jmartinsen
commented
3 years ago I have successfully logged in to the web ui with this dirty POC code. I have a 2019 e-Golf in Norway. Logging in is a weird series of set-cookies, redirects and query parameters. Hopefully this might be useful to someone.
/**
* Packages used:
* guzzlehttp/guzzle
* symfony/dom-crawler
* symfony/css-selector
*/
$email = "email@example.com";
$password = "secret123";
$cookies = new \GuzzleHttp\Cookie\CookieJar();
$client = new \GuzzleHttp\Client([
"timeout" => 10,
"cookies" => $cookies,
]);
$response = $client->post(
"https://www.portal.volkswagen-we.com/portal/no_NO/web/guest/home/-/csrftokenhandling/get-login-url"
);
$response = (string) $response->getBody();
$response = json_decode($response, true);
$response = $client->get($response["loginURL"]["path"] ?? null);
$response = (string) $response->getBody();
$response = new \Symfony\Component\DomCrawler\Crawler($response);
$response = $client->post(
"https://identity.vwgroup.io" . $response->filter("#emailPasswordForm")->attr("action"),
["form_params" => [
"_csrf" => $response->filter("#emailPasswordForm #csrf")->attr("value"),
"relayState" => $response->filter("#emailPasswordForm #input_relayState")->attr("value"),
"hmac" => $response->filter("#emailPasswordForm #hmac")->attr("value"),
"email" => $email
]]
);
$response = (string) $response->getBody();
$response = new \Symfony\Component\DomCrawler\Crawler($response);
$response = $client->post(
"https://identity.vwgroup.io" . $response->filter("#credentialsForm")->attr("action"),
[
"form_params" => [
"_csrf" => $response->filter("#credentialsForm #csrf")->attr("value"),
"relayState" => $response->filter("#credentialsForm #input_relayState")->attr("value"),
"hmac" => $response->filter("#credentialsForm #hmac")->attr("value"),
"email" => $response->filter("#credentialsForm #email")->attr("value"),
"password" => $password,
],
"allow_redirects" => ["track_redirects" => true]
]
);
$redirects = $response->getHeader(\GuzzleHttp\RedirectMiddleware::HISTORY_HEADER);
$url = array_pop($redirects);
$url = parse_url($url);
$query = [];
parse_str($url["query"], $query);
$state = $query["state"];
$code = $query["code"];
$response = $client->post(
"https://www.portal.volkswagen-we.com/portal/web/guest/complete-login?p_auth=$state"
. "&p_p_id=33_WAR_cored5portlet&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1"
. "&p_p_col_count=1&_33_WAR_cored5portlet_javax.portlet.action=getLoginStatus",
[
"form_params" => [
"_33_WAR_cored5portlet_code" => $code
],
"allow_redirects" => ["track_redirects" => true]
]
);
$redirects = $response->getHeader(\GuzzleHttp\RedirectMiddleware::HISTORY_HEADER);
$url = array_pop($redirects);
$dashboard = explode("/", $url);
$dashboard = array_pop($dashboard);
$response = (string) $response->getBody();
$response = new \Symfony\Component\DomCrawler\Crawler($response);
// Multiple JSESSIONID cookie values exists, grab the one that has ".green-" in it
$jSessionId = null;
foreach ($cookies->toArray() as $cookie) {
if (
isset($cookie["Name"])
&& $cookie["Name"] === "JSESSIONID"
&& isset($cookie["Value"])
&& mb_substr_count($cookie["Value"], ".green-")
) {
$jSessionId = $cookie["Value"];
}
}
$headers = [
"Cookie" => "JSESSIONID=" . $jSessionId,
"x-csrf-token" => $response->filter("meta[name=_csrf]")->attr("content"),
];
$status = $client->post(
"https://www.portal.volkswagen-we.com/portal/delegate/dashboard/$dashboard/-/emanager/get-emanager",
["headers" => $headers]
);
$status = (string) $status->getBody();
$status = json_decode($status, true);
$batteryPercentage = $status["EManager"]["rbc"]["status"]["batteryPercentage"] ?? null;
I have a 2018 Volkswagen Passat with Car-Net and WeConnect and would love to remotely read the mileage and fuel level of my vehicle. I've tried using your code to connect to my account but unfortunately it doesn't work, probably due to differences between US and EU accounts. If you'd like, I could help you test this using my account.