User Tools

Site Tools


about:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
about:start [2017/08/17 23:54]
czokie [Back Doors]
about:start [2017/09/14 03:42] (current)
czokie [The OG's (Original Gangsters)]
Line 5: Line 5:
  
 "//**We shall disperse disruptive information via quantitative data and reproducible results**//". But why would a group of people get together to do this? Read to the bottom of this page to find an answer. "//**We shall disperse disruptive information via quantitative data and reproducible results**//". But why would a group of people get together to do this? Read to the bottom of this page to find an answer.
-===== The OG's (Original Gangsters) ===== 
  
-We came up with the title "The Original Gangsters" to represent the early contributors to this self organising project. The people that have contributed here have a common philosophy of collaboration through open source code to support our interests which in this case are DJI Aircraft. 
- 
-For reference, our assorted repositories are listed below 
- 
-^[[http://dji.retroroms.info/|Wiki]]                                                |You have already found your way here. The wiki is designed to bring together all of the various components to a single hub.| 
-^[[https://github.com/fvantienen/dji_rev|dji_rev]]                                  |This repository contains tools for reverse engineering DJI product firmware images.| 
-^[[https://github.com/Bin4ry/deejayeye-modder|deejayeye-modder]]                    |APK "tweaks" for settings & "mods" for additional / altered functionality| 
-^[[https://github.com/hdnes/pyduml|pyduml]]                                         |PyDUML allows you to send firmware to your DJI aircraft without using DJI assistant, or get root access using fireworks.tar| 
-^[[https://github.com/MAVProxyUser/P0VsRedHerring|RedHerring]]                      |RedHerring was the initial July 4th Independence Day exploit to get root access to DJI aircraft.| 
-^[[https://github.com/MAVProxyUser/dji_system.bin|dji_system.bin]]                  |Archive of bin files for to allow you to upgrade/downgrade using other tools provided here| 
-^[[https://github.com/MAVProxyUser/firm_cache|firm_cache]]                          |Individual module components from within bin files for analysis, or to allow creating custom packages using individual components| 
-^[[https://github.com/MAVProxyUser/DUMLrub|DUMLrub]]                                |Ruby port of PyDUML, and firmware cherry picking tool. Make your own custom firmware images.| 
-^[[https://github.com/jezzab/DUMLdore|DUMLdore]]                                    |Windows version of the DUML firmware tools. Archive, and flash bin from windows| 
-^[[https://github.com/MAVProxyUser/DJI_ftpd_aes_unscramble|DJI_ftpd_aes_unscramble]]|DJI has modified the GPL Busybox ftpd on Mavic, Spark, & Inspire 2 to include AES scrambling of downloaded files... this tool will reverse the scrambling| 
  
