The dash of Xiaomi Mi 1S scooter, with the top panel taken off and an USB-UART adapter connected to the dashboard, sniffing the firmware update process

Xiaomi Cryptographically Signs Scooter Firmware – What’s Next?

April 24, 2022 by Arya Voronova 33 Comments

[Daljeet Nandha] from [RoboCoffee] writes to us, sharing his research on cryptographic signature-based firmware authenticity checks recently added to the Xiaomi Mi scooter firmware. Those scooters use an OTA firmware update mechanism over BLE, so you can update your scooter using nothing but a smartphone app – great because you can easily get all the good new features, but suboptimal because you can easily get all the bad new features. As an owner of a Mi 1S scooter but a hacker first and foremost, [Daljeet] set up a HTTPS proxy and captured the firmware files that the app downloaded from Xiaomi servers, dug into them, and summarized what he found.

Scooter app firmware update dialog, saying "New firmware update available. Update now?" — Confirming this update will indefinitely lock you out of any third-party OTA updates

Unlike many of the security measures we’ve seen lacking-by-design, this one secures the OTA firmware updates with what we would consider the industry standard – SHA256 hash with elliptic cryptography-backed signing. As soon as the first firmware version implementing signature checks is flashed into your scooter, it won’t accept anything except further firmware binaries that come with Xiaomi’s digital signature. Unless a flaw is found in the signature checking implementation, the “flash a custom firmware with a smartphone app” route no longer seems to be a viable pathway for modding your scooter in ways Xiaomi doesn’t approve of.

Having disassembled the code currently available, [Daljeet] tells us about all of this – and more. In his extensive writeup, he shares scripts he used on his exploration journey, so that any sufficiently motivated hacker can follow in his footsteps, and we highly recommend you take a look at everything he’s shared. He also gives further insights, explaining some constraints of the OTA update process and pointing out a few security-related assumptions made by Xiaomi, worth checking for bypassing the security implemented. Then, he points out the firmware filenames hinting that, in the future, the ESC (Electronic Speed Control, responsible for driving the motors) board firmware might be encrypted with the same kind of elliptic curve cryptography, and finds a few update hooks in the decompiled code that could enable exactly that in future firmware releases.

One could argue that these scooters are typically modified to remove speed limits, installed there because of legal limitations in a variety of countries. However, the legal speed limits are more nuanced than a hard upper boundary, and if the hardware is capable of doing 35km/h, you shouldn’t be at mercy of Xiaomi to be able to use your scooter to its full extent where considerate. It would be fair to assert, however, that Xiaomi did this because they don’t want to have their reputation be anywhere near “maker of scooters that people can modify to break laws with”, and therefore we can’t expect them to be forthcoming.

Furthermore, of course, this heavily limits reuse and meaningful modification of the hardware we own. If you want to bring a retired pay-to-ride scooter back to usefulness, add Bluetooth, or even rebuild the scooter from the ground up, you should be able to do that. So, how do we go around such restrictions? Taking the lid off and figuring out a way to reflash the firmware through SWD using something like a Pi Pico, perhaps? We can’t wait to see what hackers figure out.

Riding Mower CVT Upgrade Really Gets Things Moving

April 23, 2022 by Tom Nardi 7 Comments

As we’ve learned from past experience, videos from [HowToLou] tend to be a bit controversial. His unique style of expedient engineering isn’t everyone’s cup of tea, especially when it’s combined with a devil-may-care attitude towards safety. On the other hand, there’s no arguing that his methods get results. His video on converting an 18 HP riding mower into something akin to a go-kart is a perfect example.

The first phase of the project involves removing all the hardware related to mowing, as obviously you won’t be cutting any grass while pushing speeds of 48 kph (30 mph). This both saves weight, and removes a lot of mechanical complication that would be in the way of further modification. That said, it also leaves the mower immobile, as there’s no longer be any connection between the engine and transaxle.

The new drivetrain features some beefy bracing.

In its place, [HowToLou] installs an off-the-shelf torque converter kit that uses a continuously variable transmission (CVT) clutch. As he quickly demos, the CVT technology allows the gear ratio to automatically adapt to the engine RPM thanks to pulleys that change their size depending on how fast they’re spinning. It’s a big improvement over the system he originally yanked out, though as you might expect, fitting it into the mower required some custom work. The final step was to pull the old pulley off of the transaxle and replace it with one that’s less than half the original size.

Wearing his protective flip-flops, [HowToLou] hops on the souped-up mower and is nearly thrown off the back of it as soon as he steps on the gas. Clearly the modifications were a success, and the video ends with some open road testing — presumably he’s riding off to the store to go buy a helmet.

We actually missed this video when it first made the rounds, but it has since picked up steam and is pulling in some impressive numbers. [HowToLou] tells us he thinks it’s due to the fact that a lot of people are upgrading to more modern zero-turn mowers, meaning there’s a surplus of these second-hand mini tractors on the market. Whatever the reason, we’re happy to see this backyard engineer get some mainstream success; his methods might not always be by the book, but they’re always entertaining.

Continue reading “Riding Mower CVT Upgrade Really Gets Things Moving” →

Hoverbike Turns Hoverboard Into Ebike

April 21, 2022 by Bryan Cockfield 1 Comment

Hoverboards were a popular trend with the youths and in-crowd a few years ago, and now that the fad has largely died out there are plenty of them sitting unused in closets and basements around the world. That only means opportunities to put the parts from these unique transportation devices into other builds. A more practical method of transportation is a bicycle, and this build scavenges most of the parts from a hoverboard to turn a regular bicycle into a zippy ebike.

