The dash of Xiaomi Mi 1S scooter, with the top panel taken off and an USB-UART adapter connected to the dashboard, sniffing the firmware update process

Xiaomi Cryptographically Signs Scooter Firmware – What’s Next?

[Daljeet Nandha] from [RoboCoffee] writes to us, sharing his research on cryptographic signature-based firmware authenticity checks recently added to the Xiaomi Mi scooter firmware. Those scooters use an OTA firmware update mechanism over BLE, so you can update your scooter using nothing but a smartphone app – great because you can easily get all the good new features, but suboptimal because you can easily get all the bad new features. As an owner of a Mi 1S scooter but a hacker first and foremost, [Daljeet] set up a HTTPS proxy and captured the firmware files that the app downloaded from Xiaomi servers, dug into them, and summarized what he found.

Scooter app firmware update dialog, saying "New firmware update available. Update now?"
Confirming this update will indefinitely lock you out of any third-party OTA updates

Unlike many of the security measures we’ve seen lacking-by-design, this one secures the OTA firmware updates with what we would consider the industry standard – SHA256 hash with elliptic cryptography-backed signing. As soon as the first firmware version implementing signature checks is flashed into your scooter, it won’t accept anything except further firmware binaries that come with Xiaomi’s digital signature. Unless a flaw is found in the signature checking implementation, the “flash a custom firmware with a smartphone app” route no longer seems to be a viable pathway for modding your scooter in ways Xiaomi doesn’t approve of.

Having disassembled the code currently available, [Daljeet] tells us about all of this – and more. In his extensive writeup, he shares scripts he used on his exploration journey, so that any sufficiently motivated hacker can follow in his footsteps, and we highly recommend you take a look at everything he’s shared. He also gives further insights, explaining some constraints of the OTA update process and pointing out a few security-related assumptions made by Xiaomi, worth checking for bypassing the security implemented. Then, he points out the firmware filenames hinting that, in the future, the ESC (Electronic Speed Control, responsible for driving the motors) board firmware might be encrypted with the same kind of elliptic curve cryptography, and finds a few update hooks in the decompiled code that could enable exactly that in future firmware releases.

One could argue that these scooters are typically modified to remove speed limits, installed there because of legal limitations in a variety of countries. However, the legal speed limits are more nuanced than a hard upper boundary, and if the hardware is capable of doing 35km/h, you shouldn’t be at mercy of Xiaomi to be able to use your scooter to its full extent where considerate. It would be fair to assert, however, that Xiaomi did this because they don’t want to have their reputation be anywhere near “maker of scooters that people can modify to break laws with”, and therefore we can’t expect them to be forthcoming.

Furthermore, of course, this heavily limits reuse and meaningful modification of the hardware we own. If you want to bring a retired pay-to-ride scooter back to usefulness, add Bluetooth, or even rebuild the scooter from the ground up, you should be able to do that. So, how do we go around such restrictions? Taking the lid off and figuring out a way to reflash the firmware through SWD using something like a Pi Pico, perhaps? We can’t wait to see what hackers figure out.

3D Printed Parts Make For A Quick Electric Scooter Build

Sometimes, walking even a short distance can grow boring if it’s a part of your regular routine. [Alexandre Chappel] found himself in just such a position, so elected to quickly whip up a scooter to get around on.

The build is very much of the “parts laying around the shop” genre. An old skateboard deck was fitted with nice rubber scooter wheels and a set of handlebars thanks to a series of 3D printed parts. Unfortunately, the first revision had problems with flex in the skateboard deck, which isn’t designed to take the full weight of an adult human standing on one leg. Another skateboard deck was pressed into service, reinforced with a metal pipe for added strength.

From there, [Alexandre] set about creating a front-wheel-drive system using a power drill, several shaft extensions, and a right-angle drive. Clamped to the handlebar tube, the drill’s trigger is controlled via a twist throttle linked up by a string.

It’s not the easiest scooter to ride, with a bit too much torque from a standing start and somewhat scary handling characteristics at times. However, we’re sure with some practice and some tweaks, [Alexandre] will have a useful ride on his hands. If you prefer something wilder, however, consider this walking scooter build. Video after the break.

Continue reading “3D Printed Parts Make For A Quick Electric Scooter Build”

Put More Scoot In Yer Scooter

We have a scooter hack that is odd for a couple of reasons. First, the vehicle in question is a Doc Green EWA 6000, a German clone of a Xiaomi M365, so Country stereotypes be darned. Second, it is about increasing the performance, and when we think of scooters, we get hung up on scoot. The link between these peculiarities is the speed limiter Germany requires on all scooters, which the Chinese model lacks. Despite the law, [Nikolaj] wanted a higher top speed and Bluetooth connectivity. Wireless unlocks advanced features, like cruise control, which are absent in the stock model.

The mainboard is responsible for speed control, but that is merely a component, and you can find third-party replacements. [Nikolaj] found a new part with a German forum member’s help, then recorded his work in English for our sake. The speed boost is nice, but the Bluetooth functionality is a massive improvement by itself. If you live in an area where the law doesn’t allow this sort of thing, think before you upgrade. Aftermarket parts aren’t always drop-in replacements, and in this case, the controller and display needed some finessing to fit, so measure twice and buy once.

