JLR API update broke jlrpy again #131
Comments
|
@ardevd Out of curiosity, do most of the API changes you've had to fix look like they were intentionally to stop third-party apps, or are they adding new functionality? |
Solely to stop third party apps. |
|
Looks like they've added a new layer of API authentication. |
|
The |
@ardevd That sounds hard to work around? Is it possible they have implemented it as some sort of shared time-based pseudo-random sequence baked into the app code, similar to a 2FA code? |
|
Not necessarily. Either, the secret is provided by the InControl API, or it might be calculated locally on the device (and reproduced on the server side). Either way, it should be possible to re-implement the same behaviour. |
|
@ardevd Wish I could help, rather than just ask questions, but reverse engineering APIs is not really in my skillset. Thanks v much for trying to sort this for the community! |
|
I think I’ll try to find a contact at JLR unless anyone already has one? If their intent is to stop third party apps, it seems like they will keep iterating until a jlrpy workaround cannot be made. I’d like to make the case for them offering open API access - I think there are benefits to JLR and it is what forward looking companies are doing. My attempt probably won’t change anything but I will try. It might sound petty, but removal of API access would factor into my next vehicle purchase decision and somebody in JLR should want to know that if there are others like me. |
|
I'd really appreciate that! This cat and mouse game has been going on for a while now and while I enjoy the challenge, it's getting tedious. JLR alienating their most enthusiastic customers in a misguided attempt to improve security is unfortunately. I've been reaching out to JLR repeatedly but never heard back. When I first developed jlrpy |
|
@ardevd I've tried to decompile the app using a couple of Android Java decompilers and they're all failing to decompile for me. Have you had any luck? |
|
apktool or JADX (which used apktool) works fine. |
Weird, I used JADX, must the app that calls it that's the issue. Found another and interestingly, there are a few developer names throughout the code base who are on LinkedIn or have their own blogs: Chris Banes |
|
As customer, the reaction will have to be not buying JLR going forward, unless they start offering and supporting official APIs if they're not happy with people hacking around the inofficial ones... Let's see what the EU Data Governance Act will accomplish in the future... |
|
(Venting a bit at JLR) If JLR just switched to using API keys then none of this would be an issue and we could all move forwards with our lives. Devs wouldn't need to ask for usernames/passwords for their apps/integrations and the customer could pick which permissions to grant the API key(s) they create. Then, whenever they want to, the customer can just revoke their API key as they please. Evidently JLR is incapable of coming to this solution though. On a brighter note, I'd be happy to get involved with helping to reverse engineer the API if needed. 🙂 |
|
Yeah. Third party API access has been a thing for the last 15 years now. About time JLR caught up. I'm happy for all the help I can get. Reach out to me on Discord (ardevd) and I'll bring you up to speed. |
|
@ardevd Thank you so much for continuing to support us here - really appreciated! @dconlon I received a JLR ‘customer care’ email at the end of March - I assumed it was just a broadcast but now think that I might be on their list of ‘non-authorised’ third-party API users! Recently, in the past couple of weeks, I have noticed that the JLR Remote app has stopped allowing me to lock / unlock the car remotely. No reason / explanation given. Now, JLR have also just contacted me today to get the car in for an important ‘security update’. I will try to find someone to speak to find out if all this is related to the API lockdown and my usage of it, or just coincidental. Would be interested to know if anyone else has actually engaged with JLR about all this? |
|
The security upgrade has been rolling out across the JLR fleet recently. No idea what it involves. |
This is coincidental, I had the security update applied to my car months ago, and the HA integration has been working brilliantly up until a few days ago. I'd definitely recommend getting this applied to your car though! There were some gaping security holes in the keyless unlocking they've finally fixed. |
|
It is a shame that nowadays they still restrict the api to prevent 3rd party apps. |
|
I’ve spent a few hours trying to contact someone in product management but have unfortunately failed. They have their email setup to reject external senders and the contact I had no longer works at JLR. I’ve left messages with various switch boards so there’s still a possibility of a call back but in the mean time I’ll complain to customer care and perhaps everyone with an interest could do the same as some already have. |
Just to add - from what I gather from my dealer - that is the urgent security update they've been rolling out - fixes for the keyless entry security issues (many insurance companies were refusing to insure JLR products because of it, another great way to get rid of customers!) |
|
this may help ? |
Thanks! I can't seem to get it to work though, and it's not using a dynamic app secret. Can anyone confirm that it actually works using evcc? |
|
No. Its broken once more now 😰 |
Just tried to get it work with the evcc approach but failed so far. |
|
ouch :-( |
|
Tibber is working now to start/stop the charge and view the battery %, so I guess they have access to the JLR's API. |
Thank you for reporting this. I'll reach out to Tibber and see if they can share details. I've helped them out previously so maybe they will return the favor. |
Got now the Feedback from JLR that they didn't provide 3rd party API and that I could use Incontrol to get the status and export the data. What it far away form what I want to do and incontrol didn't provide gpx information |
|
Got some info from a contact at an energy company who has some InControl integration working again. Apparently they've gotten a confidential agreement with JLR that gives them partial access to the API. Things aren't looking great at this time. |
A real shame, thanks for your efforts. That being the case, I've documented my workaround to get EV battery state of charge % when the car is at home which may possibly help others: |
|
