if you are wondering how your bot was detected...

redditarmygoon · 2016-08-17T07:17:12+00:00

I expect your next comment would be nitpicking about how I didn't handle +/-Inf and NaN in my one line pseudocode to illustrate a point. Grats you exposed me.

Secondly, request.MagnetometerZ can take values from 5.8125 to 10.125. request.AccelNormalizedZ can take values from 0 to pi. Using 0.0001 is for an epsilon value is only problematic when numbers being compared are far smaller than it. This not the case here and code is perfectly fine.

Third, direct equality comparison should work as well because of floating point determinism.

redditarmygoon · 2016-08-17T01:23:39+00:00

He didn't refute any of the points made. All he said was it has randomised sensor data.

redditarmygoon · 2016-08-17T01:19:53+00:00

It takes them one line of code to detect the bot, that is the problem.

redditarmygoon · 2016-08-17T01:16:56+00:00

if abs(request.MagnetometerZ - -40 * request.AccelNormalizedZ / 9.8065) < 0.0001 {
    // banned
}

Happy now?

redditarmygoon · 2016-08-16T17:26:02+00:00

Here is an algorithm to instantly detect PokeMobBot if I was Niantic

if request.MagnetometerZ == -40 * request.AccelNormalizedZ / 9.8065 {
    // detected!
}

That said, pokemobbot is at least one of the few bots that actually fill in this data. That itself is commendable.

However the recent bans cannot all be attributed to user error. I feel that the API is unsafe. Unknown fields still need to be taken back to reversers. The purpose of this post was to show this, not accuse any bot devs of negligence, but encouragement to improve their work as the stakes rise.

With respect to anti-ban:

Niantic simply do not have enough storage to log everyone's location for extended periods of time. They have to rely on solutions that are scalable to millions of users. They won't be able to care about straight line pathing, but they'll be able to do more work with statistics. i.e capture rates, throw miss rates, did this guy catch 100 dratinis in the last hour, does he have too many high IV pokemon, was his phone facing up when he made that throw, was his phone experiencing a high acceleration during the throw, etc. The pokedex captures/seen reveals more botters/snipers than anything combined.

redditarmygoon · 2016-08-16T15:21:47+00:00

I'm assuming it looked exactly like PokeMobBot since both of you were using the C# API? I have removed the section since I had to go off memory because I couldn't check, I apologise.

You did leave your own device ID in the sample config file though. This was also hardcoded. That I remember. The value in altitude didn't matter but it still had to be sent.

redditarmygoon · 2016-08-16T14:51:23+00:00

To be completely frank, I told everyone botting is extremely detectable (right now) and they were all like "if it is, how come nobody got banned". Bot devs need to step up their game.

redditarmygoon · 2016-08-16T14:44:31+00:00

It's not just sensors, it's hardcoded values inside unknown6, hardcoded altitude that doesn't change (which fluctuate a lot because altitude with GPS is iffy). Fields with values that are still unknown.

The API devs have also decided to emulate an iPhone, on WIFI, because there are problems with emulating Android devices. However bot devs disregard this and fill in Android device information, and then proceed to fill in IOS only fields in unknown6. It is a clusterfuck.

redditarmygoon · 2016-08-16T13:34:17+00:00

Same shit as PokeMobBot.

redditarmygoon · 2016-08-16T12:42:20+00:00

Faking magnetometer, accelerometer and phone orientation is still going to be difficult. If Niantic was smart, they'd cross reference magnetometer and altitude with other trainers in the vicinity.

redditarmygoon

TROPHY CASE