If tearing into a brand new scooter isn’t for you, consider breathing new life into a retiree, and don’t forget that stopping is the other half of the battle.

Building A Scooter Exhaust From Scrap Metal

When a part on a vehicle fails, oftentimes the response is to fit a new one fresh out the box. However, sometimes, whether by necessity or simply for the love of it, it’s possible to handcraft a solution instead. [Samodel] does just that when whipping up a new exhaust for his scooter out of scrap metal.

It’s a great example of classic backyard metalworking techniques. The flange is recreated using a cardboard template rubbed on the exhaust port, with the residual oil leaving a clear impression. Hard work with a grinder and drill get things started, with an insane amount of filing to finish the piece off nicely. A properly tuned pipe is then sketched out on the computer, and a paper template created. These templates are cut out of an old fridge to create the main muffler section.

There’s plenty of other hacks, too – from quick and dirty pipe bends to handy sheet forming techniques. It’s not the first time we’ve seen great metalworking with scrap material, either. Video after the break.

[Thanks to BrendaEM for the tip]

Continue reading “Building A Scooter Exhaust From Scrap Metal”

How To Make An Electric Scooter Chain Sprocket With Nothing But Hand Tools

Sometimes, mechanical parts can be supremely expensive, or totally unavailable. In those cases, there’s just one option — make it yourself. It was this very situation in which I found myself. My electric scooter had been ever so slightly bested by a faster competitor, and I needed redemption. A gearing change would do the trick, but alas, the chain sprocket I needed simply did not exist from the usual online classifieds.

Thus, I grabbed the only tools I had, busied myself with my task. This is a build that should be replicable by anyone comfortable using a printer, power drill, and rotary tool. Let’s get to work!

Continue reading “How To Make An Electric Scooter Chain Sprocket With Nothing But Hand Tools”

Cheap Electric Scooter Gets A Big Brake Upgrade; Unlocks Proper Drift Mode

The last few years have seen a huge rise in the prominence of electric scooters. Brushless motors, lithium batteries, and scooter sharing companies have brought them to the mainstream. However, electric scooters of a variety of designs have been around for a long time, spawning a dedicated subculture of hackers intent on getting the best out of them.

One such hacker is yours truly, having started by modifying basic kick scooters with a variety of propulsion systems way back in 2009. After growing frustrated with the limitations of creating high-speed rotating assemblies without machine tools, I turned my eye to what was commercially available. With my first engineering paycheck under my belt, I bought myself a Razor E300, and was promptly disappointed by the performance. Naturally, hacking ensued as the lead-acid batteries were jettisoned for lithium replacements.

Over the years, batteries, controllers and even the big old heavy brushed motor were replaced. The basic mechanical layout was sound, making it easy to make changes with simple hand tools. As acceleration became violent and top speeds inched closer to 40 km/h, I began to grow increasingly frustrated with the scooter’s one glaring major flaw. It was time to fix the brakes.

Continue reading “Cheap Electric Scooter Gets A Big Brake Upgrade; Unlocks Proper Drift Mode”

Failed Scooter Proves The Worth Of Modular Design

Like many mechanically inclined parents, [Tony Goacher] prefers building over buying. So when his son wanted an electric scooter, his first stop wasn’t to the toy store, but to AliExpress for a 48V hub motor kit. Little did he know that the journey to getting that scooter road-ready would be a bit more involved than he originally bargained for.

She cannae take anymore, Captain

Of course, to build a motorized scooter you need a scooter to begin with. So in addition to the imported motor, [Tony] picked up a cheap kick scooter on eBay. Rather than worrying about the intricacies of cleanly integrating the two halves of the equation, he decided to build a stand-alone module that contained all of the electronics. To attach it to the scooter, he’d cut off the rear wheel and literally bolt his module to the deck.

[Tony] goes into considerable detail on how he designed and manufactured his power unit, from prototyping with laser cut MDF to the final assembly of the aluminum parts that he produced on a CNC of his own design. It’s really a fantastic look at how to go from idea to functional device, with all the highs and lows in between. When the first attempt at mounting the battery ended up cutting into the 8 Ah LiPo pack for example, and treated his son to a bit of a light show.

With all the bugs worked out and his son happily motoring around the neighborhood, [Tony] thought his job was done. Unfortunately, it was not to be. It turned out that his bolt-on power unit had so much kick that it sheared the front wheel right off. Realizing the little fellow didn’t have the fortitude for such electrified exploits, he went to a local shop and got a much better (and naturally much more expensive) donor for the project.

It’s here that his modular approach to the problem really paid off. Rather than having to redesign a whole new motor mount for the different scooter, he just lopped the back wheel off and bolted it on just as he did with the cheapo model. What could easily have been a ground-up redesign turned out to be a few minutes worth of work. Ultimately he did end up machining a new front axle for the scooter so he could fit a better wheel, but that’s another story.

Scooters would seem to be the unofficial vehicle of hackers, as we’ve seen a long line of hacked up two-wheeled rides over the years. From relatively low-key modifications of thrift store finds, to street-legal engineering marvels. We’ve even seen scooters fitted with trailers, so even the tiniest of proto-hackers can come along for the ride.

Continue reading “Failed Scooter Proves The Worth Of Modular Design”