Carwings API?

My Nissan Leaf Forum

Help Support My Nissan Leaf Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
The most general way to deal with the region code is to use the login operation. It doesn't require the region code and its response contains the appropriate region for the provided credentials.

I'm going to cache this at "link" time for my users. I might not even need to store carwings credentials! What would be really nice is if the DCMID changed any time you change your carwings password. That'd force reauthentication of delegated access with a simple password change.

Though bog standard oauth would be preferred, perhaps we could help them make it more secure in exchange for being more open.
 
joshperry said:
The most general way to deal with the region code is to use the login operation. It doesn't require the region code and its response contains the appropriate region for the provided credentials.

This doesn't work for me. If I call the login operation (UserLoginRequest.php) with only UserID and Password query string parameters, I consistently get an error response.

For clarity, I tried this:
Code:
https://gdcportalgw.its-mo.com/orchestration_1111/gdc/UserLoginRequest.php?UserId=user%40domain.com&Password=hunter2

It gives me this response:
Code:
{
  "status": -2010,
  "message": "HTTP ERROR",
  "CustomerInfo": {
    "VehicleInfo": {
      "NAVIID": "123456789012"
    }
  }
}

Are you doing something different that lets you log in without the region code?
 
flagrantfowl said:
joshperry said:
The most general way to deal with the region code is to use the login operation. It doesn't require the region code and its response contains the appropriate region for the provided credentials.

This doesn't work for me. If I call the login operation (UserLoginRequest.php) with only UserID and Password query string parameters, I consistently get an error response.

For clarity, I tried this:
Code:
https://gdcportalgw.its-mo.com/orchestration_1111/gdc/UserLoginRequest.php?UserId=user%40domain.com&Password=hunter2

It gives me this response:
Code:
{
  "status": -2010,
  "message": "HTTP ERROR",
  "CustomerInfo": {
    "VehicleInfo": {
      "NAVIID": "123456789012"
    }
  }
}

Are you doing something different that lets you log in without the region code?

You're right! I had everything else removed but the region. Hmm, I'll have to set my proxy back up and see how the app discovers that value at registration time.
 
Apparently, this is where the region is chosen. I guess we will need build a list for the user to select from.

IMG_8140.jpg
 
Has anyone figured out how to get the DCMID for a second LEAF? I have two LEAFs and while two cars show up in VehicleInfoList/VehicleInfo, only one shows up in Vehicle/Profile.

HAH, nevermind. I just need to pass the VIN of the second car when logging in. So I guess that means for each car you need to login.
 
Here's an article on to hack into anyone's Leaf:

Lousy Nissan LEAF security leaves cars open to online exploitation - Graham Cluley Security News
https://apple.news/AwIENJlb-OTyF6HpAD74VvA
 
DNAinaGoodWay said:
Here's an article on to hack into anyone's Leaf:

Lousy Nissan LEAF security leaves cars open to online exploitation - Graham Cluley Security News
https://apple.news/AwIENJlb-OTyF6HpAD74VvA

Well, damn.
 
sirfergy said:
The are no details, I'm curious how they did it with just a VIN.
That is because the DCMID is not really needed in the requests.. you just need the VIN and region code
At least that is the case for the european server..

(decided not to mention it before, but I guess the cat is out of the bag now.. :p )

this url seems to be to return the lat and long btw I guess
(but since I have an old car it doesnt support it and only blank values are returned, or maybe its not enabled yet)

https://gdcportalgw.its-mo.com/orchestration_1111/gdc/MyCarFinderLatLng.php?RegionCode=YY&lg=en-US&VIN=XXXX

{"status":200,"message":"success","receivedDate":"","TargetDate":"","lat":"","lng":""}
 
Jalopnik article about this issue

http://jalopnik.com/how-the-nissan-leaf-can-be-hacked-via-web-browser-from-1761044716?rev=1456341069387
 
You may find the details here:

Troy Hunt: Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs - www.troyhunt.com
http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html?m=1
 
Fortunately, I'm protected by the fact that on the two occasions I tried to register my two-month-old purchased LEAF with Nissan Connect, the service told me that there was either something wrong with the VIN I entered (transcribed from dash sticker) or, more likely, that Nissan had no record of my having bought the car (other than being financed through NMAC, of course). If I were to send them a scanned image of the purchase document, they'll see what they can do.
 
joshperry said:
flagrantfowl said:
joshperry said:
The most general way to deal with the region code is to use the login operation. It doesn't require the region code and its response contains the appropriate region for the provided credentials.

This doesn't work for me. If I call the login operation (UserLoginRequest.php) with only UserID and Password query string parameters, I consistently get an error response.

For clarity, I tried this:
Code:
https://gdcportalgw.its-mo.com/orchestration_1111/gdc/UserLoginRequest.php?UserId=user%40domain.com&Password=hunter2

It gives me this response:
Code:
{
  "status": -2010,
  "message": "HTTP ERROR",
  "CustomerInfo": {
    "VehicleInfo": {
      "NAVIID": "123456789012"
    }
  }
}

Are you doing something different that lets you log in without the region code?

You're right! I had everything else removed but the region. Hmm, I'll have to set my proxy back up and see how the app discovers that value at registration time.

Seems that sometimes during the last week (didn't work that way last weekend) they added a feature where you (at least I can) log in to the Japan region (NML) no matter from where..

Since the login response returns your real region,. (and a valid sessionid and vin, etc).. you can then use that returned region for further requests for updates and such (only the login request works toward japan region)
 
gyathaar said:
Seems that sometimes during the last week (didn't work that way last weekend) they added a feature where you (at least I can) log in to the Japan region (NML) no matter from where..

Since the login response returns your real region,. (and a valid sessionid and vin, etc).. you can then use that returned region for further requests for updates and such (only the login request works toward japan region)

What URL are you using to connect with the Japan region? I consistently get 404s when I try to access https://gdcportalgw.its-mo.com/orchestration_1111/gdc/UserLoginRequest.php
 
They changed the url to /gworchest_0307C/gdc/* instead of /orchestration_1111/gdc/*

there are some changes to the login procedure though.. you need to first do a call to
InitialApp.php
with the param
initial_app_strings=geORNtsZe5I4lRGjG9GZiA (this param needs to also be added to all further requests)

to retrieve a key to encrypt the password with (baseprm)

you then use this key to encrypt the password using Blowfish ECB PKCS5Padding
You then Base64 encode the encrypted string.. and then urlencode the base64 encoded string

the login call is then as before (except the changed url and the added param)

If login is successful you will then find a custom_sessionid in the response that you pass along with further requests
 
Could you possibly post a simple batterystatus and ac/on call as an example? I'm trying to make a simple sh-call on my raspberry pi :)
 
If you want to do it from shell its probably easiest to just one this open source project in php
(I didnt write it, but it supports ac on and off, start charge and check status I believe)

https://github.com/gboudreau/LEAF_Carwings_EasyAccess/tree/master/nissan-connect-php
 
Back
Top