Jump to content

Only for the brave. Russian Hack for the Mini Pro


Recommended Posts

The BT flashing is the only reasonable way. I understand that you want make money from your effort. But I guess, there is little chance, to make not hackable flash SW. And another cheaters will make money form your work.

Can you think about crowdfunding? If you collect certain amount, you will release SW for free. 

Link to comment
Share on other sites

40 minutes ago, Alex_from_NZ said:

Why are you able to provide flashing options via Bluetooth for the euc community but not the mini pro? 

After the problems users here have documented changing cpus there is no way I'm paying any money unless it's got a software update. 

Let me know when that's available, this process is just going to end badly for everyone involved.  

Soldering the processor is difficult. But who is engaged in repair of electronics is 10 minutes. But something can go wrong.

For these devices, I'm not the author of the firmware. I just found how to increase the speed.Alexey continued to correct it and made many necessary changes. He works a lot on the main job and there is not enough time to make a tool for remote firmware. I could do it on bluetooth, but Alexey should do it. I can not explain why.

Link to comment
Share on other sites

18 minutes ago, Stano Jiroušek said:

The BT flashing is the only reasonable way. I understand that you want make money from your effort. But I guess, there is little chance, to make not hackable flash SW. And another cheaters will make money form your work.

Can you think about crowdfunding? If you collect certain amount, you will release SW for free.  

You said it right. Alexey is the author of the m365 scooter firmware. The firmware was stolen from him and therefore he is looking for a way to encrypt his new works.

Link to comment
Share on other sites

1 minute ago, MRN76 said:

You said it right. Alexey is the author of the m365 scooter firmware. The firmware was stolen from him and therefore he is looking for a way to encrypt his new works.

People on this board are only willing to enjoy their minipro and have a better ride experience. Everyone here would like to pay you and Alexey for your job and I think that no one here want to speculate and steal your intellectual property. Please consider selling the firmware to the users of this board, we are just users who would like to use your firmware and pay for it, not re-sell it.

Thank you.

Link to comment
Share on other sites

Well, the choice is yours or Alexys. Create a tool that people want and sell it as a software service, or keep trying to sell cpus to maybe 15 people total. 

I understand the concern, but that's the world of software, I'm sure the xiomi programmers consider their firmware stolen too start with. In any case, from my perspective you either give the people what they want and earn some money along the way, or you keep like Nokia selling things no one but a couple of enthusiasts want. 

Not meaning to be rude, just giving you the perspective from a customer and businessman. 

Link to comment
Share on other sites

On 11/19/2018 at 1:06 PM, MRN76 said:

Alexey ..  He works a lot on the main job..

It is not easy to update people who have to solder in a CPU each time Alexey comes up with a fix or improvement.  Similarly if your colleague travels around the world flashing MiniPROs in every city, fixes and upgrades are going to be tough for him to handle.

These STM32F103RC CPUs have a security flaw, and there are dozens of advertisers on TaoBao willing to crack them for just a few hundred dollars. I do understand Alexey wants to keep this work all under his control, but agree with Alex_from_NZ that it is more important to establish your MiniPRO expertise now, quickly, before somebody comes along with a copy of your work and a better marketing plan, for only by quickly getting your name out (by many YouTube videos specifically saying 'swallowbot') will the public remember your names, and not the better marketer's name.

People could use JTAG/SWD to flash an image, and that can probably be done without soldering wires, or the need to remove the control board, because the SWDO, SWCLK, GND and 3.3V are thru-holes in the PCB. For example, I could make a small PCB with 4 spring contacts on it that plugs onto the back of a control board, thus connecting the CPU to a $5  ST-LINK2 dongle.  NRST (pin 7) is not available from the rear, and the LEDs do draw quite a bit of current, but it should be possible to make and distribute a 'kit' of contact board and ST-Link2, while the plugs feeding the LEDs can be disconnected. I think you already secure the JTAG/SWD image via the unique CPU serial number, so there is a level of firmware security for you from that direction as well. Each MiniPRO being upgraded will need a different firmware file.

I will take a closer look at this while I work on fixing my blown-up control board tomorrow...

Edited by trevmar
Fixed misunderstanding of "main job" - sorry
  • Like 2
Link to comment
Share on other sites

10 hours ago, trevmar said:

..... so Alexey may be wasting his time working "on the main job."  ....

Not sure if you mis-understood.  I think he meant "Alexy works a lot at his main/day job".  Meaning he is very busy, and does not have a lot of time to devote to this.  Implying that a bluetooth solution is not going to happen quickly.  

