R1T Network Traffic

[AdamUCF]

Some more smoke to the Android fire... I've got the truck running through mitmproxy. I have it setup so that tls negotiation failures fallback to not decrypt so things still function but I just pick up the tcp connects and no data. It randomly called out to Google Play while the truck was just sitting in my driveway this morning...

Also seen these previously and while I think it also points to Android, it's not as definite as play APIs.

It's also pretty chatty. In addition to those it seems to constantly be trying to upload logs to telenav and randomly calling out to other services. I think 5:25 is when my wife got a call so maybe it's tied to the phone waking up and pinging the truck and waking it up? Even with this stuff going on I haven't seen a lot of vampire drain. I would think this stuff is a drop in the bucket for the truck's overall battery.

2022-06-29 23:45:33.517278 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-29 23:46:02.510716 - SNI: spclient.wg.spotify.com
2022-06-29 23:46:03.259249 - SNI: events.mapbox.com
2022-06-30 05:25:12.165773 - SNI: www.google.com
2022-06-30 05:25:12.541729 - SNI: tsync.rivianservices.com
2022-06-30 05:25:13.038763 - SNI: api.mapbox.com
2022-06-30 05:25:13.065376 - SNI: apresolve.spotify.com
2022-06-30 05:25:13.344080 - SNI: login5.spotify.com
2022-06-30 05:25:13.855911 - SNI: spclient.wg.spotify.com
2022-06-30 05:25:22.481194 - SNI: ruploader-asset.rivianservices.com
2022-06-30 05:26:47.592325 - SNI: ruploader-prod-xmm-logs.s3.amazonaws.com
2022-06-30 05:27:21.037625 - SNI: device.ota.goriv.co
2022-06-30 05:27:59.133677 - SNI: events.mapbox.com
2022-06-30 05:27:59.148205 - SNI: events.mapbox.com
2022-06-30 05:29:22.479714 - SNI: device.ota.goriv.co
2022-06-30 05:29:44.998466 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 05:31:17.082530 - SNI: spclient.wg.spotify.com
2022-06-30 05:31:17.175644 - SNI: events.mapbox.com
2022-06-30 05:31:17.209570 - SNI: events.mapbox.com
2022-06-30 05:33:57.997429 - SNI: events.mapbox.com
2022-06-30 05:34:00.085283 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 05:37:08.233029 - SNI: spclient.wg.spotify.com
2022-06-30 05:37:08.277305 - SNI: events.mapbox.com
2022-06-30 05:38:29.004387 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 05:39:02.605928 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 05:39:56.142309 - SNI: events.mapbox.com
2022-06-30 05:40:15.614614 - SNI: api.mapbox.com
2022-06-30 05:40:41.494143 - SNI: dealer.spotify.com
2022-06-30 05:42:56.685975 - SNI: events.mapbox.com
2022-06-30 05:45:19.396236 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 05:45:55.104315 - SNI: events.mapbox.com
2022-06-30 05:47:44.579548 - SNI: spclient.wg.spotify.com
2022-06-30 05:48:01.839874 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 05:48:57.684996 - SNI: events.mapbox.com
2022-06-30 05:50:43.616571 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 05:50:45.238757 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 05:51:55.895792 - SNI: events.mapbox.com
2022-06-30 05:53:27.467245 - SNI: spclient.wg.spotify.com
2022-06-30 05:54:57.674590 - SNI: events.mapbox.com
2022-06-30 05:55:16.163926 - SNI: api.mapbox.com
2022-06-30 05:55:16.505648 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 05:57:59.181614 - SNI: events.mapbox.com
2022-06-30 05:57:59.508694 - SNI: events.mapbox.com
2022-06-30 05:58:45.401778 - SNI: spclient.wg.spotify.com
2022-06-30 06:00:55.420587 - SNI: events.mapbox.com
2022-06-30 06:01:28.853522 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:02:36.905903 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:03:16.430302 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:03:17.680827 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:03:19.856795 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:03:22.208455 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:04:14.231149 - SNI: spclient.wg.spotify.com
2022-06-30 06:04:38.405162 - SNI: events.mapbox.com
2022-06-30 06:05:05.240318 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:05:55.419730 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:05:58.559017 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:06:30.581146 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:06:57.856594 - SNI: events.mapbox.com
2022-06-30 06:09:45.298995 - SNI: spclient.wg.spotify.com
2022-06-30 06:09:54.101383 - SNI: events.mapbox.com
