Does anybody out there know the real scoop about the Segway keys (as far as how hackable they are)?

I ran into a couple the other day asking me all the usual questions about the Segway. We got to talking about the keys and how tamper-proof they were.

I told them they were 64-bit encrypted and almost impossible to replicate. They proceeded to tell me that they work in the computer security field and that that bit of information is not true (the fact that they are almost impossible to hack).

Was I incorrect in my statements to them? Are the keys 64-bit or 128-bit encrypted (or even higher)? And, the most important question, is there a way to make a "master key" that would allow a user to override the owner's key.



http://www.segwayceleb.com

The question I made is:
What happens if the thieve takes alway the Segway "AND" the Key?
Mario

Then you, my friend, are SOL.



http://www.segwayceleb.com

Not just you. Would a master key activate ALL HTs?

The segway keys are "iButtons". These are a product of Dallas Semiconductor. They even tout the segway on their website: http://db.maxim-ic.com/ibutton/applications/index.cfm?Action=DD&id=25

iButtons are available woth a variety of different features: id only, NV ram, eprom, eeprom, real-time clocks, password protected memory, monetary, monetary w/ tamper detection, with temperature sensors, etc...

I'm not an expert in iButtons, but the most secure seems to be the java-powered cryptographic iButton. According to the ibutton website (www.ibutton.com/ibuttons/java.htm):

quote:

The Crypto iButton's Extraordinary Security
You don't have to take our word for how secure this crypto iButton really is. The National Institute of Standards (NIST) and the Communications Security Establishment (CSE) have validated a version of the crypto iButton for protection of sensitive, unclassified information. FIPS 140-1 validation assures government agencies that the products provide a trusted, physically secure module to properly protect secure information.

As a starting point for the iButton's extraordinary security, the stainless steel case of the device provides clear visual evidence of tampering. The monolithic chip includes up to 134K of SRAM that is specially designed so that it will rapidly erase its contents as a tamper response to an intrusion. Rapid erasing of the SRAM memory is known as zeroization. Any attempts to uncover the private keys within the SRAM are thwarted because attackers have to both penetrate the iButton's barriers and read its contents in less than the time it takes to erase its private keys.

Specific intrusions that result in zeroization include:

Opening the case
Removing the chip's metallurgically bonded substrate barricade
Micro-probing the chip
Subjecting the chip to temperature extremes

In addition, if excessive voltage is encountered, the sole I/O pin is designed to fuse and render the chip inoperable.

As a further security measure, the cryptographic iButton contains a True Time Clock that is a tamper-evident real-time clock. "True Time" differs from real time in that it is set by a reputable agent and its time cannot be reset and is forever increasing. This clock can be used to time stamp transactions. It can also be used to impose expiration dates for inspection intervals, whereby the iButton is required to periodically check in with a host.

The crypto iButton is among the least counterfeitable devices ever made by man. In response to tampering, the crypto iButton would rather erase the key than reveal its secrets. Would-be thieves cannot copy what they do not know–the private key.

they're not really hackable-- it would take more hours and more $ than it would take to buy a segway ht. i wrote a bit a bout it here:

http://www.bookofseg.com/secure.html

feel free to have then email me, i'm willing to put $ on the line that they cannot "hack" them.

cheers,
pt

quote:Originally posted by motleyorc

Does anybody out there know the real scoop about the Segway keys (as far as how hackable they are)?

I ran into a couple the other day asking me all the usual questions about the Segway. We got to talking about the keys and how tamper-proof they were.

I told them they were 64-bit encrypted and almost impossible to replicate. They proceeded to tell me that they work in the computer security field and that that bit of information is not true (the fact that they are almost impossible to hack).

Was I incorrect in my statements to them? Are the keys 64-bit or 128-bit encrypted (or even higher)? And, the most important question, is there a way to make a "master key" that would allow a user to override the owner's key.

http://www.segwayceleb.com


http://www.bookofseg.com

More info:

The cost of iButtons seems to range from about $2.23 (single quantity)for the simplest iButton w/ a unique, unalterable 64bit number, to $53.21 (qty 1) for the full-blown one that includes the java virtual machine with 64kbytes ROM and 134kbytes of RAM.

I don't know which model Segway uses, but that could help explain the reported $300 cost to replace the 3 keys (or 4 keys, since they give you two of the red ones).


Want a different way to carry your iButtons? See http://www.mrioftx.com/store/ibutton2.html. They have can mount an iButton on a ring, watch, and have other types of fobs, wallets, keychains, etc.

I refer you to Distributed.net's attempt to hack a 64-bit key.

It took the world's largest distributed computer over 5 years to solve it. That's over 45 THOUSAND 2GHz Athalon XP's crunching for 1,757 days.

So if you friends have 5 years and 45,000 computers sitting around, and constant access to your Segway, then YES! They might hack your segway key!

http://www.distributed.net/pressroom/news-20020926.html

Tell them you won't leave your Segway unattended for more than 3 hours.

