The dash of Xiaomi Mi 1S scooter, with the top panel taken off and an USB-UART adapter connected to the dashboard, sniffing the firmware update process

Xiaomi Cryptographically Signs Scooter Firmware – What’s Next?

April 24, 2022 by Arya Voronova 32 Comments

[Daljeet Nandha] from [RoboCoffee] writes to us, sharing his research on cryptographic signature-based firmware authenticity checks recently added to the Xiaomi Mi scooter firmware. Those scooters use an OTA firmware update mechanism over BLE, so you can update your scooter using nothing but a smartphone app – great because you can easily get all the good new features, but suboptimal because you can easily get all the bad new features. As an owner of a Mi 1S scooter but a hacker first and foremost, [Daljeet] set up a HTTPS proxy and captured the firmware files that the app downloaded from Xiaomi servers, dug into them, and summarized what he found.

Scooter app firmware update dialog, saying "New firmware update available. Update now?" — Confirming this update will indefinitely lock you out of any third-party OTA updates

Unlike many of the security measures we’ve seen lacking-by-design, this one secures the OTA firmware updates with what we would consider the industry standard – SHA256 hash with elliptic cryptography-backed signing. As soon as the first firmware version implementing signature checks is flashed into your scooter, it won’t accept anything except further firmware binaries that come with Xiaomi’s digital signature. Unless a flaw is found in the signature checking implementation, the “flash a custom firmware with a smartphone app” route no longer seems to be a viable pathway for modding your scooter in ways Xiaomi doesn’t approve of.

Having disassembled the code currently available, [Daljeet] tells us about all of this – and more. In his extensive writeup, he shares scripts he used on his exploration journey, so that any sufficiently motivated hacker can follow in his footsteps, and we highly recommend you take a look at everything he’s shared. He also gives further insights, explaining some constraints of the OTA update process and pointing out a few security-related assumptions made by Xiaomi, worth checking for bypassing the security implemented. Then, he points out the firmware filenames hinting that, in the future, the ESC (Electronic Speed Control, responsible for driving the motors) board firmware might be encrypted with the same kind of elliptic curve cryptography, and finds a few update hooks in the decompiled code that could enable exactly that in future firmware releases.

One could argue that these scooters are typically modified to remove speed limits, installed there because of legal limitations in a variety of countries. However, the legal speed limits are more nuanced than a hard upper boundary, and if the hardware is capable of doing 35km/h, you shouldn’t be at mercy of Xiaomi to be able to use your scooter to its full extent where considerate. It would be fair to assert, however, that Xiaomi did this because they don’t want to have their reputation be anywhere near “maker of scooters that people can modify to break laws with”, and therefore we can’t expect them to be forthcoming.

Furthermore, of course, this heavily limits reuse and meaningful modification of the hardware we own. If you want to bring a retired pay-to-ride scooter back to usefulness, add Bluetooth, or even rebuild the scooter from the ground up, you should be able to do that. So, how do we go around such restrictions? Taking the lid off and figuring out a way to reflash the firmware through SWD using something like a Pi Pico, perhaps? We can’t wait to see what hackers figure out.

Ask Hackaday: Would A Scooter Get You Back To The Office?

April 18, 2022 by Kristina Panos 75 Comments

So we’re two plus years into the pandemic at this point. Are you still working from home in the most comfortable clothes ever sewn? We figure that of the lot of you who said goodbye to that drab, tiled carpet in 2020, most have probably heard rumblings about returning to the office. And probably a good portion have at least been forced into a hybrid schedule.

Lots of companies would love to see their employees once again milling about all those ~~glass and steel observation tanks~~ office buildings they pay so much for. And while some are likely just forcing employees to come back, others are offering incentives, such as Google. The tech giant recently partnered with electric scooter manufacturer Unagi to provide a “Ride Scoot” program designed to lure many of Google’s US-based employees back to those brightly-colored code playgrounds they call offices with a fun mode of private transportation. The plan is to offer a full reimbursement of the monthly subscription fee for Unagi’s Model One folding scooter, which retails for $990.

