Mavic gehackt Zugang über internes Linux
Verfasst: Mo 21. Nov 2016, 14:59
Das Betriebssystem auf dem Mavic ist ein Linux, genau wie der P3 Standard kann das Teil über einen Linux Zugang gehackt werden.
Das Teil kann über den Hack von CE auf FCC umgestellt werden um einen höhere Reichweite zu bekommen oder die 500 Meter Höhenbegrenzung kann entfernt werden.
Zitat:
FTPD on port 21 in WiFi mode is provided by BusyBox, which has path traversal vulnerability. You can escape the "/ftp" jail and modify init scripts. Check "start_dji_system.sh" and "adb_en.sh" for the flags you need to enable ADB on the regular Mavic USB port. As you can see, the kernel has secure flag set to 0, which means "service.adb.root 1" will allow ADB to spawn root shell. After you get the root shell there, you can enable SSHD with your own root password, which will give you SSH access to your Mavic over WiFi for convenience. It's absolutely important to set a very strong password, you don't want somebody SSHing to your Mavic mid-air.
We've discovered 3 other ways to enable debug mode (ADB on USB with root): One is a backdoor by DJI, which makes sense for maintenance purposes, the 2nd is yet another vulnerability in another software essential to the Mavic, and the 3rd one is not directly software-based. For now, we won't be discussing those publicly.
Well, with the root access, now you can pretty much do anything you want. Interesting things include SDR interface modification (freely switching between FCC and EC modes), patching the 500m ceiling, no-fly areas override, etc.
Mehr Infos: http://mavicpilots.com/threads/anybody- ... ware.1626/
Das Teil kann über den Hack von CE auf FCC umgestellt werden um einen höhere Reichweite zu bekommen oder die 500 Meter Höhenbegrenzung kann entfernt werden.
Zitat:
FTPD on port 21 in WiFi mode is provided by BusyBox, which has path traversal vulnerability. You can escape the "/ftp" jail and modify init scripts. Check "start_dji_system.sh" and "adb_en.sh" for the flags you need to enable ADB on the regular Mavic USB port. As you can see, the kernel has secure flag set to 0, which means "service.adb.root 1" will allow ADB to spawn root shell. After you get the root shell there, you can enable SSHD with your own root password, which will give you SSH access to your Mavic over WiFi for convenience. It's absolutely important to set a very strong password, you don't want somebody SSHing to your Mavic mid-air.
We've discovered 3 other ways to enable debug mode (ADB on USB with root): One is a backdoor by DJI, which makes sense for maintenance purposes, the 2nd is yet another vulnerability in another software essential to the Mavic, and the 3rd one is not directly software-based. For now, we won't be discussing those publicly.
Well, with the root access, now you can pretty much do anything you want. Interesting things include SDR interface modification (freely switching between FCC and EC modes), patching the 500m ceiling, no-fly areas override, etc.
Mehr Infos: http://mavicpilots.com/threads/anybody- ... ware.1626/