Close

Stop Code

A project log for ES-200 Electric Scooter Unlocker

Our streets are becoming litter with high technology joy. These forgotten scooter must be reverse engineer and given the love they deserve.

mr-spriggsMr. Spriggs 12/07/2019 at 14:011 Comment

Ok found out a little bit more last night. I fiddled with the Hex code the Basti plug of his scooter's GPS and there is an off code. I haven't written it into anything useful yet. But here is a sample on/off code. With these two codes you can make a simple control system for Arduino.

#include <Arduino.h>

int powerPin = 5;
byte messageOff[] = {0xA6, 0x12, 0x02, 0x10, 0x14, 0xCF}; //If the scooter is on turn it off.
byte messageB[] = {0xA6, 0x12, 0x02, 0x11, 0x14, 0x0B}; //Not sure what this does yet. It came with Basti's code.
byte messageStart[] = {0xA6, 0x12, 0x02, 0x15, 0x14, 0x30}; //This is the unlock code.

void setup() {
  // initialize Serial:
  Serial.begin(9600);

  pinMode(powerPin, OUTPUT);
  digitalWrite(powerPin, HIGH);

  Serial.write(messageStart, sizeof(messageStart));
}

void loop() {

  delay(1000);
  Serial.write(messageStart, sizeof(messageStart));
  pinMode(powerPin, INPUT); //Set to Hi-Z not needed after scooter starts
  delay(5000);
  Serial.write(messageOff, sizeof(messageOff));
}
Previous log

Moving forward

12/06/2019 at 22:34 2 comments
Next log

CRC-8 MAXIM

12/13/2019 at 18:35 0 comments

Discussions

john lee wrote 12/12/2019 at 19:28 point

Hello. thanks for posting this project. I am here after reading up on scootertalk. before I continue you must understand that this is my first time working with arduino and programming. I write this after spending a lot of time googling and reading up on this stuff, but despite my efforts it, I still find it impossible to crack.
ok, so this is my problem: I have a Lime 2.5 electric scooter. on scootertalk there is a topic where some guys managed to use an arduino and unlock the scooter with the original controller (the same thing that you guys did for the ES200), but for some reason they are not willing to share a final solution. this is the link https://scootertalk.org/forum/viewtopic.php?f=56&t=5767
you can read on the first page some of the things they found:
Responsive commands:

0x11
0x12 - Headlight controll data length 0x01. 0xF1 - Light ON, 0xF0 - Light OFF
0x13
0x14 - Returns FW version
0x18 - Returns HW version
0x20 - Some kind of ID?
0x21 - Prints "REBOOT", but does it?
0x40
0x41
0x42
0x44
0x61 - The Candy! Data length 0x01. Data 0xF1 Enables motor controller. Data 0xF0 Disables motor controller.
0x63 - "Lock" Data length 0x01. Data 0xF1 Enables lock mode of motor. And I guess this mode is disabled with motor controller enable?
0x71 - "Timer"??? Always increasing
0x72
0x81
0x90
0x93
0xB0
0xB1
0xF1
0xF2
0xF3

I have no idea how to implement this into a flashable file for the arduino the way you guys did, even though I think the code should be something very similar/ and believe me I tried really hard to understand !
so could you please help with that? or at least point me into a more specific direction especially with the part where he says "0x61 - The Candy! Data length 0x01. Data 0xF1 Enables motor controller. Data 0xF0 Disables motor controller."

  Are you sure? yes | no

Yes, delete it Cancel

Going up?

About Us Contact Hackaday.io Give Feedback Terms of Use Privacy Policy Hackaday API

© 2024 Hackaday