Add support for North America

[DurgNomis-drol]

No description provided.

[sphanley]

Do you have any sense of what's involved in adding support for another region? I'm a US-based developer with access to a recent model-year Toyota, and would love to try to help if given a bit of direction.

[DurgNomis-drol]

Where can you see you car? (website/app) 😄

What features is available?

[flatbrotato]

Its an app.

You can see odometer, estimated mileage, start engine, lock/unlock, you can also see parked location and door/window/moonroof status.

[DurgNomis-drol]

Okay thanks for the info. This have given me an idea to understand how to do it.

Someone from North America would have to decompile the android app and find out if the API is anything similar to the European one and then implemented it or if not, write a second library/client, that i can then implement in this integration.

[widewing]

@DurgNomis-drol Hi I'm in US and would love to decompile the app. It appears the code is obfuscated. Can you guide in which file I can locate the api endpoints?

[DurgNomis-drol]

I just decompiled the European app and found the API in this folder app_folder\sources\toyota\frameworks\api but they may be stored else where in the American app. It took me some time to find them 😅

[widewing]

Is that iOS app path? I'm on Android guess I need to solve it some other way..

[DurgNomis-drol]

This is the path inside the Decompiled Android app, where app_folder is the app. It is not possible as far as I know to decompile IOS apps and the Android app should have all the features 😊 You have to use a service like APK extractor to get the APK and the kitling decompiler like http://www.javadecompilers.com/apkfor decompiling the app to Kotlin/Java

[widewing]

ah! ok I was expecting the file under somewhere under sources/com/toyota/. there's also sources/toyotaone but no sources/toyota I used the same decompiler. Let me explore more in the source.

[DurgNomis-drol]

toyotaone is probably the one then

[striebwj]

I spent some time decompiling the APK for the NA app. Looks like the API endpoints are in the sources/com/toyota/oneapp/network/api directory. Going to spend some time now looking for the base url and seeing if they match the endpoints in the code.

[striebwj]

I have hit a roadblock with this. Here are the urls I found in sources/com/toyota/oneapp/network/dataproviders/BaseUrlProviderImpl.java:

apiGatewayBaseUrl: https://oneapi.telematicsct.com

apiGatewayCertificateHostName: oneapi.telematicsct.com

flexBaseUrl: https://oneapi.telematicsct.com

idpBaseUrl: "https://login.toyotadriverslogin.com/" + "oauth2/realms/root/realms/tmna/"

mslBaseUrl: https://www.driverslogin.com/tfp/%s/%s/

tokenBaseUrl: "https://login.toyotadriverslogin.com/" + "oauth2/realms/root/realms/tmna/"

I can't see these urls actually used with the endpoints I found previously, this is my first time looking at java so maybe I am just missing something.

[DurgNomis-drol]

My knowledge about Java/Kotlin is on the same level as yours. So i can't really help you a lot.

It seems though that the American version uses oauth (The last url you posted is referring to this).

[widewing]

@striebwj the info you found should be correct.

it appears the app is using Retrofit2, which defines the API paths in the java file sources/com/toyota/oneapp/network/api/cy17/CY17ServiceAPI.java.

in sources\com\toyota\oneapp\network\RetrofitModule.java: provideRetrofit(...) it references baseUrlProvider.apiGatewayBaseUrl() which is https://oneapi.telematicsct.com

in sources\com\toyota\oneapp\network\api\ApiModule.java: provideCy17ServiceApi(...) it combines the base url with the API definition class

[widewing]

also there're a batch of demo API responses in resources\assets that we can utilize after we found a way to login...

