search

zivillian / ora2mqtt

GWM ORA Funky Cat to MQTT Bridge
14 stars 2 forks source link

Haval H6 GT Integration #13

Open ipsBruno opened 4 months ago

ipsBruno commented 4 months ago

I'm looking to implement ChatGPT with commands in my GWM Haval H6. I'm trying to decipher the APK of the Brazilian app and noticed that it requires some knowledge, i found this Github here

I'm receiving the error:

data: { code: '550002', description: 'input error: [协议不能为空]' }

When trying to use userAuth/loginAccount.

Have you ever encountered this?

https://github.com/ipsBruno/haval-h6-gwm-try-hack-mqtt https://apkcombo.com/pt/my-gwm/com.gwm.brazil/

ipsBruno commented 4 months ago

Solved boss, endpoints incorrects and different parameters. I'll send my configuration specs to your application here. To control the car here in Brazil, use your certificate; it still works.

image

_appClient endpoint (Brazil 🇧🇷) 

        _appClient = appClient;
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("rs", "2");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("terminal", "GW_APP_GWM"); //ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("brand", "6");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("language", "pt_BR");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("systemtype", "2");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("regioncode", "BR");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("country", "BR");//ok
       // _appClient.DefaultRequestHeaders.TryAddWithoutValidation("brandid", "CCZ001");
        //_appClient.DefaultRequestHeaders.TryAddWithoutValidation("accesstoken;", "");
        //_appClient.DefaultRequestHeaders.TryAddWithoutValidation("enterpriseid", "CC01");//ok
        //_appClient.DefaultRequestHeaders.TryAddWithoutValidation("appid", "6");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("content-type", "application/json");
        _appClient.BaseAddress = new Uri("https://br-app-gateway.gwmcloud.com/app-api/api/v1.0/");

_h5Client endpoint (Brazil 🇧🇷) 

curl 'https://br-front-service.gwmcloud.com/br-official-commerce/br-official-gateway/pc-api/api/v1.0/userAuth/getVerifyCode' \
  -H 'accesstoken;' \
  -H 'appid: 6' \//ok
  -H 'brand: 6' \//ok
  -H 'brandid: CCZ001' \//ok
  -H 'content-type: application/json' \//ok
  -H 'country: BR' \//ok
  -H 'devicetype: 0' \ //k
  -H 'enterpriseid: CC01' \//ok
  -H 'gwid;' \//ok
  -H 'language: pt_BR' \//ok
  -H 'rs: 5' \ //ok
  -H 'terminal: GW_PC_GWM' \ //ok
  --data-raw '{"type":"3","email":"YOUR EMAIL"}'

curl 'https://br-front-service.gwmcloud.com/br-official-commerce/br-official-gateway/pc-api/api/v1.0/userAuth/loginWithVerifyCode' \
  -H 'accesstoken;' \
  -H 'appid: 6' \
  -H 'brand: 6' \
  -H 'brandid: CCZ001' \
  -H 'content-type: application/json' \
  -H 'country: BR' \
  -H 'devicetype: 0' \
  -H 'enterpriseid: CC01' \
  -H 'gwid;' \
  -H 'language: pt_BR' \
  -H 'rs: 5' \
  -H 'terminal: GW_PC_GWM' \
  --data-raw '{"account":"YOUR EMAIL","verifyCode":"CODE RECEIVED","deviceId":"123.0.0.0"}'

I explored many flaws within the GWM application. I can tell you that there are many more unreported endpoints and also CVEs to be declassified. I am reporting something to HackerOne.

image

image

I am going to rewrite your application in NodeJS. Could you help me with RSA calculations, please?

Feel free to let me know if you need further adjustments or additional help!

I will integrate my Haval H6 GT in Alexa

zivillian commented 3 months ago

Could you help me with RSA calculations, please?

Sure, what exactly do you need?

ipsBruno commented 4 weeks ago

Hello,

Done, we were able to make requests via NodeJS here for the cars in Brazil.

We are constantly updating the project, and now we are debugging new commands like opening windows, doors, air conditioning, and others.

Soon it will be possible to control the Haval GT through ChatGPT and WhatsApp without the GWM app.

Take a look at our project, if possible.

Today i would like you to show me a curl request more comands like \

{
            "0x04": {
                "airConditioner": {
                    "operationTime": "15", // 15 minutos
                    "switchOrder": "1", // ligado
                    "temperature": "25" // temperstura 18
                }
            }
        }

https://github.com/ipsBruno/haval-h6-gwm-alexa-chatgpt-mqtt-integration

ipsBruno commented 4 weeks ago

O parametro 0x04 se refere ao ar condicioonado. O parametro 0x05 se refere a portas do veiculo