Pokemon Go GPS Cheat (If You Don’t Fear Getting Banned)

Pokemon Go inherits a certain vulnerability to GPS location spoofing from it’s predecessor Ingress, but also the progress that has been made in spoof detection. Since taking advantage of a game’s underlying mechanisms is part of the winner’s game, why not hook up your smartphone to Xcode and see if you can beat Niantic this time? [Dave Conroy] shows you how to play back waypoints and activate your Pokemon Go warp drive.

The hack (therefore the Monospace) is based on the developers toolkits on Android and iOS, and also the easiest way to get banned from the game. On an Android smartphone, you need to get one of the many GPS spoofing apps from the Play store, repeatedly tap About phone to activate the developer settings and select that app as GPS spoofing source there. As [Max] points out in the comments, you may also need to install the mock mock locations Xposed module, which requires a rooted device. In iOS, you can (probably) also install a spoofing app through Cydia, although the easiest way without jailbreak is creating a new iOS app in Xcode (or any iOS application you have at hand) and build it to the phone. While in debugging mode, you can then load a *.GPX-file, which is simply a text file containing GPS waypoints in the XML-based GPS Exchange Format:

<gpx>
  <name>My waypoints</name>
  <wpt lat="34.143895" lon="-118.151556">
    <name>SupplyFrame, Inc.</name>
  </wpt>
</gpx>

You can also create timed routes:

<gpx>
 <name>My tracks</name>
  <trk>
    <name>Some track</name>
    <trkseg>
      <trkpt lat="34.143657" lon="-118.152368"><time>2016-07-18T00:00:00Z</time></trkpt>
      <trkpt lat="34.144502" lon="-118.152368"><time>2016-07-18T00:01:00Z</time></trkpt>
      <trkpt lat="34.144490" lon="-118.150470"><time>2016-07-18T00:02:00Z</time></trkpt>
      <trkpt lat="34.143654" lon="-118.150455"><time>2016-07-18T00:03:00Z</time></trkpt>
    </trkseg>
  </trk>
</gpx>

The file is loaded via Product -> Debug -> Simulate Location -> Add GPX file to project, as shown in the video. This makes the waypoints or tracks available from the Simulate Location menu. From there, you then can then teleport your phone to the defined locations, or take it for a walk along the tracking points.

While the video is more a tutorial on how to get banned from the game than anything else, we’re not here to judge you if you try it. In the contrary, we’d actually love to see an implementation that catches ’em all without falling over the various strings Niantic has put in place, effectively turning GPS spoofing into a game of its own. Check out the video below to see [Dave Conroy’s] approach.

Oh, and did we mention this is probably get you banned? Can’t stress this one enough.

75 thoughts on “Pokemon Go GPS Cheat (If You Don’t Fear Getting Banned)

  1. It’s not quite that simple on android since apps can check whether they’re being handed a spoofed location. You have to install Xposed (which requires an unlocked bootloader and root iirc) then install mock mock location which hides the state of the mock location setting from apps. Might wanna update the article to reflect that.

        1. Go to settings>developer>allow test locations >off if done correctly you can play anywhere now you might want to download disable service from the plastered and turnoff fused location services whenever you play pokemon go, ban risk is high but is only couple hours at its worst happy playing ;)

          1. notrealemail… you’re not understanding him. We do not have that option in our developer settings. There is no point on clicking on the version number when we’re already in developer mode! That option to allow test locations does not exist. Only the other one – which as Andres said, leads to the failed detection message.

    1. You seem to know a lot about this stuff. Do you think if someone made a Bluetooth “GPS receiver” that transmitted spoofed locations to the phone, and set that as the GPS source on the device, that would be harder to detect and ban? Software-wise there would be no funny business on the phone this way.

        1. I tried this last night and the Android App doesn’t let you use external GPS units anymore. They obviously cottoned on to the fact people were doing this, I tried a Bluetooth android GPS location spoofer (separate phone) and a Windows based one with a Bluetooth connection. It seems the only way at the moment is to Root your device.

          1. That was going to be my first method to attempt after just trying mock mock and spoofer on a gps-less sbc. Have to wonder if a usb “GPS module” would work.

