Closed lwy197809 closed 1 year ago
It seems that the version defination on const.py
is outdated, the latest version of MyBMW app is 2.12.0
while the defination is Regions.CHINA: "2.3.0(13603)"
.
I tried to change 2.3.0
to 2.12.0
on the code and the error shows login verification failed. I guess the error was due to wrong changelist number, obvious it is not 13603
on 2.12.0
.
DEBUG:asyncio:Using selector: EpollSelector
DEBUG:bimmer_connected.account:Getting vehicle list
DEBUG:bimmer_connected.api.authentication:Authenticating with MyBMW flow for China.
DEBUG:httpx._client:HTTP Request: GET https://myprofile.bmw.com.cn/eadrax-coas/v1/cop/publickey "HTTP/1.1 200 OK"
DEBUG:httpx._client:HTTP Request: POST https://myprofile.bmw.com.cn/eadrax-coas/v2/login/pwd "HTTP/1.1 422 Unprocessable Entity"
ERROR:bimmer_connected.api.authentication:Authentication error: {"data":null,"code":499200,"error":true,"msgType":"toast","description":"登录校验异常,请使用正常渠道下载的应用程序!"}
Traceback (most recent call last):
MyBMW app uses SSL pinning to avoid mitm, any suggestions on how to mitm the API?
We are still on the very old version for china due to BMW changing the login secrets in both 2.7.0 and 2.9.0 leading to not being able to login anymore. See https://github.com/bimmerconnected/bimmer_connected/discussions/488 for more info.
I was not able to figure out the new login yet (and don't have much time right now). So any support there is appreciated.
@lanceliao check this https://blog.nviso.eu/2022/08/18/intercept-flutter-traffic-on-ios-and-android-http-https-dio-pinning/ This works for me for the rest of world version if the apk is patched with objection and using mitmproxy in wireguard mode.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
@rikroe I found a way to capture the mybmw network traffic, but I can't write the Python code. How can I help?
I found some URLs have changed. For example, the refresh token URL has changed from
/eadrax-coas/v1/oauth/token
to /eadrax-coas/v2/oauth/token
I've also captured some requests as cURL commands. If needed, I can send them to you via email, as they contain private information.
Thats great! It would be great if you can send me some infos on the login flow to rikro@gmx.net?
Thats great! It would be great if you can send me some infos on the login flow to rikro@gmx.net?
How to log in first time (i.e. after reset of MyBMW app)
- Is the only option SMS + captcha by now? So no option to login with Password only?
- Please be as precise as possible, i.e. which URLs are called after each other. I'm probably going to need to have both request & response as they usually build on each other.
- If you remove your password, SMS token + refresh token with some placeholder text I cannot login to your account but will see how the flow executes
- The token flow using the refresh token (i.e. you closed the app after logging in and then return after >60 minutes)
I send some message in our china-login
private discussions
The encryption algorithm of the nonce in the newest version of MyBMW app in China (v3.3.1) has been reversed by @erxiaowang417. So is @rikroe or @erxiaowang417 willing to make an update of bimmer_connected (also the HA integration) to support Chinese users?
Please see: https://github.com/erxiaowang417/Mybmw-Script/tree/main/Reverse https://gitee.com/cvnc/BMW/blob/master/lib/BMWLogin.js https://gitee.com/cvnc/BMW/blob/master/lib/GetNonce.js
Very cool! Sure, as it is open sourced on github I can integrate that!
But even password login still requires solving the captcha, right?
In the request body for login, there are many ways to implement sliding verification. The author CVNC implements an achievable acquisition method.This author also explains that the SMS login method and password login method.
Very cool! Sure, as it is open sourced on github I can integrate that!
But even password login still requires solving the captcha, right?
In my multiple attempts, I found that captcha may not be necessary in the login process. In fact, I was able to log in to my Chinese BMW account through a modified source code in the authentication.py
file of bimmer_connected in HA, which allowed me to generate a nonce in a different way.
I also submitted a PR that the user_agent in version 3.3.1 will prompt an error in the API in the China region, and we need to revert to version 3.1.0 of the user_agent.
Very cool! Sure, as it is open sourced on github I can integrate that! But even password login still requires solving the captcha, right?
In my multiple attempts, I found that captcha may not be necessary in the login process. In fact, I was able to log in to my Chinese BMW account through a modified source code in the
authentication.py
file of bimmer_connected in HA, which allowed me to generate a nonce in a different way.I also submitted a PR that the user_agent in version 3.3.1 will prompt an error in the API in the China region, and we need to revert to version 3.1.0 of the user_agent.
The captcha is necessary after the last update of MyBMW in China several days ago. You may refer to this (from CVNC and erxiaowang417) to use the latest MyBMW API (v3.3.1). In order not to upload any user information, please do not use any third-part API (like yixi.pro/api ) in the PR. Thx. @rikroe @Yixi @erxiaowang417 Anyone have time to make a new update?
I have submitted a pull request and am waiting for it to be merged. https://github.com/bimmerconnected/bimmer_connected/pull/534
Thanks @Yixi!! With https://github.com/home-assistant/core/pull/93180 merged this is included in HA 2023.5.4 or latest 2023.5.
Thanks @Yixi!! With home-assistant/core#93180 merged this is included in HA 2023.5.4 or latest 2023.5.
Thanks @Yixi and @rikroe . Will the HA custom component also be updated so we do not need to update to the latest version of HA?
Thanks for the reminder, please see https://github.com/bimmerconnected/ha_custom_component/releases/tag/20230517.1
Describe the issue
Can't login MyBMW account.
Expected behavior
seems the authentication scheme changed by BMW?
Which Home Assistant version are you using?
2023.1.0.dev20221205
What was the last working version of Home Assistant Core?
No response
What is your region?
China
MyBMW website
Number of cars
Output of bimmer_connected fingerprint
No response
Anything in the logs that might be useful for us?
Additional information
No response