bimmer_connected icon indicating copy to clipboard operation
bimmer_connected copied to clipboard

Is BMW Connected Drive login unavailable again in China?

Open cat007cat opened this issue 2 years ago • 44 comments

Describe the issue

  1. Using Integrations in HomeAssistant OS-> BMW Connected Drive cannot login to BMW
  2. Install 0.14.6 in Docker : testing the official 0.14.6 version in Docker, still unable to log in to BMW China.

Expected behavior

Is the login issue caused by the inability to implement image verification? Or is it because BMW China adjusted the API?

bimmer_connected.models.MyBMWAPIError: HTTPStatusError: True -

Which Home Assistant version are you using?

core - 2023.12.3

What was the last working version of Home Assistant Core?

No response

What is your region?

China

MyBMW website

  • [X] I can still successfully login to the BMW MyBMW website and the car status is available there.
  • [X] I have MyBMW enabled for my vehicle.

Number of cars

  • [ ] I have 2 or more cars linked to the MyBMW account.
  • [ ] I have a Mini vehicle linked to my account.

Output of bimmer_connected fingerprint

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

cat007cat avatar Dec 29 '23 03:12 cat007cat

Could be that BMW have changed something in their captcha logic.

@Yixi could you help out again please?

rikroe avatar Dec 29 '23 12:12 rikroe

Yes, BMW has update the x-login-nonce algorithm again, my Android phone is broken (It's a 10-year-old machine), I will try again after I find an Android phone that can be rooted and after the holiday is over

Yixi avatar Dec 31 '23 01:12 Yixi

Yes, BMW has update the x-login-nonce algorithm again, my Android phone is broken (It's a 10-year-old machine), I will try again after I find an Android phone that can be rooted and after the holiday is over

Any progress so far? thank you very much

qiuyuxuan1999 avatar Jan 15 '24 03:01 qiuyuxuan1999

Update to 2024.1,it still unable to log in

xiaozhou0226 avatar Jan 18 '24 15:01 xiaozhou0226

目前还是无法登录

xichengsweet avatar Jan 27 '24 15:01 xichengsweet

problem not resolved yet.

lwy197809 avatar Mar 07 '24 13:03 lwy197809

Sorry, this wasn't supposed to be closed. Unfortunately, the new Chinese login has not been reverse engineered yet (as far as I know).

rikroe avatar Mar 07 '24 19:03 rikroe

For some reason I can't publish the algorithm for nonce (at least not by being the first one to do so).

If you want to reverse myBMW, you can use the tool https://github.com/worawit/blutter, which does a complete reduction of the assembly and the method names of dart, and generates a python script for IDA to help with the analysis.

Also if you want to login to your China account in home assistant, you can change the part of bimmerconnect api/authentication.py in the HA python lib that gets the nonce to get it from the web interface, and as far as I know, there is a Scriptable script that provides the API for that.

Yixi avatar Mar 08 '24 01:03 Yixi

Update to 2024.3.13,it still unable to log in

simon6661 avatar Mar 13 '24 06:03 simon6661

Yixi can you share maybe share the api you mentioned? Maybe that with a disclaimer is the best way forward.

rikroe avatar Mar 13 '24 06:03 rikroe

There is an ios Scriptable app script bmw-linker that uses an online API to generate nonce, but the API also takes some encryption measures.

https://github.com/worawit/blutter can completely reverse the libapp.so file and restore the original dart method name. With IDA's dynamic debugging and some assembly knowledge, the nonce algorithm can be restored relatively easily. Hopefully someone else will take up this work. Blutter has solved the hard part.

Because of some company's business reasons, I cannot disclose the algorithm.

Yixi avatar Mar 13 '24 07:03 Yixi

Yixi can you share maybe share the api you mentioned? Maybe that with a disclaimer is the best way forward.

Yixi doesn't want to disclose the algorithm,no one else can take up this work?

qiuyuxuan1999 avatar Mar 29 '24 06:03 qiuyuxuan1999

有进展么,目前还是无法登录

ttsgit avatar Jun 13 '24 07:06 ttsgit

Has this project abandoned the China region?

qiuyuxuan1999 avatar Jun 28 '24 04:06 qiuyuxuan1999

还是无法登录哦~能用了好心人说一下

blackdm666 avatar Jun 28 '24 09:06 blackdm666

We would love to support, however we cannot reverse engineer the code required for login and new tries to publish the new code seem to result in somehow harsh measurements (see Yixi's answer).

If somewhere in the Chinese BMW there is a way/app/website that can extract a bearer or better refresh token, we could try to use this and make it work again.

However as this is a China-only problem, much of the discussion is in Chinese only and not available to me.

rikroe avatar Jun 28 '24 10:06 rikroe