Tell them you'll give them 1 day to try to hack it. If they hack it, you let them keep it. If they don't, they owe you $5000.

Watch them shut up fast about how easy it will be to hack.

motleyorc, I'm not from US. What does it means "SOL" (your answer to my question,before)
Mario

NOTE: There is a big difference between "cracking" the 64-bit encryption and "hacking" the 64-bit encryption. Cracking being the act of actually overcoming the 64-bit encryption via technical means vs "hacking" which is overcoming the encryption via any means, usually involving social engineering methods rather than a frontal technical assault.

I believe it was Bruce Sterling in the excellent book "The Hacker Crackdown" who first pointed out that most hacking isn't done from a purely technical perspective (eg "breaking the code"), but instead via social means (such as going through peoples trash).....

It's my understanding that the #1 risk in bank security isn't from an outside burglar coming in and actually attempting to "crack" the safe. Instead it's the insider that they worry about.

Try applying the same theory to the Segway. If Segway LLC left a backdoor in the encryption scheme, or if some kind of "master code" exists this would be the main risk that would lead to hacking the keys. For example, since Segway will provide more keys upon request they must have a master list somewhere of all Segway's and their associated key values/codes. It would only take one disgruntled employee to steal this list and disseminated it on the web to render all the 64-bit encryption placed on these keys useless.

So in answer to the question of "are the keys easy to crack" the answer is: no, not from a technical perspective. However from a social engineering perspective the answer to the question of "are the keys easy to hack" the answer would be "not yet".....Of course, I'm sure Segway LLC has excellent corporate security protocols in place to avoid all of this.....

quote:Originally posted by mario-ramos

motleyorc, I'm not from US. What does it means "SOL" (your answer to my question,before)
Mario



Sh-- out of luck. :D

Brooster

With the very short word "it" taking the place of the above "--"

[:P]



Brooster

Sure sailor,

But then there's the overlooked "hacking" technique of merely pointing a gun at the person and taking the key!

The person who recieved all the keycodes over the internet (far-fetched) would then also have to have the key manufactured with the keycode. That would mean contacting Dallas Semiconductor and asking for them to manufacture a key with the id # 19kj4904j479820en830fj284r0j or whatever.

Then the folks at Dallas Semiconductor look at their list of Segways reported stolen, and send local law enforcement to pick up your Segway :-)

And again, how smart are the average theives in your neighborhood? Any of them in my neighborhood that can do this crime already have jobs where they can afford a Segway.

Stealing cars is MUCH easier, and much more lucrative.

I see pimped-out Gold *BLING* Segways very soon.

There are plenty of rich criminals.

Just no hydrolics, please.

True Bruce, but I was answering the question of "are the key's hackable/tamperable?" Not "will common thieves be hacking the Segway keys in your neighborhood".

I'm assuming the first Segway hackers, if there ever are any, are going to be bored college students, not common thieves. Most likely if anyone hacks a Segway it will be their own...

In answer to the question of "will people be stealing your Segway by hacking the keys" I too would say "not likely". But I think it's very likely that people will attempt to hack the keys to enable them to do things the Segway wasn't meant to do.....

Great discussion guys! Thanks for all of the information.

The thing that I fear the most is not the hacking of the keys, but just the plain old stealing of the Segway by theives who don't know any better. Anyone can cut your Kryptonite lock if they want to.

Again, thanks for all of the great information.



http://www.segwayceleb.com

quote:Originally posted by Sailor

But I think it's very likely that people will attempt to hack the keys to enable them to do things the Segway wasn't meant to do.....


That will only work IF hidden greater abilities are unlocked by different keys, which I doubt (lawsuit fodder. Plus software that runs the segway does not reside in the key.)

And IF the owner of the segway has 5 years and the most powerful distributed computer on the planet, or some idiot at Segway throws away any chance at future employment anywhere by releasing secret codes and opening the company up to massive lawsuits.

I think it's all idle conjecture. Wishful thinking. Everyone imagines themself the owner of the secret purple 25MPH key that nobody has ever said exists. Why stop there? Why not a key that makes it fly, or a key that makes it fly to Cindy Crawford's bed?

Wait! What am I doing writing to you? I need to start HACKING THAT KEY!!!!! ;)

I still think that an 18mph key is going to be offered in the future as an upgrade to current owners. The Segway corporation has a very savvy marketing staff (I know several of them personally). I can't imagine them not trying to procure additional dollars from established owners. What better way could there be to generate incremental revenue than to offer a new key that allows what you already have to go faster?



http://www.segwayceleb.com

Here's a better way to generate incremental revenue: Upgrade to more battery life. That's something that doesn't irk the pedestrians and also doesn't attract the lawyers. Imagine the problems in selling a faster key to a group that hasn't had training on a nearly 20mph Segway. Hello, lawsuit!

i don't think we'll ever see that, and i don't feel the same way about the marketing team--at least the ones who i happen to have met and spent time with.

cheers,
pt

quote:Originally posted by motleyorc

I still think that an 18mph key is going to be offered in the future as an upgrade to current owners. The Segway corporation has a very savvy marketing staff (I know several of them personally). I can't imagine them not trying to procure additional dollars from established owners. What better way could there be to generate incremental revenue than to offer a new key that allows what you already have to go faster?



http://www.segwayceleb.com


http://www.bookofseg.com

With the laws indicating an EPAMD is under 20 mph, there is room for more speed. If future models are released that go a bit faster, then new keys for existing owners would be a great upgrade, along with additional training for a fee.

