Welcome to PhantomPilots.com

Sign up for a weekly email of the latest drone news & information

root access password

Discussion in 'Phantom 2 Vision + Discussion' started by cryptoron, Jun 10, 2014.

  1. cryptoron

    Joined:
    May 3, 2014
    Messages:
    15
    Likes Received:
    0
    Hi all,

    you can ssh to both the drone and the wifi extender as root using passwod 19881209

    enjoy and let me know what you find out.
     
  2. rsauron

    Joined:
    Apr 18, 2014
    Messages:
    4
    Likes Received:
    0
    this is huge! oooo the possibilities now!!!!

    I can confirm this information

    root@192.168.1.2's password:


    BusyBox v1.19.4 (2013-04-22 22:41:57 CST) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    -----------------------------------------------------
    DJI-INNOVATIONS
    -----------------------------------------------------
    * FC200-Vision+ RE
    * WenYue.Chen@dji-innovations.com
    * 02/21/2014
    * Version 1.01
    * ART / DHCP down / ping
    -----------------------------------------------------
    root@Phantom:~#

    root@Phantom:/# cat /etc/shadow
    root:$1$7jwZJyj/$qdwVW7zOZLr9H.bGXmWWV1:15807:0:99999:7:::
    daemon:*:0:0:99999:7:::
    ftp:*:0:0:99999:7:::
    network:*:0:0:99999:7:::
    nobody:*:0:0:99999:7:::
    root@Phantom:/#

    -------------------------------------------------------

    let the fun begin! ;)

    first peice of advice... dont upgrade anytime soon.. i am sure dji will be changing this with future firmware upgrades...
    think iphone hacking
     
  3. Hovtech

    Joined:
    Mar 27, 2014
    Messages:
    502
    Likes Received:
    151
    While I have rooted my Galaxy 4S , I'm not sure what you are talking about here. Could you give us a step by step?
     
  4. Mal_PV2_Ireland

    Joined:
    Mar 4, 2014
    Messages:
    2,589
    Likes Received:
    1,230
    Location:
    Dublin Ireland
    Im just wondering could this open a way to connect a gopro app on your phone to the wifi repeater and in turn control a gopro on its 2.4ghz wifi connected to a pv2 or pv2+
     
  5. DKDarkness

    Joined:
    Dec 16, 2013
    Messages:
    554
    Likes Received:
    3
    Location:
    Denmark
    Maybe: http://youtu.be/qIY7M8lD6CM
     
  6. mfp

    mfp

    Joined:
    May 31, 2014
    Messages:
    35
    Likes Received:
    0
    We need to secure the network.

    This should be the first task of any P2V+ wifi hack.

    I worry about rogue hackers out there trying to commandeer my equipment.
     
  7. dragonash

    Joined:
    Mar 21, 2014
    Messages:
    906
    Likes Received:
    11
    Location:
    Brooklyn, NY
  8. Mal_PV2_Ireland

    Joined:
    Mar 4, 2014
    Messages:
    2,589
    Likes Received:
    1,230
    Location:
    Dublin Ireland
    Excellent stuff mate! They've already done it, COOL!!!
     
  9. HunterSK

    Joined:
    May 4, 2014
    Messages:
    137
    Likes Received:
    18
    Change your root password!

    Hi Everyone,

    I did some basic tests today and this is a serious security issue.

    Using another computer (I used my iPad running a SSH terminal software), I was able to log into the Phantom and WiFi Repeater and do things like shutdown the WiFi connection mid flight. This instantly cuts the connection between the Phantom to your smart device, however the controller link is still fine.

    I advise those of you who are concerned about your network security to change your root password immediately. I've done this on both my Phantom and the WiFi repeater and it doesn't affect the operation of the Vision iOS app or the controller link.

    What it will affect is that PVFyer's V+ Booster app will not work, as it can't log in. Presumably that app was logging in your Phantom drone over WiFi as Root and making network changes. I have PM PVFlyer to update the app to allow a user-specified root password to be supplied to allow it to log in.

    To change your root password:

    1. Connect to your Phantom over WiFi using any computer
    2. Run your favourite SSH client.
    3. Log into either:

    - 192.168.1.1 (FC200-Vision+)
    - 192.168.1.2 (WiFi repeater)

    4. Type 'passwd root'
    5. Enter your new password twice
    6. Password is now changed.
    7. Type 'exit' to disconnect from SSH session
    8. Repeat step 3-7 for the other device.
     
