User Tools

Site Tools

Translations of this page:

cn:about:start

This is an old revision of the document!


关于

本翻译由Lin(DV15)提供,技术内容由原开发者(OG)提供。自2017/12/26以后更新的内容,中文版本会比英文版本稍迟提供。由于在下精力有限,无法提供本站内容100%的翻译,但是那些没有中文的部分,要么是仍旧处于开发过程中要么就是已经有更好的替代者,对于飞行器的破解操作不产生影响。本站提供的Github链接在中国境内可能需要使用VPN来访问。

如果你来到了这个网站,那么你应该是对大疆DJI的飞行器,及其可能的系统自定义和更改选项感兴趣的。这个网站存在的目的就是为了探讨这些话题。但在开始探讨技术细节之前,我们有必要讲清楚我们是谁。

先讲讲我们的宗旨吧。 “我们将以可靠的数据和可重复的操作结果为手段,去传播具有破坏和撼动性的信息”. 但是为什么一群极客要聚集起来做这件事情呢?读完本页内容你就会知晓答案。

首先,我们来介绍一下DJI大疆。

关于DJI的一些事实

  • 大疆是民用无人机业内的龙头公司,大幅度领先竞争对手并且占据了全球范围内多数和最大的市场份额—截至2015年6月,FAA收到的无人机注册近一半为大疆产品。其无人机产品以高质量和可靠度而闻名全球,产品线涵盖了从消费级业余航拍机到工商业专业应用在内的诸多细分市场。1).

但是

由于包括但不限于已下列表内的诸多原因,DJI大疆的客户已经开始对其产品产生不信任

对用户的限制和控制

  • 强制禁飞区。大疆以安全为由在其无人机内采用了电子围栏系统,在没有政府授权的情况下划设了禁飞区。这导致那些有合法许可的操作员无法在大疆私自划设的禁飞区内进行任务。 2)
  • 禁飞区的解锁过程及其耗时且麻烦。在许多国家,解锁请求必须提前于飞行任务数周用电子邮件提交。有些解锁请求甚至没有得到大疆的答复。3)
  • DJI大疆曾拒绝过一些商业飞行员提出的关于禁飞区的更好的解决方案。4)
  • 这个麻烦的解锁过程已经对商业飞手造成了影响。5)
  • 很多用户对于DJI在固件更新中带来的一些变更感到厌恶。当中部分用户对DJI大疆产品进行了逆向工程以解除这些限制并修改DJI大疆的客户端软件

剽窃行为

  • DJI are using open source software components without acknowledging the contributions from the authors, and without complying with GPL license conditions for those components. 6)
  • As well as being un-lawful, it is simply un-ethical to use someones work without crediting it, or abiding by their license conditions.
  • Update: 25-Aug-2017 - DJI provided a link to an open source download page. It is not yet known if this is all of the open source code, but this is a VERY positive step by DJI. We are seeking an official statement from DJI if they are willing to publish something on this topic.

Data Leakage

Back Doors

  • It has been found that the DJI GO application for both Android and IOS have back-doors allowing DJI to “hot patch” applications in a manner that breaches the rules imposed on DJI by both Google and Apple. 10)
  • The practice of hot patching essentially allows DJI to totally change the functionality of the DJI go application without the knowledge or consent of a pilot.
  • Putting this into a different context, hot patching is the equivalent of the avionics software of an aircraft being totally replaced mid flight.
  • DJI have held true to their word on this point. Analysis so far confirms the removal of JSPatch and Tinker from recent DJI GO updates.
  • While not technically a back-door, being forced into firmware changes is a concern. An alternate approach might be to guarantee that there are at least two firmware versions available for all products, so that in the event of concerns that are believed to be firmware related, that a pilot will at least have the chance to eliminate firmware as the root cause by downgrading to a different firmware level.
  • From a change management and risk mitigation perspective, providing no downgrade options at all is a safety hazard.

Censorship

  • In DJI forums, it is against the rules to criticise DJI, or to talk about reverse engineering of DJI software. 11)
  • In third party forums sponsored by DJI, similar censorship is taking place for those that discuss topics that are not endorsed by DJI.
  • DJI have recently removed their “NO UNAUTH MODIFICATIONS” warning in the forums. However, the policy has not changed. Lets hope DJI can continue in this direction, and review their forum rules to encourage a user community, instead of oppressing it.

Safety

  • DJI has recently rushing out multiple updates and patches to prevent reverse engineering.
  • These botched changes have caused unstable flight for many pilots. 12) 13)
  • Mobile phone manufacturers have failed to win a “war of attrition” with the jailbreak community.
  • Safety will be the loser in the war between DJI and the community.