This bike build starts with a mountain bike frame and the parts from the hoverboard are added to it piece by piece. The two motors are mounted to the frame and drive the front chain ring of the bike, allowing it to still take advantage of the bike’s geared drivetrain. Battery packs from two hoverboards were combined into a single battery which give the bike a modest 6-10 km of range depending on use. But the real gem of this build is taking the gyroscopic controller board from the hoverboards and converting it, with the help of an Arduino Due, to an ebike controller.

Eventually a battery pack will be added to give the bike a more comfortable range, but for now we appreciate the ingenuity that it took to adapt the controller from the hoverboard into an ebike controller complete with throttle and pedal assist. For other household objects turned into ebikes, be sure to check out one of our favorites based on a washing machine motor: the Spin Cycle.

Does Your Programmer Know How Fast You Were Going?

April 13, 2022 by Al Williams 83 Comments

News reports were everywhere that an autonomous taxi operated by a company called Cruise was driving through San Francisco with no headlights. The local constabulary tried to stop the vehicle and were a bit thrown that there was no driver. Then the car moved beyond an intersection and pulled over, further bemusing the officers.

The company says the headlights were due to human error and that the car had stopped at a light and then moved to a safe stop by design. This leads to the question of how people including police officers will interact with robot vehicles.

Continue reading “Does Your Programmer Know How Fast You Were Going?” →

This Chariot Is Pulled By A Team Of Motorcycles

April 11, 2022 by Jenny List 21 Comments

We’re fans of unusual forms of transport here, so when we saw an article featuring a home-made motorcycle chariot we knew we had to share it with you. You’ll probably notice it comes from the keyboard of our colleague [Lewin Day] as he moonlights writing for The Drive, and he’s brought along a lot of context and history to the dual-Husqvarna chariot built by [Jack Field].

The machine itself is a chariot in the ancient Roman fashion, a two-wheeled platform on which the rider stands and holds the reins. Instead of a team of horses though there is the aforementioned pair of Husqvarna motorcycles, and a pair of rods to their handlebars with throttle and brake controls take the place of reins. It’s fair to say that this might not be the least hazardous of conveyances, but it appears both rideable and controllable, and will appear at motorcycle shows. truth be told we’d like to have a go ourselves, but since it’s in Australia we think there’s little chance. Unexpectedly the motorcycle chariot is not a new idea, with their being used for full-scale races back in the 1930s. There’s a trip into that world with some exciting but lethal-looking racing action to view, but it seems that these machines exist here in 2022 mostly for show.

This isn’t the first machine operated by reins we’ve brought you, how about a rein-operated tractor?

Hacking A Fuel Sensor Into A Portable Tank, Literally

April 6, 2022 by Tom Nardi 23 Comments

Regular readers of Hackaday will know that the projects we feature are generally of the high-tech variety. Microcontrollers, 3D printed parts, embedded Linux, lots of wires, that sort of thing. But that’s not to say we don’t appreciate the somewhat more visceral builds out there; after all, hacking is about creative problem solving and thinking outside the box, and none of that is limited to how complex the fix actually is.

Take for example this quick hack that [R. Preston McAfee] recently sent our way. Looking for a way to check how much fuel was left in his outboard motor’s small portable gas tank without crawling back to look at it, he decided to rig it up with a sending unit. While they’re technically designed for larger tanks which are permanently installed into a boat’s hull, he reasoned there was nothing about the float sensor that would keep it from working in his case so long as it could be safely mounted.

To that end, [Preston] started by cutting a 38 mm (1.5″) hole in the thickest part of the tank, and sanded the area around the opening to smooth things out. He then measured the depth of the tank at that point, and ordered an appropriately sized float sensor. He drilled out the holes for the five mounting bolts, and inserted them through the larger whole so their heads would be inside the tank. By holding the exposed threads with a pair of vice grips he was able to crank the nuts down on each bolt to form a tight seal to the gasket, though it should be noted that the resulting damage to the threads will likely make it difficult to remove the nuts in the future.

Admittedly this is a pretty simple fix, but it’s well thought-out and we appreciate the effort [Preston] put in to documenting the whole process. We’ve certainly covered more elaborate ways of seeing what’s left in the tank, but just because a solution is flashier doesn’t mean it’s necessarily any better.

This Motorcycle Uses Water!

April 2, 2022 by Jenny List 38 Comments

Doing the rounds among motorcycle enthusiasts for the last week has been a slightly unusual machine variously portrayed as running on water or sea water. This sounds like the stuff of the so-called “Free energy” fringe and definitely not the normal Hackaday fare, but it comes alongside pictures of a smiling teenager and what looks enough like a real motorcycle to have something behind it. So what’s going on? The answer is that it’s the student project of an Argentinian teenager [Santiago Herrera], and while it’s stretching it a bit to say it runs on sea water he’s certainly made a conventional motorcycle run on the oxygen-hydrogen mix produced from the electrolysis of water. The TikTok videos are in Spanish, but even for non-speakers it should be pretty clear what’s going on.

It’s obvious that the bike is more of a student demonstrator than a road machine, as we’re not so sure a glass jar is the safest of receptacles. But the interesting part for us lies not in the electrolysis but in the engine. it appears to be a fairly standard looking motorcycle engine, a typical small horizontal single. It’s running on a stoichiometric mix of oxygen and hydrogen, something that packs plenty of punch over a similar mix using air rather than oxygen. It would be fascinating to know the effect of this mixture on an engine designed for regular gasoline, for example does it achieve complete combustion, does it burn hotter than normal fuel, and does it put more stress on the engine parts?

You can see something of the bike in the video below the break, and there are a few more videos in his TikTok account. Meanwhile this isn’t the first teenage motorcycle project we’ve featured.

Continue reading “This Motorcycle Uses Water!” →