Mark

As far as battery life goes, the Celebration Study is going to see upgrades in battery technology soon. In our presentation preceeding picking up our Segway they alluded to a new battery that was on the horizon. Hopefully it will give everyone more range.



http://www.segwayceleb.com

The funny thing is, I really don't care if my Segway goes any faster. I am very happy with the speed it currently tops out at.

If they did come out with a key that would make the unit go 18 mph, it would get you to your destination that much faster, but at the same time you'd be missing out on that much more of your trip. My take on the situation: faster speeds = less travel time; more travel time = happier Segwayer.



http://www.segwayceleb.com

I wish I was a happysegwayer! Enjoy your glide Motleyorc! :-)

I am. In the next couple of months, everybody that wants a Seg will get a Seg. I can't wait to see what the playing field will look like after all of the early adopters get their units.

From my perspective, I try to talk people into trying the Seg 10+ times every day. Once everybody gets their Segways (ALL of these preorders) there are going to be thousands of ambassadors for this product.

Bottom line: you own a Segway, it's your duty to get potential owners excited about the product.

http://www.segwayceleb.com

I very, very seriously doubt that anyone will be able to hack (or crack) a Segway key. And if this was done, probably the only thing that could be accomplished is to make a key to work one specific Segway. I am sure there is no "master" key code available. It would make no sense for Segway to create such a backdoor.

Also, I see no way that a hacked or cracked key could make the Segway go faster unless the capabilities were already programmed into the Segway's firmware and just needed a special code from the key to enable it. Therefore the hack has to make a regular (red) key produce the special code and act like the mythical purple key. And this hacked key would only work for that specific Segway. But all of this adds up to a giant "IF".

People (not us, because we already know this) must realize that the Segway is as much a computer as a scooter. It is not simple mechanics that control the wheels that can have a screw adjusted to make it perform differently. It is all in the software and this cannot be hacked from the outside.

If people really wanted scooters that go so fast, then how come there are not millions of those great $200 electric sccoters (that everyone says is better than the Segway) with batteries upgraged from 12 volts to 24 volts? This would be a easy hack to make a $225 scooter that goes 50 miles per hour. How come every teenager on the block does not have one of these?

Stan

Hello mzokc,

You may be interested that not all states allow EPAMD up to 20 mph.

I went through the web sites of each state a couple of weeks ago, and came up with this... (ok, I was really bored that day)

Max speed = 20; 11 states
Max speed = 15; 13 states
Max speed = 12.5; 1 state
No max speed specified; 3 states

Also, 15 states have no maximum power specified. 12 specify an "average power" of 750 watts, and 1 specifies a maximum of 750 watts.

quote:Originally posted by motleyorc


My take on the situation: faster speeds = less travel time; more travel time = happier Segwayer.


This is true for recreational travel, but for utilitarian travel it won't be true once the novelty wears off.

The main reason that most Americans don't ride bikes to work during nice weather is time. This is true even for those who enjoy cycling and are competent at cycling under all traffic conditions. Those who do have a choice between cycling and motoring, but choose cycling, tend to cycle as fast as they can manage in order to minimize their trip time. If they want to go for a longer, pleasant recreational ride, they can easily do so when they have the time, or change their route when they have the time.

The same is true of transit. In areas of the country where mass transit is faster than car use, mass transit is popular. In areas where car use including parking is faster than a pleasant transit ride, transit is less popular.

-Steve Goodridge

quote:Originally posted by BruceWright
That will only work IF hidden greater abilities are unlocked by different keys, which I doubt (lawsuit fodder. Plus software that runs the segway does not reside in the key.)

People said the same thing about computer chips in cars, yet there is a very active black market in hacked chips for cars. Several of my friends have chips for their cars that overcome the software driven governers put in place for smog control or street legalization purposes.

Also note, I was discussing hacking the Segway to enable it to do things it wasn't meant to do which could be as simple/subtle as altering the power assist mode so that it goes really fast, or changing the turning speed to something ridiculously slow, but most likely would be something even more bizarre and useless that none of us can imagine.

However, as stated by the original poster of this thread, the discussion was meant to be focused on security of individual Segway's and not the originally stated question of how secure are the keys....

