vanmoof-encryption-key-exporter
vanmoof-encryption-key-exporter copied to clipboard
grossartig
Integrate SA5 support
Hi!
As you are probably aware, this tool doesn't work for the SA5. This is because the SA5 uses a certificate based authentication scheme, where you create an ed25519 key pair, which Vanmoof creates and signs a certificate for.
Until recently, this certificate was only valid for 7 days, which makes it kind of meaningless to save in case VM should stop issuing certificates. However, recently VM has started to sign the certificate with a 10 year validity instead (thankfully).
As such, I've released a key generator and certificate exporter script for SA5 bikes. This is currently very unrefined, and I'd love for this project to integrate a more refined version of it:
https://gist.github.com/magnusnordlander/c8682fda2e15b813e5308624877cce59
Thank you (@magnusnordlander) for your work. I will incorporate this into the repo.
Magnus (@magnusnordlander), thank you - ran it on NodeJS 20.x with some modifications and got the certificate. Attempt to merge @Justus-D 's and @magnusnordlander 's approaches into a version covering my two bikes failed right now due to my poor React knowledge.
Magnus (@magnusnordlander), thank you - ran it on NodeJS 20.x with some modifications and got the certificate. Attempt to merge @Justus-D 's and @magnusnordlander 's approaches into a version covering my two bikes failed right now due to my poor React knowledge.
Don't worry, I'm working on an update which supports more bikes. Will be out in the next few days. I'll update you in this issue.
Hi!
As you are probably aware, this tool doesn't work for the SA5. This is because the SA5 uses a certificate based authentication scheme, where you create an ed25519 key pair, which Vanmoof creates and signs a certificate for.
Until recently, this certificate was only valid for 7 days, which makes it kind of meaningless to save in case VM should stop issuing certificates. However, recently VM has started to sign the certificate with a 10 year validity instead (thankfully).
As such, I've released a key generator and certificate exporter script for SA5 bikes. This is currently very unrefined, and I'd love for this project to integrate a more refined version of it:
https://gist.github.com/magnusnordlander/c8682fda2e15b813e5308624877cce59
Tried this and got it to work with a few modifications. So the 228-charachter has is what we were after?
@nivvle Guess, if you got something like this (in most cases ends with = or ==), that should be fine. { created_at: 'xxxxxxx', expiry: '2033-xxxxxx', certificate: 'OlWE5Zs43ZKAImRJxxxxxxxxt5pw==' }
@nivvle @VincentGlueck You need to save both the certificate, the private key used to generate it, and preferably the ECU serial (though technically only the private key and the certificate are required to connect). The output from the script contains all of that.
@nivvle @VincentGlueck You need to save both the certificate, the private key used to generate it, and preferably the ECU serial (though technically only the private key and the certificate are required to connect). The output from the script contains all of that.
Thanks @magnusnordlander @VincentGlueck ! I'll keep everything anyway, but good to know those are the essentials. I'm really curious what's going to happen and what all the 'hackers' manage to develop once VanMoof won't be around to stop them :P
I ran the script four days ago and got my keys and certificate (S5). Now I ran the script again and got different keys and a different certificate. Is that as it is supposed to be? I did a firmware upgrade yesterday btw.
Yes. A new certificate is generated every time you run the script. All normal.
Yes. A new certificate is generated every time you run the script. All normal.
Ok thanks! Are the previously generated certificates invalidated when creating a new one?
Yes. A new certificate is generated every time you run the script. All normal.
Ok thanks! Are the previously generated certificates invalidated when creating a new one?
Nope. The old one keeps working until it expires, which is gonna take a while considering the now 10 year expiration time
... as long as servers are up and running.
The Vanmoof servers are not required to talk to the bike over BLE if you have the certificate, the private key and the ECU serial.
Just pushed an update that should add support for newer bike models. Can someone confirm that it works? I don't have an SA5 available. I would close this issue on confirmation.
Hi @Justus-D, thanks for the update but I don't see any difference from previous downloaded json.
Maybe I missed how to do this? "Your bike seems to be a newer model which requires you to generate and upload a keypair."
Can you see any "xCertificate" field? Can you post what its value is? Only post the first few characters as it may contain secret data.
Well, @Justus-D, dunno exactly, used https://keyexporter.grossartig.io and logged in via export from previous JSON file.
Looks familiar, X5 is shown, AS5 (in my case S5) requires upload, UPLOAD button shows a (on console) ... "certificate":"/Z9QJwqtm3***********", something like that.
Dunno if this is the result desired.
For the future: may it be not the best solution, that this script generates 3 files?
- public key (for example id_ed25519)
- private key (for example id_ ed25519.pub)
- .cert file (for example vanmoof_AS5.cert)
I'm a web developer and as I see, that the company cowboy works (?!?!) with this script, that may be a good thing?
Großartige Lösung. Danke!
I managed to get SA5 Certificate exporter working. But Key Exporter upload key button doesn't respond.
For the future: may it be not the best solution, that this script generates 3 files?
* public key (for example id_ed25519) * private key (for example id_ ed25519.pub) * .cert file (for example vanmoof_AS5.cert)I'm a web developer and as I see, that the company cowboy works (?!?!) with this script, that may be a good thing?
Großartige Lösung. Danke!
I save it all to the .json file. You can probably put it into three different files, but that is the solution I went with.
I fixed a few bugs. Can someone test if it works correctly now? Just log in and click on "upload key". If you then download the file it should contain "xCertificate". Also, it should now show a certificate in the list.
Thanks @lunibo Now I can finally close this issue. This tool now also supports newer bike models.