Protobuf structure for MapCells has changed

[JSchwerberg]

An update today caused the Protobuf structure for Mapcells to change -- looks like it is now in a tuple (?)

Proto files need update to reflect.

PLEASE KEEP THIS ISSUE THREAD ON TOPIC
ie donations/thankyous/unrelated questions/flaming etc.

Thankyou

[broach]

Please stop posting nonsense.

The repo people are linking to without knowing how to program / understanding it is a change to a bot's code to have their own internal method return a tuple of everything in one call. The first item in the tuple is the MapCell proto.

THAT PROJECT USES THIS REPO FOR PROTOBUFS FFS

[JSchwerberg]

You're right, all three of those projects that linked here for the same issue changed their internal method to return a tuple of everything in one call. Then all of those devs (myself included) magically forgot, and decided to trace the problem all the way back to here, just for you to comment and tell us that. My hero, @broach. <3

[JSchwerberg]

Someone dumped the changed protobuf Responses here -- this may be useful if anyone understands Protobuf well enough (I don't) to make a PR to fix this.

[Trolldemorted]

how reliable are the sizes of types in that dump?

This looks like a pokemon spawn:

100 {
  1 {
    1: "030a3476-668a-47fb-95ed-2bcfc5c15637/1467338129695000"
    2: "pm0094"
    3: 1467338129695000
    4: 0x4111e825
    5: 401141
    6: "\r\014\222M\355\223\257\222\366\0222\200G\"\267\244"
  }
[...] 

so i guess the interior values are:

1: some sort of id (?) + timestamp
2: pm+pokedex id (94 = Gengar)
3: same timestamp
4: spawnpoint_id (?)
5: time till hidden in ms (?)
6: unknown

and since i assume lat/lng are transmitted, it would make sense to me if they were in 6.

edit: some person on reddit said that that is no get_map_objects response, and states that the responses did not change.

[justMaku]

That's correct, responses did not change, they just figured a way to distinguish between real app and 3rd party API clients.

We're probably not sending some fields (I'd wager on Unknown6 message) at that's how they know not to serve us any Pokemon.

[tcmaps]

"030a3476-668a-47fb-95ed-2bcfc5c15637" is a GUID

[Trolldemorted]

@justMaku it should be rather easy to test unknown6 if you got a working mitm proxy at hand - just change the value to something arbitrary and check whether you see pokemon or not, or am i missing something?

[justMaku]

@Trolldemorted that's correct, i'm running iOS though so it's much harder to get MITM proxy to run.

[justMaku]

@BoBeR182 please stop reposting random things that you find on the internet because that's not correct and you're just confusing everyone.

[trisk]

@BoBeR182 you are definitely posting in the wrong issue

[trisk]

I have a working MITM proxy. Are we talking about unknown6 in the RequestEnvelope?

[justMaku]

@trisk correct, from what I've seen none of the available API clients send that value. There's probably some reverse engineering work needed to be done on the client to know what that value actually stands for though.

[justMaku]

Also @trisk It'd help us all greatly if you (or anyone else with MITM setup) would publish a whole dump of the tcp stream from login up to map update received.

[0xAcid]

@justMaku, I'll work on it. So, you need connection up to the moment I see my trainer on the map right ?

[waryas]

https://gist.github.com/trisk/8e0ec7203e637f25274c19e4b309c6b5

[trisk]

Also binary dump of requestenvelopess and responseenvelopes from another session in single file: https://drive.google.com/file/d/0B2BOEbAy3h0hT0ZadDhYUW03QWM/view?usp=sharing
(Sorry, no delimiters between requests and responses)

[trisk]

Gonna try modifying unknown6 now that I verify I can reserialise the envelope.

[justMaku]

That binary dump is what I've been looking for, unfortunately can't use it much without the delimiters :/

[ur0]

@Trolldemorted, that's an asset digest.