On that subject, I agree with everyone else that the Segway can easily be stolen, that the keys can easily be obtained at the same time if it was "jacked". That anyone thinking otherwise must not live in a big city, is fooling themselves, or is blessed enough to be living in an extremely low crime area. But we are also all at high risk of being run over by a car or slipping in the bathtup each day too yet we don't freak out about that. Hopefully the insurance industry will step up to the plate and provide services catered to this device, or will make it easy to add Segway's to homeowners/renters insurance policies.....

quote:Originally posted by ronzul

...not all states allow EPAMD up to 20 mph...
Darn! I thought that might be the case. If faster keys are made available by state, it's one more advantage to live in OKC!

Mark

quote:Originally posted by Stan671

It would make no sense for Segway to create such a backdoor.

Are you sure? There are master keys for cars, why not Segway's? Wouldn't this be a useful tool for technicians?

quote:Originally posted by Stan671

Also, I see no way that a hacked or cracked key could make the Segway go faster unless the capabilities were already programmed into the Segway's firmware and just needed a special code from the key to enable it.

It's my understanding that it is common practice for special codes/abilities be built into firmware for the purposes of debugging. For example, Sony devices are famous for the number of secret codes/modes hidden deep in their firmware. Such codes are often leftovers from the original development effort or are left in place on purpose to aid in troubleshooting/diagnostics, though they were only meant for use in the factory. Even the ATM/Credit card readers at grocery stores are easily hackable, as evidenced in several articles a few years ago in 2600 (the hacker quarterly).

To assume that such codes would be unique for each device would require that there be no "backdoor". Yet almost all software has a backdoor, including almost all firmware. In fact, it's so common for backdoors to exist that software companies tout it when none exist, such as the original PGP maker did!

quote:Originally posted by Stan671

If people really wanted scooters that go so fast, then how come there are not millions of those great $200 electric sccoters....

The question of "Why people would want to hack the Segway" is entirely separate from "could people hack the Segway". It would be naive to assume that the only reason people hack devices is to make them faster/better. More commonly people hack devices simply to hack devices, especially when they are touted as being hack proof.

For more information on the subject of hacking, including the motivations behind hackers, I suggest reading http://www.2600.com/

All the wishful thinking of faster segways is to no avail if the Segway doesn't support the faster speeds. The analogy of bypassing car governers doesn't hold water, because those cars CAN go faster by design. Can the Segway go faster by design? Nobody has seen it. Saying "sure they could hack it, they hack cars" isn't necessarily the same thing. Not everything is the same. If someone can hack my 2megapixel camera to make it a 5megapixel, or hack my 35" Sony to be an HDTV, they can be my guest! If the ability isn't in it, they can hack all they want, they aren't making it go faster. (I suppose they could tow it behind a truck....)

Right now, there's no evidence that a hidden faster speed exists. I speculate that all the computer hardware in a Segway is doing calculations in realtime that keep it upright, as speed increases, the calculations increase their complexity exponentially. Faster Segway needs faster internal computers, and much faster data relayed from the gyros and attitude sensors. A Segway can already become "dizzy" from a fast or rough ride, and it needs to slow down and get its bearings. That means, the sensors sometimes get pushed past their limits as it is. Going faster would make you run into fault mode more often, which would make you actually run slower.

So right now, the purple key is nothing more than wishful thinking. Not supported by any evidence or any reports. We can dream all we want, I suppose.

But speculating about faster speeds looks bad, in my opinion. Clamoring for faster faster faster, and saying that a hidden key is all it takes, or a hack, or some guy with a code on the internet....

That path of speculation leads right to more sidewalk bans. WalkSF.org would LOVE to start and stoke a juicy rumor that folks were barreling down on seniors riding 2-wheeled bullets going 20mph. It makes Segway owners look like daredevils and it makes Segway LLC look out-of-control of their product. They wouldn't even have to prove it. Just spread the rumor. Instantly all the Segway owners would be posting on the internet to try and get the code, real or not. Regular folks will see all the Segway owners wanting to go faster on their sidewalk machines. All from a rumor. Segway LLC is put on the defensive. "Can you DISPROVE it?"

People at work always ask me that question: "How long before some kid hacks a Segway and it goes 20MPH?"

The next question is "How long before some kid breaks his neck?" They ask with a gleeful smirk. They want it to fail, just for the specticle.

"How long before someone mows down a grandmother?" "Hey, did you hear they banned 'em in San Fransisco?"



-Bruce Wright

Segway: Vehicle of Dream

Good post Bruce. We'll just have to wait and see whether or not the faster speeds were built into the Segway from the get go.



http://www.segwayceleb.com

quote:Originally posted by BruceWright
Right now, there's no evidence that a hidden faster speed exists. I speculate that all the computer hardware in a Segway is doing calculations in realtime that keep it upright, as speed increases, the calculations increase their complexity exponentially. Faster Segway needs faster internal computers, and much faster data relayed from the gyros and attitude sensors.


