Vehicle Hardware Reverse Engineering

A surplus of electric scooters appeared in my neighborhood when a rental service went out of business. They were destined for the landfill due to a software lock.

By reversing engineering the protocol and creating a device that unlocks the scooters over its CAN-BUS network, it was possible to re-enable and prevent some of the scooters from being scrapped.

unicode vis Prototype CAN-BUS command replay device

Unlock protocol was sent over a simple Async Serial (RS-485) protocol, similar to CAN-BUS.

unicode vis Logic analyzer connected to diagnostics device

Using a logic analyzer, capturing the unlock code from a diagnostics device revealed the command, which was followed by back-and-forth communication.

unicode vis Unlock command analyzation (unlock code redacted)

Replaying the initial serial command from a custom-built RS-485 replay device resulted in the unlock being performed.

unicode vis Custom hardware to replay unlock code