Here's actual GET_MAP_OBJECTS output

  1 {
    1: 4316619620929765376
    2: 1470268521140
    5 {
      1: 0x4345ce401e3458bd
      2: 1470268521140
      3: 0x40333734b2cb8f27
      4: 0x405233faa7b2c695
      5: "3be7b6acc39"
      7 {
        2: 127
      }
      11: 201392
    }
    5 {
      1: 0x362864505220174d
      2: 1470268521140
      3: 0x4033371d27242400
      4: 0x405233faa7b2c695
      5: "3be7b6ace9d"
      7 {
        2: 118
      }
      11: 570144
    }
    5 {
      1: 0x7d0aead003ebd3cd
      2: 1470268521140
      3: 0x4033372e3af9373c
      4: 0x405233f92473c567
      5: "3be7b6acc3d"
      7 {
        2: 13
      }
      11: 422112
    }
    10 {
      1: "3be7b6acc39"
      2: 0x4345ce401e3458bd
      3: 127
      4: 1470268722532
      5: 0x40333734b2cb8f27
      6: 0x405233faa7b2c695
    }
    10 {
      1: "3be7b6ace9d"
      2: 0x362864505220174d
      3: 118
      4: 1470269091284
      5: 0x4033371d27242400
      6: 0x405233faa7b2c695
    }
    10 {
      1: "3be7b6acc3d"
      2: 0x7d0aead003ebd3cd
      3: 13
      4: 1470268943252
      5: 0x4033372e3af9373c
      6: 0x405233f92473c567
    }
    11 {
      1: 10
      2: 0x43480000
      3: 0x10849a8fe721be8d
    }
    11 {
      1: 98
      2: 0x43480000
      3: 0xde6a3fdfaa2e7b9d
    }
    11 {
      1: 127
      2: 0x43480000
      3: 0x4345ce401e3458bd
    }
    11 {
      1: 118
      2: 0x43480000
      3: 0x362864505220174d
    }
    11 {
      1: 129
      2: 0x43480000
      3: 0x26b6ea801fbfd1fd
    }
    11 {
      1: 13
      2: 0x43480000
      3: 0x7d0aead003ebd3cd
    }
  }
  1 {
    1: 4316619614487314432
    2: 1470268521140
  }
  1 {
    1: 4316619616634798080
    2: 1470268521140
  }
  1 {
    1: 4316613745414504448
    2: 1470268521140
  }
  1 {
    1: 4316613738972053504
    2: 1470268521140
  }
  1 {
    1: 4316613741119537152
    2: 1470268521140
  }
  1 {
    1: 4316613736824569856
    2: 1470268521140
  }
  1 {
    1: 4316619644552085504
    2: 1470268521140
  }
  1 {
    1: 4316619646699569152
    2: 1470268521140
  }
  2: 1
}

1.5 now seems to contain the pokemon info, 1.5.7.2 is the Pokemon ID.

[trisk]

Login doesn't get far with empty unknown6: https://gist.github.com/trisk/ec3db5c41fa6d1d74c64a33664632c0a

[cyraxx]

@ur0 That's the same as before, 1.5.7.2 has always contained Pokemon ID.

1 = GetMapObjectsResponse.map_cells
5 = MapCell.wild_pokemons
7 = WildPokemon.pokemon_data
2 = PokemonData.pokemon_id

[trisk]

@justMaku Split all requests/response envelopes into separate files, ordered by time: https://github.com/trisk/pkre-dumps/tree/master/dump1

[0xAcid]

If this is of any use, I used apktool to get .smali of apk 0.29 and 0.31 and then made a diff of all the files.
You can access the diff here : https://gist.github.com/Axi0m-S/2ec2c74a26c722440f371ab46c45eb5d
It might help someone that know .smali better than me.

---

EDIT : Another Diff for dex2jar-red files : https://gist.github.com/Axi0m-S/a1298143654d64021f13cca126447d40 if that is of any interest.
could that :

"> getTrustManager(java.lang.String java.security.KeyStore )"

be something useful ? concerning request signing etc.

