Jump to content

Request for community/distributors to forward complete firmware user control to Ninebot

fearedbliss

By fearedbliss
in Ninebot

Recommended Posts

fearedbliss Collaborator

fearedbliss

Posted
Posted

Hello all,

Ninebot's QA seems to be extremely unreliable. Having an Apple model style of updates where you either stay on the current version or upgrade to the latest version without the ability to update to any versions in between (that most likely have been deemed stable) is a horrible update model.

I won't be recommending Ninebots to anyone anymore until Ninebot adds the following features:
- Ability to upgrade the firmware
- Ability to downgrade the firmware
- Ability to prevent firmware updates (A checkbox inside the app where the application will not ask you to update/won't even check for an update)
 
The user should be able to select the firmware version they would like to upgrade/downgrade to from a list of available versions. Ninebot should also release the firmware files and let the users flash the version through the application.
 
Recommending a Ninebot device at the moment is extremely risky and I don't want to put loved ones at risk because of that. The Ninebot hardware is very good, but the firmware is extremely volatile.
 
@vido's friend recently bought 2 Ninebots and both of them seemed to come with 1.2.6 (Not confirmed). One of the Ninebots seemed to have died within 5 hours of use. So I can't really say it's the guys fault since we shouldn't be expecting customers to take a brand new product out of a box, and automatically be at risk of being harmed. These types of things can happen where a specific batch of a technology comes with a vulnerable version, but this needs to be an exception, not the norm. Also, new customers don't exactly know that they should be checking the EU forums for this type of "warning" information.
 
To the current Ninebot distributors, please forward the above firmware user control recommendations so that customer's can feel safer with their Ninebot and its firmware.
 
 
- Jonathan
Link to comment
Share on other sites
Aaron Corsi Apprentice

Aaron Corsi

Posted
Posted

Wow this is so terrible. I'm glad I found this forum before buying my NB1 or I would have updated the firmware without thinking about it. I enjoy my Ninebot but I want some of the Segway level quality to start bleeding into the Chinese products, let's hope it doesn't happen the other way around...

Link to comment
Share on other sites
River_rider Newbie

River_rider

Posted
Posted

It is very discouraging with what has been happening with these wheels.  I am still suffering from the affects of my Ninebot One shutting off over 2 and halfs weeks ago.  Ended up with severely sprained wrists which still hurt like hell.  Sorry to say, I am afraid to get back on the wheel until all the bugs have been worked out for good.  I wish I could go back to the 1.2.2 firmware which was the last reliable one I know of.  Ran my wheel for almost 6 months on this firmware before updating and since the update the Ninebot One E is just not safe anymore to ride.  I agree wholeheartedly with Fearedbliss.... I want the ability to choose the last reliable firmware for my wheel.  I'd go back in a minute to 1.2.2 if I could.  Still waiting on my battery also.... Suppose to get an answer from NinebotUS to see if I can use a 320wh battery in my model E.  Some say I can with no problem and others say I cannot interchange the battery.  Another failure of Ninebot as the company discontinued making the 240wh battery that is used in the NInebot One E. 

Link to comment
Share on other sites
ninebot one p Explorer

ninebot one p

Posted
Posted

Yes I am 100%

2 hours ago, fearedbliss said:

Hello all,

Ninebot's QA seems to be extremely unreliable. Having an Apple model style of updates where you either stay on the current version or upgrade to the latest version without the ability to update to any versions in between (that most likely have been deemed stable) is a horrible update model.

I won't be recommending Ninebots to anyone anymore until Ninebot adds the following features:
- Ability to upgrade the firmware
- Ability to downgrade the firmware
- Ability to prevent firmware updates (A checkbox inside the app where the application will not ask you to update/won't even check for an update)
 
The user should be able to select the firmware version they would like to upgrade/downgrade to from a list of available versions. Ninebot should also release the firmware files and let the users flash the version through the application.
 
Recommending a Ninebot device at the moment is extremely risky and I don't want to put loved ones at risk because of that. The Ninebot hardware is very good, but the firmware is extremely volatile.
 
To the current Ninebot distributors, please forward the above firmware user control recommendations so that customer's can feel safer with their Ninebot and its firmware.
 
 
- Jonathan

100% behind this. Ninebot are you listening!

Link to comment
Share on other sites
csmyers Collaborator

csmyers

Posted
Posted

What they risk by doing this is that people could decompile the firmware updates and make custom flashes - changing safety limitations such as top speeds, tiltback, etc.

This is potentially extremely dangerous, and Ninebot would risk being held responsible - not only for parts under warranty, but hospital bills and lawsuits.

In addition, Ninebot would risk losing out in upselling their top models. Someone could buy the cheapest model (the C+?) and make custom batteries, flash custom updates allowing higher voltage or disabling safety features, etc. In addition to potential hardware failure, they would miss out on the extra revenue from a more expensive product. Part of their market strategy seems to be in creating a desirable, well-made, "gold standard" if you will, and then selling limited, watered-down versions of it to increase the value of their top model.

You brought up Apple? Part of the appeal of 'jailbreaking' iOS back in the day was to get free apps and add functionality. The only difference between Apple and Ninebot is that jailbreaking poses limited risk - e.g. losing battery life or personal data if you brick your iDevice. With the Ninebot, you could be losing your life.

I doubt Ninebot (just like Apple) will ever allow people to upgrade/downgrade freely. That being said, I'm seriously weirded out by the volatile updates they're releasing.

