taban/PIR_MadMax
2
4
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

MàJ du rapport

Browse source
This commit is contained in:
Oskar Orvik 2026-05-12 08:06:28 +02:00
parent 139b2dbbf3
commit 2040b27f72
1 changed files with 45 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
Sécurité/main.tex
View file

@ -40,7 +40,7 @@ Johnse@insa-toulouse.fr}
\IEEEauthorblockA{\textit{GEI} \\
\textit{INSA Toulouse}\\
Toulouse, France \\
Orvik@insa-toulouse.fr}
Orvik@insa-toulouse.fr\\}
%\and
\IEEEauthorblockN{Julien Pavillon}
\IEEEauthorblockA{\textit{GEI} \\
@ -90,32 +90,57 @@ This report presents the design and implementation of a VESC-based motor control
\subsection{BLE Compatibility With the VESC}
VESC-controllers are not necessarily equipped with Bluetooth-modules by default. Often, it is necessary to add a BLE-module. A standard HC-05 bluetooth-module compatible with arduino is a great way to send and recieve bluetooth-packets from a host, e.g. a mobile phone, via a bridge translating the bluetooth packets to the UART protocol. This is because the HC-05 is not adapted for BLE as a base. Needing a bridge also adds on complexity and cost, in the form of extra components and another device to maintain the code of. For the future, choosing a bluetooth module supporting BLE will be the easiest solution.
\subsubsection{First Experiment}
VESC-controllers are not necessarily equipped with Bluetooth-modules by default. Often, it is necessary to add a BLE-module. A standard HC-05 bluetooth-module compatible with arduino is a great way to send and recieve bluetooth-packets from a host, e.g. a mobile phone, via a bridge translating the bluetooth packets to the UART protocol. This could be demonstrated using a ESP8622's standard library with said module, by letting us send characters from one device to another.
\subsection{BLE Vulnerability}
Bluetooth could be a vulnerability to a VESC if it is to be used as a controller in real-time, as the controller could be jammed. Our test with the Flipper Zero shows the disfunctionnality of Bluetooth with different use cases. It could also be investigated how the connection to the VESC could be modified using the vesc tool. We will touch more on the accessability of the code within the vesc tool sooner.
\subsubsection{HC-05 and the VESC}
By flashing the VESC firmware on a discovery-card and connecting the HC-05 module to the PB10 and PB11-pins, which are the Rx and Tx-pins for the STM32F4xx chip, we discovered that the setup for the bluetooth module was not available in the VESC tool. The inherent BLE capabilities is an important limitation to consider when designing a VESC system.
We learned therefore that the HC-05 is not originally adapted for BLE. The need for a bridge also adds on complexity and cost, in the form of extra components and another device to maintain the code of. For the future, choosing a bluetooth module supporting BLE will be the easiest solution. Preferably a module fitting the communication connector on the cheap FOCer project\cite{b1} could facilitate the relevancy of the PCB project with a microcontroller.
\subsection{Testing of BLE-modules}
\subsubsection{BLE Vulnerability}
Bluetooth could be a vulnerability to a VESC if it is to be used as a controller in real-time, as the controller could be jammed. Our test with the Flipper Zero shows the disfunctionnality of Bluetooth with different use cases. We experienced with the jamming of a bluetooth speaker that the music completely stopped. It could also be investigated how the connection to the VESC could be modified using the vesc tool. We will touch more on the accessability of the code within the vesc tool sooner.
What we have done: Flash VESC on a discovery-card. We connected the HC-05 module to the PB10 and PB11-pins, which are the Rx and Tx-pins for the STM32F4xx chip. We discovered that the setup for the bluetooth module was not available in the VESC tool. The inherent BLE capabilities is an important limitation to consider when designing a VESC system.
\section{Code integrity}
\subsection{Code integrity}
\subsubsection{Context}
As the project is open source, and the code is freely accessible, there should be no reason to hide the code. It could however be reasonable to protect the code from changes which could hurt other people. Changing following parameters should at least come with a disclaimer and clearly state the dangers possible by proceeding with said changes. We have in mind the maximum speed permitted and the power available to the motors.
\subsection{VESC compiling}
We have been able to compile the VESC tool and the VESC firmware. This firmware has been put onto an STM32F4xx Discovery card. This poses several obstacles for our progress on the topic of cybersecurity. We will however summarise what we have learned for you and propose some additional work for the future. The challenges we encountered were the following: The lack of bluetooth capabilities. We did not have a module with BLE eiter. We had access to a HC-05 module, but that only allows for a normal bluetooth protocol and would require further work on a bridge to UART by using an esp8622 that we had as well. We propose that the next group has access to a VESC controller from the beginning, as well as a motor we could control. This could be in cooperation with laMAD, as laMAD could propose some models they're interested in.
We also found that the information on the VESC is scattered around the net. The ressources is also sometimes based on a debian-based linux system which adds more work for someone using another distribution of linux. This could hinder the implementation facility for new users. We struggeled particularly with the Qt packages for positioning and gamepad. We would therefore recommend the use of a debian-based linux system for the computer working with the VESC for the laMAD associates.
\subsection{lispBM extraction}
\subsubsection{LispBM extraction}
We caugth word that the lisp code for the VESC used by Maillon mobility was easy to extract. By building an older firmware with the Maillon mobility software, we observed this by going to the lispBM tab and clicking read. It's up to laMAD if they would like to reinforce this mechanism. A modification on a parameter and then clicking upload allowed us to easily change the speed limit. This could bring up a public danger. This raises questions on the use of laMADs equipment which is in a traffic friendly manner.