[FabianTerhorst]

I don´t see any big changes between the last release. FabianTerhorst/PokemonGo@22ee9af

[Saicheg]

could it be something that lives on unknown6 field?

FabianTerhorst/PokemonGo@22ee9af#diff-c4b70be9b0036965856ebbd284eae545R41

[trisk]

I just verified that replacing unknown6.unknown2.unknown1 with a pattern of the same length produces the empty cell info.
Leaving it alone I get the correct GetMapObjects response.

[FabianTerhorst]

can you stop talking about buying hacks?

[Someone45]

I will delete my comments. Sorry I knew it was off topic its my fault

[brunoamancio]

This has just become facebook.

[Sharke]

@FabianTerhorst

Why don't you stop talking about him all together. Also werent you one of the people dickriding him last night anyways? It's funny how everyone see's through his shit now but when I said something I was labeled a troll.

@brunoamancio
You're also adding nothing of value by making comments like that.

[Someone45]

@Sharke I have a question. Do you think what @DarkCodedDragon said can work? I am willing to buy it to help you guys out.

[brunoamancio]

I don't think the issue is about having to buy it. The problem is that people want to solve the issue and share it instead of financially benefiting from a game hack.

[Sharke]

I don't really want to discuss the subject of Mila or his bot anymore but IF (I've not yet seen that he actually has a working bot) he does have a working bot that would mean it has to be sending valid requests. In theory it MIGHT be easier to Reverse Engineer his bot to see how he is forming his request than trying to do it directly from the pokemongo bin. If for example his bot was in .NET it would be trivial to RE it.

All that said there's core assumptions
A. He has a working bot.
B. The issue even is unknown6 (We're all pretty certain but just to be devils advocate for all we know we could crack unknown6 and it could change absolutely nothing)

[Blackbird594]

@Sharke pls stop trolling,lets keep this thread clean..

[Sharke]

@Blackbird594 Dude where am I fucking trolling. Please quote me where I'm 'trolling' we clearly have very different definitions. I've posted more valid information than you have your entire time in this issue.

[Someone45]

@Blackbird594 No one here is trolling.

[Someone45]

For the time being I will research for working bots and if one does work I will post it immediately.

[Sharke]

@pokegirl0

No.

[keyphact]

I know this is quite immature of me, but for someone that hasn't had sleep in almost two days while trying to manage the clusterf**** of people IMing me, Emailing me, and outright just being unpleasant to me, for trying to bring some type of order to /r/pokemongodev Reddit and Discord.

.
..
...
....
.....

This github issue is actually making my day. 🎉

[Someone45]

Hi @keyphact I am also in your discord channel :)

[ActuallyTrent]

@keyphact At least everything has been interesting.

[Someone45]

@pokegirl0 Try it out yourself

[Sharke]

@keyphact
I'm glad I could help make a positive impact!

@pokegirl0
I don't know how to even reason with that logic. A banner was removed so it MUST be working.

[Someone45]

@pokegirl0 There is a cracked version but I will try it now then.

[Sharke]

/facepalm

[Someone45]

lol. It still has the banner in the website.

[monoxacc]

delete YOUR git account plz

[Someone45]

I will go back to solving the problem.

[0xAcid]

I saw some guy wanted to buy bots/maps. @pokegirl0 is just a scam trying to sell its stuff. He/She was doing it earlier this day (I think its posts were deleted).
Don't buy any stuff. People are trying to make money out of this bug selling "working" tools.

[Someone45]

You have to be signed in an account to see banner.

[Sharke]

If anyone buys pokemon go bots at all they're a moron.

[brunoamancio]

Might be useful:
https://www.reddit.com/r/pokemongodev/comments/4w4r7d/unknown6_analysis/

"its allready known, that the 32byte header is srand48 initialized with the current time."

[DrBrad]

Is there for real? I mean you guys could just make a simple private chat to remove them from this.

[shaitand]

/ignore pokegirl