Is BMW Connected Drive login unavailable again in China? #588
Comments
|
Could be that BMW have changed something in their captcha logic. @Yixi could you help out again please? |
|
Yes, BMW has update the x-login-nonce algorithm again, my Android phone is broken (It's a 10-year-old machine), I will try again after I find an Android phone that can be rooted and after the holiday is over |
Any progress so far? thank you very much |
|
Update to 2024.1,it still unable to log in |
|
目前还是无法登录 |
|
problem not resolved yet. |
|
Sorry, this wasn't supposed to be closed. |
|
For some reason I can't publish the algorithm for nonce (at least not by being the first one to do so). If you want to reverse myBMW, you can use the tool https://github.com/worawit/blutter, which does a complete reduction of the assembly and the method names of dart, and generates a python script for IDA to help with the analysis. Also if you want to login to your China account in home assistant, you can change the part of bimmerconnect api/authentication.py in the HA python lib that gets the nonce to get it from the web interface, and as far as I know, there is a Scriptable script that provides the API for that. |
|
Update to 2024.3.13,it still unable to log in |
|
Yixi can you share maybe share the api you mentioned? |
|
There is an ios Scriptable app script bmw-linker that uses an online API to generate nonce, but the API also takes some encryption measures. https://github.com/worawit/blutter can completely reverse the libapp.so file and restore the original dart method name. With IDA's dynamic debugging and some assembly knowledge, the nonce algorithm can be restored relatively easily. Hopefully someone else will take up this work. Blutter has solved the hard part. Because of some company's business reasons, I cannot disclose the algorithm. |
Yixi doesn't want to disclose the algorithm,no one else can take up this work? |
|
有进展么,目前还是无法登录 |
|
Has this project abandoned the China region? |
|
还是无法登录哦~能用了好心人说一下 |
|
We would love to support, however we cannot reverse engineer the code required for login and new tries to publish the new code seem to result in somehow harsh measurements (see Yixi's answer). If somewhere in the Chinese BMW there is a way/app/website that can extract a However as this is a China-only problem, much of the discussion is in Chinese only and not available to me. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
@Yixi 哈哈,我就是那个bmw-linker的作者,你说的就是我。不是不能发布,是因为发布了就会被大家都拷贝,然后就被封掉了。 |
我是因为公司和 B 公司有合作,所以发出来有一些担心,只能自己用用,搞不懂为啥非要给中国区搞个 nonce |
|
I have built a new API for directly logging in and obtaining a token using a username and password. You can also gradually view the login process at https://bmw.yixi.pro (https://github.com/Yixi/Y-BMW) There is an API provided for generate a nonce. Now the app's verification logic is more complex. The login API is for people with strong hands-on abilities who need to modify the bimmer connect code in the hassio package themselves. The API address is To use it, simply pass in the mobile and password parameters, and you will directly receive the token result after login. 
nonce generation only supports version Manually modify Python code. 
|
|
Hi @Yixi, your web app/api does return a |
|
I didn't manage to test the logic for fetching the refresh token during dynamic debugging (it's quite difficult to trigger the refresh during dynamic debugging). The algorithm for generating the nonce when refreshing the token may not necessarily work. Additionally, there’s a validation for |
|
I agree with you in regards that some people might not want to send their phone/password to a webservice. Therefore I do not want to include it by default in bimmer_connected. However, adjusting as you mentioned will be very tedious, as this will get overwritten everytime there is an update to Home Assistant. Can you check if you are able to implement implemente the changes of home-assistant/core@ea36d14 in a HA dev environment and check if providing your phone, email and refresh token from your website also works? |
|
Hong Kong owner here! #659 I am not sure if related to this issue but if anyone is willing to help please reach out, much thanks! |
|
I tried it yesterday, and the refresh token returned a 401 error. I suspect that there might be some differences between the nonce algorithm (using gcid) and the one used for login (using username). I might need to spend some time debugging with Frida and comparing the content disassembled by IDA. As I mentioned above, it's a bit difficult to trigger the refresh token action on the app side because I need to trigger it to collect debugging information. Or could @cyc56 provide some help? |
|
Ah, I missed the nonce part for refresh tokens. |
|
In fact, there is already one. I won’t paste it here directly, but you can see it in the request calls at https://bmw.yixi.pro/. However, the nonce generated based on the GCID might be invalid now. @rikroe If I resolve the issue with the refresh token nonce, I’ll send you the API email. I’m currently modifying everything locally and logging in every time. I haven’t used the refresh token logic for now because the API validation fails. |
