on your mobile device, the game works by allowing you to capture wild Pokémon using your camera and GPS to track the animated creatures.

The biggest mobile game ever launched in US history, PokemonGo has hit the headlines across the world from the accidental deaths of distracted gamers to links to incredible scenes as hordes of enthusiasts take to the streets to catch rare Pokémon. 2016 has definitely been the year of the Pokémon.

With such an immensely popular and far-reaching app it was only a matter of time before criminals saw its potential.

The first and most obvious attack came in the guise of our old friend, malware. Using third party app stores to offer add-on software, alternative sources of installation or fixes and patches the malware option has been a successful way to infect mobile devices.

There is nothing sophisticated or new about the way that the app is being used to propagate this kind of malware.

Neither is there anything new about the lure of such a hugely popular app attracting the attention of hackers with something else in mind…reverse engineering. Some hackers do this simply for the challenge or the fun whilst others do so for the financial rewards.

Subreddit group, PokemonGoDev, started work as soon as the game was released to reverse engineer the app-to-server communication channel. Since then, users have been publishing the results of their efforts. One user has published both a guide to the communication protocol used by the game as well as an indexed dump for every item and Pokémon in the game.

With the communication method established and a communication channel set up with the PokemonGo servers it wasn’t long before the server responses could be decoded using an Application Program Interface (API).

The result?

Well, dedicated PokemonGo enthusiasts now have the ability to hunt their quarry using far more detailed information and, if they so wish, can even ‘collect’ Pokémon without ever leaving their living room.  For gamers, this simply isn’t cricket and PokemonGo’s developers, Niantic, should be encouraged to clamp down on users that abuse this backdoor advantage to the game. However, it isn’t exactly a global threat, is it?

Or is it?

Understanding how apps are developed via reverse engineering is a unique way in which programmers and developers learn new tools and is an established method in the industry for advancing the community’s global knowledge base. However, the abilities demonstrated with the PokemonGo app use API to query and receive detailed information from the Niantic server is another example of how quickly and easily the hacking community works.

Though, PokemonGo is just a game, cyber-security isn’t and it remains important to stay vigilant and keep your networks up to date with the latest cyber defence technologies.

In this article

Join the Conversation