Jump to content

MavicPilots.com Alternative CopterSafe Hack & Mod Discussion

MavproxyUser

By MavproxyUser
in Community Projects

 Share

Recommended Posts

  • Replies 127
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Freaky123
Freaky123

I can almost certainly confirm that coptersafe is only adjusting fc parameters and not rooting the device. It also doesn't update the device as mentioned before.

droner69
droner69

I made backups if the crawlers didn't get them.  

Freaky123
Freaky123

Yes but the problem is that when the exploit leaks out it will be only days before it is patched. Finding a generic way of rooting the device which can't be patched is more difficult.

Posted Images

MavproxyUser Newbie

MavproxyUser

Posted
  • Author
Posted
10 hours ago, enderffx said:

Do you have any idea if that version supports Spark as well ? If not then all this probably is irrelevant for Spark, right ?

---Trying to get a grip on this, but just beeing a regular coder and not well versed on hacking / rev engeneering its hard for me---

 

Ender

I've successfully tested all of this on Spark. It is all applicable for the following models Spark, Mavic, P4, Inspire2

 

Link to comment
Share on other sites
MavproxyUser Newbie

MavproxyUser

Posted
  • Author
Posted (edited)
1 hour ago, mavicBreak said:

What is the reason? All firmware files from 200 to 900 are already available in a github repo.

For one Github is known to comply with requests to takedown content if copyright holder asks. Secondarily... I just wasn't aware of said repo. =] The more mirrors the better at this point. Also keep in mind there are 4 different aircraft Spark, Mavic, Inspire2 and Phantom4. I don't believe *all* have been archived. Never mind the A3, and other devices assistant supports. 

Edited by MavproxyUser
Link to comment
Share on other sites
singlag Newbie

singlag

Posted
Posted (edited)

found something about ce/fcc switching, this method is from dji china forum, i try to translate to english here

 

It is depend on dji go app

how it work:

dji go app will first get location from data network, if no data network, then it will get from sim card carrier/operator; if no data network and no sim card, then set to CE as default

so, you can fake it by a android with root

1) clean install, remove all cache from dji go app (not sure is it necessary)

2) disconnect from data network

3) use app to fake country operater code to US

http://androidadvices.com/fake-country-operator-carrier-download-paid-android-apps/

4) start dji go app

 

how to check result ?

the only version can check is 4.0.6

go to setting, keep click on "Flight Controller SN", then it will pop up a secret menu and show country code

 

actually there is a password to change code manually, and also device SN !

but he don't share the password because it is too danger to share to public (but I guess we can change SN by web socket command ?)

attached secret menu creenshot found on my phone

IMG_20170629_020911.thumb.jpg.be7aeb212d1b1090ec11731f8ef4446c.jpg

Edited by singlag
  • Upvote 1
Link to comment
Share on other sites
singlag Newbie

singlag

Posted
Posted (edited)
5 minutes ago, singlag said:

found something about ce/fcc switching, this method is from dji china forum, i try to translate to english here

 

It is depend on dji go app

how it work:

dji go app will first get location from data network, if no data network, then it will get from sim card carrier/operator; if no data network and no sim card, then set to CE as default

so, you can fake it by a android with root

1) clean install, remove all cache from dji go app (not sure is it necessary)

2) disconnect from data network

3) use app to fake country operater code to US

http://androidadvices.com/fake-country-operator-carrier-download-paid-android-apps/

4) start dji go app

 

how to check result ?

the only version can check is 4.0.6

go to setting, keep click on "Flight Controller SN", then it will pop up a secret menu and show country code

 

actually there is a password to change code manually, and also device SN !

but he don't share the password because it is too danger to share to public (but I guess we can change SN by web socket command ?)

attached secret menu creenshot found on my phone

IMG_20170629_020911.thumb.jpg.995bc012ce2ce7db7b95d5dd562ebc0b.jpg

translate chinese word from screenshot

enter password <- contact Nathan.yan for password

data upload uuid=344....

user center uid=7210

HK enter country code

enter SN enter testing SN

Set

Edited by singlag
Link to comment
Share on other sites
MavproxyUser Newbie

MavproxyUser

Posted
  • Author
Posted
5 minutes ago, singlag said:

found something about ce/fcc switching, this method is from dji china forum, i try to translate to english here

 

It is depend on dji go app

how it work:

dji go app will first get location from data network, if no data network, then it will get from sim card carrier/operator; if no data network and no sim card, then set to CE as default

so, you can fake it by a android with root

1) clean install, remove all cache from dji go app (not sure is it necessary)

2) disconnect from data network

3) use app to fake country operater code to US

http://androidadvices.com/fake-country-operator-carrier-download-paid-android-apps/

4) start dji go app

 

how to check result ?

the only version can check is 4.0.6

go to setting, keep click on "Flight Controller SN", then it will pop up a secret menu and show country code

 

actually there is a password to change code manually, and also device SN !

but he don't share the password because it is too danger to share to public (but I guess we can change SN by web socket command ?)

attached secret menu creenshot found on my phone

Screenshot_2017-06-29-01-28-31.png

nice work thanks for sharing. 

Link to comment
Share on other sites
enderffx Newbie

enderffx

Posted
Posted
1 hour ago, MavproxyUser said:

nice work thanks for sharing. 

Hi !

I was under the impression that DJI has the copter decide if it is in FCC / CE country based on GPS location and using an internal FCC/CE map.

There was a successful probe to fake sat transmissions (you can do with $150 Hardware) while shiielding he real sats or inside.

You have to do that while Mavic Startup, COntroller or Android App does not come into play.

Did you try with RF meter if Tx / Rx  power changes ?!

maybe this is just for the WiFI connection, like WiFixManager.apk ?

 

WOULD be great but hard to believe :-(

 

Ender

 

Link to comment
Share on other sites
singlag Newbie

singlag

Posted
Posted
14 hours ago, singlag said:

translate chinese word from screenshot

enter password <- contact Nathan.yan for password

data upload uuid=344....

user center uid=7210

HK enter country code

enter SN enter testing SN

Set

password = djitestcc

country code set success, try set to US if you are at Euro and tell us the result

Link to comment
Share on other sites
enderffx Newbie

enderffx

Posted
Posted

FCC - Mod:

 

By the way, tried with RF meter, you do not have to change provider ID or country code or anything at all (S7 Edge, Nougat).

Simply install 4.0.6, hit thst SN 11 times, use password, US, FC SN and GO.

In the original chinese forum where singlag pointed us (thanks again) there is something about "changing FC SN" so i used my FC SN to be sure. And i wrote it down before.

 

Greetings,

 

Ender

Link to comment
Share on other sites
singlag Newbie

singlag

Posted
Posted (edited)
30 minutes ago, enderffx said:

FCC - Mod:

 

By the way, tried with RF meter, you do not have to change provider ID or country code or anything at all (S7 Edge, Nougat).

Simply install 4.0.6, hit thst SN 11 times, use password, US, FC SN and GO.

In the original chinese forum where singlag pointed us (thanks again) there is something about "changing FC SN" so i used my FC SN to be sure. And i wrote it down before.

 

Greetings,

 

Ender

no need to input sn, just leave it blank

the popup menu after submit said, it only updated country code

dji go will use drone gps or device gps to query location form internet and then set fcc/ce, so you must disconnect from data network while.using this fcc mod

and I guess it send a shell command like "iw reg set US"; if it is correct, we may use this exploit to execute some shell command to enable telnet.d, then get root ?

Edited by singlag
Link to comment
Share on other sites
asoka Newbie

asoka

Posted
Posted
13 hours ago, singlag said:

password = djitestcc

country code set success, try set to US if you are at Euro and tell us the result

on my android go4 when secret menu appear the user center uid is blank...why is that and why blank in my case...tx!

 

observed that the country code will revert at any app restart

Link to comment
Share on other sites
thatdumbdronie Newbie

thatdumbdronie

Posted
Posted

Disable Critical auto Return to home 

 

we can confirm this works and has been hover tested

Enter Dji assistant in debug mode. 

Goto flight settings >> battery. 

 

Switch to Non dji battery 

change both level of warnings below to warning (led) 

✅ DONE

more on this

it disables critical auto RTH 

it shuts off the flight bar timer at the top and the bar remains GREEN. The whole flight, the home point marker on the bar vanishes. 

The battery levels and percentage on the top right corner still show correct battery life.  

The controller no longer beeps at u annoyingly because the critical RTH IS OFF.

 

doing this mod Turns off ALL power warning messages and alarms and indicators .. so use with caution. 

This has been hover tested at 1 meter high.

from 100% to 8% battery and not once did it engage any RTH or alarm. 

This hasn't been tested at major altitude so keep an eye on your battery levels. 

Join our group Facebook s largest Dji Mod/exploit page

Link to comment
Share on other sites
Simi Newbie

Simi

Posted
Posted

hi guys, i've been reading around before posting !

unfortunately i'm not into hacking so much .. so i can not help under that aspect :-( but i'm very curious and trying to understand!

By using the Dji assistant beta through a VM i can really change those settings as stated here:

https://aeon7me.wordpress.com/

by looking at those screenshot seems so.. anyone had success doing that?

 

 

Link to comment
Share on other sites
theLORD Newbie

theLORD

Posted
Posted
11 minutes ago, Simi said:

hi guys, i've been reading around before posting !

unfortunately i'm not into hacking so much .. so i can not help under that aspect :-( but i'm very curious and trying to understand!

By using the Dji assistant beta through a VM i can really change those settings as stated here:

https://aeon7me.wordpress.com/

by looking at those screenshot seems so.. anyone had success doing that?

 

 

check my post here its much simpler:

https://github.com/mefistotelis/phantom-firmware-tools/issues/36#issuecomment-312030452

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...