Is BMW Connected Drive login unavailable again in China?

[cat007cat]

Describe the issue

1. Using Integrations in HomeAssistant OS-> BMW Connected Drive cannot login to BMW
2. Install 0.14.6 in Docker : testing the official 0.14.6 version in Docker, still unable to log in to BMW China.

Expected behavior

Is the login issue caused by the inability to implement image verification? Or is it because BMW China adjusted the API?

bimmer_connected.models.MyBMWAPIError: HTTPStatusError: True -

Which Home Assistant version are you using?

core - 2023.12.3

What was the last working version of Home Assistant Core?

No response

What is your region?

China

MyBMW website

• I can still successfully login to the BMW MyBMW website and the car status is available there.
• I have MyBMW enabled for my vehicle.

Number of cars

• I have 2 or more cars linked to the MyBMW account.
• I have a Mini vehicle linked to my account.

Output of bimmer_connected fingerprint

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

[rikroe]

Could be that BMW have changed something in their captcha logic.

@Yixi could you help out again please?

[Yixi]

Yes, BMW has update the x-login-nonce algorithm again, my Android phone is broken (It's a 10-year-old machine), I will try again after I find an Android phone that can be rooted and after the holiday is over

[qiuyuxuan1999]

Yes, BMW has update the x-login-nonce algorithm again, my Android phone is broken (It's a 10-year-old machine), I will try again after I find an Android phone that can be rooted and after the holiday is over

Any progress so far? thank you very much

[xiaozhou0226]

Update to 2024.1，it still unable to log in

[xichengsweet]

目前还是无法登录

[lwy197809]

problem not resolved yet.

[rikroe]

Sorry, this wasn't supposed to be closed.
Unfortunately, the new Chinese login has not been reverse engineered yet (as far as I know).

[Yixi]

For some reason I can't publish the algorithm for nonce (at least not by being the first one to do so).

If you want to reverse myBMW, you can use the tool https://github.com/worawit/blutter, which does a complete reduction of the assembly and the method names of dart, and generates a python script for IDA to help with the analysis.

Also if you want to login to your China account in home assistant, you can change the part of bimmerconnect api/authentication.py in the HA python lib that gets the nonce to get it from the web interface, and as far as I know, there is a Scriptable script that provides the API for that.

[simon6661]

Update to 2024.3.13，it still unable to log in

[rikroe]

Yixi can you share maybe share the api you mentioned?
Maybe that with a disclaimer is the best way forward.

[Yixi]

There is an ios Scriptable app script bmw-linker that uses an online API to generate nonce, but the API also takes some encryption measures.

https://github.com/worawit/blutter can completely reverse the libapp.so file and restore the original dart method name. With IDA's dynamic debugging and some assembly knowledge, the nonce algorithm can be restored relatively easily. Hopefully someone else will take up this work. Blutter has solved the hard part.

Because of some company's business reasons, I cannot disclose the algorithm.

[qiuyuxuan1999]

Yixi can you share maybe share the api you mentioned? Maybe that with a disclaimer is the best way forward.

Yixi doesn't want to disclose the algorithm，no one else can take up this work？