  • Upvote 1
Link to comment
Share on other sites

1 hour ago, FreeRide said:

Not sure if you mis-understood.  I think he meant "Alexy works a lot at his main/day job".  Meaning he is very busy, and does not have a lot of time to devote to this.  Implying that a bluetooth solution is not going to happen quickly.  

You understood me correctly

Link to comment
Share on other sites

Hello to all,

@MRN76

I am very experienced technician, I am doing a hardware repair on computer and notebook motherboards every day for a living. Recently I have repaired a friends Ninebot Mini with fault in communication between boards - 2 long and 5 short beeps. Basically on all 3 boards in the mini (battery, controller and bluetooth) were a faulty resistors that needed to be exchanged and the mini now works all fine. I know very little about software in general, but hardware is my strong side.

I want to try your mods but I have a couple of questions first:

- Do you think I can program locked STM chip with hardware programmer BeeProg2? It has 3 types of connection to this chip, image below:

1740627744_2018-11-2023_05_30-Devicesearch_Elnec.png.bca9a51468b256020fa01a0da67c62e5.png

Can you sell me, or let me know which firmware to try and program for my Ninebot Mini?

How can I order spare STM chip from you if I accidentally corrupt the firmware in it and cannot recover it?

Thank you for your great work, keep it up!

Link to comment
Share on other sites

Razor_amd and MRN76

all i can Say is i really hope a solution to the Release of his firmware can be found

while i was more then able to find the data i needed to raise the top speed and it works fine I know from the M365 that he can do good work and tune things,

better then i can while i know some of the secrets that need to be protected for his changes to be of use to him i will Not release this info tell MRN76 SAYS I Can do so. even then change the limit in code was much faster then I expected SWO running a trace with the mini powered up did wonders for figuring out things.

 

but after digging very deep into MRN76's app's  I can Say they are Clean and contain nothing more then what you see (and some basic debugging and a few disabled functions that are not fully tested and ready for use)

based on my findings i feel a lot safer simply because years ago .....new story new thread

Edited by techmasterjoe
Link to comment
Share on other sites

Yes, thank you MRN76 for the info, but I have already found the problem and resolved it by myself :) Also there was a third blown resistor inside the battery, on the BMS board, same one - 120 ohm. I replaced them all with 2 resisters in parallel marked 221 (2 x 221 resistor in parallel gives 110 ohm)

What am I really interested to see is if BeeProg2 programmer will be able to read the STM chip. I will let you know if I succeed.

Edited by razor_amd
Added text
  • Upvote 1
Link to comment
Share on other sites

2 hours ago, razor_amd said:

Yes, thank you MRN76 for the info, but I have already found the problem and resolved it by myself :) Also there was a third blown resistor inside the battery, on the BMS board, same one - 120 ohm. I replaced them all with 2 resisters in parallel marked 221 (2 x 221 resistor in parallel gives 110 ohm)

What am I really interested to see is if BeeProg2 programmer will be able to read the STM chip. I will let you know if I succeed. 

Yes. In the battery, too, they sometimes fail. You can read the chip as a programmer j-link v8 and a programmer st-link v2. You can look at my site http://mrn76.ru/index.php/programming

Link to comment
Share on other sites

Razor_AMD:  JTAG/SWD is available on P13 (near D8 and D25), much easier to solder there than soldering to CPU wires. MRN76 gives all the connecting info on his website :) I was suggesting that no soldering is necessary if spring contacts are applied to the rear of the holes at P13 and 3.3V. A small circuit board would make that easy, and connect right to the USB dongle :) No soldering, and no need to un-mount the control board, opens up the possibility of programming the CPU to a lot more enthusiasts!

  • Upvote 2
Link to comment
Share on other sites

Sorry to not being able to post sooner, the system is not allowing me to post because I am a novice member.

@trevmar P13 is only for SWD connection. JTAG connection uses totally different pins. I can use both SWD and JTAG with my hardware programmer but I wanted to see if JTAG would work. I will make a connector on a Mini somewhere so I can try different firmware's without the need to be opened again.

On 11/21/2018 at 6:14 AM, techmasterjoe said:

all i can Say is i really hope a solution to the Release of his firmware can be found 

I don't think this will happen any time soon, because a lot of greedy people are using his work and sweat for their own benefit. He must find a way to give (sell) his work to everyone and in the same time, give it in a way so his work will not be able to be stolen. Thus the only way to sell it safely for him, is to sell a firmware with a SMT chip already pre-programmed with his firmware locked inside.

I hope everyone understands me because English is not my native language and all of my writing is being translated.

And thank you all so much for a lot of useful info I found on this forum.

