Lime : new encoding id strategy

[vigorem]

Hi,

it seems it's no longer possible to track a Lime Scooter according to it's id.

Before :

"bikes": [
            {
                "id": "323AS9D1S1MZ1",   <--- 13 characters constant identifier
                "type": "bikes",
                "attributes":
                {...}
            } ...
          ]

AFTER :

"bikes": [
            {
                "id": "ET-FVVQ5G2CQCYSY2BSHL7K2DUBQLKAJLLXLV72ALQ",   <--- 42 characters changing at each request for the same scooter
                "type": "bikes",
                "attributes":
                {...}
            } ...
          ]

This means if you make two requests within few seconds you would get different ids.

It could be encoded server side but I doubt it, it would be a mess to handle. Probably the encoding key is within the id provided...

[fiddyschmitt]

Thanks vigorem, I am seeing this too. The IDs are now unique per response.

Lime might be doing it on the server side, by storing a mapping from ET-ID to real ID. It may be a move by Lime to prevent tracking scooters.

That said, it would be nice if the ID was just encoded.

Here is another example of changing ID:

WE2XXKJRKU53G

became

ET-HSTZ42FZCJXVJTYAMTSY4FCJWPW5LKWDXWXA4AQ
ET-6R5MNLBQ6JEEYU2HPPJLF55LXPDSCPMWYQJKINQ
ET-3M3TWG3WSMQ27KXPFZHYAMOCWPQGRPK4EBRE7OI
ET-A2AYURWA7V5E67O2FKT5ZJ6E35E55XIDF6EOZ5I
ET-ETJZVFNFSDYO7GJI4DECBEU62CU4PURMY27ZK4Q
ET-MPJQJBTM6F7RPA4BAIMYPNNWKZH4KYMRFXQLJ5I
ET-7WU37XIYEZCRDLWQHTRVMQQWATRYKRGCK2OPCBA
ET-QCOXIHKBJ7POEQYUMCXEZ7NGJGSKMJ2NGQAS7TY
ET-D6NU5OE3Q7AHURX3A6DBVJAALV7QZMO2BFEAWLQ
ET-TWGLEWQJJ6DRUEKHVS7SR3JA5DVIZY727HBP4BY

[fiddyschmitt]

When unlocking a scooter, which ID is being used? The ET-ID or the real ID?

[vigorem]

When unlocking a scooter, which ID is being used? The ET ID or the real ID?

When "ringing" it sends the ET-ID . Have not tested on for unlocking but I guess it's the same.

Since ET-IDs are constantly changing, I can not imagine the true id not being encoded in the transmitted ID. It would just be such a pain in the a** to handle for them. But of course, I can underestimate the tech.

Here is another example of changing ID :

2B4OR4XPNQ6EA 

became

ET-F7YQ3U5YIPLWYGO7AP7UNZMNMHA2MJUCKIJL6CA
ET-V2CFXHPN6F4ONG7UHZTZJQ3AVDQ6HMODON7GZQA
ET-UAHZDOOHBN7MAOA7PTTZJAO5TODRFNJGPTAVJXQ
ET-KZH3VZZ5QWLJV3BSYQGWZ7HHNTDCG3ORITNAJGQ
ET-SLI2XDXNEYSQRBUWP75EKKWBZRZERGUJPWX6QXQ
ET-UBE5BZHB5Q23MDBQXBLHXQZOV73MQZVUU72GKZI
ET-5GWMJC6UJFDOFHLEXYZVUFC33H7QPJMEOFGIWVA
ET-Z5N6OB2SFRP4AKCM2PB5K35P432Q5UPA3F4A6IQ
ET-LJ3XZOCOD4RTBIMELBURIFSBZNWUAKP7ZWBFAMA
ET-HYCTIT2IYN6NML7DZJ7YFB6IQG3OQFYBT4M6DZA
ET-W3JJLLIZCZVPBCE4VHZ3VHDJET4DHGGJ5L5TL4I
ET-54JIL6YZHLJREJFAHX634UG7LOJM6DTD4LF4EGY
...

[fiddyschmitt]

Thanks vigo, it is an interesting problem indeed. I wonder if the ET-ID is the true ID that has been salted and hashed with something in the response. I compared two requests that were made seconds apart. I was hoping it would contain a value that changes (eg. timestamp) that could be used as the salt. But the response text has no difference (with the exception of the ET-IDs of course): http://www.mergely.com/K8CWvGuW/

[bcbeta]

Interesting that the GBFS feed still uses the original ID, but these are only available for a few cities. Lime certainly makes it hard for third party developers. https://data.lime.bike/api/partners/v1/gbfs/washington_dc/free_bike_status

[bcbeta]

It looks like we can use the "last_three" of the license plate to track scooters over time?

