Encrypt your FPV WiFi

[linuxkidd]

This HowTo will advise on how to enable encryption on the FPV WiFi, but ONLY the one between the repeater and your FPV device! (Encrypting P2V+ to Repeater comms takes a bit more juggling, but I'll write it up tomorrow.)

Via Command Line:
Please use the WebUI method below. There are too many ways to mess up the only means (your wifi connection) you have of fixing the Repeater/Drone if you're on the CLI.

Via WebUI:

1. Install the WebUI per THIS THREAD
2. Log into the WebUI at http://192.168.1.2 with Username root and password 19881209
3. Click 'Network' -> 'WiFi'
   
   
4. Click on 'Edit' next to your 'Phantom_XXXXXX' WiFi
   
   
5. Scroll to the bottom, Under 'Interface Configuration' click on 'Wireless Security'
   
   
6. Select the Encryption of your choice from the 'Encryption' drop down (I strongly recommend WPA2+PSK)
7. Select the Cypher of your choice from the 'Cypher' drop down (I strongly recommend Force CCMP (AES))
8. Type in the password of your choice in the 'Key' area
   
   
9. Click the 'Save & Apply' Button
10. Wait for the WiFi Repeater to reboot, and reconnect with your newly encrpyted WiFi network
11. After the Repeater boots, re-connect to your newly encrypted FPV Repeater WiFi using the encryption standard and password you picked!

Enjoy!
LK

 

[tscott]

Wow! The WebUI looks pretty sweet!!!

--tim

 

[Cocoa Beach Kiter]

Ok... Help me with this... why would I need to encrypt the connection between the repeater and the FPV device?

 

[linuxkidd]

Ok... Help me with this... why would I need to encrypt the connection between the repeater and the FPV device?

If you're in an area and someone with any smarts jumps on your WiFi, they could *possibly* take over and control your camera, etc.. They could even SSH into your P2V+ or Repeater (if they're looking at these threads) and kill your WiFi, wipe your contents, wipe your SD card, etc...

In general.. Encryption is a good idea, even if you don't think you're a target.

LK

 

[Cocoa Beach Kiter]

Wow.. Ignorance is bliss... I never considered that.

Thanks for the informed reply.

 

[HunterSK]

Thank you Linuxkidd!

Having the Phantom WiFi WiFi encrypted is a big plus, and I don't know why DJI didn't implement this? It is a public WiFi station!

Please let us know how to encrypt the connection from the Phantom to the repeater. I'm not sure how this would affect range (vs no encryption), but I feel much better having encryption all the way from the Phantom to the repeater to my smart phone.

 

[RPA]

Interesting, I was going to look into doing this but I have found with routers/WAPs that encryption tends to drop the range of communication which is obviously even more important doing what we do than when your sitting at home with a laptop/tablet.

I'd be keen to hear from anyone that tries this as to whether it impacts their range at all.

 

[Zycor]

Can you also use this website to increase the power on the craft for further fpv range?

 

[D_Tshudy]

Ok... Help me with this... why would I need to encrypt the connection between the repeater and the FPV device?

If you're in an area and someone with any smarts jumps on your WiFi, they could *possibly* take over and control your camera, etc.. They could even SSH into your P2V+ or Repeater (if they're looking at these threads) and kill your WiFi, wipe your contents, wipe your SD card, etc...

In general.. Encryption is a good idea, even if you don't think you're a target.

LK

Agree that in general, encryption is a good idea and I know your intentions are good. However, let's think this through before we suggest that everyone go mucking with their Wifi settings.

Enabling this encryption will only prevent others from *easily* capturing the traffic between your camera and the repeater. The NSA still owns you. Doing this will increase the overhead on both devices and the Wifi pipe. It will NOT prevent someone from SSHing to your camera or extender. The password is unchanged and the ssh servers are still running and happily accepting connections.

Don't do this.

 

[mfp]

Can you also use this website to increase the power on the craft for further fpv range?

linuxkidd did state in the other thread that it may be possible to increase the Tx power of the repeater. I would be interested in this too, as it would do the same thing as the booster app plus we would have encryption on the FPV network. I think I read on a post that the booster app quits working if you encrypt your network and that they were going to ask them to modify the app.

So the question to linuxkidd is, is the Tx power increase an option there already or do you have add that feature?

Thanks and nice work!

 

[linuxkidd]

Agree that in general, encryption is a good idea and I know your intentions are good. However, let's think this through before we suggest that everyone go mucking with their Wifi settings.