            Just remember, if your GPS says you are moving then the accelerometers and gyro and compass need to say the same.

      1. I did some investigation into this, it’s possible to get apps that take NMEA strings from a Bluetooth GPS receiver but they typically require Mock Locations to be activated, which the game doesn’t like.

        What would be nice is if someone could create a system app (naturally, root users only) that can take this feed and parse it verbatim as a legit location. The GPS receiver on my 3 year old Android handset has slowly been getting worse, where now if I’m simply holding the phone in my hand with a clear view of the sky I get a poor fix, if at all sometimes.

        There are apps out there like Fake GPS Location in the Android Marketplace that allow you to hard-set your location (this is what I’d consider cheating) which reportedly do work if you convert it to a system app, what I’m hoping for is someone to do the same for a Bluetooth GPS app that doesn’t require mock locations to be activated.

        I would actually pay for that functionality (albeit no more than 10 dollars, 5 preferred).

    2. I tried to use FakeGPS but it works for like 4 seconds and then in warps me back to my actual location and then it goes back to where I wanted to be. Its installed as a system app. (I have a rooted one plus 2) pls help

    1. I’m not sure how you would even begin to spoof AGPS servers, I’m sure there are internal checks by the AGPS subsystem in the actual phone OS which discard overtly dissonant results.

      Well the GPX file dupe is essentially a fake GPS device, in software debugging.

    2. Chances are that they use a “reasonable” number of bits to tell you your offset.

      i.e. likely offset is not going to be more than 10m, so we use 16 bits, 6 bits before, 10 bits after the meters-decimal-point. That way you can code offsets up to 32m in either direction accurate to 1mm.

  2. I wonder if how easily you could spoof the location on an Android by taking advantage of Google’s location services. I know it’s a “self healing” system, as in it will tell Google where a WiFi router is located based off the GPS. So it seems that you could take a hotspot to a location, use that with your phone GPS on and let Google log the coords. Then use it back at home without your GPS on so that it would rely on Google’s stored location for the mac addressof your hotspot. Since apps have no issue using Google’s “high accuracy” WiFi based GPS.

  3. I’ve been thinking of using SDR to spoof the GPS signal. Maybe add a motor or two to confuse the accelerometer and compass. I’d love to find out what it takes to fool them, but I’m not going to do that on my own phone :)

    1. I don’t see what it would do to your phone? If you have an RT capable of harming it’s GPS antenna, it’s probably going to do more than damage just your phone.

      You’d just need to have RTs that can encode onto the UHF band and a way to continuously update it (as if it was that simple). I understand there’s even some SDR software that takes care of most of what is needed to spoof a location.

  4. I tried one of the many GPS spoofing apps from the Play store. Does not work on a normal phone on it’s own.
    And i don’t want to root the phone just for pokemons.
    Since the game does not play well (or even start) on my mobile data connection, i was wondering if it might be possible to spoof the location with some cheap SDR device ?

    1. The ‘cheapest’ I can think of are the hackRF and bladeRF for 300 and 420 USD, respectively; although the bladeRF was on sale for 200 just a bit ago. In a couple of months the LimeSDR should join that list, also at 300 bucks.

        1. Yeah, it does. Just need to write something that lets me control it more easily. Right now it’s not very real-time controllable. Some app that would let you click a path together and then walk along it at some speed… :p

  5. Meh, I don’t care about Pokemon Go… but I wonder if guys at Nintendo are using the game to create Lemmings with real people. Next thing you know players will get a mega rare Pokemon on top of a huge pyramid, but they have to build it first, or something. Or if Nintendo doesn’t like a certain store or place, throw a Pokemon there and it will be like a DDOS with humans.

    Well, I do care about Pokemon Go, but not in a way like others. I wonder if Nintendo (or whoever made the actual game) is hiring… ;)

  6. NOBODY got banned in Ingress for doing this unless they went to the middle of nowhere to make huge fields. It was full of cheaters. And Pokemon Go will be the same story. They’re not even using the new spoofing detection on Android now. They never cared about cheating on Ingress.