Position

  • Control: We believe that DJI does not have jurisdiction to decide where and how pilots fly their aircraft. Local regulators have authority through their laws. DJI systems should not impose mandatory lockouts of aircraft, unless doing so is mandated by the laws of a country where DJI products are being used.
  • Plagarism: We believe that the use of open source code without attributing that code and complying with license conditions is unethical.
  • Data leakage: We believe that aircraft control systems need to be dedicated to the process of flying an aircraft, with external connectivity being minimised to allow the application to be free of potential security, privacy, and stability problems. Any remaining network traffic should be publicly documented to help restore community trust.
  • Back Doors: We believe that aircraft control systems should be free of any back-doors that allow modification of the functionality of those systems without the knowledge or consent of the pilot, including forced updates.
  • Censorship: We believe that censorship in DJI forums and other DJI sponsored forums is ultimately harmful to DJI and the community. Listening and responding to customer grievances and concerns can only result in a better product that meet the needs of DJI customers.
  • Safety: We believe that the loser in the arms race with rapidly released patches will be safety. We believe that the best approach is to be collaborative and open in future development, which will allow the community to peer review proposed changes and find problems before they cause safety issues.

Conclusion

It is fair to say that this whole community started as a result of a lack of trust in DJI. We have stated our position. It is our hope that DJI will listen to the community, and respond in a way that will benefit DJI and its clients. At the start of this page, it talks about who we are. It also said that the question of why will be answered at the bottom of the page. Lets keep that promise now.

The why is ultimately a lack of trust. There were already individual researchers that were interested in DJI products. The decisions by DJI that are documented above are what has brought a larger community of people together, with a goal to state a communal case, and hope that DJI will respond to our plea for change in a positive manner.

Long Live the Original Gangsters

The OG's (Original Gangsters)

We came up with the title “The Original Gangsters” to represent the early contributors to this self organising project. The people that have contributed here have a common philosophy of collaboration through open source code to support our interests which in this case are DJI Aircraft.

For reference, our assorted repositories are listed below

Wiki You have already found your way here. The wiki is designed to bring together all of the various components to a single hub.
dji_rev This repository contains tools for reverse engineering DJI product firmware images.
deejayeye-modder APK “tweaks” for settings & “mods” for additional / altered functionality
pyduml PyDUML allows you to send firmware to your DJI aircraft without using DJI assistant, or get root access using fireworks.tar
RedHerring RedHerring was the initial July 4th Independence Day exploit to get root access to DJI aircraft.
dji_system.bin Archive of bin files for to allow you to upgrade/downgrade using other tools provided here
firm_cache Individual module components from within bin files for analysis, or to allow creating custom packages using individual components
DUMLrub Ruby port of PyDUML, and firmware cherry picking tool. Make your own custom firmware images.
DUMLdore Windows version of the DUML firmware tools. Archive, and flash bin from windows
DJI_ftpd_aes_unscrambleDJI has modified the GPL Busybox ftpd on Mavic, Spark, & Inspire 2 to include AES scrambling of downloaded files… this tool will reverse the scrambling
jdjitoolsJava DJI Tools, a collection of various tools/snippets tied in one CLI shell-like application.
2)
DJI launches Geo DJI Announcement
3)
我给flysafe@dji.com 发了一封邮件,几周过去了仍旧没有答复。(论坛原帖为英文) DJI Forum Post
4)
Brendan Schulman,大疆法律部门的副总管和电子围栏系统的管理员,曾收到来自商业飞行员的提议,要求在操作员提供了DJI认为必要的证件和政府许可后,提供一年期或者永久地解锁无人机上的禁飞区。而到目前为止,他拒绝了这个提议。并且一直以来他也拒绝解释为什么他认为在这件事上大疆中国应该有最终决定权。Inspire Pilots
5)
One pilot advises they are “Losing too much business” Phantom Pilots forum post
6)
Drone company DJI in active non-compliance of GPL (binaries released) Linustechtips Article
7)
A video of network chatter from just opening DJI GO 4 is published here
8)
Details of network traffic displayed visually when opening DJI GO here Youtube
9)
China drone maker steps up security after U.S. Army ban Reuters
10)
Drone-maker DJI's Go app contains naughty Javascript hot-patching frameworkTheregister
11)
Threads and posts arguing about company policies are not allowed, No content promoting the unauthorized modification.Forum Rules
12)
Flight instability (bucking and drifting) Youtube
13)
shaking, aggressive, wobbly, unstable behavior of the drone when hovers or in flight. DJI Forum
cn/about/start.1514277032.txt.gz · Last modified: 2017/12/26 08:30 by linthetranslator