Hacking Pokemon Go
Pokémon Go is finally out in the United States, and as a long time fan of the franchise, I downloaded it as quickly as I could. (I tried the New Zealand App Store this morning, but of course regional stores kept me waiting for a few more hours.)
After setting up my avatar and catching a Charmander, the first thing I did was fire up Charles and started poking around. (Not Poké-ing, poking.) Whenever a popular game comes out on iOS, I try to observe network traffic and inspect the app bundle to get an idea of what goes into the game. I didnt find anything spectacular, but there were a few interesting bits. (I know nothing about Unity, so I might be amused at silliness.)
The app says it made of Unity in one of the splash screens, and the graphics certainly look great. The Google Maps logo is visible in a couple of places, including the Pokédex and the world map, and Charles logs show a couple of connections to Google Cloud APIs and an RPC heartbeat connection to pgorelease.nianticlabs.com. The responses are coming back as chunked gzip data from an nginx server. Pretty cool.
Unsurprisingly, theres also an analytics SDK in there. (Two, actually!) Theyre using Upsights SDK, and uploading information such as your screen dimensions, time zone, and some in game stats. Its also grabbing carrier, connection type (cellular vs wifi) and a few other bits. Niantic is also tracking when you tap on the various in game buttons.
The other analytics library is Crittercism, but its a lot less vocal in the Charles logs, so if you dont look for it, youll miss it.
I decided to let Charles run for a while, and I saw a few things going over the RPC connection
When you tap on a Pokéstop, it shows up in the RPC heartbeat, along with a partially encoded URL, which points back to Googles hosting API. Charles shows that these requests are the images for the Pokéstops.
Even though I was sitting on my couch the whole time, a few pokemon decided to spawn (in neighboring apartments, so I couldnt get to them) and I could see them on the map. A Staryu appeared, so I looked and saw a URL in the RPC stream that looked like this:
https://storage.googleapis.com/cloud_assets_pgorelease/bundles/ios/pm0120?generation={id}&GoogleAccessId={more here}
Notice the pm0120 bit? Staryus number is number 120 in the Pokédex. Copying the URL into a browser yields the data blob from the server, but again, I havent yet been able to open it. Trying to change the number fails, because theres some bundle signing going on.
Eventually, the RPC connections start failing more and more frequently and the app finally crashed after about 50 minutes of sitting open connected to Charles. While watching the RPC stream and observing, I decided to look at a few other things
Going directly to the server in a browser yields a webpage that says:
Dude, this is the Player Frontend.
The title of the page? Even funnier:
Holoholo Player Frontend
Once I was looking at the Niantic website, I checked out the homepage. It notes that the company was founded by ex-Googlers, which explains the heavy use of Google as a backend.
At this point, I wasnt able to do anything super interesting because of the intercepted datas streaming format, but maybe someone will do something neat with this data some day. I am forward to playing the actual game tomorrow, despite a few subtle visual glitches.
? There are some really unpolished visual elements in #PokemonGO. Disappointing.
— Sam Jarman (@samjarman) July 6, 2016
A few things jumped out at me almost immediately.
On first launch, the location permissions prompt had a half baked permissions explanation.
In order to play the game.
To their credit, Pokémon Go only uses location when the game is running, which is actually kind of interesting when you think about what theyre trying to do. (Its pretty neat that they can augment reality with significant location updates and nothing more.)
- Theres a next mission hint which overlays the entire game, and gets in the way of menus and such. (It overs the Settings button in some screens, for example)
- The status bar is dark even when displayed right next to white text. Seems like an oversight.
Well, you know what the say about fixing bugs in early releases, right? Yes, you do. Shout it with me: Gotta Catch ém All!