User Tools

Site Tools


about:start

About

If you have reached this website, we have to assume you are interested in DJI aircraft, and any tweaks and modifications you could possibly make for your equipment. This website is dedicated to just that topic. But first, who are we.

I will start with a little bit of a mission statement…

We shall disperse disruptive information via quantitative data and reproducible results”. But why would a group of people get together to do this? Read to the bottom of this page to find an answer.

Now that we have the introductions out of the way, its time for a story.

Once upon a time

  • DJI are a leading manufacture of Remotely Piloted Aircraft1).
  • DJI built a reputation for producing high quality products that were used across a broad market spectrum that includes recreational users through to high end commercial users.
  • DJI has the largest market share globally, with nearly 50% of all FAA registrations being linked to DJI Mid June 2015 2)

However

DJI customers have started to distrust DJI based on a number of factors…

Control

  • DJI implemented “GEO” in the name of safety which restrict flying by operators who have legal permission to fly in areas that are marked by DJI as “No Fly Zones” 3)
  • Unlock processes are cumbersome and time consuming. In many countries, requests to unlock need to be made weeks in advance by email. Some requests are not being answered by DJI. 4)
  • DJI have rejected requests by commercial pilots for an alternative solution 5)
  • This cumbersome process is impacting commercial operators. 6)
  • Owners are unhappy with the changes made by DJI. Some have worked to bypass these restrictions through reverse engineering and modification of DJI software.

Plagiarism

  • DJI are using open source software components without acknowledging the contributions from the authors, and without complying with GPL license conditions for those components. 7)
  • As well as being un-lawful, it is simply un-ethical to use someones work without crediting it, or abiding by their license conditions.
  • Update: 25-Aug-2017 - DJI provided a link to an open source download page. It is not yet known if this is all of the open source code, but this is a VERY positive step by DJI. We are seeking an official statement from DJI if they are willing to publish something on this topic.

Data Leakage

Back Doors

  • It has been found that the DJI GO application for both Android and IOS have back-doors allowing DJI to “hot patch” applications in a manner that breaches the rules imposed on DJI by both Google and Apple. 11)
  • The practice of hot patching essentially allows DJI to totally change the functionality of the DJI go application without the knowledge or consent of a pilot.
  • Putting this into a different context, hot patching is the equivalent of the avionics software of an aircraft being totally replaced mid flight.
  • DJI have held true to their word on this point. Analysis so far confirms the removal of JSPatch and Tinker from recent DJI GO updates.
  • While not technically a back-door, being forced into firmware changes is a concern. An alternate approach might be to guarantee that there are at least two firmware versions available for all products, so that in the event of concerns that are believed to be firmware related, that a pilot will at least have the chance to eliminate firmware as the root cause by downgrading to a different firmware level.
  • From a change management and risk mitigation perspective, providing no downgrade options at all is a safety hazard.

Censorship

  • In DJI forums, it is against the rules to criticise DJI, or to talk about reverse engineering of DJI software. 12)
  • In third party forums sponsored by DJI, similar censorship is taking place for those that discuss topics that are not endorsed by DJI.
  • DJI have recently removed their “NO UNAUTH MODIFICATIONS” warning in the forums. However, the policy has not changed. Lets hope DJI can continue in this direction, and review their forum rules to encourage a user community, instead of oppressing it.

Safety

  • DJI has recently rushing out multiple updates and patches to prevent reverse engineering.
  • These botched changes have caused unstable flight for many pilots. 13) 14)
  • Mobile phone manufacturers have failed to win a “war of attrition” with the jailbreak community.
  • Safety will be the loser in the war between DJI and the community.

