search

teslamotors / vehicle-command

Apache License 2.0
425 stars 92 forks source link

Public Key not Paired with Vehicle despite successfully completing https://www.tesla.com/_ak/ #161

Closed fktc closed 7 months ago

fktc commented 7 months ago

I am trying to access my vehicle as follows:

  1. Created a key using tesla-keygen and run a local proxy
  2. Stored the key on the server as ./well-known/appsepcific/com.tesla.3p.public-key.pem (is this correct?)
  3. Successfully authenticated using https://www.tesla.com/_ak/ & allowed authorization via the iphone tesla app

Now the key appears on the Vehicle's touchscreen. Using the Vehicle endpoint works well. However, the Vehicle Command endpoint returns the following error:

{
  "response": null,
  "error": "vehicle rejected request: your public key has not been paired with the vehicle",
  "error_description": ""
}

Am I missing something?

sethterashima commented 7 months ago

Could you run the proxy server with -verbose and paste the output it produces when you send the command? Please redact your VIN.

fktc commented 7 months ago

This is the output I'm getting from the proxy:

2024-02-01T21:45:51Z [debug] Creating proxy
2024-02-01T21:45:51Z [info ] Listening on localhost:4443
2024-02-01T21:45:54Z [info ] Received POST request for /api/1/vehicles/<VIN>/command/door_unlock
2024-02-01T21:45:54Z [debug] Executing door_unlock on <VIN>
2024-02-01T21:45:54Z [info ] Starting dispatcher service...
2024-02-01T21:45:54Z [info ] Requesting session info from DOMAIN_INFOTAINMENT
2024-02-01T21:45:54Z [debug] Sending request to https://fleet-api.prd.eu.vn.cloud.tesla.com/api/1/vehicles/<VIN>/signed_command: {"routable_message":"MgIIAzoSEhBA4WfLyzx1IBWOQDy9kI7vmgMQf910byErRuv4oPUfTjZ79HJDCkEE4CKbd4lIo2Kho+RNPa5ym1ox4xbrkLBZbCUQ7wqgUvHej3LMi13sg0FdmyuzjUW15U4bxLZM9Oengbuj6Reu8Q=="}
2024-02-01T21:45:54Z [info ] Requesting session info from DOMAIN_VEHICLE_SECURITY
2024-02-01T21:45:54Z [debug] Sending request to https://fleet-api.prd.eu.vn.cloud.tesla.com/api/1/vehicles/<VIN>/signed_command: {"routable_message":"MgIIAjoSEhBo6W0jQsfJmyyvyfmTZqC+mgMQ061rj+wDMErr/NMW06zDhnJDCkEE4CKbd4lIo2Kho+RNPa5ym1ox4xbrkLBZbCUQ7wqgUvHej3LMi13sg0FdmyuzjUW15U4bxLZM9Oengbuj6Reu8Q=="}
2024-02-01T21:45:54Z [debug] Server returned 200: OK: {"response":"MhISEEDhZ8vLPHUgFY5APL2Qju86AggDYgQIAhADkgMQf910byErRuv4oPUfTjZ79A=="}
2024-02-01T21:45:54Z [error] Returning error Internal Server Error
2024-02-01T21:45:54Z [debug] [d3ad6b8fec03304aebfcd316d3acc386] Retrying transmission after error: Post "https://fleet-api.prd.eu.vn.cloud.tesla.com/api/1/vehicles/<VIN>/signed_command": context canceled

I'm using Amazon Linux Version 2023.3.20240131 & go1.20.12 linux/amd64

Thanks for any advice :)

fktc commented 7 months ago

Update: After running tesla-control -ble add-key-request public_key.pem owner cloud_key and tapping my physical card in the center console of the vehicle, the key is paired successfully. I can issue vehicle commands via BLE and via the Proxy.

However, enrolling vehicles manually with a BLE-enabled notebook isn't feasible for large fleets. Isn't https://www.tesla.com/_ak/<domain> supposed to pair the key exactly to avoid the need to physically tap the card with a BLE-enabled notebook nearby?

vagh141 commented 7 months ago

@fktc

Do you know what commands are avalible over ble?

fktc commented 7 months ago

@vagh141 : I don't know what commands are available over BLE. I used BLE as a workaround to pair the key with the vehicle, and am now using the http proxy & the vehicles-command endpoint to communicate with the vehicle.

The question remains why https://www.tesla.com/_ak/<domain> didn't correctly pair the key, while BLE did?

fabianhu commented 7 months ago

I tested my python implementation of the registration process ( here ) and found the app not reacting on https://www.tesla.com/_ak/domain at all on Android and on iOS. Then I tested again this afternoon with the same process, and suddenly it worked. Is anyone aware of a change in the app or the server?

sethterashima commented 7 months ago

@fktc are you able to reproduce the issue? If so, could you provide the vehicle's firmware version and determine if a touchscreen reboot resolves the problem?

fktc commented 7 months ago

I changed the public key on the server without re-registering it via POST /api/1/partner_accounts, which led to the error. Re-registering the updated key first via POST /api/1/partner_accounts and then register it on the vehicle using https://www.tesla.com/_ak/ did the trick.

It might be worthwhile being more specific in the documentation about the exact order of things, or to prevent https://www.tesla.com/_ak/ from returning success messages if the actual key on the server isn't matching the registered key.

In any case, thanks for your help! I'm closing the issue now.

andig commented 7 months ago

@sethterashima I would really appreciate, if the key registration process returned a specific error in this case? This seems hard to catch otherwise.