An Electric Scooter Community on a Mission to Stamp out Transportation Mediocrity.

Tier ES400 unlock development

Covers electric scooter models whether shared or for consumers.
 Reply

Re: Tier ES400 unlock development

By Teklock
 Wed Mar 06, 2024 6:15 am #58329
I haven’t been checking this thread for past few months, so please excuse me if this is old news here already.

I’ve extracted and analyzed firmware of the battery lock. Here’s the useful bits of what I was able to figure out:
- a command consists of: preamble (2 bytes, 0x46 [F], 0x4c [L]), function (2 bytes), data length (2 bytes, big endian), data, and CRC-16/XMODEM checksum
- function for operating the lock is 0x16 0x10
- it accepts 3 values: 0xf0 shuts the bolt closed, 0xf1 leaves the bolt spring-loaded, 0xf4 holds the bolt in unlocked position

Thus you can control the lock with these 3 messages (sent over 9600bps 8n1 uart on the yellow wire):
CODE: SELECT ALL
46 4c 16 10 00 01 f0 13 6c
CODE: SELECT ALL
46 4c 16 10 00 01 f1 03 4d
CODE: SELECT ALL
46 4c 16 10 00 01 f4 53 e8
Also, I’ve learned how to activate the scooter itself via its CAN bus (using only STM32F103 and a CAN transceiver) and ride it freely like we were used to with ES200G. However, there remain some intricacies which I’m yet to crack, so I’m hesitant to do a write up on it until I understand what’s actually going on there.

-------

EDIT 2/3/2023: I messed up and got the 2 bytes of function code swapped. The correct order is 0x16 0x10 (or 0x1016 in little endian)


Has anyone tried this?

Re: Tier ES400 unlock development

By tth.6969
 Sat Apr 20, 2024 5:22 pm #58380
Aquaman wrote:
Mon Jun 15, 2020 7:24 pm
 @UgloBuglo
@Rick Sanchez
@thisisstan85
@MrSpriggs1


Haven't seen much written regarding the "magic" unlock code. :roll:

Understand that it may be smart not to reveal this, reducing risk of patches being rushed. :mrgreen:

Is it possible to sniff codes your self without a $2000-$5000 logic analyzer, possible to use this for example https://arduino-shop.eu/arduino-platfor ... rface.html

I have like poster before me taken apart a hatch lock from drowned ES400...

Image

but revealed the "brains" as well...

Unfortunately only one of the chips had any info written on it :cry: :x And that one is very likely a MOSFET of some sort (only hooked up to actuator-motor, VDD, GND, and two pins hooked up to the other chip) the other one hooked up to VDD, GND, MTX, MRX, magnetic (reed) switch, one pin to "SWAT".
Will investigate further. :ugeek:

Image
Image
bonjour
quelqu'un pourrai il me faire un tuto complet pour une tier ou une dott
s'il vous plais

Re: Tier ES400 unlock development

By andreossido
 Tue Jun 25, 2024 12:23 pm #58421
Hi guys!
It is possible to dump the ESC firmware using this:
https://github.com/CTXz/stm32f1-picopwner
It is based of:
https://www.usenix.org/system/files/woo ... rmaier.pdf
https://github.com/JohannesObermaier/f1 ... /master/h3

I have already tested this vulnerability on old ES200 ESC, dumped and reversed the firmware to bypass the 2 minutes problem.
Unfortunatly I don't have the ESC of ES400

If someone can provide me the dumped firmware I can try to reverse it!