[widewing]

and the oauth could be provided by ForgeRock, and the relevant definitions:

    <string name="forgerock_prod">ForgeRockProd</string>
    <string name="forgerock_prod_account_name">ForgeRock</string>
    <string name="forgerock_prod_auth_service">OneAppSDKLogin</string>
    <string name="forgerock_prod_oauth_client_id">oneappsdkclient</string>
    <string name="forgerock_prod_oauth_redirect_uri">com.toyota.oneapp:/oauth2Callback</string>
    <string name="forgerock_prod_oauth_scope">openid profile write</string>
    <string name="forgerock_prod_oauth_url">https://login.toyotadriverslogin.com/</string>
    <string name="forgerock_prod_realm">tmna-native</string>
    <string name="forgerock_prod_registration_service">OneAppSDKRegistration</string>
    <string name="forgerock_prod_url">https://login.toyotadriverslogin.com/</string>

[widewing]

OK. I think I made the oauth2 login working.

1. open Chrome dev tool and access the authorize url: https://login.toyotadriverslogin.com/oauth2/realms/root/realms/tmna-native/authorize?client_id=oneappsdkclient&scope=openid profile write&response_type=code&code_challenge=plain&redirect_uri=com.toyota.oneapp:/oauth2Callback&code_challenge_method=plain. login with the SSO provider (I used Google)
2. It will redirect to com.toyota.oneapp:/oauth2Callback?***, of course it will fail, but you get the authorization code in the params
3. use curl or equivalent to retrieve the access_token/refresh_token/id_token

curl --location --request POST 'https://login.toyotadriverslogin.com/oauth2/realms/root/realms/tmna-native/access_token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=oneappsdkclient' \
--data-urlencode 'code=[AUTHORIZATION_CODE]' \
--data-urlencode 'redirect_uri=com.toyota.oneapp:/oauth2Callback' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code_verifier=plain'

[DurgNomis-drol]

Nice find!

[widewing]

I thought I can use the retrieved token to access the APIs, but failed unfortunately..
the list vehicle API should be https://oneapi.telematicsct.com/v2/vehicle/guid
it does accept some kind of bearer token. when it's not provided, it will return 401 Unauthorized. after adding the AUTHORIZATION: Bearer [ACCESS_TOKEN] to the header, it will return 500 Internal Server Error

[widewing]

OK I made it:)

It requires several extra headers when calling the API.

1. AUTHORIZATION: Bearer [ACCESS_TOKEN]
2. X-API-KEY: Y1aVonEtOa18cDwNLGTjt1zqD7aLahwc30WvvvQE it's hard coded in sources\com\toyota\oneapp\network\dataproviders\NetworkDataProviderIml.java: apiKey()
3. X-GUID: [USER_GUID] it's the sub in the previously fetched id_token decrypted as JWT string.

It apparently this API is completely different than in Europe. so the question is do you want to implement in this code repo? @DurgNomis-drol

[DurgNomis-drol]

@widewing

Nice work!

Yeah, this should be a separate module then. Apparently NA customers have a lot more features available to them in the app then us in Europe 😞. Feel free to use anything from this repository as a base (If it is of any value)

[jlmaners]

@widewing Would be interested in trying to help out with this if you do start a new module

[widewing]

Thanks @DurgNomis-drol @jlmaners
I created a very preliminary POC at widewing/toyota-na, it only implemented the login module and only a few APIs, but anyone can try out now.

[DurgNomis-drol]

@widewing Nice job! Awesome to see that you're picking up the challenges 🚀

[DurgNomis-drol]

A few notes: (Though i know it is just a POC right now)

• Consider using a oauth client library like rauch or see here for others, instead of using browser scraping.
• Can you provide the JSON results returned from the endpoints, so we can compare them to the ones from Europe? (I'm curious if it just the URL that is different, but the data structure is the same)

[widewing]

The road block here is the auth service forces redirect_uri to be "com.toyota.oneapp:/oauth2Callback" only, and lot of the redirect / processing logic is in javascript and html. So I guess there'll be no easy way other than building native application and intercept the result...