Enabling this encryption will only prevent others from *easily* capturing the traffic between your camera and the repeater. The NSA still owns you.

While I know your heart is in the right place.. there's no evidence that ANY weakness exists in the WPA2/AES suite. The only actual attack is that of brute force against the network by guessing passwords. There've been a lot of junk articles written by non-tech people (and even some who have tech knowledge who should know better). Don't give into the FUD. If you like podcasts, go check out Security Now. There are SEVERAL episodes which discuss the Snowden revelations and the abilities of the NSA... (btw, Text Transcripts are available of the podcast on the main host's site for easy searching.)

Bottom line: For your highly sensitive networks, pick a LONG RANDOM password. (and... your drone only flies for 25 minutes at a time tops.. There's no way a brute force against your network could be successful in that timeframe unless you pick all 0's or some such for your password.)

P.S. Even if big Gov agencies could still sniff/crack your encrypted WiFi... enabling encrytpion still prevents 99.9999999% of people from getting on/eaves-dropping. So, IMO.. unless I see a big blacked out SUV w/ lots of gear and guys in suits.. This is still a good idea.

Doing this will increase the overhead on both devices and the Wifi pipe.

This is indeed quite possible. I'm going to try and test range today to see if there's any impact (if the rain holds out, I may be delayed).

It will NOT prevent someone from SSHing to your camera or extender. The password is unchanged and the ssh servers are still running and happily accepting connections.

• Actually, if they cannot get ON your WiFi, they have no means of connecting to the SSH port on your devices, so this does prevent SSHing to your gear.
• Changing the password is dead simple.. SSH in, issue 'passwd', type in the new password when prompted. So even w/o encryption, you can make things more secure.

Don't do this.

My take is... Do this if you feel it makes sense to you.

LK

 

[linuxkidd]

Can you also use this website to increase the power on the craft for further fpv range?

Yes, it's right there in the same area, above where you set the encryption... it's labeled 'Tx Power'. (See warning below)

... I would be interested in this too, as it would do the same thing as the booster app plus we would have encryption on the FPV network.

In the Booster app thread, PVFlyer states that they Do Not boost the Tx Power with their app.. If that's true, then they use some other tweaks to make the signal better instead of stronger...

I think I read on a post that the booster app quits working if you encrypt your network and that they were going to ask them to modify the app.

Do you have a link to that post?

So the question to linuxkidd is, is the Tx power increase an option there already or do you have add that feature?

Thanks and nice work!

Ya, it's in the same section, just above where you enable the Encryption... labeled 'Tx Power'.

Warning: There's been discussions in other posts that the design of the P2V+ and/or the Repeater MAY place another amplifier chip AFTER the main transmitter chipset. It's unclear where in this chain the Tx Power setting in the WebUI adjusts (Whether on the Tx chipset, or on the amplifier output). If this is all true, and the adjustment is just on the Tx Chipset, then increasing the gain may greatly degrade your WiFi quality and cause signal drop-outs before you reach the end of the signal range. This will be a trial and error and retry thing to get optimal settings for.

One other thing I'm going to look into is increasing the channel width from 20mhz to 40mhz, and bumping the P2V/+ to Repeater WiFi channel up to 6 or so. This should provide more overall bandwidth, thus allowing FPV at higher resolution/frame rate over a longer distance...

Also, for those wanting to jump ahead of the class wrt Encrypting (or other changes) on the P2V/+ to Repeater side of the link:
In my experience, if the Repeater cannot connect to the drone, it does NOT fire up the public WiFi at all. So there's no way to manage it without the P2V/+ being on the same channel / encryption settings.

So, in order to effect any change on that link, you have to:

1. Update the Repeater, then Save & Apply on it.
2. Connect to the P2V/+ Hidden WiFi (requires setting a static IP on your computer, and knowing the hidden wifi name)
3. Make the SAME change on the P2V/+ (Warning: I strongly urge you to use the WebUI for this part!)
4. Save & Apply on the P2V/+

After a few moments, both will link and your FPV public WiFi will be visible again.

I'll post a detailed HowTo on this soon.. so if the above doesn't make sense to you, hang in there!

Hope this helps!
LK

 

[D_Tshudy]

P.S. Even if big Gov agencies could still sniff/crack your encrypted WiFi... enabling encrytpion still prevents 99.9999999% of people from getting on/eaves-dropping. So, IMO.. unless I see a big blacked out SUV w/ lots of gear and guys in suits.. This is still a good idea.