The sampling rate at which the Segway's processors must operate is a function of the vehicle mass, pendulum height, and motor characteristics, which determine the system's dynamic response characteristics. It is not a function of its linear speed. Practically every introductory undergraduate electrical engineering control systems course covers the topic of inverted pendulum control. The steady-state speed of the base is unrelated to the ability to keep the system upright, as long as the motor is strong enough to go even faster and right it if it leans forward.

It is entirely possible that higher speeds will create more violent bumps on imperfect surfaces, and that these will be more challenging for the Segway to correct. However, I suspect that the limitation in the ability to correct for such violent disturbances will be affected most by the available motor power and the dynamic performance of the sensors, and not by the computer speed, since fast-enough computers have been very inexpensive and widely available for decades. It would be hard to find a microcontroller on the market that would be too slow for this task today.

As for the likelihood of faster Segways, the manufacturer might have found a way to make the existing crop immune to aftermarket improvements, but the 15-20 mph maximum speeds for EPAMDs in the traffic legislation being lobbied for by Segway LLC suggests to me that Segway LLC wants to keep their options open. What concerns me is that the state laws allow such speeds but prohibit operation on the roadway where Segwayists would be far safer in most cases - and worse, some of the laws require traveling against traffic.

-Steve Goodridge

quote:
The question I made is:
What happens if the thieve takes alway the Segway "AND" the Key?
Mario


Having a lo-Jack type security system on it, provided by what is it?..On-Star (like some expensive cars have when they get stolen) would make it easier to recover. Even having GPS on it would make it somewhat easier to recover too.

Another idea I had, would be to incorporate a signaling device or reciever/transmitter built into the Keyfob or I-button that only lets the SHT operate within either a few blocks or say half a mile range only while the owner has the opposite reciever/transmitter indescretly
hidden in a pin, ink pen, belt buckle, wallet, bracelet, hat, article of clothing, etc. This way the owner if he/she gets jacked they can run and hide or call police while they are getting away, only, for the police to catch the thief, blocks or a half mile away when its shut off automatically when they are out of range of you and your hidden transmitter/reciever.

Another thing that also might make the thief more visible and piss him off would be to have like, an exploding red ink packet like the banks use, that covers him/her when you they get out of range from your transmitter. This would also keep first time riders trying out your SHT from running off with it, too.

While on that subject of the exploding red ink packet, maybe sometime in the future DK can incorporate into the SHT is a collision air bag into the handlebars of your SHT in case you do have a head on collision with something non-movable or bigger than you are. What do you think?

"Wouldn't it be cool, if?...is like Folgers in my cup"

quote:Originally posted by GadgetmanKen

quote:
The question I made is:
What happens if the thieve takes alway the Segway "AND" the Key?
Mario


Having a lo-Jack type security system on it, provided by what is it?..On-Star (like some expensive cars have when they get stolen) would make it easier to recover. Even having GPS on it would make it somewhat easier to recover too.

Another idea I had, would be to incorporate a signaling device or reciever/transmitter built into the Keyfob or I-button that only lets the SHT operate within either a few blocks or say half a mile range only while the owner has the opposite reciever/transmitter indescretly
hidden in a pin, ink pen, belt buckle, wallet, bracelet, hat, article of clothing, etc. This way the owner if he/she gets jacked they can run and hide or call police while they are getting away, only, for the police to catch the thief, blocks or a half mile away when its shut off automatically when they are out of range of you and your hidden transmitter/reciever.

Another thing that also might make the thief more visible and piss him off would be to have like, an exploding red ink packet like the banks use, that covers him/her when you they get out of range from your transmitter. This would also keep first time riders trying out your SHT from running off with it, too.

While on that subject of the exploding red ink packet, maybe sometime in the future DK can incorporate into the SHT is a collision air bag into the handlebars of your SHT in case you do have a head on collision with something non-movable or bigger than you are. What do you think?

"Wouldn't it be cool, if?...is like Folgers in my cup"


Even along this line of thinking with the hidden reciever/transmitter anti-theft device an additional device that could be added with or without it is a keypad added to the SHT, that after riding say a minute or a certain preset distance it could give you an audible as well a visual signal to enter say, a 4 or 5 digit code into it and if you dont have it or are not within shouting distance or able to find your jacked victim it will shut of in so many seconds. Making it seem worthless to the thief again. What do ya think?

"Wouldn't it be cool, if?...is like Folgers in my cup"

quote:Originally posted by bicycledriver
The main reason that most Americans don't ride bikes to work during nice weather is time.

The same is true of transit. In areas of the country where mass transit is faster than car use, mass transit is popular. In areas where car use including parking is faster than a pleasant transit ride, transit is less popular.

