bimmerconnected
Is BMW Connected Drive login unavailable again in China?
Describe the issue
- Using Integrations in HomeAssistant OS-> BMW Connected Drive cannot login to BMW
- Install 0.14.6 in Docker : testing the official 0.14.6 version in Docker, still unable to log in to BMW China.
Expected behavior
Is the login issue caused by the inability to implement image verification? Or is it because BMW China adjusted the API?
bimmer_connected.models.MyBMWAPIError: HTTPStatusError: True -
Which Home Assistant version are you using?
core - 2023.12.3
What was the last working version of Home Assistant Core?
No response
What is your region?
China
MyBMW website
- [X] I can still successfully login to the BMW MyBMW website and the car status is available there.
- [X] I have MyBMW enabled for my vehicle.
Number of cars
- [ ] I have 2 or more cars linked to the MyBMW account.
- [ ] I have a Mini vehicle linked to my account.
Output of bimmer_connected fingerprint
No response
Anything in the logs that might be useful for us?
No response
Additional information
No response
Could be that BMW have changed something in their captcha logic.
@Yixi could you help out again please?
Yes, BMW has update the x-login-nonce algorithm again, my Android phone is broken (It's a 10-year-old machine), I will try again after I find an Android phone that can be rooted and after the holiday is over
Yes, BMW has update the x-login-nonce algorithm again, my Android phone is broken (It's a 10-year-old machine), I will try again after I find an Android phone that can be rooted and after the holiday is over
Any progress so far? thank you very much
Sorry, this wasn't supposed to be closed. Unfortunately, the new Chinese login has not been reverse engineered yet (as far as I know).
For some reason I can't publish the algorithm for nonce (at least not by being the first one to do so).
If you want to reverse myBMW, you can use the tool https://github.com/worawit/blutter, which does a complete reduction of the assembly and the method names of dart, and generates a python script for IDA to help with the analysis.
Also if you want to login to your China account in home assistant, you can change the part of bimmerconnect api/authentication.py in the HA python lib that gets the nonce to get it from the web interface, and as far as I know, there is a Scriptable script that provides the API for that.
Yixi can you share maybe share the api you mentioned? Maybe that with a disclaimer is the best way forward.
There is an ios Scriptable app script bmw-linker that uses an online API to generate nonce, but the API also takes some encryption measures.
https://github.com/worawit/blutter can completely reverse the libapp.so file and restore the original dart method name. With IDA's dynamic debugging and some assembly knowledge, the nonce algorithm can be restored relatively easily. Hopefully someone else will take up this work. Blutter has solved the hard part.
Because of some company's business reasons, I cannot disclose the algorithm.
Yixi can you share maybe share the api you mentioned? Maybe that with a disclaimer is the best way forward.
Yixi doesn't want to disclose the algorithm,no one else can take up this work?
We would love to support, however we cannot reverse engineer the code required for login and new tries to publish the new code seem to result in somehow harsh measurements (see Yixi's answer).
If somewhere in the Chinese BMW there is a way/app/website that can extract a bearer or better refresh token, we could try to use this and make it work again.
However as this is a China-only problem, much of the discussion is in Chinese only and not available to me.