Don't need to know VIN

Question

Don't need to know VIN

BrendanGrant opened this issue 6 years ago · 1 comments

First... thank you for this. I'm a C# developer who reverse engineered most of the protocol a couple of years ago but got stuck with the secret key, thank you for finding it!

Plugged it into my old code, and sure enough from my username, password & PIN I can start my car :)

One improvement you could make, is to a GET on https://api.gm.com/api/v1/account/vehicles as it will return a list of your vehicles, rather than requiring you to know the VIN up front.

Also, I do not believe triggering commands/connect is needed in order to start the vehicle, though that is a common step in the app.

Answer 1 · 2018-03-11T22:33:00.000Z

:) Really glad the JWT key helped you! Took me a while to reverse engineer that. Pretty useless to add an extra layer of crypto ontop of SSL, especially with a pre-shared key that can be recovered client-side. This does not strike me as a valid use case for JWT.

I'll have to go back and test again, but I could have sworn I ran into an issue when I skipped the connect command. May have just been a mistake on my part though. Will definitely consider adding VIN selection next time I dive back into the code.