Crowdfund hacker to build custom firmware?

Status
Not open for further replies.
It wouldn't suprise me if altitude and NFZ lock is done by same mechanism inside FW, so new GEO enabled firmwares with NFZ unlock option with authorisation could actually help hacking other restrictions (ie. altitude)


Sent from my iPhone using PhantomPilots mobile app
 
ianwood said:
I would equally assume there was a JTAG interface or similar for loading firmware at the factory and to recover "bricked" installs. What we need is a complete teardown with high resolution images including inside the flight controller and camera. Anybody found such images?

If not, this could be what we need to raise funds for. Anybody willing to donate a dead P3?
Click to expand...

My first P3P fell 200feet onto a parking lot. I didn't bother with warranty as I had made some mods like a high power spot light and figured it wouldn't have been covered so just bought a new one. I have everything, the complete main board although it has damage and all gimbal boards and camera are actually good and work along with working lightbridge and optical positioning module. So don't know If I could be of any assistance here. Let me know if so.
 
  • Like
Reactions: nozza87
Are you referring to the Micro-SD mounted the the Phantom's mainboard? That is used for storing flight data logs & it is glued in place hence your difficulty in removing it from the slot.

StevenATL5 said:
I tried to remove the sdcard from my first P3P (crashed) but couldn't figure out how the hell it was supposed to be removed so I just forced it (curiosity). So it may not be removable. And weirdly it does not work, atleast in my android device, haven't tried it in anything else. Using OTG sdcard reader android gives me a high current device has been inserted and requires an external power supply message. It seems to cause a dead short idk just my impression. It's a 4GB Sandisk class 4 btw
Click to expand...
 
low_budget said:
That info is likely imbedded in the firmware on a flash chip near the Flight controller.
Haven't yet taken a Phantom apart to analyze the hardware.

The hidden SD card contains flight logs and possibly no fly zone data.

Which gives me an idea....
possible to erase this card to remove dji's crazy no fly zone updates?
Click to expand...


I tried to remove the sdcard from my first P3P (crashed) but couldn't figure out how the hell it was supposed to be removed so I just forced it (curiosity). So it may not be removable. And weirdly it does not work, atleast in my android device, haven't tried it in anything else. Using OTG sdcard reader android gives me a high current device has been inserted and requires an external power supply message. It seems to cause a dead short idk just my impression. It's a 4GB Sandisk class 4 btw
 
Drunk updates:
  • DJI can lawsuit me or anyone here, but makes no sense. 99% they broke Unix licences of libraries they used
  • everyone can buy handmade drone to mount bomb and fly it somewhere
  • geofence is fail
  • I want to use just DJI hardware, no limits, no all.
  • Why car companies did not implement road geofence? so you can't speeding hahh
Um, did we moved to some more private & better organised place. i'm having hard time to sort out what's happened here. No tasks, no progress, no sorted lists, no todo's.. really hard to keep track
 
  • Like
Reactions: CactusJackSlade, StevenQX, ninosnicolaou and 1 other person
nozza87 said:
I am trying to fully emulate the DJI server on my own server at the moment and proxy the app through this. In doing so I can defeat all communication with DJI and this will not require modifying any apps but will still require Internet.
I have most of this working and once I get it completed my idea is to add this as a patch to the official SDK so all apps can benefit from running locally with no internet connection required.
This seems to be the easiest route at the moment but I will be putting some hours into looking at the firmware as well.
I do not want to cause any safety concerns as I see a lot of idiots around that shouldn't be flying so we may have to come up with some way to release this properly.
Click to expand...
I'm offering help and/or testing. If you note what exactly you did, maybe i can help with development of bypass server. Should we move to some private google doc or some Slack channel or something.

Let me know.
 
Muva Bee said:
Drunk updates:
  • DJI can lawsuit me or anyone here, but makes no sense. 99% they broke Unix licences of libraries they used
  • everyone can buy handmade drone to mount bomb and fly it somewhere
  • geofence is fail
  • I want to use just DJI hardware, no limits, no all.
  • Why car companies did not implement road geofence? so you can't speeding hahh
Click to expand...
^ +1:D
 
I'm quite new on the P3A scene but more experienced in RC and 'customizing stuff".
I want to ask senior members/ anyone who knows: were the initial ( the launch one) firmwares limiting altitude ? I want to dig inside some stuff using some old tricks and I would like to know if it's worth it.....
Anyway, the security shouldn't be too hard implemented considering that DJI is a drone manufacturer....OS security is the most expensive from OS modules and I doubt DJI has samsung's money for a knox bootloader. they mostly prefer security through obscurity ....
 
