Phantom 3 firmware extraction tools

[notsolowki]

i came across some scripts written to extract the amberella filesystem partitions from the p3p firmware. ti splts the entire binary into its own firmware binaries. the firmware package contains multiple binary files. one in particular is the flight controllers firmware. its not encrypted . not to mention these tools can repack a firmware binary to be loaded onto the drone! hopefully soon we will have the ability to make our copters faster or add attachments

 

[With The Birds]

Amberella file system? I thought the file system would be some variant of Linux. Isn't Amberella a SOC manufacturer?

 

[notsolowki]

the amberella a9 is the camera you can extract it yourself and mount the ubifs on ubuntu and the camera files are there

 

[notsolowki]

check it out right here GitHub - mefistotelis/phantom-firmware-tools: Tools for handling DJI Phantom quadcopter firmwares.

 

[Steve7777]

check it out right here GitHub - mefistotelis/phantom-firmware-tools: Tools for handling DJI Phantom quadcopter firmwares.

From that link:
"Step by step instruction
Such instruction will not be provided. These tools are for engineers with vast hardware and software knowledge. You need to know what you're doing to achieve anything with these tools.

This is to make sure the tools won't be used by script kiddies to disable security mechanisms and to allow breaking the law.

If you can't understand how the tools work, you should not use them. If any warnings are shown, you must investigate the cause to make sure final firmware will not be damaged."

(I'll get my coat.... )

 

[Teamfour]

I'd think DJI would have fun denying a warranty claim on that hacked bird.


Sent from my iPhone using Tapatalk

 

[notsolowki]

who cares about warranty seriously. if i crashed my bird into a tree at 100mph i wouldnt be trying to warranty it anyways. and if it just failed i bet i could microwave that board and they wouldnt be able to tell s!@#$. and u can pull the flight logs by the sdcard under the mainboard.. yes please put on your coat because. in firmware version 1.7 ONLY the flight controller is NOT encrypted.

 

[notsolowki]

if you try to mount the ubifs in ubuntu u need mtd tools

 

[Digdat0]

Find a way to allow us to go back firmware versions

 

[notsolowki]

well when i was talking to the creator of the tools he mentioned changing the firmware version in the binary of lets say 1.7 to 1.11. that is if you are already on 1.10 you can change it higher. idk as ive never tested this but i could see that working

 

[notsolowki]

i hope people can share this persons tools to make ""good clean"" use of them. if i was a assembler or knew how to disassemble a binary like alot of people do, i would already be letting everyone know how i changed my speed or camera settings.

 

[Digdat0]

Yeah the possibilities of being able to unpack and repack the firmware binary is intruiguing. I know enough python to understand what's going on, but not all the technical details of how or why. In theory, you could unpack, modify and repack and install and bypass /change some things that would be cool. I don't even want to change height limit, I'd like to fly past 36mph in gps mode though. And I'd like to install 1.7 again, I'm on 1.9. Interesting stuff for sure, and I like the guys original intention which was to see what gpl code was being used to see if Dji is upholding the Open source facet of the Linux license agreement. I'm pretty sure they are not, unless it's in the sdk which I haven't thoroughly examined.

 

[notsolowki]

well i hope someone finds something it looks like this person was looking too phantom-licensecheck/firmware_package_structure.md at master · probonopd/phantom-licensecheck · GitHub