The subscription is normally $49 a month plus a one-time $50 sign-up fee, but this amount will be slightly discounted (and waived) for eligible Google employees. There is one caveat to the system: an employee must use the scooter for a minimum of nine commutes to the office per month, although Google says they’re gonna be a bro about it and use the honor system.

Continue reading “Ask Hackaday: Would A Scooter Get You Back To The Office?” →

From Hoverboard To Scooter

February 28, 2022 by Matthew Carlson 4 Comments

I’m sure anyone who had seen Back To The Future was more than a little disappointed when “hoverboards” started appearing on the scene. They didn’t float and they looked fairly ridiculous for anyone over 12. But they have the huge advantage of being cheap and easy to find. [Made By Madman] breaks down a hoverboard for parts to make an incredible custom electric scooter.

The first step after breaking things down for parts was to break the wheel hub motors. He pulled out the axle and started machining a new one using the lathe and a milling machine. A quick temper later, he had a sturdy steel axle. An adapter for a disc brake was milled that could attach to the wheel. The TIG welder came out to weld up a box out of some aluminum to hold the electronics. The wheel had a bracket welded on with a spring shock absorber to help smooth the ride. The fork was machined on the lathe and belt sander, but actual shocks came from an old bicycle. To attach the fork to the frame, [Madman] bends a piece of bar stock into shape; like a madman. The handlebars were taken from the bicycle and the fork was extended up to an adult height.

A quick test ride in the alley showed that the back shock wasn’t strong enough, so he swapped it with a strong one. All the parts got a powder coat. Electronics wise, it has a standard speed controller and a custom battery made from 18650 cells wired up in a 13s6p configuration and bundled together into a package. After a significant amount of wiring, he took it for a test drove and we love seeing him zip around the streets in the snow.

So many parts here are machined to press-fit tolerances and then welded on. The skill, videography, and effort that went into this were just incredible. If you’re feeling inspired and don’t have a lathe on hand, perhaps this 3d printed scooter might be a bit more your speed. Video after the break.

Continue reading “From Hoverboard To Scooter” →

3D Printed Scooter Zips Around

September 15, 2021 by Al Williams 8 Comments

Tooling around downtown on a personal electric vehicle is a lot of fun, but it is even better when you do like [James Dietz] and ride on your own 3D-printed electric scooter. As one of the entries for the Hackaday Prize, RepRaTS (Replicable Rapid prototyper Transportation System) has a goal of doing for scooters what the original RepRap project did for 3D printing: provide a user-friendly design base that you can extend, modify, and maintain. It doesn’t even require power tools to build, other than, of course, your 3D printer.

The design uses threaded rods and special plastic spacers made to hold a large load. The prototype is deliberately oversized with large hub motors, with the understanding that most builds will probably be smaller. As you can see in the video below, the scooter seems to go pretty fast and handles well.

Continue reading “3D Printed Scooter Zips Around” →

3D Printed Parts Make For A Quick Electric Scooter Build

July 9, 2021 by Lewin Day 13 Comments

Sometimes, walking even a short distance can grow boring if it’s a part of your regular routine. [Alexandre Chappel] found himself in just such a position, so elected to quickly whip up a scooter to get around on.

The build is very much of the “parts laying around the shop” genre. An old skateboard deck was fitted with nice rubber scooter wheels and a set of handlebars thanks to a series of 3D printed parts. Unfortunately, the first revision had problems with flex in the skateboard deck, which isn’t designed to take the full weight of an adult human standing on one leg. Another skateboard deck was pressed into service, reinforced with a metal pipe for added strength.

From there, [Alexandre] set about creating a front-wheel-drive system using a power drill, several shaft extensions, and a right-angle drive. Clamped to the handlebar tube, the drill’s trigger is controlled via a twist throttle linked up by a string.

It’s not the easiest scooter to ride, with a bit too much torque from a standing start and somewhat scary handling characteristics at times. However, we’re sure with some practice and some tweaks, [Alexandre] will have a useful ride on his hands. If you prefer something wilder, however, consider this walking scooter build. Video after the break.

