2 mins read
VINTAG is an API client for trifinite’s Tesla VIN Identifier API on rapidAPI.com
Every Tesla vehicle that has the PhoneKey feature (all Model 3/Y and 2021+ Model S/X), will identify with a unique Bluetooth device name.
Here is an example: S0f7885c2af1a6ef9C
When the first and last character of this name are removed, a 16-character string remains. This string represents 8 hex-encoded bytes. This byte sequence is calculated from the respective Tesla’s VIN number, which can be found in the lower right corner of the windshield. As defined in ISO 3779, this unique 17-digit ID encodes important information about the respective vehicle.
This information includes:
In order to calculate the VIN identifier, the VIN has to be hashed with the SHA1 algorithm. The first 8 bytes of the resulting 20-byte hash are the VIN Identifier used in Tesla vehicles.
Since a cryptographic hash function like SHA1 is not reversable, the process to getting back the original VIN is a little bit tricky. Based on observations of vehicles in different online car dealerships and estimated production numbers of the respective GIGA factories, we generated a lot of plausible potential VINs and hashed them exactly the way that Tesla is doing it.
Now, reversing the 8-byte hex string became just a lookup in a rather large data index. With a hit-rate of over 98% this index can be accessed through an API hosted at rapidAPI.com
Please note, that buying an API key helps maintaining this project!
The VINTAG tool is just a very basic way to query the API. It is a basic python script, that you can download or fork on GitHub
The VINTAG tool is released in the context of Project TEMPA
Martin is an independent security researcher focusing - but not exclusively - on various aspects of product security related to Bluetooth wireless technology. As one of the co-founders of the trifinite.group, Martin worked with the Bluetooth SIG, helping the technology and its adopters overcome early design and implementation issues.