funkylicious

the location of original „.DJI.configs“-file on jailbroken IOS is here: /var/containers/Bundle/Application/.......(find the folder which contains „DJI GO 4.app) .... / DJIPilotResources.bundle/plist/

They found a password for the NFZ-Database encyption.... https://github.com/MAVProxyUser/dji.nfzdb/commit/6aa4f34eb5ec835ebfd0cbacff86f29d482c5adb

I have the "leaked" decrypted 01.02. firmware with the readable .sh-Scripts but it doesn´t help me much :P Tried to find out something about the "FTP-path traversal" with the "DotDotPwn"-tool in Kali linux. This would be the key - you can scan the directorys for specific filenames, find out the secret hostname/MAC-Adress in the whitelist-file and boot the mavic in ADB/root-mode.... But this FTP-exploit was patched in the 01.03.0000-Firmware. My bird was already on 01.03.0200. I downgraded to 01.03.0000, but sadly can´t downgrade to anything below this to find out more :(

Any news on this? Sadly I can´t find any FTP-path traversal vulnerabilitys on android kitkat systems :/ I analyzed the leaked firmware-files, there are "whitelist" hosts (in /data/wm330_debug_whitelist.xml.sig but no access on this)