You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am no longer working on this as the new API is US-only as I'm in the UK, so cannot even use it or the new app. Please don't ask me questions about it as I honestly can't remember anything.
Nissan Connect EV 2018 API
This is a work in progress, just jotting down my findings from the APK decompile so far. As I can only read the decompiled Java and not MITM the app due it not working in the UK, getting the payload info may take a while. There's loads of API calls so this may not be thorough for a while.
Base URL: https://icm.infinitiusa.com/NissanLeafProd/rest
Battery
GET /battery/vehicles/:vin/getChargingStatusRequest
POST /battery/vehicles/:vin/remoteChargingRequest
POST /battery/vehicles/:vin/cancelRemoteChargingRequest
HVAC
POST /hvac/vehicles/:vin/activateHVAC
POST /hvacSchedule/vehicles/:vin/cancelHVACSchedule
POST /hvacSchedule/vehicles/:vin/createHVACSchedule
POST /hvac/vehicles/:vin/deactivateHVAC
GET /hvacSchedule/vehicles/:vin/getHvacSchedule
POST /hvacSchedule/vehicles/:vin/updateHVACSchedule
Find My Car
POST /vehicleLocator/vehicles/:vin/refreshVehicleLocator
POST /vehicleLocator/vehicles/:vin/getNotificationHistory
Security
POST /remote/vehicles/:vin/accounts/:accountId/rdl/createRDL
POST /remote/vehicles/:vin/accounts/:accountId/rdl/createRUDL
Horn and Lights
POST /remote/vehicles/:vin/accounts:accountId/rhl/createRHL
Misc
GET /remote/securityQuestions
PUT /remote/vehicles/:vin/accounts/:accountId/authorizationInformation
Account Stuff
POST /auth/softLoginforAAS
Can take a query string of ?vin=<vinHere>&subscription=<true/false>
POST Body:
{
"userid": <username>,
"password": <password>,
"country": "US", // Others to come?
"brand-s": "N", // N for Nissan?
"language-s": "en"
}
I tried to authenticate my Canadian account using the API key and stuff posted above, and got a 401 back with invalid API key as well. Anyone know if it works for Canada?
I got most of the calls from the original post working worked for me in Canada.
Not all of the API calls return interesting responses. E.g. often I just get a "success" message in the response.
FYI, the URL changed from https://icm.infinitiusa.com/NissanLeafProd/rest/
to https://icm.infinitiusa.com/NissanEVProd/rest/
And the API-Key required in HTTP headers also changed from f950a00e-73a5-11e7-8cf7-a6006ad3dba0
to bAwSKw0f+p0tG8astBGpvsXmgcWiVWLrh5ejIYg55D+jH1j1Oi3Hsqw21ri0XBJp
It pains me that it is obvious that Nissan are determined to break third party clients. Nothing is gained and it ultimately has the price of hurting their customers.
They recently moved away from having clear-text API key in the source to generate it based on 3 hexadecimal values also in the source. Security through obscurity.
Hi Guilllaume and Tobias,
since 13 September 2021, also the European API has changed. Using pycarwings2.py, I now only get:
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): gdcportalgw.its-mo.com:443
DEBUG:urllib3.connectionpool:https://gdcportalgw.its-mo.com:443 "POST /api_v190426_NE/gdc/InitialApp_v2.php HTTP/1.1" 404 234
DEBUG:pycarwings2.pycarwings2:Response HTTP Status Code: 404
DEBUG:pycarwings2.pycarwings2:Response HTTP Response Body: b'<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL /api_v190426_NE/gdc/InitialApp_v2.php was not found on this server.</p>\n</body></html>\n'
I see that the "My Leaf" App still works, so it seems you have figured out what changed. Can you help me?
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
https://gist.github.com/141ca350445e994e69a70aabfb6db942#gistcomment-3924786
Hello everybody.
I have been trying without success to query the rest service using the new url but I am getting all the time the same error message {"status":404,"message":"INVALID PARAMS"}. Is this because of some header validation like User-Agent or something alike? Cant even login
I haven't been able to get the createRDL, createRDUL, createRHL APIs to work (has anyone?) but I am able to get that functionality with a parallel API that talks to prd.api.telematics.net. I sniffed it from the NissanConnect Services iOS app using mitmproxy, and found that there is a project on GitHub that implements it in Python: https://github.com/KalenXI/NissanConnect. It's a completely separate API that requires its own login process but uses the same username/password as the EV API.
In addition to the basics in that repo, the app works by making a request, getting a service request ID, and polling on that ID. The flow looks roughly like:
Request:
POST https://prd.api.telematics.net/m/remote/accounts/:accountID/vehicles/:vin/remote-door
{
"command": "UNLOCK",
"pin": ""
}
This request/response is repeated until the operation completes. Eventually the status transitions to SENT and finally SUCCESS.