 Now that we have the introductions out of the way, its time for a story. Now that we have the introductions out of the way, its time for a story.
Line 41: Line 26:
 Drone company DJI in active non-compliance of GPL (binaries released) [[https://linustechtips.com/main/topic/808436-drone-company-dji-in-active-non-compliance-of-gpl-binaries-released/|Linustechtips Article]])) Drone company DJI in active non-compliance of GPL (binaries released) [[https://linustechtips.com/main/topic/808436-drone-company-dji-in-active-non-compliance-of-gpl-binaries-released/|Linustechtips Article]]))
   * As well as being un-lawful, it is simply un-ethical to use someones work without crediting it, or abiding by their license conditions.   * As well as being un-lawful, it is simply un-ethical to use someones work without crediting it, or abiding by their license conditions.
 +  * **Update: 25-Aug-2017 - DJI provided a link to an [[http://www.dji.com/opensource|open source download page]]. It is not yet known if this is all of the open source code, but this is a VERY positive step by DJI. We are seeking an official statement from DJI if they are willing to publish something on this topic.** 
 ===== Data Leakage ===== ===== Data Leakage =====
-  * Based on analysis so far, it has been determined that more information than has been previously disclosed is being transmitted externally. ((A video of network chatter from just opening DJI GO 4 is published  [[faq:dataleakage:chatter|here]]))+  * Based on analysis so far, it has been determined that more information than has been previously disclosed is being transmitted externally. ((A video of network chatter from just opening DJI GO 4 is published  [[faq:dataleakage:chatter|here]])) ((Details of network traffic displayed visually when opening DJI GO here [[https://youtu.be/cuG-nVPQ3Dw|Youtube]]))
   * DJI have agreed to create an offline mode.((China drone maker steps up security after U.S. Army ban [[https://ca.reuters.com/article/technologyNews/idCAKCN1AU294-OCATC|Reuters]])) However, DJI have not disclosed what data is sent when not in offline mode.   * DJI have agreed to create an offline mode.((China drone maker steps up security after U.S. Army ban [[https://ca.reuters.com/article/technologyNews/idCAKCN1AU294-OCATC|Reuters]])) However, DJI have not disclosed what data is sent when not in offline mode.
 +  * **Offline mode is seen as a very positive step. Further comments by DJI on communications in flight when not in offline mode would greatly help to restore trust by DJI clients.**
 +  * **DJI have [[http://www.dji.com/newsroom/news/dji-enhances-software-security-in-its-flight-control-apps|removed “hot-patching” plugins jsPatch for iOS and Tinker for Android, and will examine other third-party plugins and services in DJI GO and DJI GO 4, and is committed to thoroughly investigating any new third-party plugins before adopting them]] in response to security concerns raised here.**
 ===== Back Doors ===== ===== Back Doors =====
   * It has been found that the DJI GO application for both Android and IOS have back-doors allowing DJI to "hot patch" applications in a manner that breaches the rules imposed on DJI by both Google and Apple. ((Drone-maker DJI's Go app contains naughty Javascript hot-patching framework[[http://www.theregister.co.uk/2017/08/15/dji_go_app_jspatch_tinker_silent_update_no_review/|Theregister]]))   * It has been found that the DJI GO application for both Android and IOS have back-doors allowing DJI to "hot patch" applications in a manner that breaches the rules imposed on DJI by both Google and Apple. ((Drone-maker DJI's Go app contains naughty Javascript hot-patching framework[[http://www.theregister.co.uk/2017/08/15/dji_go_app_jspatch_tinker_silent_update_no_review/|Theregister]]))
   * The practice of hot patching essentially allows DJI to totally change the functionality of the DJI go application without the knowledge or consent of a pilot.   * The practice of hot patching essentially allows DJI to totally change the functionality of the DJI go application without the knowledge or consent of a pilot.
   * Putting this into a different context, hot patching is the equivalent of the avionics software of an aircraft being totally replaced mid flight.   * Putting this into a different context, hot patching is the equivalent of the avionics software of an aircraft being totally replaced mid flight.
 +  * **DJI have held true to their word on this point. Analysis so far confirms the removal of JSPatch and Tinker from recent DJI GO updates.**
 +  * While not technically a back-door, being forced into firmware changes is a concern. An alternate approach might be to guarantee that there are at least two firmware versions available for all products, so that in the event of concerns that are believed to be firmware related, that a pilot will at least have the chance to eliminate firmware as the root cause by downgrading to a different firmware level.
 +  * From a change management and risk mitigation perspective, providing no downgrade options at all is a safety hazard.
 ===== Censorship ===== ===== Censorship =====
   * In DJI forums, it is against the rules to criticise DJI, or to talk about reverse engineering of DJI software. ((Threads  and posts arguing about company policies are not allowed, No content promoting the unauthorized modification.[[http://forum.dji.com/forum.php?mod=redirect&goto=findpost&ptid=71515&pid=623185&fromuid=836559|Forum Rules]]))   * In DJI forums, it is against the rules to criticise DJI, or to talk about reverse engineering of DJI software. ((Threads  and posts arguing about company policies are not allowed, No content promoting the unauthorized modification.[[http://forum.dji.com/forum.php?mod=redirect&goto=findpost&ptid=71515&pid=623185&fromuid=836559|Forum Rules]]))
   * In third party forums sponsored by DJI, similar censorship is taking place for those that discuss topics that are not endorsed by DJI.   * In third party forums sponsored by DJI, similar censorship is taking place for those that discuss topics that are not endorsed by DJI.
 +  * **DJI have recently removed their "NO UNAUTH MODIFICATIONS" warning in the forums. However, the policy has not changed. Lets hope DJI can continue in this direction, and review their forum rules to encourage a user community, instead of oppressing it.**
 ===== Safety ===== ===== Safety =====
   * DJI has recently rushing out multiple updates and patches to prevent reverse engineering.   * DJI has recently rushing out multiple updates and patches to prevent reverse engineering.
Line 70: Line 62:
  
 Long Live the Original Gangsters Long Live the Original Gangsters
 +
 +====== The OG's (Original Gangsters) ======
 +
 +We came up with the title "The Original Gangsters" to represent the early contributors to this self organising project. The people that have contributed here have a common philosophy of collaboration through open source code to support our interests which in this case are DJI Aircraft.
 +
 +For reference, our assorted repositories are listed below
 +
 +^[[http://dji.retroroms.info/|Wiki]]                                                |You have already found your way here. The wiki is designed to bring together all of the various components to a single hub.|
 +^[[https://github.com/fvantienen/dji_rev|dji_rev]]                                  |This repository contains tools for reverse engineering DJI product firmware images.|
 +^[[https://github.com/Bin4ry/deejayeye-modder|deejayeye-modder]]                    |APK "tweaks" for settings & "mods" for additional / altered functionality|
 +^[[https://github.com/hdnes/pyduml|pyduml]]                                         |PyDUML allows you to send firmware to your DJI aircraft without using DJI assistant, or get root access using fireworks.tar|
 +^[[https://github.com/MAVProxyUser/P0VsRedHerring|RedHerring]]                      |RedHerring was the initial July 4th Independence Day exploit to get root access to DJI aircraft.|
 +^[[https://github.com/MAVProxyUser/dji_system.bin|dji_system.bin]]                  |Archive of bin files for to allow you to upgrade/downgrade using other tools provided here|
 +^[[https://github.com/MAVProxyUser/firm_cache|firm_cache]]                          |Individual module components from within bin files for analysis, or to allow creating custom packages using individual components|
 +^[[https://github.com/MAVProxyUser/DUMLrub|DUMLrub]]                                |Ruby port of PyDUML, and firmware cherry picking tool. Make your own custom firmware images.|
 +^[[https://github.com/jezzab/DUMLdore|DUMLdore]]                                    |Windows version of the DUML firmware tools. Archive, and flash bin from windows|
 +^[[https://github.com/MAVProxyUser/DJI_ftpd_aes_unscramble|DJI_ftpd_aes_unscramble]]|DJI has modified the GPL Busybox ftpd on Mavic, Spark, & Inspire 2 to include AES scrambling of downloaded files... this tool will reverse the scrambling|
 +^[[https://github.com/darksimpson/jdjitools|jdjitools]]|Java DJI Tools, a collection of various tools/snippets tied in one CLI shell-like application.|
about/start.1503014086.txt.gz · Last modified: 2017/08/17 23:54 by czokie