Continue reading “3D Printed Parts Make For A Quick Electric Scooter Build” →

Putting The Magic Smoke Back In A Cooked Scooter

March 13, 2021 by Tom Nardi 27 Comments

When [Vitor Melon] found out there was a custom firmware (CFW) available for his Xiaomi Mijia M365 Pro electric scooter that would increase his top end speed, naturally he installed it. Who wouldn’t want a little more performance out their hardware? But while the new firmware got the scooter running even better than stock, he does have a cautionary tale for anyone who might decide to ride their Mijia a bit harder than the fine folks at Xiaomi may have intended.

Now to be clear, [Vitor] does not blame the CFW for the fact that he cooked the control board of his Mijia. At least, not technically. There was nothing necessarily wrong with the new code or the capabilities it unlocked, but when combined with his particular riding style, it simply pushed the system over the edge. The failure seems to have been triggered by his penchant for using the strongest possible regenerative breaking settings on the scooter combined with a considerably higher than expected velocity attained during a downhill run. Turns out that big 40 flashing on the display wasn’t his speed, but an error code indicating an overheat condition. Oops.

After a long and embarrassing walk home with his scooter, complete with a passerby laughing at him, [Vitor] opened the case and quickly identified the problem. Not only had the some of the MOSFETs failed, but a trace on the PCB had been badly burned through. Judging by the discoloration elsewhere on the board, it looks like a few of its friends were about to join in the self-immolation protest as well.

After a brief consultation with his graybeard father, [Vitor] replaced the dead transistors with higher rated versions and then turned his attention to the damaged traces. A bit of wire and a generous helping of solder got the main rail back in one piece, and he touched up the areas where the PCB had blackened for good measure.

A quick test confirmed the relatively simple repairs got the scooter up and running, but how was he going to prevent it from happening again? Reinstalling the original firmware with its more conservative governor was clearly no longer an option after he’d tasted such dizzying speeds, so instead he needed to find out some way to keep the controller cooler. The answer ended up being to attach the MOSFETs to the controller’s aluminum enclosure using thermal pads. This allows them to dissipate far more heat, and should keep a similar failure from happening again. You might be wondering why the MOSFETs weren’t already mounted this way, but unfortunately only Xiaomi can explain that one.

With their rapidly rising popularity hackers have been coming up with more and more elaborate modifications for electric scooters, and thanks to their wide availability on the second hand market, it’s likely the best is still yet to come when it comes to these affordable vehicles.

The Segway Is Dead, Long Live The Segway

June 30, 2020 by Tom Nardi 87 Comments

Before it was officially unveiled in December 2001, the hype surrounding the Segway Human Transporter was incredible. But it wasn’t because people were excited to get their hands on the product, they just wanted to know what the thing was. Cryptic claims from inventor Dean Kamen that “Ginger” would revolutionize transportation and urban planning lead to wild speculation. When somebody says their new creation will make existing automobiles look like horse-drawn carriages in comparison, it’s hard not to get excited.

There were some pretty outlandish theories. Some believed that Kamen, a brilliant engineer and inventor by all accounts, had stumbled upon some kind of anti-gravity technology. The kids thought they would be zipping around on their own Back to the Future hover boards by Christmas, while Mom and Dad were wondering what the down payment on a floating minivan might be. Others thought the big secret was the discovery of teleportation, and that we were only a few years out from being able to “beam” ourselves around like Captain Kirk.

Even in hindsight, you really can’t blame them. Kamen had the sort of swagger and media presence that we today associate with Elon Musk. There was a general feeling that this charismatic maverick was about to do what the “Big Guys” couldn’t. Or even more tantalizing, what they wouldn’t do. After all, a technology which made the automobile obsolete would change the world. The very idea threatened a number of very big players, not least of which the incredibly powerful petroleum industry.

Of course, we all know what Dean Kamen actually showed off to the world that fateful day nearly 20 years ago. The two-wheeled scooter was admittedly an impressive piece of hardware, but it was hardly a threat to Detroit automakers. Even the horses were largely unconcerned, as you could buy an actual pony for less than what the Segway cost.

Now, with the announcement that Segway will stop production on their eponymous personal transporter in July, we can confidently say that history will look back on it as one of the most over-hyped pieces of technology ever created. But that’s not to say Kamen’s unique vehicle didn’t have an impact. Continue reading “The Segway Is Dead, Long Live The Segway” →