When we flashed newer firmware from the project made by Benjamin Veeder\footnote{https://github.com/vedderb/bldc/}, we also observed some difficulties in uploading the lispBM script taken from the one on firmware version 6.06. This could indicate that there needs to be further maintenance of the code in order to get the software up to speed. This needs to be documented better for someone to continue the project. This could be a good investment for laMAD as well in the context of training for the people working on the motor control part of the e-bike.
\subsubsection{LispBM Code}
When we flashed newer firmware from the project made by Benjamin Vedder\cite{b1}, we also observed some difficulties in uploading the lispBM script taken from the one on firmware version 6.06. This could indicate that there needs to be further maintenance of the code in order to get the software up to speed. This needs to be documented better for someone to continue the project. This could be a good investment for laMAD as well in the context of training for the people working on the motor control part of the e-bike.
\subsection{Discussion}
This project could be seen as an introduction to the VESC project for someone who don't know about it from beforehand, the challenges the new users face during setup, as well as a demand for clear expectations concerning documentation on the subject. The project laMAD is leading should probably not be a fork of the project, as the project is still in development.
This documentation could be as simple as referencing the relevant parts of the lispBM documentation \cite{b2}
\subsubsection{Proposed Solution}
This risk could be patched by developing a VESC application for the VESC controller or using a binary. This is a solution which is less open source, but which is make unlawful use of the material harder. The application could be created using C and use an algorithm known by laMAD in order to securise the access to someone to change the parameters only if they are laMAD certified personnel. This encryption would preferably be reduced to the most essential settings in order to align with what our impression of the philosophy of laMAD would be.
\subsection{VESC Compiling}
As mentionned, we have been able to compile the VESC tool and the VESC firmware. This firmware has been put onto an STM32F4xx Discovery card. This poses several obstacles for our progress on the topic of cybersecurity. We will however summarise what we have learned for you and propose some additional work for the future. The challenges we encountered were the following: The lack of bluetooth capabilities. We did not have a module with BLE either. We had access to a HC-05 module, but that only allows for a normal bluetooth protocol and would require further work on a bridge to UART by using an esp8622 that we had as well. We propose that the next group has access to a VESC controller from the beginning, as well as a motor we could control. This could be in cooperation with laMAD, as laMAD could propose some models they're interested in.
We also found that the information on the VESC is scattered around the internet. The ressources is also sometimes based on a debian-based linux system which adds more work for someone using another distribution of linux. This could hinder the implementation facility for new users. We struggeled particularly with the Qt packages for positioning and gamepad. We would therefore recommend the use of a debian-based linux system for the computer working with the VESC for the laMAD associates.
\section{Discussion}
This project could be seen as an introduction to the VESC project for someone who don't know about it from beforehand, the challenges the new users face during setup, as well as a demand for clear expectations concerning documentation on the subject. The project laMAD is leading should probably not be a fork of the project, as the project is still in development.
As a final note, this proved to be a project which could easily be developed into several different projects in different fields. Some projects could be continued later on as a different PIR subject, other could be proposed to later years in different spesialisations like TLS SEC, ESPE. Our thoughts on the following projects that could be explored are the following.
The fabrication line for electronics is globalised. This is okay in a stable world, but it could be a problem in a world full of instability, be it war, blockages, or tarifs. The idea of opening a spesialisation in cooperation with AIME came up as an idea.
For TLS SEC the subject could be the design for a fitting mechanism to restrict certain priveligies to certified personnel that could be used in the C programming language. Later down the line we could also see the possibility to analyse the Bluetooth frames in order to manipulate them in order to change important parameters.
The continuation on the PCB could be a subject fitting an ESPE spesialisation.
The proposition of and supply of a vesc system to play with and troubleshoot could be a good rule of thumb, which allows for a quicker start and gives among other things an idea of the budget and the supply line used by a entity in the sector. Proposing a visit could also be one way to familiarise students with the association.
What should be a clear conclusion from our test with the jammer is that a controlles based on Bluetooth alone should be avoided when possible and practical. Examples where this could be relevant include electric skateboards, as cables could impose a tripping hazard. There, an encapsulation of an encrypted control frame could be an thought.
\section{Results}
\section{Conclusion/Summary}
%\begin{figure}[htbp]
%%\centerline{\includegraphics{fig1.png}}
@ -148,7 +173,8 @@ acknowledgments in the unnumbered footnote on the first page.
%the beginning of a sentence: ``Reference \cite{b3} was the first $\ldots$''
\begin{thebibliography}{00}
\bibitem{b7} M. Young, The Technical Writer's Handbook. Mill Valley, CA: University Science, 1989.
\bibitem{b1}https://github.com/vedderb/bldc/
\bibitem{b2}https://github.com/vedderb/bldc/tree/master/lispBM
\end{thebibliography}
\end{document}