Closed BrendanGrant closed 6 years ago
:) Really glad the JWT key helped you! Took me a while to reverse engineer that. Pretty useless to add an extra layer of crypto ontop of SSL, especially with a pre-shared key that can be recovered client-side. This does not strike me as a valid use case for JWT.
I'll have to go back and test again, but I could have sworn I ran into an issue when I skipped the connect command. May have just been a mistake on my part though. Will definitely consider adding VIN selection next time I dive back into the code.
First... thank you for this. I'm a C# developer who reverse engineered most of the protocol a couple of years ago but got stuck with the secret key, thank you for finding it!
Plugged it into my old code, and sure enough from my username, password & PIN I can start my car :)
One improvement you could make, is to a GET on https://api.gm.com/api/v1/account/vehicles as it will return a list of your vehicles, rather than requiring you to know the VIN up front.
Also, I do not believe triggering commands/connect is needed in order to start the vehicle, though that is a common step in the app.