  • Like 1
  • Upvote 1
Link to comment
Share on other sites

Hello Guys, 

I am from germany and the last half year i followed this thread. I am one of these guys who repair PCs, change hardware and so on. But to screw (especially drop out) the processor from the Mainboard is like playing with the devil ;-)

I looked forward for a Firmware hack with swallowbot with BT but it seems that the only thing for making a release for such easy firmwarechange is the copyprotection that alexey want to implement in his tool. 

I know, it is really shit if anyone copy your hard work and making money with that, but as razer already said: The time will coming, when someone another guy make an hack and making the real money with this.

I think all the people with a mini pro want to be faster than 18km/h and are going to pay money for that. The comparison: 15 are able and willing to remove his processor but 1000s are definitely going to make an easy BT update are a good point for doing it in this way.

Isn't it possible to read out a unique number of the board, sending it to you or alexey and implement only this number in the Software, so that the Software is only able to hack this mini pro with this number?

 

 

  • Upvote 1
Link to comment
Share on other sites

1 hour ago, Tommy Hilfaker said:

Hello Guys, 

I am from germany and the last half year i followed this thread. I am one of these guys who repair PCs, change hardware and so on. But to screw (especially drop out) the processor from the Mainboard is like playing with the devil ;-)

I looked forward for a Firmware hack with swallowbot with BT but it seems that the only thing for making a release for such easy firmwarechange is the copyprotection that alexey want to implement in his tool. 

I know, it is really shit if anyone copy your hard work and making money with that, but as razer already said: The time will coming, when someone another guy make an hack and making the real money with this.

I think all the people with a mini pro want to be faster than 18km/h and are going to pay money for that. The comparison: 15 are able and willing to remove his processor but 1000s are definitely going to make an easy BT update are a good point for doing it in this way.

Isn't it possible to read out a unique number of the board, sending it to you or alexey and implement only this number in the Software, so that the Software is only able to hack this mini pro with this number?

 

 

OR.... ;)

One of them (MRN76 or Alexey ) Could build up A Private DNS dedicaded Server to point to and update via BT the Custom Firmware ONLY after gained the access to it Paying first the Service by Paypal !!!! B):thumbup::clap3::dribble:

Link to comment
Share on other sites

I have bad English, I will try to explain. The firmware is tied to a specific processor and serial number. But it can be snooped via bluetooth from the phone.The firmware on the M365 Alexey's scooter was stolen. Therefore, without writing his encryption, he will not give a public version. And to make the encryption process - it takes time, which he has very little.

I do not know why this topic was created. I did not want to advertise it until the bluetooth application was made.

Link to comment
Share on other sites

I just found a video from Denis Hagov, showing off his Swallowbot. Videos like this keep me convinced that all the effort needed to get Swallowbot running will be worthwhile.. I need that improved battery management...

 

Edited by trevmar
Link to comment
Share on other sites

An update, since I have been busy over the Thanksgiving holidays.

I realized that one of the biggest problems I had with my CPU soldering was the surface coating Ninebot put over all components on the control board. Even though it had been dissolved by the methylene chloride, a semi-fluid residue (looking like water) was left around which my circuit board solvents were not removing. This stuff was interfering with the flux during soldering. All this only became visible when I used my binocular microscope, which I normally only use for really,really, small stuff. After two re-soldering of the Swallowbot CPU (and two more power MOSFETs, which blew each time I tried using the CPU)  I decided it could have been damaged, and so I soldered a brand new STM32F103RCT6 CPU (STmicro, I usually buy them from from DigiKey to avoid the Chinese clones) onto the board.

This time nothing misbehaved (by comparison with what I remember from previous experience with the MiniPROs, all the LEDs illuminated with an error code which beeped two long, nine short, error 29. I had this code once before when I had programmed the 1.1.7 firmware from a different MiniPRO into mine, and I knew it was a serial number mismatch (the Segway firmware is locked to a unique ID within each CPU chip). Darn - I had thought I had swapped in the new ID :crying:Anyway, MRN76 kindly sent me the specific patching instructions for the Binary files and I realized that I had thought the data would be little-Endian while it was actually literal. Oh well...

After fixing Error 29 the MiniPRO rebooted to error 12, at which point I relaxed as I have fixed that one before (loose wires in the plug from the motor sensor). I will continue the debug after Thanksgiving, but am confident that I soldered the CPU in properly this time, using the Microscope on every lead, and am pretty confident everything will come back to life again from this point...

And, on the plus side, those special Chinese Power-MOSFETs they use will be pretty neat for some of my other projects. I bought plenty of spares  :clap3:

Edited by trevmar
  • Like 1
  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...