The supported operations appear to be LOCK, UNLOCK, HORN_LIGHT and LIGHT_ONLY. It looks like other Nissan vehicles might support START and STOP for remote engine starts but I don't think the Leaf does.
@BreizhCat I’m sorry, I don’t know as I am in the US. What I have noticed, though, is that in the past few years there has been a divergence in mobile apps and APIs between the US and Europe (perhaps GDPR-related?). So I don’t know if this one will work outside the US but I think it’s worth investigating.
@joeshaw
Thanks for your feedback.
I'm aware about the difference between US & EU. My script is working with the old fashion "API". I don't know why Nissan are splitting API's. Maybe GDPR as you said...
I will have a look deeper in your API to see if possible to use it in EU.
Nissan has introduced a new way getting secrets for the API using Google Firebase Cloud storage. This makes it almost impossible to keep supporting North American vehicles as Nissan can update the secrets stored inside Google Firebase on-the-fly so to speak. These secrets cannot be accessed outside the offical app. Because of this Nissan will be able to "disable or break" third part clients. So using the new secret will only temporarily make clients work again until Nissan changes it. They can do this without updating the official app.
So sadly this is basically the last straw for supporting North American vehicles with third party clients and other integrations.
They save the secret to local storage with the key firebase_config_value. This secret config is located in a Firebase Cloud store. The Firebase Cloud config-key is called welcome_message which is base64 encoded and saved on local storage with the key firebase_config_value. This becomes the new User-Agent-Key.
I think there is little we can do about this sadly without a lot of hurdles. Any ideas?
So it's good bye and farewell to all third party clients and integrations for North American NissanConnect users.
@Tobiaswk Thank you for the writeup, and for all the effort you've done over the years.
Is it impractical or impossible for our apps to authenticate against the Firebase API to get the same info by extracting a credential from the mobile apps?
@joeshaw Thanks appreciate it! It has been my pleasure! ;)
Technically I think it is possible. The main problem is that the Firebase keystore used is normally tied to the application ID or bundle ID on Android and iOS if I'm not mistaken. This means you cannot use the same identifier for a signed app on Google Play or App Store. You would have to create a application with the same identifier and have to remove the official app. You would not be able to publish this app on Google Play or App Store as it clashes with the official identifier. I haven't investigated their Firebase integration in detail. So it's all guesswork. My Firebase knowledge is fairly limited.
So it's definitely something that will need to be investigated.
That JSON file would contain all the necessary OAuth params (except for Scope, which is documented): client ID, client secret, redirect URL, auth URL and token URL) so if they don't have a JSON file I think these OAuth params would be pulled from elsewhere in the app.
No I dont have the JSON file. It seems the North American Nissan app does not have this file. I haven't found it. I only have the values from the FirebaseOptions class instance at this stage.
I have access to all the values needed for the request. I won't post them here. I can get the User-Agent-Key by getting the remote config key-values pairs that contains the welcome_message with the curl above.
Just to update. Nissan North America has yet again today made a new release. 7.3.4. This release uses Firebase Database instead of the Remote Config they used in last release. All only to break third party libraries and clients yet again.
Needs some investigation.
UPDATE;
An interesting tidbit. Nissan's own North American app is broken currently because of the changes they've made.
@Raiden38 7.3.4 - Introduced use of Firebase Real-Time Database to store their “secrets”. On top of that Google’s SafetyNet is now used to secure against “security threats, including device tampering, bad URLs, potentially harmful apps, and fake users”.
They still use Firebase RealTime Database to store their User-Agent-Key HTTP header. They used it to rotate the User-Agent-Key every hour or so. This rotation of the User-Agent-Key was sent in "real time" to all the devices using the official app. They've reverted back from this behavior and now just stores a static User-Agent-Key which actually still works today. My guess is that all of this created adverse effects for the users of their official app. So all of this effort to "block" third party clients hit themselves like a ton of bricks. It's ironic in every sense.
I encouraged all users of My Leaf to write to Nissan themselves. Maybe that also had an effect.
These APIs haven't worked for a while (see Tobias's post above) but it appears that Nissan have moved or removed these endpoints entirely. I now get 404 not found for everything under https://icm.infinitiusa.com/NissanConnectEVProd/rest, although looking at DNS query logs it seems like the iOS app is still hitting that hostname.
Edit: It is now (back to) https://icm.infinitiusa.com/NissanLeafProd/rest
@amaisano No, I've given up on this. The countermeasures Nissan took have pretty effectively blocked access outside of their app. Tobias's blog post linked above goes into some detail on what those are.
I am working on several workarounds for the NA crew, mostly based off notifications/alerts from the Android MyNissan app and/or spoken responses from the Alexa skill (both which cannot be permanently relied on either).
I’ll post more when I have it working better, but here is a sneak peek:
I got most of the calls from the original post working worked for me in Canada.
Not all of the API calls return interesting responses. E.g. often I just get a "success" message in the response.
I used the API-Key provided by @matt.