Jaguar engine start no longer working

[scotttag]

Since the recent "security updates" my remote engine start on jlrpy has stopped working, been working flawlessly for some time before that

I upgraded to 1.6.0 after the new security header was put in, but this hasn't fixed the issue

Weirdly... lock and unlock (with PIN of course) works completely fine as before, it's just engine start that has stopped working

This is the error I get:

{'timestamp': 1709970317076, 'status': 415, 'error': 'Unsupported Media Type', 'path': '/remoteengine/app/xxx/engineOn'}

(xxx = VIN)

Also worth mentioning that my car is a Jag, not an LR - I know the two apps are seperate so I wonder if there's something different with the calls made from the Jag version?

Also worth confirming - remote engine start still works fine in the app itself, just broken in jlrpy. Let me know if I can provide any more debug/testing info

[ardevd]

Thanks for the report! It's about time I go over the API endpoints again. JLR keeps tweaking things here and there and I'm sure there was some recent update that broke compatibility with jlrpy.

I'll look into it and report back here. Since I don't have an ICE JLR vehicle I'll probably ask you to test any new changes before I merge.

[scotttag]

Always happy to test! I'll keep an eye out here, appreciate you :-)

[sjpbailey]

Seems to be missing? https://documenter.getpostman.com/view/6250319/RznBMzqo#a4afbc35-b94c-4cc9-9847-3be3e8c5f140

[ardevd]

I have limited ability to troubleshoot this for now as I don't have access to an JLR ICE vehicle. PRs welcome.

[sjpbailey]

I have a 2023 Defender gas vehicle. Have you updated your version for your module? Need to update my pip currently at 1.5.0 requirements on my end need to be updated to 1.6.0. Beep flash, doors lock, no start.

[ardevd]

V1.6.0 is the latest version available.

[sjpbailey]

At 1.6 no start command out v.remote_engine_start + pin + temp in C. Has this call changed?

[ardevd]

See the original description of this issue

[sjpbailey]

Same issue here my plugin it is a Python on Universal Devices. Trying to help.

My code using your module albeit i am not a computer scientist just a pipe fitter. So my responses are probably in another language. https://github.com/sjpbailey/udi-poly-jaguar-landrover-prod_v3

Yes i was the idiot whose trips stopped working and i never got back to you, i apologize. They must have reset on the phone app update. Have not tried to stop recording them for fear i would lock it up again. No where could i find how to reset the history in the vehicle.

again here to help just an idiot who writes a little python code.

what do you want me to do as i have tested v1.6

[scotttag]

@ardevd

Happy to help this side - I did run the JLR app (iOS) through mitmproxy to decode the API but annoyingly the app has strict certificate pinning and gives security warnings which you can't bypass, preventing the API calls from being made

How did you reverse engineer the protocol before? I've got the app running in Android emulator too but then realized I need to root it to do mitm. Is there an easier method you've used like Frida in the past? If so I can do that and reverse engineer the updated API endpoint for you, submit a pull request

Edit: Looks like it's possibly to inject the Frida library as a dependency into an apk without rooting a device - then uploading through ADB which I can do on the emulator - I'll give this a try this weekend when I'm not travelling!

[ardevd]

@scotttag Yep, you need to disable the certificate pinning. I typically just patch the APK manually, recompile it and I'm usually good to go. However, there's an issue with the latest InControl app where apktool for some reason seems to strip away a large portion of the app's codebase when rebuilding the app. I reported the bug here

[ardevd]

If anyone with an applicable vehicle wants to help with this and is willing to temporarily share access to their account let me know.

[scotttag]

I can test! If you have the patched APK I can run it in an emulator here and do some testing. I saw the apktool bug is still open but I'm guessing you found another way around cert pinning?

[ardevd]

I've developed some tooling that removes the need for patching the APK. However, it's not trivial to set up. If you're willing to help out you can reach out to me on Discord.

[scotttag]

Sorry I've been out. Yup happy to help and set up an environment and do some mitm work. I did also try de-compiling the app when I had a spare minute and found a bunch of endpoints but couldn't find the engineOn one, no doubt renamed...

Do you have your Discord link somewhere? Happy to grab you there

[sjpbailey]

Yes my app no longer connects with user and pass. So even worse than no engine start. Hopefully it will be worked out.

[ardevd]

@sjpbailey what "app" you're referring to?

