Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About Freaky123

  • Rank
    Hak5 Fan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I will release more info and tools later on: https://github.com/fvantienen/dji_rev There is already a python script that can extract the image file format as well. Would be nice if it can be cleaned up a bit, but at least it works.
  2. Ok I will try to share some more information in the hope people will help get more and more information. I will first give the image format (which is also the sig format): Header 4B Magic ("IM*H") 4B Version (Currenly only 1 is seen) 8B ?? 4B Header size 4B RSA signature size 4B Payload size 12B Unknown 4B Auth key identifier 4B Encryption key identifier 16B Scramble key 32B Image name 60B ?? 4B Block count 32B SHA256 payload Per Block info 4B Name 4B Start offset 4B Output size 4B Attributes (Last bit 0 means ecrypted) 16B ?? RSA Signature of the Header (Size and Auth key described in header) Actual block data (Start offset 0)
  3. Is there already someone who has tried to JTAG the FC arm chip? Or at least figured out the pinout? Or did someone already figure out if there is terminal over uart for the LC chip?
  4. That is indeed possible and can be easily done. If you send me recordings I can analyze them, since I can decode the protocol. Then you even know what it does exactly.
  5. I can almost certainly confirm that coptersafe is only adjusting fc parameters and not rooting the device. It also doesn't update the device as mentioned before.
  6. Yes but the problem is that when the exploit leaks out it will be only days before it is patched. Finding a generic way of rooting the device which can't be patched is more difficult.
  • Create New...