I feel like there are still some options. Each card has a sticker and a # on it. That number matches the number printed on a piece of paper on the back of the control board.
Maybe someone can figure out bluetooth/rfid connectivity with that info. I have tried, but I don't know enough about the topic.
I totally agree with you. I also don't think IOS devices are the right tool for the job as android has deeper NFC and RFID capabilities
(RFID being a subset of the NFC standards).
As someone just said - cloning (ALONE) is not the ticket... but my samsung s9 can emulate RFID cards clone copy and write... my gut feeling is that there are 3 or variables stored in the key that use a basic format like RSS to define them... I don't know what the key variables are but I'm guessing something like :
that we could simple compy and paste into the box in the RFID flasher app for writing to a card/key fob. This is the kind of stuff you get when you swipe magnetic stripe cards through readers. a few lines of the key stuff.
The dumps someone posted app screen caps of were interesting - but much was in hex or not shown. there's also the option of brute forcing the bluetooth PIN if you go the bluetooth route... or doing a sniff capture of what goes across the air when you use your app to pay for a normal ride or if we could get one of the Chinese or earl;y app versions in hand that works on the stock scooters so we could at least understand what its passing or requesting . Before the USA exclusive they were in app stores and on the company that made the app's website - as recent as 12 months ago.... my IOS devices still see apple app store listings (in europe) for iwalk apps that are no longer available.
I think the answer... if there is one possible... is not to just clone but clone the cards, understand whats on them and the syntax - and then replicate and write... aside from theunique # on the bluetooth board there's other unique identifiers for each scooter... if you turn it on holding down power button and brakes and not releasing you get a 4 digit code... if you hold it long enough. You may need to hold open throttle at same time I forget its been a month or two. Its kind of like how they reprogram some key remotes for cars - the smart keys like the BMW w battery and a device in the key base.... you have to do a convoluted sequence of real world input like unlock back left door the right then put in neutral tap brakes 3 times and the car will outp[ut the pairing code to the replacement key device. I learned about this while searching for an RFID copying app for this project... I came across a app in the play store that I thought was a master programmer or hack database for reprogramming keys - what it was was a list by make and year of physical steps to the hoke pokee for ear model. A text list - still very useful and interesting. It could be something simple like that - give it a shot trying different button presses and post if you get anything interesting.