search

SteffeyDev / homebridge-hyundai-bluelink

Homebridge plugin for Hyundai BlueLink
Apache License 2.0
26 stars 13 forks source link

authentication error / legacy authentication disabled. #358

Open cmorozcogmailcom opened 3 months ago

cmorozcogmailcom commented 3 months ago

Describe The Bug: bug in autentication phase in plugin

To Reproduce:

run the plug in via the home bridge Expected behavior:

3/29/2024, 9:52:26 PMHyundai Bluelink BridgeHyundaiERRORClient Error GotError [RequestError]: write EPROTO 2005FBB6:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:922:

at ClientRequest.<anonymous> (/var/lib/hoobs/hyundaibluelinkbridge/node_modules/got/source/request-as-event-emitter.js:178:14)
at Object.onceWrapper (node:events:628:26)
at ClientRequest.emit (node:events:525:35)
at ClientRequest.origin.emit (/var/lib/hoobs/hyundaibluelinkbridge/node_modules/@szmarczak/http-timer/source/index.js:37:11)
at TLSSocket.socketErrorListener (node:_http_client:502:9)
at TLSSocket.emit (node:events:513:28)
at emitErrorNT (node:internal/streams/destroy:151:8)
at emitErrorCloseNT (node:internal/streams/destroy:116:3)
at processTicksAndRejections (node:internal/process/task_queues:82:21) {

c Logs: 3/29/2024, 9:52:24 PMHyundai Bluelink BridgeLoaded plugin 'homebridge-hyundai-bluelink' 3/29/2024, 9:52:24 PMHyundai Bluelink BridgeLoading 1 platforms... 3/29/2024, 9:52:24 PMHyundai Bluelink BridgeHyundaiLoading accessory from cache: 2019 SONATA PLUGIN HYBRID 3/29/2024, 9:52:25 PMHyundai Bluelink BridgeBridge is running on port 51916. 3/29/2024, 9:52:26 PMHyundai Bluelink BridgeHyundaiERRORClient Error GotError [RequestError]: write EPROTO 2005FBB6:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:922:

at ClientRequest.<anonymous> (/var/lib/hoobs/hyundaibluelinkbridge/node_modules/got/source/request-as-event-emitter.js:178:14)
at Object.onceWrapper (node:events:628:26)
at ClientRequest.emit (node:events:525:35)
at ClientRequest.origin.emit (/var/lib/hoobs/hyundaibluelinkbridge/node_modules/@szmarczak/http-timer/source/index.js:37:11)
at TLSSocket.socketErrorListener (node:_http_client:502:9)
at TLSSocket.emit (node:events:513:28)
at emitErrorNT (node:internal/streams/destroy:151:8)
at emitErrorCloseNT (node:internal/streams/destroy:116:3)
at processTicksAndRejections (node:internal/process/task_queues:82:21) {

code: 'EPROTO', host: 'api.telematics.hyundaiusa.com', hostname: 'api.telematics.hyundaiusa.com', method: 'POST', path: '/v2/ac/oauth/token', socketPath: undefined, protocol: 'https:', url: 'https://api.telematics.hyundaiusa.com/v2/ac/oauth/token', gotOptions: { path: '/v2/ac/oauth/token', protocol: 'https:', slashes: true, auth: null, host: 'api.telematics.hyundaiusa.com', port: null, hostname: 'api.telematics.hyundaiusa.com', hash: null, search: null, query: null, pathname: '/v2/ac/oauth/token', href: 'https://api.telematics.hyundaiusa.com/v2/ac/oauth/token', retry: { retries: [Function (anonymous)], methods: [Set], statusCodes: [Set], errorCodes: [Set] }, headers: { 'user-agent': 'PostmanRuntime/7.26.10', client_id: 'xxxx', client_secret: 'xxxx', accept: 'application/json', 'accept-encoding': 'gzip, deflate', 'content-type': 'application/json', 'content-length': 57 }, hooks: { beforeRequest: [], beforeRedirect: [], beforeRetry: [], afterResponse: [], beforeError: [], init: [] }, decompress: true, throwHttpErrors: true, followRedirect: true, stream: false, form: false, json: true, cache: false, useElectronNet: false, method: 'POST', body: '{"username":"xxxxxx@gmail.com","password":"xxxxxxxx$"}' }

