Hi all,
Please can anyone advise whether a flipper zero will do the following task?
I have got a robot mower that i have unfortunately forgotten the pin code for.
To retrieve the pin code I need to obtain the PUK code from the device. The method to obtain this code doesnt seem to be working so I was wondering if this is something a flipper zero can do for me?
Or better still, can the flipper find out what the pin is?
Thanks in advance 
You assume every mower works the same? They donât.
I think if you are lucky a Logic Analyzer and a serial interface will be more useful than a Flipper Zero. But without knowing anything about the device we are as riddled as you are.
That is usually a cell phone term. Does this mower have a Sim card or cellular radio? You definitely need to at least provide manufacturer and model information for anyone to help but i dought the Flipper is the correct tool.
A PUK code is the code you have to enter if you used the wrong pin more then 3 times in a row, then you have 10 trials before the sim blocks you out and you need a new one. So heads up, if you actually need a PUK code, go look for it near the documentation of the simcard operating it before you need to replace it. Usually the PUK code is stamped/engraved into the card the sim was part of in the past or included on a sheet of paper where they glued the sim to.
So if you want to break it, it just takes 10 more wrong answers to make sure you can throw it away and replace it, otherwise, i would advise to look for included documentation or contact provider of the mobile service running it.
But like robot vacuum bots the lawn ones are somewhat the same in communication, some run on subghz stupid AM band commands to start/stop / return home etc and sorta learn a track to repeat, others are a bit smarter that run on on ISM band and have some more logic like actual GPS, but if it is literally asking for a PUK code, it seems like he is trying to break a sim-card, so if 0000 did not work on the first try, i would not try more and start looking for the puk code they prolly got with it , before installing it.
If it already asks for the puk code, it means your 3 pin trials where wrong to start, so if the provider of the service does not keep that information you will need documentation or sim replacement i guess? I have not seen many mowers with e-sims yet so , if those are a exception, sure. but same point.
Thanks all for the replies so far.
So its an Einhelll Freelexo 1200 LCD BT.
It does not have a sim card.
Basically, the unit has a pin to allow you to access the functions. Having forgotten the pin, the manual and manufacturer mentions starting the unit in âBOOTâ mode and exporting the PUK code on to USB stick, (I too recognise this term from mobile phones, however i am not sure it is the same thing). You then put the USB stick into a laptop and open the exported file to find said code.
The manufacturer then uses this along with the serial number to give you the pin.
I am however unable to start the unit in boot mode. Im currently in discussions with the manufacturer to find a solution, however so far theyâve not been all that helpful.
In the meantime i was wondering if there may be a way of using the flipper to somehow interrogate the main pcb to find out what either the PUK or PIN code is? Or perhaps another device/method that may get me a little closer?!
Thanks again.
Given the information we have itâs possible in theory but the Flipper isnât the ideal tool. Thatâs a complicated process anyway. I believe this is what you would need to do that but you also need the skills.
EDIT: If you really want to go down that path and are serious about this I can point you toward people you can learn from. They wonât want to talk to you though unless you are interested in learning and they wonât do it for you. If you just want to fix the mower stick with tech support.
The documentation says that the default pin is 1234
Lock release
Before you start using the robot lawn mower,
you have to enter the correct PIN (standard PIN:
â1-2-3-4â). Enter the PIN slowly in sequence and
confirm the entry with the âOKâ button (54).
then:
Requesting your PIN if you lose it
Have the receipt and the serial number of the
robot lawn mower ready. You need them in order
to get your PIN.
so they have a algorithm to reverse the pin or generate a master one i guess, not sure if that is public information ? but it seems to have features to flash it by usb so it must have some ways of finding out more about the mower if anybody actually took the effort to change the default pin, so getting part-numbers from it and check support on their site? If you do not want to take it apart, otherwise, guess you wanna find out what it is running before you can make a good guess on options. So it has bluetooth, and usb,much more about the stuff used in it they do not have listed in their documentation. Other devices have 0000 , so if one of the 2 default pin codes does not work, you need a usb drive to get the number for support.
Chance exists, that there is another way of creating a text file that resets it, but i have no idea what fw those things are running and they do not seem to be to happy to share them publicly for everyone to get , so that does make you wonder why they do not think that is a good idea.
But since it does have functions that use Bluetooth and USB file upgrade methods, also give it a bigger chance you can jtag into it or stuff like that. or start buttonbashing with drive in it, to see if you can make it dump config files, you could maybe edit on other ways. So out of warranty/support i guess you must resort to opening it and finding out what stuff they use to run the machine?
and
they took effort to resin up the entire thing so it will take some serious boredom if you want to go that way, so it would be interesting to figure that one out, but the board replacement parts are 270 euros, guess that is the worst-case option?
It does have a lot of connectors, so i would definitely look for alternative options of talking to the board, by rs/jtag or whatever this could be running. I do not recognize the black blobs by these pictures. But if you do not want to go into taking it apart, i guess you could try to sniff bluetooth packages and see if it uses clear text / simple communication methods to configure the thing and make your own? You could wireshark the traffic and have a look at it that way first. It depends on what ways of finding weaknesses you wanna make sure about on what layer first? heck, you could replace it with a arduino and join the mower github 
but it could be as simple as just disconnecting the battery for half a minute that seems also to be under the resin, so choose your path of no return if you do not mind breaking it out of warranty and support not helping you to unlock it 
I usually void warrantyâs on the day of purchase, but thatâs a personal preference, but it can also turn into a expensive hobby, first clearing a rom then finding out there is no way of getting the rom other then buying another one can stack up fast. 
Or you need friendly neighbors with the same one, and ask if you can take theirs apart to clone , but I guess that seems like a odd request.
I have tried both 1-2-3-4 and 0-0-0-0 as potential defaults. And have even gone through many common pin configurations to see if by luck I could guess it correctly. I have even thought about how long it would take me to enter every 4 pin configuration possible (10,000), providing the unit isnât actually locked I will eventually stumble across the correct pin!
I have a ticket open currently with the technical department at Einhell but they donât seem to be all that useful so far.
Ultimately, if they can advise why this unit wonât start in âBOOTâ mode, and then perhaps assist me further, I should then be able to get the PUK code off and therefore reset the pin (I donât have much confidence this will be the outcome though).
I am an electrical engineer so am more than happy to start taking it apart, I didnât pay much for it so donât have much to lose! My background however is not in software or electronics so I donât currently have the knowledge to be able to confidently fault find/interrogate a board of this sort, though I am keen to learn!
I had thought about replacing it with an arduinoâŠagain itâs not something I have any knowledge on but have been wanting to learn for a few years but just havenât had a project to try on!
In the meantime I will do some research on logic analysers, wireshark and bluetooth sniffers to see if they may be useful! If something looks like it is, I will then start to learn!
Wish me luck!!
I try to make it at least a weeks so i know whether it was broken when I got it or if I broke it.