Thanks,
Andrea :)

Re: Tier ES400 unlock development

By antgirth
 Sun Nov 03, 2024 4:38 pm #58460
Swooping in from outer-space.
Please stop making cutting this batteries.
Code: Select all
(1649714755.976157) can0 03FF1603#0000B78A00000000
(1649714755.987128) can0 03FF1605#0100000000000000
(1649714756.081573) can0 03FF1603#0000B78A00000000
(1649714756.175654) can0 03FF1001#0000000000000000
(1649714756.186471) can0 03FF1603#0000B78A00000000
(1649714756.197038) can0 03FF1605#0100000000000000
(1649714756.301614) can0 03FF1605#0100000000000000
(1649714756.406892) can0 03FF1605#0100000000000000
(1649714756.500839) can0 03FF1603#0000B78A00000000
(1649714756.511860) can0 03FF1605#0100000000000000
(1649714756.595375) can0 03FF1001#0000000000000000
(1649714756.616378) can0 03FF1605#0100000000000000
(1649714756.700264) can0 03FF1001#0000000000000000
(1649714756.710901) can0 03FF1603#0000B78A00000000
(1649714756.752929) can0 03FF1600#142B000104001314
(1649714756.763585) can0 03FF1601#6E50000000000000
(1649714756.774216) can0 03FF1602#04A3DE0000000000
(1649714756.784322) can0 03FF1604#0000000000000000
(1649714756.815756) can0 03FF1603#0000B78A00000000
(1649714756.826221) can0 03FF1605#0100000000000000
(1649714756.910481) can0 03FF1001#0000000000000000
(1649714756.920795) can0 03FF1603#0000B78A00000000
(1649714757.015667) can0 03FF1001#0000000000000000
(1649714757.026183) can0 03FF1603#0000B78A00000000
(1649714757.036176) can0 03FF1605#0100000000000000
(1649714757.120147) can0 03FF1001#0000000000000000
(1649714757.141126) can0 03FF1605#0100000000000000
(1649714757.225543) can0 03FF1001#0000000000000000
(1649714757.235923) can0 03FF1603#0000B78A00000000
(1649714757.246569) can0 03FF1605#0100000000000000
(1649714757.340525) can0 03FF1603#0000B78A00000000
(1649714757.435389) can0 03FF1001#0000000000000000
(1649714757.445853) can0 03FF1603#0000B78A00000000
(1649714757.540400) can0 03FF1001#0000000000000000
(1649714757.550877) can0 03FF1603#0000B78A00000000
(1649714757.561348) can0 03FF1605#0100000000000000
(1649714757.644945) can0 03FF1001#0000000000000000
(1649714757.665824) can0 03FF1605#0100000000000000
(1649714757.750248) can0 03FF1001#0000000000000000
(1649714757.760294) can0 03FF1603#0000B78A00000000
(1649714757.770891) can0 03FF1605#0100000000000000
(1649714757.791749) can0 03FF1601#6E50000000000000
(1649714757.802297) can0 03FF1602#04A3DE0000000000
(1649714757.812842) can0 03FF1604#0000000000000000
(1649714757.854963) can0 03FF1001#0000000000000000
(1649714757.865601) can0 03FF1603#0000B78A00000000
(1649714757.875763) can0 03FF1605#0100000000000000
(1649714757.970612) can0 03FF1603#0000B78A00000000
(1649714757.980648) can0 03FF1605#0100000000000000
(1649714758.065144) can0 03FF1001#0000000000000000
(1649714758.075569) can0 03FF1603#0000B78A00000000
(1649714758.086119) can0 03FF1605#0100000000000000
(1649714758.101368) can0 02FF2602#5A60993A14432EA7
(1649714758.169872) can0 03FF1001#0000000000000000
(1649714758.180054) can0 03FF1603#0000B78A00000000
(1649714758.190635) can0 03FF1605#0100000000000000
(1649714758.222808) can0 03FF1605#0000000000000000
(1649714758.419965) can0 02FF2605#0000020401020504
(1649714758.568888) can0 02F82400#3A5D000000000000