-Steve Goodridge


Can you point to evidence that supports the first statement? In Boston, one of the fastest means of travel in and around the city is by bike (this is true of many dense urban areas), yet relatively few people bike. Many people drive only a few miles to work, waste time searching for parking and pay extra money to drive, all major disincentives yet they still do it. Why? I think that the biggest reason that most Americans don't ride bikes to work is not time (because as said in Boston bike is most often faster than driving) but rather the effort involved. What about the perceived safety of biking (most people think it is less safe than driving) and many other factors that affect mode choice? Not even sure if this is on topic for the thread, but mode choice is a very interesting topic.

quote:Originally posted by axiotek
Many people drive only a few miles to work, waste time searching for parking and pay extra money to drive, all major disincentives yet they still do it. Why? I think that the biggest reason that most Americans don't ride bikes to work is not time (because as said in Boston bike is most often faster than driving) but rather the effort involved. What about the perceived safety of biking (most people think it is less safe than driving) and many other factors that affect mode choice? Not even sure if this is on topic for the thread, but mode choice is a very interesting topic.


I believe that the effort of bicycling still translates to time. I can reduce my exertion if I cycle more slowly. But slower cycling takes more time. People who enjoy cycling for exercise tend to cycle fast, but in warm weather they must spend the time to clean up and change clothes. They must also maintain their bicycles, charge up their headlamp batteries (or adjust their generators) and wash their cycling clothing. People eventually discover how to optimize their time. A car owner who enjoys cycling may cycle-commute just often enough to save time by overlapping their exercise time with their commute time, but no more. Since the car owner has already paid for the car and its insurance, it makes sense to make maximum use of it whenever it saves time. But for the person who makes a low houly wage, earning the money to pay for a car may take longer than using a bicycle, mass transit, and walking to get around.

Lots of people say that they are afraid of imagined dangers of cycling, but these same people routinely do things as pedestrians (e.g. crossing against lights, walking through stopped traffic, crossing at uncontrolled crosswalks on multi-lane roads) that are far more dangerous than lawful cycling. In most cases they are more afraid of violating social taboos and offending other road users for occupying roadway space than they are about being in an actual collision. People who enjoy cycling usually outgrow this inferiority complex and learn to cycle safely, but they still may not use a bicycle for transportation if they think that other modes will take less time.

-Steve Goodridge

quote:Originally posted by BruceWright

The analogy of bypassing car governers doesn't hold water, because those cars CAN go faster by design. Can the Segway go faster by design? Nobody has seen it. Saying "sure they could hack it, they hack cars" isn't necessarily the same thing. Not everything is the same. If someone can hack my 2megapixel camera to make it a 5megapixel, or hack my 35" Sony to be an HDTV, they can be my guest! If the ability isn't in it, they can hack all they want, they aren't making it go faster. (I suppose they could tow it behind a truck....)

I think you may have misunderstood the analogy. My wife says I choose particularly bad analogies so perhaps it was my fault.;) I was trying to point out an error in logic proposed (quoted in the post) which paraphrased states: The Segway can't do anything more than what it can do right out of the box simply because it would be a legal liability for it to physically be able to do anything more.

The analogy seems to have been misinterpreted as meaning that the Segway must be able to go faster than it can out of the box, which wasn't the point. Instead I'm just trying to say that simply because any consumer device can only do X, Y, or Z when delivered doesn't necessarily mean that x, y, and z are all the device is capable of, as evidenced by cars. But let's use a different analogy that might be better understood. I have an early Sony DVD player that played DVD's, CD's, CD-RW's, but amazingly couldn't play CD-R's. Why couldn’t it play CD-R's? Because Sony put in place firmware to purposely stop it from playing them in an early and clumsy attempt to fight back against music piracy. However, I found on the net codes that allowed me to re-configure the firmware to allow it to play CD-R's..... If I had assumed that the Sony player was physically incapable of playing CD-R's simply because it couldn't out of the box I would have been incorrect. To come full circle back to the Segway, simply because it can only do x, y, and z out of the box does not necessarily mean it is not physically capable of doing more.... Which doesn't mean it can do more, only that the mere fact that it doesn't currently do more isn't enough evidence to prove that it can't do more....

I hope that's clearer, sometimes my analogies misfire! :)

quote:
The analogy seems to have been misinterpreted as meaning that the Segway must be able to go faster than it can out of the box, which wasn't the point. Instead I'm just trying to say that simply because any consumer device can only do X, Y, or Z when delivered doesn't necessarily mean that x, y, and z are all the device is capable of, as evidenced by cars. But let's use a different analogy that might be better understood. I have an early Sony DVD player that played DVD's, CD's, CD-RW's, but amazingly couldn't play CD-R's. Why couldn#8217;t it play CD-R's? Because Sony put in place firmware to purposely stop it from playing them in an early and clumsy attempt to fight back against music piracy. However, I found on the net codes that allowed me to re-configure the firmware to allow it to play CD-R's..... If I had assumed that the Sony player was physically incapable of playing CD-R's simply because it couldn't out of the box I would have been incorrect. To come full circle back to the Segway, simply because it can only do x, y, and z out of the box does not necessarily mean it is not physically capable of doing more.... Which doesn't mean it can do more, only that the mere fact that it doesn't currently do more isn't enough evidence to prove that it can't do more....


