reverse-engineered Unitree – A robotics tinkerer is working to reverse-engineer Unitree’s proprietary motor driver tied to the company’s GO-M8018-6 motors, using public documentation plus hardware sleuthing. By extracting and decrypting encrypted firmware through a recovered key, he says
The first clue was physical, not code. For reverse-engineering Unitree’s proprietary driver behind the GO-M8018-6 motor, [Thomas Flayols] started by digging into the motor’s printed circuit board—an approach made far harder by one detail the company intentionally left out.
Unitree removed all markings on the integrated circuits, leaving almost nothing to go on by inspection alone. The breakthrough came with an X-ray machine and careful component sleuthing, letting [Thomas] deduce the motor’s Cortex-M0-based CMS32M57xx MCU and other parts.
The motors in question—GO-M8018-6. used to propel the Unitree Go2 quadruped robot—appear to be similar to Unitree’s GO-M8010-6 motors from its Go1 robot line. Unitree also sells the motors. What matters for builders isn’t just the hardware resemblance. It’s that the driver and control layer inside the actuator are treated as proprietary.
Inside the actuator. the package is built to be compact but capable: it includes a reducer. a magnetic encoder. a 3-phase inverter. current sensing. an RS-485 bus. and the Cortex-M0-based CMS32M57xx MCU. It’s the kind of assembly intended for robotics applications where an actuator has to pack a lot of control into a small footprint.
Once the MCU was identified, the next step was access—specifically, establishing SWD/OpenOCD access to that chip. From there, [Thomas] extracted the firmware key from the bootloader SRAM.
The firmware itself was encrypted. But a locally recovered key was found to decrypt it. With that door opened, he developed an initial custom firmware, and he’s now aiming to turn that into fully featured open source firmware.
The potential impact is straightforward: open source firmware would “obviously” widen access to these motors beyond Unitree’s own ecosystem, he says—especially since they are described as “pretty good value” for their mechanical capabilities.
There’s also a second, more sensitive reason the reverse-engineering feels timely. The piece notes “serious malware accusations and security issues” tied to the Go2 robot’s firmware. If those concerns are being debated publicly. an alternative firmware path built from the hardware up changes what users can do next—without waiting for the manufacturer.
For now, the work is still in progress. But the direction is clear: take a closed driver that’s bundled into a compact robotics actuator. pull out the pieces despite unmarked chips. recover the key from bootloader SRAM. decrypt encrypted firmware. and build something the wider community can actually modify.
Unitree GO-M8018-6 reverse engineering motor driver firmware Cortex-M0 CMS32M57xx SWD/OpenOCD RS-485 open source firmware robotics security
So is this gonna let you hack the robot and make it do whatever? Sounds sketchy.
I read “reverse-engineered” and instantly thought this is gonna void warranties and cause more problems than it solves. But also like… open source would be cool I guess?
Wait, they removed markings on the chips and then used an X-ray?? That’s wild. So the “malware accusations” are why they’re doing this, or is it just for modding? Either way I don’t trust robots firmware, never.
RS-485, Cortex-M0, OpenOCD… I can’t even keep up. If this works then users can totally bypass the manufacturer ecosystem, right? But won’t that also mean you can install malware easier too, like it cuts both ways. I’m confused why it says “pretty good value” like that matters to security.