- lolol

- Andrew has not read my message

- I wonder if after the first 5, he thought "geez, enough already. I'm not reading that"

- Maybe, but I'd have at least clicked thru them to clear the notifications!

- That answers the question of what that hex key is....

- {{FWD: DELETED, 18.10.2017 15:32:37}}
No image needed, every account has a specific guid attached. So every action you do via your scanner I can collect by using your guid.

- Probably.

- This leads me to wonder if there's not a feed from the backend Niantic is unaware of that contains some of this information.

- Whistle Blower:
Hidden stats do not matter when we are hitting the guid from the back end

- The guid part I know about, but getting mod install info as a feed? I don't think the scanner even gets it that way, you have to bring up the portal info in the scanner or in intel - so are they scanning portals constantly?

- Whether they know about it or not, we can verify its existence.

- Jesus fucking christ

- I'm not IT but does that mean they ha E direct access to Niantic server stuff?

- Nope

- This is what I'm wondering - maybe not direct access in but a feed sent out?

- no, they're just picking up every scanner ping worldwide.

When a mod happens, it pings the scanner. Scanner alerts the server that a change has happened. Server scans the portal affected and performs a delta on last known state of that portal. Changes reported.

- Means that β€” yeah

- How? It's not like that is sent as a feed to the scanner or intel.

- virtualized scanners

- This is almost certainly also how cactus works

- Yes, it is.

- I really didn't think mod changes were reported to the scanner that way.

- When you have intel up, portal data is sent every time a portal is modified

- And then you just request data on that portal, simulating a click.

- yeah. If you did a packet analysis on the Ingress process you'd see it

- The scanner has to have some amount of push in order to properly render visual effects like the shield bubble

- You have to piece together two feeds, but no big

- I know reso/cap/status is sent as a feed, I just didn't think mod was.

- Maintain a list of all portals

- And mods

- Then if you see a portal change, retrieve the mod list, and it’s different, you know what happened

- or reso upgrade

- Yep

- "Dear Niantic:

Resistance have an API to the portal network backend. Please hire one of them to make this a resource instead of a disgrace."

- Is it possible for the dev to flag accounts so they won't get banned? Trying not to be too tinfoil hat here but the dev being involved makes me wonder what resources are available to them.

- That's not quite right. The API is what feeds your scanner apps as well.

- I truly admire what they've accomplished from a technical perspective. Set aside the ethics and politics of it, and it's just... really fucking impressive.

- Aye.

- And they're doing it for fun. Imagine what's going on in the real world with people who have a financial motivation. :)

- They just posted a db pull and commit to take it down shortly.

- its perfection

- yeah. this website is going to be...

- oy

- I don't even know

- it already happened

- it was the 1st agent in the list, not the one who responded

- Got em

- and its even better because its my locals

- what happened?

- they hit the guardian

- that they just called out

- wow

- Is this something that WB is talking about in the other channel or am I missing where the info is coming from?

- Erich, could you get a screenshot of stock intel comms on that kill?

- Got it

- Got it.

- Awesome -- thank you, good catch.

- Hahahah!

- I'm calling it anatomy of a hit

- Crazy.

- Oh man we need the play by play ont he website

- Yes please!

- I'm terribly proud of this team.

- That sequence will be very difficult for Niantic to look at and not ban, imo. But they'll find a way to do the wrong thing anyway.

- This is huge.

- I'm so glad it happened before the release.

- Yes, direct evidence of query, request, and action.

- it couldnt happen to a worse asshole

- general has made several of my friends cry.

- what more could you ask for really

- Not much else at this point. :)

- Whoa what? I just woke up from quick a nap

- Something happened already ?

- Agreed, it's pretty damn clever. Too bad what they're doing with it just f**king wrong.

- @JemstarENL, looks like a hit got called in and the hit was made. Direct correlation can be established. Right?

- Sounds like it

- It really is perfect - there's the request for data on a player, then the request for the nearest res, one committs to hitting it in slack but before he can the first player returned goes and hits it.

- where are you seeing this...new screen shots?

- The new screen shots show the requests in slack, then I looked in intel and the hit happened at 15:18 EDT

- Perhaps we will get lucky and get another couple of examples before tomorrow.

- Just finished inputting all 671 names from Riot into a spreedsheet, that includes the bot.

- ok, so this kinda got personal for me. I'd like to sign the about page and have others join me. I'll abide a group decision on it, if we prefer to remain anonymous.

- I would suggest remaining anonymous. There's going to be a lot of pissed off RES and potentially someone without a job over this.

- Agreed. Don't give them a convenient redirect.

- Yep, anon

- Keep it about the data

- Rant in chatter

- website is designed to be anonymous for a reason. Minimize pushback vectors.

I feel you, but trust me, they're going to get the personal end of things too.

- alright.

- Preview

- [[Photo]]

- Whoever has permission to edit, I'm thinking only @Semiotiq let me know and I'll send them access to this so we can make a new tab.

- Question:. Does RIOT functionality mean that they could even locate players solely from hacking? One of the flip flops claimed they could.

- Mod placement yes, hacking only no.

- πŸ‘

- Looks good. If you'd like me to do a light attribution attack on it let me know.

- once I go from private to hidden, yes

- Nevermind, I'm dumb... I have edit priviliges... Sorry

- Unless the brokers have access to Niantic data I can't think of a way they could see hacks.

The only thing remotely close would be if someone were looking at portals via keys through the scanner and XM were missing around the portal.

That would indicate someone without a Lawson/Circle-K enabled is near the given portal; however, it wouldn't reveal who, or whether they're hacking or not.

Long story short, simulating a scanner via scripts seems highly unlikely at best, and still wouldn't reveal much.

- Raw data on names and if giraffes are next to them are not entered into new RIOT tab on the spreadsheet. Please feel free to fix the look of it.

Prev
Next