Position

  • Control: We believe that DJI does not have jurisdiction to decide where and how pilots fly their aircraft. Local regulators have authority through their laws. DJI systems should not impose mandatory lockouts of aircraft, unless doing so is mandated by the laws of a country where DJI products are being used.
  • Plagarism: We believe that the use of open source code without attributing that code and complying with license conditions is unethical.
  • Data leakage: We believe that aircraft control systems need to be dedicated to the process of flying an aircraft, with external connectivity being minimised to allow the application to be free of potential security, privacy, and stability problems. Any remaining network traffic should be publicly documented to help restore community trust.
  • Back Doors: We believe that aircraft control systems should be free of any back-doors that allow modification of the functionality of those systems without the knowledge or consent of the pilot, including forced updates.
  • Censorship: We believe that censorship in DJI forums and other DJI sponsored forums is ultimately harmful to DJI and the community. Listening and responding to customer grievances and concerns can only result in a better product that meet the needs of DJI customers.
  • Safety: We believe that the loser in the arms race with rapidly released patches will be safety. We believe that the best approach is to be collaborative and open in future development, which will allow the community to peer review proposed changes and find problems before they cause safety issues.

Conclusion

It is fair to say that this whole community started as a result of a lack of trust in DJI. We have stated our position. It is our hope that DJI will listen to the community, and respond in a way that will benefit DJI and its clients. At the start of this page, it talks about who we are. It also said that the question of why will be answered at the bottom of the page. Lets keep that promise now.

The why is ultimately a lack of trust. There were already individual researchers that were interested in DJI products. The decisions by DJI that are documented above are what has brought a larger community of people together, with a goal to state a communal case, and hope that DJI will respond to our plea for change in a positive manner.

Long Live the Original Gangsters

The OG's (Original Gangsters)

We came up with the title “The Original Gangsters” to represent the early contributors to this self organising project. The people that have contributed here have a common philosophy of collaboration through open source code to support our interests which in this case are DJI Aircraft.

For reference, our assorted repositories are listed below

Wiki You have already found your way here. The wiki is designed to bring together all of the various components to a single hub.
dji_rev This repository contains tools for reverse engineering DJI product firmware images.
deejayeye-modder APK “tweaks” for settings & “mods” for additional / altered functionality
pyduml PyDUML allows you to send firmware to your DJI aircraft without using DJI assistant, or get root access using fireworks.tar
RedHerring RedHerring was the initial July 4th Independence Day exploit to get root access to DJI aircraft.
dji_system.bin Archive of bin files for to allow you to upgrade/downgrade using other tools provided here
firm_cache Individual module components from within bin files for analysis, or to allow creating custom packages using individual components
DUMLrub Ruby port of PyDUML, and firmware cherry picking tool. Make your own custom firmware images.
DUMLdore Windows version of the DUML firmware tools. Archive, and flash bin from windows
DJI_ftpd_aes_unscrambleDJI has modified the GPL Busybox ftpd on Mavic, Spark, & Inspire 2 to include AES scrambling of downloaded files… this tool will reverse the scrambling
jdjitoolsJava DJI Tools, a collection of various tools/snippets tied in one CLI shell-like application.
1)
The leading civil UAV companies are currently (Chinese) DJI with $500m global sales, (French) Parrot with $110m and (US) 3DRobotics with $21.6m in 2014 wikipedia
3)
DJI launches Geo DJI Announcement
4)
I wrote a mail to flysafe@dji.com a few weeks back but did not receive an answer. DJI Forum Post
5)
Brendan Schulman, vice pres. of legal for DJI, and the admin of this program, has been asked to permanently or annually unlock the sUAS of certified operators upon proof of certification by whatever means DJI feels necessary to allow commercial operators piece of mind that their equipment will fly for them in the course of their work. Mr. Schulman has thus far refused. And in addition, he has been unwilling to state specifically why he feels DJI China should be the final authority as to if a DJI craft, operated by a certified operator, will fly. Inspire Pilots
6)
One pilot advises they are “Losing too much business” Phantom Pilots forum post
7)
Drone company DJI in active non-compliance of GPL (binaries released) Linustechtips Article
8)
A video of network chatter from just opening DJI GO 4 is published here
9)
Details of network traffic displayed visually when opening DJI GO here Youtube
10)
China drone maker steps up security after U.S. Army ban Reuters
11)
Drone-maker DJI's Go app contains naughty Javascript hot-patching frameworkTheregister
12)
Threads and posts arguing about company policies are not allowed, No content promoting the unauthorized modification.Forum Rules
13)
Flight instability (bucking and drifting) Youtube
14)
shaking, aggressive, wobbly, unstable behavior of the drone when hovers or in flight. DJI Forum
about/start.txt · Last modified: 2017/09/14 03:42 by czokie