I agree with Sailor on can the SHT go faster? Using the analogy of the Sony approach, how do we know if Segway hasn't put a built in governor in the software? Knowing a little about electronics I have had the experience of changing serial numbers on electronic boards through the firms own OEM software when the units initially failed. This is done for several reasons and one is for tracking of quality control and where and what stage or location its at. Once the unit tests out OK its goes into a burn in, which actually shorts out a lead so no more data can be entered or changed on the chip.

I also know that the first edition satelite dishes data cards (credit card type) with serial numbers could be hacked and get all the channels you wanted. But they caught on and sent out new cards with the second edition, and regularly send signals out changing the codes and ends your use if its not upgraded. The original cards can be reprogrammed by hackware and a reader for some bucks. But you constantly every few days have to redownload the codes. Such a hassle.

The same is true with most chips on computer type boards. They are burnt in. But they can also be swapped out like the chips on cars governors. However, one way to prevent this is by using "SMT" and or "cob" (chip on board) technology where you can't physically change the chip, only replace the whole board.

The main thing I think that should be said now is, maybe they can hack the key codes somehow, but I doubt they can make it go any faster because at the current max set speed, I imagine that the motor is going pretty much at maximum speed. To make it go faster one would need to increase the gear ratio in the transmission inside the SHT. I imagine this could be done fairly easily by qualified machine shops, in the future. And probably will no doubt.

"Wouldn't it be cool, if?...is like Folgers in my cup"

quote:Originally posted by pt

they're not really hackable-- it would take more hours and more $ than it would take to buy a segway ht. i wrote a bit a bout it here:

http://www.bookofseg.com/secure.html

feel free to have then email me, i'm willing to put $ on the line that they cannot "hack" them.

Bling, Bling! Pay up!

http://www.spies.com/~arubin/segway.html

i'll totally pay up if it's a hack, but that's not a "hack" (i knew about that, it's a feature for companies if needed) the only thing that site / example is doing (at the most) is changing the speed to something lower and you can't make a new key without an original to "clone".

not the hack we were talking about...faster speed or being able to create a key to steal a ht and / or stealing a ht and making a key...

the $ is still on the line (i guess we need to define what the $ is) how about $500 for a faster than 12.5mph key? does that sounds like a good challenge? i'll need to verify of course :-]

cheers,
pt

http://www.bookofseg.com

We've got some guys here today from Ft. Bragg, checking up on some projects we're building for them. One of them saw my Segway, and said he'd ridden the military version (M-167?) - at 25 MPH! But he also said that he thought he was told that it had larger motors and a larger base (bigger batteries) than the i- or e-series, so it's not just different firmware.

So... If you really want to glide at double-speed, you can always enlist ;)

Has no one thought of the most obvious answer? mabye hacking the key is not the answer, mabye hacking the actual firmware is the answer! Any programmers out there that would like to work on such a project give me a call! Im a c++/java programmer very intrested in this!

-glitch

There is no M-167 that goes 25 Mph, and hacking the software surely isn't easy.

Cost you $1,200 + modified cable assembly just to talk to the boards. Then you need to crack the JTAG keylock. Not a weekend endeavor I'll tell you that.

I think changing the software (assuming you could get that far) is a really bad idea. There is a whole lot more to this technology than just making it go faster. With the increased speed you may not have sufficient torque to keep you upright, deal with hills or other issues about which we, the uninformed, are not aware. While I would like more speed, hacking the code -- no thanks.

LLC designed the segway to be perfect, but as always, its impossable! The segway can be hacked to go faster, maby from the key, but thats only if the firmware also had a code written to support greater speeds. I think the answer is to go after the firmware. Not suggesting it, but if you had the extra 5k to throw at something like the segway and then have the guts to screw with it and see if it works, go ahead! Im all for mods/hacks, i totaly support them.

(off subject)
Does anyone know the price to replace the powerbase? Just that alone? Im not even sure if they will "replace" a powerbase, say if you wanted a second one. Im just wondering how much it would cost you to build the segway if you bought the CS, wheels, fenders, gearboxes, powerbase etc. Alone then assembled it.

The segway keys are extremely easy to hack. I have succeeded in both making standard replacement keys as well as increasing the speed of the segway by creating new keys. All that is needed is the serial number of the segway, as that number is included within the key. Therefore, it is possible to steal a segway knowing it's serial number. Is the $500 still being offered for proof of hackability?

verb: how fast have you gotten it to go? just curious. any proof, video's, etc.?

verbl800,

Owners have been creating modded/duplicated keys for some time. I'm not sure that exactly qualifies as a "hack" because everything that has been done, to date, has been within certain pre-set limits within the Segway HT itself. I think "mods" is a better way to describe what's been done. Any owner can create modded keys (any speed up to 12.5mph, all turning speeds up to a little faster than red key) with their PC and about $25 worth of hardware/equipment.