There is strong evidence that the NSA is able to strip the encryption in real time. But let's not debate that. For me, and 99.9999999% of the readers here, the cons of encrypting this wifi traffic outweigh the pros. I stand by the "don't do it" statement.

Doing this will increase the overhead on both devices and the Wifi pipe.

This is indeed quite possible. I'm going to try and test range today to see if there's any impact (if the rain holds out, I may be delayed).

Others are also testing this. I'm interested in the findings.

It will NOT prevent someone from SSHing to your camera or extender. The password is unchanged and the ssh servers are still running and happily accepting connections.

[*]Actually, if they cannot get ON your WiFi, they have no means of connecting to the SSH port on your devices, so this does prevent SSHing to your gear.

Now that I think about it more, I think you're right and I'm wrong here. I do think that changing the password is of benefit if you're concerned about someone connecting to the camera/extender and wiping the card, etc.

Don't do this.

My take is... Do this if you feel it makes sense to you.

Fair enough. Not worth it for me.

 

[HunterSK]

In the Booster app thread, PVFlyer states that they Do Not boost the Tx Power with their app.. If that's true, then they use some other tweaks to make the signal better instead of stronger...

I purchased PVFlyer's app and ran a little experiment.

The Phantom aircraft's TX power default is 7dBm (5mW) - according to the Web UI.

After I run the Vision+ Wi-Fi Booster app and hit the "Boost up!" button, I see this:

This happens right after I push the "Boost up!" button on the Vision+ WiFi Booster app and I believe that the app is definitely setting the Tx power to 13dBm (19mW).

As for the debate on encrypting vs not encrypting. As long as encrypting doesn't reduce the range or ease-of-use of the drone to a significant degree, I definitely want encryption to protect my drone network against unauthorised connections.

WiFi encryption is supported in the hardware that I purchased and I'm **** well going to use it.

I'm no Linux networking expert, so I'm going to wait for Linuxkidd's guide.

 

[linuxkidd]

For those waiting for instructions on encrypting Phantom Camera to WiFi Repeater connection, see THIS THREAD.

 

[Nasscar][]

Encryption can reduce overall coverage.

Wep - less overhead - less secure
WPA & WPA2 - RECOMMENDED but more overhead.

Depending on your desired overall expected with repeater boosted or not please keep in mind that encryption can reduce overall range.

Nas,

 

[RPA]

I originally thought the app/wifi link was purely for camera control but now the app has ground station functionality this opens a whole new can of worms.

I can cope with someone wiping my camera card or buggering about with camera settings but taking control of my phantom.......

Or have I misunderstood?

Has this tipped the encrypt or not scales further towards doing it?

 

[phantomguy]

Is the information within this thread, accurate and will it actually allow increased transmission power that is retained even after power cycling the phantom and app?

viewtopic.php?f=27&t=18623

 

[D_Tshudy]

I originally thought the app/wifi link was purely for camera control but now the app has ground station functionality this opens a whole new can of worms.

I can cope with someone wiping my camera card or buggering about with camera settings but taking control of my phantom.......

Or have I misunderstood?

Has this tipped the encrypt or not scales further towards doing it?

I'm not sure yet but your instincts are spot on. The new ground station functionality certainly seems to imply that there's a control path in the Wifi link. I have a hunch as to how it's done but won't post hunches. Keep your head up and watch the boards. Other's more skilled at hacking these things are surely hard at work.

 

[linuxkidd]

I originally thought the app/wifi link was purely for camera control but now the app has ground station functionality this opens a whole new can of worms.

I can cope with someone wiping my camera card or buggering about with camera settings but taking control of my phantom.......

Or have I misunderstood?

Has this tipped the encrypt or not scales further towards doing it?

I'm not sure yet but your instincts are spot on. The new ground station functionality certainly seems to imply that there's a control path in the Wifi link. I have a hunch as to how it's done but won't post hunches. Keep your head up and watch the boards. Other's more skilled at hacking these things are surely hard at work.

I've just conducted a packet capture and am in the middle of analyzing it...

The good news is that all of the control traffic appears to be going over a ser2net connection on TCP port 2001. Further, TCP port 2001 won't accept but 1 connection at a time. This means that as long as *YOU* have your DJI App running, no foreign influence can connect and muck w/ things.

This still won't prevent someone from wiping your wifi config and turning your P2V+ into an equivalent P2 w/ GoPro (since you can start a record on the ground via the camera button)... So, IMO.. either encrypting your wifi or changing your root password would still be advised based on this..

Still looking into the protocol...
LK