This is a proof of concept on how to send signed commands to Tesla vehicles without registering for Fleet API access and having a public domain etc.
It adds a new -mode owner switch to the tesla-http-proxy, and then forwards API requests to the Owner API, except for commands which are send via the Tesla Hermes backend with end-to-end command authentication.
It also adds a new -mode ble switch to the tesla-http-proxy, and then forwards API requests to the Owner API, except for commands which are send via BLE (Bluetooth Low Energy) with end-to-end command authentication. This requires the proxy to run on a device near the vehicle.
Caution
ble mode does not require the client to provide a valid auth token to send commands. Anybody with network access to the proxy could send commands.
Note
I believe the car is very limited on how many BLE devices can be connected simultaneously. With multiple phone keys or keyfobs near the vehicle, the proxy might have trouble to also establish a BLE connection and commands time out.
This is barely working right now. Use it at your own risk and have a debugger ready. I welcome Pull Requests.
You need to generate a keypair and register it to the vehicle, which is possible via BLE and the tesla-command tool like this:
go run ./cmd/tesla-control -ble add-key-request public_key.pem owner cloud_key
This could break at any second when Tesla changes it's APIs, rules or protocols. This is not endorsed or supported by Tesla.
It is not meant to work around Fleet API restrictions, limits or costs!