[antasp3136]

I get the error below when trying to connect home assistant custom component

2021-12-30 17:41:37 ERROR (MainThread) [custom_components.toyota_na] Error fetching data
Traceback (most recent call last):
File “/config/custom_components/toyota_na/init.py”, line 63, in update_vehicles_status
vehicle[“status”] = await client.get_vehicle_status(vin)
File “/usr/local/lib/python3.9/site-packages/toyota_na/client.py”, line 56, in get_vehicle_status
return await self.api_get(“v1/global/remote/status”, {“VIN”: vin})
File “/usr/local/lib/python3.9/site-packages/toyota_na/client.py”, line 38, in api_get
return await self.api_request(“GET”, endpoint, header_params)
File “/usr/local/lib/python3.9/site-packages/toyota_na/client.py”, line 28, in api_request
resp.raise_for_status()
File “/usr/local/lib/python3.9/site-packages/aiohttp/client_reqrep.py”, line 1004, in raise_for_status
raise ClientResponseError(
aiohttp.client_exceptions.ClientResponseError: 500, message=‘Internal Server Error’, url=URL(‘https://oneapi.telematicsct.com/v1/global/remote/status’)

[widewing]

@antasp3136 are you still having this issue? Does this happen every time you try to login or it only occurs occasionally? Because I see this 500 error in the logs too but it only occurs very infrequently and not affecting the functions.

[antasp3136]

Yea I’m not seeing any entities in the system and also seeing this on the integration it’s self in homeassistant… Retrying setup: 500, message='Internal Server Error', url=URL('https://oneapi.telematicsct.com/v1/global/remote/status')

[visualage]

@antasp3136 the important question here is what is your car's model and model year? The current library only supports newer Toyota Connected services (which has the option to remote start), not yet the old ones (like mine, a 2020 Sienna). If you tries to use this library for an older model year car, it would throw 500.

[antasp3136]

We have two 2020s. A Tacoma and a 4Runner both are the limited models and both support remote start with remote connect and are both using the same Toyota account.

[78hawkeye]

@widewing's toyota-na pip package should have the ability to start/stop engine (though with my last generation Toyota, I can't test it). Try to run the following:

python -m toyota_na.app remote-request <vin> engine-start

You can look at https://github.com/widewing/toyota-na/blob/master/toyota_na/app.py for all other commands.

Unfortunately for me at least (2021 Tacoma), I can now pull a lot of awesome data with that module using the get arguments, but the remote_request argument returns what appears to be a success but nothing ever happens at the vehicle. Have opened an issue on that library for this. So we do have a NA solution to pull a lot of great information (thanks so much to widewing, DurgNomis-drol, and visualage ), but we don't yet have a way yet to send commands like remote start and door locking here in the States. Fingers crossed!

[widewing]

Unfortunately for me at least (2021 Tacoma), I can now pull a lot of awesome data with that module using the get arguments, but the remote_request argument returns what appears to be a success but nothing ever happens at the vehicle. Have opened an issue on that library for this. So we do have a NA solution to pull a lot of great information (thanks so much to widewing, DurgNomis-drol, and visualage ), but we don't yet have a way yet to send commands like remote start and door locking here in the States. Fingers crossed!

confirmed not working yet. looks like not as simple as sending an API request

[widewing]

Yea I’m not seeing any entities in the system and also seeing this on the integration it’s self in homeassistant… Retrying setup: 500, message='Internal Server Error', url=URL('https://oneapi.telematicsct.com/v1/global/remote/status')

@antasp3136 Can you try to run the commands in https://github.com/widewing/toyota-na directly and report what's the outputs?

[antasp3136]

Actually yes the commands do work I get info on my vehicles from that library running the python commands.

[antasp3136]

C:\Users\Administrator>python -m toyota_na.app get_user_vehicle_list
INFO 2022-01-06 09:28:43,717 - Response status: {'messages': [{'responseCode': 'ONE-VL-10000', 'description': 'Successfully retreived all vehicles', 'detailedDescription': 'Successfully retreived all vehicles'}]}

Thats the main message. I also get all the vehicles information which for privacy reasons I wont post here.

[antasp3136]

I do get this when i try to get the status of the vehicle using the vin.. I removed the vin see below.

