
Reverse Engineering the Renault Zoe API - edent
https://shkspr.mobi/blog/2016/10/reverse-engineering-the-renault-zoe-api/
======
punnerud
This is also easy to figure out if you use MITMproxy to intercept the traffic
between the app and the server/car. This way you can look at the content when
it is HTTPS encrypted.

Do you know someone else with a Renault, so you check if you can change the
VIN-number with the same auth? This was the problem with the Nissan "hack"
that made it possible to control every car in the world.

~~~
edent
The "app" is just a web wrapper. I found it was easier to load up the
JavaScript in a desktop browser and examine that.

I've not tried with someone else's VIN - although the auth process does show
which VINs are associated with your account.