(1649714758.600822) can0 02FF2602#CC781FC22CE2F113
(1649714758.747921) can0 03FF1001#0000000000000000
(1649714758.758287) can0 03FF1603#0000B78A00000000
(1649714758.768879) can0 03FF1605#0100000000000000
(1649714758.777535) can0 02294501#
(1649714758.779970) can0 05124501#0117
(1649714758.807702) can0 02FF2605#0000020401020506
(1649714758.852815) can0 03FF1001#0000000000000000
(1649714758.863375) can0 03FF1603#0000B78A00000000
(1649714758.874165) can0 03FF1605#0100000000000000
(1649714758.884204) can0 03FF1600#142B000104001314
(1649714758.894828) can0 03FF1601#6E50000000000000
(1649714758.905310) can0 03FF1602#04A3DE0000000000
(1649714758.915824) can0 03FF1604#0000000000000000
(1649714758.957690) can0 03FF1001#0000000000000000
(1649714758.968188) can0 03FF1603#0000B78A00000000
(1649714758.979165) can0 03FF1605#0100000000000000
(1649714759.063080) can0 03FF1001#0000000000000000
(1649714759.073539) can0 03FF1603#0000B78A00000000
(1649714759.083578) can0 03FF1605#0100000000000000
(1649714759.105769) can0 02191500#
(1649714759.167669) can0 03FF1001#0000000000000000
(1649714759.178086) can0 03FF1603#0000B78A00000000
(1649714759.188620) can0 03FF1605#0100000000000000
(1649714759.235393) can0 02FF2605#0000020401020507
(1649714759.273000) can0 03FF1001#0000000000000000
(1649714759.283430) can0 03FF1603#0000B78A00000000
(1649714759.293557) can0 03FF1605#0100000000000000
(1649714759.377491) can0 03FF1001#0000000000000000
(1649714759.387866) can0 03FF1603#0000B78A00000000
(1649714759.398445) can0 03FF1605#0100000000000000
(1649714759.503855) can0 03FF1605#0100000000000000
(1649714759.533648) can0 02191501#
(1649714759.545331) can0 03FF1501#0000002000000000
(1649714759.597807) can0 03FF1603#0000B78A00000000
(1649714759.692271) can0 03FF1001#0000000000000000
(1649714759.702855) can0 03FF1603#0000B78A00000000
(1649714759.713350) can0 03FF1605#0100000000000000
(1649714759.797260) can0 03FF1001#0000000000000000
(1649714759.807885) can0 03FF1603#0000B78A00000000
(1649714759.818662) can0 03FF1605#0100000000000000
(1649714759.860180) can0 03FF1600#142B000104001314
(1649714759.870777) can0 03FF1601#6E50000000000000
(1649714759.881208) can0 03FF1602#04A3DE0000000000
(1649714759.891666) can0 03FF1604#0000000000000000
(1649714759.912816) can0 03FF1001#0000000000000000
(1649714759.923127) can0 03FF1603#0000B78A00000000
(1649714759.923637) can0 04F93500#2019090300000000
(1649714759.933784) can0 03FF1605#0100000000000000
(1649714760.017771) can0 03FF1603#0000B78A00000000
(1649714760.112529) can0 03FF1001#0000000000000000
(1649714760.123000) can0 03FF1603#0000B78A00000000
(1649714760.133128) can0 03FF1605#0100000000000000
(1649714760.217148) can0 03FF1001#0000000000000000
(1649714760.227756) can0 03FF1603#0000B78A00000000
(1649714760.238464) can0 03FF1605#0100000000000000
(1649714760.240187) can0 02FF2605#0000020401020508
(1649714760.322290) can0 03FF1001#0000000000000000
(1649714760.342977) can0 03FF1605#0100000000000000
(1649714760.427303) can0 03FF1001#0000000000000000
(1649714760.437528) can0 03FF1603#0000B78A00000000
(1649714760.447964) can0 03FF1605#0100000000000000
Or for most lazy:
Code: Select all
#include "CAN.h"