Show the Homebridge logs here, remove any sensitive information.
3/29/2024, 9:52:24 PMHyundai Bluelink BridgeLoaded plugin 'homebridge-hyundai-bluelink'
3/29/2024, 9:52:24 PMHyundai Bluelink BridgeLoading 1 platforms...
3/29/2024, 9:52:24 PMHyundai Bluelink BridgeHyundaiLoading accessory from cache: 2019 SONATA PLUGIN HYBRID
3/29/2024, 9:52:25 PMHyundai Bluelink BridgeBridge is running on port 51916.
3/29/2024, 9:52:26 PMHyundai Bluelink BridgeHyundaiERRORClient Error GotError [RequestError]: write EPROTO 2005FBB6:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:922:

    at ClientRequest.<anonymous> (/var/lib/hoobs/hyundaibluelinkbridge/node_modules/got/source/request-as-event-emitter.js:178:14)
    at Object.onceWrapper (node:events:628:26)
    at ClientRequest.emit (node:events:525:35)
    at ClientRequest.origin.emit (/var/lib/hoobs/hyundaibluelinkbridge/node_modules/@szmarczak/http-timer/source/index.js:37:11)
    at TLSSocket.socketErrorListener (node:_http_client:502:9)
    at TLSSocket.emit (node:events:513:28)
    at emitErrorNT (node:internal/streams/destroy:151:8)
    at emitErrorCloseNT (node:internal/streams/destroy:116:3)
    at processTicksAndRejections (node:internal/process/task_queues:82:21) {
  code: 'EPROTO',
  host: 'api.telematics.hyundaiusa.com',
  hostname: 'api.telematics.hyundaiusa.com',
  method: 'POST',
  path: '/v2/ac/oauth/token',
  socketPath: undefined,
  protocol: 'https:',
  url: 'https://api.telematics.hyundaiusa.com/v2/ac/oauth/token',
  gotOptions: {
    path: '/v2/ac/oauth/token',
    protocol: 'https:',
    slashes: true,
    auth: null,
    host: 'api.telematics.hyundaiusa.com',
    port: null,
    hostname: 'api.telematics.hyundaiusa.com',
    hash: null,
    search: null,
    query: null,
    pathname: '/v2/ac/oauth/token',
    href: 'https://api.telematics.hyundaiusa.com/v2/ac/oauth/token',
    retry: {
      retries: [Function (anonymous)],
      methods: [Set],
      statusCodes: [Set],
      errorCodes: [Set]
    },
    headers: {
      'user-agent': 'PostmanRuntime/7.26.10',
      client_id: 'xxxx,
      client_secret: 'xxx',
      accept: 'application/json',
      'accept-encoding': 'gzip, deflate',
      'content-type': 'application/json',
      'content-length': 57
    },
    hooks: {
      beforeRequest: [],
      beforeRedirect: [],
      beforeRetry: [],
      afterResponse: [],
      beforeError: [],
      init: []
    },
    decompress: true,
    throwHttpErrors: true,
    followRedirect: true,
    stream: false,
    form: false,
    json: true,
    cache: false,
    useElectronNet: false,
    method: 'POST',
    body: '{"username":"xxxxx","password":"xxxxxx"}'
  }

**Plugin Config:**
{
    "platform": "Hyundai",
    "remoteStart": {
        "igniOnDuration": 15,
        "heating1": true,
        "defrost": true,
        "airCtrl": true
    },
    "credentials": {
        "username": "xxxxx
        "password": "xxxxx",
        "region": "US",
        "brand": "hyundai",
        "pin": "0852"
    },
    "vehicles": [
        {
            "vin": "Kxxxx
            "maxRange": 600
        }
    ]
}
Show your Homebridge config.json here, remove any sensitive information.

not sure where to find this on the hoobs starter kit distro .

