You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am no longer working on this as the new API is US-only as I'm in the UK, so cannot even use it or the new app. Please don't ask me questions about it as I honestly can't remember anything.
Nissan Connect EV 2018 API
This is a work in progress, just jotting down my findings from the APK decompile so far. As I can only read the decompiled Java and not MITM the app due it not working in the UK, getting the payload info may take a while. There's loads of API calls so this may not be thorough for a while.
Base URL: https://icm.infinitiusa.com/NissanLeafProd/rest
Battery
GET /battery/vehicles/:vin/getChargingStatusRequest
POST /battery/vehicles/:vin/remoteChargingRequest
POST /battery/vehicles/:vin/cancelRemoteChargingRequest
HVAC
POST /hvac/vehicles/:vin/activateHVAC
POST /hvacSchedule/vehicles/:vin/cancelHVACSchedule
POST /hvacSchedule/vehicles/:vin/createHVACSchedule
POST /hvac/vehicles/:vin/deactivateHVAC
GET /hvacSchedule/vehicles/:vin/getHvacSchedule
POST /hvacSchedule/vehicles/:vin/updateHVACSchedule
Find My Car
POST /vehicleLocator/vehicles/:vin/refreshVehicleLocator
POST /vehicleLocator/vehicles/:vin/getNotificationHistory
Security
POST /remote/vehicles/:vin/accounts/:accountId/rdl/createRDL
POST /remote/vehicles/:vin/accounts/:accountId/rdl/createRUDL
Horn and Lights
POST /remote/vehicles/:vin/accounts:accountId/rhl/createRHL
Misc
GET /remote/securityQuestions
PUT /remote/vehicles/:vin/accounts/:accountId/authorizationInformation
Account Stuff
POST /auth/softLoginforAAS
Can take a query string of ?vin=<vinHere>&subscription=<true/false>
POST Body:
{
"userid": <username>,
"password": <password>,
"country": "US", // Others to come?
"brand-s": "N", // N for Nissan?
"language-s": "en"
}
Nissan has introduced a new way getting secrets for the API using Google Firebase Cloud storage. This makes it almost impossible to keep supporting North American vehicles as Nissan can update the secrets stored inside Google Firebase on-the-fly so to speak. These secrets cannot be accessed outside the offical app. Because of this Nissan will be able to "disable or break" third part clients. So using the new secret will only temporarily make clients work again until Nissan changes it. They can do this without updating the official app.
So sadly this is basically the last straw for supporting North American vehicles with third party clients and other integrations.
They save the secret to local storage with the key firebase_config_value. This secret config is located in a Firebase Cloud store. The Firebase Cloud config-key is called welcome_message which is base64 encoded and saved on local storage with the key firebase_config_value. This becomes the new User-Agent-Key.
I think there is little we can do about this sadly without a lot of hurdles. Any ideas?
So it's good bye and farewell to all third party clients and integrations for North American NissanConnect users.
@Tobiaswk Thank you for the writeup, and for all the effort you've done over the years.
Is it impractical or impossible for our apps to authenticate against the Firebase API to get the same info by extracting a credential from the mobile apps?
@joeshaw Thanks appreciate it! It has been my pleasure! ;)
Technically I think it is possible. The main problem is that the Firebase keystore used is normally tied to the application ID or bundle ID on Android and iOS if I'm not mistaken. This means you cannot use the same identifier for a signed app on Google Play or App Store. You would have to create a application with the same identifier and have to remove the official app. You would not be able to publish this app on Google Play or App Store as it clashes with the official identifier. I haven't investigated their Firebase integration in detail. So it's all guesswork. My Firebase knowledge is fairly limited.
So it's definitely something that will need to be investigated.
That JSON file would contain all the necessary OAuth params (except for Scope, which is documented): client ID, client secret, redirect URL, auth URL and token URL) so if they don't have a JSON file I think these OAuth params would be pulled from elsewhere in the app.
No I dont have the JSON file. It seems the North American Nissan app does not have this file. I haven't found it. I only have the values from the FirebaseOptions class instance at this stage.
I have access to all the values needed for the request. I won't post them here. I can get the User-Agent-Key by getting the remote config key-values pairs that contains the welcome_message with the curl above.
Just to update. Nissan North America has yet again today made a new release. 7.3.4. This release uses Firebase Database instead of the Remote Config they used in last release. All only to break third party libraries and clients yet again.
Needs some investigation.
UPDATE;
An interesting tidbit. Nissan's own North American app is broken currently because of the changes they've made.
@Raiden38 7.3.4 - Introduced use of Firebase Real-Time Database to store their “secrets”. On top of that Google’s SafetyNet is now used to secure against “security threats, including device tampering, bad URLs, potentially harmful apps, and fake users”.
They still use Firebase RealTime Database to store their User-Agent-Key HTTP header. They used it to rotate the User-Agent-Key every hour or so. This rotation of the User-Agent-Key was sent in "real time" to all the devices using the official app. They've reverted back from this behavior and now just stores a static User-Agent-Key which actually still works today. My guess is that all of this created adverse effects for the users of their official app. So all of this effort to "block" third party clients hit themselves like a ton of bricks. It's ironic in every sense.
I encouraged all users of My Leaf to write to Nissan themselves. Maybe that also had an effect.
These APIs haven't worked for a while (see Tobias's post above) but it appears that Nissan have moved or removed these endpoints entirely. I now get 404 not found for everything under https://icm.infinitiusa.com/NissanConnectEVProd/rest, although looking at DNS query logs it seems like the iOS app is still hitting that hostname.
Edit: It is now (back to) https://icm.infinitiusa.com/NissanLeafProd/rest
@amaisano No, I've given up on this. The countermeasures Nissan took have pretty effectively blocked access outside of their app. Tobias's blog post linked above goes into some detail on what those are.
I am working on several workarounds for the NA crew, mostly based off notifications/alerts from the Android MyNissan app and/or spoken responses from the Alexa skill (both which cannot be permanently relied on either).
I’ll post more when I have it working better, but here is a sneak peek:
Nissan has introduced a new way getting secrets for the API using Google Firebase Cloud storage. This makes it almost impossible to keep supporting North American vehicles as Nissan can update the secrets stored inside Google Firebase on-the-fly so to speak. These secrets cannot be accessed outside the offical app. Because of this Nissan will be able to "disable or break" third part clients. So using the new secret will only temporarily make clients work again until Nissan changes it. They can do this without updating the official app.
So sadly this is basically the last straw for supporting North American vehicles with third party clients and other integrations.
They save the secret to local storage with the key
firebase_config_value
. This secret config is located in a Firebase Cloud store. The Firebase Cloud config-key is calledwelcome_message
which is base64 encoded and saved on local storage with the keyfirebase_config_value
. This becomes the newUser-Agent-Key
.I think there is little we can do about this sadly without a lot of hurdles. Any ideas?
So it's good bye and farewell to all third party clients and integrations for North American NissanConnect users.