void setup() { 
  pinMode(LED_BUILTIN, OUTPUT);

  // start the CAN bus at 250 kbps
  if (!CAN.begin(250E3)) {
    digitalWrite(LED_BUILTIN, HIGH);  
    while (1);
  } else {
    digitalWrite(LED_BUILTIN, HIGH);  

    blipLED();
    delay(30);
    blipLED();
    delay(30);
    blipLED();
    delay(30);    
  }
}

void loop() {
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(94);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(94);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(105);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(105);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(94);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(21);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(42);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1600);
    CAN.write(0x14);
    CAN.write(0x2B);
    CAN.write(0x00);
    CAN.write(0x01);
    CAN.write(0x04);
    CAN.write(0x00);
    CAN.write(0x13);
    CAN.write(0x14);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1601);
    CAN.write(0x6E);
    CAN.write(0x50);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1602);
    CAN.write(0x04);
    CAN.write(0xA3);
    CAN.write(0xDE);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1604);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(31);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(95);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(21);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(94);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(95);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(95);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(21);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(21);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1601);
    CAN.write(0x6E);
    CAN.write(0x50);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1602);
    CAN.write(0x04);
    CAN.write(0xA3);
    CAN.write(0xDE);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1604);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(42);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(95);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(85);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(15);
    blipLED();
    
    CAN.beginExtendedPacket(0x02FF2602);
    CAN.write(0x5A);
    CAN.write(0x60);
    CAN.write(0x99);
    CAN.write(0x3A);
    CAN.write(0x14);
    CAN.write(0x43);
    CAN.write(0x2E);
    CAN.write(0xA7);
    CAN.endPacket();
    delay(69);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(32);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(197);
    blipLED();
    
    CAN.beginExtendedPacket(0x02FF2605);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x02);
    CAN.write(0x04);
    CAN.write(0x01);
    CAN.write(0x02);
    CAN.write(0x05);
    CAN.write(0x04);
    CAN.endPacket();
    delay(149);
    blipLED();
    
    CAN.beginExtendedPacket(0x02F82400);
    CAN.write(0x3A);
    CAN.write(0x5D);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(32);
    blipLED();
    
    CAN.beginExtendedPacket(0x02FF2602);
    CAN.write(0xCC);
    CAN.write(0x78);
    CAN.write(0x1F);
    CAN.write(0xC2);
    CAN.write(0x2C);
    CAN.write(0xE2);
    CAN.write(0xF1);
    CAN.write(0x13);
    CAN.endPacket();
    delay(147);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(9);
    blipLED();
    
    CAN.beginExtendedPacket(0x02294501);
    CAN.endPacket();
    delay(2);
    blipLED();
    
    CAN.beginExtendedPacket(0x05124501);
    CAN.write(0x01);
    CAN.write(0x17);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(28);
    blipLED();
    
    CAN.beginExtendedPacket(0x02FF2605);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x02);
    CAN.write(0x04);
    CAN.write(0x01);
    CAN.write(0x02);
    CAN.write(0x05);
    CAN.write(0x06);
    CAN.endPacket();
    delay(45);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1600);
    CAN.write(0x14);
    CAN.write(0x2B);
    CAN.write(0x00);
    CAN.write(0x01);
    CAN.write(0x04);
    CAN.write(0x00);
    CAN.write(0x13);
    CAN.write(0x14);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1601);
    CAN.write(0x6E);
    CAN.write(0x50);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1602);
    CAN.write(0x04);
    CAN.write(0xA3);
    CAN.write(0xDE);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1604);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(42);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x02191500);
    CAN.endPacket();
    delay(22);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(62);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x02FF2605);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x02);
    CAN.write(0x04);
    CAN.write(0x01);
    CAN.write(0x02);
    CAN.write(0x05);
    CAN.write(0x07);
    CAN.endPacket();
    delay(47);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(38);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(105);
    blipLED();
    
    CAN.beginExtendedPacket(0x02191501);
    CAN.endPacket();
    delay(30);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1501);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x20);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(12);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(52);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(94);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1600);
    CAN.write(0x14);
    CAN.write(0x2B);
    CAN.write(0x00);
    CAN.write(0x01);
    CAN.write(0x04);
    CAN.write(0x00);
    CAN.write(0x13);
    CAN.write(0x14);
    CAN.endPacket();
    delay(42);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1601);
    CAN.write(0x6E);
    CAN.write(0x50);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1602);
    CAN.write(0x04);
    CAN.write(0xA3);
    CAN.write(0xDE);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1604);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(21);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x04F93500);
    CAN.write(0x20);
    CAN.write(0x19);
    CAN.write(0x09);
    CAN.write(0x03);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(1);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(95);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(11);
    blipLED();
    