Screenshots:

Environment: hoobs starter box

cmorozcogmailcom commented 3 months ago

so I can this this url to post with postman and even on the hoobs box with curl. not sure what to do here , openssl -s_client -connect api.telematics.hyundaiusa.com:443 does connect but returns with a Secure Renegotiation IS NOT supported message. not really sure if this is an error. the bug the plugin fails at this point.

cmorozcogmailcom commented 3 months ago

this is the output hoobs@hoobs:/var/lib/hoobs/hyundaibluelinkbridge/node_modules/bluelinky/src/controllers$ openssl s_client -connect api.telematics.hyundaiusa.com:443 CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Organization Validation Secure Server CA verify return:1 depth=0 C = US, ST = California, O = Hyundai AutoEver America, CN = api.telematics.hyundaiusa.com verify return:1

Certificate chain 0 s:C = US, ST = California, O = Hyundai AutoEver America, CN = api.telematics.hyundaiusa.com i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Organization Validation Secure Server CA 1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Organization Validation Secure Server CA i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services 3 s:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services

Server certificate -----BEGIN CERTIFICATE----- MIIHEzCCBfugAwIBAgIQLXFPdRFkymPD02GFSxdvljANBgkqhkiG9w0BAQsFADCB lTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT0wOwYDVQQD EzRTZWN0aWdvIFJTQSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTZWN1cmUgU2Vy dmVyIENBMB4XDTIzMDYwMjAwMDAwMFoXDTI0MDcwMTIzNTk1OVowbTELMAkGA1UE BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExITAfBgNVBAoTGEh5dW5kYWkgQXV0 b0V2ZXIgQW1lcmljYTEmMCQGA1UEAxMdYXBpLnRlbGVtYXRpY3MuaHl1bmRhaXVz YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkkqudlsL1hsLG T6+7iNmbmtwkyH1mAL8CmUHibw1tDuSE5fKgl4urXVlPlk0V/dciCYWMTlDXRPnP ihYIwAAYvOUgs5rkGzWayvLRYR0WN799CqJbKC622oJ650YD58r0ctbypVcGjNRM H4YThCFK3hoWKSZXkpjnji1JRs2VrloASiN2dJ6/MaHUWztfhgEiykU0qS2RtbOM Hm64sCWeRaytji6jFR0DdSsh9d5C6dQaSZQs8w0qpo/b+JR9QAJgZm6vjL2atm++ afpYlU7YJqp8SpkI8tX6dBWyPcwv8fIK1izZbh6c0MsKNObk9LusYyYjg+F4ASFe UMLtmD3jAgMBAAGjggOEMIIDgDAfBgNVHSMEGDAWgBQX2dYlJ2f5McJJQ9kwNkSM bKlP6zAdBgNVHQ4EFgQUCaG5J3dvFuPVO4l0tMYb4dbsqPswDgYDVR0PAQH/BAQD AgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MEoGA1UdIARDMEEwNQYMKwYBBAGyMQECAQMEMCUwIwYIKwYBBQUHAgEWF2h0dHBz Oi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBaBgNVHR8EUzBRME+gTaBLhklo dHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FPcmdhbml6YXRpb25WYWxp ZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGKBggrBgEFBQcBAQR+MHwwVQYIKwYB BQUHMAKGSWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQU9yZ2FuaXph dGlvblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGGF2h0 dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcA dQB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYh+SxvvAAAEAwBG MEQCIFTT+XchKDrklG+kGxlnpyk/eGSgXj5+aNoHidwgmsAOAiBEanfUEUqzSJwx 4maQnB41KVpPRakyZsNySyOjR2slTAB2ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSF NL2kPTBI1/urAAABiH5LHFQAAAQDAEcwRQIhAMZLDv5tJOr3gA6MvgVsP+qw3jKB u35ZA3EhrWhzPtTrAiB3hjMb+/yieGOyomeQ96KGtavQi1TOUJazVcsIkmZ9gAB2 AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABiH5LHBoAAAQDAEcw RQIgFli5xV9gVgbDCZFbefFhf3EDXjc2Al9ipNz54+iS7TMCIQCbVTCTXq4Ms1pJ GW3/6MA671Mk6Vmr309wliL1UW3msTBLBgNVHREERDBCgh1hcGkudGVsZW1hdGlj cy5oeXVuZGFpdXNhLmNvbYIhd3d3LmFwaS50ZWxlbWF0aWNzLmh5dW5kYWl1c2Eu Y29tMA0GCSqGSIb3DQEBCwUAA4IBAQAeXFkJAbpgFNYC6X1C+/rJaOnzBvVBHWnV 97n8YggMCHE4h2ZMVlky+ytzyIweADS2T01eDtKH0PQ88oIVWX2b729UQUfMaiyg 00yiEtxdhgI9PvAb4J97uR73WuNtYj4WUIfnpqxQlkxuCifOpCGeW001jYZnjAhw lBxmrVJGIMnMOupmwxdsKqplY6ssTCrS02wEsYOM76NleEyQxm/5rBLBoPrPXH2a Zuwa6LAN4Q6oM7eqHbYb2OfBn/5j5dOBoy6hiob3D419urGiRNcblvzQaYc1pY9x h456sM7IPWCawJ4EM9TnS4SBVdbxgip34geC5uLmvxlnpkreNFG9 -----END CERTIFICATE----- subject=C = US, ST = California, O = Hyundai AutoEver America, CN = api.telematics.hyundaiusa.com

issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Organization Validation Secure Server CA

No client certificate CA names sent

SSL handshake has read 6048 bytes and written 673 bytes Verification: OK

New, SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : AES256-SHA Session-ID: AFAC299C0AF33EAFA1C8AA03DD118DA7596121845D7BACDE2A9270FC07385613 Session-ID-ctx: Master-Key: 0556511A20453CDD9546739715E717384FD470F3DA651B5D93D539ED25F90B059F2D9025FA4E1A713CA4B6E2489828FE PSK identity: None PSK identity hint: None SRP username: None Start Time: 1711804527 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no

cmorozcogmailcom commented 3 months ago

same thing doing this with no tls1.3 openssl s_client -no_tls1_3 -connect api.telematics.hyundaiusa.com:443

cmorozcogmailcom commented 3 months ago

this is the curl that works curl --location 'https://api.telematics.hyundaiusa.com/v2/ac/oauth/token' \ --header 'Content-Type: application/json' \ --header 'user-agent: PostmanRuntime/7.26.10' \ --header 'client_id: mxxxxxxx-exxx-Sxxxxx-bxxx-axxxxxxxxxxxx' \ --header 'client_secret: vxxxxxxx-xxxx-xxxx-xxxx' \ --header 'accept: application/json' \ --header 'Accept-Encoding: gzip,deflate' \ --header 'Content-Type: application/json' \ --header 'Content-Length: 57' \ --d '{"username":"xxxxxxxxx","password":"xxxxxxx"}'

cmorozcogmailcom commented 3 months ago

doing the following openssl command openssl s_client -connect cloud.oracle.com:443 -no_tls1_3 -bugs gets me a result that looks encouraging . New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated

cmorozcogmailcom commented 3 months ago

So i surmise that the telematics site is not allowing older protocols since the return message states unsafe legacy renegotiation disabled

cmorozcogmailcom commented 3 months ago

i found a fix and a work around. I edited request-as-event-emitter.js. I added to the top const crypto = require('node:crypto'); const tls = require('tls');

then after const currentUrl = redirectString || requestUrl; I added the following. options.secureOptions=crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT;

then restart the plugin.

vadimpetrunin commented 2 days ago

Worked for me! Thanks for your help! I was using "homebridge-hyundai-bluelink-next" plugin and for raspbean users the file is located at /var/lib/homebridge/node_modules/homebridge-hyundai-bluelink-next/node_modules/got/source/request-as-event-emitter.js