  10. BlackTracer

    Joined:
    Mar 29, 2014
    Messages:
    980
    Likes Received:
    22
    Location:
    Winter Park, FL USA
    So how did you get the root password? dji-leaks.com? :)
     
  11. 4wd

    4wd

    Joined:
    Mar 31, 2014
    Messages:
    2,532
    Likes Received:
    421
    Location:
    North York Moors
    Re: Change your root password!

    Seems rather paranoid, wouldn't they have to hack you between turning it on and your own device locking on since it only allows one connection?
    I'd be too worried this would cause other hard to resolve problems sooner or later, apart from immediately blocking the boost app.

    I can see interesting developments in third party custom firmware with all manner of useful changes though.
     
  12. HunterSK

    Joined:
    May 4, 2014
    Messages:
    137
    Likes Received:
    18
    You're vulnerable whenever your WiFi network is on.

    Only one Vision app can connect at the same time, but I found out tonight that multiple computers can join the Phantom WiFi network. I had both my Mac and iPad SSH'ing into my Phantom at the same time.

    So someone could hack your drone system with their phone at any time your Phantom is in the air.
     
  13. rsauron

    Joined:
    Apr 18, 2014
    Messages:
    4
    Likes Received:
    0
    just image... your flying your phantom... bad guy with an iphone and issh installed on his phone..
    he could
    ssh into your phantom while your flying..
    then they type the reboot command..
    and baammmm your phantom reboots mid air.... which means its gonna come crashing to the ground!
    technically could blame all crashs on dji now!! "someone hacked my phantom and crashed it!"
    its DJI security negligence that caused the crash! :)
     
  14. D_Tshudy

    Joined:
    Apr 30, 2014
    Messages:
    264
    Likes Received:
    0
    Location:
    Philly
    That's not really the case is it? They could reboot your camera or muck with what the camera is sending to the app but I don't think they could make your phantom fall from the sky.

    Now if there's a command-able two way path from the camera shell to the running flight control code, which is a real possibility since telemetry is sent over a serial port to the camera, then we should be concerned.
     
  15. srandall25

    Joined:
    Apr 17, 2014
    Messages:
    692
    Likes Received:
    4
  16. PhantomRock

    Joined:
    Apr 25, 2014
    Messages:
    120
    Likes Received:
    1
    Thanks dragonash, I too was not aware of this thread.
    This is an amazing development, thanks to all that have contributed to this.
     
  17. dragonash

    Joined:
    Mar 21, 2014
    Messages:
    906
    Likes Received:
    11
    Location:
    Brooklyn, NY
    Cool right?

    I would love for someone to confirm if they can get the fc40 can connected to the extender.I would love to minimize my equipment by getting rid of my Linksys repeater and using the DJI extender
     
  18. rnrnrn

    Joined:
    Nov 21, 2013
    Messages:
    49
    Likes Received:
    1
    hi all,

    first of all - I do agree it is a bit paranoid to encrypt the camera connection - the only thing obviously possible is a reboot of the FPV and that's not really a crucial thing for most people.

    I'm away from my phantom now so can't check it out but could someone see how the telemetry is hooked up to the camera system? is it both ways tty? other serial solution? this would be good to know - if there's any way to connect to the mainboard via telemetry connection then we have a problem - otherwise a non issue

    cheers!
     
  19. linuxkidd

    Joined:
    Jun 12, 2014
    Messages:
    79
    Likes Received:
    2
    Location:
    Anywhere USA - Fulltime RV'er
    Keep in mind that the config details are in /etc/config. Anyone with access could wipe a config file, put non-sense in your /etc/config/wireless (for example) and wham... No wifi.. EVER.. Until at least DJI releases full firmware for the WiFi control board/camera.. If they do this on the repeater, you're also SOL.. The microUSB port doesn't have a data connection.. So, there's no recovering it by the consumer. A trip to DJI for repair and the long wait associated there-with.

    Think this is paranoid? Quads are all over the news recently. Especially with the guy loosing his on-top of the Dallas Cowboy's Stadium. There's a lot of 'paranoid' people who think we're out to do nothing but invade their privacy and take away their guns.. Some of them can play on computers and a thread like this is perfect to teach them how to muck w/ our $1300 investment with complete anonymity.

    Whether we're being paranoid or not... an ounce of prevention is worth an 8 week DJI repair cure...

    I've got a couple of threads in my signature for enabling encryption.. but at least.. the very least.. change your root password.

    LK