When Niantic locked third party apps out of Pokemon GO’s servers, they garnered a lot of ill will from fans because they simultaneously disabled any and all methods of tracking Pokemon. They did so in order to free up server resources so that they could release the game in South America in time for the 2016 Olympics in Rio, but most either didn’t buy it or didn’t care; to them, the game was considered unplayable in its current state. That crowd will be glad to hear that not only have a community of developers and software engineers managed to reopen the API so that third party apps can start working on getting back in, they’ve done it in 4 days time.
The team, known as Team Unknown6, is a group within the /r/pokemongodev sub-reddit which has collectively disassembled Pokemon GO to figure out how it works and reassemble it so that they could enable third-party services to work again, which led Team Unknown6 to discover and break the protection that was keeping third party apps out. Rather than a fundamental API change that broke most of the functions a third party app may use, like what happened with Facebook a few years ago, the change was a security hotfix. It came in the form of Unknown6 which is a bit of code hidden deep inside the game that is used for validation of requests to Niantic servers. This challenging task began with putting together the team which was comprised of 30 people from around the globe, including the team’s leader, “Keyphact.” Once the team was assembled, the process took an entire day just figure out where to begin which was followed by slowly combing through the code until U6 found what they need to crack things. All of this was done while using Discord, a text chat service, making the act all the more impressive. Supposedly, only the official client was able to generate data that would correspond to Unkown6 and make the protection go down, allowing access to the core API. Essentially, Team Unknown6 had to reverse engineer the official Pokemon GO app to look for Unknown6 code, then implement a way to generate it and put that code into third party clients.
The code was eventually found, extracted, and implemented, but the feat was not without its challenges. Outside of having to mess around with the game code and search for Unknown6, then figure out how to implement it, U6 had to deal with copycats and an unruly community, with some even claiming responsibility for finding and exploiting Unknown6 once the team went public with the information. This led to them closing down their Github and locking most non-coder members of their development team out temporarily.