There's already a commercial product based on a reverse engineered Go Plus - the Go-tcha (https://www.go-tcha.co.uk/). It's based on some kind of fitness band chip.
Yes, but there hasn't been anything open source since the release of the device in 2016. There were a lot of people starting DIY Pokemon GO plus device, but all of them were stumped by the certification protocol.
Now we can build a clone using anything that supports emulating a BLE peripheral (Pi Zero W, ESP32, etc)
I'm surprised (and maybe somewhat... relieved?) that the protection isn't that hard --- e.g. they could've made this far harder with something based on ISO 7816, and yet not increase the cost much.
Referring to Pokemon Go Plus as PGP past the first few paragraphs of the write-up became confusing real fast, though.