[sjpbailey]

My own on Universal Devices home automation. It's a free app to run on an ISY now and EISY router well freeBSD frontend.On Mar 26, 2024, at 3:30 PM, ardevd @.***> wrote: @sjpbailey what "app" you're referring to?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[sjpbailey]

@ardevd, I have my app back up after module requirement update for jlrpy from 1.6.0 to 1.7.0. Still no start and would like to know what you need to test. I am available most days as i am home, retired, disabled. Sending or Calling pin and temperature in C as i was before when start functioned.

[msp1974]

Apologies not jumped in earlier to help with this - been out of country for 6 weeks. Anyhow, my RRS (Petrol), starts and stops fine using v1.7.0. I am pretty sure it also worked with v1.6.0. So is this something different on a Jag than a LR?

I think the unsupported media type error is when JLR change the accept header version.

Currently it is (which is working on my RRS) - line 468 of jlrpy:

headers["Content-Type"] = (
            "application/vnd.wirelesscar.ngtp.if9.StartServiceConfiguration-v2+json"
        )

And if I change it to v1, I get the unsupported media type error.

However, if I change to v3 it still works which leads me to think it should be updated to v3. Ie:

headers["Content-Type"] = (
            "application/vnd.wirelesscar.ngtp.if9.StartServiceConfiguration-v3+json"
        )

@ardevd - can issue a PR or you can just update it. Let me know. Maybe @scotttag or @sjpbailey can mod thier jlrpy to make this change and confirm it works?

EDIT: Not looked at the remote_engine_stop as uses different accept header. Again if @scotttag or @sjpbailey can try it as is and amend to v3 if you get the same error when trying to stop the engine.

[sjpbailey]

Hello Mark, I will copy jlrpy into my repository then will edit the line in jlrpy to v3 for engine start. Is that the full call "application/vnd.wirelesscar.ngtp.if9.StartServiceConfiguration-v3+json" I have a few doctor's appointments today so it will be tomorrow Wednesday before i can get to it.Thank You for checking this out!SteveOn Apr 23, 2024, at 9:23 AM, Mark Parker @.***> wrote: Apologies not jumped in earlier to help with this - been out of country for 6 weeks. Anyhow, my RRS (Petrol), starts and stops fine using v1.7.0. I am pretty sure it also worked with v1.6.0. So is this something different on a Jag than a LR? I think the unsupported media type error is when JLR change the accept header version. Currently it is (which is working on my RRS) - line 468 of jlrpy: headers["Content-Type"] = ( "application/vnd.wirelesscar.ngtp.if9.StartServiceConfiguration-v2+json" )

And if I change it to v1, I get the unsupported media type error. However, if I change to v3 it still works which leads me to think it should be updated to v3. Ie: headers["Content-Type"] = ( "application/vnd.wirelesscar.ngtp.if9.StartServiceConfiguration-v3+json" )

@ardevd - can issue a PR or you can just update it. Let me know. Maybe @scotttag or @sjpbailey can mod thier jlrpy to make this change and confirm it works?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[scotttag]

Apologies not jumped in earlier to help with this - been out of country for 6 weeks. Anyhow, my RRS (Petrol), starts and stops fine using v1.7.0. I am pretty sure it also worked with v1.6.0. So is this something different on a Jag than a LR?

I think the unsupported media type error is when JLR change the accept header version.

Currently it is (which is working on my RRS) - line 468 of jlrpy:

headers["Content-Type"] = (
            "application/vnd.wirelesscar.ngtp.if9.StartServiceConfiguration-v2+json"
        )

And if I change it to v1, I get the unsupported media type error.

However, if I change to v3 it still works which leads me to think it should be updated to v3. Ie:

headers["Content-Type"] = (
            "application/vnd.wirelesscar.ngtp.if9.StartServiceConfiguration-v3+json"
        )

@ardevd - can issue a PR or you can just update it. Let me know. Maybe @scotttag or @sjpbailey can mod thier jlrpy to make this change and confirm it works?

EDIT: Not looked at the remote_engine_stop as uses different accept header. Again if @scotttag or @sjpbailey can try it as is and amend to v3 if you get the same error when trying to stop the engine.

This was literally all it was! Can't believe I didn't think of something so simple...

Re-confirmed that 1.7.0 doesn't work with remote_start/stop before testing (same error as I mentioned before). Updated the code to v3 for both start and stop - engine starts right up and stops just as before! Woo hoo

Popped a pull in #130 for you to make it easy - you're superstars! 😄

[sjpbailey]

Thank You!Works! Had to uninstall jlrpy from my environment as it is still ver- 1.7.0Thanks Again for this cool project!On Apr 23, 2024, at 3:13 PM, ardevd @.***> wrote: Closed #120 as completed via #130.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>