    CAN.beginExtendedPacket(0x02FF2605);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x02);
    CAN.write(0x04);
    CAN.write(0x01);
    CAN.write(0x02);
    CAN.write(0x05);
    CAN.write(0x08);
    CAN.endPacket();
    delay(2);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(82);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(21);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1001);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(84);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1603);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0xB7);
    CAN.write(0x8A);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
    
    CAN.beginExtendedPacket(0x03FF1605);
    CAN.write(0x01);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.write(0x00);
    CAN.endPacket();
    delay(10);
    blipLED();
}


void blipLED() {
  digitalWrite(LED_BUILTIN, HIGH);
  delay(20);
  digitalWrite(LED_BUILTIN, LOW);
}
If you don't know how to use it, don't ask.

Re: Tier ES400 unlock development

By doctormord
 Wed Apr 09, 2025 11:41 am #58476
antgirth wrote:
Sun Nov 03, 2024 4:38 pm
 Swooping in from outer-space.
Please stop making cutting this batteries.
Code: Select all
(1649714755.976157) can0 03FF1603#0000B78A00000000
(1649714755.987128) can0 03FF1605#0100000000000000
(1649714756.081573) can0 03FF1603#0000B78A00000000
(1649714756.175654) can0 03FF1001#0000000000000000
(1649714756.186471) can0 03FF1603#0000B78A00000000
(1649714756.197038) can0 03FF1605#0100000000000000
(1649714756.301614) can0 03FF1605#0100000000000000
(1649714756.406892) can0 03FF1605#0100000000000000
(1649714756.500839) can0 03FF1603#0000B78A00000000
(1649714756.511860) can0 03FF1605#0100000000000000
(1649714756.595375) can0 03FF1001#0000000000000000
(1649714756.616378) can0 03FF1605#0100000000000000
(1649714756.700264) can0 03FF1001#0000000000000000
(1649714756.710901) can0 03FF1603#0000B78A00000000
(1649714756.752929) can0 03FF1600#142B000104001314
(1649714756.763585) can0 03FF1601#6E50000000000000
(1649714756.774216) can0 03FF1602#04A3DE0000000000
(1649714756.784322) can0 03FF1604#0000000000000000
(1649714756.815756) can0 03FF1603#0000B78A00000000
(1649714756.826221) can0 03FF1605#0100000000000000
(1649714756.910481) can0 03FF1001#0000000000000000
(1649714756.920795) can0 03FF1603#0000B78A00000000
(1649714757.015667) can0 03FF1001#0000000000000000
(1649714757.026183) can0 03FF1603#0000B78A00000000
(1649714757.036176) can0 03FF1605#0100000000000000
(1649714757.120147) can0 03FF1001#0000000000000000
(1649714757.141126) can0 03FF1605#0100000000000000
(1649714757.225543) can0 03FF1001#0000000000000000
(1649714757.235923) can0 03FF1603#0000B78A00000000
(1649714757.246569) can0 03FF1605#0100000000000000
(1649714757.340525) can0 03FF1603#0000B78A00000000
(1649714757.435389) can0 03FF1001#0000000000000000
(1649714757.445853) can0 03FF1603#0000B78A00000000
(1649714757.540400) can0 03FF1001#0000000000000000
(1649714757.550877) can0 03FF1603#0000B78A00000000
(1649714757.561348) can0 03FF1605#0100000000000000
(1649714757.644945) can0 03FF1001#0000000000000000
(1649714757.665824) can0 03FF1605#0100000000000000
(1649714757.750248) can0 03FF1001#0000000000000000
(1649714757.760294) can0 03FF1603#0000B78A00000000
(1649714757.770891) can0 03FF1605#0100000000000000
(1649714757.791749) can0 03FF1601#6E50000000000000
(1649714757.802297) can0 03FF1602#04A3DE0000000000
(1649714757.812842) can0 03FF1604#0000000000000000
(1649714757.854963) can0 03FF1001#0000000000000000
(1649714757.865601) can0 03FF1603#0000B78A00000000
(1649714757.875763) can0 03FF1605#0100000000000000
(1649714757.970612) can0 03FF1603#0000B78A00000000