2022-06-30 06:10:16.488430 - SNI: api.mapbox.com
2022-06-30 06:10:26.089969 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 06:12:10.835767 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 06:12:59.206336 - SNI: events.mapbox.com
2022-06-30 06:15:55.081094 - SNI: events.mapbox.com
2022-06-30 06:16:36.827592 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 06:18:57.977546 - SNI: events.mapbox.com
2022-06-30 06:18:58.808751 - SNI: events.mapbox.com
2022-06-30 06:20:47.707030 - SNI: spclient.wg.spotify.com
2022-06-30 06:21:27.242469 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 06:21:53.361423 - SNI: events.mapbox.com
2022-06-30 06:23:06.331283 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 08:41:40.763402 - SNI: tsync.rivianservices.com
2022-06-30 08:41:43.943604 - SNI: spclient.wg.spotify.com
2022-06-30 08:41:44.795121 - SNI: login5.spotify.com
2022-06-30 08:41:52.157151 - SNI: ruploader-asset.rivianservices.com
2022-06-30 08:41:55.517758 - SNI: dealer.spotify.com
2022-06-30 08:42:09.780036 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 08:42:15.266407 - SNI: ruploader-prod-xmm-logs.s3.amazonaws.com
2022-06-30 09:59:38.581927 - SNI: ruploader-asset.rivianservices.com
2022-06-30 09:59:38.706136 - SNI: apresolve.spotify.com
2022-06-30 09:59:38.723570 - SNI: login5.spotify.com
2022-06-30 09:59:39.396798 - SNI: dealer.spotify.com
2022-06-30 09:59:41.161423 - SNI: dealer.spotify.com
2022-06-30 09:59:42.844112 - SNI: tsync.rivianservices.com
2022-06-30 09:59:43.674301 - SNI: spclient.wg.spotify.com
2022-06-30 09:59:43.690136 - SNI: spclient.wg.spotify.com
2022-06-30 09:59:43.710689 - SNI: spclient.wg.spotify.com
2022-06-30 09:59:43.711683 - SNI: spclient.wg.spotify.com
2022-06-30 09:59:43.712574 - SNI: spclient.wg.spotify.com
2022-06-30 09:59:43.713442 - SNI: spclient.wg.spotify.com
2022-06-30 09:59:43.732263 - SNI: dealer.spotify.com
2022-06-30 09:59:59.240980 - SNI: ruploader-prod-xmm-logs.s3.amazonaws.com
2022-06-30 10:00:39.032435 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 10:00:59.186666 - SNI: events.mapbox.com
2022-06-30 10:01:08.857225 - SNI: events.mapbox.com
2022-06-30 10:01:16.502406 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 10:02:18.571166 - SNI: tsync.rivianservices.com
2022-06-30 10:03:31.942911 - SNI: tsync.rivianservices.com
2022-06-30 10:03:56.075781 - SNI: events.mapbox.com
2022-06-30 10:03:56.947326 - SNI: events.mapbox.com
2022-06-30 10:04:07.741871 - SNI: ruploader-prod-xmm-logs.s3.amazonaws.com
2022-06-30 10:04:56.377426 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 10:05:10.373537 - SNI: device.ota.goriv.co
2022-06-30 10:05:13.939094 - SNI: spclient.wg.spotify.com
2022-06-30 10:05:40.218759 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 10:06:18.524860 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 10:06:53.126567 - SNI: events.mapbox.com
2022-06-30 10:07:45.094587 - SNI: ruploader-prod-xmm-logs.s3.amazonaws.com
2022-06-30 10:09:19.865856 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 10:09:53.809523 - SNI: events.mapbox.com
2022-06-30 10:12:47.304152 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 10:12:56.332693 - SNI: events.mapbox.com
2022-06-30 10:14:35.649670 - SNI: api.mapbox.com
2022-06-30 10:15:11.075268 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 10:15:54.588080 - SNI: events.mapbox.com
2022-06-30 10:18:55.104310 - SNI: events.mapbox.com
2022-06-30 10:19:27.922830 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 10:21:44.455005 - SNI: spclient.wg.spotify.com
2022-06-30 10:21:56.393820 - SNI: events.mapbox.com
2022-06-30 10:23:42.942385 - SNI: ruploader-prod-pcap.s3.amazonaws.com
2022-06-30 10:24:55.498020 - SNI: events.mapbox.com
2022-06-30 10:27:04.625537 - SNI: ruploader-asset.rivianservices.com
2022-06-30 10:27:12.576291 - SNI: tsync.rivianservices.com
2022-06-30 10:27:14.050039 - SNI: spclient.wg.spotify.com
2022-06-30 10:27:48.538299 - SNI: ruploader-prod-tcm-logs.s3.amazonaws.com
2022-06-30 10:27:54.881329 - SNI: events.mapbox.com
2022-06-30 10:27:57.378090 - SNI: events.mapbox.com

Sponsored

 

[kanundrum]

Thanks for doing what I have been wanting to do lol.

 

[SeaGeo]

I wonder what all of the events.mapbox are doing.

 

[Khaneric]

I wonder what all of the events.mapbox are doing.

Traffic data?

 

[SeaGeo]

Traffic data?

Maybe. Or just checking if a map update is available?

