Closed kclif9 closed 7 months ago
You need to install nox with the mobile app and sniff the https traffic to collect most of those. I think the xor value also needs to be generated.
@bitnimble is our resident australia expert.
Any chance this would be possible/ @bitnimble is this something you are involved in?
I've tried playing with au-apigw.ccs.kia.com.au:8082 and posting but cannot get past authentication
I tried to use "Burp" to intercept the calls and watch the traffic but the Kia Connect app gives me a network error. So i'm stumped how to intercept.
Probably not anytime soon sorry - even Hyundai is out of date and hasn't worked for months and I haven't found the time to fix that one 😅
No prob. I just spent some time reviewing the Hyundai AU code and tried to copy it for Kia but keep getting 4010 Authentication errors. I then set up an account with Hyundai and followed the steps to get cookies and then try to login, but got 4003 Invalid Values - i guess this is what you mean by Hyundai not working currently either.
Happy to help @bitnimble - any suggestions how best to sniff the traffic given there is only an Android app, no website?
Would decompiling the APK be an option? When i try - i only get these files. No obvious classes here:
https://www.decompiler.com/jar/cfa2a3898a6a4b4aa68a08d3d361b3ac/kia.zip
Try install nox player. Load up android 6 with it. No rooting. Use Charles proxy to setup ssl decrypt. If you can see the traffic you can get the ids and I can point you in the right direction from that.
Thanks. I did try Memu emulator and got the apk to run, but it kept giving network errors on login. Oddly it would correctly give an error for wrong password, but a network error for correct pwd.. Ie they somehow detect its on an emulator? This was even without running an interceptor / proxy
From: cdnninja @.> Sent: Saturday, February 10, 2024 11:16:40 AM To: Hyundai-Kia-Connect/hyundai_kia_connect_api @.> Cc: zappoo @.>; Comment @.> Subject: Re: [Hyundai-Kia-Connect/hyundai_kia_connect_api] Add support for Kia Australia (Issue #420)
Try install nox player. Load up android 6 with it. No rooting. Use Charles proxy to setup ssl decrypt. If you can see the traffic you can get the ids and I can point you in the right direction from that.
— Reply to this email directly, view it on GitHubhttps://github.com/Hyundai-Kia-Connect/hyundai_kia_connect_api/issues/420#issuecomment-1936763226, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADU3BF2VBTRUJAJBZ3HIBEDYS236RAVCNFSM6AAAAAA5UEE6NSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZWG43DGMRSGY. You are receiving this because you commented.Message ID: @.***>
Try nox to rule it out. It worked for Australia last time and also for Europe.
Spent hours trying to get NOX working but keep getting stuck on the "Failed to start Virtual Machine" screen. I'll try again later :(
OK got BlueStacks working. Installed Kia Connect. Logged in - SUCCESS! Now i will try to do some sniffing - i assume using something like Fiddler?? Fiddler won't show any traffic that happens on the emulator. Will need some help now please @cdnninja
Got a bit further.. set up fiddler, modified some files in bluestack emulator to set up fiddler as a proxy.. anything i now do in Chrome on the emulator proxies into Fiddler.. but Kia Connect says "Network error" when i start the app now.
Got a bit further.. set up fiddler, modified some files in bluestack emulator to set up fiddler as a proxy.. anything i now do in Chrome on the emulator proxies into Fiddler.. but Kia Connect says "Network error" when i start the app now.
Have you tried installing the SSL certificate (as system CA certificate) from fiddler? If you're running the app on android 6, and using fiddler correctly, you should be able to view all the traffic. If you're using a later android version, you'll need to root it to move the certificate from the user store to the system store.
Once that's sorted, the network error should be solved.
Am trying to figure that bit out. Bluestack doesn't give me an option to install certificates anywhere
Status:
That's where I am currently stuck.
yeah, the australian version have quite strong root prevention. you'll need to either use something like magisk to do root hiding, or decompile + strip the protection + recompile.
Yep - that's a bit beyond me :(
The other thing i've tried is to enable root, modify 'settings_global.xml' on the device, add in all proxy settings, then UNSET root. Again, chrome traffic gets picked up - but Kia Connect says "Network error". Perhaps this idea works, but i haven't installed the fiddler cert properly??
ah that's probably the SSL pinning at work - if you load your own cert in order to sniff the traffic, then the app detects that the certificates have changed and rejects any requests 😅 so you need to modify the apk to disable the SSL pinning detection, which even then doesn't work yet because Hyundai (and presumably Kia as well) in Australia have one more layer of protection which detects that the apk signature has been changed. So you need to also remove that protection / inject the SSL certificate dynamically at runtime instead.
If you join the Discord, I think there might be some old messages from me that go through the flow. Otherwise, I'll try to get the Hyundai one fixed in the next few weeks and document the whole procedure (for myself, too... I can hardly remember what I did last time lol)
Thanks! Yep - very frustrating :(
the australian one is quite a bit more annoying than other countries unfortunately 🥲
It looks like the PR from @cdnninja looks to have fixed it. The latest version discovers my car (Niro EV) as expected.
Description
I would like to add support for the Kia Connect Australia app. It looks like the base of the configuration is complete as the app looks very similar to the Hyundai Bluelink app which is already supported in Australia.
What I Did
I get the error "Kia is not supported in Australia yet" when adding the integration to Home Assistant. This looks to be the response from KiaUvoApiAU.py.
Looking through the code, it looks like some simple extension is required.
URL: BASE_URL: au-apigw.ccs.kia.com.au:8082 I'm unsure how to gather the remaining three pieces of information for the PR. Can you please advise what you need me to do to gather these bits of information?
Source code: if BRANDS[brand] == BRAND_KIA: raise APIError("Kia is not supported in Australia yet") elif BRANDS[brand] == BRAND_HYUNDAI: self.BASE_URL: str = "au-apigw.ccs.hyundai.com.au:8080" self.CCSP_SERVICE_ID: str = "855c72df-dfd7-4230-ab03-67cbf902bb1c" self.APP_ID: str = "f9ccfdac-a48d-4c57-bd32-9116963c24ed" # Android app ID self.BASIC_AUTHORIZATION: str = "Basic ODU1YzcyZGYtZGZkNy00MjMwLWFiMDMtNjdjYmY5MDJiYjFjOmU2ZmJ3SE0zMllOYmhRbDBwdmlhUHAzcmY0dDNTNms5MWVjZUEzTUpMZGJkVGhDTw=="