How to cheat on Ingress (or: sorry Niantic, i cheated)

genymotion

Sorry Niantic, i cheated.

Spoofing location in Ingress is really really easy.
Since i started to play this game, i always played cleanly, but recently  i started to see many episodes of GPS spoofing around me.

It is extremely bad when a player drives for kilometers and kilometers for a field just to see it destroyed by a cheater after few minutes.

So i decided to start an experiment to discover how easy is to cheat and to test the protection mechanisms implemented by your servers.
I discovered that one can cheat very easily and without any needs of technical knowledge.

So let’s see how to cheat in Ingress:

Unfortunately this method works only on Microsoft Windows, because of a issue in OpenGL (i think). If you can make this work under a free operating system, please let me know.

  • visit gmail.com and create a new, fake, free, Google account
  • visit www.genymotion.com and create a new account
  • download Genymotion and install it
  • open Genymotion and click “Add”
  • login with your new account
  • install a new virtual machine (WXGA 10.1 Tablet – 4.1.1 – API 16 – 1280×800)
  • follow this guide to install GApps on the virtual machine: http://forum.xda-developers.com/showthread.php?t=2528952
    You simply need to download two zip files and drag them over the running virtual machine, rebooting after every installation.
  • reboot your virtual tablet and open Play Store
  • log in with you new google account
  • install Ingress
  • before opening it, click on the “GPS” button on the right edge of the window and set your position (you can use the map or insert the coordinates manually)
  • start Ingress
  • Have fun!

I started my experiment in Amsterdam and reached level 5 in just 2 days. I created 100 fields and no one banned or suspended or reported my fake account.

If you are careful and don’t jump too far and too fast, you can do whatever you want.

I was to create a megafield over the France, but i decided to stop that and decided that it was time to publish this.

I think that Ingress is a real revolution, a brand new, brilliant idea that linked the real world to the virtual one.
Ingress started new kinds of social phenomena, making nerds leaving the houses and goes in the streets, talking each others and collaborating for the team.
Ingress created a lot of new relationship and real friendships, even between “enemies”.
What i like most of this game is that it forces you to meet to really enjoy.
This is great.

But then comes the bad aspects..

I really love computer science, and i know well that this kind of software require to trust the clients.
There is no escape: it’s the player that communicates it’s own location, the server can only trust him or not.
But there is much that the server can do to understand if it can trust the user position or not.
It is something that every programmer can do, and certainly Google has the resources to make it.

You could prevent the creation of second accounts by verifying new users and devices with an SMS. This simple shrewdness could have prevented me from cheating and publishing this post.
You could check the accelerometer and the compass to see if them are static or they are moving.
You could check the IP of the client and restrict his playground not in his own city, but at least his region or country.
You could check if the GSM cell matches the provided GPS position.
You could check if the WIFI networks matches the provided position.
You could try to associate user’s speed with his transport.
You could check if the user is moving in a line, through walls and buildings or he is following the shape of the streets.

These are just some suggestions that came to my mind in a few minutes. They won’t make impossible to still fake the location, but surely it would be more difficult.

One thing that surely don’t prevent cheating, is security through obscurity.
I can’t believe that in 2014 someone still believes that this bad practice can really help to make a system more secure.

Open the source of the game, publish it with a Free Software license. Build a public API to access game data, trough well controlled API keys.
The game will be better, like IITC is really really better than the standard INTEL.

The purpose of this post is to ask you, Niantic, to do more against cheaters. Every one knows that something more can be done and every one knows that Google has the power to do it.
So, please, do it.

You may also like...

62 Responses

  1. RamsesV scrive:

    Unfortunately this still works great. Does not look like Niantic was changing sometingAs the author suggests: If you are carefully, not chasing ’round to much you can reach a high level without doing a single step.

  2. ingressAutomation scrive:

    I am cheating with my own client for years I completely reversed the Api and my java client is able to run on any OS but not on Dalvik ATM. All Anticheat mechanisms are currently supported my clients are currently restricted to 1.000 and I plan to support 100.000 in the near future. Liftimr license is 100 USD for my not.

  3. Pauline scrive:

    Congratulations. :) To go above level 2, one needs to verify with SMS. :) You made a difference!

  4. Tuborg scrive:

    Um, yeah, because it’s so hard to get a prepaid card and an old andy phone to get past that SMS verification and then back to the cheat grind? I think most people I see playing this game around here always run around with two phones & two accounts anyway. Using the primary phone as a wifi hotspot makes that pretty much free and twice the bang bang power.

  5. Tomas scrive:

    If someone is cheating. Then cheating itself, no one else. This game is about going out. If someone don’t want to go out, then why want to play this game ? :)

  6. Righteous Ness scrive:

    This “works” for me, but by level 3 or 4, the game realizes something is up and I can no longer hack, deploy resos, etc. Trying to do this to combat against some cheaters in our area. Can anyone help? righteouskillah@gmail.com

  7. x scrive:

    they ban account

  8. Ingress scrive:

    I can not find new virtual machine (WXGA 10.1 Tablet – 4.1.1 – API 16 – 1280×800). In any other a can not flash gapps-jb-20130813-signed.zip. Have you any hint? THX

  9. STOP IT scrive:

    Do not use this. I have flaged Ingress account :/

  10. bib scrive:

    its not working anymore, cant hack.

  11. Name scrive:

    Why cheat like this? Why not go nuts, fly all around the fking world and do the in game stuff?

Lascia un Commento

L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *

È possibile utilizzare questi tag ed attributi XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>