Muva Bee said:
I'm offering help and/or testing. If you note what exactly you did, maybe i can help with development of bypass server. Should we move to some private google doc or some Slack channel or something.

Let me know.
Click to expand...

Nothing is every private if it's in any way shape or form reliant on Google, keep that in mind.
 
  • Like
Reactions: dr.evil
WetDog said:
None of this is documented. I'd venture that the code is so convoluted and spaghetti'd that even DJI has problems figuring out which end is up.
Click to expand...
So was Direct TV and Dish Network. Heck DTV had the Asic they were using custom made for them. Just switched a bunch of op-codes around. It can be done. No doubt. Its just is someone going to put the time and effort into it? Internet access is not needed to fly the drone. And you are right, Its not a cell phone.
 
P3P Canada said:
Hey guys .. We have moved to a private conversation ... Whoever is interested in continuing to work on this .. Please shoot me a PM .. I'll give you the info
I'm interested.

Sent from my iPhone using PhantomPilots mobile app
Click to expand...

I'm interested. Please let me know where to signup.
 
Last edited:
This WiLL happen, the p3 is meant to be torn appart by the internet. As long as it flew fine, there where no reasons not to. But the faster the nfz polulate, the faster someone will crack it. Im sure that he who can will even earn some monies if he want to.
 
  • Like
Reactions: johnp44
Kyokushin said:
offtop mode on:
I hope so, because things are going bad with Geo/NFZ policy. Dji make me laugh today. I cant belive they stated it:
Official DJI GEO System - News, Public Beta and information - Page 123 - RC Groups
and the thuglife/ownage response from one of users:
Official DJI GEO System - News, Public Beta and information - Page 124 - RC Groups
offtop mode off
Click to expand...
Wow. I read the thread you linked. People are pi$$ed at DJI because of NFZs/GEO. I am thinking I'm not going to upgrade since I'm at firmware 1.4 (I may go down one level, it was very stable) and stay on 2.4 GO App.
 
  • Like
Reactions: johnp44
Has an official Crowdfunder site been set up yet? If not, let's get it started which is the intent for this thread in the first place. I'm in for $1k for someone who can make this happen. We should shoot for $50k.
 
I am a systems/network engineer and my first idea was the same as was posted a while back. I was thinking of a transparent proxy that can rewrite request/response or respond with a valid token to unlock certain things in the GO App. I have not yet done any traffic sniffing of the app in operation, but I have my fingers crossed that it is not encrypted. Even then, we can find ways around it.

I sent you a PM about joining the firmware hacking discussion, P3P Canada. I have worked on quite a few reverse engineering projects and would like a place to discuss this in critical depth, with the conversation focused solely on development efforts.
 
  • Like
Reactions: Mordor, Muva Bee and Kyokushin
I have a jailbroken iphone also Android devices galore and P3P. If an IOS app is needing testing I can assist, even Android, I have it all. I'm a Network Admin so have a very good background on the PC side. Please keep me in the loop if beta testing is done on this or if any higher level testing it required. I don't have tons of time on me but love the freedom of opening my devices even if I never fully use them...just knowing I have no restrictions makes me a happy camper. Thanks to all involved.
 
  • Like
Reactions: Mordor and Kyokushin
Status
Not open for further replies.

Similar threads

dent5877
Notice people having problems when updating firmware
Replies
14
Views
1K
Software
DoomMeister
DoomMeister
B- Scene Films
Gimbal wheel failure and resolution
Replies
1
Views
1K
Phantom 3 Pro/Adv
pilot2
P
GEE_TEE
P3 Pro motors won't start
Replies
3
Views
1K
Phantom 3 Pro/Adv
Capt KO
Capt KO
T
P3A - Unresponsive Gimbal & Camera, Won't upgrade firmware.
Replies
1
Views
1K
Phantom 3 Pro/Adv
quaddamage
quaddamage
ip_droning
P3 Firmware Firmware update on "orphan" P3 SE without camera.
Replies
2
Views
1K
Firmware
ip_droning
ip_droning

Recent Posts

Members online

Total: 687 (members: 1, guests: 686)

Forum statistics

Threads
143,096
Messages
1,467,625
Members
104,982
Latest member
AnndyManuka