(1649714757.980648) can0 03FF1605#0100000000000000
(1649714758.065144) can0 03FF1001#0000000000000000
(1649714758.075569) can0 03FF1603#0000B78A00000000
(1649714758.086119) can0 03FF1605#0100000000000000
(1649714758.101368) can0 02FF2602#5A60993A14432EA7
(1649714758.169872) can0 03FF1001#0000000000000000
(1649714758.180054) can0 03FF1603#0000B78A00000000
(1649714758.190635) can0 03FF1605#0100000000000000
(1649714758.222808) can0 03FF1605#0000000000000000
(1649714758.419965) can0 02FF2605#0000020401020504
(1649714758.568888) can0 02F82400#3A5D000000000000
(1649714758.600822) can0 02FF2602#CC781FC22CE2F113
(1649714758.747921) can0 03FF1001#0000000000000000
(1649714758.758287) can0 03FF1603#0000B78A00000000
(1649714758.768879) can0 03FF1605#0100000000000000
(1649714758.777535) can0 02294501#
(1649714758.779970) can0 05124501#0117
(1649714758.807702) can0 02FF2605#0000020401020506
(1649714758.852815) can0 03FF1001#0000000000000000
(1649714758.863375) can0 03FF1603#0000B78A00000000
(1649714758.874165) can0 03FF1605#0100000000000000
(1649714758.884204) can0 03FF1600#142B000104001314
(1649714758.894828) can0 03FF1601#6E50000000000000
(1649714758.905310) can0 03FF1602#04A3DE0000000000
(1649714758.915824) can0 03FF1604#0000000000000000
(1649714758.957690) can0 03FF1001#0000000000000000
(1649714758.968188) can0 03FF1603#0000B78A00000000
(1649714758.979165) can0 03FF1605#0100000000000000
(1649714759.063080) can0 03FF1001#0000000000000000
(1649714759.073539) can0 03FF1603#0000B78A00000000
(1649714759.083578) can0 03FF1605#0100000000000000
(1649714759.105769) can0 02191500#
(1649714759.167669) can0 03FF1001#0000000000000000
(1649714759.178086) can0 03FF1603#0000B78A00000000
(1649714759.188620) can0 03FF1605#0100000000000000
(1649714759.235393) can0 02FF2605#0000020401020507
(1649714759.273000) can0 03FF1001#0000000000000000
(1649714759.283430) can0 03FF1603#0000B78A00000000
(1649714759.293557) can0 03FF1605#0100000000000000
(1649714759.377491) can0 03FF1001#0000000000000000
(1649714759.387866) can0 03FF1603#0000B78A00000000
(1649714759.398445) can0 03FF1605#0100000000000000
(1649714759.503855) can0 03FF1605#0100000000000000
(1649714759.533648) can0 02191501#
(1649714759.545331) can0 03FF1501#0000002000000000
(1649714759.597807) can0 03FF1603#0000B78A00000000
(1649714759.692271) can0 03FF1001#0000000000000000
(1649714759.702855) can0 03FF1603#0000B78A00000000
(1649714759.713350) can0 03FF1605#0100000000000000
(1649714759.797260) can0 03FF1001#0000000000000000
(1649714759.807885) can0 03FF1603#0000B78A00000000
(1649714759.818662) can0 03FF1605#0100000000000000
(1649714759.860180) can0 03FF1600#142B000104001314
(1649714759.870777) can0 03FF1601#6E50000000000000
(1649714759.881208) can0 03FF1602#04A3DE0000000000
(1649714759.891666) can0 03FF1604#0000000000000000
(1649714759.912816) can0 03FF1001#0000000000000000
(1649714759.923127) can0 03FF1603#0000B78A00000000
(1649714759.923637) can0 04F93500#2019090300000000
(1649714759.933784) can0 03FF1605#0100000000000000
(1649714760.017771) can0 03FF1603#0000B78A00000000
(1649714760.112529) can0 03FF1001#0000000000000000
(1649714760.123000) can0 03FF1603#0000B78A00000000
(1649714760.133128) can0 03FF1605#0100000000000000
(1649714760.217148) can0 03FF1001#0000000000000000
(1649714760.227756) can0 03FF1603#0000B78A00000000
(1649714760.238464) can0 03FF1605#0100000000000000
(1649714760.240187) can0 02FF2605#0000020401020508
(1649714760.322290) can0 03FF1001#0000000000000000
(1649714760.342977) can0 03FF1605#0100000000000000
(1649714760.427303) can0 03FF1001#0000000000000000
(1649714760.437528) can0 03FF1603#0000B78A00000000
(1649714760.447964) can0 03FF1605#0100000000000000
Cheers bro,