[PierrickP]

@davem2020 not perfect, you can have 2 vehicles with the same "last_three" (6 numbers in total)

[hagaiattias]

When unlocking a scooter, which ID is being used? The ET ID or the real ID?

When "ringing" it sends the ET-ID . Have not tested on for unlocking but I guess it's the same.

Since ET-IDs are constantly changing, I can not imagine the true id not being encoded in the transmitted ID. It would just be such a pain in the a** to handle for them. But of course, I can underestimate the tech.

Here is another example of changing ID :

2B4OR4XPNQ6EA 

became

ET-F7YQ3U5YIPLWYGO7AP7UNZMNMHA2MJUCKIJL6CA
ET-V2CFXHPN6F4ONG7UHZTZJQ3AVDQ6HMODON7GZQA
ET-UAHZDOOHBN7MAOA7PTTZJAO5TODRFNJGPTAVJXQ
ET-KZH3VZZ5QWLJV3BSYQGWZ7HHNTDCG3ORITNAJGQ
ET-SLI2XDXNEYSQRBUWP75EKKWBZRZERGUJPWX6QXQ
ET-UBE5BZHB5Q23MDBQXBLHXQZOV73MQZVUU72GKZI
ET-5GWMJC6UJFDOFHLEXYZVUFC33H7QPJMEOFGIWVA
ET-Z5N6OB2SFRP4AKCM2PB5K35P432Q5UPA3F4A6IQ
ET-LJ3XZOCOD4RTBIMELBURIFSBZNWUAKP7ZWBFAMA
ET-HYCTIT2IYN6NML7DZJ7YFB6IQG3OQFYBT4M6DZA
ET-W3JJLLIZCZVPBCE4VHZ3VHDJET4DHGGJ5L5TL4I
ET-54JIL6YZHLJREJFAHX634UG7LOJM6DTD4LF4EGY
...

What is the ring API? Could make /api/rider/v1/actions/ring_bike?id=XXX or /api/rider/v1/bikes/{id}/ring to work.

[rrozek]

@fiddyschmitt it uses ET-ID.

you can still track the vehicle by data.attributes.bikes.attributes.plate_number

also, the ET-IDs are some kind of encryption, but they are reusable, so once you get some ET-ID you can use it to ring the bike sooo, i feel it's some intermediate step to blocking 3rd party usage at all OR they might have done it so the encryption is app-specific so that way they track queries from Uber or from their own app to see what share in whole rent-market does each app have.

[hagaiattias]

@rrozek I am not able to use the ET-ID to ring the bike, which API does that?

[rrozek]

https://web-production.lime.bike/api/rider/v1/bikes/{ET-ID}/ring works for me (ok, it returns 400 with body that im too far from bike, but it accepts the request)

edit. with Authorization: Bearer {token} obviously

[tejasavkhattar]

@rrozek Hey! can you give all the API endpoints which are available for lime. I want to track the battery percentage of lime scooter's. Which endpoints can be useful for this purpose. Thanks in advance.

[mchyb]

@tejasavkhattar They don't provide battery %. Only values high, medium and low (or something like that).

[tejasavkhattar]

@mchyb Yeah, but I was hoping to get a rough estimate using meter_range attribute regarding the battery. But how can I keep track of a specific lime bike since it's id is not constant. Is there any endpoint other than map for lime. Also, what is the use of ring endpoint?

[mchyb]

@tejasavkhattar There is no way track Lime vehicles. One solution that comes to my mind is trying to correlate plate_number with gps points somehow to distinguish different vehicles but that's far from reliable because of Lime's operational activity - they move their vehicles around a lot.

[rrozek]

@tejasavkhattar you can still track them by this one-time ID. its reusable. call GET Authorization: Bearer {JWT token} https://web-production.lime.bike/api/rider/v1/views/map?bike_id={id} for instance https://web-production.lime.bike/api/rider/v1/views/map?bike_id=ET-GBRJWLUSW77Y5ETK743FB65QNMZMO43756WHQUA

and under data.attributes.selected_bike you will get your bike. Even though in a response you receive completely different id, its still the same bike.

regarding battery percentage - it seems to be only available in JUICER mode and i don't have juicer account. but... comeon, range in meters is way more accurate then battery percentage, why would you need battery percentage? if you insist - as you mentioned, just estimate it based on battery_level. Judging by some info from youtube (your everyday reliable source of information) i would say that: "super_low" ~<30% "low" ~ 30-50% "medium" -> 50-85% "high" ~>85%