Breakin 'Em All – Overcoming Pokemon Go's Anti-Cheat Mechanism

Presented at DEF CON 33 (2025), Aug. 9, 2025, 11:30 a.m. (45 minutes).

It was the summer of 2016, and like everyone else, I was out playing Pokémon Go. Except my rural location barely spawned anything interesting. Naturally, I dove into the game's code, reverse engineered its protocol, and built a custom Pokémon scanner. But the story doesn't end there. One day, a switch was flipped, enabling a fancy new anti-cheating feature that locked out any custom implementations. In this talk, I'll begin by exploring how mobile games like Pokémon Go handle communication through specialized protocols—and how I replicated that behavior to build a scanner. Then, I'll walk you through a 4-day hacking marathon where I teamed up with a group of like-minded enthusiasts to overcome the anti-cheating mechanism that nearly broke our scanners. We'll examine how mobile games attempt to thwart such applications, unraveling the anti-cheating mechanism that was deployed by Pokemon Go. We'll explore how we managed, through obfuscated cryptographic functions, unexpected use of smartphone peripherals and hidden protobuf definitions, to break the anti-cheating system and release a publicly available API for the game's protocol. Almost a decade later, the full story is ready to be told. Join me for an inside look at the anti-cheating mechanisms of online mobile games—and how to hack them. References: - [Team Unknown 6 Github and Discord](https://github.com/pogodevorg/TU6) - [Arstechnica Article](https://arstechnica.com/gaming/2016/08/anti-cheat-technology-stopped-pokemon-go-hackers-for-four-days/) - [Blog covering some of the work](https://medium.com/@salqadri/a-peek-into-the-pok%C3%A9mon-go-hacking-scene-68d219134b14)

Presenters:

• Tal Skverer
  In the past decade, Tal turned his hacking hobby into a career. His experience covers reverse engineering, malware analysis, embedded security, web hacking, cryptography, and computational complexity. He also teaches a biannual workshop on assembly, reverse engineering x86/x64, and blackbox research. Tal hold an M.Sc. in Theoretical Computer Science from the Weizmann Institute. Currently, Tal is the Head of Research at Astrix Security, where, among other things, he discovers vulnerabilities in how cloud providers implement connectivity between (and by) non-human identities. Some of things Tal did in a past: Hacked vehicle infotainment systems at his previous job Was a part of the “Unknown6” research group that broke PokemonGo’s anti-cheating system in 2016. Turned a OnePlus 5T whose screen he accidentally broke into an ad blocker for my home network, as well as a meta search engine focused on ultimate privacy. Presented at several conferences including DEFCON, RSAC, BSides, and OWASP chapters. Conducted an open-heart surgery on a (1 month off warranty) Nintendo Switch to replace a defective part, which highlights the importance of the “Right to Repair” movement.

Similar Presentations:

• Black Hat Asia 2015 / Next Level Cheating and Leveling Up Mitigations
• BSidesLV 2014 / Invasive Roots of Anti-Cheat Software
• Black Hat Europe 2014 / Next Level Cheating and Leveling Up Mitigations