By ComradeScooter - Wed Mar 13, 2019 2:47 pm
- Wed Mar 13, 2019 2:47 pm
#6080
Can I get the instruction PM also? Looking to reverse engineer these controllers.
foobarbaz wrote: ↑Sun Feb 17, 2019 7:32 pmCould you PM me/reply to me? I have a couple of questions and I might be able to help. Thanks!Tester wrote: ↑Sat Feb 16, 2019 3:31 pmI’ve been on holiday so haven’t had a chance to update, but I’m back tomorrow. I’ll PM you a full set of instructions on how to gain shell access (please don’t circulate/post the instructions as it will be a pretty easy fix to block this remotely and ruin it for all of us). What sort computer do you use? I wrote the instructions for Mac/Darwin but they are pretty similar for any UNIX/Linux system.Mind Train wrote: ↑Fri Feb 15, 2019 3:14 pm
Does anybody have some updates of this?
I tried to connect UART to debug but its .... i don't know
I'm able to connect only GND and Tx to read status but not Rx
If i have connected GND and Tx i can see full boot sequence of device but i can't get access to send commands to it if i connect Rx boot sequence stops at start of POST
does anyone know how to connect device to communicate with ?
Or how are you connect USB data + - to PC , this is ttyUSB or what ?
if you want to see boot log please visit this site https://blog.adlg.cz/1995/02/4033/ pswd> scootertalk
My plan this week is to probe the physical outputs on the system from inside the Android OS to find the ‘ignition switch’. If that won’t work then I’ll use a built in network monitor to see what information is sent from Lime’s servers to the device to unlock it and trace that info through the application stack to work out how to unlock it without a external server.
Was there any more info in your boot logs? What you linked to appeared to stop at “Starting pdc daemon: done”.
Do you have a copy of your logs from when you move the device or even better a copy of the logs when you unlock the scooter officially using the lime app? So far I haven’t been able to get anything out of mine for either of those events, but I feel there should be something shown - and that it would be very useful.
If anyone else needs instructions post in the comments below and I’ll PM you.
Also, to anyone else:
If you need help with the Android side/reverse engineering/dumping the flash, please PM me.
Can I get the instruction PM also? Looking to reverse engineer these controllers.