  7. Anyone else notice that Pokemon Go for Android fires up an LTE connection for a few seconds on occasion, even when on Wifi? Does LTE have some location information that can cross-check the GPS to detect spoofing?

    1. It would be able to get Cell Tower info that way and, I assume, cross reference it with your GPS data to make sure you are not connected to a tower in Seattle but catching Pokemon in London. If they are not implementing this anti-cheat they should.

  8. I’m surprised we haven’t heard of someone taking an emulated phone (as is common with android development) and tried installing Pokemon Go. With one such phone, it runs entirely on your computer and you have control over everything from position to Bluetooth to battery level.

  9. I have never seen this GPS bug in Ingress bug I have seen this massive GPS bug in pokemon.
    It placed my phone in the middle of a 50meter wide dock which would have been useful if squirtle had been around that day, but alas it took that day off :(

  10. The more protection they add the more power people who can actually reverse engineer and program have. For example I have a 0.29.2 .apk that is patched to display lat-long of a selected pokemon(if it’s in the tracker the lat-long is in the structure). Their security is load-signing, tls, and hashed resources where the hashes come from the server on-load and some binary obfuscation using a public obfuscation. They’ll add more obfuscation soon and run out of security improvements; maybe do some byte-signing or byte-VM if they have any talented coders.

    You control client updates it’s not like they can slip in new ban-tech. Streaming byte-code violates Google policy.

    1. Hmm seems it’s not looked down upon anymore they have “intent” and “StartActivity” and only enforce signing unless disable by user. Go isn’t doing this though and you can just patch a watch thread in to catch it..

    2. There is a MITM repo on GIT for POGO it just uses the cert store to get past TLS. This game is basically cheated and they can only detect with statistics profiling..

    1. Like the others, including MITM with modded TLS cert, the second they update with trivial checks the ban hammer cometh. The only real solution is actually binary reverse engineering where you look for checks and inline patch them. If you do this with updates before you install you can use any method(easier than patching in a lot of functions) and guarantee you never get detected. Unless of course they start doing statistical flagging then you also have to intelligently code timers.

  11. I have a problem. I have installed FakeGPS as a system app and it works wierd. It worksat the beginning but it warps me back to my actual location and then it goes back where wanted to be with the FakeGPS app. Pls help (i have a rooted one plus 2)

    1. I found the solution, hope this helps

      “If your GPS is jumping around from your real location to the spoof’d location non stop every few seconds here is a fix you can try. I’m on android had this problem for a while and it was super annoying and got me soft banned a few times.

      Go to settings –> Location –> Mode

      Make sure it is set to device only. Go check on the scanning tab and make sure WiFi scanning and bluetooth scanning is turned off

      install an app from play store called DisableService and allow root (obviously)

      Search for the service “Fused Location” under System tab and disable the service

      Reset Phone.

      Turn on FakeGPS. make sure update interval is < 100, Accuracy is 1

      This should fix the jumping around Make sure to turn everything back to normal if you need Google services / GPS again! otherwise nothing works

      update: if it doesnt work, have you tried installing Xposed Modules and download "Mock Mock locations / Hide mock locations" and tell me if it works. LG and Samsung phones seem to have issues as another service apart from the ones I named is causing location sniffing

  12. In Android you can install GPS Guider 3 and run tour own routes. Always wity xposed and root. The next versión of this app will let you build your routes without google earth.

  13. [Root required] Works great on Android and you can tilt your phone to walk around in Pokemon Go where ever you want. Just start in an area close to you and walk on realistic paths to avoid being detected. Then have fun exploring the whole area :)

    https://play.google.com/store/apps/details?id=havefun.fakegpswalking

    (Disclaimer: At the moment the worst that can happen is a few hours of soft-ban. I take no responsibility for anyone getting banned using this app. But I use it myself and it works great.)

  14. guys its really simple on android, download fakegps install it, download lucky patcher, install it, in LP change fake gps to a system app, restart, then in fakegps settings enable expert mode, done, you can jump around without getting banned as long as you do it in short distances and not jumping from chicago to japan or some crazy shit, if you want a joystick to tap to walk download gps controller, mand do the same thing with LP making it a system app, done

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s