LuckyLuke
Model S P90DL
Maybe it requires the ac to be on? Or maybe the app is already prepared but their servers aren't accepting the command yet?
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
If you sniff the traffic locally (I.e. Packet sniffer installed on the phone itself), then shouldn't it be readable? That way you don't have to forge a self signed cert.
Anyone think that they can decompile the mobile app and extract the necessary private key?
---updated---
They are using certificate pinning. On ios there is a folder called SSLpins.plist in the library folder.
Just tested the defroster-commands, and I get "unknown command" even with a 6.0 car. But I use the Android app-id and secrets, so it _might_ be a possibility that they have rigged the API to allow different commands from different apps. It would make sense to disable IE. remote start from a web app, or filter out other commands to only certain apps.
.. the same error that is returned if I issue a nonsense command like xyzzy.
My suspicion is that Bluetooth is only needed to determine which device is connected and hence which calendar to display. For cars with more than one driver, this is the obvious solution since multiple calendars would be synced and the car would be left guessing as to which to display.
I started to look at the notification system, but it looks like it depends on third party services. And it does not look like it uses the "standard" API calls.
If someone have a dump of the traffic when a notification is added or changed it would be great.
Do you know how to register an URL for notifications?
I don't have an iPhone, only android, and there are no settings in the app for notifications. I have neither seen any info about this in the car settings.
After searching the source code of the app I found a few interesting sections, and I am able to do some stuff, but it seems like the API-call needs a "device_type" and "device_token", which seems to be obtained internal android functions in the app.
I tested by creating a new server-key in Google Play Developer Console and sending this to /api/1/notification_preferences
I got a valid response, but it did not contain an URL and I can not find any references to a custom URL in the source (but I am not really fluent in java, so I might have missed something).
As far as I can see, the notifications are handled by using google cloud messaging (at least for android). However I have no idea how the notifications are sent from the car to the messaging service.
Thank you for the information.
I guess what I tried to do was to register my server as an android app, and thereby receiving the notifications from gcm to both my phone and my server.
I don't know if the system will notify all devices. What happens if you have several phones or tablets logged in with the same account in the Tesla app? Will they all receive the notifications?
If so, I guess it should be possible to create a fake device, that is actually a Web server or something, which should be able to receive the notifications as well.
Thanks again for the clarification. It is the last suggestion I tried to do. IE. convince Google that my server is an android app that subscribe to these notifications.