gyathaar
Posts: 25
Joined: Sun Jan 13, 2013 8:41 am
Delivery Date: 17 Jan 2012
Leaf Number: 009107

Re: Carwings API?

Wed Feb 24, 2016 11:58 am

sirfergy wrote:The are no details, I'm curious how they did it with just a VIN.

That is because the DCMID is not really needed in the requests.. you just need the VIN and region code
At least that is the case for the european server..

(decided not to mention it before, but I guess the cat is out of the bag now.. :p )

this url seems to be to return the lat and long btw I guess
(but since I have an old car it doesnt support it and only blank values are returned, or maybe its not enabled yet)

https://gdcportalgw.its-mo.com/orchestr ... S&VIN=XXXX

{"status":200,"message":"success","receivedDate":"","TargetDate":"","lat":"","lng":""}

Rebel44
Posts: 120
Joined: Sat Sep 20, 2014 5:20 am

Re: Carwings API?

Wed Feb 24, 2016 1:06 pm


User avatar
drees
Moderator
Posts: 6193
Joined: Fri Apr 23, 2010 3:51 pm
Location: San Diego

Re: Carwings API?

Wed Feb 24, 2016 1:07 pm

Please see this thread for all future discussion of the CarWings / NissanConnect EV vulnerability:

Nissan LEAF / NissanConnect EV severe security vulnerability
'11 LEAF SL Powered By 3.24 kW Enphase Solar PV

User avatar
DNAinaGoodWay
Posts: 2713
Joined: Mon Dec 17, 2012 1:43 am
Delivery Date: 03 Dec 2012
Leaf Number: 23156
Location: Central Massachusetts

Re: Carwings API?

Wed Feb 24, 2016 2:25 pm

You may find the details here:

Troy Hunt: Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs - www.troyhunt.com
http://www.troyhunt.com/2016/02/control ... n.html?m=1
'12 SL last reading @ 2 yr, 22k, 260 GIDs, 62.35 Ahr

'15 SV w/QC, Mfd 5/14, Leased 8/14, 292 GIDs, 64.38 Ahr when new

@ 25 months, 25k, 267 GID, 56.88 AHr
@ 36 months, 34k, 270 GID, 57.49 AHr


6.72 kW Array

Levenkay
Posts: 423
Joined: Mon Sep 26, 2011 10:01 pm
Delivery Date: 16 May 2013
Leaf Number: 19196
Location: Portland, OR

Re: Carwings API?

Wed Feb 24, 2016 2:32 pm

Fortunately, I'm protected by the fact that on the two occasions I tried to register my two-month-old purchased LEAF with Nissan Connect, the service told me that there was either something wrong with the VIN I entered (transcribed from dash sticker) or, more likely, that Nissan had no record of my having bought the car (other than being financed through NMAC, of course). If I were to send them a scanned image of the purchase document, they'll see what they can do.

gyathaar
Posts: 25
Joined: Sun Jan 13, 2013 8:41 am
Delivery Date: 17 Jan 2012
Leaf Number: 009107

Re: Carwings API?

Tue Mar 29, 2016 11:29 am

joshperry wrote:
flagrantfowl wrote:
joshperry wrote:The most general way to deal with the region code is to use the login operation. It doesn't require the region code and its response contains the appropriate region for the provided credentials.


This doesn't work for me. If I call the login operation (UserLoginRequest.php) with only UserID and Password query string parameters, I consistently get an error response.

For clarity, I tried this:

Code: Select all

https://gdcportalgw.its-mo.com/orchestration_1111/gdc/UserLoginRequest.php?UserId=user%40domain.com&Password=hunter2


It gives me this response:

Code: Select all

{
  "status": -2010,
  "message": "HTTP ERROR",
  "CustomerInfo": {
    "VehicleInfo": {
      "NAVIID": "123456789012"
    }
  }
}


Are you doing something different that lets you log in without the region code?


You're right! I had everything else removed but the region. Hmm, I'll have to set my proxy back up and see how the app discovers that value at registration time.


Seems that sometimes during the last week (didn't work that way last weekend) they added a feature where you (at least I can) log in to the Japan region (NML) no matter from where..

Since the login response returns your real region,. (and a valid sessionid and vin, etc).. you can then use that returned region for further requests for updates and such (only the login request works toward japan region)

flagrantfowl
Posts: 8
Joined: Mon Feb 01, 2016 8:58 pm
Delivery Date: 16 Nov 2015

Re: Carwings API?

Fri Apr 01, 2016 10:50 am

gyathaar wrote:Seems that sometimes during the last week (didn't work that way last weekend) they added a feature where you (at least I can) log in to the Japan region (NML) no matter from where..

Since the login response returns your real region,. (and a valid sessionid and vin, etc).. you can then use that returned region for further requests for updates and such (only the login request works toward japan region)


What URL are you using to connect with the Japan region? I consistently get 404s when I try to access https://gdcportalgw.its-mo.com/orchestr ... equest.php

gyathaar
Posts: 25
Joined: Sun Jan 13, 2013 8:41 am
Delivery Date: 17 Jan 2012
Leaf Number: 009107

Re: Carwings API?

Fri Apr 01, 2016 12:52 pm

They changed the url to /gworchest_0307C/gdc/* instead of /orchestration_1111/gdc/*

there are some changes to the login procedure though.. you need to first do a call to
InitialApp.php
with the param
initial_app_strings=geORNtsZe5I4lRGjG9GZiA (this param needs to also be added to all further requests)

to retrieve a key to encrypt the password with (baseprm)

you then use this key to encrypt the password using Blowfish ECB PKCS5Padding
You then Base64 encode the encrypted string.. and then urlencode the base64 encoded string

the login call is then as before (except the changed url and the added param)

If login is successful you will then find a custom_sessionid in the response that you pass along with further requests

BluesBro
Posts: 6
Joined: Thu Sep 17, 2015 12:58 am
Delivery Date: 12 Aug 2015

Re: Carwings API?

Fri Apr 01, 2016 2:59 pm

Could you possibly post a simple batterystatus and ac/on call as an example? I'm trying to make a simple sh-call on my raspberry pi :-)

gyathaar
Posts: 25
Joined: Sun Jan 13, 2013 8:41 am
Delivery Date: 17 Jan 2012
Leaf Number: 009107

Re: Carwings API?

Fri Apr 01, 2016 3:18 pm

If you want to do it from shell its probably easiest to just one this open source project in php
(I didnt write it, but it supports ac on and off, start charge and check status I believe)

https://github.com/gboudreau/LEAF_Carwi ... onnect-php

Return to “Range / Efficiency / Carwings”