Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Haval H6 GT Integration #13

Open
ipsBruno opened this issue May 6, 2024 · 4 comments
Open

Haval H6 GT Integration #13

ipsBruno opened this issue May 6, 2024 · 4 comments

Comments

@ipsBruno
Copy link

ipsBruno commented May 6, 2024
edited
Loading

I'm looking to implement ChatGPT with commands in my GWM Haval H6. I'm trying to decipher the APK of the Brazilian app and noticed that it requires some knowledge, i found this Github here

I'm receiving the error:

data: { code: '550002', description: 'input error: [协议不能为空]' }

When trying to use userAuth/loginAccount.

Have you ever encountered this?

https://github.com/ipsBruno/haval-h6-gwm-try-hack-mqtt
https://apkcombo.com/pt/my-gwm/com.gwm.brazil/
@ipsBruno
Copy link
Author

ipsBruno commented May 8, 2024

Solved boss, endpoints incorrects and different parameters. I'll send my configuration specs to your application here. To control the car here in Brazil, use your certificate; it still works.

image

_appClient endpoint (Brazil 🇧🇷)

        _appClient = appClient;
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("rs", "2");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("terminal", "GW_APP_GWM"); //ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("brand", "6");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("language", "pt_BR");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("systemtype", "2");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("regioncode", "BR");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("country", "BR");//ok
       // _appClient.DefaultRequestHeaders.TryAddWithoutValidation("brandid", "CCZ001");
        //_appClient.DefaultRequestHeaders.TryAddWithoutValidation("accesstoken;", "");
        //_appClient.DefaultRequestHeaders.TryAddWithoutValidation("enterpriseid", "CC01");//ok
        //_appClient.DefaultRequestHeaders.TryAddWithoutValidation("appid", "6");//ok
        _appClient.DefaultRequestHeaders.TryAddWithoutValidation("content-type", "application/json");
        _appClient.BaseAddress = new Uri("https://br-app-gateway.gwmcloud.com/app-api/api/v1.0/");

_h5Client endpoint (Brazil 🇧🇷)

curl 'https://br-front-service.gwmcloud.com/br-official-commerce/br-official-gateway/pc-api/api/v1.0/userAuth/getVerifyCode' \
  -H 'accesstoken;' \
  -H 'appid: 6' \//ok
  -H 'brand: 6' \//ok
  -H 'brandid: CCZ001' \//ok
  -H 'content-type: application/json' \//ok
  -H 'country: BR' \//ok
  -H 'devicetype: 0' \ //k
  -H 'enterpriseid: CC01' \//ok
  -H 'gwid;' \//ok
  -H 'language: pt_BR' \//ok
  -H 'rs: 5' \ //ok
  -H 'terminal: GW_PC_GWM' \ //ok
  --data-raw '{"type":"3","email":"YOUR EMAIL"}'


curl 'https://br-front-service.gwmcloud.com/br-official-commerce/br-official-gateway/pc-api/api/v1.0/userAuth/loginWithVerifyCode' \
  -H 'accesstoken;' \
  -H 'appid: 6' \
  -H 'brand: 6' \
  -H 'brandid: CCZ001' \
  -H 'content-type: application/json' \
  -H 'country: BR' \
  -H 'devicetype: 0' \
  -H 'enterpriseid: CC01' \
  -H 'gwid;' \
  -H 'language: pt_BR' \
  -H 'rs: 5' \
  -H 'terminal: GW_PC_GWM' \
  --data-raw '{"account":"YOUR EMAIL","verifyCode":"CODE RECEIVED","deviceId":"123.0.0.0"}'

I explored many flaws within the GWM application. I can tell you that there are many more unreported endpoints and also CVEs to be declassified. I am reporting something to HackerOne.

image

image

I am going to rewrite your application in NodeJS. Could you help me with RSA calculations, please?

Feel free to let me know if you need further adjustments or additional help!

I will integrate my Haval H6 GT in Alexa

@ipsBruno ipsBruno changed the title input error: [协议不能为空] Haval H6 GT Integration May 8, 2024
@zivillian
Copy link
Owner

Could you help me with RSA calculations, please?

Sure, what exactly do you need?

@ipsBruno
Copy link
Author

ipsBruno commented Aug 16, 2024
edited
Loading

Hello,

Done, we were able to make requests via NodeJS here for the cars in Brazil.

We are constantly updating the project, and now we are debugging new commands like opening windows, doors, air conditioning, and others.

Soon it will be possible to control the Haval GT through ChatGPT and WhatsApp without the GWM app.

Take a look at our project, if possible.

Today i would like you to show me a curl request more comands like \

{
           "0x04": {
               "airConditioner": {
                   "operationTime": "15", // 15 minutos
                   "switchOrder": "1", // ligado
                   "temperature": "25" // temperstura 18
               }
           }
       }

https://github.com/ipsBruno/haval-h6-gwm-alexa-chatgpt-mqtt-integration

@ipsBruno
Copy link
Author

O parametro 0x04 se refere ao ar condicioonado. O parametro 0x05 se refere a portas do veiculo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zivillian @ipsBruno