|
I’ve already solved the refresh token nonce issue. The nonce algorithm was consistent because I previously forgot to add the ‘content-type’: ‘text/plain’ header to the refresh token API. A new API has been provided for refreshing the token. Currently, it seems to only work under
|
|
Cool and thanks for your mail! I try to find some time in the next days and throw up a basic implementation. While still private/critical data (phone + gcid) it does not contain the password anymore. Should be used with big disclaimers though. |
|
The latest version of MyBMW has added more validation parameters, and now some interfaces require two random verifications, nonce and x. I have implemented the calculation of nonce and x, and can keep them updated in real-time with MyBMW (provided that the parameters required for the calculation remain unchanged, with only the algorithm part being modified). I can provide a Docker image for anyone who needs it for local deployment. Meanwhile, I have deployed an online API for testing. If no one submits a PR, I can help resolve the login issues for Chinese users during the Spring Festival if I have time. Additionally, I would like to mention that in China, phone numbers and GCID are not even considered private information, which is a serious neglect of privacy in the country. |
|
The current solution does not require reverse engineering of the algorithm, which enhances the real-time capability of keeping up with MyBMW updates. However, there are still some memory leak issues that could potentially render the service unavailable under high concurrency. Therefore, the provided interface is intended for testing purposes only. Additionally, an online interface for calculating the position of the verification code has also been provided: |
So your solution is to run an instance of the MyBMW app (iOS or Android) inside Docker, and then use some hooks to log in through the app to obtain the token? I had considered this approach before, but unfortunately, I don’t have enough knowledge and don’t know where to start. |
2020-2023 年,我的服务直接在 android 虚拟机上运行,并且通过 nginx 暴露到公网。2024 年使用Docker 容器直接运行,无需运行 android。因此提供了自动追踪应用更新的能力以及 token 验证不通过自动回滚的能力。 |
|
I guess a local docker image to get the authorization code could work, that's a great idea! So I would adjust the library not to call BMW for authentication, but a (configurable) local or public API. Could you provide a documentation of the endpoints? I should have some time in the next 2 weeks to adjust both this library and the HA integration. |
If the authorization service, HA, and BimmerConnect are running on the same server, I believe there is no issue with the authorization server directly interacting with BMW. However, if the authorization server acts as a public server, there is a potential risk that the public server's IP might be blocked by BMW. Therefore, it is reasonable for the public server to only handle the computation of the nonce. If the Docker container runs locally on the user's machine, the local service can manage the entire login process. Currently, this part of the work is still under development, and I will refine the related features during the Chinese New Year holiday. In fact, all functionalities have already been developed, but they have not yet been engineered. |
|
Very nice, sound good to me. If you are able to provide this local authorization server in some other git repository (including some documentation and the REST API endpoints), that would be awesome. Should bimmerconnected and the HA library still have both phone/password flow and refresh token flow or just refresh token? |
My goal is to ensure that Chinese users maintain the same workflow as other users. The latest version has been verified, and both the login and refresh processes are fully functional. The only difference is that Chinese users have additional nonce and x in the header. |
|
And you don't want to submit a PR for bummer connected as you fear the nonce algorithm will change too quickly once made public, right? I'll wait for what you can figure out. In the end, for bimmerconnected it is best if we can just do the login for China using HTTP requests (just not using official endpoints). |
Describe the issue
Expected behavior
Is the login issue caused by the inability to implement image verification? Or is it because BMW China adjusted the API?
bimmer_connected.models.MyBMWAPIError: HTTPStatusError: True -
Which Home Assistant version are you using?
core - 2023.12.3
What was the last working version of Home Assistant Core?
No response
What is your region?
China
MyBMW website
Number of cars
Output of bimmer_connected fingerprint
No response
Anything in the logs that might be useful for us?
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: