WoBike icon indicating copy to clipboard operation
WoBike copied to clipboard

Published 20 hours ago • verified publisher icon ubahnverleih

Lime : new encoding id strategy

Open vigorem opened this issue 6 years ago • 16 comments

Hi,

it seems it's no longer possible to track a Lime Scooter according to it's id.

Before :

"bikes": [
            {
                "id": "323AS9D1S1MZ1",   <--- 13 characters constant identifier
                "type": "bikes",
                "attributes":
                {...}
            } ...
          ]

AFTER :

"bikes": [
            {
                "id": "ET-FVVQ5G2CQCYSY2BSHL7K2DUBQLKAJLLXLV72ALQ",   <--- 42 characters changing at each request for the same scooter
                "type": "bikes",
                "attributes":
                {...}
            } ...
          ]

This means if you make two requests within few seconds you would get different ids.

It could be encoded server side but I doubt it, it would be a mess to handle. Probably the encoding key is within the id provided...

vigorem avatar Feb 15 '19 09:02 vigorem

Thanks vigorem, I am seeing this too. The IDs are now unique per response.

Lime might be doing it on the server side, by storing a mapping from ET-ID to real ID. It may be a move by Lime to prevent tracking scooters.

That said, it would be nice if the ID was just encoded.

Here is another example of changing ID:

WE2XXKJRKU53G

became

ET-HSTZ42FZCJXVJTYAMTSY4FCJWPW5LKWDXWXA4AQ
ET-6R5MNLBQ6JEEYU2HPPJLF55LXPDSCPMWYQJKINQ
ET-3M3TWG3WSMQ27KXPFZHYAMOCWPQGRPK4EBRE7OI
ET-A2AYURWA7V5E67O2FKT5ZJ6E35E55XIDF6EOZ5I
ET-ETJZVFNFSDYO7GJI4DECBEU62CU4PURMY27ZK4Q
ET-MPJQJBTM6F7RPA4BAIMYPNNWKZH4KYMRFXQLJ5I
ET-7WU37XIYEZCRDLWQHTRVMQQWATRYKRGCK2OPCBA
ET-QCOXIHKBJ7POEQYUMCXEZ7NGJGSKMJ2NGQAS7TY
ET-D6NU5OE3Q7AHURX3A6DBVJAALV7QZMO2BFEAWLQ
ET-TWGLEWQJJ6DRUEKHVS7SR3JA5DVIZY727HBP4BY

fiddyschmitt avatar Feb 16 '19 04:02 fiddyschmitt

When unlocking a scooter, which ID is being used? The ET-ID or the real ID?

fiddyschmitt avatar Feb 16 '19 04:02 fiddyschmitt

When unlocking a scooter, which ID is being used? The ET ID or the real ID?

When "ringing" it sends the ET-ID . Have not tested on for unlocking but I guess it's the same.

Since ET-IDs are constantly changing, I can not imagine the true id not being encoded in the transmitted ID. It would just be such a pain in the a** to handle for them. But of course, I can underestimate the tech.

Here is another example of changing ID :

2B4OR4XPNQ6EA

became

ET-F7YQ3U5YIPLWYGO7AP7UNZMNMHA2MJUCKIJL6CA
ET-V2CFXHPN6F4ONG7UHZTZJQ3AVDQ6HMODON7GZQA
ET-UAHZDOOHBN7MAOA7PTTZJAO5TODRFNJGPTAVJXQ
ET-KZH3VZZ5QWLJV3BSYQGWZ7HHNTDCG3ORITNAJGQ
ET-SLI2XDXNEYSQRBUWP75EKKWBZRZERGUJPWX6QXQ
ET-UBE5BZHB5Q23MDBQXBLHXQZOV73MQZVUU72GKZI
ET-5GWMJC6UJFDOFHLEXYZVUFC33H7QPJMEOFGIWVA
ET-Z5N6OB2SFRP4AKCM2PB5K35P432Q5UPA3F4A6IQ
ET-LJ3XZOCOD4RTBIMELBURIFSBZNWUAKP7ZWBFAMA
ET-HYCTIT2IYN6NML7DZJ7YFB6IQG3OQFYBT4M6DZA
ET-W3JJLLIZCZVPBCE4VHZ3VHDJET4DHGGJ5L5TL4I
ET-54JIL6YZHLJREJFAHX634UG7LOJM6DTD4LF4EGY
...

vigorem avatar Feb 17 '19 00:02 vigorem

Thanks vigo, it is an interesting problem indeed. I wonder if the ET-ID is the true ID that has been salted and hashed with something in the response. I compared two requests that were made seconds apart. I was hoping it would contain a value that changes (eg. timestamp) that could be used as the salt. But the response text has no difference (with the exception of the ET-IDs of course): http://www.mergely.com/K8CWvGuW/

fiddyschmitt avatar Feb 17 '19 02:02 fiddyschmitt

Interesting that the GBFS feed still uses the original ID, but these are only available for a few cities. Lime certainly makes it hard for third party developers. https://data.lime.bike/api/partners/v1/gbfs/washington_dc/free_bike_status

bcbeta avatar Feb 21 '19 15:02 bcbeta

It looks like we can use the "last_three" of the license plate to track scooters over time?

bcbeta avatar Feb 21 '19 15:02 bcbeta

@davem2020 not perfect, you can have 2 vehicles with the same "last_three" (6 numbers in total)

PierrickP avatar Feb 22 '19 09:02 PierrickP

When unlocking a scooter, which ID is being used? The ET ID or the real ID?

When "ringing" it sends the ET-ID . Have not tested on for unlocking but I guess it's the same.

Since ET-IDs are constantly changing, I can not imagine the true id not being encoded in the transmitted ID. It would just be such a pain in the a** to handle for them. But of course, I can underestimate the tech.

Here is another example of changing ID :

2B4OR4XPNQ6EA

became

ET-F7YQ3U5YIPLWYGO7AP7UNZMNMHA2MJUCKIJL6CA
ET-V2CFXHPN6F4ONG7UHZTZJQ3AVDQ6HMODON7GZQA
ET-UAHZDOOHBN7MAOA7PTTZJAO5TODRFNJGPTAVJXQ
ET-KZH3VZZ5QWLJV3BSYQGWZ7HHNTDCG3ORITNAJGQ
ET-SLI2XDXNEYSQRBUWP75EKKWBZRZERGUJPWX6QXQ
ET-UBE5BZHB5Q23MDBQXBLHXQZOV73MQZVUU72GKZI
ET-5GWMJC6UJFDOFHLEXYZVUFC33H7QPJMEOFGIWVA
ET-Z5N6OB2SFRP4AKCM2PB5K35P432Q5UPA3F4A6IQ
ET-LJ3XZOCOD4RTBIMELBURIFSBZNWUAKP7ZWBFAMA
ET-HYCTIT2IYN6NML7DZJ7YFB6IQG3OQFYBT4M6DZA
ET-W3JJLLIZCZVPBCE4VHZ3VHDJET4DHGGJ5L5TL4I
ET-54JIL6YZHLJREJFAHX634UG7LOJM6DTD4LF4EGY
...

What is the ring API? Could make /api/rider/v1/actions/ring_bike?id=XXX or /api/rider/v1/bikes/{id}/ring to work.

hagaiattias avatar Apr 21 '19 16:04 hagaiattias

@fiddyschmitt it uses ET-ID.

you can still track the vehicle by data.attributes.bikes.attributes.plate_number

also, the ET-IDs are some kind of encryption, but they are reusable, so once you get some ET-ID you can use it to ring the bike sooo, i feel it's some intermediate step to blocking 3rd party usage at all OR they might have done it so the encryption is app-specific so that way they track queries from Uber or from their own app to see what share in whole rent-market does each app have.

rrozek avatar Aug 13 '19 10:08 rrozek

@rrozek I am not able to use the ET-ID to ring the bike, which API does that?

hagaiattias avatar Aug 13 '19 11:08 hagaiattias

https://web-production.lime.bike/api/rider/v1/bikes/{ET-ID}/ring works for me (ok, it returns 400 with body that im too far from bike, but it accepts the request)

edit. with Authorization: Bearer {token} obviously

rrozek avatar Aug 13 '19 11:08 rrozek

@rrozek Hey! can you give all the API endpoints which are available for lime. I want to track the battery percentage of lime scooter's. Which endpoints can be useful for this purpose. Thanks in advance.

tejasavkhattar avatar Sep 27 '19 10:09 tejasavkhattar

@tejasavkhattar They don't provide battery %. Only values high, medium and low (or something like that).

mchyb avatar Sep 27 '19 10:09 mchyb

@mchyb Yeah, but I was hoping to get a rough estimate using meter_range attribute regarding the battery. But how can I keep track of a specific lime bike since it's id is not constant. Is there any endpoint other than map for lime. Also, what is the use of ring endpoint?

tejasavkhattar avatar Sep 27 '19 10:09 tejasavkhattar

@tejasavkhattar There is no way track Lime vehicles. One solution that comes to my mind is trying to correlate plate_number with gps points somehow to distinguish different vehicles but that's far from reliable because of Lime's operational activity - they move their vehicles around a lot.

mchyb avatar Sep 27 '19 10:09 mchyb

@tejasavkhattar you can still track them by this one-time ID. its reusable. call GET Authorization: Bearer {JWT token} https://web-production.lime.bike/api/rider/v1/views/map?bike_id={id} for instance https://web-production.lime.bike/api/rider/v1/views/map?bike_id=ET-GBRJWLUSW77Y5ETK743FB65QNMZMO43756WHQUA

and under data.attributes.selected_bike you will get your bike. Even though in a response you receive completely different id, its still the same bike.

regarding battery percentage - it seems to be only available in JUICER mode and i don't have juicer account. but... comeon, range in meters is way more accurate then battery percentage, why would you need battery percentage? if you insist - as you mentioned, just estimate it based on battery_level. Judging by some info from youtube (your everyday reliable source of information) i would say that: "super_low" ~<30% "low" ~ 30-50% "medium" -> 50-85% "high" ~>85%

rrozek avatar Sep 27 '19 11:09 rrozek