C:\Users\Administrator>python -m toyota_na.app get_vehicle_status vin****************** Traceback (most recent call last): File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.2800.0_x64__qbz5n2kfra8p0\lib\runpy.py", line 194, in _run_module_as_main return _run_code(code, main_globals, None, File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.2800.0_x64__qbz5n2kfra8p0\lib\runpy.py", line 87, in _run_code exec(code, run_globals) File "C:\Users\Administrator\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\toyota_na\app.py", line 76, in <module> main() File "C:\Users\Administrator\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\toyota_na\app.py", line 61, in main result = run_async(getattr(cli, sub_command)(**sub_command_kwargs)) File "C:\Users\Administrator\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\toyota_na\app.py", line 72, in run_async return loop.run_until_complete(future) File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.2800.0_x64__qbz5n2kfra8p0\lib\asyncio\base_events.py", line 616, in run_until_complete return future.result() File "C:\Users\Administrator\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\toyota_na\client.py", line 56, in get_vehicle_status return await self.api_get("v1/global/remote/status", {"VIN": vin}) File "C:\Users\Administrator\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\toyota_na\client.py", line 38, in api_get return await self.api_request("GET", endpoint, header_params) File "C:\Users\Administrator\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\toyota_na\client.py", line 28, in api_request resp.raise_for_status() File "C:\Users\Administrator\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\aiohttp\client_reqrep.py", line 1004, in raise_for_status raise ClientResponseError( aiohttp.client_exceptions.ClientResponseError: 500, message='Internal Server Error', url=URL('https://oneapi.telematicsct.com/v1/global/remote/status')

[antasp3136]

So interesting.. One of the vehicles does not have a active remote connect subscription so when i try to poll the info on that VIN i get the error above. When i choose the VIN that does have the remote connect active i get data on it... Is there a way you can have a option to specify which VINs to pull info on?

[widewing]

Ok that explains... The ha component currently assume all your vehicles are supported and actively subscribed and doesn't do proper protection yet. I'll fix this bug later.

[vanstinator]

I've added support for remote start here widewing/ha-toyota-na#12

[antasp3136]

Hmm in HA im still not getting any data with the latest version installed. No errors either.

[antasp3136]

Any updates on this? Its enabled in Homeassistant but no entities are created.

[vanstinator]

Please file an issue in the na repo and I can take a look.

[chlanman]

Does this work for Canada?Having issues logging in

[vipul128]

I know this is an old thread, but any chances of doing the same type of decompiling and creating an add-in for the Lexus app as well?

[dkornahrens]

I know this is an old thread, but any chances of doing the same type of decompiling and creating an add-in for the Lexus app as well?

I've used the Toyota app with my Lexus vehicle and it works just fine. They use the same information, databases, just different branding.

[dkornahrens]

@widewing Are you still updating the plugin? I see it's been awhile since movement, but I'm not able to login it appears.

[vipul128]

I tried using this plugin with my lexus credentials but it didn't work. Are you saying I should sign up for an account under the Toyota app and add my VINs there first?

[jamorenom]

@widewing Are you still updating the plugin? I see it's been awhile since movement, but I'm not able to login it appears.

Same here! Hope we get a reply

[wardwolfram]

@widewing Are you still updating the plugin? I see it's been awhile since movement, but I'm not able to login it appears.

Same here ++!

For my Lexus, I entered my username/PW and was able to log into the integration. I double checked - was able to login to the Lexus app but not with the integration with the same credentials.

Support for Lexus would be excellent!

[vanstinator]

Toyota DMCA'd us which took the steam out of the project, unfortunately.

[RCG-SW]

[CM000n]

@widewing Are you still updating the plugin? I see it's been awhile since movement, but I'm not able to login it appears.

Same here ++!

For my Lexus, I entered my username/PW and was able to log into the integration. I double checked - was able to login to the Lexus app but not with the integration with the same credentials.

Support for Lexus would be excellent!

At the moment we are all a bit busy with private stuff. But the first tests and initial work on support for LEyu's vehicles has already begun. See here: #316

Feel free to test it yourself, and create PRs if you have ideas for necessary adjustments. 😊