You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am no longer working on this as the new API is US-only as I'm in the UK, so cannot even use it or the new app. Please don't ask me questions about it as I honestly can't remember anything.
Nissan Connect EV 2018 API
This is a work in progress, just jotting down my findings from the APK decompile so far. As I can only read the decompiled Java and not MITM the app due it not working in the UK, getting the payload info may take a while. There's loads of API calls so this may not be thorough for a while.
Base URL: https://icm.infinitiusa.com/NissanLeafProd/rest
Battery
GET /battery/vehicles/:vin/getChargingStatusRequest
POST /battery/vehicles/:vin/remoteChargingRequest
POST /battery/vehicles/:vin/cancelRemoteChargingRequest
HVAC
POST /hvac/vehicles/:vin/activateHVAC
POST /hvacSchedule/vehicles/:vin/cancelHVACSchedule
POST /hvacSchedule/vehicles/:vin/createHVACSchedule
POST /hvac/vehicles/:vin/deactivateHVAC
GET /hvacSchedule/vehicles/:vin/getHvacSchedule
POST /hvacSchedule/vehicles/:vin/updateHVACSchedule
Find My Car
POST /vehicleLocator/vehicles/:vin/refreshVehicleLocator
POST /vehicleLocator/vehicles/:vin/getNotificationHistory
Security
POST /remote/vehicles/:vin/accounts/:accountId/rdl/createRDL
POST /remote/vehicles/:vin/accounts/:accountId/rdl/createRUDL
Horn and Lights
POST /remote/vehicles/:vin/accounts:accountId/rhl/createRHL
Misc
GET /remote/securityQuestions
PUT /remote/vehicles/:vin/accounts/:accountId/authorizationInformation
Account Stuff
POST /auth/softLoginforAAS
Can take a query string of ?vin=<vinHere>&subscription=<true/false>
POST Body:
{
"userid": <username>,
"password": <password>,
"country": "US", // Others to come?
"brand-s": "N", // N for Nissan?
"language-s": "en"
}
That JSON file would contain all the necessary OAuth params (except for Scope, which is documented): client ID, client secret, redirect URL, auth URL and token URL) so if they don't have a JSON file I think these OAuth params would be pulled from elsewhere in the app.
No I dont have the JSON file. It seems the North American Nissan app does not have this file. I haven't found it. I only have the values from the FirebaseOptions class instance at this stage.
I have access to all the values needed for the request. I won't post them here. I can get the User-Agent-Key by getting the remote config key-values pairs that contains the welcome_message with the curl above.
Just to update. Nissan North America has yet again today made a new release. 7.3.4. This release uses Firebase Database instead of the Remote Config they used in last release. All only to break third party libraries and clients yet again.
Needs some investigation.
UPDATE;
An interesting tidbit. Nissan's own North American app is broken currently because of the changes they've made.
@Raiden38 7.3.4 - Introduced use of Firebase Real-Time Database to store their “secrets”. On top of that Google’s SafetyNet is now used to secure against “security threats, including device tampering, bad URLs, potentially harmful apps, and fake users”.
They still use Firebase RealTime Database to store their User-Agent-Key HTTP header. They used it to rotate the User-Agent-Key every hour or so. This rotation of the User-Agent-Key was sent in "real time" to all the devices using the official app. They've reverted back from this behavior and now just stores a static User-Agent-Key which actually still works today. My guess is that all of this created adverse effects for the users of their official app. So all of this effort to "block" third party clients hit themselves like a ton of bricks. It's ironic in every sense.
I encouraged all users of My Leaf to write to Nissan themselves. Maybe that also had an effect.
These APIs haven't worked for a while (see Tobias's post above) but it appears that Nissan have moved or removed these endpoints entirely. I now get 404 not found for everything under https://icm.infinitiusa.com/NissanConnectEVProd/rest, although looking at DNS query logs it seems like the iOS app is still hitting that hostname.
Edit: It is now (back to) https://icm.infinitiusa.com/NissanLeafProd/rest
@amaisano No, I've given up on this. The countermeasures Nissan took have pretty effectively blocked access outside of their app. Tobias's blog post linked above goes into some detail on what those are.
I am working on several workarounds for the NA crew, mostly based off notifications/alerts from the Android MyNissan app and/or spoken responses from the Alexa skill (both which cannot be permanently relied on either).
I’ll post more when I have it working better, but here is a sneak peek:
Do you have the JSON keyfile? It looks like that's the preferred way to interact with the various OAuth2 libraries when using service accounts.
Some examples:
That JSON file would contain all the necessary OAuth params (except for Scope, which is documented): client ID, client secret, redirect URL, auth URL and token URL) so if they don't have a JSON file I think these OAuth params would be pulled from elsewhere in the app.
Here's a Go fragment that parses the JSON file and fills out the OAuth parameters: https://cs.opensource.google/go/x/oauth2/+/d3ed0bb2:google/google.go;l=38