Really a pity that this service is no longer working! I'm also exploring workarounds for my EV use cases (battery SOC, odometer, remaining range, average consumption). I'm leveraging the JLR InControl web application (https://incontrol.jaguar.com/) that is publishing the recent journeys (unfortunately no other meaningful data is published on this web app). Might be of help for some other folks here. |
|
@dconlon thanks for sharing, could become my workaround as well. Mainly I need the EV SOC and Odometer. Getting all the additional information via API was nice, but SOC and Odo are required for me. @rzumbuehl it is a shame that the incontrol webpage didn't provide more information. Didn't understand why the mobile app could show me the ev distance, while the webpage doesn't provide it. JLR is going here - from my pov - into the wrong direction. |
|
I'll take the opportunity to mention that I'm working as a consultant with DIMO and have implemented support for the Jaguar I-Pace (and many other vehicles). If you get an AutoPi you'll get SoC, SoH and a lot of other metrics from the I-Pace. We are working on making the cheaper Macaron capable too, but it will take a bit of time. Obviously won't help with remote operations such as climate preconditioning etc, but I'm excited for DIMOs mission to build an open decentralized system for car diagnostics data. I think for now, DIMO is the best alternative to what we once had. |
How do you get SoC from web Incontrol? I don't see it there (at least visible) |
I continuously calculate the SOC based on all the journey's average consumption and the distance traveled. It requires to set the initial SOC though. Adventurous approach, I know. |
If your calculations are producing accurate figures, it means that the BMS is doing a good job |
Hi there - would this work with a Defender too?? |
Hi there, yes it will! Though it's still early days and results with vary a bit based on DIMO hardware and which Defender (PHEV/gas/diesel) you have. You can reach out to me on Discord if you're interested to know more! |
|
I tried the workaround via ODB as @dconlon mentioned above. The EV state is massive off and I wasn't able to read odometer. The EV is maybe different calculated on Defender PHEV ? As I assume that the api will be closed for us, did anyone found a way to read soc and odometer? |
I have decoded OBD signals for the I-Pace, the Defender and numerous other JLR vehicles so I'm able to read out odometer, SoC, SoH, etc. You can either get a regular OBD dongle and read it out or get a DIMO AutoPi which will (soon) provide those metrics for you remotely, both through the DIMO mobile app and their API. I'm hoping to get around to make a Home Assistant integration for it at some point. Happy to answer any questions around OBD, or alternate solutions, but preferably on Discord (@ardevd). |
I'm not so familiar with Discord and so have trouble to find / contact you. DM didn't show me any result and on adding friends it tells that you don't accept requests. Would be glad if you could start a chat with me (@wawibu) |
Friend request sent |
Many thanks @dconlon for your obd2 workaround to at least get the SOC data. I have put an mqtt wrapper around your code, so that I can get the data into my home automation system (openHAB). Available on my repo, in case it helps anyone else. |
Thanks @smar000 - that helped me to get an initial connection and to see at least some information again. I'm driving a Defender P400e so not all of the i-Pace PIDs are supported, but I would need additional once. EDIT - got it, just changed row 418 in obd2mqtt.py |
You could just look in the PID csv file as the available commands list and PIDs all effectively come from there anyway. |
the pid file contains only the Jaguar I-Pace PIDs which aren't working on a PHEV Defender. Some of them are equal, but others are different. The Hybrid Battery SOC has a different PID, which I was able to get in the meanwhile. The issue I'm still facing with is that the ODB will only work at home and most of the PIDs didn't provide me the data ongoing - like the SOC. Sometimes it provides data and on the next request just a few seconds later it shows None. Don't know what I make wrong here. |
Understood.
I've seen that on a few occasions where the OBD returns |
|
Parson my ignorance guys. I've been following this thread and patiently waiting to see if there are any breakthroughs. It seems not, however there are a few posts that mention a few things that sound positive but I'm not clear on some of what is being said. Could some kindly elaborate or explain these points:
Overall, my understanding is that perhaps some data can be pulled but nothing that great. So, with regards to a Jaguar XE (not an EV), can anyone enlighten me if there is any stats I can pull in anyway whatsoever? |
|
@neil-bh yes, in theory it's now possible to pull data from DIMO into something like Home Assistant. I'm currently swamped but if nobody else makes a HA integration I might do so eventually. SoC = State of Charge |
|
Thanks for clarifying. Can DIMO pull any other data, specifically fuel and oil levels, and mileage/range? |
Yep, and more! Depending on vehicle model. JLR support is currently a bit limited, but we do get quite a bit, but we're about to add a massive number of signals covering most newer JLR models! |
|
so, the jlrpy library is still currently broken? |
It isn't the library. Looks like JLR tries everything to prevent any 3rd party to get access. Tibber has an access issue as well and therefore no smart charing there anymore. Smartcar (the software bridge between the car and DIMO) has since a fee weeks also access issues with JLR. Therefore I will now try the ODB way and see how far I could get there..... |
Hi @ardevd, not to sound too impatient here, but has there been any advancements with the API, or maybe even this DIMO project you speak of? Is there a DIMO API or something that the community can jump on working with so that I maybe able to get my teeth into something that can work with Home Assistant? |
I've already started working on a DIMO integration for Home Assistant :) DIMO is up and running and (some of) the hardware fully supports the I-Pace now. The final blocker is DIMO launching a new version of their developer console which should happen this week. Then it's just a matter of finishing the HA integration. I'll link to the GitHub repository once I get something working :) |
JLR has updated their API again, breaking third party apps in the process.
The text was updated successfully, but these errors were encountered: