What is Geoguessr?
GeoGuessr is a web-based game in which players must guess where they are in the world based on clues from the surrounding area. The game uses Google Maps street view to provide images of real-world locations and challenges players to guess their location based on the visual clues provided. After submitting a guess, the player is given a score from zero to 5,000 with a higher score indicating a more accurate guess. Each game played has five consecutive rounds, meaning a perfect game -which is extremely difficult- entails identifying all five exact locations and getting a score of 25,000. Geoguessr has amassed over 50 million players, and this is how I was able to score better than every single one of them.
Now For the Code
The first step in achieving a perfect score was to find the exact location for any given round. Similarly to creating my dinner reservations bot, which you can read about here, I opened DevTools and began searching for API calls that could return coordinates. Because the correct location’s exact coordinates are specific to every individual game played, my first instinct was to observe activity when a new game is created. Upon starting a new game, a GET request is made to the geoguessr API: https://geoguessr.com/api/v3/games/W1SZiwGFd5TQNCEJ. I figured if there were to be a location for game-specific information to be returned, it would be here.
The seemingly random combination of letters and numbers at the end of the URL is the game’s “ID” which is found at the end of the in-browser address bar. With this information, I made a GET request to the endpoint adding my current game ID after “/games”. The JSON response was long and looked like a bunch of nonsense, so I searched for the word “lat” using cntrl + f. Here is what I found:
Bingo! Not only had I found the exact coordinates for my game, but by adding different game’s ID to the end of this API call I could grab coordinates from any given game. However, because each game has five rounds, I needed to return the last pair of coordinates corresponding to the most recent round (the one being currently played). The JSON object formats “rounds” as an array, so I simply used python’s [-1] indexing tool to directly access the last index of the array. I was now able to create a function that returns the coordinates of the latest round for any game being played, taking the gameID as a variable:
Now that I had the exact location of every round, I needed to automate the action of submitting a guess. By making the coordinates of my guess the same as the coordinates returned from my function above, I could ensure a perfect 5,000 score for every round. Observing network activity when clicking “guess” in-game led me to a request being sent to the same /games endpoint as earlier, but this time a POST request was being sent. In the payload, as expected, were fields for the gameID and the coordinates of the user’s guess. I had to write a function that would get the returned values from my previous coordsfunction and pass them into the payload of this new request. Then, I would have to send the POST request to the /games endpoint using that payload. This would complete the action of placing a guess with the exact coordinates. Here is the function for sending a guess:
The _ncfacookie in the request header is simply a static value used to confirm that a valid user is logged in for each request sent. Due to its static nature, I was able to locate its value in the request header cookies from any valid request sent from the Geoguessr website. I could then add it to my own request headers because I know that its value will never change. To finish the script I checked the status code of my requests to ensure that a 200 code was returned, signifying a successfully placed guess. From here all that was left to do was to make the function run 5 times:
And there we have it, a Geoguessr bot that guesses the exact location in seconds.
And here is the code in action:
