“Pokémon Go” is the latest in smartphone augmented reality gaming crazes. You may have already heard about the game on the news, or seen kids playing it in your neighborhood. To play, players must walk around in the real world with their GPS enabled smartphone, collecting different virtual Pokémon which appear at random spots in the real world, replenishing the virtual items need to collect Pokemon at “Pokéstops” and putting Pokémon to battle at “Gyms”. Pokéstops and gyms are often city landmarks such as popular shops, fountains, statues, signs etc. For those who have no idea what “Pokémon” are: Pokémon are fictional animals from a popular children’s cartoon and comic.
Since the game is GPS based, Stefan Kiese decided to see if he could cheat at the game by spoofing his GPS location using a HackRF software defined radio. The HackRF is a relatively low cost multipurpose TX and RX capable software defined radio. When playing the game, players often walk from Pokéstop to Pokéstop, collecting Pokémon along the way, and replenishing their items. By spoofing the GPS signal he is able to simulate walking around in the physical world, potentially automating the collection of Pokémon and replenishment of items at Pokéstops.
To do this he used the off the shelf “GPS-SDR-Sim” software by Takuji Ebinuma which is a GPS Spoofing tool for transmit capable SDR’s like the HackRF, bladeRF and USRP radios. At first, when using the software Stefan noticed that the HackRF was simply jamming his GPS signals, and not simulating the satellites. He discovered the problem was with the HackRF’s clock not being accurate enough. To solve this he used a function generator to input a stable 10 MHz square wave into the HackRF’s clock input port. He also found that he needed to disable “Assisted GPS (a-gps)” on his phone which uses local cell phone towers to help improve GPS location tracking.
Next he was able to use the GPS-SDR-Sim tools to plot a simulated walking route and see his virtual character walking around on the real world map. A warning if you intend on doing this: Remember that 1) spoofing or jamming GPS is highly illegal in most countries outside of a shielded test lab setting, so you must ensure that your spoofed GPS signal does not interfere with anything, and 2) the game likely has cheating detection and will probably ban you if you don’t simulate a regular walking speed.
GPS spoofing is not new. One attempt in 2013 allowed university researchers to send a 80 million dollar 213-foot yacht off course, and it is suspected that hackers from the Iranian government have used GPS spoofing to divert and land an American stealth drone back in 2011. In past posts we also showed how security researcher Lin Huang was able to spoof GPS and bypass drone no fly restrictions.[Also seen on Hackaday.com]