i have the code running and the can messages arriving on the BMS can tranceiver. To kickstart the BMS, you'll need to connect the yellow and black wire in the green connector shortly which will start the 5V supply on the BMS.

I'm running the code on a ESP32 with TJA1051T-3. Unfortunately the BMS does not unlock the output. The TJA is powered by 5V. Any hints what im missing actually? dV on the bus is about 3.2V.

Regards,

doc

Re: Tier ES400 unlock development

By msbmsbmsb5
 Mon Apr 28, 2025 1:01 am #58478
I have implemented antgirth's CAN messages and indeed receive a response from the battery (and possibly motor controller, as I have this connected still - will try without at some point). I haven't been able to draw current from the battery for more than a couple of seconds before it disables itself.
I figured out you can see the battery error state by holding down the button, causing the E symbol to show. You can switch back by holding the button down again.
The errors correlate to the battery errors on this page: https://support.levyelectric.com/hc/en- ... rror-Codes
So I am getting error 31 as expected.
I have deciphered some of the battery's responses which are documented below (screenshot sorry because I don't think a table will format well).
I would be very interested to hear if anyone has managed to enable the output of the battery - I am going to analyze the CAN messages given by antgirth further as I suspect there may be a 'secret code' which is different between my battery and his.

Cheers!
----
Image

Re: Tier ES400 unlock development

By doctormord
 Mon Apr 28, 2025 8:27 am #58479
Thanks for the informations. Unfortunately, i don't get any reply from the battery so maybe there's still some HW thing wrong.

What's your CAN setup?

Regards

Christian

Re: Tier ES400 unlock development

By msbmsbmsb5
 Tue Apr 29, 2025 2:58 am #58480
Hi
I've run a few setups - arduino with code provided (note there seems to be a bug in the library so you need to set the speed to 500 kbps to get it to do 250) and a CANable board and a python script I made. I had been listening with a cheapie aliexpress logic analyzer but have got my script and canable to do that now.
All running at 5V. The logic analyzer is a bit temperamental because the voltage thresholds for CANH and CANL don't really match up, but one channel usually works.

See image for pinout (have seen plenty of incorrect ones on this forum) and what I mean by female Julet connector. I think some people reported that wire colour is inconsistent so be careful and beep it out if you're not sure. Remember to short the ENA line (Green) to ground to wake the thing up - this is different from the battery enable pin.

Let us know what you find.
Image
Image

Re: Tier ES400 unlock development

By doctormord
 Tue Apr 29, 2025 11:21 am #58481
We use two different batteries i'd say. I have the 48V 14.4.Ah external standing up battery - your's is the internal from the compartment? Maybe thats why there's is no response.
 Reply
  • 1
  • 26
  • 27
  • 28
  • 29
  • 30
 Return to “Brand Specific (Consumer / Lime / Skip / Etc.)”
What happened to this forum??

I normally don't look into this forum anymore, fri[…]

READ MORE
Tier ES400 unlock development

We use two different batteries i'd say. I have t[…]

READ MORE
VIEW MORE TOPICS