Skip to main content

Backstory

I began this project many months ago as a way to be able to open my car's frunk very quickly, and without using the Tesla app. My initial idea was to unlock it using the Tesla web API, but that wasn't very consistent, slow, and you had to manage tokens all the time. Then I came up with this idea, to unlock it using bluetooth.
I was very clueless on where to start back then, but I ended up snooping the bluetooth messages coming to and from the app. That didn't get me very far, after which I just forgot about this project. But somewhere around beginning of Jun/2021, I needed to do something, and I was researching reverse engineering for it.
Then I was like... wait, do java decompilers exist since it's such a high-level language (I later on realised that Java basically has its own bytecode, so it was essentially machine code of its own, but it's still more high level and keeps some/many class names which proved to be very useful)? And next thing you know, I came across JadX which is an Android (dex) decompiler.

After 3 weeks of deobfuscation work and starting this attempt over when I realised that what I was reverse engineering was an autogenerated protobuf, I learned how to extract a protobuf file from any app, and here I had, what can generate most of the code to control the car.

All I had to do was figure out the other puzzle pieces, until 25th July 2021, when I unlocked the car with my own key for the first time! So... here is... the documentation!