Search the Community
Showing results for tags 'mavic'.
Well, it seems the conversation over at MavicPilots.com on discussing Jailbreaking, Height Restriction Bypass, and g_config changes, or anything related to "modding" DJI firmware settings for NFZ, etc is just out of pocket per the admins. They've been deleting threads left and right. Update: For those of you that are more active... stop by and see us in slack. Don't come ask dumb questions! Stop by with the mindset of participation. Updated slack invite link: https://join.slack.com/t/dji-rev/shared_invite/enQtMjk5OTEyMzcyMjI3LTdlZjY4NzQ5M2M2NmE5ZWM4OTgyNThmZDVmZjdjODE4ODYyNmYwZjYxMDcyYzcxNmZlYzI5ZjI2ZGQ2NGY1ZTc MavicPilots History on the Drama Llama: "So this has turned into a communist forum!!" “Mods continuing to delete posts will be a quick downward spiral for this forum and become a wasteland in no time” https://archive.fo/tfZEg#selection-957.1-957.44 I wanna talk about patching the dji_flight binary, anyone game? How about the best way to edit parameters, set better min, and max values, etc. ? Who's got root? Lets talk about what you do *after* you Jailbreak your DJI Spark, or Jailbreak your DJI Mavic, or Jailbreak your DJI Phantom4 (P4), what is next? $ adb shell root@wm100_dz_ap0001_v5:/ # root@wm220_dz_ap0002_v1:/ # root@wm220_dz_rp0010_v1:/ # root@wm220_dz_ah0001_v5:/ # How about you guys getting down and funky inside the DJI Assistant application? I see you! Come holla! I see you out there playing with web sockets... no lie, come talk with us! Lets all make a better place to discuss getting root and having fun with our DJI products. That *other* place is a bit stuffy. ;)
Not sure if the forums have been updated but had to re-create my account here for some reason. Anyhow... Just saw the episode on the mavic, there was a thread on mavicpilots.com that was discussing the reversing of the mavic firmware, though it seems to not be available anymore so I grabbed a cached copy of the thread, I was able to get page 1,2,3,5 so if anyone can find page 4 it would be appreciated. Anyways, I'll post a blurb but wanted to check if I'm allowed to post the txt of the thread as DJI was likely the people who had it pulled off the other site. Let me know if I'm allowed to post it here, don't want you in trouble with DJI... "We extracted the Mavic Pro firmware. You can download here https://expirebox.com/download/33a3e...d58655cc1.htmlInteresting things:- The Mavic runs Android KitKat.- A secret command can be sent over USB which would switch a debug flag, and would run ADB over USB on the next boot. This ADB server allows regular debug root shell (basically, fully owning the Mavic).- There seems to be a whilelist of device for which this "super debug" mode is enabled once present on the same network.- OcuSync, like LightBridge, seems to be a regular SDR interface with IP stack running on top it.- BusyBox FTPD is running on all interfaces, but unlike Phantom 3, in Mavic it's restricted to '/ftp' directory. Luckily, there are underground 0day exploits for FTPD for path traversal. I can confirm that you can traverse out of the '/ftp' directory and reach the init scripts to set debug flag. After reboot, now USB has ADB running on it, with root shell.- Bypassing the 500m ceiling turned out significantly easier than we anticipated. An exercise left for the readers - Finally, with our debug root shell, we're currently trying to poke around with the SDR interface to see how EC restrictions are applied (we of course know it's GPS-based on boot-time). If we manage to reverse-engineer this part, this means we can bypass the restriction. At the moment, the only way to bypass the EC restriction and enabled FCC mode in EU is to falsify GPS signal on boot time using HackRF GPS signal generation.Fingers crossed! Any results we achieve with the Mavic can pretty much be translated to Phantom 4."