An Electric Scooter Community on a Mission to Stamp out Transportation Mediocrity.

Changing mobility one trip at a time.
#20233
Your wiring looks good. Rx and Tx wires are correct. Common GND for all components is important which you also covered. Blue cable needs to be feeded with (at least) 3.3V but can be bypassed as you say since ESC/IoT take care of it (as part of the original connections). If you remove the IoT box then you of course need to feed the 3.3V from Arduino.

So go ahead and try it out :D
solarwasser wrote:
Fri Mar 20, 2020 4:12 pm
Hey guys can you check my wiring.
I left the blue and the red cable between IOT and ESC connected. I put both ends of the black in Arduino GND.
Is it correct? I know SEBI connected the blue cable to a 3.3V is it nescessary? Or can I leave it connected between IOT and ESC?
#20234
By "look the same" i meant had the same length and structure.
All i can find is this:
https://www.st.com/resource/en/applicat ... ronics.pdf

https://www.st.com/resource/en/user_man ... ronics.pdf

Even if we knew which algorithm they used, we couldn't just brute-force it because we don't know what the output should look like.
Without exactly knowing what they use, we can see what is possible and going the way trying to decrypt this seems wrong.

About flashing the chip:
I couldn't get the original firmware because it read protected. If i had this all problems would be solved :D
I know its possible to re-flash the chip because i can connect it to STM32CubeProgrammer, erase the chip and write to it.
But developing our own software for the motor controller would be a big project. If we had some programmers here with enough time it could work, but it seems like most of us are more into electronics than programming.


If someone thinks he can get into STM32CubeMX / STM32CubeIDE programming for the motor controller, tell me.

https://www.st.com/en/embedded-software ... mcsdk.html
funbag wrote:
Fri Mar 20, 2020 1:45 pm
fernlop wrote:
Fri Mar 20, 2020 11:47 am
The "security code" that is sent always changes and i read about an encryption the stm32 used that generated an output that looks exactly like the codes we see. Bu i can't find the doc right now.
Would be interesting to see the doc! Assuming that codes look exactly the same.
fernlop wrote:
Fri Mar 20, 2020 11:47 am
I successfully reflashed the chip of the IOT, but that doesn't do anything now.
Reflashed with original firmware? Do you have the firmware dump?
#20236
Do you think its possible that the scooter will send the same security codes each boot/each time its enabled? I am theorizing that this may be true if the codes are based off of the internal time clock + serial #. If it does, I was wondering if we could capture the codes for like the first hour or so and just store them on the microcontroller to send, and reboot if the scooter is on for longer then that. Not sure if this is a solution that could work though.
#20241
Good question but somehow I doubt it would be that easy. You (or someone else here?) wrote that same sequence was sent to the ESC but it didn't work.

The problem is also that if the sequence is based on serial then one would have to read out the codes from each one of the original rental ESCs and I doubt people are still have the possibility to do this.

I'm still curious if the sequence sent from IoT is based on something coming from the ESC or if it's only generated by the ESC independently of what ESC sends. Any guesses?
1215941571 wrote:
Sat Mar 21, 2020 2:53 am
Do you think its possible that the scooter will send the same security codes each boot/each time its enabled? I am theorizing that this may be true if the codes are based off of the internal time clock + serial #. If it does, I was wondering if we could capture the codes for like the first hour or so and just store them on the microcontroller to send, and reboot if the scooter is on for longer then that. Not sure if this is a solution that could work though.
#20316
Hello people. Finally I managed to "revive" my ESC100, replace the MOSFET and come back to life.

At this moment, call, I have Light and information on the Display, only the accelerator does not work, I think there is a problem in the code I am using.

If anyone has the schema I should use to try to read the ESC firmware I can test it.

Thanks
#20326
Not so easy but that's my next step. It was done with STM32F0xxxx I think, but should work with the F4 IOT Chip.
Hope I have time for this this weekend.

fogfog wrote:
Tue Mar 24, 2020 6:46 am
Hi all,
I'm not an expert, but would it be possible to bypass the read protection from the STM32 using this method?:
https://www.aisec.fraunhofer.de/en/Firm ... ction.html
  • 1
  • 67
  • 68
  • 69
  • 70
  • 71
  • 80

As this was a rental version whos overstock was […]

Any one got any info on beryl bikes I seen a few[…]

LH/ TF-100 Style Display.

Hi I recently converted a Bird Zero to a personal […]

How do you operate dash without button? I have[…]