Smart EQ Connect

Hi,

few days after I published this integration, Smart activated the CAPTCHA protection (Google Captcha v3 Enterprise) to the login screen. Looks like that do not like that Car Owners use the data of their own car.

I have no plans to work on this component further.

Sorry
Rene

Hi Rene, I just bought Smart EQ ForTwo 2019. Maybe we can try to contact Mercedes Benz developers and ask for some API? What do you think?

You can try it. Not sure if the Smart cars are available via the normal bring your own car api from MB. See https://developer.mercedes-benz.com/

Hi Rene, can I somehow “see” Captcha and overcome this login page? I suppose then you great work will still be able to work?

Hi,
There are multiple ways. But each of them needs some IT knowledge and the code of the integration needs some changes :wink:

Idea 1:
You can “steal” the refresh_token from the IOS/Android App.

  1. Install a reverse proxy like Burp (community edition is enough)
  2. Install the root certificate from Burp into IOS and trust the the certificate
  3. Change the code of the config_flow.py and remove the Auth-Checks
    3a. Add the integration without any login
    3b. Stop HA
    3c. Create a .smarteqconnect-token-cache file (see content below)
  4. Add the Burp Proxy Address as manual proxy in your IOS
  5. Look for the refresh token in the Burp Logs (is requested every two hours)
  6. Add the refresh token in to your smarteqconnect-token-cache file.
  7. Make sure the “expires_at” is in the past
  8. Start HA

Sample file content:
{“access_token”: “XXX”, “refresh_token”: “XX”, “token_type”: “Bearer”, “expires_in”: 7199, “expires_at”: 1638715280}

1 Like

Hi René,

thank you very much. This is my progress:

  1. installed Burp on my PC (win10)
  2. installed on iPhone, proxy etc.

This looks like refresh token: (I modified some characters in token manually - so this is SAMPLE)

grant_type=refresh_token&refresh_token=XHEawMmJ1klLtGntnTMzZZVyejwJQGoH24BOq7oXK1&redirect_uri=https%3A%2F%2Foneapp.microservice.smart.com&client_id=70d84301-938c-4bec-82d0-6abb550b0815

Then I can see Bearer

GET /seqc/v0/users/current HTTP/2
Host: oneapp.microservice.smart.com
Accept: */*
Accept-Language: cs-CZ;q=1.0, en-US;q=0.9
Authorization: Bearer eyJhbGciOiJkaXIiLCJlbmMiOiJ......shortcuted by me ;-)
X-Applicationname: 70d89501-938c-4bec-82d0-6abb550b0825
User-Agent: Device: iPhone14,2; OS-version: iOS_15.2; App-Name: smart EQ control; App-Version: 3.1.0; Build: 202112091304; Language: en_US
Guid: 26DBBA46-6293-4D44-AFD5-F6A0952F8E4C
Accept-Encoding: gzip, deflate

So I suppose Bearer is AccessToken.

What is expires_in : 7199 (what this number means?) seconds? 120 mins?
expires_at - timestamp format as I suppose - should be let say 1.1.2026 ???

A file .smarteqconnect-token-cache should be placed in HA config root or in custom_components/smarteqconnect directory? Should file include . (dot) in his name?

But I’m lost in “Change the code of the config_flow.py and remove the Auth-Checks”. I can modify these files but what to remove???

Thank you very much!!!

Hi,

You should add behind line 102 of the config_flow.py
except TypeError as terror:
errors = None
result = “{}”

Should look like this afterward:

Restart HA.
Add the integration and put any value into username and pin.

This will add the integration without a valid auth. please ignore the errors and ignore the reauth task.

Then

  1. stop HA
  2. Copy the result of the request “grant_type=refresh_token” into your .smarteqconnect-token-cache file
  3. Add the attribute , "expires_at": 1640871271 to it (this means the access token is not valid anymore and the integration will request a new access_token with the refresh token
  4. Save the file into your HA-Config root folder
  5. Start HA (The integration will request a new access token and it should work) - at least in my test this was successful

THIS is a ugly hack…

BR
Rene

1 Like

Thank you Rene VERY MUCH.

After a few hours of trying/testing I finally found correct tokens - could be helpful to others maybe.

My steps to find correct tokens in Burp are those:

  1. delete SmartEQConnect APP from iPhone and install it again - this will activate new tokens and you do not to wait 2 hours for refresh token
  2. Start Burp on PC (do not forget to disable PC firewall/anitivirus firewall or open correct ports on PC internal firewall
  3. Log into IOS Smart EQ Connect app
  4. In Burp you will see this message (aprox. 100 log rows down in my case)

    In Burp Logger - Response Window you will see access_token and refresh_token. Put them in .smarteqconnect-token-cache FILE

  1. Then I stopped Home Assistant Core using SSH command: ha core stop
  2. Copy .smarteqconnect-token-cache to HA Config Root directory using Samba
  3. Start HA Core using SSH command: ha core start

WORKING!

I also changed line 47 in const.py to this:

DEVICE_USER_AGENT = "Device: iPhone14,2; OS-version: iOS_15.2; App-Name: smart EQ control; App-Version: 3.1.0; Build: 202112091304; Language: en_US"

Because I found there is a new version of app - I do not know if this matters or not???

So I can finally show car battery also on my Apple Watch :smiley:

Rene do you think that there is some possibility to star Pre-Conditioning? Can I help somehow with that? With some logs or access to my car? Your code showed to me how terrible programmer I am :frowning:

1 Like

This is really a nice new feature! Will test this tommorow morning!

image

I was able to add the integration without the hassle of using burp.

I added the EQ integration, when asked for the pin I went on the smart website to login. I chose to login with the PIN and the PIN I received worked for HA. I did this in the same browser.

2 Likes

Sometimes the unbelievable easy things just work…

For sure, I was also thinking the same browser would have little impact as the request would come from the HA host and the other from my browser… So their security is not so strong. Lucky us

Beautiful, I followed your advice and I did too, the only thing I miss is the tire pressure. can you help me?

Can you tell me the url of the Smart website?

https://www.smart.mercedes-benz.com/de/de/connected-portal

Thanks a lot, now I have integrated my Smart EQ :grinning:

1 Like

I am just trying to get this to run using the PIN/TAN created from the mercedes website.
Do I have to repeat this procedure each time I restart HASS, since the integration has to login again?

Another thing I do not understand: the mercedes website asks for password AND pin.
The smarteq integration only asks for the pin, how can this work?

Hi, I can confirm that even in Italy this Custom Component works perfectly.
I also received the same sensors using the MercedesMe2020 component and using my Mercedes Me account.
Using MercedesMe2020 it is possible to have more information, for example the charge_power attribute in kW visible in the image.
Apologies for my google translate english.

1 Like

Hi drd4x,

very nice card! What did you used?

You also mention Mercedes Me 2020 - do you see Smart EQ also in Mercedes Me app? Because I can’t see my ForTwo there :frowning:

Thanks for this hint. in Mercedes Me 2020 Integration i can also see all the values of my Smart EQ.