Don’t Be Evil DJI

A few things to get out of the way first. I am not a lawyer and I am not a journalist, I just enjoy being part of the free flow of information, and occasionally writing an opinion on top of that information, so call me what you will. I don’t like politics and backroom deals and I especially don’t like censorship so occasionally I am motivated to spew something out when I see these things happening. What follows is my opinion, it is drivel and nonsense and mostly incoherent and should not be taken seriously.

Before I go on, a note to DJI. DJI, in this instance I am actually singling you out. Why? Because, amongst other things, in almost every press release you publish, the words (or similar wording) “DJI, the world’s leading drone manufacturer” appear right at the top and, arguably, this is a correct description. DJI products are(were?), for the most part, excellent and the proliferation of your products throughout the world is a testament to this. However, I believe that with this title and widespread success should come the responsibility as ‘the world’s leading drone manufacturer’.

I am a relative nobody compared to a company of your size, so don’t be scared of me. If you don’t agree with what I have to say or what others have to say, that’s perfectly fine, but then engage us publicly so that all DJI product owners are aware of all sides of the story without filtering or censorship so that people can take that information and make decisions for themselves.

If someone is doing something that affects that someone’s user base, and that needs to be kept hidden from them through off the record chats and hidden meetings etc. etc., then that someone probably shouldn’t be doing that something in the first place. In this article I am not even going into DJI’s part in what appears to be phishy things when it comes to regulations and FAA rulemaking etc, I’ll leave that to Patrick for another day.

Don’t be evil DJI.

Restricting functionality, forcing updates, breaking open DJI firmware

This past week has seen some interesting developments regarding DJI appearing to force updates onto product owners even though the company claims that the updates are not mandatory. See one of the conversations that are out there here: http://archive.is/f6dlU. And here is our article, which DJI publicly called inaccurate even though the we said nothing more than what was in the actual press release, talking about it before some of the updates began: https://www.suasnews.com/2017/05/dji-restrict-non-compliant-drones-next-update/

“If this activation process is not performed, the aircraft will not have access to the correct geospatial information and flight functions for that region, and its operations will be restricted if you update the upcoming firmware: Live camera streaming will be disabled, and flight will be limited to a 50-meter (164-foot) radius up to 30 meters (98 feet) high.”

Why so angry then DJI when people unlock your products to remove the restrictions you put in place? Did you really think that people would do nothing and just happily accept losing functionality, functionality that they paid for essentially?

Interestingly there seems to be a bit of a market forming already based on the unlocked firmware, but more on that in another article.

For those who missed the unlocking of DJI firmware and software because some of the ‘forums’ out there trying to censor this, and discussion about this and other calling-out-DJI topics then here are some links for you, this is by no means all of the links regarding this:

https://github.com/MAVProxyUser/P0VsRedHerring

And this from November last year:

https://www.rcgroups.com/forums/showpost.php?p=36232471&postcount=15113

https://www.rcgroups.com/forums/showthread.php?2747762-Official-DJI-Mavic-%2A%2A%2AOwner-and-Developer-sThread%2A%2A%2A/page1008#post36232471

” Interesting things:
– The Mavic runs Android KitKat.
– A secret command can be sent over USB which would switch a debug flag, and would run ADB over USB on the next boot. This ADB server allows regular debug root shell (basically, fully owning the Mavic).
– There seems to be a whilelist of device for which this “super debug” mode is enabled once present on the same network.
– OcuSync, like LightBridge, seems to be a regular SDR interface with IP stack running on top it.
– BusyBox FTPD is running on all interfaces, but unlike Phantom 3, in Mavic it’s restricted to ‘/ftp’ directory. Luckily, there are underground 0day exploits for FTPD for path traversal. I can confirm that you can traverse out of the ‘/ftp’ directory and reach the init scripts to set debug flag. After reboot, now USB has ADB running on it, with root shell.
– Bypassing the 500m ceiling turned out significantly easier than we anticipated. An exercise left for the readers
– Finally, with our debug root shell, we’re currently trying to poke around with the SDR interface to see how EC restrictions are applied (we of course know it’s GPS-based on boot-time). If we manage to reverse-engineer this part, this means we can bypass the restriction. At the moment, the only way to bypass the EC restriction and enabled FCC mode in EU is to falsify GPS signal on boot time using HackRF GPS signal generation.
Fingers crossed! Any results we achieve with the Mavic can pretty much be translated to Phantom 4.

Update: Biiiiiig applause to MAVProxyUser. You figured it out what I was trying to hide. I’m very impressed. You went the extra 10 miles.”

And some more from this past week:

https://forums.hak5.org/index.php?/topic/41354-remove-ce-limits-from-dji-products-and-other-fun-stuff-in-dji-go4/
https://github.com/Bin4ry/deejayeye-modder
https://www.rcgroups.com/forums/showpost.php?p=37843862&postcount=695
https://www.rcgroups.com/forums/showthread.php?2911378-DJI-Dashboard-Modding-tips-tricks-and-results-OFFICIAL-THREAD/page47#post37843862

And lastly, is this a kill switch built into all DJI firmware that goes into effect next year May 5?

<release version=”01.03.0700″ antirollback=”1″ enforce=”0″ enforce_ext=”cn:0,” from=”2017/05/05″ expire=”2018/05/05

Data Gathering

Kevin Finisterre presented some interesting DJI data gathering and other insights at sUSB Expo earlier this year:

Go check out Kevin’s twitter to see some if the censoring he has had to deal with this past week @d0tslash

Kevin Pomanski wrote an interesting article earlier this year regarding DJI’s data gathering as well.

“I am now sharing that there is situation related to gathering of UAS-related information that has been ongoing for a length of time. It involves the use of DJI drones to collect audio, visual and telemetry data on all flights across the Globe. The details shared here are perhaps known to a limited number of the worldwide owners and users of the DJI technology. I feel that this sort of knowledge is something that every UAS pilot and every person/company/agency needs to understand related to your aerial missions.”

O and my earlier article about the latest DJI Terms of Use

Read the DJI Terms of Use Carefully