A Wild Captcha Appears To Take Down Pokémon Go Botting For Good

With daily active users plummeting fast and Niantic cracking down on botters with “great vengeance and furious anger”, it was bound to happen. Pokémon Go Botting is officially dying, though not fast enough for Niantic who has had enough of the MyGoBots and NecroBots. In the past two weeks it has permanently banned all accounts that were showing suspicious activity telling of GPS spoofing or automated play. Appeals can be lodged to reactive your account but it can take weeks for that to happen. Bots have also been shutting down after this series of bans became widespread. In the latest update of Pokémon Go, Niantic has gone further and added a classic counter to the botting problem, a captcha. Cqit3ERW8AA-ND5-169x300

A captcha can be found on basically any site on the internet when you sign up for an account or when you download a song or a video file, etc. It’s just some squiggly lines covering some text that you have to enter in a box and press Enter. Or sometimes it’s just putting a check mark in a box saying “I’m not a robot”. Since bots aren’t smart enough to detect fuzzy images yet, this works really well. In the update, “a wild captcha appears” every time suspicious activity is detected on an account.

The decompiled source code hints at how the mechanism works. It mentions three names: “CaptchaService”, “CaptchaGuiController” and “CheckChallengeProto”. Screen-Shot-2016-08-23-at-15.00.21

However, the botting community is working on a fix for this as well. But this time Niantic came prepared. Like a more mature Ash Ketchum after his battle with Brock, they’ve juiced up their software to take on whatever’s thrown at them. The official API encryption called “unknown6” has changed again. Last time it took the botting community 2 days to crack it.

Upon closer inspection, the captcha used was found to be Google’s reCaptcha. The thing tracks user actions during, before and after they tick the “I’m not a robot” option so it’s very difficult to get around it. And then if you get a fuzzy image you’re toast. A bot can do little to nothing for that. So you’ll basically be clicking and typing all the way through your botting spree and still risking getting banned for it when you’re done. It’s probably better to stop now and play the game legally.

The update v0.35.0 is already out on Android and on iOS (v1.5.0).

Pokémon Go Is Losing Users Fast

Pokémon Go has, for all intents and purposes, peaked around the world. The breakout app of the summer which had 45 million active users at its peak is pattering out. Now to be fair, it has lost only 15 million users and is still at around 30 million. And that number has come down after almost two months. Considering that most apps lose around two thirds of their users in the first few days, that’s impressive. It managed to retain the attention of people worldwide to such an extent that it made headlines everyday for a month and even got banned by a few countries.