HAFAS mobile API 1.16: find out how the mic & mac parameters work #187
Comments
|
I came across the same issue a few weeks ago: |
|
But what is the value for |
|
Yeah, that's a little trickier. ;) First, you need to find the |
|
thanks for you help! i don't have all puzzle pieces together though.
|
|
|
Thanks! For the record, some references I found while digging around: |
|
@alexander-albers On last request. In order to reduce the number of error sources, could you give me an example encrypted checksum/salt pair that I can verify against? I've found this encrypted checksum for Deutsche Bahn: I have the following salt as the result: |
|
The encrypted checksum is correct, but the salt would be
|
|
@alexander-albers Thanks for this valuable info. @derhuerst Do you plan to submit a PR for Hafas 1.16 support? It would be a nice feature to have! |
|
@schildbach I don't think I'm proficient enough in Java. I haven't implemented the 1.16 protocol in my JS client yet, but once I did, I may either submit a PR or at least provide all the knowledge I have. |
|
@alexander-albers I need your help again. I extracted the encrypted checksum
A recorded request from the latest VBB Android app: POST /bin/mgate.exe?mac=f1de7eace70370b8613359f9dc2b81bc&mic=b5d1f2fd4c9de9764e04f93c135af4b1 HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1; SHIFT5.1 Build/LMY47I)
Content-Type: application/json;charset=UTF-8
Host: fahrinfo.vbb.de
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 376
{"auth":{"aid":"hafas-vbb-apps","type":"AID"},"client":{"id":"VBB","name":"Bus & Bahn ","os":"Android 5.1","res":"720x1216","type":"AND","ua":"Dalvik/2.1.0 (Linux; U; Android 5.1; SHIFT5.1 Build/LMY47I)","v":1000029},"ext":"VBB.1","formatted":false,"lang":"deu","svcReqL":[{"cfg":{"polyEnc":"GPA"},"meth":"JourneyDetails","req":{"jid":"1|28233|20|86|21022018"}}],"ver":"1.16"}I calculated the I assume the key for decrypting the salt is different for VBB apps. Or did I miss something? |
|
Hi! The key seems correct to me. How did you calculate the |
|
Node crypto doesn't work with strings, but with binary data directly. Therefore it doesn't matter if I had specified the salt as hex or utf8 before. My code works with the example we discussed before. |
|
What's you |
|
I’m not sure how strings work in Node, but in Java it does make a difference when you concartenate two utf strings instead of two hex strings. Try to convert the first result to a hex string first and combine that one with the hex representation of your salt. Then, you can encode the resulting string to binary again and use if for the second md5 function. |
|
Would you mind trying to reproduce this with Java? If you don't get the correct |
|
@alexander-albers ping (: |
|
Did you try to concartenate both hex strings before applying the md5 function? |
|
As I said, in Node there's no difference between |
|
I get that, but are you using the hex representation of both the md5-encoded request string and the salt? |
|
No, I use the binary representation for hashing: const md5 = buf => require('crypto').createHash('md5').update(buf).digest()
const req = Buffer.from('{"auth":{"aid":"hafas-vbb-apps","type":"AID"},"client":{"id":"VBB","name":"Bus & Bahn ","os":"Android 5.1","res":"720x1216","type":"AND","ua":"Dalvik/2.1.0 (Linux; U; Android 5.1; SHIFT5.1 Build/LMY47I)","v":1000029},"ext":"VBB.1","formatted":false,"lang":"deu","svcReqL":[{"cfg":{"polyEnc":"GPA"},"meth":"JourneyDetails","req":{"jid":"1|28233|20|86|21022018"}}],"ver":"1.16"}', 'utf8')
const mic = md5(req)
mic.toString('hex') // b5d1f2fd4c9de9764e04f93c135af4b1, matches!
const salt = Buffer.from('5243544a4d3266467846667878516649', 'hex') // decrypted using your code
const mac = md5(Buffer.concat([mic, salt]))
mac.toString('hex') // 3edc9c3b1a166c983de78668d403fc2b, does not match! |
|
Try the following: |
|
Thanks again! I really didn't expect that they would process the MIC differently than the salt. Reading your comments, I thought you were confused about the way of handling crypto in Node. |
|
hi i have another question. I have looked the requests of the Deutsche Bahn app. I am stucked where to get the array with station informations. There is a checksum. Sombody knows how to calculate the checksum? I want to do this calculation in javascript. But if somebody knows how to calculate it in java it would be nice.
|
See above. I've implemented this here:
See above as well. |
|
I just implemented the Does anyone know an |
|
@derhuerst In your tool above, where does the key |
|
Likewise, @alexander-albers where did you get the key |
|
@schildbach the key is hardcoded into every app. |
|
@alexander-albers Right, but where? Everything we're talking about here is hardcoded into the app, but the key doesn't appear in |
|
@schildbach No, the key is actually hardcoded, it is in the Java-code of the Android app. :P |
|
FWIW: |
|
The key for the encrypted salt from |
|
Will elaborate on this later, after my vacation. |
[this is a cross-post from public-transport/hafas-client#3]
The VBB endpoint now has a
1.16API version, which provides more detailed responses. Also, older versions might be shut off in the future.There are to query parameters
mic&macthough, which seem to be necessary to get data. I haven't figured out how they work. It might be similar to the way Deutsche Bahn does it.Maybe someone from the community of this project knows what they are and how they work?
The text was updated successfully, but these errors were encountered: