Crowdfund hacker to build custom firmware?

[bluntnose]

Apologies for commenting on older posts on this thread, before it went technical on how to: as for whether dji would ever move to sue software modifiers. If the "tweaks" alter or cut out those changes dji generated specifically to appease FAA and/or terrorist-fighting agencies mightn't dji file a very public lawsuit against those who have publicly advocated or begun the hack process? And to those who say naw, dji's only 1 of thousands in this universe, I suggest the runaway success of dji is because it has put this sophisticated capable flyer not in the hands of inveterate tinkerer/inventors but of Johnny-come-latelies like me, real consumer level pilots, at a price hundreds of thousands newbies can afford. They do have a vested interest in appearing like a responsible manufacturer to governments who could decimate their business. So the question is isn't this board a little public for concrete plans etc ya-know-what-I-mean?

Again, apologies if it's already asked/answered.

 

[John N Kronyak]

Right. They will just put the small group in jail. But, if all UAVs are modded and countless people regularly start flying in no fly zones, what would be the FAA's next move?

Putting UAV enthusiasts in jail is like putting Pot Smokers in Jail. What the hell is our country coming to.

 

[DiluxEdition]

Forget FCC vs CE mode, it would be better to just let us adjust the output power ourselves and see how much it can handle. A test bird would be great for that.

I can start learning to program, I'm good at tinkering and figuring stuff out. I'd be willing to join the dev team with a teeny bit of guidance as to what I need to learn...

I was the first to figure out how to get above 500m (the RTH trick, maybe on another username here) and I just recently figured a way to downgrade the remote to whatever firmware you want...

 

[zobiwu]

anyone know (ie tried or figured out the binary fw) if the ambarella's ash control files work on the p3? Im slightly scared to brick mine and need hours and hours and hours to fix it - would rather find a cheap broken one on ebay ;-)

note: alternatively anyone willing to run stuff on their P3 / risk bricking it, that'll do too ;-)

 

[rhoffart]

following ... is this going to be open source? Not a programmer but would be will to do some beta testing.

 

[KyleMaxxUAV]

This may be totally ridiculous but ... I was thinking and I think a simple jailbreak tweak similar to the in app purchase tweak (allowing you to make in app purchases for free) may be able to give the go app a fake "OK to fly" server reply. And basically wipe out this whole BS disaster. I'm no programmer but just a thought ??


Sent from my iPhone using PhantomPilots mobile app

 

[Apilot101]

This may be totally ridiculous but ... I was thinking and I think a simple jailbreak tweak similar to the in app purchase tweak (allowing you to make in app purchases for free) may be able to give the go app a fake "OK to fly" server reply. And basically wipe out this whole BS disaster. I'm no programmer but just a thought ??


Sent from my iPhone using PhantomPilots mobile app

this is similar to what nozza87 wrote on post #70. He seems to be testing a theory like this

 

[nozza87]

this is similar to what nozza87 wrote on post #70. He seems to be testing a theory like this

I am trying to fully emulate the DJI server on my own server at the moment and proxy the app through this. In doing so I can defeat all communication with DJI and this will not require modifying any apps but will still require Internet.
I have most of this working and once I get it completed my idea is to add this as a patch to the official SDK so all apps can benefit from running locally with no internet connection required.
This seems to be the easiest route at the moment but I will be putting some hours into looking at the firmware as well.
I do not want to cause any safety concerns as I see a lot of idiots around that shouldn't be flying so we may have to come up with some way to release this properly.

 

[fordruid]

Thinking that it could be as simple as a certain entertainment provider hack from years back. In the authorization software find the right spot and insert a jump to authorized. (or that's how I read that they did it )

 

[nozza87]

Thinking that it could be as simple as a certain entertainment provider hack from years back. In the authorization software find the right spot and insert a jump to authorized. (or that's how I read that they did it )

Unfortunately it's not that simple as the code is encrypted and requires 'activation' via the DJI server. This is done with a request containing your device ID and the Apps API key which is HMAC'd and then a 256 AES key is received which is used to decrypt the app.
Once this is done however you can't just NOP the rest because the flight controller also contains an NFZ database among other things that it checks regardless of the app.
However I may have a workaround for this

 

[andrew_by]

unlocking NFZ/GEO now is possible, but for this you need open body of Phantom 3 and small soldering skills and .. small cheat)

 

[StevenATL5]

Liking where this is going... Devs mount up!

I'll got a $100 US on it

 

[George Strickroth]

unlocking NFZ/GEO now is possible, but for this you need open body of Phantom 3 and small soldering skills and .. small cheat)

Are you referring to unlocking the bootloader, or turning off the NFZ?

And by "cheat" do you mean a jumper?

RodeoGeorge

 

[nachotrippy]

yah, I ll put some money into research. Its even worth by all I ll learn about my craft

 

[hot dog]

Seems like if this had any value,someone would just do it and sell it to those interested.
I don't see where the expense lies. Are there supplies that must be bought?

 

[yawnalot29]

Seems like if this had any value,someone would just do it and sell it to those interested.
I don't see where the expense lies. Are there supplies that must be bought?

Time / opportunity cost

Would you work for free?

 

[andrew_by]

Are you referring to unlocking the bootloader, or turning off the NFZ?

And by "cheat" do you mean a jumper?

RodeoGeorge

no any bootloader cheating .. all mods i making at hardware , because bootloader secured .. cheat i mean - small MCU like ARDUINO

 

[alokbhargava]

Count me in as a tester.

 

[hot dog]

Time / opportunity cost

Would you work for free?

If his work is worthwhile, the developer will be reimbursed by selling the product.

 

[StevenATL5]

Hi all,
I am by no means professional but have spent quite a few years reverse engineering software and hardware mostly for fun but also because i like to know how things work and customise them to my liking.

I have been busy with work so am a little late to this party but i spent a few hours over the past few nights exploring the iOS and Android DJI GO apps sources, the SDK binaries, and the firmware and have found a lot in regards to NFZ's and bypassing them. On a side note there is also a lot of references to the Phantom 4 in there.
From what i have found i don't believe we need to touch firmware / risk bricking as the apps seem to manage the NFZ data and then push it to the flight controller which stores it and does what it is told.
Anyway i have successfully ran a mitm attack by emulating the NFZ server via a proxy to return a modified NFZ database with all disabled zones enabled and it seems to be working.
There is a lot of work to be done before this is usable but it seems the easiest way to do this.
Everything is encrypted and obfuscated making progress rather slow but i have extracted a few keys and am working on decrypting what i need.
My current plan is to run a modified app that still phones home to DJI and passes data back and forth as it should but tells the flight controller everything is always ok in regards to NFZ's even when it really isn't so it caches a constantly clean file.
I will try and get some more usable information and post details over the weekend.

Please note that whilst i disagree with the way DJI has done some things i can understand why so i will not be removing any safety limits or the like only allowing the pilot to decide when and where they want to fly.

Stay Safe and Happy Flying

What if the "where" is above 500 meters?