Remote Start Climate

[michaelwoods]

There's a report of new models supporting the change of climate settings after a remote start command.

https://www.reddit.com/r/BoltEV/comments/xvj1as/new_climate_option_in_the_chevrolet_app_only/

Are you able to add this functionality? How do you investigate new commands like the recent location addition?

[samrum]

Check out these comments in gm-onstar-probe: https://github.com/mikenemat/gm-onstar-probe/issues/2#issuecomment-414491880 https://github.com/mikenemat/gm-onstar-probe/issues/4#issuecomment-533602323

They kind of cover the general process. Decompiling/injecting code into the Android APK and looking through source/logging things at runtime. Frida is very useful for this.

It'd probably be easier for someone with a '23 Bolt to look into since they'd be able to use their vehicle/account to poke around. Like calling the commands endpoint mentioned in https://github.com/mikenemat/gm-onstar-probe/issues/4#issuecomment-533602323 should give you the API route at the least. Specific parameters and their format for it might require a little more digging.

[michaelwoods]

Thanks, I used axios-curlirize to output OnstarJS commands as cURL commands to make it easier to hit that commands API. I received the following from my '23 Bolt but nothing that looks like a climate setting. Might be a parameter to send though the UI appears after the start.

https://gist.github.com/michaelwoods/5d2696d6f2e6e79ad7a6591dfe66e5c5

[samrum]

Ok, so yeah, you'll likely need to go the injection/decompilation route then. That first link in my other comment is one way of going about it. Using Frida simplifies it a bit since you won't need to decompile/compile the entire app to inject/watch things.

I used to use frida/objection to disable ssl/certificate pinning and mitmproxy to see network traffic from my device. There are lots of ways of doing that part, too, though.