 

[AdamUCF]

I happened to be messing with the truck and decided to reboot the infotainment. After doing that I noticed some new network traffic to prd-s3-vcloud-package-distribution.s3.us-east-2.amazonaws.com right as it started downloading the latest update. Just prior to that there was a call to device.ota.goriv.co so I assume that url does the coordination and the update files themselves come from the S3 bucket. Too bad the base bucket requires auth and it's all TLS so there doesn't seem to be a way to grab the update file. Would certainly be interesting if we could get ahold of one.

During the update this web request popped up. Is there really any doubt at this point that there's Android running in the infotainment?

 

[BrayBay]

Great work finding out these details. Hopefully the software team can deliver a great experience over the life cycle of the vehicle.

 

[photontorque]

This is really awesome gumshoe work, thank you!

Not a network person, so pardon the basic question - any insight into what the vehicle is sending to these locations, in addition to a list of the locations themselves? It seems like you're referencing that in your last post, but I don't know enough to interpret that correctly. Thanks.

 

[AdamUCF]

This is really awesome gumshoe work, thank you!

Not a network person, so pardon the basic question - any insight into what the vehicle is sending to these locations, in addition to a list of the locations themselves? It seems like you're referencing that in your last post, but I don't know enough to interpret that correctly. Thanks.

All if it enforces the traffic to be encrypted except for the Telenav data so we can't see what's inside.

 

[MisterTea]

This gives me hope that we'll get a lot more apps in the future. I just need Waze, Pocketcasts, and Pandora.

Yesterday, my wife and I drove about an hour and a half south of us. Waze showed 4 directions from my house that pretty much can be summed as: take the highway to the street you need to be on. Rivian decided to take us on a backroad tour with over 31 directions. Made no sense and would have taken longer.

 

[MoreTrout]

This gives me hope that we'll get a lot more apps in the future. I just need Waze, Pocketcasts, and Pandora.

Yesterday, my wife and I drove about an hour and a half south of us. Waze showed 4 directions from my house that pretty much can be summed as: take the highway to the street you need to be on. Rivian decided to take us on a backroad tour with over 31 directions. Made no sense and would have taken longer.

By any chance did you leave the Rivian nav open during the whole trip? I would be curious to see what it did every time you ignored one of its erroneous instructions to turn off the highway. Does it give you the Google maps equivalent of the verbal "recalculating." I wonder if by forcing it to recalculate multiple times it might just figure out that the actual route was beating its calculated route and learn as it goes. Probably not. More likely it would just act like a typical toddler and repeat the bad behavior despite being told 50 times it was wrong. lol

 

[TheIglu]

It will recalculate.

 

[mgc0216]

This gives me hope that we'll get a lot more apps in the future. I just need Waze, Pocketcasts, and Pandora.

Yesterday, my wife and I drove about an hour and a half south of us. Waze showed 4 directions from my house that pretty much can be summed as: take the highway to the street you need to be on. Rivian decided to take us on a backroad tour with over 31 directions. Made no sense and would have taken longer.

Had a similar experience on the way to the airport yesterday. My hypothesis is that Rivian nav is trying to optimize battery usage by choosing the most "fuel efficient" route OR it is using stale traffic data (the direct route was 5 minutes faster than rivians and the traffic was not nearly as bad as the map indicated)

 

[photontorque]

All if it enforces the traffic to be encrypted except for the Telenav data so we can't see what's inside.

Copy that, thanks for letting me know.

 

[AdamUCF]

Some current URLs (all require TLS) after the latest update. Funny that they're using a telenav stage endpoint in production. Either Rivian is making use of things not yet in the telenav production environment or they accidentally shipped the wrong config.

account.core-api.tunein.com
alexa.na.gateway.devices.a2z.com
alexa-comms-mobile-service-na.amazon.com
api.amazon.com
api.amazonalexa.com
api.mapbox.com
api.spotify.com
apresolve.spotify.com
astrapena.telenav.com
auth.rivianservices.com
dealer.spotify.com
device.ota.goriv.co
events.mapbox.com
firebaseinstallations.googleapis.com
firebaseremoteconfig.googleapis.com
firebase-settings.crashlytics.com
graph.facebook.com
i.scdn.co
login5.spotify.com
opml.radiotime.com
prod.amcs-tachyon.com
restapistage.telenav.com
ruploader-asset.rivianservices.com
ruploader-prod-acm-logs.s3.amazonaws.com
ruploader-prod-dtc-logs.s3.amazonaws.com
ruploader-prod-fault-detection-logs.s3.amazonaws.com
ruploader-prod-pcap.s3.amazonaws.com
ruploader-prod-tcm-logs.s3.amazonaws.com
ruploader-prod-xmm-logs.s3.amazonaws.com
spclient.wg.spotify.com
tsync.rivianservices.com
www.google.com

Sponsored