Bring Pokémon to you with a Rohde & Schwarz signal generator
A team of Rohde & Schwarz engineers have found a new way to hack Pokémon Go, the massively popular app that debuted last month.
The engineers are generating GNSS data with a Rohde & Schwarz signal generator, and feeding the signal directly into the mobile device, making it possible to collect dozens of Pokemon right in the lab.
The team produced a video showing the hack, which has received almost 400,000 views on YouTube, and received coverage from Bloomberg and The Verge.
The Munich-based Rohde & Schwarz team provides the following hardware diagram of the setup:
The team also describes the technical details:
“The setup is a little proof of concept by simulating GPS signals with an HIL — hardware in the loop — interface, which can also be used for a flight simulator or similar applications.
“A R&S-SMBV100A vector signal generator serves as a source to simulate real-life GNSS RF signals. We use a custom PC software with a joystick controller for the ultimate gaming experience *wink* — it may as well be controlled with a mouse. This software streams HIL commands to the signal generator over a LAN interface and interpolates position and velocity changes. The interpolation will be done according to a desired inertia model — pedestrian/car/plain — we actually used a slow car here with a maximum speed of ~15km/h. This is useful, for instance, if you assume that cars will not make 90° turns.
“We set the GNSS coordinates of the signal generator to some arbitrary position in the world and start the HIL mode — this will result in a ban if you jump quickly from Moscow to Sydney! You have to wait a reasonable amount of time in between.
“The signal generator simulates a real-life GNSS RF signal, which is fed indirectly into the mobile phone and to a u-blox M8 GNSS receiver. This is why we use an RF splitter. The losses from antenna to device are roughly 30 dB. We therefore generate a signal of -80 dBm in order to achieve the common GNSS signal strength of -110 dBm at the device. The idea behind the shielding box is to protect the device from the signal from outside. You could also build the setup in a cellar.
“We use the corresponding u-center v8.11 software, which is connected to the GNSS receiver to visualize our current position using a Google Maps plug-in. The u-blox is connected via USB to the computer.
“By doing so, we create a closed-loop realtime GNSS simulation with user feedback and interaction.”
Now R & S can make another fortune selling this setup to those folks who want to hack the game big time. A super business opportunity indeed. Just give me written credit for the suggestion, seeing an idea work out is a great reward.
This was obviously a students project of some kind and not an actual business case. Awesome idea by jumping on the recent Pokemongo hype. Gives them a lot of publicity showing off what they are capable to do with a hardware in the loop setup. Quite impressive!