Just my two cents

Link to comment
Share on other sites
fearedbliss Collaborator

fearedbliss

Posted
  • Author
Posted

@csmyers, yes I know your concerns very well since I was one of the people back in iOS 1-4 that was in the jailbreaking community, let alone other types of modifications whether it was PSP (early on 1.18/1.70 days) or Wii homebrew.

I would prefer to have more freedom and control with the firmware files either way though. If someone modifies the firmware files in a negative way, they would be putting themselves in a position of risk. If someone gets hurt right now, Ninebot can still be held responsible, however if someone modifies their firmware, and then gets hurt, it would be easier I would say for Ninebot to themselves simply by attempting to salvage the remains of the Ninebot and reading what version (and detecting if any customizations were mad to that chip). A simple dump of the RAM contents is all that is needed.

On your other issue regarding "upgrading your bot by modifying the firmware". It's not that simple, you are forgetting that sure you might be able to increase the speed through customations, but the hardware between the bots aren't exactly the same. If the hardware on a lower Ninebot is physically weaker than a Ninebot E+ or P, a simple software change won't give them this upgrade.

Lately, all of your concerns will be handled properly if Ninebot simply releases signed firmware updates and implements firmware verification code in the bot. Maybe this will mean that we will have to update to a newer core version that introduces this firmware verification code into the system. After that, only signed firmware versions equal to greater than that version will be allowed.

Link to comment
Share on other sites
csmyers Collaborator

csmyers

Posted
Posted
5 hours ago, fearedbliss said:

@csmyers, yes I know your concerns very well since I was one of the people back in iOS 1-4 that was in the jailbreaking community, let alone other types of modifications whether it was PSP (early on 1.18/1.70 days) or Wii homebrew.

I would prefer to have more freedom and control with the firmware files either way though. If someone modifies the firmware files in a negative way, they would be putting themselves in a position of risk. If someone gets hurt right now, Ninebot can still be held responsible, however if someone modifies their firmware, and then gets hurt, it would be easier I would say for Ninebot to themselves simply by attempting to salvage the remains of the Ninebot and reading what version (and detecting if any customizations were mad to that chip). A simple dump of the RAM contents is all that is needed.

On your other issue regarding "upgrading your bot by modifying the firmware". It's not that simple, you are forgetting that sure you might be able to increase the speed through customations, but the hardware between the bots aren't exactly the same. If the hardware on a lower Ninebot is physically weaker than a Ninebot E+ or P, a simple software change won't give them this upgrade.

Lately, all of your concerns will be handled properly if Ninebot simply releases signed firmware updates and implements firmware verification code in the bot. Maybe this will mean that we will have to update to a newer core version that introduces this firmware verification code into the system. After that, only signed firmware versions equal to greater than that version will be allowed.

Nice to know a fellow jailbreaker! I did it religiously until iOS 7.

The trouble comes in if the main board is fried, then there's no way of knowing if the person had modified their Ninebot. Connectivity gone, it would be way too much of a hassle to do a memory dump.

I know that customizing the firmware won't yield hardware upgrades; that's why I'm saying that upgrades like these will be highly dangerous. BECAUSE the Ninebot E+ isn't as powerful as a P, it won't be able to handle the custom firmware flashes that are all too easy to make.

Creating a 'signing' system wouldn't work unless the Ninebot were able to reach the internet on its own. This wouldn't be possible with the existing models. If they somehow managed to do it with software, it would be an incredible amount of work for something they could avoid simply by closing off their update system.

Link to comment
Share on other sites
fearedbliss Collaborator

fearedbliss

Posted
  • Author
Posted

You can still perform a memory dump of the RAM even with the logic board fried. There is never "too much hassle" when there is a court case going on and possibly millions of dollars are at stake ;).

A signing system is possible without the internet. Of course using a signing verification server is one way to do it, but another way to do it is the way secure boot works on new machines. Verification is happening right from when the machine boots (and no internet required :D). Depending on how you look at this and how you implement, you are right in that it might not be possible with current Ninebots. I believe there is a way to do it though. Although my method given the current situation would be that the first version of the firmware that implements this signing can perform the verification check before it gets updated. However, if anything, I think the simplest solution would be to do the verification on the Ninebot app itself (Apk in the case of Android). Since the Ninebot app will be the gateway/ui to select the firmware file that the user wants, it can perform either a local or online verification. I of course would prefer the offline counterpart. But either way can work. So in this case, this isn't the most "secure" way of doing it, but it is a deterrent. I'm guessing if they go this route, some people could go with the "Tiny Umbrella" approach and make their own local signing server. However, even if the do sign their custom fw, it wouldn't work unless they would find some exploit so that the Ninebot board accepts it. At this stage, I think most people wouldn't even go this far for this type of device. Let alone I don't believe there are really any types of modifications people _really_ want to do, especially considering the danger level of doing it. So it's a high enough deterrent I think where you can't even hold Ninebot Inc accountable for it.

Link to comment
Share on other sites
Lefteris Veteran

Lefteris

Posted
Posted
Just now, fearedbliss said:

@Lefteros (SomniusX)The app now forces one to log onto the internet, at least one time. So you gotta be careful. It's stupid for them to force users to log into their accounts. The old Ninebot app didn't do that, but I'm guessing they want their users to be part of their rankings.

so why not wireshark the thing to see what servers it connects to and block'em, but leaving the loggin system on.. maybe use it with the nbe being switched off?! I'll tamper with the Nine droid app with my rooted Moto X and see the network traffic and report back.. (if i manage to to it between work etc) 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...