When you say you have been creating keys which increase the Segway HT's speed, do you mean beyond 12.5mph?

When you say it's possible to steal a Segway by knowing its serial number, do you mean the number within the key or the number printed on the Segway HT itself? AFAIK, there is no way to create keys based on the printed serial number - IOW, that number would have to be cross-referenced in Segway LLC's key database in order to find the matching key serial number.

Regards,

Frank A. Tropea

[/sc] Admin - "Keep your wheels on the ground!" - Contact Me (segwaychat@segwaychat.com)

quote:Originally posted by verbl800

The segway keys are extremely easy to hack. I have succeeded in both making standard replacement keys as well as increasing the speed of the segway by creating new keys. All that is needed is the serial number of the segway, as that number is included within the key. Therefore, it is possible to steal a segway knowing it's serial number. Is the $500 still being offered for proof of hackability?


The keys are easy to make if you're comfortable with installing the 1Wire driver and programming hardware to control the iButton's. I've made about 10 keys already. From my understanding, the serial number is not directly coded on to the key. Whether the s/n is encrypted and then stored on the key, I don't know.

People should treat their electronic key with the same care as their car keys -- if a person can borrow it for a minute, he can certainly "copy the pattern" and make a duplicate key at a later time.

There is a limit in the firmware, however, so you can program the key to "go faster", but the machine itself will not sustain speeds above 12.5 mph. (At least, with the experiments I tried.) There's certainly enough bits available in the key string to use as option flags, but I haven't seen any evidence, to date, about any means to defeat the speed.

I agree that the way to "attack" the speed limiter is by modifying the firmwarel But I can think of many reasons why it won't be a simple matter of downloading the binary, modifying a single byte, and then uploading it back into the system. Nothing is hack proof. But I also doubt that the core firmware is that easy to hack.

http://www.pasadenasegway.org/
A bicycle in 1897 cost $25 ($2,200 today adjusted for inflation).
A Ford Model-T cost $850 in 1908 ($75,000 today adjusted for inflation).
(Can anyone point me to historical prices of horses?)

Verbl

Don't know to do proof here. But I would recomend smoenone send you their serial # (don't worry guys) you send them a key.

I find your claims to be odd. Yes there is a key code position and value to increase the speed of the Segway up to 15 Mph. However, that value is now ignored and the firware limits it to 12.5 Mph at all times, regardless if the key says a higher value.

As to keycode being linked to serial #, you are wrong. This is not true. Not in any way shape or form. I know this without question.

If you have the serial #, and access to the Segway internal network then you can find out what the keycode is (or should be, but that's a different story)

I guess I thought I was much cooler than I really am. Never mind - looks like everyone has done this already. I did indeed use the key ID from the yellow label (which I mistakenly thought was the serial number), and I did increase the speed values on a new ibutton, thinking that made the Segway go faster. Have just done this, I hadn't realized that the firmware actually limited the speed to 12.5 regardless of the key setting. Oh man...I really got excited about this. Sorry to have wasted your time...

Concerning the "hackability" of the Segway,

In my opinion, a security model like the Segway is certainly hackable, and most likely will. However, the Segway has enough safeguards built in to keep honest people honest and script-kiddies out.

The firmware is, technically, accessible and serviceable from the device. However, the firmware is physically protected and the exposed port will likely use a digital signature to validate the firmware.
Let's make an analogy to Xbox Linux: The security is easily bypassed, but there is enough protection to keep mose people from doing it. Why? People don't even want to touch it with a screwdriver...

As an iButton developer, I am currently aware that the serial number cannot be changed. However, this is not to say that a person cannot manufacture a logger/sniffer and simulator to playback attack the port. However, this requires access to the key.

So in conclusion, the Segway is hackable to the extent of user modification with a lot of work. However, unless someone has 20-90 minutes to monkey with your HT's JTAG port, he's not likely to mess with it.

Additionally, I qould like to make one last comment:
Segway may have sure enough hashed the security key values, locked the firmware to the serial number to prevent reflashing, and epoxied the chips shut. But chances are, the Segway guys left a backdoor security open. After all, you think the guys at Segway company are content with 15mph. Noooo

danielwang-

yep, if someone has access to your key, you're hosed.

i pretty much agree with everything you said, but i don't think we'll see a faster segway (ever) via firmware modifications or an "uber" key or anything more than what many of us have played around with (extra keys, slower speeds, slower turning, etc..).

in fact, i'm really sure of it. so sure, i think i offered up $500, i'll make it $2,000 if anyone thinks they can hack a segway to go faster via firmware or key mods. the segway folks from what i've seen and heard don't have a back door and there isn't a model that goes over 12.5 mph, but hey-- if anyone can prove it, please do :-]

cheers,
pt





======================

segway ht journal:
http://www.bookofseg.com

other stuff:
http://www.flashenabled.com