I'm trying to add my new Fenix 6 to the GE software (fresh Garmin account). On my regular Windows 10 desktop, it doesn't work, always compaining about Garmin servers. I'm a developer and decided to track down what it is.
- Inside a VMware virtual machine (similarly, Windows 10 but more "virgin") it all works just fine.
- Regular desktop Windows 10 (kept up to date) had antivirus and firewall disabled, and it's a gigabit connection, not wifi.
- I tried so many times that I got rate limited by Cloudflare but got a new IP so that's no longer the issue.
- Used Telerik Fiddler to monitor the requests and this one stood out:
HTTP Status 400 – Bad Request -------------------------------------------------------------------------------- Type Status Report Message Unsupported signature method: HMACSHA1 Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). -------------------------------------------------------------------------------- Garmin Connect API Server
So I finally got a real error message. This was in the response to the request to
GET /userprofile-service/userprofile/userProfileBase HTTP/1.1
In the working GE on the virtual machine, this request does not happen at all, and there is no request that uses "HMACSHA1". There is an OAuth signature method like that, but it's called HMAC-SHA1 (note the dash). Every request with a signature uses the correct method name in the working version.
So I intercepted and modified the method name with Burp proxy, to get this:
HTTP Status 401 – Unauthorized Type Status Report Message Invalid signature for signature method HMAC-SHA1 Description The request has not been applied because it lacks valid authentication credentials for the target resource. Garmin Connect API Server
So it does recognize (even expect) that method name, but of course this whole thing is there to be spoof-proof so I didn't push anymore.
What's interesting is that the two GE software installations happened from the same installer, so they are both 7.0.1.0 but behave differently [on the 2 different Windows installations]. The working one (in virtual) has a "Music" tab in the settings between Proxy and About. On the non-working installation, this Music tab is missing. May be unrelated but what could cause this different behavior?